Guest insight by Derek Singleton, analyst at Software Advice, on Viivo, legal community cloud security and the future of encryption key management ...
About a month ago, Software Advice created an in-depth comparison of Dropbox vs. Box as part of our work in with the Software Advice Labs. In the comparison, we evaluate each solution on a variety of criteria such as:
- Sharing and access permissions
- Technology and syncing
- Device authorization
That last point, security, is an increasingly important issue when it comes to Cloud storage solutions. Just between Box and Dropbox, there are more than 3.1 million business users (150,000 for Box and 3 million for Dropbox) accessing, syncing and sharing files every day. With millions more using other popular solutions such as Google Drive and Microsoft’s SkyDrive, companies need a way to independently manage file security when they share and transfer data in the Cloud.
To get a better sense of how companies can protect their data in the Cloud, I reached out to PKWARE to understand how their product, Viivo, is tackling the issue of security for Cloud storage solutions. With their deep roots in compression and security after developing the ZIP file, they’re well-positioned to help companies keep their data safe in the Cloud. Here’s what came of our conversation.
Viivo Matches Data Encryption with the Speed at Which We Share Data
While Box and Dropbox have features for data encryption, part of the way that these providers are able to make file sharing and collaboration easier is by making some security compromises. For instance, Dropbox opens every file to make sure they can index it for search in Dropbox and to make it possible to share a link to your file with anyone on the Web. This has great collaboration benefits, but it means that they’re using the same encryption key for all your files.
That’s where Viivo comes in to help you encrypt your files and maintain control over encryption keys. Traditional data encryption, however, can be a very manual and data-centric task. As such, according to Matt Little, VP of Product Development at PKWARE, traditional data encryption doesn’t take advantage of the high velocity solutions on the market such as Dropbox and Box. So Viivo takes a different approach that allows users to work directly within their Cloud storage program in a secure Viivo folder, while running all of the technical and manual processes of data encryption behind the scenes so the user’s workflow isn’t interrupted.
This approach effectively creates a secure tunnel between Viivo and the Cloud storage provider so that you can maintain control over your data encryption key, which is a crucial element of control that Viivo addresses which most Cloud storage providers have yet to offer. This approach to security in the Cloud is one that can help companies better manage their file sharing as BYOD proliferates and more files are shared over the Web.
A Use Case for the Legal Profession
The legal community is among the early adopters of this approach to file security. Why? Because the legal community continually needs to collaborate at high speeds, but they often need to share confidential client information. Lawyers need to know that when they share their client’s contracts and deal data in the Cloud that this data will not be compromised because there are serious legal and financial implications if there’s a security breach.
One Viivo client found this solution to be particularly useful after they started to notice that every time an employee’s personal laptop showed up in the IT department, there were gigabytes of unstructured company data that had been taken out of their DMS and stored in Dropbox on the laptop. In one case they found more than 20GB of unstructured data on an employee laptop syncing with a personal Dropbox account. How did this happen? Well, users are just going back to what they know, syncing their work files directly to their personal computers as they might sync a family photo album. That’s where security issues start to become troublesome.
To address the issue, the law firm implemented Viivo. With the product’s Web-based administration dashboard, the company can now track and monitor the overall public Cloud storage usage in their department to see things such as which users are sharing files within or outside the company, what kind of shares do they have, what devices are connected. With this visibility, the company no longer has to worry about employees downloading sensitive data and leaving it on their laptop unprotected.
The Future of Data Encryption and Key Management
As file encryption for Cloud storage becomes more important, companies will likely to want to have control over their keys while also being able to manage keys across multiple platforms. That’s where PKWARE sees data security heading next and I’m inclined to agree with their direction. Right now there’s an interoperability issue in that you can only manage keys for a single service, but as we all become more connected to different devices and networks, there will be a need to manage keys across platforms, and not just the public Cloud.
With these requirements, users will need a key sharing platform that allows people and businesses to manage private key sharing for any platform that accesses confidential data. In my view, PKWARE seems well positioned to become that vendor.
Derek Singleton is an analyst specializing in cloud, security, CRM and enterprise tech at Austin software review firm Software Advice. This review of Viivo and public cloud encryption topics reflect his independent views.