Cloud

CIA-backed Cloud Security Firm Buys Encryption Company to Help Spy-Wary Industry

Maksim Kabakou/Shutterstock.com

At least one U.S. cloud company sees an opportunity to benefit from the backlash against brethren accused of facilitating domestic surveillance.

Cloud services -- think Amazon Web Services or Microsoft Azure -- essentially rent out data storage space in big computer rooms clients can access through the Internet or a private network. At times, U.S. spies have infiltrated the networks of American cloud providers, as well as subpoenaed their customer data without their customers' knowledge, according to the Washington Post

This has not deterred HyTrust, which is backed by CIA venture capital funding, from marketing anti-surveillance tools to corporations. 

The California-based company on Thursday announced the purchase of encryption software firm HighCloud Security, acknowledging industry concerns about storing clear text files in an off-site data center.

Not wanting to bite the hand that feeds them, HyTrust officials say the deal also should benefit intelligence agencies by preventing rogue system administrators, such as ex-federal contractor Edward Snowden, from decoding government data. The company since 2007, has built a business off technology that monitors the activities of cloud system administrators. 

With Thursday's acquisition of HighCloud encryption, “even if somehow that admin was able to get away with that virtual machine, it would be unusable. It’s like a brick. You can’t access the data inside of it. It’s meaningless," HyTrust co-founder Eric Chiu said in an interview. "You’ve solved, end to end, that potential Snowden-level attack -- of that admin and the godlike privileges that they typically have -- in safeguarding against them and monitoring that as well as protecting the data itself, in case it does get stolen."

But the company empathizes with corporations entrusting data to cloud providers that cooperate with the feds. 

While some data center providers offer to encode their tenants' data, “if you’re letting the cloud provider provide not only the encryption, but also manage and store the keys to unlock that encryption, well, you have no idea whether somebody has been granted access to that data because of subpoena," Chiu said. "If you keep the keys to your data that means that nobody else can unencrypt and potentially access your data without your approval.”

With the European Union expressing outrage over alleged intercepts of its citizens' communications, HyTrust officials might be worried about losing business from customers such as one unidentified major European development bank and many Fortune 500 companies. 

The company is still in startup mode. Intel Capital, VMware and Cisco participated in a $18.5 million round of financing, HyTrust announced in August.

In-Q-Tel, the CIA's venture capital wing, also contributed funding at the time.

“We don’t make any political decisions," Chiu insisted. But, he also said: "I have to be careful what I say because one of our customers and investors is In-Q-Tel,” and the company's services "are very much strategic to the efforts of the intelligence community." In-Q-Tel and HyTrust made public a technology development deal in July. 

Chiu said talks between HyTrust and HighCloud started before revelations about NSA domestic surveillance were made public in May through leaks by Snowden. 

In an interview this week, he said the new partnership should help put corporate clients’ minds at ease about the risk of U.S. government spying. "I think that is a real, is a legitimate concern. I think being able to have your data encrypted and being able to keep the keys and be the one that determines whether or not you want to give the keys over to give access to that data is important. I think you want to make the decision on what happens to your data," he said. 

HighCloud officials have also touted their software's ability to protect Web-based data from U.S. surveillance. "Technologies like HighCloud’s encryption, where you control encryption keys, inside your firewall if you prefer, can help ensure that the government must come to you in order to access your data," said a July note on the company's blog." In a statement last month, HighCloud co-founder Steve Pate said, “As cloud service providers become a target for data access, both to thieves and the U.S. government, organizations must take further steps to secure their data in the cloud." 

HyTrust, a private company, did not disclose the terms of the deal. 

(Image via Maksim Kabakou/Shutterstock.com)

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats

JOIN THE DISCUSSION

Close [ x ] More from Nextgov
// 6:18 PM ET
X CLOSE Don't show again

Like us on Facebook