When it comes to cloud security these days, most enterprises are forced to choose between either making their data accessible, or making it secure. A company called Kryptnostic has technology that could enable them to retain control over their data with fully homomorphic encryption while also having the ability to search within it.
The development behind Kryptnostic’s tech comes at the intersection of two major trends in enterprise computing. The first trend is that more and more businesses are moving their data to the cloud in an effort to make it more accessible by employees, customers and partners. The second is the need for ever-increasing security to protect that data from everyone else who shouldn’t have access to it.
Unfortunately, those two trends are often at odds with one another.
With hacks and data breaches becoming more commonplace, businesses are beginning to require high levels of encryption around their sensitive data. That’s especially true when the data is being housed on someone else’s servers rather than an internal data center. But the better the encryption scheme is in the cloud, the less useful that data is while it is stored.
See, today’s encrypted cloud storage generally works like this: Files are encrypted when they’re uploaded to a cloud server, and decrypted when they are requested and return to the user. But while at rest in the cloud, the data is generally inaccessible to the user who uploaded it — or anyone else, for that matter.
The alternative, which no one thinks is a good idea, is to store those files unencrypted, and then you can do whatever you want with them in the cloud. Problem is, so can hackers if they manage to breach the storage provider’s defenses.
But things are changing, and new technology from Kryptnostic could give enterprises increased access to files in the cloud, even while they’re stored in a fully encrypted way.
Kryptnostic uses fully homomorphic encryption to guarantee the protection of their data at rest, while traveling, and while being used by enterprises. But it enables some functionality that wasn’t previously available to users.
That includes the ability to search within documents and share content with others, with all encryption and decryption happening locally on the user’s device. Neither Kryptnostic nor the cloud storage provider have access to the encryption keys to enable this, which also means that they will never have access to an enterprise’s data.
According to co-founder and CEO Matthew Tamayo-Rios, with Kryptnostic “the service provider has zero knowledge of your data.” That way, the storage provider can’t learn anything about your data, but the end user can still do useful things with it.
In addition to its search technology, the company provides tools for enterprise policy management to give a more granular view of who has access to which files. It also features encrypted messaging and certificate authentication capabilities. In that way, it avoids the usual tradeoffs that companies need to worry about.
“In the enterprise, you can make things more secure, but in doing so you make them harder to use, harder to access, and less useful,” Index Ventures partner (and Kryptnostic investor) Mike Volpi said. “That’s a decision every CEO makes… You could lock up all your data, and that would make your data very secure; it just wouldn’t make it that useful.”
It’s a problem Kryptnostic co-founders Tamayo-Rios and Sina Iman are well aware of. They were both engineers at Palantir, where they worked on large-scale data analysis problems. Given some of Palantir’s client base, which includes a number of law enforcement agencies and security companies, they were forced with the issue of finding ways to analyze sensitive data while also keeping it secure.
That spawned the idea behind Kryptnostic, which seeks to decentralize the risks related to computation of private data in the cloud. The team hopes to enable enterprise users to determine how their personal data is stored, giving them the tools to do so. In addition to its fully homomorphic encryption core, it also provides a Java client for search within encrypted files, a RESTful API for using the technology, and an object model for connecting the API and Java client.
It’s still early days, but Kryptnostic has secured $2 million in funding led by Index Ventures, with participation from Michael Dearing’s Harrison Metal, Felicis Ventures and RRE Ventures, among others.
With that funding in place, Kryptnostic hopes to hire more employees to build out its technology and expand its suite of services. While the startup is still in alpha testing, it hopes to lock down some strategic partnerships with enterprises and cloud service providers that could make the technology more widely available to their clients.
While Kryptnostic is still working out the business model behind the technology, Tamayo-Rios noted the possibility of licensing it to companies like Dropbox or Box, who could then promise their enterprise users fully encrypted storage, while also enabling them to search within documents stored on their servers.
Kryptnostic could also make the technology available directly to enterprises and enable them to choose who they want to store their files with and how. The good news is that with technology this powerful, the possible applications of it are seemingly endless.