AlephCloud boosts in-cloud security with encryption tech

AlephCloud has secured a patent for an encryption technology that allows content to be shared with multiple parties while keeping it private, even from the application itself and the underlying infrastructure

Storage security solutions provider AlephCloud announced Thursday that the company has secured a patent for an encryption technology that allows content to be shared with multiple parties while keeping it private, even from the application itself and the underlying infrastructure.

The company describes the technology (US Patent #8681992, “Monitoring and Controlling Access to Electronic Content”) as a cryptography-based mechanism that enables all parties to communicate across trust zones in the cloud through a central hub, which acts as an intermediary, without the hub ever being able to access either the data or the data access policies.

“AlephCloud’s patented technology enables cloud providers to establish trust by allowing content owners to control privacy and security mechanisms using a unique blend of encryption and key federation,” said Jieming Zhu, chief executive officer and co-founder of AlephCloud.

“This makes it possible to offer confidential document exchange in the cloud and introduce other advanced services. We believe this invention will change the rules for digital content protection and access both on-premise and in the cloud,” Zhu added.

The technology uses encryption and key federation techniques to layer various privacy controls on top of the cloud storage services software and infrastructure, but it does so by targeting the data at the content level rather than implementing containers to enforce protection.

This philosophy seems to be growing among cloud-based security vendors, which have enjoyed a boost since last summer’s government snooping revelations. Bitglass, a company that came out of stealth earlier this year, implements a similar technique. Its offering effectively attaches meta-data to content passing through cloud services and sends that content through a proxy, where the privacy and security controls are applied and management.