Encryption is fast becoming a must-have feature for data stored in the cloud. Between privacy concerns stemming from regulatory requirements and NSA surveillance, companies expect either cloud service providers or third-party vendors to enable encryption with customer-managed keys in SaaS applications.
A key limitation of data encryption is that functionality and security occupy opposing axes. Of course, that doesn’t stop businesses from wanting more of both. After all, to achieve business value, data must be accessible as well as secure.
To this end – we have some big news to announce. Skyhigh has established a Cryptography Advisory Board in order to help our customers maintain functionality of cloud applications such as Salesforce and ServiceNow while meeting security requirements. The board consists of five leading cryptography researchers from the academic community:
Mihir Bellare, Professor in the Department of Computer Science and Engineering at the University of California, San Diego
Alexandra (Sasha) Boldyreva, Associate Professor in the School of Computer Science in the College of Computing at the Georgia Institute of Technology
Ari Juels, Professor at the Jacobs Technion-Cornell Institute, Cornell Tech
Kenny Paterson, Professor of Information Security and EPSRC Leadership Fellow, Information Security Group, RoyalHolloway, at the University of London
Thomas Ristenpart, Assistant Professor in the Department of Computer Sciences at the University of Wisconsin, Madison
Board members will suggest how to leverage cutting-edge cryptography research to satisfy business needs and provide expert oversight of Skyhigh’s encryption schemes. Past collaboration with members of the board has already led to advancements in order-preserving, format-preserving, and searchable encryption.
The establishment of the board is a huge milestone in Skyhigh’s mission to accelerate the cloud economy. Function-preserving encryption schemes enable organizations to securely employ cloud services to meet business goals, removing a common impediment to cloud adoption.
Where Industry and Academia Intersect
Collaboration with academia is widely considered a best practice in the cryptography world. Proprietary algorithms require review and testing from expert researchers to achieve industry credibility. Practitioners look for encryption schemes with a stamp of approval from the academic community. “Skyhigh’s commitment to openness in the arena of encryption should speak volumes to businesses looking for encryption solutions with third-party validation,” said board member Kenny Paterson.
In addition to this review, Skyhigh will solicit counsel from the board on how the latest Cryptography research can address business needs. Board member Ari Juels points to the relationship’s benefits for innovation in cloud encryption schemes: “Over the course of my career in academic and applied cryptography, Skyhigh is the first cloud security company I’ve seen assemble a Cryptography Advisory Board with an explicit commitment to implementation of peer-reviewed cryptographic algorithms. In so doing, Skyhigh gains access to cutting edge research in academia and the ability to validate and quickly deploy cryptographic innovations.” Finally, Skyhigh customers will benefit from detailed guidance on data security strategies for cloud-based applications.
The commercial industry is not the only party who benefits from the partnership. “It is mutually beneficial when the worlds of academia and enterprise collaborate,” board member Sasha Boldryreva said. “The cross-pollination gives academics insight into the new problems enterprises need to solve, and our scrutiny provides enterprises with stronger solutions, translating to benefits for customers.” Bringing industry use-cases into classrooms and research departments can help guide new research by communicating enterprise pain-points and use cases. As board member Thomas Ristenpart said, “This will not only benefit their customers, but will help build tools useful to the broader security community and even help educate academia about the most pressing real-world challenges faced by industry today.”
One Giant Leap for Transparency
Skyhigh’s Cryptography Advisory Board is an industry first. We hope to set a new standard for the credibility of encryption schemes and instill more trust in security for data in the cloud – all with the goal of helping organizations embrace cloud services. “Skyhigh is leading the industry way with peer-reviewed, theoretically-sound, advanced cryptography based on symbiotic relations with the research community,” says Mihir Bellare. “It is exciting to be part of this synergistic effort.”
Beyond deliverable benefits to customers, this announcement speaks to our foundational values: integrity and transparency. Soliciting third-party testing for our algorithms is a testament to our efforts towards openness and accountability. We exercise transparency when it comes to our encryption capabilities, explaining the trade-offs inherent in any encryption scheme.
As Ristenpart said, “Getting cryptography right is incredibly challenging, and when the community hears vendors’ claims about advanced ‘commercially viable homomorphic encryption’ we get nervous. That’s why it’s refreshing to see Skyhigh take a leadership role in advocating for open, academically vetted applied cryptography.”
We look forward to continuing to innovate in the SaaS encryption space with contributions from our Cryptography Advisory Board. To learn more about the pros and cons of different encryption schemes, read our whitepaper co-authored by Boldyreva.
CASB Magic Quadrant 2019 is here – McAfee a Leader for third consecutive year
CASB RFP Template: 200+ Common Questions Enterprises Are Asking
9 Cloud Computing Security Risks Every Company Faces
Office 365 Security Concerns: Download Definitive Guide to Office 365 eBook
51 AWS Security Best Practices