Encryption solutions for the cloud Part 5: Vaultive

Linda Musthaler
By | July 09, 2012

Posted in: Network Security Trends

This is the fifth and last in a series of posts on cloud encryption solutions.

One of the issues with encrypting data is that the resulting ciphertext is difficult to work with inside of applications. The encrypted data usually can’t be sorted, searched or indexed in any meaningful way. Thus, once you put ciphertext into a SaaS application, some of the features of the program no longer work.

Vaultive tackles this issue with its own proprietary form of encryption based on 256-bit AES. The encryption algorithm protects the referential integrity of the data being encrypted so it can be processed while it’s in cipher form. The data can be searched, sorted, indexed and used for reporting without first having to be decrypted. Vaultive has applied for five patents for its cryptographic techniques.

Note that while the Vaultive cryptographic module is unlikely to meet federal guidelines for FIPS 140-2 standards, it does have its place for applications, such as Microsoft Exchange and Office 365. These are the first applications that the Vaultive engine supports, but technically it can work with any applications hosted in the cloud.

Vaultive is an in-line encryption solution deployed as a software appliance on a virtual machine or on dedicated hardware. It can be deployed in a variety of places, such as at the corporate DMZ. Data generated by end users either behind the corporate firewall or while roaming routes through the Vaultive proxy. The data gets encrypted and the ciphertext is routed to the appropriate cloud application. While the data is in the cloud, it never has to be decrypted in order to be processed by the application. This protects the data from access by the cloud provider.

The solution is completely transparent to end users. No software application or agent needs to be installed on the users’ devices. All the work is done by the proxy software, which holds the encryption keys and the rules for routing data to the application(s) in the cloud. The encryption keys are themselves encrypted, and the appliance provides key management functions. The appliance contains a rule set for each type of application it must support; for example, CRM, HR, etc.

The vendor aimed its product at Microsoft Exchange 2010 as the first customization out of the box because Exchange is often one of the first applications that companies want to host in the cloud. In time, Vaultive plans to support other types of applications besides Exchange and Office 365.

Update as of December 17, 2013:  Vaultive has passed the first gate required for FIPS 140-2 validation, having had its cryptographic library validated under the FIPS 197 specification. The company anticipates that it will go initiate testing for 140-2 validation in the first quarter of 2014.

You May Also Be Interested In: