A new British software company claims to have come up with a solution to one of the most challenging security problems...
-- how to share data safely with third parties.
Egress Software Technologies Ltd., based in London, is launching an in-the-cloud service that enables anyone sending data to an outsider, such as a supplier or subcontractor, to maintain control over how and when the information is used.
Subscribers to the Egress Switch service download client software that lets them encrypt outgoing files and also apply a set of policy rules to determine how the data is used once it reaches the recipient.
The files can then be sent by email, FTP, or copied on to a CD to be sent through the post. The recipient has to log on to the Egress Switch service and register to download the client software. The policy, which is set by the sender, is held in the cloud and determines who can open the file and for how long. A later version, due out in June, will extend policy to control whether files can be copied or printed.
"The cloud service does not hold any of the information itself, just the security parameters that apply to it," said Bob Egner, the company's U.S. president. "It means that if you change your mind about the policy after sending out a file -- for instance, you decide you want to stop someone seeing it -- then you can do that immediately."
The service is currently limited to PCs running Windows XP or Vista, although a Mac version will be launched later, said Egner. Companies can subscribe for £23 per user per year to send out encrypted information. Recipients of information do not have to pay. Companies will also have the option to buy the host software and run their own service internally if they prefer not to entrust it to Egress.
For consumers, there will also be a pay-as-you-go tariff where they can buy five credits for £6.99, enabling them to send out five bundles of information through the Egress Switch service.
According to Egner, the service avoids the complexity of other technologies such as public key encryption and enterprise rights management systems, which usually require outside organisations to be enrolled into the Active Directory of the host organisation.
Beta customers for the service include Royal Bank of Scotland, CSC and the City and Hackney Teaching Primary Care Trust.
Fran Howarth, a principal analyst at Quocirca Ltd., a U.K.-based IT analyst group, said she was impressed by the new service. "It is a simple and cost-effective service," she said. "It is very intuitive, so users do not have to learn any new interfaces."
She said the launch was well timed, given the state of the economy. "Everyone wants to get rid of their capex expenses, so with this, they can get it for a subscription, and they are not locked in. That is why all cloud companies are growing their revenues at the moment by 30 to 40% a year."
Egress is funded by its founders Tony Pepper and Neil Larkins, who both held senior positions at London-based security company Reflex Magnetics, which was acquired by Pointsec Mobile Technologies in 2006, which was then bought by Check Point Software Technologies Ltd..
They founded Egress is 2007 as a reseller of Check Point and Pointsec products while developing the Switch service, which will be officially launched on March 16.
Security needs to be high on the agenda when organisations head for the clouds, as Adrian Seccombe, CISO of Eli Lilly, explains
Have a cloud computing question? Send it to our expert, Richard Brain
Learn how to implement firewall egress filtering properly