We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
 
74,953 News Articles

Concern over U.S. snoops drives Canadian political party to cloud-based encryption

One of Canada's largest political parties is using cloud-based Salesforce.com in the U.S. to store information about voters and interact with them, but worries that U.S. government snoops could peek at sensitive information under U.S. law prompted the Canadian party to use a strong encryption approach.

Former cyber security czar Clarke says smartphones, digital certificates create huge security problems

Under the U.S. Patriot Act, the U.S. government can compel Salesforce.com to "hand over all data to them, and not tell us about it," says James Williamson, information technology coordinator for the Canadian New Democratic Party (NDP) in Ottawa, Ontario. The NDP is now the main opposition party to the ruling Conservatives in Canada and holds about 123 million records related to individuals.

Concerns about privacy prompted the NDP, which earlier this year began using cloud-based Salesforce.com as its platform for voter tracking, e-mail and call-center contact, to look for a strong encryption approach that it alone would control.

Salesforce is now a main warehouse for the party's donation and voter data, helping facilitate the flow of e-mail marketing and data use by call agents. Salesforce.com itself does offer an encryption service under which both Salesforce and the customer hold the encryption keys, Williamson says. But he decided he wanted an approach in which only the NDP itself would control the encryption keys to unlock scrambled data. If the U.S. government ever felt compelled to ask Saleforce.com for any data, the New Democratic Party would at least know about any request of this type, Williamson says."You'd be aware of it."

The political party selected start-up CipherCloud with its Unified Cloud Encryption Gateway to keep voter data stored at Saleforce.com private.

Varun Badhwar, CipherCloud's vice president of business development, says the firm provides cloud-based encryption services based on its open API for cloud providers, with the first being connectors specifically for Saleforce.com, Amazon and Box.net. Other CipherCloud security services include anti-malware and data tokenization.

"We're cloud-application agnostic," he adds, saying the start-up is looking at doing something similar for Oracle and Microsoft's Gmail as well. The idea is that only the CipherCloud customer has full control over any generated encryption key used to keep data private.

CipherCloud basically works as a "reverse-proxy" and back-end application with symmetric-key encryption schemes that can be applied on a granular basis field by field to data elements. The firm also has the intent to come up with a data-loss prevention service in the future.

CipherCloud, which has about 40 employees, was founded last year by CEO Pravin Kothari with funding from a variety of sources, including Index ventures and T-Ventures, according to the company.

Read more about wide area network in Network World's Wide Area Network section.


IDG UK Sites

Amazon 3D smartphone release date, price and spec: The hologram phone?

IDG UK Sites

You're never alone with a clone: How the App Store got taken over by copycats

IDG UK Sites

PCs vs consoles: PCs still pwn when it comes to gaming (and everything else)

IDG UK Sites

The art of rebranding: Creative agency The Neighbourhood explains how & why it rebranded