“There’s no way that company exists in a year.” – Tom Siebel, founder of software firm Siebel Systems.
This was Tom Siebel talking about Salesforce.com, easily one of the hottest companies in the cloud computing space, and the reason behind founder Marc Benioff’s billionaire status.
Siebel Systems, on the other hand no longer exists today, after losing massive market share and selling out to Oracle in 2006.
“The cloud services companies of all sizes; the cloud is for everyone. The cloud is a democracy.” – Marc Benioff, founder of Salesforce.com.
We agree with Marc. Due to cloud computing, people all over the world can share technologies, expertise and data previously accessible only to those with expensive infrastructure to do so. It is just one more step to levelling the global playing field.
As the graph above shows cloud computing is undoubtedly a high-growth game changer. With this exponential growth has come challenges, not the least of which is security of user data and privacy.
Solving the Problem
A company we have been doing our due diligence on for quite some time now appears to have solved the twin problems of data security and privacy.
I have spoken at length with the management and their excellent technical team (while I attempted to break their system). The interview I had with Peter Long,the CEO of Lock-box.com, should give you a clear picture of what they’re up to…enjoy!
Chris: Cloud computing has been, and continues to be, one of the fastest growing industries in the tech space. With it comes the element of security and loss of privacy that seem to be part and parcel to this technology. What are some of the challenges facing the cloud storage user and the industry as a whole?
Peter: The Cloud storage industry continues to grow rapidly due to the fact that it reduces costs (inexpensive, pay-as-you-go), allows IT management to be outsourced (reduces people costs, equipment, etc) and is incredibly convenient (easy to use from anywhere, scalable and flexible).
The major challenge facing Cloud storage revolves around control, in particular security and privacy. Put simply, your data stored on a Cloud server is no longer your data. While Cloud Storage/Sharing providers go to lengths to stress the “security” of their infrastructure, news headlines of security breaches confirm to all of us that this is not the case.
This security and privacy issue presents a significant problem for many organisations in relation to data confidentiality, regulation and compliance. For concerned individuals the loss of privacy risk is a significant disincentive to utilising Cloud services. Finding a solution for the security and privacy issues remains the largest constraint limiting the Cloud industry from reaching its full potential.
Chris: Tell us a little about your previous successes in cryptographic technology and how those led you into the cloud computing space.
Peter: The Lockbox development team have significant domain experience in cryptography, security and privacy. Their vast cryptographic knowledge was gained through the development and support of the Bouncy Castle cryptographic project which commenced in 2001.
The Bouncy Castle open source cryptographic library has been hugely successful and is now used by over 10,000 organisations globally, including household names like Google (used on all Android devices), NASA and Visa.
By helping support the use of Bouncy Castle within organisations all over the world, the Lockbox development team have acquired deep domain expertise around the requirements of best practice security, privacy and encryption, all of which has been used in the development of the Lockbox technology platform.
Chris: Moving data over the Internet is supremely risky, especially when it is anything of value, like IP or other sensitive work product. For instance, when emailed that data is essentially open for anyone to view. When dropped onto the cloud via a system like Dropbox it’s completely insecure, as has been demonstrated with multiple hackings.
Peter: Moving any data over the Internet can be very risky unless that data is encrypted. Most backup and personal storage solutions do use encryption, but these products are based on passwords. Passwords have weak security and are very poor for sharing.
The Cloud Security dilemma revolves around how to share encrypted data, including how to use proper cryptographic “keys” to enable the recipients to decrypt the data when received. The complexity of this problem is in two parts: firstly the cryptographic problem of how to manage keys and secondly, a product problem of how we hide this cryptography and ensure that the product is easy-to-use.
This combined challenge has restricted large companies from developing a marketable solution. Dropbox has even admitted in its consumer forums that the development of a client-side encryption capability is not in the current development pipeline due to the difficultly in delivering an easy-to-use solution.
There are solutions to this problem for sharing strictly within large enterprise (at significant cost). However there is no scalable, robust solution of this type available for encrypting and decrypting data between organisations or individuals.
Drawing upon its deep domain experience with cryptography and security, Lockbox has been able to develop a ‘key management platform’ which manages the secure provision, management and distribution of ‘keys’ between trusted parties. This key management platform (patent pending) is the ‘secret sauce’ that enables Lockbox to develop tools that allow users to easily and efficiently share client-side encrypted data over the cloud.
Chris: It’s fair to see that as cloud computing continues to grow, purely due to its usefulness, so too will the race to provide cloud-focused solutions. What makes you believe Lockbox is in the game?
Peter: Companies that are first to the Cloud are certainly seeing significant growth, but security has been a limiting factor. In addition, governments are increasingly requiring companies, particularly in financial services to ensure their use of the Internet and the cloud is secure and private.
We are explicitly targeting this market, and are seeing significant demand from clients in the financial services sector, particularly in the US. Customers consistently tell us that they have not been able to find any other product that allows them to securely and privately use the cloud AND share the cloud based information with their clients.
Lockbox also has a significant portfolio of patents covering our key management platform that provide us with a defensible position in this space.
Chris: How big is the cloud computing market, and of that how much of the market requires privacy?
Peter: Based on research by Gartner, the leading IT industry research body, the worldwide cloud services market will surpass $109 billion in 2012. They estimate the market is currently growing at over 19% annually and will be worth $206 billion by 2016.
The cloud storage market is a significant portion of that and growing even faster. Combined spending for public and private cloud storage will reach $22.6 billion worldwide by 2015.
Within the Cloud Privacy space, over 1 million current Dropbox users have already indicated willingness to pay $5+/month extra for privacy and control (ref: Votebox, a Dropbox forum). We believe that this market is large and growing rapidly, especially as SME’s increase uptake of this technology and seek solutions for privacy regulations/obligations to clients.
Chris: I use Truecrypt for all my files. What does Lockbox provide to me that I can’t get from simply dropping encrypted files into cloud storage?
Peter: TrueCrypt is a personal product and, like most other cloud backup services, makes use of PBE – password based encryption. In reality, this means that Truecrypt product is mainly suitable for personal storage, rather than collaboration and workflow data sharing.
Lockbox provides sharing capabilities using strong key encryption solutions. Each lockbox sharing group has its own unique set of “keys” to data. In this way Lockbox provides easy-to-use sharing for multiple groups of trusted individuals or applications. However, the technical details of the cryptography are hidden from users, so they enjoy the benefits of our user-friendly data sharing experience.
Chris: I have friends who use BoxCryptor. Are they competition to Lockbox, and what can you offer users that they can’t?
Peter: There are various products trying to address this market like BoxCryptor, Wuala, SpiderOak and SecretSync. These are mostly about “personal” backup with passwords. Obviously trying to remember every password for every sharing group is difficult, inefficient and dangerous – it is called the “password plague” for a reason!
Lockbox is different because it uses full-strength cryptographic keys. This is a much stronger form of encryption than those products that use password based encryption. The Lockbox key management platform allows people to be removed from a sharing groups simply by changing the “keys” to their data. Further, because the keys themselves are encrypted, even Lockbox itself cannot see the data end-users have encrypted as we NEVER have a copy of our client’s keys.
Unlike most other data storage providers, we also allow users to choose which cloud servers they wish to utilise, so they can store their data in their own country, or in other jurisdictions.
Chris: You’ve indicated that you have a strong team who have been working on your technology for quite some time. Tell me more about the team behind the magic.
Peter: As I mentioned earlier, our team brings together significant expertise in cryptography, innovation and delivering high technology products into world markets.
At a commercial level, the team passionately believe that the Cloud privacy problem needs to be solved and will be highly valued in the market. At a technical level, the team has significant domain experience and have relished the huge challenge of solving the intensely difficult, large-scale, cloud privacy problem. The team came together in 2008, just as “cloud” computing was taking off, as they could see that despite all the benefits of cloud, the one missing piece was privacy.
I personally have significant product expertise, with over 20 years’ experience within the IT industry covering technical development, sales & marketing and product management. I was formerly a Director of Marketing at Cisco in San Francisco (10 years) and held positions at Telstra, Accenia and Netzentry.
Rick Harvey (CTO) has significant technology expertise with over 20 years’ experience in developing world-class security software and over his career has filed 40 patents. Rick was previously Senior Vice-President/Distinguished-Engineer at Computer Associates (10 years) and VP at Platinum Technologies. In the mid 1990’s Rick co-founded and exited a highly successful security start-up.
Peter Dettman (Security Architect) has significant cryptographic expertise with over 15 years’ experience in software development and continues to be a lead developer of the Bouncy Castle open source crypto project.
Chris: You didn’t start marketing your product until you had patents filed. Even now you aren’t doing so in any meaningful fashion, but you are already generating revenues. It’s early days yet, but do you envision Lockbox as a revenue-generating machine for founders and seed investors, or will you seek a buyout from a larger player?
Peter: The Lockbox development team were working in “stealth” until February 2012 to ensure our ability to patent our technology. We now have many non-technical users using the Client Portal and Workspace products, and a significant and growing sales pipeline.
Lockbox management believes that there is a significant market for sharing information while maintaining Cloud security and privacy, and are raising money to help commercialise the product – this will both allow us to sell the product more broadly, as well as develop specific applications, such as a “wrapper” for Dropbox, which opens up both revenue as well as buyout opportunities as soon as possible.
Chris: Thanks Peter!
Management tells us they will be hosting a conference call for those interested in learning more about the Company’s technology. Drop us a note if you’d like to get the details and we’ll pass it along to Peter and his team.
“As the most participatory form of mass speech yet developed, the Internet deserves the highest protection from government intrusion.” – Judge Dalzell, CDA panel