Amidst the on-going revelations about the NSA and its PRISM Internet surveillance program and the more recent ‘heartbleed‘ bug, it’s no surprise to see startups turn their attention to security and, in some cases, position themselves as a more secure player compared to others in the market.
Swiss-Hungarian startup Tresorit is doing just that with a cloud-storage solution it claims one-ups the likes of Dropbox and Box in terms of security and privacy because it employs end-to-end encryption, meaning that you — and only you — have access to the “keys” needed to access your files. And, according to the company, without losing the convenience of being able to collaborate and share files with others.
There’s an old hacker saying that you can’t have security and convenience. Tresorit wants to offer both. And to continue that mission and help further develop its “patent-pending” cryptographic encryption technology and market the service in the U.S. and Europe, the startup has closed a $3 million Series A round of funding led by Euroventures, as well as entrepreneurs Andreas Kemi and Marton Szoke (and others), all of whom are previous backers. This brings the total raised to $5 million.
On a basic level, Tresorit (whose name comes from the German word “tresor”, meaning lockable, armoured cabinet) is tackling the fundamental problem of the cloud: once you upload your data, you lose control over it. That’s because invariably the cloud service’s servers have access to it, “making intentional exposure, surveillance or security breaches possible”.
To put some weight behind its claims of unmatched security, in April last year Tresorit offered a $25,000 bounty to any individual capable of breaking into its service. That bounty was recently increased to $50,000 and to date, 1,000+ security professionals and experts from institutions including MIT, Stanford and Harvard have tried unsuccessfully to break its encryption technology, rendering it “unhackable”, says the startup.
Now, I don’t claim to be a security expert on these things, but that sounds pretty reassuring to me.
Below is short a Q&A with Tresorit founder and CEO Istvan Lam, who has a background in mathematics and cryptography. While a student lecturer at university, he teamed up with fellow research student Szilveszter Szebeni and went on to develop Tresorit at CrySyS Lab, one of Europe’s leading cybersecurity laboratories.
What is the problem that Tresorit solves?
“Tresorit is an end-to-end encrypted secure cloud storage solution that provides a privacy-protecting alternative to vulnerable services such as Dropbox and Box. Tresorit uses patent-pending cryptographic encryption technology to better protect user data, while allowing collaboration in the cloud and making the experience user friendly. Services like Dropbox and Box, though they employ user-friendly interfaces, are simply not architected to make this kind of security possible. By skimping on security, they leave user files vulnerable to prying eyes – that includes anyone from internal administrators, to hackers and government agencies.”
Who is the service aimed at?
“Tresorit is designed to help consumers, professionals, SMEs and larger enterprises that require truly secure, uncompromised cloud storage. For example, Tresorit is a natural fit for professional services companies like law firms, CPAs and healthcare organizations that require the highest level of security for client and internal files, risking serious fines and damage to their professional image and business in case of any breach of data.”
How is Tresorit different from other “secure” cloud storage companies e.g. the Dropbox and Boxes of the world?
“Tresorit is the only company that offers enhanced end-to-end data encryption that is designed to be as easy to use as less secure alternatives. If users store and sync files on Dropbox, Box or other popular cloud storage solutions, they are surrendering control of their content. In fact, many of these services outright admit that they reserve the right to access to your files and store your password. And, if any of these services are hacked or tapped for surveillance, user files are vulnerable.”
How do you handle requests from government agencies and law enforcement?
“Privacy is guaranteed with Tresorit. We never collect or store user files, encryption keys or passwords in unencrypted or invertible form – therefore in case any request is made in the future, the only thing we can hand over is data encrypted with one of the strongest algorithms on the market. Files and some corresponding encryption keys can only be decrypted by the individuals that users have explicitly shared files with. We also cannot hand over these keys – as they are stored on the client side, not on ours. Even so, in order to provide the highest legal protection Tresorit, is incorporated in Switzerland and adheres to Swiss privacy law.”