As the cloud infiltrates sectors like healthcare and education, security issues emerge around compliance regulations. Sookasa now offers a compliance service across industries to protect user data.
For those who work in industries that deal with sensitive data, keeping files compliant with privacy regulations is a process that is both absolutely necessary and completely frustrating. Cloud computing adds another level of anxiety to the process as employees have to constantly worry about what devices hold that data and who can access it.
Sookasa, a compliance service for cloud products, came out of stealth today to address this issue. They had been running in stealth since they launched in 2012. Their $1.65 million seed round was led by First Round Capital, SV Angel and others; and they recently netted a $5 million series A round led by Sameer Gandhi with Accel Partners. Gandhi also backed Dropbox and Sourcefire. According to Gandhi, Sookasa speaks to trends of enterprise cloud and BYOD.
"The classic enterprise security model never really accounted for cloud services or mobile devices that move in and out of enterprise networks," Gandhi said. Adding, "Whether its legal, financial services, or healthcare, these are huge markets that are clamoring to consume cloud services. Rather than prevent them from using these great services, let's enable them."
Sookasa allows companies to employ the use of their favorite cloud services, while remaining compliant with data regulations such as HIPAA in healthcare or FERPA in education. Despite initial concerns, many of these industries have already started moving toward the cloud.
"You may be surprised that there is such high cloud usage, even in industries with data regulations," said Sookasa CEO and co-founder Asaf Cidon.
When you use a service such as Dropbox, Gmail, or Box they will keep copies cached locally on all devices, and Cidon said that is the biggest problem for compliance. Once you encrypt files with Sookasa, it will always be encrypted. So, even if it is shared on Dropbox, it won't be accessible to anyone without the encryption key.
As the enterprise moves increasingly toward the cloud, regulatory compliance will become a major issue for these industries. According to Edward Ferrara, a principal analyst at Forrester Research, security is on everyone's mind when it comes to the cloud.
"All of Forrester's research shows that the number one impediment to cloud adoption is the lack of security, and security controls and compliance are a part of that," Ferrara said.
Sookasa is not a cloud storage company or a file sharing company. They operate as an additional tool for existing services to make them compliant in the way they share and access their data. With the launch, Sookasa will be publicly supporting Dropbox, which makes sense seeing that they share an investor, but they plan on supporting other platforms in the future. Getting started is pretty easy, just create a username and password and then install the Sookasa application on your device.
"Sookasa then creates a folder in Dropbox, called 'Sookasa'. Any file you place in the folder is automatically encrypted, audited and access controlled. All this is done in the background, and to the user it appears like a completely normal folder," Cidon said.
The service also offers administrative capabilities that include setting policies and granting or revoking access to certain users. Sookasa costs $10/month or $100/year per team member, with a 30-day free trial. The company also offers a free version that includes personal encryption, but it doesn't give you access to the administrative dashboard or compliance features.
"Encryption is going to be, and is the way, to protect all data in the cloud," Ferrara said.
Sookasa can't open any of the files because they aren't stored on their servers; and Dropbox can't open the files because they are encrypted with Sookasa keys. David Crump, director of operations at Choice Medical, said that this creates a win-win for him and his team.
"We use Dropbox to organize and streamline many of our internal processes. Much of this information stored contains Protected Health Information (PHI) for our patients," Crump said. "We use Sookasa as a HIPAA compliant layer added onto Dropbox to ensure this information stays encrypted and within our control. The biggest value Sookasa has brought to us is seamless integration with Dropbox - which gives us the needed combination of security and an excellent end user experience."
Security is important to Sookasa too. The Sookasa team recently hired Praetorian, a company that provides security assessments, to conduct an audit of Sookasa's compliance security. It's a long process that typically takes many months, but you can never be too safe when it comes to compliance.
"I use their service to sleep comfortably at night knowing that my patient files are safe," said Dr. Jonathan Kaplan of Pacific Heights Plastic Surgery. He later added, "Sookasa saves me millions of dollars in potential Federal fines for HIPAA related violations."
For example, Puerto Rican insurance company Triple-S Management was recently slapped with a $6.8 million penalty for not taking the necessary steps to prevent a data breach.
The idea for Sookasa came when CEO Asaf Cidon, who used to work for Google, was a Ph.D. student at Stanford studying computer science and cloud storage technologies. His father, Israel Cidon, was a computer science professor at the Technion, in Israel, but is also a serial entrepreneur. They had been communicating and sharing files through a few cloud services, and began to wonder about the security implications of using cloud services.
Both men have a background in cybersecurity and Israeli intelligence, so it seemed a natural fit for them to tackle the issue of data security in the cloud. Asaf Cidon said that the reason for operating in stealth for so long was to make sure the product would be easy to use by clients who may be used to older, legacy products or who may not consider themselves technologically-savvy.
When it comes to competition with legacy solutions, one of their biggest competitors is actually a compliant fax machine. Although slow and clunky, these types of products are tried and tested, which is why they are valuable to their users.
"Legacy security systems are all focused on appliances or reverse proxies that monitor the communications in and out of the corporate network. We think this approach is outdated and does not provide security in a world where files are being stored on the cloud and accessed from multiple mobile devices in different organizations," Cidon said.
According to Cidon, the long-term goal for Sookasa is to establish itself as a standard for cloud service compliance; but right now they are just focused on the launch. The next step is to provide compliance encryption for Gmail users. While there are other encryption services out there, such as Boxcryptor, Sookasa is uniquely focused on compliance and security. No matter who ends up on top, there will likely be a growing market for cloud security in the coming years.
"The cloud is unstoppable," Ferrara said, "we are moving to utility computing as fast as companies can get there."
- 54 hours to market: Startup Weekend is a boot camp for founders
- How startup founders can stay on the right side of the law
- JVP launches first Israeli cybersecurity startup incubator with Ben-Gurion University
- How Aaron Levie and his childhood friends built Box into a $2 billion business, without stabbing each other in the back