Paul Mah examines the iTwin and its promises of simple and secure file transfer between two online computers.
You may have read about the iTwin, the sleek looking $99 gadget whose claim to fame is its promises of simple and secure file transfer between two online computers. Its unique premise revolves around physical ownership of one half of the iTwin dongle required to forge a virtual link with its other half - giving the product a level of simplicity that even your grandma should have no problem with.
How it works is this: Plugging one end of the double-ended USB iTwin dongle while it's "paired" automatically initializes it, creating an encryption key that is stored on both halves of the device. When split up and plugged into two computers, the iTwin software automatically installs and makes use of this encryption key to facilitate the secure transfer of data - drag and drop style - over the Internet. The iTwin works behind firewalls, as well as on both the PC and Mac.
The obvious downside, of course, is that the source computer has to be left switched on with Internet access, though its creators would like you to think that this is a comparatively small price to pay.
An idea that just "grew and grew"
The product was the brainchild of company CEO Lux Anantharaman, who went on to co-found the Singapore company - also named iTwin - with company COO Kal Takru in October 2010.
The company went on to launch the iTwin on the global stage at CES 2011. When I spoke with Takru late last year, he told me how the idea was actually conceptualized in early 2008 and developed with A*STAR as an exploratory project that just "grew and grew." A*STAR stands for Agency for Science, Technology and Research and is a government agency dedicated to fostering scientific research in Singapore. Today, iTwin has 25 full time employees, as well as an office in Boson, Massachusetts.
Each half of the iTwin incorporates a microchip that creates a common random key used to find its paired half on the Internet. A server maintained by iTwin facilitates this process to allow the iTwin to work through firewalls. There is no way for anyone to snoop on the data even if the iTwin server is compromised, says Takru, and data will be routed directly if both end nodes are on the local network. The software driver currently performs the encryption and data compression, though the next step is to incorporate a chip within the iTwin to perform this in hardware.Unique proposition
It is easy to understand the value proposition of not storing sensitive data in a USB flash drive where it could be misplaced or stolen. Yet cloud storage does not suffer from this weakness, and is a far more popular option. So does the iTwin offer any advantage over it?
In an email message, Anantharaman pointed to how the passwords used to secure data stored in the cloud are "a notoriously insecure security mechanism" and susceptible to brute-force attacks. Moreover, while most of us assume that the data for our favorite cloud providers are based in the United States, IT professionals know that it may not necessarily be the case.
Anantharaman puts it this way: "Files may be stored in a country with different legal frameworks that may allow them to treat that information with less care. That can be a legal nightmare for businesses storing sensitive information such as accounting documents or client data."
Finally, he also pointed to the typical behaviors about data that is no longer needed as another reason to avoid cloud storage. "Most small businesses don't manage their files very well after they are no longer needed, and undeleted documents containing sensitive information are likely to litter cloud environments," says Anantharaman. "Many of these files will probably still have the same sharing permissions that they were given when they were used, creating a security risk that persists long after those files have been forgotten."