Startup nCrypted Cloud Adds Secure, Transparent Layer To Dropbox

Securing The Enterprise

A modern-day Wild West can be found in the slapdash enterprise use of cloud-based file storage and sharing. But a solution released this week puts user-managed security atop those platforms without burdening the IT department with lots of administrative overhead.

Boston-area startup nCrypted Cloud on Wednesday unveiled nCrypted Cloud Enterprise Edition, which combines cloud-based services with browser, desktop and mobile client apps to automatically encrypt Dropbox files at the discretion of their owners using the Dropbox-native interface. Versions for Box, Google Drive and Microsoft OneDrive (formerly SkyDrive) are in the works.

The CRN Test Center hooked up with nCrypted Cloud CEO and founder Nick Stamos last week and took Enterprise Edition for a test drive. What we found was a stable, intuitive security layer that's as flexible and easy to use as Dropbox itself. Here's a look at some of the highlights.

Dropbox Security Layer

The nCrypted client (shown here on Mac OS X) implements a virtual viewer of a Dropbox folder. Normal icons appear with a series of new icons on top that indicate the security status of the folders within. A solid blue lock indicates encrypted personal data, a blue lock with a person contains shared encrypted data, and a black brief case shows a folder that's corporate-owned and encrypted with corporate keys.

"It's challenging to protect info, especially outside of firewalls and corporate networks," said Stamos, whose past endeavors include the founding of data security firm Verdasys. "Some solutions enable users to share data, but there's no revocation action available. In ours, you can," he said, because encryption policies are persisted within a file when it moves outside control of the system. "So even if it's outside of a protected folder, the file retains the policy." It can even be revoked. More on that later.

Security Reminder

Security can't work if it's not applied. "We want to push responsibility for data to the collaborator," said Stamos. So the user-administered nCrypted Cloud not only prompts users when an impending action is insecure or unauthorized but also provides a one-click remedy. In the case shown, security can be applied to a folder that's about to be the recipient of a secure file by clicking "Yes."

Access Auto-Request

If an unauthorized person requests access to a file, the requester is prompted with an equally simple method of requesting permission from the owner, who receives an email like the one shown here.

"If it simply said 'access denied,' that's not a very positive user experience," said Stamos. The file's owner can grant access to the requester with just a few clicks. For bringing new users into the nCrypted Cloud security fold, there's also an automated invitation system that can be populated with test that meets the needs of the customer.

Levels Of Sensitivity

The system provides five levels of file sensitivity that can be precisely defined and named to meet the needs of an organization. Settings can be edited by owners or administrators, and they can be applied to individual files or to folders. Files placed in a folder with a higher security level automatically inherit the stronger security. "The top secret setting prevents documents from being viewed offline without a corporate PIN," said Stamos. Short of a DRM system, he characterizes nCrypted Cloud as more of a hybrid, using encryption enveloping wrapped in 256-bit container. "Access to data requires a connection to the mother ship," he said, but there are some offline options too. That includes a three-day period during which protected files may be viewed by those authorized. All of these settings can be altered as needed. And for people who leave a company, "their clearance is revoked, but their personal data encryption remains, and they can still revoke clearance they've given others in the corporation."

Control Multiple Accounts

On the administrative side, nCrypted Cloud permits a managed service provider to create multiple companies and manage them from afar using a browser, as long as each purchases an Enterprise Edition license. Organizations also can designate additional third parties or administrators within their organization to manage security policies, files, users and their privileges and devices. "As an admin of encrypted files, I can see audit trails on corporate machines but I don't see what they're doing with personal data; we don't cross that line," said Stamos. For each enterprise, there's a single screen (shown) that lists all users with access to the system. "Admins have full control and visibility of all shared files on all devices," said Stamos. "They can see what's being worked on in real time, instantly enforce security on all cloud data or revoke access at any time."


Simple Security Setting

"You can't have no controls, and you don't want to turn it into SharePoint," said Stamos, referring to the governing philosophy behind the UI design of nCrypted Cloud, which is really clean and simple. The management dashboard shown here presents four main functional categories, and just the middle two relate to security policies. In the Device Policies tab shown, a few toggle switches control most of the action, each with an option to allow users to override.

The Bottom Line

Stamos says that in the end, a key benefit of nCrypted Cloud beyond security is its lack of administrative burden on an organization. "Ongoing administration is really low because we're delegating responsibility to the end-users for their own files," he said. "Administrators simply monitor, perform audits and do reports."

The system's auditing includes all files in a protected account, even those with no encryption applied. Pricing starts at $10 per user with a 25-user minimum with clients and is available for Android, iOS, Mac OS X and Windows. nCrypted Cloud Enterprise Edition currently works with Dropbox. Versions for Box and Microsoft OneDrive are expected later this year; a version for Google Drive is in beta.