Certivox's PrivateSky tackles email security with cloud-based encryption

Certivox has launched a cloud service that the vendor claims solves the decades-long problem of securing email and attachments, so only the recipients can read them.

The new service, called PrivateSky, handles all encryption and decryption at the browser, so data is never unsecured when it is traveling or stored on the Internet, according to Certivox. PrivateSky was made generally available Thursday.

Even though email was invented roughly 40 years ago, security remains a headache for most companies. In a survey released last year, secure messaging provider VaporSteam found]that three-quarters of the respondents from large companies said they have violated compliance rules via email. About a third of them said they did so intentionally.

Certivox is attacking the problem by making the process of securing messages and documents in PrivateSky as easy as sending an email. "Effectively, it is a browser-based portal that pushes the envelope on HTML 5 technologies to do end-to-end encrypted messaging and managed file transfers, so that the data is actually encrypted using the browser's native engines," said Brian Spector, chief executive of the company.

HTML 5, the latest version of the markup language for creating web pages, is a much more sophisticated language than its predecessor, HTML 4. The new technology comes with a full database for storing gigabytes of information and removes the need for most add-ons, such as JavaScript and Flash, which are huge security risks due to a large number of vulnerabilities.

PrivateSky only works on HTML 5-supported versions of Mozilla Firefox and Google Chrome browsers. To send an email and attachment, a registered user logs into the portal, writes the message, uploads the attachment and presses encrypt and send. PrivateSky scrambles all data through technology embedded in the page before the information leaves the browser to Certivox's servers.

The receiving addresses are sent a message with a link that the recipient clicks to enter PrivateSky and enter his name and email address. The portal then sends a message with another link that the recipient clicks on to go back to the portal and setup a four-digit PIN. Once that is done, PrivateSky stores a token in the HTML 5 database in the browser, so the next time the person visits the portal to retrieve messages, he will need the PIN that matches the token.

"It really just acts like a closed-loop web-mail system," Spector said.

Certivox offers a free version of the service for sending messages. The premium version costs $9.95 a month and allows users to send files up to 10MB and comes with 5GB of storage.

Certivox is not alone in selling cloud-based file sharing. Others include YouSendit and Box. Certivox is hoping to differentiate itself with its end-to-end encryption, which it is pitching to government agencies and the finance and health care industries.

Read more about cloud security in CSOonline's Cloud Security section.

Show Comments