If I had a KMaaS in 2013
This is a story about how I came to wish for a pure-cloud Key Management System (KMS), delivered in the form of a SaaS offering, for the strong encryption of unstructured data. In other words, a true Key Management as a Service (KMaaS) that could be decoupled entirely from expensive conventional Hardware Security Module (HSM) appliances, deliver cryptographic security (rather than password or trust based), and yet, scale at cloud economics.
Back in 2013, I was at an Enterprise File Sync and Sharing (EFSS) business called Soonr. The service combined cloud file management with active backup for BDR/DLP functions and included secure mobile productivity applications with built-in MDM/MAM tools – it truly was a one-stop-shop for businesses looking to migrate not just their file servers to the cloud but their entire workflows. We sold our services primarily through large mobile operators and cloud service providers under their own brands – preferring this white-label or OEM model helped us leverage existing strong channels but it also gave us 160,000 businesses spread over 135 countries served out of four geo-redundant jurisdictions. In other words, we had many customers who were not in the U.S.
A big part of Soonr’s value proposition was security. Our service had granular policies and reporting for every possible sharing action, access control, file management, and application management. We knew iOS and Android platforms had all sorts of problems with the way apps could grab each other’s data out of their respective caches without the user knowing, so we used end-to-end encryption for mobile access. The heavy data-plane used in syncing large files between servers and clients required AES-256, and we encrypted all copies, versions, and backups of data in the cloud with strong encryption using unique-per-file keys. The geo-redundant regions allowed us to guarantee that our customers’ data would stay in their country and we had the only EULA in the business that said so. We offered telco-grade SLA’s and HIPAA BAA contracts before most people thought those were practical for a very inexpensive public cloud service. Of course, we ran our own Key Management Systems and audited those systems religiously. We thought all was good. We had the keys.
In June of 2013, Edward Snowden changed all that. In the course of a week, I had several large resellers ask how they could manage their own encryption keys because they could no longer trust and therefore do business with a Cloud Service Provider (CSP) based in the U.S. All the explanation in the world could not convince them otherwise and we now risked losing several large partners and end-customers. Trust was lost. They needed answers.
At that point, our world consisted of multiple mutually distrustful parties, not just between humans but machine-to-machine processes as well, with the owners of the content demanding full control over the encryption keys used by our cloud service. We also realized that telling our customers to build their own on-prem KMS systems was futile – they were trying to move everything to the cloud to extract all the efficiency possible out of their capital and human resources. Even worse was the suggestion that they use a hosted KMS from yet another third party SaaS provider (traditional HSM’s can be adapted for cloud service using multi-tenant front-ends). Not only was this very costly, but had the added downside of shifting trust from Soonr to someone else, often larger, and held in deep suspicion. Finally, many of the “encryption as a service” tools that existed for client-side encryption were summarily dismissed because their keys are generated from passwords or other local credentials rather than being true cryptographic security. These solutions failed many of the compliance criteria in the security conscience financial, legal, and healthcare verticals we served and weren’t seen as good enough.
At the end of the day, some of Soonr’s customers that were alarmed by the events of June 2013 stopped using our services and pulled their data back into firewalled servers, others reduced the usage of services to non-critical components, but many simply remained upset and paranoid because a satisfactory solution did not exist. This negatively impacted our uptake and churn rates and ultimately hurt our business. All because our customers wanted to own and manage their encryption keys and didn’t want anyone else to have access to them.
Today, Sepior’s KMaaS is the industry’s first true cloud-native KMS, having invented the cryptographic protocols required for a practical Virtual HSM (VHSM) leveraging Multi-Party Computation (MPC) based distributed trust. Sepior gives businesses full control over the encryption keys used by their cloud service providers without relying on any single CSP, and at SaaS economics – exactly what I needed in 2013. Better late than never.