CipherCloud, a startup launching this week at the RSA Conference, protects sensitive data being transferred on the Web without breaking the applications using the data.
The company is one of 10 competing for the most innovative startup at the conference's Innovation Sandbox Event.
MORE ON RSA: RSA Conference 2011: Cloud security challenges dominate
CipherCloud is reverse proxy software running on standard hardware that sits between corporate-based data and applications in the cloud that are manipulating the data and that protects that data that is deemed sensitive.
If the data being protected is in a field with a particular length -- such as a Social Security number -- the proxy preserves the field length but replaces the number with a representation of the number called a token.
For example, the token will have the same number of characters as a Social Security number so applications accessing the data don't freeze or crash because the number in the field is too long or too short, the company says. Similarly, the token can preserve an area code so that applications that classify data by area code continue to work, the company says.
Alternatively, the software can encrypt sensitive fields, storing the encryption keys locally, just as it stores the token keys locally.
Tokenizing data helps meet some regulatory criteria that say certain data must be stored within certain geographical boundaries. These boundaries can be difficult to determine and assure when cloud-based applications use them. Since CipherCloud only sends tokens representing the sensitive data and stores the token keys locally, geographical restrictions can be met and proven to regulatory auditors, the company says.
Initially CipherCloud supports just Salesforce and force.com, but is working on support for Google Apps and eventually more applications that businesses might use in private cloud deployments.
CipherCloud costs $20 per user per month and is available during the first week of March. It can be delivered either as a software appliance running on commodity hardware or as a cloud-based service. The company is privately funded and founded by Pravin Kothari, who also founded ArcSight.
Read more about wide area network in Network World's Wide Area Network section.