“As an IT industry we’ve failed to deliver security and encryption,” so says Linus Chang, CEO & founder of Scram Software. Sitting with the entrepreneur in central London recently, he claimed that he is launching a new company “in an industry full of snake oil,” which is a particular shame as his new company makes an effort to put a stake in the ground of usable encryption.
Pointing to headlines such as those where almost 200 million American citizens had their data poorly protected, Chang claimed that one of the problems is in the implementation of technology and while encryption is an excellent way to mitigate against data breaches, there are numerous problems with it, such as: bogus products, placebo security, it being complicated to use and it often being “hideously expensive.”
He said that with the launch of the ScramFS toolkit, he wanted to offer a lightweight and software-based technology that above all was easy to deploy and dealt with the three big problems in the industry:
- The demand problem – as market demand has never been higher
- The supply problem – as the standard of products has been questionable
- The delivery problem – as deploying encryption has traditionally been difficult
To solve these problems, Chang told Infosecurity that Scram Software's solution uses client-side encryption, offers the ability to encrypt data in the cloud and gives system administrators the ability to do their job and for developers to implement secure solutions.
“Only 4% of businesses use encryption, so there is a long way to go,” he said, in a suggestion that deployment was the main barrier. He also pointed at articles 25 and 32 of the GDPR which stress the need to “secure personal data and use data protection by design and by default.V
Chang said: “GDPR says to do data protection by design so that it is automatic, but our API allows encryption to be integrated so you can start to tackle the threat.”
In terms of the problems with existing products, Chang claimed that often encryption is purchased as a placebo, where the buyer doesn’t actually understand what the functionality is. Meanwhile, the problem with cloud-based encryption is the ease to decrypt it when the cloud provider possesses the encryption key and plain text is visible to the cloud provider, while on the client side, he said that ScramFS is able to encrypt data before it leaves the perimeter and the key is on the client device only.
He also claimed that ScramFS “only uses ciphers that are resistant to quantum attacks,” specifically because the two biggest key providers “are both vulnerable to attack by quantum computers.”
So why does Scram feel that there is a gap in the market, and what is it offering that is distinctly different? Chang said that it is easy to point the finger of blame as some breaches are caused by human error, but ultimately we are not solving the problem of using encryption.
“Often you don’t know it is encrypted, you can only trust what you can see,” he said. “The average developer (18%, according to a 2017 Github research paper) can only encrypt one string of text so we wanted to give the developer easy to use tools.”
The company was founded three and a half years ago, and count cryptographers and academics among their reviewers, and the use of company name was in order to “say scram to hackers,” before assuring Infosecurity that it is actually short for ‘scrambled’.
He concluded by saying that this launch is about “security first and not as an afterthought” and “this is what we need to do to start solving the data breach problem.”
Scram Software has created an ‘encryption cookbook’ accompanying ScramFS, enabling system administrators and DevOps engineers to follow ‘recipes’ for protecting many types of data, from encrypting a WordPress website backup, to the encryption of a MySQL or Microsoft SQL Server backup.