Secure collaboration firm Intralinks has launched new capabilities designed to allow its customers to unilaterally manage their own encryption keys, ensuring that any cloud-based data can’t be accessed without their permission.
Customer Managed Keys (CMK) is intended to give Intralinks customers greater control over data hosted on the firm’s servers, in a bid to assuage privacy and compliance concerns.
It would also ensure that governments or law enforcement cannot covertly demand access to cloud data via the provider (Intralinks) but would have to come direct to the customer itself, dispelling fears many firms have post-Snowden of NSA-style snooping on their data.
With CMK, customers get dedicated encryption keys and a “direct, secure, dedicated connection” to the Intralinks data center, where they manage those keys.
“Revoking a key across an organisation’s entire data set is an extreme situation that would only be needed in the rarest of circumstances – however this gives our customers the reassurance of having the functional equivalence of the ability to ‘pull the plug out of the wall’ of an on-premise deployment,” Intralinks EMEA CTO, Richard Anstey, told Infosecurity.
“As we evolve our CMK solution, we expect clients to begin using keys at more granular levels down to revocation of an individual workspace. At that level of granularity we see more situations where end of life disposition of content could be executed at a stroke through the revocation of keys for a subset of content which could shortcut otherwise complex deletion and overwrite content disposition schemes.”
Anstey also pointed out that Intralinks provides an “on-premise mechanism” to perform local back up of their encryption keys in the event they are lost, which it is recommended are kept on reliable media in a safe.
The firm has also worked hard to take the pain out of key management, he added.
“As anyone who works with HSMs knows, the complexity of certificate exchange between file processing services and HSM devices can be complex and error prone but we have been able to abstract this level of complexity from the customer while handing over full logical control of the keys themselves,” said Anstey.
“The setup and configuration of the HSM server environment is performed in advance by Intralinks staff and we are also able to provide onsite consulting and training expertise as part of the package if our customers require any assistance in initiating the connection to their ISM partitions.