I covered cloud security vendor Tresorit awhile back when they gained a bit of attention by offering hackers $25k if they could break into the Tresorit service. A few months on and the company hasn’t needed to front up with any of that cash, but in the event that suddenly hackers start to be successful infiltrating the Tresorit service, the company now has a small mountain of cash to fall back on. Of course it’s unlikely (famous last words!) that the cash will be needed to pay the hackers – to date, more than 1,000 security professionals and experts from institutions including MIT, Stanford and Harvard have tried unsuccessfully to break into Tresorit’s encryption technology. Tresorit, like a red rag to a bull, is saying that its system is “unhackable” – cue the really committed hackers! Especially so since the bounty has recently been increased to $50k!
The reasoning behind Tresorit is that, post Snowden revelations, every enterprise worth its salt is just dying for strong encryption in an effort to block spies – of the industrial and governmental kind. Tresorit uses share-able client-side encryption which protects data during both storage and access and across all devices. The company offers paid storage plans starting at $5.95 for 100GB. Another bonus point, at least for organizations worried about US vendors – Tresorit is a European domiciled business and the data stored in Tresorit is located in European data centers giving (arguably) more protection from US agencies use of the PATRIOT Act (although it has to be said that a lack of legal options for US eavesdropping haven’t seemed to stop the NSA from doing what it wants to). For many customers, especially those within the European Union, having a competitor to Box or Dropbox that is stored and domiciled locally is a compelling proposition. Tresorit is available for Windows, Mac, Android and iOS, and will soon release a Windows Phone as well as a Linux app.
The company is today announcing a $3M series A round to join the $2M seed round raised already. It was led by Tresorit’s current investors, including Euroventures and entrepreneurs Andreas Kemi and Marton Szoke.
Tresorit is interesting since it is smack bang in the middle of the debate over whether security should be an integral part of a file sharing platform, or whether high level enterprise encryption can be an add-on. Competitors such as Box and Dropbox seem to take the position that mid level security is sufficient on-platform, and that higher levels of encryption, DRM and other security controls can readily be provided by third party ecosystem vendors. I’ve never been totally comfortable with this viewpoint – it seems to me that the largest enterprise customers want deep security to be a baked in part of the product, and don’t want to have to revert to a third party vendor for something that they believe is core. As Tresorit says (with self-interest, but also with some justification):
The problem with popular cloud storage services like DropBox and Box is that they don’t provide the end-to-end encryption needed to truly guarantee personal as well as enterprise-grade security. In a post-Snowden world, we’re seeing an intense interest in the enterprise market for a solution with a higher level of hacker- and spy-proof security. While we’re a huge advocate of the usability pioneered by popular options, we firmly believe that there’s a systemic problem with how data and encryption keys are handled in today’s enterprise cloud solutions. Until today, businesses have had to settle for a trade-off if they wanted to take advantage of the benefits of cloud storage. With our technology there’s no need to make that compromise
Of course over time the vendors like box and Dropbox will add this sort of functionality directly into their products, thereby removing this point of differentiation from vendors like Tresorit. In the meantime, they’ll be sure to make the most of it. And after that they’ll no doubt continue to push the “non US” theme as a differentiator – time will tell how well that goes for them.