November 13, 2012
On a daily basis I get press releases from companies offering to be the “Dropbox for the Enterprise”, these companies are treading the well worn path of leveraging the well recognized name of a player in order to get their point across. Perhaps in an indication of the market success and awareness that Box.com is building, I was intrigued to hear from FileLocker a company promising a “truly secure cloud collaboration” experience. Front and center they’ve taken the fight to Box – the first line of their release suggests that “A Box is Not a Secure Place for Your Files”. FileLocker is the latest product from InfraScale – a company that previously focused on online backup products for SMB and enterprise customers. In launching FileLocker, InfraScale CEO Ken Shaw is claiming that both DropBox and Box have been “substantially misrepresenting their capabilities when it comes to security and won’t be adopted by enterprise or Government” because of it. Those are pretty strong words – FileLocker is claiming their service beats the incumbents for three main reasons;
- End to end encryption means the product is truly secure. Raw files cannot be viewed by FileLocker themselves or anyone who gets entry to a customer’s account
- Choice over location, FileLocker points to a Gartner report that suggests 5% of CIOs prefer private cloud storage to public
- Price – FileLocker is free for SMBs and $5/user/month for enterprises
FileLocker has spent time differentiating themselves from their competitors – it’s own diagram plotting products against “enterprise functionality” and price can be seen below. Of course the definition of “enterprise functionality” is one that could be argued – different organizations have different priorities in terms of functionality and FileLocker are really only focusing on the encryption piece of the puzzle.
On the encryption piece, FileLocker encrypts files locally, in-transit and in the cloud as opposed to other solutions which send files in the raw. FileLocker suggests this is a risk vector and opens organizations up to their accounts being hacked and data breached. With FileLocker, a user’s files are
protected before leaving a device with a personal passphrase known only to the customer, transferred over a 256 bit SSL connection, encrypted again and then stored in the FileLocker cloud. FileLocker’s criticisms for other vendors generally, and in particular DropBox and Box, is that they are built around a system where raw data is encrypted by the vendors using a managed key, the premise being that customers should trust vendors with raw data. Shaw is adamant that customers don’t need to trust vendors, and fundamentally shouldn’t.
Alongside the encryption piece, FileLocker is also pointing to versioning and audit being a critical requirement for enterprise customers. They’re archiving files permanently including versions – rollback to previous versions is possible at any time. In another hat tip to enterprise requirements, FileLocker is joining other providers like OxygenCloud and Egnyte to offer their product using on-premise storage. FileLocker can be hosted behind a company’s private firewall, still utilizing the software’s end-to-end encryption between client and cloud. In terms of price – FileLocker is free for five people and up to 25 GBs of cloud storage (5 GB per person). For more than five people FileLocker is just $5/month per person with completely unlimited cloud storage, and a full hos of mobile and desktop apps.
FileLocker has to be careful talking primarily about the encryption piece as a differentiator with Box and Dropbox. In general, because encryption is but one part of a complex chain of functionality but specifically because Box in particular has made no secret of their wholesale pivot from consumer to the enterprise – as such it wouldn’t take a genius to suggest that customer-owned encryption keys are something that is likely on their horizon – also bear in mind that in only the last few months Box has introduced two factor authentication, a partnership with Proofpoint for Data Loss Prevention and native configuration to turn off mobile caching – all things that point to a robust, and more importantly, holistic view on security.
I spent some time talking with Julia Mak from FileLocker competitor OxygenCloud for her alternative perspective. Not surprisingly (Mak is, after all, a vendor who delivers a box competitor but with an on-premise flavor) she agreed that most cloud content vendors don’t have enough encryption for enterprise use – primarily because they’re focused on providing a consumer-type user experience. As an aside, this is a point made well in a recent post on VentureBeat where Christina Farr called BS on the “Dropbox” effect – the idea that you can simply create a bottom-up adoption product and expect enterprise to lap it up. Alas, and as Box discovered after their pivot from consumer to enterprise, gaining enterprise adoption is a much more complex problem and no one has truly dominated the market yet in the case of true corporate wide deployments and not just a portion of freemium users within a company.
Mak points out the reality beyond simply the encryption issue when she points out that:
Strong encryption plays a critical role in securing sensitive enterprise content but it is not the only end of all means. Just like if one were to prevent burglars from breaking into the house the answer isn’t just to buy additional locks… we believe the importance to support IT’s need for visibility, data access permissions (for users and devices), and the ability to integrate with existing infrastructure and identity management systems. That way enterprise IT gets a holistic solution to manage, secure and control corporate data, fully addressing a wide spectrum of requirements. Another question I would have is on the product’s usability. While a vendor can provide stronger encryption, the problem that exists in the market today isn’t that two-dimensional. If encryption was the only gap, there are already various types of encryption software that exists. IT can no longer enforce security by putting everything on “lock down”. Users need an easier way and many are accustomed to the seamless experience that other cloud consumer products delivered.
And herein lies the rub – to truly meet enterprise IT needs, a product needs to be locked down to the point that it loses much of the usability that makes cloud collaboration so valuable. At this point in time we’re all still struggling to find a happy ground that constitutes “enough” security without affecting the user experience in a detrimental way. FileLocker has one take on this, and much of what they say makes sense. But it’s not a Dropbox nor a Box killer, and its myopic focus on encryption might prove costly.