I’ve posted elsewhere about the benefits to lawyers – in terms of client confidentiality ethics and privacy law compliance – of using software that encrypts sensitive data before the lawyer transmits the data over the internet or stores or shares the data using a Cloud solution such as Dropbox. Here’s an excerpt:
It is relatively easy and inexpensive to use automated applications, such as BoxCryptor,Cloudfogger, SecretSync or SugarSync, to encrypt files at your desktop before they are transmitted to Cloud storage. You simply save the files in the automated encryption folder on your computer, rather than the normal cloud storage synchronization folder. The local software encrypts the files using your encryption key and then sends the documents to your Cloud storage folder, such as Dropbox. …
I heard about a recent entry, still in Beta testing, offered by Sookasa. (I’m wondering if that name is derived from the Spanish su casa, for your house.) According to the firm’s website:
Sookasa allows you to securely share and collaborate on files with colleagues and customers using your favorite file sharing and email services. By placing files and directories in the Secure folder on Dropbox, files get automatically encrypted and can be safely stored anywhere in the cloud. Sookasa allows users to control access to encrypted files by managing the distribution of decryption keys. With Sookasa, you can explicitly provide permissions to any person that tries to access these files. These files can then be safely shared using a shared Dropbox folder, sent with an email service like Gmail or even posted as a public link. After you have finished working with a colleague or customer, you can revoke their access to your encrypted files.
According to my email conversation with Sookasa’s CTO, their service differs in the following ways from the other services that I mentioned above:
- Sookasa allows users to share encrypted folders and seamlessly add and remove collaborators. Therefore, he said, it’s ideal for lawyers who want to seamlessly collaborate on encrypted folders with their clients.
- Sookasa also provides comprehensive IT management, including audit trails, file tracking, employee separation, device blocking, key revocation, etc.
- Sookasa lets users work directly with the native Dropbox client interface (Sookasa encrypts on the cloud, not on the client), and don’t require them users set up a special encrypted drive or use some other dedicate interface.
- Unlike some other encryption solutions, Sookasa’s goal is to be storage agnostic, and let users use their favorite file sharing service (e.g., Dropbox).
I’ll be chatting with Sookasa’s CTO in the new week about their solution. Some items I’d like to learn more about:
- If the encryption takes place at Sookasa’s in the Cloud as a SaaS offering, how does Sookasa protect the information in transmission to Sookasa? (It appears that Sookasa relies solely on SSL channel encryption.)
- What protections exist for the confidentiality of clear text data at Sookasa before encryption occurs?
- Does Sookasa store either encrypted or clear text data?
- How does data get transmitted from Sookasa to the Cloud storage solution (e.g., Dropbox)
- Does Sookasa have the ability to decrypt data? Where do the keys reside?