I’ve posted elsewhere about the benefits to lawyers – in terms of client confidentiality ethics and privacy law compliance – of using software that encrypts sensitive data before the lawyer transmits the data over the internet or stores or shares the data using a Cloud solution such as Dropbox. Here’s an excerpt:
It is relatively easy and inexpensive to use automated applications, such as BoxCryptor,Cloudfogger, SecretSync or SugarSync, to encrypt files at your desktop before they are transmitted to Cloud storage. You simply save the files in the automated encryption folder on your computer, rather than the normal cloud storage synchronization folder. The local software encrypts the files using your encryption key and then sends the documents to your Cloud storage folder, such as Dropbox. …
I heard about a recent entry, still in Beta testing, offered by Sookasa. (I’m wondering if that name is derived from the Spanish su casa, for your house.) According to the firm’s website:
Sookasa allows you to securely share and collaborate on files with colleagues and customers using your favorite file sharing and email services. By placing files and directories in the Secure folder on Dropbox, files get automatically encrypted and can be safely stored anywhere in the cloud. Sookasa allows users to control access to encrypted files by managing the distribution of decryption keys. With Sookasa, you can explicitly provide permissions to any person that tries to access these files. These files can then be safely shared using a shared Dropbox folder, sent with an email service like Gmail or even posted as a public link. After you have finished working with a colleague or customer, you can revoke their access to your encrypted files.
According to my email conversation with Sookasa’s CTO, their service differs in the following ways from the other services that I mentioned above:
- Sookasa allows users to share encrypted folders and seamlessly add and remove collaborators. Therefore, he said, it’s ideal for lawyers who want to seamlessly collaborate on encrypted folders with their clients.
- Sookasa also provides comprehensive IT management, including audit trails, file tracking, employee separation, device blocking, key revocation, etc.
- Sookasa lets users work directly with the native Dropbox client interface (Sookasa encrypts on the cloud, not on the client), and don’t require them users set up a special encrypted drive or use some other dedicate interface.
- Unlike some other encryption solutions, Sookasa’s goal is to be storage agnostic, and let users use their favorite file sharing service (e.g., Dropbox).
I’ll be chatting with Sookasa’s CTO in the new week about their solution. Some items I’d like to learn more about:
- If the encryption takes place at Sookasa’s in the Cloud as a SaaS offering, how does Sookasa protect the information in transmission to Sookasa? (It appears that Sookasa relies solely on SSL channel encryption.)
- What protections exist for the confidentiality of clear text data at Sookasa before encryption occurs?
- Does Sookasa store either encrypted or clear text data?
- How does data get transmitted from Sookasa to the Cloud storage solution (e.g., Dropbox)
- Does Sookasa have the ability to decrypt data? Where do the keys reside?
Brash Tacks 
I am also interested in the responses to your questions. I am looking for a way to use the cloud to story files that are protected by HIPPA.
Sookasa does not store any file and uses Dropbox storage and native interface.
Once you enroll to Sookasa it creates a new folder “Secure” inside Dropbox. Sookasa applies both on device encryption where files (or folders) moved or copied to “Secure” are seamlessly intercepted and encrypted on the device and “sync” by Dropbox to the cloud and all other devices. Therefore all “Secure” files on the devices and on the cloud are encrypted. Sookasa also “catches” (through Dropbox API) any file uploaded to “Secure” via Dropbox web and encrypts it too, discarding any previous unencrypted version.
Decryption is done through device apps and is transparent to the user (double click the encrypted file and it opens in the default application).
Finally, sharing a sub-folder of “Secure” will result in sharing encrypted files. The keys are handled by Sookasa service (access control requests are sent by SSL), the user just need to enable the partner of secure sharing. IT dashboard for multiple accounts is also provided.
You can find more information and ask for a free trial at http://www.sookasa.com. Sookasa is focused on businesses.
Best regards,
Israel Cidon
CTO, Sookasa
Understanding that the encryption happens on the device, the question is really what happens with the AES keys once the files are encrypted? Does Sookasa keep the keys on their server, and if so, how are they protected? It seems that if you are able to share files using AES, the shared key must somehow be transmitted to the receiver so that they can decrypt the file. Encryption is important, but protecting the keys is even more important.
Did you ever hear back from their CTO regarding the questions about 1. Does the encryption take place on the client or on the server, and 2. where are the keys kept? Obviously if it’s on the server, they have the keys, and thus have access to all of the data.
Answers to both:
1. The encryption is done automatically on the device when files are moved to Dropbox app. However, if files are uploaded through Dropbox web interface, they will still be encrypted by Sookasa server (and unencrypted version will be permanently deleted).
2. Sookasa stores keys encrypted by a public key that is associated with a given organization. This structure also allows seamless encrypted folder sharing. Note that Sookasa holds no files, encrypted or unencrypted.