Govciooutlook

CloudMask: Seamless Data-Centric Protection

 Tarek El-Gillani, Co-Founder & CTO
“Most cybersecurity defenses these days are designed to keep the attackers out, which, history has shown, is not a viable strategy,” remarks Tarek El-Gillani, Co-Founder and CTO, CloudMask. He further draws the attention to recent events such as the Russian intrusion in the U.S. electoral process as a clear example of the impact a lack of security may have on an organization. In this present age, there is a dire need for rethinking how data security is approached. To ease this situation, CloudMask significantly reduces the attack surface by eliminating the impact of network, insiders, and application breaches. Whether it is protecting the individual privacy or large department sensitive data, CloudMask empowers users to take back control over their privacy.

Founded in 2013 by seasoned entrepreneurs, CloudMask developed its product in conjunction with the Federal Government of Canada after winning the Canadian Innovation Commercialization Program (CICP). CloudMask addresses the strict security requirements of the sensitive government departments, by integrating with their current security infrastructure. “CloudMask ensures that user emails, files, and applications data can only be seen by the organizations and the persons they are collaborating with, and nobody in between—administrators, cloud providers, not even CloudMask,” states El-Gillani. These security claims have been validated through the Common Criteria certification.

The firm safeguards clients’ online accounts such as Gmail, Google Drive, and Clio by running on end-user devices and transparently protecting the data before it leaves the device. CloudMask Masking for Governments is designed by combining on-premise and SaaS offering. This hybrid model is used for collaborating with external entities, such as remote employees, partners, and citizens, without the need for VPN setup. At the same time, CloudMask also protects internal on-premise applications from insider threats.

CloudMask ensures that user emails, files, and applications data can only be seen by the organizations and the persons they are collaborating with


“We allow enterprise and SaaS developers to embed our protection layer without the need to change their application,” explains El-Gillani. This allows developers to focus on end-user functionality, leverage commonly available infrastructure which by itself does not meet security requirements, and rely on CloudMask to protect the data.

“We see IoT as a great fit for our technology since our focus lies on the data and not on the device,” emphasizes El-Gillani. Data-centric protection is becoming vital due to the sheer volume of devices and the spread of devices’ physical locations. To this end, CloudMask addresses these two distinctive IoT characteristics, limited resources and the requirement for seamless provisioning. “With CloudMask, data is protected in a manner ensuring that only authorized IoT devices and entities can access data and execute commands,” adds El-Gillani.

A common use case is in enabling departments to collaborate securely with external entities that are not under the same jurisdiction. Here, the collaboration leverages publicly available cloud and/or shared private cloud, while the data is protected by CloudMask at the end-user devices. “The department centrally manages digitally signed CloudMask policies which enforces if and for how long a data element may be accessed by a given party,” explains El-Gillani.

Looking to the future, “We see ourselves expanding our ecosystem to integrate with other enterprise security providers to better address critical security issues such as Advanced Persistent Threat,” comments El-Gillani. Besides servicing the government segment, the CloudMask is also growing its partnership with SaaS and Enterprise developers to provide them the ability to independently create protection policies and embed them into their applications.