Fun fact: You can now store and share your files through Dropbox and be HIPAA compliant at the same time.
This is now possible because Sookasa, a San Mateo-based startup, is launching its compliance layer for cloud storage of files, starting with Dropbox integration.
Unlike the average Joe Smith, professionals in regulated industries such as healthcare, financial services, and even education are required to use tools compliant with the Health Insurance Portability and Accountability Act (HIPAA), which calls for control over who accesses files as well as the ability to audit when, where, and by whom files are opened.
Not surprisingly, Dropbox (and other similar file storage providers) are not compliant by default, so Sookasa wants to be the “transparent layer of security” for these storage solutions without taking away from their user-friendliness.
So in the case of Dropbox, a Sookasa folder shows up in your account where you can store all the files you wish to encrypt and protect, no extra fuss.
“What prompted us to do this is that cloud services are … becoming very popular in the workplace and even industries like healthcare and finance,” Sookasa cofounder and chief executive Asaf Cidon told VentureBeat in an interview.
Sookasa is taking advantage of two current trends: the shift to the cloud and the flexibility it offers, and the shift away from the personal computer (i.e. the move to mobile and multiple devices), Accel partner and Sookasa investor Sameer Gandhi told VentureBeat.
“It really changes the entire security and compliance landscape” he said. “And for those companies to be able to take advantage of cloud and mobile, there needs to be [security] compliance.”
Device loss and the “scattering of files by cloud services” are also huge problems in these highly-regulated industries, according to the company. Having the ability to remotely wipe access to files and protect a company from privacy breach liability when that happens is a huge advantage.
No one has all the ‘keys’ to open the files
But one of the most interesting things about this company is its current independence and its status as a security software provider.
“I think a lot of customers actually want a third-party [security] provider,” explained Cidon.
Privacy-sensitive companies often worry about storage providers having access to their files, so keeping the storage provider and encryption providers separate actually helps alleviate that concern for customers and protect storage companies from privacy breach liability, he explained.
Moreover, Cidon believes this historic trend also means that Dropbox and others won’t be coming up with competing solutions and that Sookasa has a long and independent future as a company.
“I think that the fact that we remove liability is a pretty compelling argument against acquisition,” he said.
Cidon also pointed out that after Salesforce acquired encryption service Navajo in 2011, Salesforce customers apparently continued to use third-party providers — acquisition “just doesn’t seem to work from a business standpoint.”
But of course, there is not much preventing other companies for attempting to create a similar service (despite the complexity of the technology and Sookasa’s patents), so only time will tell if the company will become the leader as the market expands.
Luckily, Sookasa also just picked up $5 million from investors including Accel Partners, First Round Capital, and SV Angel, and it previously raised $1.6 million in seed investment in 2013.
Sookasa’s founding team includes a former Israeli Intelligence commander and former employees from the likes of Google, IBM, and Cisco. Accel’s Sameer Gandhi is joining the company’s board, and he ha previously led early investments in Dropbox and security software-provider Sourcefire.