Startup Navajo Systems is targeting Salesforce.com customers who face regulatory hurdles involving data privacy and cloud computing with a new service it calls Virtual Private SaaS (software as a service).
The service works by encrypting any data considered sensitive before it is transmitted to the Salesforce.com system. While residing there, the data is "completely unreadable (and therefore meaningless)," according to a Navajo document. "Database theft, accidental leaks, law enforcement subpoenas to the SaaS provider and even identity theft all become harmless, and regulatory compliance is ensured."
Navajo's software decrypts the information when it is sent back to end-users, with enterprises retaining control of the decryption keys. The service runs in the background and requires no changes to SaaS application code, according to Navajo.
While data traveling between a SaaS vendor's data center and an end-user's browser is generally encrypted, the copy residing on the SaaS vendor's database may not be, according to Navajo.
And users' data remains vulnerable even if the SaaS vendor encrypts it, since an unscrupulous employee or hacker could compromise the information, according to Navajo.
Its service can be installed on a customer's network as an appliance, as well as delivered as a service from Navajo or a third-party provider.
The Linux-based system has three components: a proxy server that sits between the SaaS application and end-user clients; an encryption engine that uses "patent-pending encryption methods based on NIST-standard encryption algorithms"; and a Web-based system management and security policy tool.
It enables field-level encryption, partly to ensure applications can still run as intended. For example, the date and time of a meeting entry in a calendar application would not be encrypted, but other details would be, according to a Navajo document. Navajo's encryption technology also allows the application to search and sort through encrypted data.
The new Salesforce.com service joins similar ones Navajo sells for other SaaS applications, including SuccessFactors, Google Apps and Oracle CRM On Demand, as well as homegrown applications deployed on cloud platforms.
The Jerusalem company competes closely with companies like PerspecSys, which also has a specialised data-protection service for Salesforce.com.
Surveys show that trust and control issues are key inhibitors to the adoption of cloud computing, 451 Group analyst Steve Coplan wrote in a recent report on Navajo.
"SaaS providers and enterprises making a strategic investment in cloud are motivated to resolve these issues in order to facilitate broader adoption. This makes for a receptive audience and fertile partnership landscape for Navajo," he added.
However, "we have concerns that while Navajo's immediate focus on compliance and data privacy will yield plenty of attention, the company could pigeonhole itself, especially when compliance is properly understood as a subset of security and data privacy as one facet of a structural transformation," Coplan wrote.