Friday12 August 2022

Ionic Security says they can make your data useless to the bad guys

Reading time is around minutes.

Last year at Black Hat USA 2014 we met up with a company that was looking to make some changes in the way we protect our data, Ionic Security. The concept was very simple, but the implementation was sure to be complex. I was not sure that what they wanted to accomplish could even happen. However, after a conversation with them I became more than interested. It was a simple concept, but it did not need to be overly complex. To make things even more interesting this was not a truly new idea, but it was one that had never been implemented for real data security.

In August 2014 Ionic was still in stealth mode working on getting the product to a state where it was usable. As with any plan there were some changes, but what they ended up with was launched in April 2015 and the acceptance has been more than impressive. Right now Ionic has managed to get a major client in all seven regulated verticals. This was a very smart move as these companies are high up in the supply chain and can help with future growth. By focusing in this manner it has also allowed Ionic to grow properly to ensure they can maintain their clients. Adam told me that over the past year they have developed a much better understanding of their own strengths and where they need to partner instead of trying to build something outside their skill set.

Outside of the tactics I was also able to ask about the final production implementation of Ionic. In simple terms Ionic Security is a form of distributed data protection where trusted client systems are allowed access to a controlled set of documentation. Diving in a little deeper the documented are encrypted as a whole and also inside each document where needed. Imagine being able to control access to information down to the cell or line on a particular doc. We were told that each document can support over 40 different key sets to keep information secure.

Now we all know that security is important, but if you add too much complexity into a product it is not going to be widely used. In our conversations with Ionic and their engineers we were told that simplicity was one of the things they wanted to focus on. The ease of use for a security product like Ionic can help make data protection a more desirable goal and push it further into the market. It also helps to shore up defenses when it comes to keeping the bad guys from getting your stuff. Ionic even included fully featured apps for iOS and Android. There are so many options in Ionic that we were even told that some Ionic clients are finding other uses for the product besides just basic data protection.

In the long running race for security of data the idea has been to keep people out. Block rules, intrusion/ detection prevention, malware scanning, traffic monitoring, and user controls. All of these help to protect a network, but all of the also need to be monitored, updated and maintained. Even with all of that things slip by because of user interaction, 0-day exploits and the sheer amount of data that needs to be sorted through. By enacting a new layer in the security chain and making data useless outside of trusted systems you help shore up the gaps in the walls around an organization. Ionic has really added something to the mix that changes the way a company (and eventually people) view security. After all the whole point behind the billions of dollars spent every year on security is to keep data safe. Why not start with something that actually does that.

We will be bringing you more information about Ionic and their implementation of data protection in the future as we take a deeper looking into what it takes to really have data security.

Leave a comment

Make sure you enter all the required information, indicated by an asterisk (*). HTML code is not allowed.