The ScramFS encryption system provides client-side encryption that does not require developers to be able to encrypt. Out of the gate, the channel resell opportunity is limited, but that will change with the introduction of user-facing business apps later this year.

Australian-based startup Scram Software has announced the launch of their ScramFS encryption system for the protection of cloud data. Designed to address the usability and cost issues that have limited the adoption of encryption systems to date, ScramFS is also being positioned to address the imminent   General Data Protection Regulation [GDPR] legislation in Europe. There is a channel play today, although the resell angle will become stronger later this year with subsequent releases.

Scram Software’s founder and CEO is Linus Chang, who also runs BackupAssist, a backup and disaster recovery provider which sells globally from an Australian headquarters, and which formally launched into the North American market last year. The principal cryptographer is Dr. Ron Steinfeld, from Australia’s Monash University.

“We developed ScramFS to tackle several big issues,” Chang said. “First, is the problem of the data breach epidemic, which has become a buzzphrase. Although cybersecurity needs have been around for a long time, the breaches seem to be getting bigger. The IT industry has failed to adequately secure people’s data.”

Chang said that the supply of products to this market has also been an issue, because some products sold for encryption don’t really address the issue.

“There are a lot of bogus products out there,” he said. “The placebo effect comes from the mismatch between what the product is designed technically to do, and what the user thinks it is doing. For example, hard disk encryption is designed to protect the data if a laptop is stolen. But if it is stolen, and the data is changed, and you get the laptop back, it doesn’t protect you against that. People don’t understand the nuances between the technology and what you think you are getting.”

The third problem, and likely the best known, is the issue of deploying it effectively.

“Encryption has traditionally been expensive, and hard to use,” Chang said. Some of the solutions being deployed are often turned off because admins consider them to be more trouble than they are worth.

“They are also expensive,” he added. “The MySQL Community edition is free – but if you want it encrypted, you need the Enterprise Edition – which costs between $10,000 and $30,000 – and that’s for one source.”

ScramFS addresses these issues with client-side encryption, to provide security against both hackers and  the cloud provider. It also offers long term security against quantum computers, by using cryptography that is resistant to attack from them.

“With client-side encryption, the encryption key is only on the client device, and no plain text ever leaves the client,” Chang said. ScramFS also uses quantum-resistant techniques, to prevent them from being broken by quantum computers in the future.

Usability is addressed by the design principle of providing a general purpose system that general admins and non technical users can use.

“Today, each vendor uses a different system, some of which are password-based and some of which are certificate-based,” Chang said. “Our solution is to give one tool for all the jobs, with a Command Line Interface that makes it easy for a system administrator to transfer data simply and securely without much extra work. ScramFS automates tasks and batch jobs with scripting , so the cloud copies can be encrypted easily.”

ScramFS also provides what they refer to as CLI Cookbooks.

“These are a collection of recipes which provide step-by-step instructions to take the system admin through common tasks,” Chang said. “It gives system admins not only the toolkit, but specific instructions how to use it. Something like this would have prevented a lot of the breaches that took place last year. It’s also great for secondary copies for users like contractors.”

ScramFS also addresses an issue with the protection of primary copies – that software developers don’t have the skillset to work with cryptography.

“Software developers are paid to implement functionality, but cryptography is advanced mathematics,” Chang said. “In a 2017 survey of GitHub developers, only 18 per cent of developers sampled could encrypt a string – which is the simplest of encryption tasks.”

Given this issue, Chang said that ScramFS opted for a system where developers don’t have to actually do any cryptographic coding. Instead a simple API adds the encryption into the application.

“They code applications normally, because our encryption layer is under the application,” he said. “It does the cryptography in real time and does it in memory. It removes the possibility of the developer making a mistake. It’s how developers will develop systems that are secure by default.”

The target market for ScramFS is the midmarket and lower.

“We are not targeting the enterprise with this,” Chang said. “We are focusing on the midmarket, and ScramFS’s applicability for business-facing applications means that it will filter down into the SMB space.”

ScramFS is being rolled out through a series of applications. The first is a simple user GUI called Scram Explorer, which is aimed at non-technical users.

“This is a toolkit which is really all about protecting backroom operations,” Chang said. “Explorer is a drag and drop tool that lets you create an encrypted directory that is password-protected, where everything you drag in is automatically encrypted.”

For the channel, this particular app isn’t really a resell opportunity.

“It will help VARs and MSPs protect their operations, and they may have some proportion of their clients who need compliance,” Chang said. “The channel opportunity to resell this will come more in the middle of the year, when we release user-facing business applications. This will include a file sync and collaboration tool in the first half of the year.”

Chang’s other company, BackupAssist, has a hybrid go-to-market model, which includes a website sales component, but in the last couple years, they have been shifting the emphasis to the channel side.

“We see this as having a similar model to BackupAssist, where we sell through the channel with resellers and MSPs,” he said.