CipherCloud claims to be doing some really fancy encryption where they transparently encrypt data as it's pushed to the cloud. You're on a corporate LAN, when you visit Trello you see perfectly normal cards, you can edit them, search them, etc. But if a Trello admin snoops on the database, everything is encrypted with a key Trello doesn't know. In other words, your browser sees plaintext, the server sees client-side encrypted text, and all this works even though neither your browser nor the server has any support for this, all through the magic of one of CipherText's magic boxes sitting on your LAN. Magic, right?
A little too much magic. When you think about it logically, there's no good way to have encryption like that, and for the search feature (for example) to work! And if you dig through CipherCloud's presentations, documentation, marketing copy, and talk to them at tradeshows, the same thing becomes clear: They've mangled the encryption algorithm so badly that it is literally no better than XORing the data.
CipherCloud claims that every bit of documentation, every screenshot they've posted on their website, and the things they've said at tradeshows - all of that - is wrong, and that the product they actually are selling somehow does magic things in some method completely unrelated to the way they have claimed the product works up until now. And in addition they used DMCA takedowns to prevent people referencing those totally-not-accurate screenshots on their website.
I was aware of this (and I think majority of their customers are aware of it). However, majority of companies which use CipherCloud just need to be compliant - in other words that cloud provider (administrator, support etc.) cannot read their data during normal course of operation (answering support questions, etc.).
Lets take an example of HIPAA - the idea of HIPAA is that company managing records needs to track who can see medical data and to detect when unauthorized employees or employees without legitimate cause looks health related records. So my understanding is that if a cloud provider starts decrypting data encrypted via CipherCloud, then that is already criminal act.
CipherCloud claims to be doing some really fancy encryption where they transparently encrypt data as it's pushed to the cloud. You're on a corporate LAN, when you visit Trello you see perfectly normal cards, you can edit them, search them, etc. But if a Trello admin snoops on the database, everything is encrypted with a key Trello doesn't know. In other words, your browser sees plaintext, the server sees client-side encrypted text, and all this works even though neither your browser nor the server has any support for this, all through the magic of one of CipherText's magic boxes sitting on your LAN. Magic, right?
A little too much magic. When you think about it logically, there's no good way to have encryption like that, and for the search feature (for example) to work! And if you dig through CipherCloud's presentations, documentation, marketing copy, and talk to them at tradeshows, the same thing becomes clear: They've mangled the encryption algorithm so badly that it is literally no better than XORing the data.
CipherCloud claims that every bit of documentation, every screenshot they've posted on their website, and the things they've said at tradeshows - all of that - is wrong, and that the product they actually are selling somehow does magic things in some method completely unrelated to the way they have claimed the product works up until now. And in addition they used DMCA takedowns to prevent people referencing those totally-not-accurate screenshots on their website.
...sounds legit to me!
TL;DR: Run away. Screaming.