How to make your business GDPR ready
Scram Software is an award-winning cyber security software development company founded by Linus Chang, serial entrepreneur and creator of BackupAssist – a global provider of automated Windows server backup and recovery software for small and medium sized enterprises (SMEs) which has sold over 170,000 copies in 165 countries (customers include the Department of Homeland Security and NASA).
Chang was inspired by a real market need for security. “SMEs started jumping on the cloud bandwagon without giving a second thought to security,” he recalls. “What if a hacker breaks in and steals your data? What if they start deleting data? There just weren’t good encryption solutions available that allowed SMEs protection.”
Chang explains that coding ‘crypto’ is not like coding a website – it’s a completely different language and highly mathematical. One bug, oversight or minor flaw means the system becomes completely insecure. “That’s why I connected with one of my former classmates (Dr Ron Steinfeld) who, apart from being a genius, has become one of the world’s leading cryptographers. I engaged him to develop a general-purpose file encryption system that would allow developers like me to develop secure applications. ScramFS was born.”
Chang spoke with contemporaries in the industry who expressed interest in an API so they could implement hassle-free encryption into their own software. “The ScramFS encryption system was researched, developed and peer-reviewed over three years by a team of security experts in the fields of information theory, cryptography, compression, data backup and processing including Steinfeld, a and Dr Toby Murray, a leader in software security (The University of Melbourne, Australia),” reveals Chang.
Chang concedes that developing a solution to protect against data breaches in a commercial setting was more challenging than he could have imagined. “Both the process and the product are unique,” he explains. “ScramFS is, in itself, revolutionary and makes it super easy to encrypt files, and store them anywhere, while being secure from attackers and from the cloud provider. It operates in a ‘trust no one’ environment, which is completely new. It also avoids ‘vendor lock-in’ – use whatever cloud you want, and switch whenever you want.”
ScramFS can encrypt a variety of data – everything from text files and video to images and forensic data. It allows for ‘live usage’ of that file through real-time decryption – for example, you could encrypt a video, and watch it without having to decrypt the entire file first. These encrypted files can be stored locally, or in the cloud (Google Drive, OneDrive, Dropbox, Amazon S3) with the whole process easy to use for system administrators and software developers. “The level of rigour has been extremely important,” says Chang. “Whereas other vendors are under pressure to release early with bugs, we have been methodical, following every step, double and triple checking things along the way. Why do we do that? Because, sadly, there are real problems with the current state of security software.”
Chang points out that security software is unregulated, so vendors can make unsubstantiated, vague and false claims – something he calls the “snake oil” problem. “It’s impossible for a user to verify the security of a product,” he laments. “Vendors generally provide few or no details about their product, and exactly what they protect and don’t protect against. That leads to ‘placebo security’. We designed the system to be long-term secure – resistant to attack from quantum computers. We know we’re on the right track because when we talk to leading cryptographers, they’re keen to assist.”
When asked why businesses should choose ScramFS to stay secure, Chang’s response is compelling. “I’m not just developing Scram Software for other companies. I’m doing it for my other business (BackupAssist). As an industry insider, I know the problems of dubious encryption products, so that’s why I’d choose it to be GDPR compliant.” He highlights Scram’s transparency, the reputation of its cryptographers and the cost of implementation as reasons why: “I don’t want my employees to waste their time trying to patch something together with open-source components. I want something that works out of the box. Time is money. Reliability is key and, to be honest, I just don’t see any offerings in the marketplace that provide the functionality we do.”
Chang believes ScramFS can help businesses with their digital transformation and protect the security of their back-end operations by delivering confidentiality in the cloud, API options for developers to add encryption to their own offerings and a command-line interface for system administrators. “We have other products planned for 2018,” adds Chang. “These will allow business applications to use encryption for collaboration and productivity via the cloud. ScramBox provides secure encrypted file sharing and can be used with ScramNotes, a secure encrypted notepad. We also provide an API, so other software providers can find business opportunities delivering encryption.”
The technologies Scram is developing will be integrated into future releases of BackupAssist products. “We’re adopting ScramFS for our own GDPR compliance, and to OEM into our next generation of backup products,” confirms Chang. “We’ll also be looking at setting up a distribution channel – to partner with cybersecurity consulting firms and resell ScramFS through them.”
One of Scram’s biggest successes to date was providing one of its pilot sites, CoreDNA, with a way forward on HIPAA compliance (a US regulation requiring the encryption of protected health information). CoreDNA is a website platform (CMS, ecommerce, pre-built applications) used by over 500 companies including Langham Hotels, Tivoli Audio, and Nintendo Australia. “Prior to discovering ScramFS, they had received sales leads who asked if their solution was HIPAA compliant. As they did not have crypto expertise, they had to turn away customers,” recalls Chang. “Now, with ScramFS, they can add support for encryption into their CMS, ensuring their backups of customer data are securely encrypted, and kept confidential and inaccessible by their own employees. It’s a business opportunity for them, and one for which they can charge a premium.” CoreDNA’s CEO Sam Saltis is a huge advocate: “Working with Scram to integrate encryption features into CoreDNA not only helps us be GDPR compliant, it in turn helps us ensure the security of our clients’ information. In particular, I was impressed with the seamlessness of the integration of ScramFS into our architecture. The time and cost of implementing a custom encryption module in CoreDNA ourselves would not have been commercially viable.”
Early adopters of ScramFS have been across multiple industry sectors. They include global CMS and web platforms (such as CoreDNA), HR and recruitment platforms (keen to protect sensitive data such as resumes and psych reports), telco providers (legally required to encrypt metadata logs), and managed service providers wishing to provide encryption solutions for their clients. All cite the need to be immune to ransomware attacks.
Chang has spent more than three years bringing ScramFs to market and had to overcome significant challenges along the way to support all major operating systems and a diverse range of cloud storage providers by designing customisable interfaces for each. “Encryption has a reputation for being difficult, mysterious and costly, so most people don’t do it. And they think they don’t need to do it. We’re keen to convince businesses there’s a simple, affordable solution that’s also high-quality and trustworthy. Meet ScramFS.”
SAS: Improving the British Army’s decision making with data
SAS’ long-standing relationship with the British Army is built on mutual respect and grounded by a reciprocal understanding of each others’ capabilities, strengths, and weaknesses. Roderick Crawford, VP and Country GM for SAS UKI, states that the company’s thorough grasp of the defence sector makes it an ideal partner for the Army as it undergoes its own digital transformation.
“Major General Jon Cole told us that he wanted to enable better, faster decision-making in order to improve operational efficiency,” he explains. Therefore, SAS’ task was to help the British Army realise the “significant potential” of data through the use of artificial intelligence (AI) to automate tasks and conduct complex analysis.
In 2020, the Army invested in the SAS ‘Viya platform’ as an overture to embarking on its new digital roadmap. The goal was to deliver a new way of working that enabled agility, flexibility, faster deployment, and reduced risk and cost: “SAS put a commercial framework in place to free the Army of limits in terms of their access to our tech capabilities.”
Doing so was important not just in terms of facilitating faster innovation but also, in Crawford’s words, to “connect the unconnected.” This means structuring data in a simultaneously secure and accessible manner for all skill levels, from analysts to data engineers and military commanders. The result is that analytics and decision-making that drives innovation and increases collaboration.
Crawford also highlights the importance of the SAS platform’s open nature, “General Cole was very clear that the Army wanted a way to work with other data and analytics tools such as Python. We allow them to do that, but with improved governance and faster delivery capabilities.”
SAS realises that collaboration is at the heart of a strong partnership and has been closely developing a long-term roadmap with the Army. “Although we're separate organisations, we come together to work effectively as one,” says Crawford. “Companies usually find it very easy to partner with SAS because we're a very open, honest, and people-based business by nature.”
With digital technology itself changing with great regularity, it’s safe to imagine that SAS’ own relationship with the Army will become even closer and more diverse. As SAS assists it in enhancing its operational readiness and providing its commanders with a secure view of key data points, Crawford is certain that the company will have a continually valuable role to play.
“As warfare moves into what we might call ‘the grey-zone’, the need to understand, decide, and act on complex information streams and diverse sources has never been more important. AI, computer vision and natural language processing are technologies that we hope to exploit over the next three to five years in conjunction with the Army.”
Fundamentally, data analytics is a tool for gaining valuable insights and expediting the delivery of outcomes. The goal of the two parties’ partnership, concludes Crawford, will be to reach the point where both access to data and decision-making can be performed qualitatively and in real-time.
“SAS is absolutely delighted to have this relationship with the British Army, and across the MOD. It’s a great privilege to be part of the armed forces covenant.”