How to make your business GDPR ready

Scram Software is an award-winning cyber security software development company founded by Linus Chang, serial entrepreneur and creator of BackupAssist – a global provider of automated Windows server backup and recovery software for small and medium sized enterprises (SMEs) which has sold over 170,000 copies in 165 countries (customers include the Department of Homeland Security and NASA).

Chang was inspired by a real market need for security. “SMEs started jumping on the cloud bandwagon without giving a second thought to security,” he recalls. “What if a hacker breaks in and steals your data? What if they start deleting data? There just weren’t good encryption solutions available that allowed SMEs protection.”

Chang explains that coding ‘crypto’ is not like coding a website – it’s a completely different language and highly mathematical. One bug, oversight or minor flaw means the system becomes completely insecure. “That’s why I connected with one of my former classmates (Dr Ron Steinfeld) who, apart from being a genius, has become one of the world’s leading cryptographers. I engaged him to develop a general-purpose file encryption system that would allow developers like me to develop secure applications. ScramFS was born.”

Chang spoke with contemporaries in the industry who expressed interest in an API so they could implement hassle-free encryption into their own software. “The ScramFS encryption system was researched, developed and peer-reviewed over three years by a team of security experts in the fields of information theory, cryptography, compression, data backup and processing including Steinfeld, a and Dr Toby Murray, a leader in software security (The University of Melbourne, Australia),” reveals Chang.

Chang concedes that developing a solution to protect against data breaches in a commercial setting was more challenging than he could have imagined. “Both the process and the product are unique,” he explains. “ScramFS is, in itself, revolutionary and makes it super easy to encrypt files, and store them anywhere, while being secure from attackers and from the cloud provider. It operates in a ‘trust no one’ environment, which is completely new. It also avoids ‘vendor lock-in’ – use whatever cloud you want, and switch whenever you want.”

ScramFS can encrypt a variety of data – everything from text files and video to images and forensic data. It allows for ‘live usage’ of that file through real-time decryption – for example, you could encrypt a video, and watch it without having to decrypt the entire file first. These encrypted files can be stored locally, or in the cloud (Google Drive, OneDrive, Dropbox, Amazon S3) with the whole process easy to use for system administrators and software developers. “The level of rigour has been extremely important,” says Chang. “Whereas other vendors are under pressure to release early with bugs, we have been methodical, following every step, double and triple checking things along the way. Why do we do that? Because, sadly, there are real problems with the current state of security software.”

Chang points out that security software is unregulated, so vendors can make unsubstantiated, vague and false claims – something he calls the “snake oil” problem. “It’s impossible for a user to verify the security of a product,” he laments. “Vendors generally provide few or no details about their product, and exactly what they protect and don’t protect against. That leads to ‘placebo security’. We designed the system to be long-term secure – resistant to attack from quantum computers. We know we’re on the right track because when we talk to leading cryptographers, they’re keen to assist.”

When asked why businesses should choose ScramFS to stay secure, Chang’s response is compelling. “I’m not just developing Scram Software for other companies. I’m doing it for my other business (BackupAssist). As an industry insider, I know the problems of dubious encryption products, so that’s why I’d choose it to be GDPR compliant.” He highlights Scram’s transparency, the reputation of its cryptographers and the cost of implementation as reasons why: “I don’t want my employees to waste their time trying to patch something together with open-source components. I want something that works out of the box. Time is money. Reliability is key and, to be honest, I just don’t see any offerings in the marketplace that provide the functionality we do.”

Chang believes ScramFS can help businesses with their digital transformation and protect the security of their back-end operations by delivering confidentiality in the cloud, API options for developers to add encryption to their own offerings and a command-line interface for system administrators. “We have other products planned for 2018,” adds Chang. “These will allow business applications to use encryption for collaboration and productivity via the cloud. ScramBox provides secure encrypted file sharing and can be used with ScramNotes, a secure encrypted notepad. We also provide an API, so other software providers can find business opportunities delivering encryption.”

The technologies Scram is developing will be integrated into future releases of BackupAssist products. “We’re adopting ScramFS for our own GDPR compliance, and to OEM into our next generation of backup products,” confirms Chang. “We’ll also be looking at setting up a distribution channel – to partner with cybersecurity consulting firms and resell ScramFS through them.”

One of Scram’s biggest successes to date was providing one of its pilot sites, CoreDNA, with a way forward on HIPAA compliance (a US regulation requiring the encryption of protected health information). CoreDNA is a website platform (CMS, ecommerce, pre-built applications) used by over 500 companies including Langham Hotels, Tivoli Audio, and Nintendo Australia. “Prior to discovering ScramFS, they had received sales leads who asked if their solution was HIPAA compliant. As they did not have crypto expertise, they had to turn away customers,” recalls Chang. “Now, with ScramFS, they can add support for encryption into their CMS, ensuring their backups of customer data are securely encrypted, and kept confidential and inaccessible by their own employees. It’s a business opportunity for them, and one for which they can charge a premium.” CoreDNA’s CEO Sam Saltis is a huge advocate: “Working with Scram to integrate encryption features into CoreDNA not only helps us be GDPR compliant, it in turn helps us ensure the security of our clients’ information. In particular, I was impressed with the seamlessness of the integration of ScramFS into our architecture. The time and cost of implementing a custom encryption module in CoreDNA ourselves would not have been commercially viable.”

Early adopters of ScramFS have been across multiple industry sectors. They include global CMS and web platforms (such as CoreDNA), HR and recruitment platforms (keen to protect sensitive data such as resumes and psych reports), telco providers (legally required to encrypt metadata logs), and managed service providers wishing to provide encryption solutions for their clients. All cite the need to be immune to ransomware attacks.

Chang has spent more than three years bringing ScramFs to market and had to overcome significant challenges along the way to support all major operating systems and a diverse range of cloud storage providers by designing customisable interfaces for each. “Encryption has a reputation for being difficult, mysterious and costly, so most people don’t do it. And they think they don’t need to do it. We’re keen to convince businesses there’s a simple, affordable solution that’s also high-quality and trustworthy. Meet ScramFS.”