Your Confidential Cloud: SpiderOak Protects Server Networks Via Zero-Trust Encryption

TL; DR: SpiderOak is on a mission to safeguard the world’s data through a cutting-edge portfolio of security and privacy technology. The company’s secure communication and collaboration products leverage distributed, zero-trust data enclaves and blockchain technology to protect sensitive information. With new products like CrossClave, users can now shield their remote working environments from entire categories of vulnerabilities.

When uttered as a life philosophy, the catchphrase never trust anyone sounds overly suspicious.

But when employed in the realm of cybersecurity, it’s completely rational. In fact, there’s an entire discipline created around it — the zero-trust security framework.

This verification-based approach is built on the premise that organizations shouldn’t trust any user or device, whether inside or outside network perimeters. With the recent spike in remote workforces, many software companies are working to infuse zero-trust technology into their existing products.

Others, such as SpiderOak, have built their security and privacy technologies upon a zero-trust foundation. SpiderOak’s encryption is all-encompassing. The team has physical access to storage servers but can’t see the names of files and folders, let alone their contents. On the server side, employees see nothing but numbered containers of encrypted data.

“We hope that our customers trust us, but we also know they don’t need to trust us. Even if we were adversaries, we couldn’t get to the data because we rely on encryption,” said Adam Tervort, Vice President of Customer Success at SpiderOak. “That’s how we’ve always done business, and that’s how we continue to do business with our newer products. It’s a beautiful thing.”

The SpiderOak team has spent more than a decade fine-tuning its secure and private communication and collaboration technology. Today, the company’s continuously expanding product suite leverages zero-trust distributed data enclaves and ledger technology to protect sensitive data in any environment.

SpiderOak, founded in 2006, has years of industry experience under its belt.

“For context, the first version of our backup product came out the year before Apple released the iPhone — so we’ve been around as the world’s changed quite a bit,” Adam told us. “And from the beginning, our goal has always been to use encryption in ways that protect people.”

The company’s oldest and most popular product, SpiderOak One Backup, is built on no-knowledge end-to-end encryption. “Everything is encrypted — from metadata to plain text — before it leaves your device, which simplifies everything. We have way less to worry about, and users have way less to worry about.”

Adam himself joined SpiderOak in 2013; prior to that, he was a paying customer. One year later, Edward Snowden recommended SpiderOak as a zero-knowledge alternative to Dropbox, sending customers flocking to the company’s website.

“In 2014, when Edward Snowden mentioned us, it crashed our servers,” Adam said. “To this day, we still get a lot of inbound organic traffic that has to do with Edward Snowden.”

The SpiderOak team has observed a lot of change in the 15 years since the company’s inception. A substantial shift away from desktop and toward mobile technology, for instance, has opened up a whole new world of vulnerabilities.

“It’s important that all that data that rides around in our pockets via our phones is protected — both from ISPs and the big brother tech companies (Google, Facebook) that seem to slurp up everything,” Adam said. “That’s the big trend.”

Adam said SpiderOak shines when it comes to protecting data from the foundation up.

“We like to say we’re protecting the world’s data,” Adam said. “We are good at securing the base layer so that the movement of data from place to place is protected no matter what the device is.”

SpiderOak’s strength in this area helps open the door for some exciting opportunities in the areas of information security for spacecraft. Today, many spacecraft operators leverage third-party ground stations and separate the traditionally integrated roles of spacecraft and payload operators. The company’s OrbitSecure product allows users to maintain security in these hybrid, multiparty environments.

The company also works closely with defense and intelligence groups, such as the U.S. Military, to support mission success. For these clients, it’s critical to protect digital communication and collaboration systems, whether they’re local or remote.

SpiderOak also provides solutions for Federal telework systems. In these scenarios, Adam said it is crucial to protect sensitive digital assets, such as Controlled Unclassified Information (CUI) and data protected under regulations like HIPAA.

In addition, the company offers solutions to close security performance gaps. According to SpiderOak, four out of every 10 people who work for the Federal government are private contractors. Yet nearly half of contractors surveyed in a recent BitSight report scored a C or below for the “Protective Technology subcategory of the NIST Cybersecurity Framework” for poor security hygiene.

SpiderOak offers solutions in all of these cases.

“We’re really about securing data, whatever way you use it,” Adam told us. “Part of that is authentication — because you should be able to decide who has access to your data. And that process should be easy to execute.”

The SpiderOak team has been hard at work over the past few years on CrossClave, a productivity suite for distributed and remote workforces. The technology was designed to streamline collaboration on sensitive files and data without compromising security, speed, or ease of use.

The free plan currently includes 5GB of storage and up to five user licenses.

“We’ve been working on CrossClave for the last couple of years, largely in stealth mode,” Adam said. “Now, we’re at the point where anyone can try out the suite through our free tier.”

With CrossClave, users can share files, chat with team members, and call one another without logging in to special networks or web portals. The technology’s no-knowledge encryption, multiple distributed ledgers, and robust policy engines effectively close gaps in authority and permission allocation.

On the security side, CrossClave encrypts everything using the National Security Agency’s Commercial National Security Algorithm Suite (CNSA). The technology can even be configured to use a specified algorithm or interface with hardware-based encryption modules.

The full version also includes mobile functionality for Android devices, with support for iOS coming soon. Users can upload, download, and view files from their mobile devices, allowing for a continuous user experience across devices.

“We’re super excited about the possibilities this technology presents for organizations, families, and individuals, especially on the mobile front,” Adam said. “Everybody is all mobile now, and we carry so much important data on our phones. We’re doing some interesting things to improve people’s work lives, especially now that we’re all working from home in ways that we wouldn’t have even considered five years ago.”