Amish Gandhi, DropSecure: “as all the world’s information is being captured digitally, data has become the new gold”
Both companies and users are prone to experience data breaches and password leaks, making data exchanging a risky activity.
Falling victim to such cyber threats as data breaches can result in various consequences. While regular users may experience major financial losses, businesses may also end up ruining their brand’s reputation.
There are many ways in which users have an option to employ smart solutions, such as security tools or cloud technology. Moving your data to the cloud while keeping it safe and private could have major advantages.
We invited Amish Gandhi, the CEO of DropSecure – a file share platform with zero knowledge, end-to-end encryption – to talk with us about challenges users face regarding privacy and security in the Internet era and what’s on the line for data protection innovation.
How did DropSecure originate? What has your journey been like since?
Have you ever sent private information digitally? We all have. When I had a need to send my own financial documents for a mortgage application, I couldn’t find a single service that could encrypt and send documents safely. So I manually encrypted the data and sent it to my loan service provider. That was the inception of DropSecure.
If you look at the trajectory of privacy and security in the Internet era, it has been steadily going down. Almost all digital documents exchanged today are susceptible to leaks, not to mention that they are directly accessible by your Cloud Service Provider (CSP). Digital documents exchanged via services available today – like email and other popular file sharing providers are also not private. That means they’re accessible to anyone with the will to do so.
The solution to this is encryption. But what I did – manually encrypting data – is painful, even for people that know how to do it. And so DropSecure was born.
Founding DropSecure embarked me on a journey from Engineer to Engineer-Entrepreneur. Hearing customers say that “this is exactly what they were looking for,” makes me grateful and assured that we’re making a difference. At the same time, we have just begun our journey to bring more innovation in making data sharing seamless with the highest security available. We strive to enable customers with encryption they love to use, and that is what gets me excited every day.
Please tell us what you do. What is end-to-end encryption?
DropSecure is a private and secure document, and data exchange platform, where only the sender and intended recipients have access. No one else, including the CSP, has access to your information.
That’s the idea behind end-to-end encryption – ensuring full protection from third parties accessing the data while it’s transferred from one end system or device to another.
End-to-end encryption means the data is encrypted at the source (on the sender’s device) before it’s sent over the Internet, and the keys to decrypt the data are protected. That’s important because it means that the data can safely be stored anywhere since it’s encrypted and the keys to unlock the encryption are secured separately. This is what keeps data safe from hacks, leaks, or anyone trying to steal the information.
At DropSecure, we use multiple layers of key wrapping – the primary key used to encrypt the data is protected by a layer of secondary keys, so only the intended recipients have access to those keys. Even within DropSecure, we are unable to decrypt our client’s information. We accomplish this security primarily by employing a combination of symmetric and asymmetric cryptography. An interesting explanation of this technology can be found in our help & resources sections.
In your opinion, what types of organizations should be especially concerned about encrypting their data?
Well, the short answer is – every organization would benefit by providing encryption tools to their teams. Many companies provide security awareness training, recognizing that employees represent the frontline in protecting organizational and customer data. Enabling the workforce with end-to-end encryption tools is an essential part of operationalizing data security.
From a data privacy point of view, businesses around the world are increasingly required to comply with more stringent and more enforced data privacy regulations. The EU introduced the General Data Protection Regulation (GDPR) in 2018 followed by the California Consumer Privacy Act (CCPA) in 2020. Both regulations set new standards for data privacy, and the expectation is that similar regulations will soon protect the majority of the world’s population. Very likely, this could happen in just a couple of years. Some sectors, such as businesses servicing the government sector, already have requirements – and with more on the way, such as the CMMC here in the US, that require encrypting data and documents.
The truth is, nearly every business sends and receives information that no one else should gain access to, from trade secrets to customer information to financial documents. No business can hide from the gravity of losing control over sensitive data in a cybersecurity breach or violating increasingly mandatory privacy laws, both in terms of direct costs, as well as reputation damage. Encryption is the only way to protect your data today – even if systems are breached – the underlying data is not leaked.
Have you noticed any new rising threats as a result of the recent global events?
Unfortunately, as all the world’s information is being captured digitally, data has become the new gold. Everyone, from hackers to competitors and state actors are trying to get hold of valuable information available online. This means that the number of cyberattacks and breaches keep on rising. The most important threat right now is the ongoing war between the aggressor Russia and Ukraine. The threat is so high that President Biden had to issue a statement asking all domestic organizations to harden their security in an effort to strengthen our national resilience.
What measures do you think everyone should implement to be protected from these emerging threats?
Today’s emerging threats are not new as sensitive information is always at a risk of being stolen. To prevent such attacks, both companies and individuals need to have a basic security system. Here are some simple things to practice:
- Make sure you choose a strong password and enable MFA.
- Don’t click on emails that look suspicious or are from unknown recipients.
- Avoid sending sensitive information via insecure channels.
- Store your data on a cloud that always uses end-to-end encryption.
- Don’t install any software on your device without verifying the creator.
- Keep your software up to date.
- Practice regular cybersecurity training.
Since DropSecure utilizes zero-knowledge end-to-end encryption, if you follow proper security hygiene, your data is at much less risk of getting stolen.
What are the main risks when it comes to handling data that hasn't been encrypted?
Would you send your financial documents via a mail courier without sealing your envelope? Encrypting your data is similar to sealing your envelope, so no one else but only you and your intended recipients have access to it. Hence, data should never be handled without end-to-end encryption over the internet. As I mentioned earlier, we have taken a step back by sending data in plain text and that needs to change. DropSecure is one of the agents to make that change now.
In your opinion, what are some of the worst behaviors that can lead to both the company’s and their customer data being compromised?
Email is probably the most vulnerable and easily compromised medium these days. Using email to exchange sensitive information without any additional protection like end-to-end encryption is risky. When data is sent over email, most users don’t realize that the data not only lives in your recipients’ inbox forever, but also stays on recipients’ and senders’ email service provider’s cloud and sender’s sent folder forever. By sending one email that could contain SSN, payment information, etc, the data has proliferated to a multitude of places and is out of your control that you can never get back.
Talking about the future, what predictions do you have for the data security landscape for the upcoming years?
- Security will become part of everything. Every digital initiative will need to take security considerations into account.
- End-to-end encryption will become the only way to store and share documents – any documents, not just sensitive documents.
- The awareness of the zero-knowledge concept will increase significantly, and more and more businesses, and individuals will embrace zero-knowledge solutions.
And finally, what does the future hold for DropSecure?
With the current growth trajectory, we would like to believe that DropSecure will be recognized as a market leader in the space of secure data storage and sharing space. We have ambitious plans, not only to expand our geographical reach but also to innovate and extend our product offerings while keeping the focus on the cybersecurity space. We believe that the next few years will be very exciting for DropSecure.