The evolution of secure file governance

Download case study

Tresorit, the evolution of secure file governance

Founded in 2011 by a trio of university students in response to the security and governance gaps they perceived in the major file management solutions of the time, Tresorit has been a Microsoft partner for almost the entirety of its 6 years in business. After its founding, Tresorit applied for Microsoft’s BizSpark program, an initiative that supports early stage start-ups by providing access to Azure cloud services. Requiring a datacenter with a secure and scalable platform, Tresorit found Azure to be ideally suited to meeting its customer’s needs.

The young company then gained notoriety by issuing a bold challenge—publicly inviting hackers to attempt to compromise its end-to-end encryption software, and offering $50,000 to whoever did so successfully. More than 1,000 experts from universities like MIT accepted the challenge; now, 6 years and more than 70 employees later, not a single person has managed to collect the prize. This initiative led to Tresorit’s user base growing by a factor of 200 within a week. Due to the flexibility and scalability of Azure, Tresorit was able to scale up quickly to accommodate this dramatic influx, and continues to reliably serve its user base which has expanded to over 100,000 individual users—mounting to petabytes of data being stored on Microsoft’s Azure servers.

Tresorit’s solution is unique when compared to similar file management options in the market as it provides true end-to-end encryption. The initial encryption takes place on the client’s own machine—before the data is transferred to Tresorit’s Azure servers ensuring that client data is kept secure throughout the process, and effectively safeguarding customer data and IP in the case of server-side cyber-attacks or data breaches.

“Our end-to-end encryption technology encrypts all a user’s files on their device before uploading the files to the cloud, ensuring everything that leaves the user’s machine is already encrypted—at no point do we even have access to the decrypted versions of the files. Likewise, our servers only store encrypted versions of the files we manage, ensuring that in the case of a server-side data breach our customers’ files are protected,” said Istvan Lam, co-founder and CEO at Tresorit.

How Tresorit uniquely serves small and midsized businesses

Having gained notoriety in the consumer segment, Tresorit set its sights on small and midsized businesses, recognizing that these customers were uniquely positioned to benefit from its solution.

“In 2014 and 2015, we started to see that there was a gap for businesses who needed a privacy focused solution to share files confidentially—including potentially sensitive IP— and we thought the end-to-end encryption and data governance we offered would be ideally suited to fill these gaps,” said Istvan Lam, co-founder & CEO at Tresorit.

Tresorit’s combination of end-to-end encryption and data governance proved to be unique in the marketplace, and has helped the company grow from 3 employees to 70 over its 6 years of doing business. Its solution empowers SMB customers with a powerful file management solution provided as a service that can be scaled out on demand. Hosted exclusively in Microsoft Azure’s European datacenters, Tresorit is careful to ensure that all of its customers’ data is stored within the EU, to help its predominantly European customers adhere to regional compliance requirements—understanding that data compliance and security policy control are crucial facets to any complete security-minded solution.

“Encryption is only one part of our story, as the businesses we work with also require powerful data governance tools to control permissions and ward against internal data breaches. Tresorit offers a very advanced central dashboard that allows our customers to manage user groups, create security policies, and set up different file permissions to ensure that they are in control of their own data and IP,” said Istvan Lam, co-founder and CEO at Tresorit.

How Tresorit is partnering to help customers navigate compliance challenges

The European Union General Data Protection Regulation (GDPR) is widely trumpeted as one of the most important changes in data regulations in the past 20 years. The regulation was designed to harmonize data privacy laws across Europe, protect and empower all EU citizens, and to reshape the way organizations across the region approach data privacy. While the regulation was approved in April 2016, broad enforcement of the policy is delayed until May 2018—date many businesses are finding to be approaching all-too-rapidly.

Tresorit is working to adapt its solution to accommodate this new regulation—with updates in the works that will enable users to selectively add services and delete data and user logs on-demand. Knowing that the coming regulation poses a challenge to its SMB customers, Tresorit has adopted a proactive approach to provide crucial encryption and governance services needed for these customers to be compliant in the new regulatory environment.

As Tresorit looks to guide its new and existing customers through the changes the GDPR represents, Tresorit sought to partner with other security focused organizations with different specialties. This effort is ongoing, and includes a coming partnership with an organization specialized in auditing enterprise customers in preparation for the GDPR regulation. Tresorit has not only engaged with this partner to add value via its encryption and data security solution, but has also worked with them to bring its solution to SMB customers.

With ever-growing security concerns in the marketplace today, Tresorit is uniquely positioned to provide the highest levels of security and privacy to its partners and customers alike.