Privacy-as-a-Service Scatters Data in Disappearing Clouds

 
When attackers breach through layers of encryption and firewalls, one good way to keep cloud-based data safe is to keep it scattered, in constant motion. Dispel, a start-up focusing on enterprise-grade digital privacy for small to midsize businesses (SMBs) and individuals, offers digital privacy rooted in ephemeral cloud infrastructure.

In Dispel's case, "ephemeral"—a term popularized by the disappearing messages of services such as Snapchat—pertains to endpoint security spread across multiple cloud providers in different countries. Dispel provides an on-demand network of continuously generated, encrypted connections and cloud-based virtual machines (VMs) as part of its "Privacy-as-a-Service" offering for daily browsing, email, file transfer, messaging, and other forms of communication including social media.

"We're at a perfect moment where people are becoming more cognizant of privacy as a digital risk," said Ethan Schmertzler, CEO of Dispel. "CPU fixed infrastructure is a fixed target. Bad actors targeting enterprises have more time to mobilize and breach. You can't just sit and wait."

Dispel recently emerged from stealth after more than two years in development and as a private tool for a handful of enterprise clients. Schmertzler believes traditional virtual private networks (VPNs) are insufficient for defending against security risks from run-of-the-mill Internet stalking to malicious incursions and wider surveillance efforts. He described Dispel's infrastructure as "un-attributable," meaning that, similar to anonymous communication clients such as Tor, when a user logs into the network to access their data, the services anonymizes the traffic from both sides—where the data is located and the location from where the user is accessing it.

Schmertzler also explained how Dispel works to control the end-to-end transaction from data transmission to exit points within the ephemeral infrastructure. As part of the Privacy-as-a-Service proposition, Dispel encrypts all communications and metadata up to modern accepted standards, including multiple layers of both AES 256-bit and 2048-bit encryption.

"The basic concept is for a business to be able to put any infrastructure into an ephemeral network," said Schmertzler.

Invisible Infrastructure
At its heart, Dispel combines the native endpoint protection services of a Software-as-a-Service (SaaS) platform such as Webroot SecureAnywhere Business Endpoint Protection with the flexibility of a cloud-based Infrastructure-as-a-Service (IaaS) offering such as Amazon Web Services or Microsoft Azure. What helps Dispel stand out, though, is its so-called "invisible infrastructure" built with privacy in mind.

Dispel offers two main products for SMBs: Invisible Connections and Invisible Computers. Schmertzler explained how each works.

Invisible Connections
"Invisible Connections give users access to the ephemeral infrastructure without changing their daily habits," said Schmertzler. "Privacy tooling is all about ease of use; it's one of the reasons PGP has never really caught on. Users see a little green 'on' button in their menu bar on Mac or Windows but otherwise access data and files normally. From a user experience perspective, Dispel acts almost like a browser extension."

Invisible Computers
For businesses or users who need a private and secure cloud environment in which to work, Dispel offers virtual sandbox desktops called Invisible Computers. The Ubuntu Linux VMs come pre-installed with Chrome, Firefox, and the LibreOffice suite of productivity tools, and the environment deletes itself when the user is finished. "These are essentially virtual air-gapped hardware for single use through a Chrome or Firefox browser where you get an on-demand desktop that doesn't touch your actual machine," said Schmertzler.

The C-Suite Service
Invisible Connections and Invisible Computers are Dispel's SMB-focused product, but the company also offers a custom installation service called C-Suite for enterprises that want to give executives greater control over the data infrastructure, including network management and cloud computing resource allocation.

Dispel is priced in three tiers, broken up by data storage and cloud computing time caps. The $19 per month Standard pricing tier offers 50GB of Invisible Connection storage and five hours of Invisible Computing time.
The $79 per month Professional tier ups that to 200GB and 20 hours, and the $199 per month Premium tier offers 500GB and 50 hours. Invisible Connections are currently available on Mac and Windows, with Android and iOS apps coming in 2016. In the large security landscape, Schmertzler said Privacy-as-a-Service through ephemeral infrastructure represents an evolved way of thinking about digital protection.
"Until now, businesses and security providers have largely been playing a game of archers versus cannons, building higher and higher walls. The problem with that approach is, it's only a matter of time before a data breach. Attackers will eventually build a strong enough cannon or find a crack in the wall," said Schmertzler. "Encryption, VPNs, ephemeral messaging—they're all pieces of the puzzle, but it's all a lot easier when the archers and cannons don't know where to aim."