Tresorit Still Unbroken Six Years Later

Tresorit, a Swiss-based online cloud storage service with an R&D centre in Budapest, Hungary, first grabbed the attention of the international media a few years ago when it offered a 25,000-US dollar bounty to any hackers that could break its encryption.

“When we launched the hacker challenge, our aim was to show that our encryption technology uses industry-standard, state-of-the-art encryption algorithms that are unhackable,” says István Lám, who founded Tresorit in April 2011 together with his two colleagues, Szilveszter Szebeni and Gyorgy Szilagyi, and now serves as the company’s CEO.

“Even if a hacker gets into our servers, or when surveillance authorities get hold of encrypted files stored with Tresorit, they cannot read the information stored in them. There’s simply no use in breaking in.”

The hackers’ challenge could have turned out risky, but István felt confident. He had been fascinated with cryptography and cybersecurity for about a decade — as a 12-year-old he received a book covering the topic from his family and eventually graduated with an MSc in cryptography engineering from the Budapest University of Technology and Economics.

Security above all

“Deciphering secret codes and turning information into unbreakable noise amazed me at first sight! While at university, I also became aware of the problem of digital privacy and security,” Mr Lám says.

“The cloud sounded promising because it reduced the costs of storing information online and made it convenient to access and share data from anywhere. However, I also saw that mainstream technologies didn’t protect our data enough from unauthorised access like hackers or surveillance. Just a couple of years after we started working on Tresorit, Edward Snowden revealed how easily global authorities could access tons of user data just by making a few clicks. My fears were validated, and it turned out that we were not paranoid.”

Szilveszter Szebeni, István Lám (CEO) and Gyorgy Szilagyi
Tresorit founders — Szilveszter Szebeni, István Lám (CEO) and Gyorgy Szilagyi (courtesy of Tresorit)

Despite that, he believes that speaking about any service as a whole and not about the encryption technology behind that service, and stating that a system is ‘unhackable’ is irresponsible.

“Developers who take security seriously are always aiming at being at least one step ahead of hackers, who are mostly after easy targets. We’re developing Tresorit with the defence-in-depth mindset. This means we always add additional layers of security to every part of the service we’re working on.”

Tresorit insists its whole service is designed around security: they manage passwords with the most advanced, zero-knowledge technology so that even their own developers can never access them. They use end-to-end encryption to secure user files, which means that files are encrypted on the user’s device before they are even uploaded to the cloud.

“This approach is more secure because the encryption keys to unlock the files are only available to the user. In contrast with services using in-transit and at-rest encryption, our servers only store the encrypted, unintelligible datasets – strictly without the keys to decipher them. This guarantees that files are readable only for the sender and the recipient, and no third parties beyond them. They are protected from hackers, surveillance, and even our own developers can’t read them. We also use in-transit encryption, but only as an additional layer of security,” Mr Lám adds.

Tresorit

As a researcher at the Ecole Polytechnique Fédérale de Lausanne (EPFL), Mr Lám had no doubt about where the company should be set up and they chose Switzerland to provide the strongest legal protection for users’ data.

Raising awareness

As our lives become increasingly digital, more and more people are starting to pay attention to how services manage their data. They begin to realise that when they use a ‘free’ app, in fact, they give access to their data which companies can sell ads and make profits from. That is why services which prioritise privacy and security like DuckDuckGo, ProtonMail, Signal, or Tresorit are growing globally. As evidence of this trend, Wired magazine named 2016 the year when encryption won.

“While our primary market is the business and enterprise segment, we want to help everyone stay secure online and share information while having access to security of end-to-end encryption,” Mr Lám tells Emerging Europe.

“Looking at the business market though, security and compliance are among the primary aspects of choosing a service. We see from recent scandals like the Equifax or Deloitte breaches that businesses face severe consequences of handling data carelessly. They not only have to deal with PR damage, but they are harmed financially too. Moreover, with coming EU data protection regulation, GDPR, companies can face heavy fines of up to 4 per cent their global revenue when a data breach happens. This is a strong incentive to invest in cybersecurity and services that help with data protection,” he adds.

Tresorit, which originally started as a freemium cloud storage and file sharing service for consumers, shifted its focus to the business and enterprise markets four years ago. Currently, over 200,000 users within more than 10,000 organisations based in almost 200 countries globally store more than 2 petabytes of data with the company.

“Our primary focus is on small and medium-sized businesses (SMBs). While we don’t really differentiate in terms of industries, we see a large number of companies among our customers who traditionally manage lots of personal and confidential data, such as finance, legal and consulting firms, healthcare providers, research labs, non-profit organisations and so on. Geographically, two-thirds of our customers are Western European companies, especially form the German-speaking nations, while the remaining one-third are from North America and other regions,” Mr Lám tells Emerging Europe.

Tresorit

A demanding sector

Set up by three individuals, the company now employs some 70 people and aims at becoming a major provider not only in the market of ultra-secure file sync services but also in the field of business IT tools. They’re scaling up their processes to reach even more people and businesses.

“The file sync and sharing market is rapidly changing and users are expecting more features that enable real-time collaboration and better-integrated workflows. We’re planning on solving other challenges of the digital workplace with end-to-end encryption. We also see that there is a need for data security in other areas like healthcare, financial services, or enterprise data management systems. That is why we launched our tool called ZeroKit which makes the core of our security available to other developers. To have reliable security for citizens, all digital systems should be safe, not only tiny bits,” says Mr Lám.

“We also believe that security itself is not enough to make our customers happy. The service should be also easy-to-use. Our aim is to make Tresorit a secure, user-friendly and feature-rich service that enables people to easily collaborate on files,” he says.

The Budapest-based R&D centre is key to ensuring Tresorit reaches these goals.

“While our field of expertise may not be the first thing people think of when it comes to Hungary, there’s a lot of potential for innovation and technology in our country, and the Central European region in general. Also, as a post-socialist country, we know first-hand how important it is to fight against surveillance and stand up for privacy rights and an open democracy,” Mr Lám concludes.