It’s downright embarrassing when the head of the CIA can’t use e-mail to whisper sweet nothings without his love affair being outed four months after it reputedly ended.

The fact that the lady in question and General David Petraeus, who ran the wars in both Iraq and Afghanistan, used a shared Gmail account to leave messages for each other in the draft folder – a tactic employed by terrorists to avoid incriminating e-mail trails – has also prompted concern about whether the spy chief’s cyber security was blown by somebody else besides the FBI at any point.

It’s supposed to be a cautionary tail for all the people who are careless with their e-mail and with the cloud, an opening for two-year-old encryption start-up CipherCloud to suggest that companies and government agencies that use cloud apps like Salesforce, Force.com, Chatter, Office 365 and of course Gmail would be a lot safer if they used its widgetry.

It sells a patent-pending cloud encryption gateway that automatically secures such traffic before it’s sent to the cloud. In the case of Gmail incoming mail, outgoing mail, draft mails and attachments are encrypted in real-time, a process that’s completely seamless to the user according to CMO Paige Leidig.

Because of its stateless architecture, CipherCloud is supposed to provide high-performance, low-latency and scalability. No noticeable performance degradation is caused by its real-time data processing.


The CipherCloud Gateway

The start-up claims that legacy encryption isn’t up to the cloud’s challenges and that storing personal and business data unencrypted there leaves it at risk.

It says the Petraeus case demonstrates how easy it is for law enforcement agencies to legally require cloud application providers to give them access to e-mail and other data needed for criminal investigations without notifying the data’s owner.

CEO Pravin Kothari says flatly, “There is no confidentiality of sensitive information in the cloud. It is essential that organizations encrypt their data before it’s sent to the cloud. That is the only way to ensure that information is not vulnerable to cloud threats, hackers and accidental leakage.”

CipherCloud gives the organization that owns the data exclusive control the keys needed to decrypt it. This approach ensures that e-mails or other data can’t be exposed even legally without the data owner’s knowledge.

The widgetry works with Amazon EC2 and S3 via connectors and with all the popular mobile devices.

The start-up also offers a Connect AnyApp, which can implement encryption for all public and private cloud applications and databases.

The company’s encryption and tokenization preserves the data format and application operations, including search and sort, without changing the software or impacting backend integration.

Its malware detection lets users protect their public and private cloud solutions against attacks spread through infected PDFs or Office documents.

Consistent logging of user activities across all cloud applications enables organizations to manage compliance and forensic requirements such as finding out who is doing what, where, when, in which application and on which object.

CipherCloud is backed by Andreessen Horowitz, Index Ventures and T- Venture, the venture capital arm of Deutsche Telekom. It currently has 127 employees with expectations of doubling that number in six months. It also expects to open an office in the UK.

A typical CipherCloud installation runs to six or seven figures depending on the size of the company’s infrastructure and the number of users.