25 November 2019, Zürich, Switzerland – Tresorit, the leading end-to-end encrypted file sync and sharing solution, today published the results of its security evaluation by Ernst & Young (EY); the assessment consisted of multiple penetration tests, source code reviews and cryptographic evaluations. The published results confirm Tresorit’s security and confidentiality claims regarding end-to-end encryption and zero knowledge.

 “The external security assessment makes Tresorit the most thoroughly publicly reviewed file sync and sharing solution available on the market today. Opening up our product for rigorous evaluation represents our commitment to a proactive and transparent approach to security and plays a great role in reaffirming our customers’ sense of security.” – István Lám, CEO, Tresorit.

The evaluation was the first of its kind done by the EY Advanced Security Center on a cloud-based file sync and sharing solution.

 “We paid specific attention to Tresorit’s claim regarding end-to-end encryption and to identify potential security deficiencies during the security review. Our assessment concluded that Tresorit ensures high confidentiality by encrypting data on the client side and in a way that Tresorit servers and employees never receive cleartext data or the encryption keys.” – Mihály Zala, Cybersecurity, Technology Risk and Technology Consulting Leader at EY.

What was assessed?

The security evaluation of Tresorit’s end-to-end encrypted file sync and sharing service was performed by the EY Advanced Security Center in August and September 2019. The scope of the assessment included the technical security evaluation of the end-to-end encryption, web application, mobile applications and desktop applications developed by Tresorit by means of:

• penetration testing measuring how secure the technology behind Tresorit is;
• a source code review looking into the core of Tresorit’s technology to see if the service keeps files safe and confidential without monitoring or accessing their content
• a cryptographic review assessing the level of encryption to validate Tresorit’s claim about using client-side, end-to-end encryption 

What is the outcome of the security assessment?

The security evaluation found that the claim that Tresorit encrypts data on the client side in a way that its servers and employees never receive cleartext data or the encryption keys is well founded. This confirms that no one is able to access the data stored with Tresorit except from the owner and the users authorized by the owner.

Why did Tresorit decide to undergo an independent security evaluation?

With the proliferation of cyber-attacks, data breaches and stringent privacy regulations all over the world, data security has gained significant importance. With organizations putting an increasing emphasis on implementing technologies to improve their information security, choosing the right service in an ever-crowded cloud storage market can be challenging. Exaggerated promises, misleading security descriptions and unfounded claims are often the root cause of data incidents.

Undergoing a security assessment done by an objective third-party makes Tresorit unique in the file sync and sharing space. It demonstrates the service’s commitment to data security and transparency and provides peace of mind to its customers and prospects from relying solely on trusting Tresorit’s claims.

No other file sync and sharing solution can match Tresorit today in its level of transparency and security through the combined use of end-to-end encryption, zero knowledge authentication, yearly transparency reports and an independent security evaluation.

 For more information, visit Ernst & Young’s security evaluation summary here.

About Tresorit

Tresorit is a Swiss cloud encryption company offering an end-to-end encrypted file sync and sharing solution which safeguards confidential information by design. Tresorit’s built-in, zero knowledge encryption technology protects user files from data breaches and any form of unauthorized access, while enabling organizations to work and collaborate safely in the cloud. Founded in 2011 by Istvan Lam, Szilveszter Szebeni, and Gyorgy Szilagyi, Tresorit is now used by more than 25.000 customers globally, including leading enterprises both in Europe and North America.