Kiteworks

{{Short description|American technology company}}

{{Infobox company

| name = Kiteworks

| logo = Kiteworks logo.svg

| type = Private

| foundation = {{start date and age|1999}} in Singapore

| location = San Mateo, California, United States

| key_people = {{unbulleted list|Jonathan Yaron (CEO)|Michael Lee (CFO)|Kurt Michael (CRO)|Tim Freestone (CMO)|Yaron Galant (CPO)|Frank Balonis (CISO)}}

| industry = Security software

| num_employees = 400+{{cite web | title=Kiteworks Company Overview | website=Kiteworks | date=20 May 2024 | url=https://www.kiteworks.com/brochure-about-kiteworks/ | access-date=22 May 2024}}

| homepage = {{URL|https://www.kiteworks.com/}}

}}

Kiteworks, formerly known as Accellion, Inc., is an American technology company that secures sensitive content communications over channels such as email, file share, file transfer, managed file transfer, web forms, and application programming interfaces. The company was founded in 1999 in Singapore and is now based in San Mateo, California.

The Kiteworks Private Content Network consolidates file and email data communications onto a single platform, enabling organizations to reduce data privacy exposure risk and demonstrate conformance with a variety of regulations.{{Cite web|url=https://www.kiteworks.com/platform/private-content-network/|title=Private Content Network: Secure File Sharing & Secure File Transfer Platform}} The Kiteworks hardened virtual appliance encrypts and encapsulates the Private Content Network with multiple security layers.

In 2022, the company stated that its products were used by over 3,800 organizations worldwide.{{Cite web|url=https://www.kiteworks.com/company/|title=About Kiteworks}}

In late 2020, a zero-day exploit in Accellion’s legacy 20-year-old File Transfer Appliance (FTA) product led to data breaches of dozens of government and private organizations. The vulnerabilities were confirmed only in the FTA and not in the Kiteworks platform, which has a separate codebase.{{cite magazine |last1=Newman |first1=Lily Hay |date=8 March 2021 |title=The Accellion Breach Keeps Getting Worse—and More Expensive |url=https://www.wired.com/story/accellion-breach-victims-extortion/ |access-date=2 April 2021 |magazine=Wired |language=en-us}}

In August 2024, Kiteworks raised US$456 million from Insight Partners and Sixth Street, valuing it at over US$1 billion.{{Cite web |last=Lunden |first=Ingrid |date=2024-08-14 |title=Kiteworks captures $456M at a $1B+ valuation to help secure sensitive data |url=https://techcrunch.com/2024/08/14/kiteworks-captures-456m-at-a-1b-valuation-to-help-secure-sensitive-data/ |access-date=2024-08-18 |website=TechCrunch |language=en-US}}{{Cite web |last=Armental |first=Maria |date=14 August 2024 |title=Insight Partners and Sixth Street Invest $456 Million in Kiteworks |url=https://www.wsj.com/articles/insight-partners-and-sixth-street-invest-456-million-in-kiteworks-c7d0eabc |access-date=18 August 2024 |website=The Wall Street Journal}}{{Cite web |title=Kiteworks Private Content Network ("PCN") Vision Validated by $456M Growth Equity Investment From Insight Partners and Sixth Street Growth |url=https://www.kiteworks.com/company/press-releases/kiteworks-private-content-network-pcn-vision-validated-by-456m-growth-equity-investment-from-insight-partners-and-sixth-street-growth/ |access-date=2024-08-18 |website=Kiteworks {{!}} Your Private Content Network |language=en-US}}

History

The company was founded as Accellion in Singapore in 1999 and was originally focused on distributed file storage. The company moved to Palo Alto, California and shifted its focus on secure file transmission.{{cite news|url=http://www.computerworld.com/action/article.do?command=viewArticleTOC&specialReportId=801&articleId=99961|archive-url=https://archive.today/20130627105540/http://www.computerworld.com/action/article.do?command=viewArticleTOC&specialReportId=801&articleId=99961|url-status=dead|archive-date=2013-06-27|title=Ogilvy Harnesses the Web for its File Transfer System|first=Thomas|last=Hoffman|date=14 March 2005}} Accellion reached a total funding of about $35 million in 2011, and it was valued at $500 million in 2014. The company's chief executive officer, Yorgen Edholm, credited aversion to "National Security Agency—style snooping" as a factor in their success.{{cite web |last1=Ramakrishnan |first1=Sruthi |title=File-sharing company Accellion aims to go public in 2015 |url=https://www.reuters.com/article/us-accellion-ipo/file-sharing-company-accellion-aims-to-go-public-in-2015-idINBREA141GE20140205 |website=Reuters |access-date=2 April 2021 |language=en |date=5 February 2014}}

In January 2012, Accellion raised $12.2 million in funding from Riverwood Capital to continue their expansion.[https://www.bizjournals.com/sanjose/news/2012/01/04/accellion-raises-12m-for-expansion.html Accellion raised $12.2 million for expansion] bizjournals.com January 4, 2012

In 2016, Accellion started to focus on security and compliance and released features that included data security, governance, and compliance. They also began integrations with major cybersecurity independent software vendors (ISVs).{{Cite web|url=https://finance.yahoo.com/news/accellion-fireeye-collaborate-prevent-cyber-120000169.html|title=Accellion and FireEye Collaborate to Prevent Cyber Attacks From Crippling Critical Business Operations|website=finance.yahoo.com}}

In April 2020, the company received $120 million investment from Bregal Sagemount.[https://www.bizjournals.com/sanjose/news/2020/04/07/accellion-content-firewall-funding-valuation.html Accellion content firewall funding valuation] bizjournals.com April 7, 2020

In October 2020, Accellion was rebranded as Kiteworks.{{Cite web|url=https://www.kiteworks.com/kiteworks-news/accellions-brand-name-is-now-kiteworks/|title = Accellion's Brand Name is Now Kiteworks|date = October 12, 2021}}

In January 2022, Kiteworks acquired totemo, an email encryption gateway provider based in Zurich, Switzerland.{{Cite web|url=https://www.kiteworks.com/kiteworks-news/kiteworks-acquisition-of-leading-email-encryption-gateway-company-totemo-bolsters-kiteworks-content-communications-protection-compliance-and-governance/|title=Kiteworks Acquisition of Leading Email Encryption Gateway Company totemo Bolsters Kiteworks Content Communications Protection, Compliance, and Governance|first=Jerome|last=Bei|date=January 7, 2022}} It is integrated into the Kiteworks Private Content Networks and Kiteworks Email Protection Gateway.{{Cite web|url=https://www.kiteworks.com/platform/simple/email-protection-gateway/|title=Email Protection Gateway}}

In November 2023, it was announced that Kiteworks had acquired German ownCloud and DRACOON which it intends to use as stepping stones into the European market,{{cite web |title=ownCloud becomes part of Kiteworks |url=https://owncloud.com/news/owncloud-becomes-part-of-kiteworks/ |date=21 November 2023 |access-date=1 December 2023 |website=owncloud.com}}{{cite web |title=Kiteworks Makes Bold Moves Joining Forces With Two German Leaders in Its Space |url=https://www.kiteworks.com/company/press-releases/kiteworks-makes-bold-moves-joining-forces-with-two-german-leaders-in-its-space/ |date=21 November 2023 |access-date=1 December 2023 |website=kiteworks.com}} and Maytech, based in Tunbridge Wells, to bolster its UK market presence and secure data transfer capabilities.{{cite web | title=Kiteworks acquires Maytech, bolstering UK market presence and secure data transfer capabilities | url=https://fintech.global/2023/11/24/kiteworks-acquires-maytech-bolstering-uk-market-presence-and-secure-data-transfer-capabilities/ | website=Fintech Global | date=2023-11-24 | accessdate=2023-12-03}}

In October 2023, Kiteworks completed a SOC 2 Type II audit examination and received ISO/IEC 27001:2013, 27017:2015, and 27018:2019 certifications for its platform.{{Cite web|url=https://www.kiteworks.com/company/press-releases/kiteworks-achieves-soc-2-type-ii-certification-for-sixth-consecutive-year-and-iso-27001-27017-and-27018-certifications-for-second-year/|title=Kiteworks Achieves SOC 2 Type II Certification for Sixth Consecutive Year and ISO 27001, 27017, and 27018 Certifications for Second Year}}

In February 2024, Kiteworks introduced a feature called SafeEDIT, which is a digital rights management (DRM) technology that enables users to edit various file types natively and share files with third parties using video streaming.{{Cite web|url=https://securityjournaluk.com/kiteworks-releases-digital-rights-management/|title=Kiteworks releases new digital rights management technology|date=February 16, 2024}}

As of 2024, Kiteworks is used by 100 million users across over 3,800 organizations.{{Cite web|url=https://www.cmswire.com/the-wire/kiteworks-and-climb-channel-solutions-strengthen-partnership-to-boost-sensitive-content-communications-in-the-uk/|title=Kiteworks and Climb Channel}}

Software

Accellion was working on file transfer systems by late 2002. The company released a file transfer appliance in 2005, a physical machine aiming to reduce server load when sending large files.{{cite news |last1=Solheim |first1=Shelley |title=Device Keeps Large Files Moving |url=https://www.eweek.com/networking/device-keeps-large-files-moving/ |access-date=2 April 2021 |work=eWEEK |date=26 September 2005}}

In March 2011, the company released an online file collaboration product, emphasizing security.{{cite web |last1=Hulme |first1=George V. |title=Accellion proffers secure cloud collaboration workspaces |url=https://www.csoonline.com/article/2127898/accellion-proffers-secure-cloud-collaboration-workspaces.html |website=CSO Online |access-date=2 April 2021 |language=en |date=29 March 2011}}{{cite news | url=http://www.computerworld.com/action/article.do?command=viewArticleTOC&specialReportId=801&articleId=99961 | archive-url=https://archive.today/20130627105540/http://www.computerworld.com/action/article.do?command=viewArticleTOC&specialReportId=801&articleId=99961 | url-status=dead | archive-date=June 27, 2013 | title=Ogilvy Harnesses the Web for Its File Transfer System | work=Computer World | date=14 March 2005 }}{{cite news |url=http://eandt.theiet.org/news/2011/mar/accellion-secure.cfm |title=Accellion introduces new secure collaboration worktool |publisher=Engineering and Technology Magazine |date=29 March 2011 |access-date=2 April 2021 |archive-url=https://web.archive.org/web/20110907144145/http://eandt.theiet.org/news/2011/mar/accellion-secure.cfm |archive-date=September 7, 2011 |url-status=dead |df=mdy-all }}

In 2012, the company launched a service allowing file sharing between mobile devices.{{cite news |last1=Drinkwater |first1=Doug |title=Accellion strives for secure mobile file sharing with 'Dropbox for Enterprise' |url=http://tabtimes.com/news/ittech-cloud-services/2012/03/12/accellion-strives-secure-mobile-file-sharing-dropbox |access-date=2 April 2021 |work=TabTimes |date=12 March 2012 |archive-url=https://web.archive.org/web/20120516002508/http://tabtimes.com/news/ittech-cloud-services/2012/03/12/accellion-strives-secure-mobile-file-sharing-dropbox |archive-date=16 May 2012 |url-status=dead}} It included a synchronization feature called kitedrive.{{cite news |last1=Scott |first1=Jennifer |title=Accellion launches kitedrive Sync its 'Dropbox for the enterprise' |url=http://www.cloudpro.co.uk/iaas/cloud-storage/3067/accellion-launches-kitedrive-sync-its-dropbox-enterprise |access-date=2 April 2021 |work=Cloud Pro |date=13 March 2012 |language=en}}{{cite news |last1=Sibley |first1=Lisa |title=Accellion raises $12M for expansion plans |url=https://www.bizjournals.com/sanjose/news/2012/01/04/accellion-raises-12m-for-expansion.html |access-date=2 April 2021 |work=The Business Journals |date=4 January 2012}} Early demand for the company's file transfer applications came from organizations that needed to transfer large files, including healthcare companies{{cite news|url=http://www.eweek.com/c/a/Health-Care-IT/Harvard-CIO-Herds-Large-File-Transfers/ |title=Harvard CIO Herds Large File Transfers |publisher=eWeek |date=February 8, 2007 |last=Baker |first=M. L.}} and universities.{{cite news|url=http://chronicle.com/blogs/wiredcampus/solving-the-file-transfer-problem/3644 |title=Solving the File Transfer Problem |newspaper=Chronicle of Higher Education |date=January 28, 2008|access-date=October 14, 2015}}{{cite news | url=http://www.bio-itworld.com/newsitems/2006/april/04-19-06-news-accellion | title=Appliance Helps Researchers Share Large Files | work=Bio-IT World | date=April 19, 2006 | access-date=September 20, 2011 | archive-date=April 2, 2012 | archive-url=https://web.archive.org/web/20120402042426/http://www.bio-itworld.com/newsitems/2006/april/04-19-06-news-accellion | url-status=dead }}

In January 2014, Accellion launched Kiteworks, a file sharing product allowing users to edit files and projects remotely, with interoperability with services like Google Drive and Dropbox.{{cite news|url=https://blogs.wsj.com/venturecapital/2014/01/27/accellion-targets-box-dropbox-on-secure-file-sharing/|title=Accellion Targets Box, Dropbox on Secure File Sharing|author=Deborah Gage|newspaper=The Wall Street Journal|date=January 27, 2014|accessdate=January 30, 2014}}{{cite magazine|url=https://www.forbes.com/sites/benkepes/2014/01/28/accellion-launches-kiteworks-but-are-they-too-late-to-the-mobile-file-sharing-party/|title=Accellion Launches Kiteworks, But Are They Too Late To The Mobile File Sharing Party?|author=Ben Kepes|magazine=Forbes|date=January 28, 2014|accessdate=January 30, 2014}}{{cite web|url=http://www.eweek.com/small-business/accellion-kiteworks-helps-mobile-workers-boost-productivity.html/|title=Accellion Kiteworks Helps Mobile Workers Boost Productivity|author=Nathan Eddy|publisher=eWeek|date=31 Jan 2014}} That December, the company released a set of programming interfaces extending secure file access to mobile devices.{{cite news |last1=Clancy |first1=Heather |title=Accellion tackles secure mobile content updates |url=https://www.zdnet.com/article/accellion-tackles-secure-mobile-content-updates/ |access-date=2 April 2021 |work=ZDNet |date=28 November 2014 |language=en}}

In 2015, PCMag reviewer, Fahmida Y. Rashid, praised Kiteworks for its interface, support for mobile devices, and privacy tools.{{cite news |last1=Rashid |first1=Fahmida Y. |title=Accellion Kiteworks Business Review |url=https://www.pcmag.com/reviews/accellion-kiteworks-business |access-date=2 April 2021 |work=PCMag |date=31 August 2015 |language=en}}

In June 2017, Kiteworks received FedRAMP Authorization for Moderate Level Impact of Controlled Unclassified Information (CUI). It has achieved FedRAMP certification every year since.{{Cite web|url=https://www.kiteworks.com/solutions/government/federal-and-central/|title=Protect Confidential Content Shared Between Agencies}}

In November 2018, Kiteworks released the CISO Dashboard.{{Cite web|url=https://www.complianceweek.com/accellion-ciso-dashboard-provides-visible-traceable-record-of-sensitive-content/25038.article|title=Accellion CISO Dashboard provides visible, traceable record of sensitive content|website=Compliance Week}}

In March 2022, Kiteworks was recognized by the Information Security Registered Assessors Program (IRAP) after being evaluated for up to the Protected data classification level.{{Cite web|url=https://www.govtechreview.com.au/content/gov-security/news/kiteworks-achieves-irap-certification-349468911|title=Kiteworks achieves IRAP certification|website=www.govtechreview.com.au}}

In August 2022, Kiteworks introduced the Kiteworks Private Content Network, a zero-trust protection and compliance platform for unstructured data communications.{{Cite web|url=https://www.kiteworks.com/company/press-releases/kiteworks-launches-the-private-content-network/|title=Kiteworks Launches the Private Content Network}}

In April 2023, Kiteworks announced that it had achieved Cyber Essentials and Cyber Essentials Plus accreditation, the highest standard for IT security in the United Kingdom.{{Cite web|url=https://www.kiteworks.com/company/press-releases/kiteworks-awarded-cyber-essentials-and-cyber-essentials-plus-certification/|title=Kiteworks Awarded Cyber Essentials and Cyber Essentials Plus Certification}} Also, in the same month, it announced that the Kiteworks Private Content Network supports the National Institute of Standards and Technology Cybersecurity Framework (NIST CSF), which allows users to better manage content-based risks.{{Cite web|url=https://www.kiteworks.com/company/press-releases/kiteworks-announces-industrys-first-file-and-email-data-communications-platform-built-on-the-nist-csf/|title=Kiteworks Announces Industry's First File and Email Data Communications Platform Built on the NIST CSF}}

= 2020–21 security breaches =

In mid-December 2020, the company's File Transfer Appliance product—now a 20-year-old legacy system—was subject to a zero-day exploit,{{cite news |last1=Mathews |first1=Lee |title=Oil Giant Shell Victimized In December 2020 Hack |url=https://www.forbes.com/sites/leemathews/2021/03/23/oil-giant-shell-victimized-in-december-2020-hack/ |access-date=2 April 2021 |work=Forbes |date=23 March 2021 |language=en}} which was patched on December 23.{{cite web |author1=United States Department of Homeland Security |title=Exploitation of Accellion File Transfer Appliance {{!}} CISA |url=https://us-cert.cisa.gov/ncas/alerts/aa21-055a |website=Cybersecurity and Infrastructure Security Agency|date=June 17, 2021 }} Three additional vulnerabilities were discovered and patched over the next month.{{cite news |last1=Fisher |first1=Dennis |title=Attackers Continue to Target Accellion FTA Flaws |url=https://duo.com/decipher/attackers-continue-to-target-accellion-fta-flaws |access-date=2 April 2021 |work=Decipher |date=26 February 2021 |language=en}} The first vulnerability was a SQL injection, allowing an attacker to use a web shell to run arbitrary commands and extract data. The four vulnerabilities were assigned Common Vulnerabilities and Exposures (CVE) codes 2021-27101 through 2021-27104 on February 16, 2021.* {{cite web |author1=National Institute of Science and Technology (NIST) |title=NVD - CVE-2021-27101 |url=https://nvd.nist.gov/vuln/detail/CVE-2021-27101 |website=National Vulnerability Database (NVD) |access-date=2 April 2021}}

  • {{cite web |author1=NIST |title=NVD - CVE-2021-27102 |url=https://nvd.nist.gov/vuln/detail/CVE-2021-27102 |website=NVD |access-date=2 April 2021}}
  • {{cite web |author1=NIST |title=NVD - CVE-2021-27103 |url=https://nvd.nist.gov/vuln/detail/CVE-2021-27103 |website=NVD |access-date=2 April 2021}}
  • {{cite web |author1=NIST |title=NVD - CVE-2021-27104 |url=https://nvd.nist.gov/vuln/detail/CVE-2021-27104 |website=NVD |access-date=2 April 2021}}

Out of approximately 300 total FTA clients, up to 25 appeared to have suffered significant data theft{{Cite web|url=https://www.securityweek.com/shell-says-personal-corporate-data-stolen-accellion-security-incident|title=Shell Says Personal, Corporate Data Stolen in Accellion Security Incident|website=SecurityWeek|date=March 22, 2021 }}{{cite news |last1=Ropek |first1=Lucas |title=The Accellion Data Breach Seems to Be Getting Bigger |url=https://gizmodo.com/the-accellion-data-breach-seems-to-be-getting-bigger-1846250357 |access-date=3 April 2021 |work=Gizmodo |date=11 February 2021 |language=en-us}}{{cite news |last1=Jablon |first1=Robert |title=University of California victim of nationwide hack attack |url=https://abcnews.go.com/Technology/wireStory/university-california-victim-nationwide-hack-attack-76847800 |access-date=3 April 2021 |work=ABC News |date=3 April 2021 |language=en}} including Kroger,{{cite news |last1=February 24 |first1=Jonathan Greig in Security on |title=Kroger data breach highlights urgent need to replace legacy, end-of-life tools |url=https://www.techrepublic.com/article/kroger-data-breach-highlights-urgent-need-to-replace-legacy-end-of-life-tools/ |access-date=2 April 2021 |work=TechRepublic |date=24 February 2021 |language=en}} Shell Oil Company,{{cite news |last1=Osborne |first1=Charlie |title=Oil giant Shell discloses data breach linked to Accellion FTA vulnerability |url=https://www.zdnet.com/article/oil-giant-shell-discloses-data-breach-linked-to-accellion-fta-vulnerability/ |access-date=2 April 2021 |work=ZDNet |date=23 March 2021 |language=en}}{{cite news |last1=Montalbano |first1=Elizabeth |title=Energy Giant Shell Is Latest Victim of Accellion Attacks |url=https://threatpost.com/shell-victim-of-accellion-attacks/164973/ |access-date=2 April 2021 |work=Threat Post |date=23 March 2021 |language=en}} the University of California system,{{cite web |title=UC Among Targets in Nationwide Cyberattack |url=https://www.ucdavis.edu/news/uc-among-targets-nationwide-cyberattack |website=UC Davis |access-date=2 April 2021 |language=en |date=31 March 2021}} the Australian Securities and Investments Commission,{{cite news |last1=Duckett |first1=Chris |title=ASIC reports server breached via Accellion vulnerability |url=https://www.zdnet.com/article/asic-reports-server-breached-via-accellion-vulnerability/ |access-date=2 April 2021 |work=ZDNet |date=15 January 2021 |language=en}} the Reserve Bank of New Zealand,{{cite news |last1=Olenick |first1=Doug |title=NZ Reserve Bank Issues Update on Accellion Breach |url=https://www.bankinfosecurity.com/nz-reserve-bank-issues-update-on-accellion-breach-a-16008 |access-date=3 April 2021 |work=Bank Info Security |date=16 February 2021 |language=en}} and Singtel.{{cite news |last1=Wong |first1=Cara |title=Data of some 129,000 Singtel customers, including NRIC details, stolen in hack of third-party system |url=https://www.straitstimes.com/singapore/data-on-some-129000-singtel-customers-stolen-in-hack-on-third-party-system |access-date=2 April 2021 |work=The Straits Times |date=17 February 2021 |language=en}} Data stolen included Social Security numbers and other identification numbers, images of passports, financial information, driver's license data,{{Cite web|title=NSW driver's licence data stolen in Accellion breach|url=https://www.itnews.com.au/news/nsw-drivers-licence-data-stolen-in-accellion-breach-576513|access-date=2022-02-26|website=iTnews}} and emails.{{cite news |last1=Wu |first1=Daniel |last2=Catania |first2=Sam |title=Hackers leak Social Security numbers, student data in massive data breach |url=https://www.stanforddaily.com/2021/04/01/hackers-leak-social-security-numbers-student-data-in-massive-data-breach/ |access-date=2 April 2021 |work=The Stanford Daily |date=1 April 2021}} According to computer security firm FireEye, the attackers comprised two hacking groups: one with ties to "Clop", a ransomware group, and one connected to financial crime group "FIN11".{{cite news |last1=Seals |first1=Tara |title=Accellion FTA Zero-Day Attacks Show Ties to Clop Ransomware, FIN11 |url=https://threatpost.com/accellion-zero-day-attacks-clop-ransomware-fin11/164150/ |access-date=2 April 2021 |work=Threat Post |date=22 February 2021 |language=en}} Many victims received extortion emails containing a .onion link to a website containing data dumps of multiple organizations. Prior to the attacks, Accellion had maintained that the FTA was a legacy product nearing the end of its life, with support ending on April 30, 2021, asking customers to move to their Kiteworks system.{{cite news |last1=Cimpanu |first1=Catalin |date=11 February 2021 |title=Accellion to retire product at the heart of recent hacks |url=https://www.zdnet.com/article/accellion-to-retire-product-at-the-heart-of-recent-hacks/ |access-date=2 April 2021 |website=ZDNet |language=en}}{{Cite web |title=Accellion Attack Involved Extensive Reverse Engineering |url=https://www.bankinfosecurity.com/blogs/accellion-attack-involved-extensive-reverse-engineering-p-3001 |website=www.bankinfosecurity.com}}

In January 2022, Accellion proposed that it would pay an $8.1m settlement in relation to these breaches. The proposed settlement will settle all legal actions against Accellion only. These do not take into account legal actions against clients impacted by the data breach.{{cite web| url=https://www.reuters.com/legal/litigation/accellion-reaches-81-mln-settlement-resolve-data-breach-litigation-2022-01-13/ | title=Accellion reaches $8.1 mln settlement to resolve data breach litigation| website=Reuters}}

References

{{Reflist|30em}}