Kiteworks

Kiteworks, formerly known as Accellion, Inc., is an American technology company that secures sensitive content communications over channels such as email, file share, file transfer, managed file transfer, web forms, and application programming interfaces. The company was founded in 1999 in Singapore and is now based in San Mateo, California.

The Kiteworks Private Content Network consolidates file and email data communications onto a single platform, enabling organizations to reduce data privacy exposure risk and demonstrate conformance with a variety of regulations. The Kiteworks hardened virtual appliance encrypts and encapsulates the Private Content Network with multiple security layers.

In 2022, the company stated that its products were used by over 3,800 organizations worldwide.

In late 2020, a zero-day exploit in Accellion’s legacy File Transfer Appliance (FTA) product led to data breaches of dozens of government and private organizations. The vulnerabilities were confirmed only in the FTA and not in the Kiteworks platform, which has a separate codebase. Prior to the attacks, Accellion had advised customers to transition from the FTA, nearing end-of-life with support ending on April 30, 2021, to the Kiteworks system.

History
The company was founded as Accellion in Singapore in 1999 and was originally focused on distributed file storage. The company moved to Palo Alto, California and shifted its focus on secure file transmission. Accellion reached a total funding of about $35 million in 2011, and it was valued at $500 million in 2014. The company's chief executive officer, Yorgen Edholm, credited aversion to "National Security Agency—style snooping" as a factor in their success.

In January 2012, Accellion raised $12.2 million in funding from Riverwood Capital to continue their expansion.

In 2016, Accellion started to focus on security and compliance and released features that included data security, governance, and compliance. They also began integrations with major cybersecurity independent software vendors (ISVs).

In April 2020, the company received $120 million investment from Bregal Sagemount.

In October 2020, Accellion was rebranded as Kiteworks.

In January 2022, Kiteworks acquired totemo, an email encryption gateway provider based in Zurich, Switzerland. It is integrated into the Kiteworks Private Content Networks and Kiteworks Email Protection Gateway.

In November 2023, it was announced that Kiteworks had acquired German ownCloud and DRACOON which it intends to use as stepping stones into the European market,  and Maytech, based in Tunbridge Wells, to bolster its UK market presence and secure data transfer capabilities.

In October 2023, Kiteworks completed a SOC 2 Type II audit examination and received ISO/IEC 27001:2013, 27017:2015, and 27018:2019 certifications for its platform.

In February 2024, Kiteworks introduced a feature called SafeEDIT, which is a digital rights management (DRM) technology that enables users to edit various file types natively and share files with third parties using video streaming.

As of 2024, Kiteworks is used by 100 million users across over 3,800 organizations.

Software
Accellion was working on file transfer systems by late 2002. The company released a file transfer appliance in 2005, a physical machine aiming to reduce server load when sending large files.

In March 2011, the company released an online file collaboration product, emphasizing security.

In 2012, the company launched a service allowing file sharing between mobile devices. It included a synchronization feature called kitedrive. Early demand for the company's file transfer applications came from organizations that needed to transfer large files, including healthcare companies and universities.

In January 2014, Accellion launched Kiteworks, a file sharing product allowing users to edit files and projects remotely, with interoperability with services like Google Drive and Dropbox. That December, the company released a set of programming interfaces extending secure file access to mobile devices.

In 2015, PCMag reviewer, Fahmida Y. Rashid, praised Kiteworks for its interface, support for mobile devices, and privacy tools.

In June 2017, Kiteworks received FedRAMP Authorization for Moderate Level Impact of Controlled Unclassified Information (CUI). It has achieved FedRAMP certification every year since.

In November 2018, Kiteworks released the CISO Dashboard.

In March 2022, Kiteworks was recognized by the Information Security Registered Assessors Program (IRAP) after being evaluated for up to the Protected data classification level.

In August 2022, Kiteworks introduced the Kiteworks Private Content Network, a zero-trust protection and compliance platform for unstructured data communications.

In April 2023, Kiteworks announced that it had achieved Cyber Essentials and Cyber Essentials Plus accreditation, the highest standard for IT security in the United Kingdom. Also, in the same month, it announced that the Kiteworks Private Content Network supports the National Institute of Standards and Technology Cybersecurity Framework (NIST CSF), which allows users to better manage content-based risks.

2020–21 security breaches
In mid-December 2020, the company's File Transfer Appliance product—now a 20-year-old legacy system—was subject to a zero-day exploit, which was patched on December 23. Three additional vulnerabilities were discovered and patched over the next month. The first vulnerability was a SQL injection, allowing an attacker to use a web shell to run arbitrary commands and extract data. The four vulnerabilities were assigned Common Vulnerabilities and Exposures (CVE) codes 2021-27101 through 2021-27104 on February 16, 2021.

Out of approximately 300 total FTA clients, up to 25 appeared to have suffered significant data theft  including Kroger, Shell Oil Company, the University of California system, the Australian Securities and Investments Commission, the Reserve Bank of New Zealand, and Singtel. Data stolen included Social Security numbers and other identification numbers, images of passports, financial information, driver's license data, and emails. According to computer security firm FireEye, the attackers comprised two hacking groups: one with ties to "Clop", a ransomware group, and one connected to financial crime group "FIN11". Many victims received extortion emails containing a .onion link to a website containing data dumps of multiple organizations. Prior to the attacks, Accellion had maintained that the FTA was a legacy product nearing the end of its life, with support ending on April 30, 2021, asking customers to move to their Kiteworks system.

In January 2022, Accellion proposed that it would pay an $8.1m settlement in relation to these breaches. The proposed settlement will settle all legal actions against Accellion only. These do not take into account legal actions against clients impacted by the data breach.