 We all know that virtually every organization is using the cloud in some way, shape, or form. But those same organizations are building or maybe buying abstraction layers that attempt to hide the underlying complexity of these clouds, which are now connected to on-prem workloads, they're in hybrid models, spanning across multiple clouds and bleeding out to the edge. Now, while such an approach is ostensibly simplifies technology provisioning and management, it brings challenges. And these challenges are fundamentally data problems. For example, with the sprawling clouds, how do you track sensitive data and know where it lives? How do you ensure compliance and privacy protections in a world of ever-changing regulations? How can you securely share data in an increasingly decentralized environment? How can you identify gaps in security policies? And how can organizations identify and stop ex-filtration in this complex environment? And oh, by the way, very importantly, how can this all be automated? Because the number one challenges that CISOs face is a lack of talent. Hello everyone, this is Dave Vellante and welcome to this CUBE Conversation where we profile emerging technologies, innovative startups, and disruptive trends in enterprise tech. And today, we're pleased to welcome two guests from a really interesting firm trying to solve many of these problems. With us are Dr. Noah Johnson, who's the co-founder and CTO and April Mitchell, head of engineering, both from DeSera. Folks, welcome, April, great to see you again. It's a pleasure to be here, thanks Dave. Okay Noah, let me start with you. I got to ask you, is security in your mind a do-over? Hey Dave, thanks for having us, great to be here. So yeah, you hear the adage a lot today, security is broken. And certainly, if you look at the number of data breaches and misuses of data in the last few years, clearly something isn't working, right? Now our view actually is that data security needs to be rethought and kind of designed from the ground up for the modern way that the data is used. And that's exactly what we're doing. So we don't say do-over so much as data security reimagined, especially for the cloud. Yeah, you can't just rip and replace but it's a little tongue in cheek there. But tell me more about the background of the company. Why did you and your co-founders start the firm? Are those challenges that I laid out up front, the ones that you're directly attacking? Yeah, we're attacking all of them. So the background of the company, our technology originally came from a PhD work that I did while I was studying at UC Berkeley. So I spent most of the last decade or so looking at different cybersecurity problems. And my dissertation specifically focused on how do you secure sensitive data while still allowing people to access it in a flexible way? As part of that work, I was able to collaborate with a big tech company, Fortune 500 company who were facing very similar problems internally. They needed to get a handle on their data. And so through that kind of research collaboration we built a platform that was able to track data and monitor how the data was used to better protect it while still allowing the company to be data-driven. They ended up deploying the system at scale. And so this was really strong, at least initial validation. The approach that we're using at the CERA actually is quite effective and sound. So since then we've talked to hundreds of other CISOs and security teams and really sort of gotten a deeper appreciation for the magnitude of the problem today. No person that we've spoken to has high confidence in their data security and we can dig into the reasons for that. It's not for lack of effort. It's that this is a very hard problem, especially with the move to the cloud. Yeah, I mean trust is popping up on the NPS surveys. It's like the number one factor today. April, let's bring you into the discussion. You and I met early last decade and we've followed your career since then. What attracted you to CERA? Yeah, that's a great question, Dave. I've spent my career at Fortune 10 companies with 15,000 plus employees. What made me take this step to go to orders of magnitude smaller company and team? And I would say it was an easy choice. And I was driven by a bold vision, the right team and an innovator's heart. When I had a conversation with Ani, the CEO and Noah's co-founder, Ani and I crossed paths back at HP and he had the opportunity to work with myself and one of my collaborators. And I'd say at the time we were the two co-founders wanting our own little two person to start up within HP Labs, delivering consumer web services. And Ani and I connected then and we knew we wanted to have that chance to work together in the future. And I was blessed with the opportunity to go from analytics to programmability at HP at Cisco. And when Ani called me up just a little over two months ago and he told me about CERA, immediately I was interested. Data security is a wonderful hot space with so many challenges. And that innovation and the challenge from a real research perspective is what drew me to CERA. And I had the conversation with Noah and we went deep into differential privacy on the crux of his PhD research. And I understood there this company is built on very strong bones. And really to be successful, it's about the team. You have to have a diverse team with great experience. And when I talked to every single one of the team members they shared a vision and they shared a passion. And you know me, I love being a part of a strong team and I love building strong teams. And that's exactly what we're doing here at CERA. Thank you for that April. So Noah, give us the North Star. Like you got to early on, you guys got to focus in on where you're headed. What is that North Star? Our goal is to really solve data security. We touched on earlier. Clearly current solutions aren't working. We think we have a very innovative solution that is designed specifically for where data lives today which is the cloud. We see ourselves as being the kind of gold standard for tracking and managing and securing data in the cloud across the entire life cycle. From the point the data is created to all of the different ways the data is used to when the data is deleted. We want to build a system that lets companies for the first time get that visibility, create that feedback loop between the data users, the different security stakeholders, the legal teams, help them make better, more informed security decisions by providing that visibility. So April, I use this chart sometimes when I do segments on security. It's, I think it's from Optiv. And it's this, it shows all the different segments and this is a very fragmented market space. So I'm wondering, like for first of all, like who's the enemy? I mean, who you're trying to attack but it's so fragmented, you know, maybe there isn't one. But from an engineering standpoint, part two of the question is what are the really gnarly problems that you're focusing on? But talk about the, you know, part A first, if you would, who you're targeting here? Absolutely. I would say the best defense is a really good offense and how are we approaching this problem differently? And note, there are many data security tools out there, many processes from access control to DLP but we still had 4,000 events, 4,000 breaches in the last year alone. So we can't continue to expect different outcomes by using these same approaches. So that's where we are changing the story. And we have a bold purpose. We don't want to be a typical existing cybersecurity company. We want to take the approach of treating data security as sacred. We wanna make the world a safer place and we wanna do that by securing data across its life cycle, creation to deletion. You asked about the gnarly challenges that are out there. To do that, right? You have to do it at speed. You've gotta do it in real time and you have to do it at scale. And those are definitely the challenges that we're budding into right now from an engineering perspective. So Noah, when you looked at the landscape, you saw, as April said, there's just so many, many different tools out there. How do you describe your difference in the marketplace in April? Please chime in as well, but... Sure, yeah. So everyone has a slightly different approach. April touched on this earlier. We want to fix data security. So in some sense, we're all on the same team. We have different views of the most effective way of solving this problem, but ultimately, everyone wants to solve the same problem. I would say we're the only ones that give a comprehensive look at the entire data life cycle. So if you look at other similar security offerings, a lot of players are focused on just access control or data loss prevention or specific features like encryption. And these are all really important technologies, but they're not sufficient. These are technologies that have been in use for the last decade and yet we still see data breaches on a daily basis. And the reason for that is even if you have those systems in place, there's a lot that can go wrong between when someone has rented access to all of the different ways they consume and share the data. And so where we're unique is we give this holistic picture of the data end to end. And we don't necessarily replace those other solutions. Actually, we compliment them. Our system can tell you, if you have an encryption solution in place, are you encrypting the right data? Are you using it the right way? So you get more value out of those tools. Or if you have access control, our platform can be a set of guardrails or kind of a backstop that can let you know are those access control rules properly configured, are certain users overprivileged and so forth. So really providing that context, like I said earlier, to make better security decisions. That's where we're differentiated. That's kind of our unique view of how to solve the problem. April, anything you'd add to that? It sounds like you're a platform for all these tools. If I feel like I need that for my apps. But what's the secret sauce there? Yeah, I think the secret sauce is that we've learned from the challenges that our customers are facing. We have an approach where we want to rapidly innovate and rapidly validate, and our team is doing that. Noah mentioned a couple of the key features. I'm gonna add a few more, because really when you're making a choice, what should I use? You've got to start with, what do you want to protect? Your data and your people. How can we help you protect that? Well, we can help you manage data sprawl. You'd be surprised by how many customers on the cloud are really interested in or use our product for the first time and go, oh my gosh, I did not know that that was there. When did that get there? How did it get copy there? Why is it there? And they're asking these questions. So we want to help you track that sprawl of your data. We want to monitor the data when it's in use. How are people querying it? How are your employees accessing it? How are they using it? Are they using it in the right way? Are they using it in the right way today? Are they using it in the right way tomorrow based on the permissions? And we can give you that risk analysis and that perspective. We also want to let you know when the data sprawls, when there's a new copy and it's stored in a new data store, is it configured the right way? Are you protecting it the right way? We can analyze that for you as well. So really the completeness of the features from the end-to-end solution, you can't protect across the entire data lifecycle from creation to deletion unless you're truly connecting and understanding how the data is being used. Great, thank you. No, what's the ideal customer look like? Big, small, different industries, give us the ICP. So as far as industries, our view is, data breach is a data breach. So any company that collects data and needs to protect it would benefit from our solution. I would say specifically organizations that are cloud-first and data-driven, meaning they collect a lot of data and need to use that data, especially if that data is sensitive. So think B2C companies, retail, e-commerce, social media, finance, any company that collects consumer data, there are legal obligations, security obligations, kind of a higher standard of care that's required for that data and that's where we can really help. So we're seeing traction actually from all of these industries. As far as the ideal user profile, we are targeting data security professionals, but we are a platform, we are a collaboration platform. Our system is designed to let different stakeholders within the organization work together from the security team to the legal team to the different data custodians. They can all collaborate seamlessly within the platform using that context that we're stitching together about the data flow. Yeah, that last point is important because it used to be, it was the SecOps team, it was their problem, and now it's IT, it's security, it's legal, it's line of business. And then the first point you made about cloud first and data-driven, that's good news for your TAM because if you're not cloud first and data-driven, you're probably not going to be in business by the end of the decade. So how about the business case? Your startup, the ideal startup situation is your 10x the value at one tenth the price. Now, maybe in your case, it's a little different because you're taking that holistic view as opposed to one narrow view, but what's the justification, lay out the ROI? Yeah, so we've designed the platform actually to be very quick time to value and easy to deploy. The platform's fully automated, it has built-in policies and machine learning, so you spin it up and it will automatically discover the data stores, it will go and crawl the data to automatically classify it. And so now you've already solved the problem of just data sprawl, knowing what data is out there. And then we can show customers, here's how the databases are configured, is the data sufficiently protected, here's how employees are interacting with the data. And then finally, optionally to write policies and workflows to make sure that there's a process in place to protect the data across its entire life cycle. So there's sort of an evolution of different features, there's kind of a maturity evolution from just number one, identifying the data. Like we say, you can't protect what you don't know exists to protecting it and identifying whether there are any security risks and compliance gaps. And then finally, automatic proactive protection and remediation by security policies. So where are you guys in terms of the maturity? Obviously it's early days, but where are you in terms of product market fit? Have you nailed that? Still trying to figure that out. I know you've raised around nine million, you're out of stealth. You give us a sense of the maturity curve. I can jump in on that one and speak a bit about our first customers and then know what can add more detail as well. But we're seeing these cloud-first organizations, the CSOs, the chief security or privacy officers come into us because they know the traditional approaches aren't working. We are here, we are ready to engage. We aren't describing what's coming. We're talking about what we have now and we will sit arm to arm with you and make sure that we are solving the challenges that your team is facing right now. And that's where we're getting our early feedback. That's where we've really been able to showcase some new innovations and to validate and move from there. But I would say if you're interested in talking to us, please call, please visit the website and make that connection because we're not stealth. We're not hiding. We are engaging and definitely have a offering that is ready to be used. So okay, so you're in market with that offering. What do I buy from you? Is it a SaaS? Is it a subscription? Is it a service? Yeah, so we have a few different product offerings and deployment models depending on where the data stored and the environment that the company wants to run the software. So we support on-prem. We also have a SaaS offering as well. Okay, and that runs in the cloud, obviously, the SaaS offering or you can sort of put it, is it a require an appliance? How do I deploy it on-prem? No appliance runs purely in the cloud and within an hour or two on board to connect to the environment and to get a scan up and running. And it's status of the company. Am I right? I think you've raised like $9 million. Headcount, anything you can share in that regard. Are you hiring? You are. We're growing very quickly. There's been tremendous traction as April mentioned earlier. And we're super excited about the opportunity ahead of us. It's clear we've tackled the very big problem that is still unsolved. So we have big plans and we fortunately have been able to raise some capital to help us build out the team to add the capabilities that we need to fully solve this problem into it. So we're well on our way, but it's a journey. This is an unsolved problem for a reason. It's quite complex. And we've got a great head start. We've got a great approach. We've got some great early customers, but there's a way to go still. And I'll use that opportunity to say, yes, we are hiring and if you're interested in this space, if you want to learn from a team of experts, but also grow your skills and take on some new challenges, then please go to the website and check out the current positions that we have. Drop me a ping through any of the social media networks because we'd love to hear from you. Great website is Desara, D-A-S-E-R-A. All right, so check it out. Guys, great to have you on. Thanks so much. Best of luck. We'll be tracking you and really congratulations on getting to this point. And I know you got a lot more work to do, but really exciting times, I'm sure for you. Thanks, Dave. All right. That's a pleasure to see you this way. Hopefully in person soon. Hopefully, yeah, absolutely. Hopefully in 21. We'll see. We'll see. Thank you for watching, everybody. This is Dave Vellante for theCUBE. We'll see you next time.