 Live from San Francisco, it's theCUBE, covering RSA Conference 2020 San Francisco, brought to you by SiliconANGLE Media. Hello everyone, welcome to theCUBE coverage here at RSA Conference in San Francisco and Moscone Hall, it's theCUBE, I'm John Furrier, the host of theCUBE. You know, cybersecurity is all about encryption data and also security, we've got a really hot startup here, got an amazing guest, Dr. Allison Ann Williams, CEO and founder of Enveil, just recently secured a $10 million series A funding, really attacking a real problem around encryption in use. Again, data, security, analytics, making it all secure is great. Allison Ann, thanks for coming on, appreciate your time. Thanks for having me. So, congratulations on the funding, before we get started in the interview, talk about the hard news, you guys got around to funding. How long have you guys been around? What's the funding going to do? What are you guys doing? Yeah, so about three and a half years old as a company, we just announced our series A closed last week, so that was led by C5 and their new US fund, the Impact Fund, and participating other partners included folks like MasterCard, Capital One Ventures, Bloomberg Beta, 1843, et cetera. So some names jumped in, C5 led the round. For sure. How did this get started? What was the idea behind this? Three years, you've been actually doing some work. Are you in production, is it R&D, is it in market? Here's a quick update on the status of product and solution. Yeah, so full production. Full production of the product. We're in fact in 2.0 of the release, and so we got our start inside of the National Security Agency, where I spent the majority of my career, and we developed some breakthroughs in an area of technology called homomorphic encryption that allows you to perform computations into the encrypted domain as if they were in the unencrypted world. So the tech had never existed in a practical capacity, so we knew that bringing seeds of that technology out of the intelligence community and using it to seed, really, and start the company, we would be creating a new commercial market. So let me get this right. So you were at the NSA. Correct. You were a practitioner there, doing a lot of work in this area, pioneering a new capability, and did the NSA spin it out? Did they fund it? Was there seed capital there, or did you guys bootstrap it? Yeah, so our seed round was done by an entity called Data Tribe. So designed to take teams and technologies that were coming out of the IC that wanted to commercialize to do so. So we took seed funding from them, and then we were actually one of the youngest company ever to be in the RSA Innovation Sandbox here in 2017, to be one of the winners. And that's where the conversation really started to change around this technology called homomorphic encryption, the market category space called Securing Data in Use, and what that meant. And so from there, we started running the initial version of the product out in the commercial world, and we encountered two universal reactions. One that we were expecting, and one that we weren't. And the one that we were expecting is that people said, holy cow, this actually works. Because what we say we do, keeping everything encrypted during processing sounds pretty impossible. It's not, it's just the math. And then the second reaction that we encountered that we weren't expecting is those initial early adopters turned around and said to us, can we strategically invest in you? So our second round of funding was actually a strategic round where folks like Bloomberg Beta, Thomson Reuters, USAA, and Incutel came into the company. That's pre-series A. Pre-series A. So you're still moving along with the Sandbox, you get some visibility. Correct. The product's working, oh my God, it's working. That's great. So I want to get into, before I get into some of the overhead involved, traditionally it's encryption. There's always been that overhead tax. And you guys seem to solve that. But can you describe first data at rest versus data in motion and data in use? I mean data at rest means not doing anything. But in flight or in use, are they the same? Is there a difference? Can you just, what's the difference of someone? Because it can be kind of confusing. So it's helpful to think of data security in three parts that we call the triad. So securing data at rest on the file system and the database, et cetera. This would be a more traditional in database encryption or file based encryption also includes things like access control. The second area of the data security triad is securing data in transit when it's moving around through the network. So securing data at rest and in transit, very well solutioned. A lot of big name companies do that today. Folks like TALIS and we partner with them. TALIS, Demolto, et cetera. Now the third portion of the data security triad is what happens to that data when you go use or process it in some way. When it becomes most valuable. And that's where we focus. So as a company, we secure data in use when it's being used or processed. So what does that mean? It means we can do things like take searches or analytics encrypt them and then go run them without ever decrypting them at any point during processing. So like I said, this represents a new commercial market. Where we're seeing it manifest most often right now are in things like enabling secure data sharing and collaboration or enabling secure data monetization because it's privacy preserving and privacy enabling as a capability. And so if I get this right, the problem that you solved is that during the in use portion of the triad, you have to be decrypted first and then encrypt it again. And that was the vulnerability area. Can you describe kind of like the main problem that you guys solved? So think more about if you've got data and you want to give me access to it. I'm a completely different entity. And the way that you're going to give me access to it is allowing me to run a search over your data holdings. We see this quite a bit in between two banks in the areas of anti-money laundering or financial crime. So if I'm going to go run a search in your environment, say I'm going to look for someone that's a EU resident. Well, their personal information is covered under GDPR, right? So if I go run that search in your environment, just because I'm coming to look for a certain individual doesn't mean you actually know anything about that. And so if you don't and you have no data on them whatsoever, I've just introduced a new variable into your environment that you now have to account for from a risk and liability perspective under something like GDPR. Whereas if you use us, we could take that search, encrypt it within our walls, send it out to you, and you could process it in its encrypted state. And because it's never decrypted during processing, there's no risk to you of any increased liability because that PII or that EU resident identifier is never introduced into your framework. So the operating side of the business where there's compliance and risk management, I'm going to love this. For sure. Is that really where the action is? Compliance, risk, privacy. All right, so get a little nerdy action on this one. So encryption has always been an awesome thing, depending on who you talk to, obviously, but he's always been a tax associated with the overhead, processing power. You said there's math involved. How does homomorphic work? Does it have problems with performance? Is that a problem? Or if not, how do you address that? Where does it, I might say, well, I'll get it, but what's the tax for me? Or is there a tax? Encryption is never free. I always tell people that. So there always is a little bit of latency associated with being able to do anything in an encrypted capacity, whether that's at rest and transit or in use. Now, specifically with homomorphic encryption, it's not a new area of encryption. It's been around 30 or so years. And it had often been considered to be the holy grail of encryption for exactly the reasons we've already talked about. Doing things like taking searches or analytics and encrypting them, running them without ever decrypting anything opens up a world of different types of use cases across verticals in the commercial line. Give those use case examples. What would be some that would be low hanging fruit and then what would be much more higher level? Yeah. So some of the things that we're seeing today under that umbrella of secure data sharing and collaboration, specifically inside of financial services for use cases around anti-money laundering and financial crime. So allowing two banks to be able to securely collaborate with each other along the lines of the example that I gave you just a second ago. And then also for large multinational banks to do so across jurisdictions in which they operate that have different privacy and secrecy regulations associated with them. Awesome. Well, Elsa Dan, I want to ask you about your experience of the NSA and now as an entrepreneur, also you have some pedigree of the NSA really, congratulations, it's going to be smart to work there, I guess. And thought of secrets, you know. You absolutely do. Something like brain surgeon, rock of scientists. Oh seriously, we get a lot of good stuff. But now that you're out in the commercial space, it's been a conversation around how public and commercial are really trying to work together. A lot of innovations are happening on both sides of the fence there. Yeah. On the ICC and the intelligence community as well as commercial. Yeah, you're an entrepreneur. You got to go make money and you got to share holders now and you got investors. What's the collaboration look like? How does the world, does it change for you? Is it the same? What's the vibe in DC these days around the balance between collaboration or is there? Well, we've seen a great example of this recently in that anti-money laundering financial crime use case. So the FCA and the Financial Conduct Authority out in the UK, so public entity sponsored a whole event called a tech sprint in which they brought the banks together, the private entities together with the startup companies. So you're early emerging innovative capabilities along with the public entities like your privacy regulators, et cetera and had us all work together to develop really innovative solutions to real problems within the banks in the context of this tech sprint. We ended up winning the know your customer customer intelligence side of the tech sprint and then at the same time the US held an equivalent event in DC where Finston took the lead, bringing in again the banks, the private companies, et cetera to all collaborate around this one problem. So I think that's a great example of when your public and your private and your private small and your private big is in the financial services institution start to work together. We can really make breakthroughs. So you see a lot happening. We see a lot happening. The encryption solution actually helped that because it makes sense now that you have the sharing with encryption. Does that help with some of the privacy and interactions? It breaks through those barriers because if we're two banks we can't necessarily openly freely share all the information. But if I can ask you a question and do so in a secure and private capacity still respecting all the access controls that you've put in place over your own data then it allows that collaboration to occur whereas otherwise it really couldn't in an efficient capacity. Okay, so here's the curve ball question for you. So, unveil startup series A but you're really kind of an advanced series A. We had a lot of funding multiple years of operation. If I asked you what's the impact that you're going to have on the world what would you say to that? We're creating a whole new market completely changing the paradigm about where and how you can use data for business purposes. And in terms of how much funding we have we've had a few rounds but we only have 15 million into the company. So to be three and a half years old to see this new market emerging and being created with only 15 million dollars is really pretty impressive. Yeah, and it's got a lot of growth and keep the ownership with the employees and the founders, that's always good. Being bootstrapped is harder than it looks, isn't it? Yeah, for sure. All right, how about society at large? Impact, we're a global society these days and all kinds of challenges. Do you see anything else in the future for your vision of impact? So securing data in US supplies horizontally across verticals. So far we've been focused mainly on financial services but I think healthcare is a great vertical to move out in and I think there are a lot of global challenges with healthcare and the more collaborative that we could be from a healthcare standpoint with our data and I think our capabilities enable that to be possible and still respecting all the privacy, regulations and restrictions. I think that's a whole new world of possibility as well. And your secret sauce is what? Math, what's the secret sauce? Math. Math and grit, yeah. All right, so thanks for sharing the insights. Give a quick plug for the company. What are you guys looking to do? Obviously $10 million in funding, priorities for you and the team, what are you guys looking to do? So priorities for us, privacy is a global issue now so we are really expanding globally and you'll be hearing more about that very shortly. We also have new product lines that are going to be coming out, enabling people to do more advanced decisioning in a completely secure and private capacity. And hiring, office locations, DC? Yes, so our headquarters is in DC but we're based all over the world. So we're hiring, check out our webpage. We're hiring for all kinds of roles from engineering to business functionality. And virtual is okay, virtual hires is cool. Virtual hires is great. We're looking for awesome people no matter where they are. You know, yeah, DC but primary. Okay, so great to have you gone. Congratulations for one, the financing and then three years of bootstrapping and making it happen. Awesome, thanks for coming on. Appreciate it. Keep coverage here at RSA Conference in Moscone. I'm John Furrier. Thanks for watching. More after this short break.