 Hello everyone and we're back at AWS re-invent. You're watching theCUBE and we're here at day two. Actually we started Monday night and we got wall-to-wall coverage. We're going all the way through Thursday. Myself, I'm Dave Vellante with the co-host David Nicholson. Lisa Martin is also here, of course, John Furrier. Partners, technologists, customers, the whole ecosystem. It's good to be back in a live event. Of course we have a hybrid event as well. A lot of people watching online. Anshu Sharma is here. He's the co-founder and CEO of Skyflow, a new type of privacy company. Really interested in this topic. Great to see you. Thanks for coming on. Thank you. Thanks for bringing me here. It's timely, privacy, security, they're kind of two sides of the same coin. Why did you found Skyflow? Well, the idea for Skyflow really comes from my background in some ways. I spent my first nine years at Oracle, six years at Salesforce, and whether we were building databases or CRM products, customers would come to us and say, hey, you know, I have this very different type of data. It's things like social security numbers, frequent flyer card numbers, card numbers. You know, can you secure it better? Can you, you know, help me manage things like GDPR? And to be honest, there was never a clear answer. There's a lot of technology solutions out there that do one thing at a time. You can walk around the booths here and there's like 100 companies. And if you use all those 100 things correctly, maybe you could go tell your board that maybe social security number is not going to be lost anymore. And I was like, you know, we've simplified everything else. Why is it so hard to protect my social security number? It should be easy. It should be as easy as using Stripe or Twilio. And this idea just never went away and kept coming back. Till a few years ago, we learned about the Facebook privacy challenges, the Equifax challenges, and I was like, boy, it's the time. It's time to go do it now. Yeah, you started the company in 2019, right? I mean, your timing was pretty good, right? So what are the big sort of Uber trends that you're seeing? Obviously GDPR, the California Consumer Privacy Act. I heard this morning, did you hear this? That like, if you post a picture on social media now without somebody's permission, you're now violating their privacy. It's like, you can see the smiles on Unchoose's face. It's like, every week there's a new story that could be like, well, Skyflow. The new story is the question, the answer is Skyflow. But honestly, I think what's happened is, the issue is both very simple. You know, all we're trying to do is protect people, social security numbers, phone numbers, credit card numbers. Things we hold dear. At the same time, it's complex. Like, what does it mean to protect your social security number, let's say? Does that mean I don't get to use it for filing your taxes? Well, I need your credit card number to process a payment. And we were like, this is too complicated. Why, how do companies like Apple do it? How do companies like Netflix manage to not have as many breaches as my hotel that barely has any data? And the answer is, those companies actually have evolved to a completely different architecture, the zero trust data architecture. And that was our inspiration for starting this company. Yeah, I mean, how many times have you been asked to give your social security number? And you're like, why? Why do you want it? What are you going to do with it? How do you protect it? And they go, I don't know. You know what's even my favorite is like, you give your social security number to say, TurboTax. How many days of the year do they need to use it? One, how many days of the year do they have it? And the thing is, it's a liability for those CTOs too. The CTO of Walgreens, the CTO of Intuit, they don't really want that social security number just so they can process your card once a year, or your social security number once a year. It's almost like we're forcing them to hold on to data and then they have to bear the burden of having these stories. Like everybody wants to prevent a New York time story that says what Robin had a breach, Twitter had a breach. So walk us through how Skyflow would address something like that. So make a generic version of TurboTax. Social security numbers, there they are. Right now they're sitting in a database somewhere. Hopefully there's some security wrapped around it in somewhere or another. What would you advise a customer like that to do? And what are you actually doing for them? So look, it's very simple. You are not going to put your username passwords in a generic database. You're going to use something like Auth0 or Octa to do it. We're living in a world where we have polyglot data stores. Like there's a key value store. There's a time series database. There is a search database like Elastic. There's a log database like Splunk. But PII data, somehow we think it's just fine if it's in 100 places. And our answer is that we should do the same thing that companies like Apple, Netflix, Google, everybody does. They take this data. They completely isolate it from their databases. And it gets stored in a custom data store. In our case that would be Skyflow. And essentially we give you encrypted tokens back and you can use these encrypted tokens that look like fake social security number. It's called a format preserving encryption. So if you think about all the breakthroughs we've had in homomorphic encryption on secure elements, like the way your phone works, the credit card number is stored in a secure element. So it's the same idea. There's a secure part of your data stack, which is Skyflow, that basically keeps the data always protected. And because we can compute and search on encrypted data, this is important. Everybody can encrypt data at rest. Skyflow is the first company that's come out and said, look, you can keep your phone number and social security number encrypted while I can run an aggregation query. So I can tell you what's the balance of your customer's account balance and we can run that query without decrypting a single row of data. The only other company I know that can do that internally is a certain Cupertino based company. So think about it, anybody can lock something up to a certain degree, but allowing frictionless access at the same time. Wow, it's encrypted. So how do you make that, are you, it's a strategy to make that a horizontal service that I can put into my data protection service or my e-commerce service or whatever you. So it's a cloud-based service that runs on AWS and other clouds. We basically give you an instance, just like you get an instance of a Postgres store or you get an API handle to odd zero. You basically instantiate Skyflow, a vault gets created. It can be in your AWS environment, dedicated VPC. So it's private to you. And then you have a handle and then basically start using it. So how do you, what's the secret sauce? How do you do that? The secret sauce, well, now that we've filed the patents on it, I can reveal the secret sauce. So the holy grail of encryption right now, if you go talk to people at leading companies is something called fully homomorphic encryption. That's fundamentally the foundation on which things like Bitcoin are built actually. But the hard part about fully homomorphic encryption is it works. You can actually do mathematical computations on it without decrypting the data, but it's about a million times slower. So nobody uses it. My insight was that we don't need to do multiplications and additions on phone numbers. You never take my phone number and divide by your social security number to you. These numbers are not numbers. They are data structures. So our insight was if you treat them as specialized data structures, we're all talking about basically about 80 different types of data across the globe. Every human being has an ID, data birth, height, color of eyes. There's not that many fields. What we can do then is create specialized encryption schemes for each data type. We call this polymorphic data encryption. Poly means multiple. As a result of that, we can actually store the data encrypted and build indexes on it. Since we can index encrypted data, it's kind of like imagine you can run real-time queries on data that's encrypted. Every other data store, when you encrypt the data, it becomes invisible to the database. And that's why we had to build this as a full stack service. Just like the Snowflake guys had to start with the foundation of storage, rethink indexing and build Snowflake. We did the same thing, except we built it for encrypted indexes, whereas they built it for regular data stores. If you think about today's tech stack, it's evolving, right? The data protection and security are coming together. Where does this fit? Is it sort of now becoming a fundamental part of the- We think every leading company, whether you're building a new brokerage application, or you're the largest bank in the world, and we're talking to some of them right now, they're all going to have an internal service called a PII vault. This vault, just like Apple and Google have their internal vaults, you're going to have a vault service in your service-oriented architecture, essentially. And it's going to basically be an API. Every other application and database in your company is not going to store my social security number. The SSNs don't belong in 600 databases at a leading bank. They don't belong inside your customer support system. Think about what happened with Robinhood two weeks ago, right? If someone tricked one call center guy into giving the keys up, which is fine. How happens? But why did the call center guy have access to like a million email addresses? He's never going to use that. So we think if you isolate the PII, every leading company is going to end up with a PII vault as part of their core architecture. Just like today, we have an auth API. You have a search API. You have a logging API. You're going to have a PII API. And that's going to be part of your modern data stack. So, okay, so this is definitely not a bolt-on, right? It's going to be a fundamental come out, just like security is, just like backup is. It's now, you got to have it. It's, I mean, if you think about it, just logically makes sense. Like you should be isolating this data. You don't keep your money and gold around at home. You put it either in a locker or a bank. I think the same applies for PII. We just haven't done it because companies would pay off a fine for $10,000 or a million dollars. Yeah, so you've recently raised $45 million to expand your efforts. Obviously that means that people are looking at this and saying there's opportunity, right? What does that look like when you think of growth where during your go-to-market strategy, at first you're convincing people that it's a good idea to do it. Do you think or hope for hope one day that there's an inflection point where it's not that people are thinking, you know, let's do this because it's a good idea. But people are like, I have to do this because if I don't, it's irresponsible. And I'm going to be penalized for not having it. It becomes something that isn't really a choice. It's something where you just do it. So you know, when we were starting the company, we didn't even have a word to explain what we were trying to do. We would say things like, what if there was a cloud service for XYZ but over the last one year, I don't want to take credit for creating this market but this market has been created in the last year and a half. And you know, we get tons of people, including some of the largest institutions, emailing us saying, I'm looking to build a PII vault API service inside my company. Can you tell me why your product meets that need? And I thought that would take us three to five years to get there. And you know, we've ended up creating a category basically, just like other companies have. And I think, you know, you don't get, I believe in market permission, you don't get to create a category. The market gives somebody the permission to create a category saying, look, this makes sense. Something like this should emerge. And if you're there at the right time, like you said, they get to take opportunity. So where are you at as a company? I'd say I've got some capital, it's great. When do you scale? We're scaling now. So we just doubled our headcount in the last nine to 10 months. We're now 75 people. We think we'll be about 150 to 200 people in the next year. We're hiring across all regions. We just hired a head of Asia pack from segment.com. We just hired our first, you know, lead on international expansion. And in the US, we have an office in Palo Alto, we have an office in Bangalore. We just announced a data residency solution for Europe, data residency solution for India and emerging markets. Because data residency is another one of those things that's just emerging right now. And, you know, irrespective of whether you believe in security and privacy, data residency is one of those things that you're mandated to implement. And where are you hiring? Is it combination go to market? Tell me about your go to market. Go to market, we are direct sales organization, but we work with partners. So we haven't announced some of these partnerships, but we're working with some of the companies here who either are large database companies, large security companies. We think there's a win-win relationship between us and some of the other companies. The real partner model, partner channel model. Direct sales, but partner assisted. Yeah, great. All right, we got to go. Hey, awesome story. Congratulations, best of luck. Very interesting. Love to have you back and track the progress. Thank you, thank you so much. Okay, thank you for watching The Cube, the leader in high tech coverage. We're at re-invent 2021. Be right back.