 Hey, welcome back everybody. Jeff Frick here with theCUBE. We're in our Palo Alto studio for a CUBE conversation. Again, we love talking with little companies, emerging companies, kind of maybe technology you haven't heard of before. And we're excited to have our next guest because he's right in the heart of security space which is always a hot topic, continues to be a hot topic and we'll never go away because the bad guys, they just keep working hard to try to break everything that we create. So our next guest, he's Ambush Kumar, the co-founder and CEO of Fertanix. Ambush, welcome. Thank you, Jeff. So give for the people that are familiar with Fertanix and the basic 101. Yeah, so if you look at all the security today, it falls into three categories. One is protecting your data at rest. So what that means is, if somebody steals your laptop, how do you protect your hard drive from getting exposed? So we use encryption for that. Similarly, we also use encryption to secure our data in use. So we connect to some bank website and our data goes encrypted through TLS. And so what that means is if somebody is doing wiretapping, our data remains protected. However, once the applications start to run in whether it's in your data center or public cloud, then the data and applications remain exposed. So to fix that runtime vulnerabilities, what industry has done so far is to secure the infrastructure, try to secure the infrastructure. And that is $80 billion per year industry. But we have failed to do that because infrastructure is just so vastly complex. So what we do is we use something called runtime encryption. An idea is that your data and applications remain encrypted. So even when people who are running your cloud, they are entrusted and they want to get your data, they can't do anything with it. So a lot of stuff there to unpack. So first off, yeah, we know the perimeter systems don't work anymore. I mean, you got to put them up. They do some level of stuff, but you can't secure the perimeter anymore. So it is all this kind of working your security and the encryption all the way through the process. But this is pretty interesting. I've never heard of encryption actually at runtime and it begs a question, well, how does the microprocessor run the encrypted data? That's right. So it's a long research problem in security. People have been working on something something called fully homomorphic encryption. And the idea is that, can I take my program encrypted, data encrypted and run in totally untrusted environment and give you the result that you can decrypt? Turns out that you can do that with very simple programs like if you're adding some numbers, multiplying those numbers and even in those cases, slow by many orders of magnitude. So what normally some operation takes one second, now it will take three years. Not good. So what we do is we use some new instructions from Intel called software guard extension, Intel SGX. And your data and your programs, they get decrypted in a secure region of CPU. So all the memory, all the operating system, accessible things, anything that can be touched by any other process, they only can look at encrypted stuff. Your data gets decrypted right when instructions are working on them. And at that point, it is accessible only to your right process. So we use this hardware capability to accelerate the encryption decryption. So we can provide all the benefits of fully homomorphic encryption at a performance that is totally acceptable to our customers. So make sure I understand. So it just decrypts it literally at the last possible, obviously not second, but last possible in microprocessor time cycle, runs that process and then is right only to the output of that process. And is that immediately encrypted again on the right side as well? Yeah, exactly, exactly. So you mentioned the Intel, the Intel instructions that, so is this relatively new, the SGX? Yeah, so we were first wondered vendor to commercialize Intel SGX. So it's a new technology, but it's coming in all their CPUs. So right now it's in all client CPUs and some of the data center CPUs, but five years from now, all the CPUs that you'll get from Intel will hopefully have this technology. So obviously Skylake, right? Yeah, Skylake has it and all newer architecture. Wow, so a little bit more about the company, how long have you guys been around? How long have you been working on this problem? You know, funding kind of, give us the overview on the company. Yeah, so I have been working on encryption for the last seven years. The company was founded two years ago. We were funded by some well-known security VCs, including Foundation Capital and NeoTri Ventures. We are widely recognized as the pioneer in this field that we are creating runtime encryption, recognized by Gartner as school vendor. We came number two in RSA Innovation Sandbox, among hundreds of security companies. We have several SNP 500 customers already. So where we are deployed in their production environment, we are securing trillions of dollars of assets in real time. Our goal is to convince CIA to run their most precious, most sensitive applications on some untrusted cloud in some enemy country. So it's a long shot. And are you doing like a PLC of something like that with them? Do you enact a conversation or is that more kind of a philosophical goal? I cannot confirm or deny that, but that's our goal. And until we achieve that, we have something to keep working on. Okay, and then where do you guys sit kind of in the world of public clouds with AWS and Azure and Google versus either private or multiple clouds inside the company or some of these other kind of options? Like we hear like the Equinix, which I think is one of the places that you guys play. How's that work? So our goal is to decouple security from infrastructure. So in the end, our goal is that infrastructure will provide you compute cycles and the security will come from the customers and customers who are developing the application and deploying the applications. So it's cloud agnostic security. So meaning that we will go after on-prem customers, we'll go after public cloud, colo and all of that. So in the meantime, for our go-to market, what we did was we partnered with two of really well-known strong forces in the industry. One is IBM Cloud, where IBM is putting these servers and running our technology. And with Equinix, which is world's largest data center provider. And so if you are in any of the public cloud, if you are in IBM Cloud, you get our security by default. So your containers will run encrypted, isolated from all the threats that might be there. Or if you are in some other public cloud, you can use Equinix colo. So if you have some application that you don't want to be hacked, you can use our SaaS service to run those applications encrypted. Right. And of course Equinix has got the direct connect to all the public cloud. So minimum latency and really integration with all your other stuff in the public cloud. Yeah, exactly. So what's the expense, both kind of the overhead expense on the computing side to do this when it's done properly? And then what's the expense to run this? Is this something that is expensive, can only be used for the most critical applications? Or do you see this over time, being more general purpose execution? So it will be used to secure anything that you don't want to be hacked. And the cost of using runtime encryption is minimal. So I expect it to be widely adopted. And we make it really easy for developers and security organizations to use this technology. So you have to bring in your container and then Photonix process attaches to your container. You don't need to recompile your source code. We never get to look at your source code. There is no binary translation, nothing like that. And then, so it's a simple millisecond long process and then we give you a modified container. And now you can take this modified container, run on any cloud you want. And if it runs, it runs securely, that point onwards. Right, and today you just have to make sure it's got the right microprocessor in the future. Hopefully that'll be more general purpose. So what's next? What are you working on? What's a priority for the bounce of 2018? Yeah, so we have lots of integration work going on. So VMworld is coming next week. We have support for something called Chemit that allows you to secure your storage boxes, we send, et cetera, with Photonix. Now we are also running integration with some databases, some multi-party compute and things like that. So our goal is to make our technology more widely available to a large variety of customers. All right, and we have very interesting story, encryption at runtime. So we look forward to watching the story unfold. Awesome, yeah, this is a decade long journey. And I think when we are done, infrastructure security will be irrelevant. So it's going to be very exciting for all the parties involved. All right, we'll keep an eye, thanks for stopping by. Thanks. All right, I'm Jeff, you're watching theCUBE. We're in our Palo Alto studios, see you next time. Thanks for watching.