Businesses (and VCs) spend billions of dollars on cybersecurity, but mostly focus on protecting infrastructure or endpoints. That’s not always the right approach in a world where – thanks to the pandemic – data is increasingly distributed across clouds, software-as-a-service apps and storage systems. According to according to a 2021 survey, 61% of security leaders in the enterprise believed their cybersecurity teams were understaffed.
“Businesses and government agencies are looking for a new approach to keep their data safe wherever it is, especially in the cloud,” Ambuj Kumar told australiabusinessblog.com via email. He is CEO and co-founder of fortanix, which aims to decouple security from the network infrastructure to keep data safe even when the infrastructure is compromised. “They need protection of their sensitive and regulated data, throughout its lifecycle – at rest, on the move and in use.”
Kumar, who is a bit of a salesperson, argues that Fortanix is one of the more holistic solutions to the growing challenge of data security. Some investors agree. Fortanix today closed a $90 million Series C financing round led by Goldman Sachs Growth Equity with participation from Giantleap Capital, Foundation Capital, Intel Capital, Neotribe Ventures and In-Q-Tel (the strategic nonprofit investor for the U.S. intelligence community ) which will increase its total to $122 million, which Kumar says will primarily be used to expand its sales and marketing activities and open new offices in Eindhoven, the Netherlands.
“Amid a broader market slowdown, growth rounds have slowed significantly. At the same time, investors have a lot of dry powder and companies with a strong revenue profile and a profitable business model are attracting a lot of attention,” said Kumar. “We are lucky to be such a company. History shows that great companies are built in a difficult economic environment. climate, as competitors are not funded, talent becomes more available and customers consolidate into stronger products.”
Kumar co-founded Fortanix with Anand Kashyap in 2016. Kumar was previously head of hardware design at Nvidia and lead architect at Rambus’ cryptography division. Kashyap was a principal security researcher at Symantec before becoming a staff engineer at VMware.
Fortanix sells access to software that secures data in public, hybrid, multicloud and private cloud environments and encrypts databases, as well as app secrets (e.g. usernames and passwords) both in the cloud and on-premises. In addition to cryptographic services, Fortanix also offers confidential computing, a cloud computing technology that isolates sensitive data in an encrypted CPU enclave during processing so that the contents of the enclave can only be accessed by authorized programming code.
Fortanix confidential computing technology is built on Intel’s established SGX platform. The hardware-based security technology uses trusted hardware within the CPU to create the aforementioned enclave, allowing, for example, data teams in regulated industries such as financial services and healthcare to use private data while maintaining anonymity.
Driven by those kinds of use cases, at least one company expects the confidential computer market will be worth $54 billion by 2026. Indeed, the adoption of confidential computing technologies has accelerated in recent years, with tech companies such as Intel, Google, Microsoft, Arm and Red Hat establishing an organization – the Confidential Computing Consortium – to improve data protection standards. Startups with competing confidential computing solutions include Opaque Systems, Edgeless Systems, and Decentriq.
“To better protect sensitive data, it’s helpful to think about it in the multiple dimensions of its lifecycle — that is, when it’s at rest, in transit, or in use,” Kumar continued. “Often, when data is in use, the third dimension is overlooked because of inadequate security mechanisms or a misconception of security. Several recent, serious malware attacks have taken place on the in-use state, including the Triton attack and the attack on the power grid in Ukraine. [Fortanix’s] technology protects applications and the sensitive data ‘in use’ from unauthorized access and tampering when it is highly vulnerable, extending the security already in place for data at rest and in motion across the network.”
Fortanix claims to have more than 125 customers worldwide, including Adidas, Google, PayPal, GE Healthcare, the US Department of Justice and the Centers for Disease Control and Prevention. Partners include Elastx and Alibaba Cloud, which run Fortanix’s key management service on their platforms, and Equinix, which uses Fortanix to power its custom security service. IBM Cloud is another collaboration partner – it partnered with Fortanix on a service that protects data in use.
“In most cases, our main job is to convince customers that it’s not enough just trying to keep their network secure, and educate them about the benefits of data-first security. In a minority of cases, we compete with legacy data security providers such as Thales and HashiCorp,” added Kumar.
When asked, Kumar declined to disclose sales figures. But he assured me that Fortanix continues to grow, with plans to increase the workforce of 225 by 50% over the next year.
“We are certainly sensitive to macroeconomic conditions. However, data security and privacy is a top priority for businesses around the world, and we continue to see a strong requirement for our offering,” said Kumar.