© 2021 CyberNews - Latest tech news,
product reviews, and analyses.

If you purchase via links on our site, we may receive affiliate commissions.

Ambuj Kumar, Fortanix: if your business is on the internet, it needs data security


Cloud services allow businesses to effectively store and manage customer data and private information across platforms. But the question of security remains a pressing challenge, with many companies striving to provide robust security solutions for cloud natives.

As more enterprises move to the cloud, they should start thinking about data protection in new ways. The cloud is always on and readily available, hence its security challenges are rather different from those of traditional IT services.

Ambuj Kumar, CEO and Co-founder at Fortanix - a company which provides data-first multicloud security - shared what businesses should be on a lookout for if they decide to migrate to the cloud.

Please, introduce us to Fortanix. What has your company-building journey been like so far?

Fortanix is data-first multicloud security company that is redefining data security. We are headquartered in Silicon Valley. Founded in 2016, we are a mission-driven company. Funded by some of the best-known venture capitalists including Intel Capital, Foundation Capital and Neotribe, our goal is to solve cloud security and privacy challenges. With Fortanix, organizations gain the freedom to accelerate their digital transformation, combine, and analyze private data, and deliver secure applications that protect the privacy of the people they serve. Fortanix decouples security from infrastructure – security becomes a property of the data itself. Customers have complete control over their data, even when the infrastructure is compromised.

Our unified data security platform empowers you to protect your most important asset first - your global data - from one centralized place and gives you unmatched control of your data security across public, private, and hybrid clouds, all that with an easy-to-use automation-friendly solution loved by developers, security teams, and auditors. Powered by Intel® SGX, we provide unique deterministic security by encrypting applications and data everywhere – at rest, in motion, and in use with our patented Runtime Encryption® technology. With Fortanix, your data remains secure wherever it goes. We have raised $45m from some of the best-known venture capitalists.

What makes you stand out from the competition?

We are the data-first multi-cloud security company. Let me tell you what it means.

Most security companies try to secure the infrastructure. It turns out that cloud infrastructure is just too complex to secure. Fortanix’s data-first approach means that data is secure. Security is decoupled from the infrastructure. Customers have complete control over their data, even when the infrastructure is compromised. Fortanix has a unified platform with native solutions that are tightly integrated and speak the same language to each other for addressing a plethora of data security concerns.

The second would be our runtime encryption platform that takes the visionary route of encrypting data in use. Traditional data encryption is designed to protect data only when at rest (disk encryption) or in transit (via secure communication protocols such as SSL and TLS). This creates a huge security gap for enterprise data when in use by on-premises or cloud applications. Arguably, data is in its most vulnerable state when being read, processed, or modified — as it’s directly accessible to the user. Fortanix fills this gap with our vision of confidential computing that encrypts data end-to-end throughout its life cycle and storing the keys separately with an external key manager.

Third, the most recent and probably the most revolutionary, will be our SaaS-delivered data security manager. We took all the robust capabilities and features of data security managers and baked them into a SaaS-based pay-as-you-go model. Not only does this model make it financially viable for smaller businesses, but it also brings their data security up to speed in no time. No more hardware hassles or multi-vendor management nightmares. A few clicks can get your data security at par with the best offers. It’s a security solution that is built with the same fabric as your cloud services. This is a truly revolutionary step because no other vendor offers fully cloud-delivered data security.

What steered Fortanix in the SaaS direction?

Fortanix has always been a customer-centric organization. While we always had the intent to take the SaaS route, the spike in mobility requests from our customers and prospects definitely had us put the pedal to the metal.

Enterprises are going remote - most employees are working from the safety of their home or in a hybrid setup. The model of device-centric data security seemed a bit obsolete when the enterprise data is no more restricted to the headquarters or branch offices. I mean, regions that were once the global hot spots of the supply chain are under lockdown all of a sudden. Businesses have new units coming up in the remotest regions of the world to continue operating as usual. What they needed was a data security solution that was agile enough to keep up. Customers asked for it. We delivered!

We have witnessed multiple changes happening in the data security field before, during, and after the COVID-19 pandemic. Can you share the differences between these periods? Did any of these reveal new flaws and gaps in your field?

Before the pandemic, data security implementation was considered a long-term project, and emphasis was on perimeter security. But with COVID, we have seen an increase in the workforce becoming mobile (with remote work). What this means is that data security needs to be more pervasive in nature. Organizations are now more focused on getting security to data wherever it resides, across users and platforms.

Cloud migration initiatives have also grown by leaps and bounds. Organizations that were once averse to going cloud-first are noted to have finished migrations in record time. Whether your business will sink or surf in the post-pandemic world order, to a great extent, lingers on how cloudified your resources are. Multicloud data security is now more important than ever. Organizations are also looking to quickly implement data security. They want their data security to remind other cloud services. Quick, easy, and the best that’s out there.

Did you add any new services as a result of the pandemic?

A big one, as a matter of fact. We completely SaaSified our prime offering. All the benefits of our data security services can now be availed as a SaaS-delivered offering. So what our industry peers do using a lot of hardware, manpower, and CaPex, Fortanix does with the click of a button. We also partnered with the likes of Snowflake and Service to extend our data security capabilities to their customers, data-irrespectively of where they reside.

What are some practical tips for protecting our data and privacy while using our beloved mobile devices?

The hosting and usage of enterprise data as we knew it had changed dramatically over the past year and a half. Data has become increasingly mobile —being accessed on an array of devices across different corners of the world.

An average employee uses five different devices and accesses at least 5.2 mobile business apps daily. So even if you’re a small company with 50 employees, you got an average of 250 endpoints to protect, and multiple platforms that use your employees’ credentials. Add to that the rising cloud trend, BYOD, and SaaSification of services. You see the digital sprawl here?

Clearly, having a data-centric security policy should be at the centre of all discussions. Users need a fresh approach to data security. Start with data encryption. It should no longer be perceived as something from spy movies. If you truly believe data is the new oil, then an encryption barrel is a must. And I don’t just mean encrypting it when in transit or at rest, I am referring to an end-to-end ubiquitous data encryption.

How do you think data security will evolve?

Just like the internet went from being a luxury to becoming the basic necessity to stay up and running — data security is undergoing a tectonic perception shift. It’s going from being something that was meant for bigger and global enterprises to being a de facto requirement for all sizes.

I’d like to draw from Bill Gates:

"If your business is not on the internet, then your business will be out of business.” Add a line to it: “If your business is on the internet, it needs data security—no questions asked."

Having said that, most businesses here do what they know best. It doesn’t sound like an intelligent idea to spend a fortune on maintaining an in-house IT team when your business needs to sell packed foods or consumer goods. But data security is equally essential for them. So, I foresee a rise in the space of managed service approaches to data security, where you let the experts do what they do best.

Hence, we will be evolving towards a model that is more about quick implementation, being cost-effective, and easy to use. Something that gets your data security configured in a few easy clicks. Like you do when ordering food online.

What safety practices can businesses implement to avoid threats before it’s too late?

There are quite a few, but I’ll lay down the ground rule for becoming tamper-proof.

“No One Gets Fired for Buying AT&T.” Have you ever had a salesperson tell you that?

There’s certainly some truth to that line. Many CIOs and CISOs are risk-averse and prefer to follow at the back of the pack. But following that path can only get you so far. You cannot move forward in current times with a decade-old mindset and action plan. You got to innovate before it’s too late.

In a data-centric world, focus on practices that allow for securing the object of attacks itself, and not the vehicles/platforms/networks which carry the data...this means you need to adopt robust end-to-end encryption, key management, and access controls.

What’s next for Fortanix?

Our vision from the get-go has been to solve cloud security and privacy issues. It means democratizing data security, making it accessible to organizations of all shapes and sizes— across every vertical. It means unlocking the full potential of data. We have a partnership with UCSF where they are able to accelerate AI for drug research due to increased protection offered by our confidential computing technology.

And the launch of our SaaS is a monumental step in that direction. We have decoupled pretty much every hassle that’s been synonymous with traditional means of data security. Be it hardware dependency, technical expertise, deployment timelines, or upgrades, we have always strived for excellence, and we want to bring the same level of excellence to enterprise cloud migration. We are the air cover for all your data-based activities—which is pretty much every activity in the new world order,

Leave a Reply

Your email address will not be published. Required fields are marked