6 Cybersecurity Companies for Ensuring Data Privacy
The headlines for data breaches are becoming more and more over-the-top each year. From the Swedish Transport Agency that leaked the sensitive details of undercover agents, military vehicles, and pretty much everything else under the sun in 2015, to the Equifax data leak that led to the exposure of sensitive information (like social security numbers, credit card information, and driver’s license numbers) of 145 million Americans in 2017, data breaches are projected to cost everyone $6 trillion annually. That’s a lot of green.
New regulations that have been put into law in the past few years are spurring companies to make changes to their data architecture and keep user data secure and private. The General Data Protection Regulation (GDPR) was created in 2016 and implemented in 2018 to regulate data protection and privacy in the European Union (EU). The aim of the regulation is to help individuals control their private data and simplify regulation between EU countries and the international business world.
Not to be outdone, California went ahead and created its own state statute in 2018, known as the California Consumer Privacy Act (CCPA). Much like GDPR, CCPA is intended to give end-users more control over their data. The statute stipulates that companies provide consumers more transparency about what data is being collected from them, how that data was purchased and where it is going, and access and erasure rights to that data.
With these regulatory frameworks in place, a new era of cybersecurity technology has come. According to Mordor Intelligence, the cybersecurity market is projected to reach $325 billion by 2026. The buzzword-rich phrases of today are data democratization, zero-trust architecture, and data rights for all. We’re living in a data revolution to free everyone from the shackles of centralized data. But we have to remember, freedom is not free. Companies are scrambling to ensure their software is up to date on these recent security regulations, which has opened a lucrative gap in the market.
Cybersecurity startups are filling in that gap by applying novel digital technologies like blockchain to ensure data is safe and kept off the servers of a centralized administrator. These technologies allow data to remain at a decentralized location and don’t require duplicating data across multiple databases, reducing the probability of a data breach by an unwitting employee.
Let’s take a look at six cybersecurity companies that are making sure our data isn’t being handed over on a silver platter to black-hat hackers and over-enthusiastic telemarketers.
Outsourced Data Protection
Founded in 2015, Very Good Security is a San Francisco-based startup that helps companies prevent data breaches while providing maximize value from payment data. After a Series C round that closed in 2020, The company has brought in $104.9 million from venture capital (VC) firm Andreessen Horowitz, Goldman Sachs, and others to ensure companies can keep their data sealed. Very Good Security has built out a fully integrated security and compliance platform that does all of the backend grunt work of ensuring data is private and compliant with security regulations. The company’s end-to-end solution can be used for issuing cards securely, maintaining payment card data outside a client’s servers, and optimizing payment transactions without the burden of interacting with sensitive data. Data can be in many different formats, including PDFs, images, emails, and voice calls.
The platform is compliant with a whole alphabet soup of compliance acronyms and terms, like Payment Card Industry Data Security Standard (PCI DSS) for payment card data, Health Insurance Portability and Accountability Act (HIPAA) for health and patient data, Europe’s GDPR on personal data, and California’s CCPA for personal data belonging to California residents. Of course, those living on the Golden Coast always have to find a way to be special, which means their very own compliance statute just to keep security regulatory frameworks spicy. Very Good Security provides a way for companies to outsource their data security liabilities, so they can keep on doing their thing and sleep soundly at night. By decoupling and insulating customer systems from sensitive data, clients can reduce their risk exposure to data breaches.
They might just be very good security, indeed.
Dublin-based Evervault was founded in 2018 and has raised $19.4 million after a Series A that included Sequoia Capital. Evervault provides developers with encryption tools to build out their apps. These tools help make sure developers never see or touch sensitive data, isolating that data from the other parts of their apps.
Most developers do not consider encryption as part of their workflow, and generally have to scramble to start adding encryption algorithms after building their software. The company gives developers an easy way to get encrypted from day one and keep Russian hackers at bay. That means fewer times you have to go through a virtual private network (VPN) to check out fun sites, like the pages associated with the FriendFinder Networks after its six databases were hacked and 412 million accounts were exposed. Evervault charges developers based on a per decryption or run basis, rather than on a subscription or one-time payment model.
Decentralized Digital Identities
Tokyo-based Bitkey was founded in 2018 to provide users with smart locks, smart access, and security solutions for homes and buildings. The Japanese company has raised $45 million after a Series A funding round back in January 2020. Bitkey’s system relies on an autonomous decentralized system, which is a combination of a free competition system where a user provides data to multiple bodies and a centralized system where data goes to a single administrator. The company’s data infrastructure is based on blockchain technology and distributed systems.
In this setup, data can only be viewed by the party that provides the service. That way, data can’t be tampered with by any one party that holds the data. The system provides users with control over their own data and relies on a single unique digital key to unlock physical spaces. The company envisions users can unlock physical spaces such as homes, offices, hotels, and shops through facial recognition software after the client has given their permission. The platform includes the FaceMe AI facial recognition engine developed by CyberLink, a Taiwanese software company. With the lofty goal of creating a society where digital and physical resources aren’t duplicated senselessly, Bitkey wants to free the world from the existential burden of multiple hotel cards and heavy keychains.
Founded in 2013, Evernym is a Utah-based startup building software to issue, accept, and verify credentials, like a digital passport. Evernym has raised $16.5 million after a Pre-Series A round back in 2019. As another startup that relies on blockchain identity verification systems, Evernym uses a decentralized, ‘self-sovereign identity’ (SSI) approach that allows users to instantly share secure, trustable data with companies without the risk that personally identifiable information is being stored in a centralized database. Users can control the data directly, choosing when and with whom to share it. The company currently provides SSI technology to 400 enterprise customers globally.
One of the most recent use cases for Evernym is COVID test credentials for global travel. Currently, paper test certificates for negative COVID test results are relatively easy to forge, and sharing test data has several points where security and privacy can be breached. The Travel Pass, developed by the International Air Transport Association (IATA), leverages Evernym’s software products to ensure flyers’ digital health credentials are highly secure and preserve privacy while still allowing airlines to verify those credentials. The IATA Travel Pass will be initially piloted with 22 airlines this year. Now it’ll be a little tougher to pass off fake COVID credentials purchased from the dark web to the TSA.
Privacy by Design
Founded in 2017, San Francisco-based Transcend is designing solutions to help companies provide end-users with simple access to their personal data. The company has brought in $29 million following a Series A funding round in 2020. Transcend offers plug-and-play automated solutions for users to have control over the rights to their personal data, including ease of data deletion. The company’s software integrates with many data analytics, marketing, email, and payment platforms. Its software automatically fulfills access and data erasing requests across all systems and vendors, with a benchmark time of 30 seconds between request fulfillment and processing. The software relies on a zero-trust architecture that’s a lot like the Russian proverb made popular by Ronald Reagan during the Cold War era, “Trust, but verify.”
The software works by tracking down a specific customer’s data in the storage databases and provides access to it or allows the customer to delete it completely. Transcend’s process provides zero access to user and company data and keeps data encrypted between business clients and their users. Stock trading and investment app, Robinhood, and house-flipping app, OpenDoor, are some of the companies that are relying on Transcend’s technology to keep consumer data in the hands of users. No more clearing browser cookies and staying incognito on a Saturday night of web browsing to keep third parties from stealing your precious data.
Concentric, founded in 2010 and based in Cambridge, Massachusetts, is using an augmented intelligence platform to protect companies from data breaches. Concentric has raised a total of $12.4 million. The company helps its clients reduce the risk of critical business data, such as contracts, pricing, legal documents, invoices, intellectual property, and source code, from being overshared with inappropriate third parties, like hackers. The software discerns what documents are sensitive content by evaluating the semantic meaning inside each document.
Concentric’s software also continuously monitors and deep learns how data is shared between parties, and will automatically reclassify materials, modify sharing permissions, or change access control. The software integrates with popular document applications to help business users maintain the security of their business data. Hopefully, Concentric helps reduce the chances of HR managers from accidentally sharing employee salaries through an email distributed to the entire company.
Unfortunately, even the latest technology and regulatory frameworks can only go so far when it comes to data breaches. Many data breaches are due to human error from a few or even a single employee, which is much harder to correct. As former U.S. Representative Greg Walden once said to the former CEO of Equifax Richard Smith, “I don’t think we can pass a law that fixes stupid.” But for everything else, cybersecurity technology is playing a big role in reducing the rate of data breaches across all sectors.
Cybersecurity is becoming more critical as executives may be more liable for data breaches in the future. In 2019 alone, there were over 7,000 data breaches reported. Hackers from the Eastern Bloc aren’t about to abandon their mission to make all knowledge free from the hands of capitalists, so cybersecurity companies are stepping in to serve as the bouncer to the data club. With remote working becoming more prevalent across all sectors, more precautions will need to be taken to ensure business and consumer data are private and secure.
Are we going to finally open a position in the Global X Cybersecurity ETF? Or did we go all hero-or-zero on CrowdStrike? Become a Nanalyze Premium subscriber and find out.