Enterprises (and VCs) spend billions of dollars on cybersecurity, but their primary focus is protecting infrastructure or endpoints. That’s not always the right approach in a world where — thanks to the pandemic — data is increasingly being distributed across clouds, software-as-a-service apps, and storage systems. According to a 2021 survey, 61% of enterprise security leaders believed their cybersecurity teams were understaffed.
“Companies and government agencies are looking for a new approach to keep their data safe no matter where it resides, especially in the cloud,” Ambuj Kumar told TechCrunch via email. He is CEO and co-founder of Fortanix, which aims to decouple security from network infrastructure to keep data safe even when the infrastructure has been compromised. “They need protection of their sensitive and regulated data throughout its lifecycle—at rest, in motion and in use.”
Kumar, who’s something of a salesman, reckons Fortanix is one of the more holistic solutions to the growing data security challenge. Some investors agree. Fortanix today raised a $90 million Series C funding round led by Goldman Sachs Growth Equity with participation from Giantleap Capital, Foundation Capital, Intel Capital, Neotribe Ventures and In-Q-Tel (the non-profit strategic investor for the US intelligence community) that raised its total to $122 million, which Kumar says will primarily be used to expand sales and marketing activities and open new offices in Eindhoven, the Netherlands.
“Amid a broader market slowdown, rounds of growth have slowed significantly. At the same time, investors have plenty of dry powder and companies with strong revenue profiles and profitable business models are attracting a lot of attention,” said Kumar. “We are fortunate to be such a company. History shows that great companies are built in the midst of a difficult economic climate as competitors fail to get funding, talent becomes more available and customers focus on stronger products.”
Kumar co-founded Fortanix with Anand Kashyap in 2016. Kumar was previously hardware design lead at Nvidia and chief architect of Rambus’ cryptography division. Kashyap was a senior security researcher at Symantec before becoming a staff engineer at VMware.
Fortanix sells access to software that secures data and encrypts databases in public, hybrid, multicloud, and private cloud environments, and manages app secrets (such as usernames and passwords) both in the cloud and on-premises. In addition to cryptographic services, Fortanix also offers Confidential Computing, a cloud computing technology that isolates sensitive data in an encrypted CPU enclave during processing so that the contents of the enclave are only accessible by authorized programming code.
Fortanix Confidential Computing technology is based on Intel’s proven SGX platform. The hardware-based security technology uses trusted hardware within the CPU to create the aforementioned enclave, which, for example, allows data teams in regulated industries such as financial services and healthcare to use private data while maintaining anonymity.
Driven by such use cases, at least one company predicts that the confidential computing market will be worth $54 billion by 2026. Arm and Red Hat form an organization – the Confidential Computing Consortium – to advance privacy standards. Startups with competing confidential computing solutions include Opaque Systems, Edgeless Systems and Decentriq.
“To better protect sensitive data, it helps to look at it in the different dimensions of its life cycle – ie when it is at rest, in transit or in use,” Kumar continues. “Often the third dimension, the use of data, is overlooked due to insufficient protection mechanisms or false security concepts. Recently, there have been several serious malware attacks on the in-use state, including the Triton attack and the Ukraine power grid attack. [Fortanix’s] Technology protects applications and the sensitive data “in use” from unauthorized access and tampering when they are highly vulnerable, and extends the security already in place for data at rest and in motion across the network.”
Fortanix claims to have more than 125 customers worldwide, including Adidas, Google, PayPal, GE Healthcare, the US Department of Justice and the Centers for Disease Control and Prevention. Partners include Elastx and Alibaba Cloud, which run Fortanix’s key management service on their platforms, and Equinix, which uses Fortanix to power its bespoke security service. IBM Cloud is another occasional contributor — it has partnered with Fortanix on a service that protects the data it uses.
“In most cases, our primary role is to convince customers that just trying to keep their network secure is not enough and to educate them about the benefits of data-first security. In a minority of cases, we compete with legacy data security vendors like Thales and HashiCorp,” added Kumar.
Kumar declined to reveal sales figures when asked. But he assured me that Fortanix continues to grow and plans to increase its workforce by 50% from 225 employees over the next year.
“We are certainly sensitive to macroeconomic conditions. However, data security and privacy are top priorities for businesses worldwide and we continue to see strong demand for our offerings,” said Kumar.