ALTR is an automated data access control and security solution company that enables customers to easily govern and protect sensitive data in the cloud in order to gain more insights and value from more data in less time. To learn more about the company, Pulse 2.0 interviewed James Beecham, Founder and CEO of ALTR.
James Beecham’s Background
Beecham grew up with technical parents in Austin, TX so he also became very focused on technology.
“My father was a hardware engineer at IBM, working on some of the first printers before moving to Dell to lead the charge on their first wave of laptops. My mother was an industrial engineer before quickly moving into finance,” said Beecham. “Pre-2015, technology in Austin was very hardware and infrastructure focused without a lot of emphasis on consumer software or web-based platforms, so it’s no surprise I went into hardware design in college. I quickly moved into the firmware and software world because of my desire to iterate faster.”
Whether it was at Texas Memory Systems or Dash Financial, Beecham always had to be aware of the goal of low latency / high throughput, which is how he would have approached technical problems throughout his career. This obviously translates into the work Beecham is doing today at ALTR. Since ALTR’s software sits between critical applications and sensitive data, ALTR has to move at the speed of business where thousands of transactions per second quickly add up.
Going all the way back to Beecham’s internship at IBM to Dash Financial and through to ALTR, Beecham has been driven to generate innovative solutions to hardware and software challenges and achieved multiple patents on my work.
Idea Behind ALTR
Beecham’s co-founder Chris Struttmann and he met at Dash Financial where they faced several data security and cyber security problems, some of which were traditional problems associated with firewall, port, and IP attacks.
But they also faced people and organizational challenges: How do they separate duties between administrators and DBAs vs. other compliance and security folks? And, with the increased regulations in the financial space, Beecham started looking at how they effectively communicate to the regulators and auditors while ensuring that they have separation of duties and how they limit who could access sensitive data.
Even with a healthy IT budget, it was difficult to separate the operation of data from the security of data. There are a number of reasons DBAs need to operate in databases without seeing or accessing any sensitive information.
No matter what they did, they always ended up in a situation where a database administrator somehow needed administrative access to secure storage and they could never find a way to truly separate those duties. So that was the genesis for the ALTR platform. They thought there were 3 points to address to be successful:
1.) Utilize SaaS so the software does not need to sit on the same box as the secure database, and there would be no reason for a DBA to log into the database
2.) Do as much security, governance, and compliance at the application level as possible via API
3.) Make it easier to use so that it does not need the technical expertise that a database requires so that a non-technical user can administer these controls. And SaaS delivery, application-level security, and ease of use were the guiding principles for what ultimately had become ALTR.
ALTR delivers a unique intersection of security and governance and privacy and compliance.
“That might sound like a mouthful but hear me out. We provide what we believe is a holistic view of data security,” Beecham added. “Now that data security has become a critical part of data, governance, and data privacy, we offer a solution that can address the needs of the CEO, as well as needs of the chief data officer, as well as the needs of chief compliance, or chief privacy officer as well.”
The core features include the following:
1.) Discover and classify sensitive information inside of a database since every single time you venture into a “How am I going to secure my data discussion” with the business, the first question always is: “Well, what data needs to be secured, and where is it?”
To help with this, ALTR wanted to offer a low-cost, low-friction way to identify sensitive information inside of structure databases and they offer that today through a SaaS platform for a number of database platforms like Microsoft SQL, MySQL, Snowflake, Red Shift, etc.
2.) ALTR then offers the ability to track, trace, and alert in real-time when sensitive data access happens. And a lot of times, businesses just want to know when certain types of data access are occurring. Doing this in real time is a critical capability that ALTR has.
Being able to alert a business directly to its security operation center (SOC) or its privacy operation center is something that is unique to ALTR. So, within one or 2 seconds of particular data access occurring, ALTR can generate an alert and send it to the business. That alert includes full response capabilities, including the ability to click a button and say, “Stop this query from happening.”
3.) Another core feature of ALTR is the ability to stop access to data in real time. Whether that access was being done via a SQL injection or credential access threat. Or maybe it is just a query that the business does not want that individual user to run.
From those very real-time alerts and messages that ALTR sends, users are able to take action and can set a policy to say if a particular user consumes more than 100 sensitive values per hour. Go ahead and stop them because that seems like too many. ALTR’s patent-issued features around thresholds and rate limiting are very critical to businesses and unique to the ALTR platform.
4.) Lastly, Beecham believes that one of their other core competencies is around at-rest protection or data tokenization. ALTR believes that tokenization is a better solution than encryption for sensitive data protection at rest and in motion.
Encryption has a number of benefits and it works well in a number of places. But Beecham believes that it’s become kind of the duct tape of the security and privacy world and people think that if you need to secure data, just encrypt it.
But as the world has changed to being very analytics-focused, more users need access to more data, and trying to do this in a way that uses encryption is difficult or impossible because you can’t really operate on encrypted data.
ALTR’s tokenization is Level 1 PCI certified so they work with transactional systems with tokenization as well as very large OLAP databases ALTR supports de-tokenizing one value per second and 1 million values per second, all from the same platform, all SaaS-delivered, all with auto-scale, and at a price that the other vendors cannot compete with.
Evolution Of ALTR’s Technology
How has ALTR’s technology evolved since launching?
“The fundamental technology has stayed relatively steady in that we’ve continued to focus on low latency/secure delivery of data. What has evolved are the ways in which we integrate that into a customer’s application or into a customer’s business. We’ve learned through many years that every business is different,” Beecham explained. “Even though they might all have the same database type, how they use that database, how it’s configured, and how their user roles and hierarchies are structured are all very different. So, we’ve evolved the flexibility of integration points by providing many different ways to embed our feature set into a customer’s platform, whether that be via database drivers, API calls to cloud services, network-based proxies for commercial off-the-shelf proxies, or adapting to the cloud data warehouse by embedding logic natively using their extensibility features. We want to make it very easy for users to consume our differentiated features.”
What have been some of ALTR’s biggest milestones? Beecham cited that the company is continuing to see the rate at which their ideas are granted patents by the US Patent Office has been a “very exciting experience.” And when they got the first five patents, they were really excited, and then they got the first 10, then the first 20, then the first 30, and so on. Those major milestones proved that the ideas that they were working on were novel and investors were happy to see that they were creating differentiated technologies.
Another achievement was receiving Level 1 PCI compliance within 30 days for their customer Q2 eBanking without having to change anything about their stack, which was a testament to how their engineers work and how their compliance-first mindset has been very critical and important.
“Whenever we get an inbound inquiry from strategics who wish to invest or who are interested in purchasing the company is very gratifying. Somebody wanting to give you a lot of money for your ideas and your hard work is always a good milestone to hit, and ALTR has achieved a few of those in the past couple of years,” Beecham reflected. “There are also industry awards that we received, and when our customer Q2 utilized our solution and won the CSO50 award for TrustView, that was very exciting for us.”
Finally, on a talent development note, seeing people who used to be ALTR interns now leading entire engineering teams or office managers working their way to running an agile development team has been a big achievement for ALTR. ALTR is a technology company, but technology isn’t what’s important; It’s the people that are important because it is the people who make the technology, operate the technology, and run the technology.
Differentiation From The Competition
What differentiates ALTR from the competition? Beecham highlighted the company’s combination of security and governance, SaaS delivery, and focus on a product-led growth model make them unique.
“With the way that people are buying software today, they just want to see something work for them. Being SaaS-delivered and having a free version means that people can very quickly evaluate our software and get to a yes or no very quickly, which is very beneficial for our customers,” Beecham replied. “It also allows us to do unique things like create open-source connectors to other platforms, where our features, whether it be a classification or tokenization, or data masking, can be leveraged with no overhead or blockage. There’s no barrier for somebody using a data catalog or an ETL tool to also use ALTR’s features.”
ALTR is also continuing to out-innovative and outperform the competition. Not only because being SaaS-based enables ALTR to deliver features faster and the engineering team is very focused on delivering features to these areas. But that is because the team is positioned to receive and react to feedback from the market very quickly.
Chris Struttmann emphasizes that with a PLG-type offering, there’s nowhere to hide. When a user uses our software, they get the feedback immediately and can then incorporate that feedback into making a better product.
Future Company Goals
The company’s future goals are to continue to become the single source of truth for how data should be accessed.
“We think that we have the right platform and the right position in the market to be that industry standard, that low-cost, go-to solution that just works every time to solve complicated governance, privacy, security, and compliance needs,” Beecham concluded. “We want to continue to see people speak very highly of our platform and our team because of how well we solve their problems and how focused we are on making the best solution out there. Our goal is to win the long game by winning every day, and if we win every single day, the long game will just play itself out and, in the end, benefit all our customers, employees, and shareholders.”