CipherStash is a company that lets you apply access control directly to your data with encryption-in-use that works everywhere, from SQL to Spreadsheet. Pulse 2.0 interviewed CipherStash CEO and founder Dan Draper to learn more about the company.
Dan Draper’s Background
Draper is a software engineer at his core and he started writing code in 1994. Draper said:
“Technology has always driven my passions but as I’ve grown older my attentions have turned to how to make technology safer to use, particularly when it comes to data security.”
“I have a degree in engineering but caught the startup bug pretty early. The idea of working for someone else just didn’t appeal! A friend and I started our first business when we were 22 years old. The business was mildly successful but in hindsight, our lack of experience prevented it from being much more than it was.”
“After that I decided to go and work for other founders, so I could better understand what makes a company successful. I’ve since worked in senior leadership positions in several startup and scale-up businesses in Australia and the US.”
“I also spent time at the Australian Government’s Digital Transformation Agency, where we coached public servants on effective digital service delivery. It was there that I began to appreciate the complexities and unique challenges of data security.”
Formation Of CipherStash
How did the idea for CipherStash come together? Draper shared:
“Back in 2017, after I left the DTA, I worked for a startup who sold a SaaS platform to large multinational corporations. Sales were getting stuck in the vendor assessment process because it was hard for a small company to meet the data security requirements of very large companies.”
“I had recently developed an interest in Cryptography and in particular, the emerging field of searchable encryption and its exciting applications in data security. Motivated by the pain of corporate vendor assessments, I learned as much as I could about the technology. I even undertook additional study through Stanford’s graduate course in Cryptography.”
“I spent the next several years reading papers, experimenting and fully immersing myself in the world of searchable encryption until in 2020 I decided to take the plunge and start CipherStash. I’d since moved into the CTO role at a healthtech which further boosted my bullishness on the need for better data protection technology. And having progressed the technology to a point where it could be demonstrated, I was ready.”
Challenges Faced
What challenges has Draper faced in building the company? Draper acknowledged:
“We are solving genuinely hard problems. The cryptography and underlying research is hard enough but how to apply the principles to current database technology is equally challenging.”
“We initially started by creating a brand new kind of database: one that uses encryption at all times to keep data safe. The problem was that selling a new database in an already crowded market was virtually impossible. People don’t like changing databases. It’s like replacing the concrete foundations in a skyscraper – it can be done but you’d better have a very good reason.”
“We knew we needed to find a way to apply the tech to existing popular databases like PostgreSQL. The problem was that to do that required heavy customization, and this would have ruled out compatibility with database offerings from the major cloud vendors.”
“The breakthrough came late in 2022 when we finally managed to work around the limitations using some clever cryptography and some very old tech that’s built into all major databases, stored procedures.”
“Funnily enough, two of the biggest challenges faced by startups: hiring and raising capital, haven’t really been big issues for us so far. Great engineers are attracted to the problem space, and we often get high-caliber people approaching us looking for roles. Investors are excited about what we are building too. They can see that if we pull this off it will be a huge business.”
Core Products
What are the company’s core products and features? Draper explained:
“CipherStash stops the leading cause of data breaches: compromised employee accounts with excessive data access permissions.”
“Our unique encryption-in-use technology protects data across the entire lifecycle – not just at rest – and limits data access only to what’s actually needed to provide great experiences and get things done.”
“Combining sophisticated logging and authentication checks, CipherStash gives businesses the capability to detect suspicious data access and rapidly lock down attempted breaches at unprecedented speed.”
“The CipherStash Data Governance platform comprises several products:
StashProxy: Encryption-in-Use for any Database
A tool that adds searchable encryption to an existing database in minutes. It requires no changes to existing applications or clients. StashProxy significantly improves security by ensuring any sensitive data is encrypted.
StashProxy integrates with popular identity solutions like Auth0 and Okta to enforce strict access controls directly at the data-layer. StashProxy supports PostgreSQL with support for Microsoft SQL Server, Snowflake and MySQL coming later this year.
ZeroKey: High-performance next-gen key management
The best encryption is useless without secure key management. ZeroKey makes key management easy while providing significantly better performance than existing cloud-based solutions. ZeroKey can perform encryptions at over 10,000 records per second (over 10x faster than Amazon KMS using comparable settings).
ZeroKey also provides better security for modern workloads. It uses an innovative dual key system which means no single key is ever visible to clients or cloud providers. This means the breach of any one system cannot result in leaked data. This distributed trust approach means ZeroKey can work safely where traditional solutions cannot: web browsers, mobile devices, edge workers and even directly in an Excel spreadsheet.
Excel Addon
Data never stays in a database. In virtually every organization, data spreads to warehouses, analytics tools and eventually a spreadsheet on someone’s laptop. With CipherStash encryption-in-use, data remains encrypted at every step of the way.
Now, with the CipherStash Addon for Excel, authorized users can decrypt the data they need, directly within the spreadsheet. This lowers security risk without affecting productivity.
Command (coming soon)
The CipherStash Command dashboard is the command center for data security teams. It provides detailed logs of every access to every record, across the organization.
Evolution Of CipherStash’s Technology
How has the company’s technology evolved since launching? Draper noted:
“While initially, we were focused solely on the core encryption technology, we’ve since broadened our remit to include key management, advanced logging and reporting, policy management and support for as many databases and warehouses as possible!”
“We also realized that there is significant interest in using our technology in other security products and so we will be soon making it available via an SDK.”
Significant Milestones
What have been some of the company’s most significant milestones? Draper cited:
“We’ve several major rounds of funding totaling just $11 million. The most recent of which was just closed and will be announced in the next few weeks.”
“The breakthrough we had last year, in which we worked out how to apply our technology to existing cloud-managed databases, was significant from a product perspective!”
Differentiation From The competition
What differentiates the company from its competition? Draper affirmed:
“CipherStash provides protection directly to data itself, not just the system or application in which it’s stored. That means when traditional access controls fail (or were not in place to begin with!), data is still protected.”
“Traditional encryption is notoriously hard to implement and scale. Our tech just works and can scale to Terabytes of data with ease.”
Additional Thoughts
Any other topics you to discuss? Draper concluded:
“One other point I want to make is how data breaches occur and why CipherStash is well positioned to prevent them.”
“According to the Ponemon Institute, over 90% of data breaches involve the ‘human factor.’ In practice, this means either an attacker has compromised an individual employee or an employee themselves is acting maliciously. Additionally, 70% of US staff have access to more data than they should so when an employee is compromised, the attacker usually has access to data.”
“Complicating this problem is the fact that it is very difficult to tell when access is made by a legitimate user account acting on their own behalf, or a legitimate user account that has been compromised!”
“CipherStash solves this challenge by addressing two fundamentals:
– We make it simple to lock data down (only people who need access)
– We can guarantee that every access is recorded and by whom
Our Command product uses what we call “Identity Centric Threat Detection” which identifies behavior that is unusual for a specific individual, not just generally making threats much easier to identify and stop.”
