Companies (i.e VCs) spend billions of dollars on cybersecurity, but mainly focus on protecting infrastructure or endpoints. This is not always the right approach in a world where – thanks to the pandemic – data is increasingly distributed across clouds, software-as-a-service applications and storage systems. According to according to a 2021 survey, 61% of enterprise security leaders believe their cybersecurity teams are understaffed.
“Businesses and government agencies are looking for a new approach to keep their data safe no matter where it resides, especially in the cloud,” Ambuj Kumar told TechCrunch via email. He is the CEO and co-founder of Fortanix, which aims to separate security from the network infrastructure to keep data secure even when the infrastructure has been compromised. “They require protection of their sensitive and regulated data throughout its lifecycle – at rest, in motion and in use.”
Kumar, who is something of a marketer, argues that Fortanix is one of the more holistic solutions to the growing challenge of data security. Some investors agree. Fortanix today closed a $90 million Series C funding round led by Goldman Sachs Growth Equity with participation from Giantleap Capital, Foundation Capital, Intel Capital, Neotribe Ventures and In-Q-Tel (the non-profit strategic investor for the US intelligence community), which brings the total has grown to $122 million, which Kumar says will be used primarily to expand sales and marketing operations and open new offices in Eindhoven, Netherlands.
“Amid the broader market slowdown, growth cycles have slowed significantly. At the same time, investors have a lot of freedom and companies with a strong revenue profile and profitable business model attract a lot of attention,” Kumar said. “We are lucky to be such a company. History shows that great companies are built in difficult economic climates as competitors lose funding, talent becomes more available, and customers consolidate into stronger products.”
Kumar co-founded Fortanix with Anand Kashyap in 2016. Prior to that, Kumar was head of hardware design at Nvidia and chief architect in the cryptography division of Rambus. Kashyap was a principal security researcher at Symantec before becoming an engineer at VMware.
Fortanix sells access to software that protects data in public, hybrid, multi-cloud and private cloud environments and encrypts databases and manages application secrets (eg usernames and passwords) both in the cloud and on-premise. In addition to cryptographic services, Fortanix also provides confidential computing, a cloud computing technology that isolates sensitive data in an encrypted CPU enclave during processing so that the contents of the enclave are accessible only to authorized program code.
Fortanix’s proprietary computing technology is built on Intel’s proven SGX platform. Hardware-based security technology uses trusted hardware within the processor to create the aforementioned enclave, allowing, for example, data teams in regulated industries such as financial services and healthcare to use personal data while maintaining anonymity.
Driven by these types of use cases, at least one company expects that confidential computer market will be worth $54 billion by 2026. Adoption of confidential computing technology has really accelerated in recent years, with tech companies such as Intel, Google, Microsoft, Arm and Red Hat founding an organization – the Confidential Computing Consortium – to improve data protection standards. Startup companies with competing confidential computing solutions include Opaque systemsEdgeless Systems and Decentriq.
“To better protect sensitive data, it’s helpful to think about it in the multiple dimensions of its lifecycle—that is, when it’s at rest, in transit, or in use,” Kumar continued. “Often the third dimension, when data is used, is overlooked due to inadequate safeguards or a false perception of security. Several recent severe malicious attacks have occurred in the state of use, including the Triton attack and the attack on Ukraine’s power grid. [Fortanix’s] the technology protects applications and sensitive data “in use” from unauthorized access and tampering when they are highly vulnerable, extending existing security for data at rest and in motion across the network.
Fortanix claims to have more than 125 customers worldwide, including Adidas, Google, PayPal, GE Healthcare, the US Department of Justice and the Centers for Disease Control and Prevention. Partners include Elastx and Alibaba Cloud, which run Fortanix’s key management service on their platforms, and Equinix, which uses Fortanix to power its custom security service. IBM Cloud is another occasional collaborator – it has teamed up with Fortanix on a service that protects the data in use.
“In most cases, our main job becomes convincing customers that it’s not enough to simply try to keep their network secure and educate them about the benefits of data-first security.” In a small number of cases, we compete with legacy security data providers such as Thales and HashiCorp,” Kumar added.
Kumar declined to disclose revenue figures when asked. But he assured me that Fortanix continues to grow, with plans to increase its 225-person staff by 50% next year.
“We are certainly sensitive to macroeconomic conditions. However, data security and privacy are paramount for businesses globally and we continue to see strong demands for our offerings,” said Kumar.