AJ Jennings, Founder & CEO
With nearly 15 billion data records lost or stolen since 2013, ‘data breach fatigue’ has induced complacency around security. Given the vast number of data breaches taking place, some organizations choose to tune them out whereas the rest (the victims) are absorbed in a probe into the ‘how, who, and why’ details of a particular attack. “Data breach detection is not protection,” begins AJ Jennings, Founder and CEO, ShieldIO. An executive seasoned in storage, software-defined infrastructure, and data security markets, Jennings is well-positioned to speak about the current scenario in the cybersecurity market. “The reality is, instead of focusing on protecting data at the core, cyber security companies are more focused on mitigating a breach once it has occurred. No one is 100 percent focused on locking data down and making it available for use at the same time. This is precisely what ShieldIO brings to the table,” he explains.
Changing the industry narrative, ShieldIO is ushering in a disruptive paradigm shift in encrypted data access. The company has conceived a new method of protecting Private Health Information (PHI), Personal Identifiable Information (PII) and other confidential data, while also making that data available for analytics, enabling organizations to monetize new and previously elusive lines of business. To put things in perspective, Jennings says, “Organizations face a virtual barrage of security solutions, increasing the complexities pertaining to network/ application breaches that are difficult to cope with, while complying with regulations such as CCPA, NYSDFS Cybersecurity and GDPR. Moreover, they are further troubled by an increasing need to decrypt and make data available for analytics purposes. In this scenario, organizations would prefer to lock data down, seal the vault, leave it alone and never let it out. ShieldIO intends to change this notion.” The company stands on a belief that the core focus of security organizations should be on protecting data from the inside out. In doing so, ShieldIO has developed a Secure Data Platform (SDP™) that acts as a layer between the user/application and the back-end data store, encrypting data in use, in transit and at rest, regardless of whether data resideson premise, in the cloud or in a hybrid environment.
The company provides field level security and enables encrypted search and analytics on encrypted data all without decrypting the data, changing the underlying database structure or using a keystore to manage the encrypted access. Contrary to monitoring and detecting anomalies within the system, the firm’s SDP™ zooms in on aspects of removing keystores, encrypting data at rest, in transit and in use in applications and in memory. This enables ShieldIO to protect against internal accidents as well as malicious external threats.
We protect the customer by making it incredibly difficult for hackers to gain access to the data or data base structure with efficient memory management and real-time homomorphic encryption
With ShieldIO SDP™, the data owners can encrypt data and fine-tune the Role Based Access Control (RBAC) needs down to the field and even the subfield level while opening encrypted data for use in existing applications. Thanks to ShieldIO’s keystore-less™ encryption capability, businesses can search and perform SQL analytics functions on encrypted data in real-time with sub-millisecond latency and without use of keystores. It uses an AI engine to manage the encryption process, which mitigates access to data through internal or external keystore exposure. With ShieldIO SDP™, data can be secured and managed without changing the table structure or requiring database view modifications.
The breakthrough ShieldIO SDP™, designed specifically for data-driven industries, brings in real-time homomorphic encryption—“the holy grail of encryption” as Jennings puts it. “We protect the customer by making it incredibly difficult for hackers to gain access to the data or database structure with efficient memory management and real-time homomorphic encryption,” explains Jennings.
Though homomorphic encryption allows running SQL functions without decryption, this technique has been locked into the research centers with limited usability due to high latencies and reliance on a keystore.
At ShieldIO, the team takes homomorphic encryption out of the science lab and deploys it in the data center for real-world applications by eliminating the latencies. They developed an artificial intelligence engine that manages key creation at the subfield level, allowing encryption down to just portions of fields within the database. The keys are created with different algorithms randomized by the AI engine, each call uses a cryptographic key to allocate specific algorithms to develop the content that moves on to being used as a derived key. Leveraging the standard cryptoPP library, the key is then mangled with another cryptographic algorithm. As a result, it eliminates data theft by hacking the keystore and also eliminates the need for software or hardware key management solutions to protect confidential data on-prem or in the cloud.
ShieldIO SDP™ is built with the enterprise customers’ needs in mind. At the core, the platform is structured specifically to allow the company to build purpose directed solutions to solve emerging enterprise security complications. ShieldIO spent nearly two years in stealth mode, developing the platform and working with customers and partners to validate it prior to introducing it into the market. The validation covered a number of criteria, ensuring resiliency of the platform and its ability to be secure and compliant with customers’ everyday use. “In fact, we help organizations comply with data security regulations like GDPR, CCPA, and NYSDFS Cybersecurity rules,” adds Jennings. Moreover, the company’s dedicated engineering team works with partners to solve the changing regulatory issues and provide secure data access for IoT endpoint devices, storage arrays, and document platforms.
At ShieldIO, the team continues to innovate. Jennings expects 2019 to be a year in which ShieldIO will sustain its most loyal customers—the ones who have been using ShieldIO data security solutions without interruption—and win over new customers. “With support from funding partners, we plan to expand our sales and marketing efforts by hiring heavily on sales engineering and account executives, as well as adding new partners, while enhancing our cloud analytics and storage security capabilities,” concludes Jennings.