Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Security Management

9/28/2017
03:35 PM
Simon Marshall
Simon Marshall
Simon Marshall
50%
50%

Fortanix Has Series A Funding for Run-Time Encryption

Fortanix has introduced new technology for run-time encryption to protect sensitive data.

Private data can be protected when it's at rest. It can be protected when it's in transit. But what about when it's being accessed by applications?

Run-time encryption is a solution to this problem, and it's the latest technology to emerge in cloud-based security. Essentially, it is aimed at protecting applications and data during use and computation. The clever part of this is that it allows general computation tasks to be executed on encrypted data.

At the moment, such tasks end with the data being decrypted and it is at that moment that hackers can swoop in and exploit this as a weakness that offers up control over free private data. "Without run-time encryption, once the hacker gets inside, the game is over," Ambuj Kumar, CEO and co-founder of Fortanix, told SecurityNow, "They take control of the data immediately, and can either analyze it there and then or send it to a remote server for analysis."

In short, the data then belongs to them and can't be accessed any more by the host target. The answer of course is not to make sensitive data available to any untrusted operating systems, root users, cloud providers or insiders in the first place.

"We set out to create a means to protect applications directly, regardless of the trustworthiness of the computing infrastructure," said Kumar. Welcome to an era of securing data-in-use. Kumar -- previously chief architect at Cryptography Research and Anand Kashyap, CTO and co-founder, formerly an engineer at Symantec and VMWare -- spotted this weakness, and in 2016, and the company was born.

Fortanix exemplifies the new security paradigm of accepting that at some point, systems will be hacked: it's no longer good enough to try and hold the perimeter. It's a case of not if, but when. As hackers break into a server, they may have penetrated security to get there, but the data with run-time encryption is still scrambled and therefore unreadable. It's a technology which natrually comes into its own when it provides the security for applications which are in the cloud.

Kumar believes the run-time encryption concept could apply to many other systems and applications where this functionality would be a plus. Currently, Fortanix leads with a product it launched last week called SDKMS (Self-Defending Key Management Service), which is its application of run-time encryption that the firm holds pending patents to. Kumar says it has emerged from beta and is now under limited GA since his company is still developing the sales resources to serve the apparent demand. SDKMS is a key management service, based in the cloud, which the company claims is the first one to be Intel SGX-based, offering data enclaves, the protected areas of execution in memory.


Want to learn more about how LTE-A Pro and Gigabit LTE will impact the 5G market? Join us in San Francisco for LTE Advanced Pro and Gigabit LTE: The Path to 5G event -- a free breakfast collocated at Mobile World Congress Americas with a keynote address by Sprint's COO Günther Ottendorfer.

"Our key market is the financial properties because they have important data to protect, and they can afford new systems," jokes Kumar. Included too is the government sector, because it holds state secrets but importantly is the target for the most advanced hackers.

Fortanix has to date taken two rounds of funding, one a seed round from an undisclosed source, the other -- closed in early June -- a series A round for $8 million from Foundation Capital and NeoTribe Ventures. Fortanix' first two publicly announced customers are Lending Club and IBM.

It's a brand-new technology, so was it hard to convey the technical aspects to potential investors? What was the VC community's reaction to Fortanix?

"Initially, no one understood," said Kumar. "Many folks in the VC community claim to find funding for technologies with new angles. Most of them understand the money, but not technology."

Related posts:

— Simon Marshall, Technology Journalist, special to Security Now

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
NSA Appoints Rob Joyce as Cyber Director
Dark Reading Staff 1/15/2021
Vulnerability Management Has a Data Problem
Tal Morgenstern, Co-Founder & Chief Product Officer, Vulcan Cyber,  1/14/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This is not what I meant by "I would like to share some desk space"
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-1067
PUBLISHED: 2021-01-20
NVIDIA SHIELD TV, all versions prior to 8.2.2, contains a vulnerability in the implementation of the RPMB command status, in which an attacker can write to the Write Protect Configuration Block, which may lead to denial of service or escalation of privileges.
CVE-2021-1068
PUBLISHED: 2021-01-20
NVIDIA SHIELD TV, all versions prior to 8.2.2, contains a vulnerability in the NVDEC component, in which an attacker can read from or write to a memory location that is outside the intended boundary of the buffer, which may lead to denial of service or escalation of privileges.
CVE-2021-1069
PUBLISHED: 2021-01-20
NVIDIA SHIELD TV, all versions prior to 8.2.2, contains a vulnerability in the NVHost function, which may lead to abnormal reboot due to a null pointer reference, causing data loss.
CVE-2020-26252
PUBLISHED: 2021-01-20
OpenMage is a community-driven alternative to Magento CE. In OpenMage before versions 19.4.10 and 20.0.6, there is a vulnerability which enables remote code execution. In affected versions an administrator with permission to update product data to be able to store an executable file on the server ...
CVE-2020-26278
PUBLISHED: 2021-01-20
Weave Net is open source software which creates a virtual network that connects Docker containers across multiple hosts and enables their automatic discovery. Weave Net before version 2.8.0 has a vulnerability in which can allow an attacker to take over any host in the cluster. Weave Net is suppli...