Companies (and VCs) spend billions of dollars on cybersecurity, but primarily focus on protecting infrastructure or endpoints. That’s not always the right approach in a world where — thanks to the pandemic — data is increasingly distributed across clouds, software-as-a-service apps, and storage systems. According to one 2021 survey, 61% of security leaders in the enterprise believed their cybersecurity teams to be understaffed.
“Businesses and government agencies are looking for a new approach to keep their data safe regardless of where it is, especially in the cloud,” Ambuj Kumar told TC via email. He’s CEO and co-founder of Fortanix, which aims to decouple security from network infrastructure to keep data secure even when the infrastructure has been compromised. “They require protection of their sensitive and regulated data, throughout its life cycle — at rest, in motion and in use.”
Kumar, being something of a salesman, posits that Fortanix is one of the more holistic solutions to the growing challenge of data security. Some investors agree. Fortanix today closed a $90 million Series C funding round led by Goldman Sachs Growth Equity with participation from Giantleap Capital, Foundation Capital, Intel Capital, Neotribe Ventures and In-Q-Tel (the nonprofit strategic investor for the U.S. intelligence community) that brings its total raised to $122 million, which Kumar says will be primarily used to expand sales and marketing operations and open new offices in Eindhoven, the Netherlands.
“Amid broader market slowdown, the growth rounds have considerably slowed down. At the same time, investors have lots of dry powder and companies with strong revenue profile and profitable business model attract lots of attention,” Kumar said. “We are lucky to be one such company. History shows that great companies get built amid difficult economic climate as competitors don’t get funded, talent becomes more available, and customers consolidate towards stronger products.”
Kumar founded Fortanix alongside Anand Kashyap in 2016. Kumar was previously a hardware design lead at Nvidia and the chief architect at Rambus’ cryptography division. Kashyap was a principal security researcher at Symantec before becoming a staff engineer at VMware.
Fortanix sells access to software that secures data across public, hybrid, multicloud, and private cloud environments and encrypts databases, as well as manages app secrets (e.g., usernames and passwords) both in the cloud and on-premises. In addition to cryptographic services, Fortanix also provides confidential computing, a cloud computing technology that isolates sensitive data in an encrypted CPU enclave during processing so that the contents of the enclave are accessible only to authorized programming code.
Fortanix’s confidential computing technology is built on Intel’s well-established SGX platform. The hardware-based security technology uses trusted hardware within the CPU to create the aforementioned enclave, allowing, for example, data teams in regulated industries like financial services and healthcare to use private data while preserving anonymity.
Driven by those sorts of use cases, at least one firm anticipates that the confidential computing market will be worth $54 billion by 2026. The adoption of confidential computing technologies has indeed accelerated in recent years, with tech companies such as Intel, Google, Microsoft, Arm, and Red Hat founding an organization — the Confidential Computing Consortium — to advance data protection standards. Startups with rival confidential computing solutions include Opaque Systems, Edgeless Systems and Decentriq.
“To better protect sensitive data, it’s helpful to think about it in the multiple dimensions of the life cycle — i.e., when it is at rest, in transit or in use,” Kumar continued. “Often, the third dimension, when data is in use, is overlooked because of inadequate safeguard mechanisms or a false notion of security. Several recent, severe malware attacks have happened at the in-use state, including the Triton attack and the Ukraine power grid attack. [Fortanix’s] technology protects applications and the sensitive data ‘in use’ from unauthorized access and tampering when it is highly vulnerable, extending the security already in place for data at rest and in motion across the network.”
Fortanix claims to have more than 125 customers globally, including Adidas, Google, PayPal, GE Healthcare, the U.S. Department of Justice and the Centers for Disease Control and Prevention. Partners include Elastx and Alibaba Cloud, which run Fortanix’s key management service on their platforms, and Equinix, which taps Fortanix to power its bespoke security service. IBM Cloud is another sometime collaborator — it teamed up with Fortanix on a service that protects data in use.
“In most cases, our main job becomes convincing customers that it’s not enough just to try to keep their network secure, and educate them on the benefits of data-first security. In a minority of the cases, we compete against legacy data security vendors like Thales and HashiCorp,” Kumar added.
Kumar declined to reveal revenue figures when asked. But he assured me that Fortanix continues to grow, with plans to increase its 225-person headcount by 50% in the next year.
“We are certainly sensitive to the macroeconomic conditions. However, data security and privacy are top of mind for businesses globally, and we continue to see a strong requirement for our offerings,” Kumar said.