(upbeat music) >> Man: We're good. >> Hey everyone. Welcome back to theCube's live coverage of AWS Summit NYC. We're in New York City, been here all day. Lisa Martin, John Furrier, talking with AWS partners ecosystem folks, customers, AWS folks, you name it. Next up, one of our alumni, rejoins us. Please welcome Anshu Sharma the co-founder and CEO of Skyflow. Anshu great to have you back on theCube. >> Likewise, I'm excited to be back. >> So I love how you guys founded this company. Your inspiration was the zero trust data privacy vault pioneered by two of our favorites, Apple and Netflix. You started with a simple question. What if privacy had an API? So you built a data privacy vault delivered as an API. Talk to us, and it's only in the last three and a half years. Talk to us about a data privacy vault and what's so unique about it. >> Sure. I think if you think about all the key challenges we are seeing in our personal lives when we are dealing with technology companies a lot of anxiety is around what happens to my data, right? If you want to go to a pharmacy they want to know not just your health ID number but they want to know your social security number your credit card number, your phone number and all of that information is actually useful because they need to be able to engage with you. And it's true for hospitals, health systems. It's true for your bank. It's true for pretty much anybody you do business with even an event like this. But then question that keeps coming up is where does this data go? And how is it protected? And the state of the art here has always been to keep kind of, keep it protected when it's in storage but almost all the breaches, all the hacks happen not because you've steal somebody's disc, but because someone enters through an API or a portal. So the question we asked was we've been building different shapes of containers for different types of data. You don't store your logs in a data warehouse. You don't store your analytical data in a regular RDBMS. Similarly, you don't store your passwords and usernames you store them in identity systems. So if PI is so special why isn't it a container that's used for storing PII? So that's how the idea of Pii.World came up. >> So you guys just got a recent funding, a series B financing which means for the folks out there that don't know the inside baseball, must people do, means you're doing well. It's hard to get that round of funding means you're up and growing to the right. What's the differentiator? Why are you guys so successful? Why the investment growth, what's the momentum driver? >> So I think in some ways we took one of the most complex problems, data privacy, like half the people can't even describe like, does data privacy mean like I have to be GDPR compliant or does it actually mean I'm protecting the data? So you have multiple stakeholders in any company. If you're a pharma company, you may have a chief privacy officer, a data officer, this officer, that officer, and all of these people were talking and the answer was buy more tools. So if you look around behind our back, there's probably dozens of companies out there. One protecting data in an API call another protecting data in a database, another one data warehouse. But as a CEO, CTO, I want to know what happens to my social security number from a customer end to end. So we said, if you can radically simplify the whole thing and the key insight was you can simplify it by actually isolating and protecting this data. And this architecture evolved on its own at companies like Apple and other places, but it takes dozens of engineers for those companies to build it out. So we like, well, the pattern will makes sense. It logically kind is just common sense. So instead of selling dozens of tools, we can just give you a very simple product, which is like one API call, you know, protect this data... >> So like Stripe is for a plugin for a financial transaction you plug it into the app, similar dynamic here, right? >> Exactly. So it's Stripe for payments, Twilio for Telephony. We have API for everything, but if you have social security numbers or pan numbers you still are like relying on DIY. So I think what differentiated us and attracted the investors was, if this works, >> It's huge. every company needs it. >> Well, that's the integration has become the key thing. I got to ask you because you mentioned GDPR and all the complexities around the laws and the different regulations. That could be a real blocker in a wet blanket for innovation. >> Anshu: Yes. >> And with the market we're seeing here at, at your Summit New York, small event. 10,000 people, more people here than were at Snowflake Summit as an example. And they're the hottest company in data. So this small little New York event is proven that that world is growing. So why should this wet blanket, these rules slow it down? How do you balance it? 'Cause that's a concern. If you checking all the boxes you're never actually building anything. >> So, you know, we just ran into a couple of customers who still are struggling with moving from the data center to AWS Cloud. Now the fact that here means they want to but something is holding them back. I also met the AI team of Amazon. They're doing some amazing work and they're like, the biggest hindrance for them is making customers feel safe when they do the machine learning. Because now you're opening up the data sets to more people. And in all of those cases your innovation basically stops because CSO is like, look you can't put PII in the cloud unprotected. And with the vault architecture we call it privacy by architecture. So there's a term called privacy by design. I'm like what the, is privacy by design, right? >> John: It's an architecture. (John laughing) >> But if you are an architecture and a developer like me I was like, I know what architecture is. I don't know what privacy by design is. >> So you guys are basically have that architecture by design which means foundational based services. So you're providing that as a service. So other people don't have to build the complex. >> Anshu: Exactly. >> You know that you will be Apple's backend team to build that privacy with you you get all that benefit. >> Exactly. And traditionally, people have had to make compromises. If you encrypt the data and secure it, then you can't use it. Using a proprietary polymorphic encryption technology you can actually have your cake and eat it to. So what that means for customers is, if you want to protect data in Snowflake or REDshare, use Skyflow with it. We have integrations to databases, to data lakes, all the common workflow tools. >> Can you give us a customer example that you think really articulates the value of what Skyflow is delivering? >> Well, I'll give you two examples. One in the FinTech space, one in the health space. So in the FinTech space this is a company called Nomi Health. They're a large payments processor for the health insurance market. And funnily enough, their CTO actually came from Goldman Sachs. He actually built apple card. (John laughing) Right? That if we all have in our phones. And he saw our product and he's like, for my new company, I'm going to just use you guys because I don't want to go hire 20 engineers. So for them, we had a HIPAA compliant environment a PCI compliant environment, SOC 2 compliant environment. And he can sleep better at night because he doesn't have to worry what is my engineer in Poland or Ukraine doing right now? I have a vault. I have rules set up. I can audit it. Everything is logged. Similarly for Science 37, they run clinical trials globally. They wanted to solve data residency. So for them the problem was, how do I run one common global instance? When the rules say you have to break everything up and that's very expensive. >> And so I love this. I'm a customer. For them a customer. I love it. You had me at hello, API integration. I love it. How much does it cost? What's it going to cost me? How do I need to think about my operationalizing? 'Cause I know with an API, I can do that. Am I paying by the usage, by the drink? How do I figure out? >> So we have programs for startups where it's really really inexpensive. We get them credits. And then for enterprises, we basically have a platform fee. And then based on the amount of data PII, we charge them. We don't nickel and dime the customers. We don't like the usage based model because, you don't know how many times you're going to hit an API. So we usually just based on the number of customer records that you have and you can hit them as many time as you want. There's no API limits. >> So unlimited record based. >> Exactly. that's your variable. >> Exactly. We think about you buying odd zero, for example, for authentication you pay them by the number of active users you have. So something similar. >> So you run on AWS, but you just announced a couple of new GTM partners, MuleSoft and plan. Can you talk to us about, start with MuleSoft? What are you doing and why? And the same with VLA? >> Sure. I mean, MuleSoft was very interesting customers who were adopting our products at, you know, we are buying this product for our new applications but what about our legacy code? We can't go in there and add APIs there. So the simplest way to do integration in the legacy world is to use an integration broker. So that's where MuleSoft integration came out and we announced that. It's a logical place for you to swap out real social security numbers with, you know, fake ones. And then we also announced a partnership with SnowFlake, same thing. I think every workload as it's moving to the cloud needs some kind of data protection with it. So I think going forward we are going to be announcing even more partnerships. So you can imagine all the places you're storing PII today whether it's in a call center solution or analytics solution, there's a PII story there. >> Talk about the integration aspect because I love the momentum. I get everything makes secure the customers all these environments, integrations are super important to plug into. And then how do I essentially operate you on my side? Do I import the records? How do you connect to my environment in my databases? >> So it's really, really easy when you encrypt the data and use Skyflow wall, we create what is called a format preserving token, which is essentially replacing a social security number with something that looks like an SSN but it's not. So that there's no schema changes involved. You just have to do that one time swap over and then in terms of integrations, most of these integrations are prebuilt. So Snowflake integration is prebuilt. MuleSoft integration is prebuilt. We're going to announce some new ones. So the goal is for off the table in platforms like Snowflake and MuleSoft, we prebuilt all the integrations. You can build your own. It takes about like a day. And then in terms of data import basically it's the same standard process that you would use with any other data store. >> Got to ask you about data breaches. Obviously the numbers in 2021 were huge. We're seeing so much change in the cyber security landscape ransomware becoming a household word, a matter of when but not if... How does Skyflow help organizations protect themselves or reduce the number of breaches so that they are not the next headline? >> You know, the funny thing about breaches is again and again, we see people doing the same mistakes, right? So Equifax had a breach four years ago where a customer portal, you know, no customer support rep should have access to a 100 million people's data. Like is that customer agent really accessing 100 million? But because we've been using legacy security tools they either give you access or don't give you access. And that's not how it's going to work. Because if I'm going to engage with the pharmacy and airline they need to be able to use my data in multiple different places. So you need to have fine grain controls around it. So I think the reason we keep getting breaches is cybersecurity industry is selling, 10s of billions of dollars worth of tools in the name of security but they cannot be applied at a fine grain level enough. I can't say things like for my call center agent that's living in Phoenix, Arizona they can only verify last four digits, but the same call center worker in Philippines can't even see that. So how do you get all that granular control in place? Is really why we keep seeing data breaches. So the Equifax breach, the Shopify breach the Twitter breaches, they're all the same. Like again and again, it's either an inside person or an external person who's gotten in. And once you're in and this is the whole idea of zero trust as you know. Once you're in, you can access all the data. Zero trust means that you don't assume that you actually isolate PII separately. >> A lot of the cybersecurity issues as you were talking about, are people based. Somebody clicking on something or gaining access. And I always talk to security experts about how do you control for the people aspect besides training, awareness, education. Is Skyflow a facilitator of that in a way that we haven't seen before? >> Yeah. So I think what ends up happening is, people even after they have breaches, they will lock down the system that had the breach, but then they have the same data sitting in a partner database, maybe a customer database maybe a billing system. So by centralizing and isolating PII in one system you can then post roles based access control rules. You can put limitations around it. But if you try to do that across hundreds of DS bases, you're just not going to be able to do it because it's basically just literally impossible, so... >> My final question for you is on, for me is you're here at AWS Summits, 10,000 people like I said. More people here than some big events and we're just in New York city. Okay. You actually work with AWS. What's next for you guys as you got the fresh funding, you guys looking for more talent, what's your next mountain you're going to climb? Tell us what's next for the company. Share your vision, put a plug in for the company. >> Well, it's actually very simple. Today we actually announced that we have a new chief revenue officer who's joining us. Tammy, she's joined us from LaunchDarkly which is it grew from like, you know, single digits to like over nine digits in revenue. And the reason she's joining Skyflow is because she sees the same inflection point hitting us. And for us that means more marketing, more sales, more growth in more geographies and more partnerships. And we think there's never been a better time to solve privacy. Literally everything that we deal with even things like rove evade issues eventually ties back into a issue around privacy. >> Lisa: Yes. >> AWS gets the model API, you know, come on, right? That's their model. >> Exactly. So I think if you look at the largest best companies that have been built in the last 20 years they took something that should have been simple but was not. There used to be Avayas of the world, selling Telephony intel, Twilio came and said, look an API. And we are trying to do the same to the entire security compliance and privacy industry is to narrow the problem down and solve it once. >> (indistinct) have it. We're going to get theCube API. (Lisa laughing) That's what we're going to do. All right. >> Thank you so much. >> Awesome. Anshu, thank you for joining us, talking to us about what's new at Skyflow. It sounds like you got that big funding investment. Probably lots of strategic innovation about to happen. So you'll have to come back in a few months and maybe at next reinvent in six months and tell us what's new, what's going on. >> Last theCube interview was very well received. People really like the kind of questions you guys asked. So I love this show and I think... >> It's great when you're a star like you, you got good market, great team, smart. I mean, look at this. I mean, what slow down are we talking about here? >> Yeah. I don't see... >> There is no slow down on the enterprise. >> Privacy's hot and it's incredibly important and we're only going to be seeing more and more of it. >> You can talk to any CIO, CSO, CTO or the board and they will tell you there is no limit to the budget they have for solving the core privacy issues. We love that. >> John: So you want to move on to building? >> Lisa: Obviously that must make you smile. >> John: You solved a big problem. >> Thank you. >> Awesome. Anshu, thank you again. Congrats on the momentum and we'll see you next time and hear more on the evolution of Skyflow. Thank you for your time. >> Thank you. >> For John furrier, I'm Lisa Martin. You're watching theCube live from New York City at AWS Summit NYC 22. We'll be right back with our next guest. So stick around. (upbeat music)

(bright upbeat music) >> Hello everyone. And we're back at AWS Re:Invent. You're watching theCUBE and we're here, day two. Actually we started Monday night and we got wall-to-wall coverage. We going all the way through Thursday, myself. I'm Dave Volante with the co-host, David Nicholson. Lisa Martin is also here. Of course, John Furrier. Partners, technologists, customers, the whole ecosystem. It's good to be back in the live event. Of course we have hybrid event as well a lot of people watching online. Anshu Sharma is here. He is the co-founder and CEO of Skyflow, new type of privacy company, really interested in this topic. Great to see you. Thanks for coming on. >> Thank you, thanks for bringing me here. >> It's timely, you know. Privacy, security, they're kind of two sides of the same coin. >> Yes. >> Why did you found Skyflow? >> Well, the idea for Skyflow really comes from my background in some ways. I spent my first nine years at Oracle, six years at Salesforce. And whether we were building databases or CRM products, customers would come to us and say, "Hey, you know, I have this very different type of data. It's things like social security numbers, frequent flyer card numbers, card numbers. You know, can you secure it better? Can you help me manage things like GDPR?" And to be honest, there was never a clear answer. There's a lot of technology solutions out there that do one thing at a time, you can walk around the booths here, there's like a hundred companies. And if you use all those hundred things correctly, maybe you could go tell your board that maybe a social security number is not going to be lost anymore. And I was like, "You know, we've simplified everything else. Why is it so hard to protect my social security number? It should be easy. It should be as easy as using Stripe or Twilio." And this idea just never went away and kept coming back till a few years ago, we learned about the Facebook privacy challenges, the Equifax challenges. And I was like, boy, it's the time. It's time to go do it now. >> You started the company in 2019. Right? >> Yes. >> I mean, your timing was pretty good, right? So what are the big sort of Uber trends that you're seeing? Obviously GDPR, the California Consumer Privacy Act. I heard this morning. Did you hear this? That like, if you post a picture on social media now without somebody's permission, you're now violating their privacy. It's like, you can see the smiles on Anshu's face. >> Its like every week, we're like every week, there's a new story that could be like, well, Skyflow. The new story is the question, the answer is Skyflow. But honestly I think what's happened is, the issue is put very simple. You know all we're trying to do is protect people's social security numbers, phone numbers, credit card numbers, things we hold dear. At the same time, it's complex. Like what does it mean to protect your social security number let's say? Does that mean I don't get to use it for filing your taxes? Well, I need your credit card number to process a payment. And we were like, this is just too complicated. Why, how do companies like Apple do it? How do companies like Netflix manage not have as many breaches as my hotel that barely has any data. And the answer is those companies actually have evolved to a completely different architecture, the zero trust data architecture. And that was our inspiration for starting this company. >> Yeah. I mean. How many times have you been asked to give your social security number? And you're like, why? why do you want it? What are you going to do with it? How do you protect it? And they go, "I don't know." >> You know, what's even, my favorite is like, you give your social security number to say TurboTax, how many days of the year do they need to use it? One. How many days of the year do they have it? And the thing is, it's a liability for those CTOs too. >> Yeah right. >> The CTO of Walgreens, the CTO of Intuit. They don't really want that social security number just so they can process your card once a year, or your social security number once a year. It's almost like we're forcing them to hold onto data. And then they have to bear the burden of having these stories. Like, you know, everybody wants to prevent a New York Times story that says, what Robin Hood had a breach, Twitter had a breach. >> So walk us through how Skyflow would address something like that. So take the, you know, take the make a generic version of TurboTax, social security members. There they are right now, they're sitting in a database somewhere. Hopefully there's some security wrapped around it in some way or another. What would you advise a customer like that to do? And what are you actually doing for them? >> So, look, it's very simple. You are not going to put your username passwords in a generic database. You're going to use something like OD Zero or Octa to do it. We're living in a world where we have polyglot data stores. Like there's a key value store. There's a time series database. There is a search database like Elastic. There's a log database like Splunk. But PII data, Somehow we think just fine. If it's in a hundred places and our answer is that we should do the same thing that companies like Apple, Netflix, Google, everybody, does. They take this data. They completely isolate it from the databases. And it gets stored in a custom data store in our case, that would be Skyflow. And essentially we'd give you encrypted tokens back and you can use these encrypted tokens that look like fake social security number. It's called a Format Preserving Encryption. So if you think about all the breakthroughs we've had in homomorphic encryption, on secure elements, like the way your phone works, the credit card number is stored in a secure element. So it's the same idea. There's a secure part of your data stack, which is Skyflow. That basically keeps the data always protected. And because we can compute and search on encrypted data, this is important, everybody can encrypt data at rest. Skyflow is the first company that's come out and said, "Look, you can keep your phone number and social security number, encrypted while I can run an aggregation query." So I can tell you what's the balance of your customer's account balance. And i can run that query without decrypting, a single row of data. The only other company I know that can do that internally is a certain Cupertino based company. >> So think about it. Anybody can walk something up to a certain degree, but allowing frictionless access at the same time. >> While it's encrypted. So how do you make that? Are you, is a strategy to make that a horizontal service? That I can put into my data protection service or my E-commerce service or whatever. >> It's a cloud-based service that runs on AWS and other clouds. We basically given instance just like, you'll get an instance of a post-grad store or you get an API handled to OD Zero. You basically instantiate Skyflow of what gets created. It can be in your AWS environment, dedicated VPC. So it's private to you and then you have a handle and then basically you just start using it. >> So how, how do you, what's the secret sauce? How do you do that? >> The secret source. Well, now that we filed the patents on it, I can reveal the secret sauce. So the holy grail of encryption right now, if you go talk to people at a leading company, is there's something called Fully Homomorphic Encryption. That's fundamentally the foundation on which things like Bitcoin are built actually. But the hard part about Fully Homomorphic Encryption is it works. You can actually do mathematical computations on it without decrypting the data, but it's about a million times slower. >> Yes slower, right. >> So nobody uses it. My insight was that we don't need to do multiplications and additions on phone numbers. You never take my phone number and divide by your social security number. (Dave laughing) These numbers are not numbers, they are data structures. So our insight was if you treat them as specialized data structures, we're all talking about basically about 80 different types of data across the globe. Every human being has an ID, date of birth, height, color of eyes. There's not that many fields. What we can do then is create specialized encryption schemes for each data type. We call this polymorphic data encryption. Poly means multiple. As a result of that, we can actually store the data encrypted and build indexes on it. Since we can index interpret data, it's kind of like, imagine you can run real-time queries on data that's encrypted. Every other data store, When you encrypt the data, it becomes invisible to database. And that's why we had to build this as a full stacked service. Just like the Snowflake guys had to start with the foundation of storage, rethink indexing, and build Snowflake. We did the same thing, except we built it for encrypted indexes Whereas they built it for encrypted, for regular data stores. >> So thinking, if you think about today's tech stack, it's evolving, right? The data protection and security are coming together. Where does this fit? Is it sort of now becoming a fundamental part of the-- >> We think every leading company, whether you're building a new brokerage application or you are the largest bank in the world, and we're talking to some of them right now. They're all going to have an internal service called a PII wall. This wall just like Apple and Google have their own internal walls. You're going to have a wall service in your service oriented architecture, essentially. And it's going to basically be the API. Every other application and database in your company is not going to store my social security number. The SSNs don't belong in 600 databases at a leading bank. They don't belong inside your customer support system. Think about what happened with Robinhood two weeks ago, right? Someone tricked one call center guy into giving the keys up, which is fine happens. But why did the call center guy have access to like a million email addresses? He's never used going to use that. So we think if you isolate the PII, every leading company is going to end up with a PII Wall, as part of their core architecture. Just like today, we have an Alt API, you have a Search API, you have a Logging API, you're going to have a PII API. And that's going to be part of your modern data stack. >> So okay. So this is definitely not a bolt on, right? It's going to be a fundamental company, just like security is, just like backup is. It's now, you got to have it. It's-- >> Yes. I mean, if you think about it, it just logically makes sense. Like you should be isolating this data. You don't keep your money and gold around at home. You put it either in a locker or a bank. I think the same applies for PII. We just haven't done it because companies would pay off a fine for $10,000 or a million dollars. And. >> Yeah. So you've recently raised $45 million to expand your efforts. Obviously that means that people are looking at this and saying there's opportunity, right? What does that look like when you think of growth, where during your go to market strategy at first you're convincing people that it's a good idea to do it. Do you think or hope for, hope one day that there's an inflection point where it's not that people are thinking, you know, let's do this because it's a good idea, but people are like, I have to do this because if I don't, it's irresponsible and I'm going to be penalized for not having it. It becomes something that isn't really a choice. It's something where you just do it. >> So, you know, when we were starting the company, we didn't even have a word to explain what we were trying to do. We would say things like what if there was a cloud service for XYZ. And, but over the last one year, I don't want to take credit for creating this market, but this market has been created in the last year and a half. And you know, we get tons of people, including some of the largest institutions emailing us, saying, "I'm looking to build a PII wall, API service inside my company. Can you tell me why your product meets that need?" And I thought that would take us three to five years to get there. And, you know, we've ended up creating a category, basically just like other companies have. And I think, you know, you don't get, I believe in market permission. You don't get to create a category. The market gives somebody the permission to create a category. Saying, "Look, this makes sense. Something like this should emerge." And if you're there at the right time, like you said. >> Yep. >> You get to take the opportunity. >> So where are you at as a company say for some, some capital is great. When do you scale? >> We're scaling now? So we just doubled our headcount in the last nine to 10 months. We're now 75 people. We think we'll be about 150 to 200 people in the next year. We are hiring across all regions. We just hired a head of Asia pack from segment.com. We just hired our first, you know, lead on international expansion. And in the US, we have an office in Palo Alto. We have an office in Bangalore. We just announced a data residency solution for Europe, data residency solution for India and emerging markets. Because data residency is another one of those things that's just emerging right now. And irrespective of whether you believe in security and privacy. Data residency is one of those things that you are mandated to implement. >> And where are you hiring? Is it combination to go to market? Tell me about your go to market. >> The go to market. We are direct sales organization, but we work with partners. So we haven't announced some of these partnerships, but you're working with some of the companies here who either are large database companies, large security companies. We think there is a win-win relationship between us and some of the partner. >> You're a partner model, partner channel model. >> So, direct sales but partner assisted. >> Yeah. Right. All right. We got to go. Hey, awesome story. Congratulations. Best of luck. >> Very interesting. >> Love to have you back and track the progress. >> Thank you, thank you so much. >> Okay. Thank you for watching theCUBE, the leader in and high-tech coverage. We're at Re-Invent 2021. Be right back (upbeat music)