>> Narrator: Live from San Francisco. It's the theCUBE covering RSA Conference 2020 San Francisco, brought to you by SiliconAngle Media. >> Alright, welcome to theCUBE coverage here at RSA Conference in San Francisco and Moscone Halls, theCUBE. I'm John Furrier, the host of theCUBE, in a cyber security is all about encryption data and also security. We have a very hot startup here, that amazing guest, Dr. Ellison Anne Williams, CEO and Founder of Enveil just recently secured a $10 million Series A Funding really attacking a real problem around encryption and use. Again, data ,security, analytics, making it all secure is great. Allison, and thanks for coming on. Appreciate your time. >> Thanks for having me. >> So congratulations on the funding before we get started into the interview talking about the hard news, you guys that are around the funding. How long have you guys been around? What's the funding going to do? What are you guys doing? >> Yeah, so we're about three and a half years old as a company. We just announced our Series A close last week. So that was led by C5. And their new US Funds The Impact Fund and participating. Other partners included folks like MasterCard, Capital One Ventures, Bloomberg, Beta 1843, etc. >> So some names jumped in C5 led the round. >> For sure. >> How did this get started? What was the idea behind this three years you've been actually doing some work? Are you going to production? Is it R&D? Is it in market? Give us a quick update on the status of product and solution? >> Yeah, so full production. For production of the product. We're in fact in 2.0 of the release. And so we got our start inside of the National Security Agency, where I spent the majority of my career. And we developed some breakthroughs in an area of technology called homomorphic encryption, that allows you to perform computations into the encrypted domain as if they were in the unencrypted world. So the tech had never existed in a practical capacity. So we knew that bringing seeds of that technology out of the intelligence community and using it to seed really and start the company, we would be creating a new commercial market. >> So look at this, right? So you're at the NSA, >> Correct >> Your practitioner, they're doing a lot of work in this area, pioneering a new capability. And did the NSA spin it out did they fund it was the seed capital there or did you guys bootstrap it >> No. So our seed round was done by an entity called Data Tribe. So designed to take teams in technologies that were coming out of the IC that wanted to commercialize to do so. So we took seed funding from them. And then we were actually one of the youngest company ever to be in the RSA Innovation Sandbox here in 2017, to be one of the winners and that's where the conversation really started to change around this technology called homomorphic encryption, the market category space called securing data in use and what that meant. And so from there, we started running the initial version of a product out in the commercial world and we encountered two universal reaction. One that we were expecting and one that we weren't. And the one that we were expecting is that people said, "holy cow, this actually works". Because what we say we do keeping everything encrypted during processing. Sounds pretty impossible. It's not just the math. And then the second reaction that we encountered that we weren't expecting is those initial early adopters turned around and said to us, "can we strategically invest in you?" So our second round of funding was actually a Strategic Round where folks like Bloomberg beta,Thomson Reuters, USA and Incue Towel came into the company. >> That's Pre Series A >> Pre Series A >> So you still moving along, if a sandbox, you get some visibility >> Correct. >> Then were the products working on my god is you know, working. That's great. So I want to get into before I get into some of the overhead involved in traditionally its encryption there always has been that overhead tax. And you guys seem to solve that. But can you describe first data-at-rest versus data-in-motion and data-in-user. data at rest, as means not doing anything but >> Yeah, >> In flight or in you so they the same, is there a difference? Can you just tell us the difference of someone this can be kind of confusing. >> So it's helpful to think of data security in three parts that we call the triad. So securing data at rest on the file system and the database, etc. This would be your more traditional in database encryption, or file based encryption also includes things like access control. The second area, the data security triad is securing data- in- transit when it's moving around through the network. So securing data at rest and in transit. Very well solution. A lot of big name companies do that today, folks like Talus and we partner with them, Talus, Gemalto, etc. Now, the third portion of the data security triad is what happens to that data when you go use or process it in some way when it becomes most valuable. And that's where we focus. So as a company, we secure data-in-use when it's being used or processed. So what does that mean? It means we can do things like take searches or analytics encrypt them, and then go run them without ever decrypting them at any point during processing. So like I said, this represents a new commercial market, where we're seeing it manifest most often right now are in things like enabling secure data sharing, and collaboration, or enabling secure data monetization, because its privacy preserving and privacy enabling as a capability. >> And so that I get this right, the problem that you solved is that during the end use parts of the triad, it had to be decrypted first and then encrypted again, and that was the vulnerability area. Look, can you describe kind of like, the main problem that you guys saw was that-- >> So think more about, if you've got data and you want to give me access to it, I'm a completely different entity. And the way that you're going to give me access to it is allowing me to run a search over your data holdings. We see this quite a bit in between two banks in the areas of anti-money laundering or financial crime. So if I'm going to go run a search in your environment, say I'm going to look for someone that's an EU resident. Well, their personal information is covered under GDPR. Right? So if I go run that search in your environment, just because I'm coming to look for a certain individual doesn't mean you actually know anything about that. And so if you don't, and you have no data on them whatsoever, I've just introduced a new variable into your environment that you now have to account for, From a risk and liability perspective under something like GDPR. Whereas if you use us, we could take that search encrypt it within our walls, send it out to you and you could process it in its encrypted state. And because it's never decrypted during processing, there's no risk to you of any increased liability because that PII or that EU resident identifier is never introduced into your space. >> So the operating side of the business where there's compliance and risk management are going to love this, >> For sure. >> Is that really where the action is? >> Yes, compliance risk privacy. >> Alright, so get a little nerdy action on this one. So encryption has always been an awesome thing depending on who you talk to you, obviously, but he's always been a tax associate with the overhead processing power. He said, there's math involved. How does homeomorphic work? Does it have problems with performance? Is that a problem? Or if not, how do you address that? Where does it? I might say, well, I get it. But what's the tax for me? Or is your tax? >> Encryption is never free. I always tell people that. So there always is a little bit of latency associated with being able to do anything in an encrypted capacity, whether that's at rest at in transit or in use. Now, specifically with homomorphic encryption. It's not a new area of encryption. It's been around 30 or so years, and it had often been considered to be the holy grail of encryption for exactly the reasons we've already talked about. Doing things like taking searches or analytics and encrypting them, running them without ever decrypting anything opens up a world of different types of use cases across verticals and-- >> Give those use case examples. What would be some that would be low hanging fruit. And it would be much more higher level. >> Some of the things that we're seeing today under that umbrella of secure data sharing and collaboration, specifically inside of financial services, for use cases around anti-money laundering and financial crimes so, allowing two banks to be able to securely collaborate with with each other, along the lines of the example that I gave you just a second ago, and then also for large multinational banks to do so across jurisdictions in which they operate that have different privacy and secrecy regulations associated with them. >> Awesome. Well, Ellison, and I want to ask you about your experience at the NSA. And now as an entrepreneur, obviously, you have some, you know, pedigree at the NSA, really, you know, congratulations. It's going to be smart to work there, I guess. Secrets, you know, >> You absolutely do. >> Brains brain surgeon rocket scientist, so you get a lot of good stuff. But now that you're on the commercial space, it's been a conversation around how public and commercial are really trying to work together a lot as innovations are happening on both sides of the fence there. >> Yeah. >> Then the ICC and the Intelligence Community as well as commercial. Yeah, you're an entrepreneur, you got to go make money, you got shareholders down, you got investors? What's the collaboration look like? How does the world does it change for you? Is it the same? What's the vibe in DC these days around the balance between collaboration or is there? >> Well, we've seen a great example of this recently in that anti-money laundering financial crime use case. So the FCA and the Financial Conduct Authority out of the UK, so public entity sponsored a whole event called a tech spread in which they brought the banks together the private entities together with the startup companies, so your early emerging innovative capabilities, along with the public entities, like your privacy regulators, etc, and had us all work together to develop really innovative solutions to real problems within the banks. In the in the context of this text spread. We ended up winning the know your customer customer due diligence side of the text brand and then at the same time that us held an equivalent event in DC, where FinCEN took the lead, bringing in again, the banks, the private companies, etc, to all collaborate around this one problem. So I think that's a great example of when your public and your private and your private small and your private big is in the financial services institutions start to work together, we can really make breakthroughs-- >> So you see a lot happening >> We see a lot happening. >> The encryption solution actually helped that because it makes sense. Now you have the sharing the encryption. >> Yeah. >> Does that help with some of the privacy and interactions? >> It breaks through those barriers? Because if we were two banks, we can't necessarily openly, freely share all the information. But if I can ask you a question and do so in a secure and private capacity, still respecting all the access controls that you've put in place over your own data, then it allows that collaboration to occur, whereas otherwise I really couldn't in an efficient capacity. >> Okay, so here's the curveball question for you. So anybody Startup Series today, but you really got advanced Series A, you got a lot of funding multiple years of operation. If I asked you what's the impact that you're going to have on the world? What would you say to that, >> Over creating a whole new market, completely changing the paradigm about where and how you can use data for business purposes. And in terms of how much funding we have, we have, we've had a few rounds, but we only have 15 million into the company. So to be three and a half years old to see this new market emerging and being created with with only $15 million. It's really pretty impressive. >> Yeah, it's got a lot of growth and keep the ownership with the employees and the founders. >> It's always good, but being bootstrap is harder than it looks, isn't it? >> Yeah. >> Or how about society at large impact. You know, we're living global society these days and get all kinds of challenges. You see anything else in the future for your vision of impact. >> So securing data and your supplies horizontally across verticals. So far we've been focused mainly on financial services. But I think healthcare is a great vertical to move out in. And I think there are a lot of global challenges with healthcare and the more collaborative that we could be from a healthcare standpoint with our data. And I think our capabilities enable that to be possible. And still respecting all the privacy regulations and restrictions. I think that's a whole new world of possibility as well. >> And your secret sauce is what math? What's that? What's the secret sauce, >> Math, Math and grit. >> Alright, so thanks for sharing the insights. Give a quick plug for the company. What are you guys looking to do? Honestly, $10 million in funding priorities for you and the team? What do you guys live in to do? >> So priorities for us? privacy is a global issue now. So we are expanding globally. And you'll be hearing more about that very shortly. We also have new product lines that are going to be coming out enabling people to do more advanced decisioning in a completely secure and private capacity. >> And hiring office locations DC. >> Yes. So our headquarters is in DC, but we're based on over the world, so we're hiring, check out our web page. We're hiring for all kinds of roles from engineering to business functionality >> And virtual is okay virtual hires school >> Virtual hires is great. We're looking for awesome people no matter where they are. >> You know, DC but primary. Okay, so great to have you gone. Congratulations for one, the financing and then three years of bootstrapping and making it happen. Awesome. >> Thank you. >> Thank you for coming ,appreciate it. So keep coming to your RSA conference in Moscone. I'm John Furrier. Thanks for watching more after this short break (pop music playing)