>> Presenter: From downtown San Francisco, it's theCUBE, covering RSA North America 2018. >> Hey, welcome back, everybody. Jeff Frick here with the theCUBE. We're in downtown San Francisco with RSA North America 2018 40,000 plus professionals talking about security, enterprise security. It's a growing field, it's getting baked into everything. There's a whole lot of reasons that this needs to be better and more integrated into everything that we do, as opposed to just kind of a slap on at the end. And, who better to have on, who's investing at the cutting edge, keeping an eye on the startups than Sean Cunningham, our next guest. He's a managing director ForgePoint Capital, the newly named, so welcome to ForgePoint Capital, I guess. (Sean laughs) >> Thanks, Jeff, we're pretty excited about it. So, we were branded Trident Capital Cybersecurity. We're a 300 million dollar cybersecurity only fund, we closed the fund about a year and a half ago. We've invested in a dozen companies, and we decided that now is a great time to rebrand ForgePoint really tells more about what we're doing, we're forging ahead with our Series A, Series B funded companies, as well as a few growth equity. So, it made a lot of sense, but we're pretty excited about the market, and obviously RSA, with 1700 cybersecurity companies makes it interesting. >> Right, so you've been at this for a while. I wonder if you can speak to some of the macro trends as we've seen the growth of cloud, the growth of IoT will soon be more industrial IoT, enabled by 5G. We've got all these automated systems and financial services trading, and ad tech that we're going to see more and more of that automated transaction happening. You've got APIs and everything's connected to everything else to enable my application. So, really really exciting, and huge, growing threat surface if you will, but at the same, these are the technologies that are driving forward. So, what are you seeing from your, seat at the table some of the newer, more innovative startups? >> Jeff, I think you should probably tell me. You have all the answers there. >> I talked to a lot of smart people, that's the benefit of the job. >> I think the only two buzzwords you left off was Bitcoin and fraudulent payments. >> Oh, we can work a little blockchain in if you want. >> Yeah, but it is absolutely a bit of an interesting environment. I've been doing it since 2000 with Intel Capital for 15 years, but what's really changed, what hasn't changed is the fact that it's all about the hackers are able to monetize this. So, that's not going away. The biggest change are the, I guess, overt nation state attacks. So, between all of those things, the drivers are just continuing to force cybersecurity to become better and better. And, that's why the innovative startups are really, you're seeing these 1700, because the legacy companies can't fix these problems. And, you know, you talk about all these different paths for hackers to get in. It's absolutely the case and we are really big on areas, as you mentioned Jeff, the automation. It has to be about automating. It has to be about having a real solution for a real problem. You know, you look at, let's say 1500 of these security startups, a lot of them are about technology for the sake of technology. So, we're pretty excited about a couple of areas. One, is application security. If you think about the Equifax hack, you know, it's as simple as getting into the website and being able to hack into all of the PII data if you will. And, we've invested in a company called Prevoty and what they do is they make it easy for the application security folks to meet with the DevOps folks and inject the software into these applications. The reason why that's really interesting is, if you think about how long it takes for the DevOps guys to get all their new updates out, through that whole cycle, when you could automate that process and reduce that time to market, that's what it's really all about. >> So, what's your take on GDPR. You know, it's past a little while ago, the enforcement comes into place next month. It's weird what's going on with Facebook right now. I don't ever hear GDPR in the conversation of what's going on, and yet, it's just around the corner and it seems like it would be part of that conversation. DC is just king of a Y2K moment, where there's a lot of buzz and the date hits and we get past it and then we kind of move on with our lives, or is this really a fundamental shift in the way that companies are going to have to manage their data? >> Well, I can show you my scars from investigating compliance companies. I think the winners in that space, from a business standpoint are going to be the consultant companies, initially and at some point then, the legacy guys are going to be also involved, as well as some of the startups. But, clearly, until you see some of the large penalties happen, there's not going to be a lot of movement. There's going to be a lot of hand waving and consulting firms are trying to figure out what's your problem, how do we solve it. So, you're going to see, I'm sure, around the floor a lot of GDLP stuff, but we're being very cautious about where we invest there because, as you say, Y2K and a lot of this is going to be a lot fud. The legacy guys are going to say, oh we can handle that. Same as they did with cloud. Look how long it's taking cloud to get adopted, my God. I mean-- >> Right. >> GDRP is a big piece of that. We did investments in that space, around CASB, it's called. And, we invested in a company called Prelert. It had great traction, but then it just kind of topped out. So, it's going to be investable space and there's going to be a lot of money dumped in there because it's, you know, the Lemming effect. All VCs are going to follow that. >> Right. >> We'll see what happens. >> And then on the cloud, you know, with the growth of public cloud with Amazon and Azure and Google Cloud Platform, and they've got significant resources that they're investing into the security of their clouds and their infrastructure. And, yet, we still hear things happen all the time where there's some breach because somebody forgot to turn a switch from green to blue, or whatever. How did the startups, you know, kind of find their path within these huge public cloud spaces to find a vector that they can concentrate on, that's not already covered by some of these massive investments that the big public cloud people are making? >> Yeah, I think some of the, you know you point something out, I mean we got to think about cloud, you think about the public cloud, you think of private cloud and hybrid model and so on. I think that's really where things are going to to be for a while. The big guys, the big companies, enterprises are not putting a lot of their crown jewels out in the public clouds, yet. And, so the private clouds are equally important to them. And, so they have to be secured. And, the public cloud, you know, there's definitely they have some good security, but they quietly are implementing security from innovative companies also. They're not as public about it because they want to have they're already secure, so don't worry about me, but there's a lot of opportunity there. >> Okay, and then when CIOs are talking about security and thinking about security, ultimately they cannot be 100 percent secure, right, it's just you cannot be. >> It's called job security. >> Yeah, job security for us, right. But, I was thinking of this kind of as an insurance model. At some point, you get kind of the law of diminishing returns and you got to start making business trade-offs for the investment. How are these people thinking about this, at the same time, seeing their competitors and neighbors showing up on the cover of the Wall Street Journal breach after breach after breach? What's the right balance? How should they be thinking about managing risk, and thinking of a risk problem as opposed to kind of a castle problem? >> Yeah, and that's the biggest problem with CIOs and CSOs right now. It's all about what's good enough. Where do I reach that threshold? And, so there is definitely buyer fatigue. And, I think it's a matter, there are companies out there that look at the risk profile and are actually giving ratings of, what is your environment look like. We just invested in a spin out from, we helped spin out a company called CyberCube out of Symantec, and it's insurance. And, they're looking at, from a cyber insurance perspective, of what's your risk profile within your organization and selling and that data from Symantec as well as the data they have and going back to the insurance, the under buyer and saying, hey, we can show you the risk profile of this company and you can properly price your cyber insurance now. We all know how large the cyber insurance market is, so there's a lot of opportunities in that space to really look at the risk factors. >> Alright, well before I let you go, to go visit all the 117 startups, which will be looking for your cheque, I'm sure. >> Human ATM. >> What is one or two things that you think about in some of the more progressive startups that you talk about that still hasn't kind of hit the public eye yet. That they should be thinking about, or that we're going to be talking about in a couple years that's still kind of below the radar? >> Yeah, you know, if I told you then everyone else would be-- >> That's true. >> So, I have to be a little careful. You know, I think the interesting thing is, you know, a bit of a contrarian view. Is, if you think about consumer space, people don't really want to invest. Investors don't want to put money in the consumer, but you think about Symantec again, LifeLock. Identity protection, 2.3 billion dollars Symantec paid to get LifeLock. That's a lot of money. But, if you think about five years ago, how many consumers would pull out their Visa card to buy security. So, we think that there's really a potential opportunity on the consumer side. Now, AV is pretty well scorched earth. A lot of places, a lot of these endpoint things are scorched earth, but consumer might be an interesting place to be able to take these enterprise applications and, what I call, the consumerization of security, and take some of those interesting application and solutions and bring them down to the consumer in a bundle type of environment. >> Yeah, well certainly with all the stuff going on with Facebook now, people's kind of reawakening at the consumer level of what's really happening would certainly be fuel for that fire. >> We have an investment in a company called IDEXPERTS, which does breach remediation and our goal right now is we're continuing to add products from that space to be able to give the consumers a very robust offering. >> Alright, Sean, well thanks for taking a few minutes out of your day from prospecting. >> Yeah, pleasure. >> Over on the floor, he's Sean Cunningham, I'm Jeff Frick. You're watching theCUBE from RSA North America 2018 in downtown San Francisco. Thanks for watching, I'll see you next time. (upbeat music)

(upbeat music) >> We're here theCUBE on Cloud Startup Showcase brought to you by AWS. And right now we're going to explore the next frontier for privacy, you know, security, privacy, and compliance, they're often lumped together and they're often lumped on as an afterthought bolted on to infrastructure, data and applications. But, you know, while they're certainly related they're different disciplines and they require a specific domain knowledge and expertise to really solve the challenges of today. One thing they all share is successful implementations, must be comprehensive and designed in at the start and with me to discuss going beyond compliance and designing privacy protections into products and services. Justin Antonipillai, who is the founder and CEO of WireWheel, Justin awesome having you on the AWS Startup Showcase. Thanks for being here >> Dave, thanks so much for having me. It's a real honor, and I appreciate it. Look forward to the discussion. >> So I always love to ask founders, like, take us back. Why did you start this company? Where did your inspiration come from? >> So Dave, I was very lucky. I had the honor of serving in president Obama's second term as an Acting Under Secretary for Economic Affairs. So I ran the part of the government that includes the U.S. Census Bureau and the Bureau of Economic Analysis. So core economic statistical bureaus. But I helped lead a lot of the Obama administration's, outreach and negotiations on data privacy around the world. Including on something called the EU-U.S. Privacy Shield. So at the time the two jobs I had really aligned with what our discussion is here today. The first part of it was, I could see that all around the world in the U.S. and around the world, data privacy and protecting privacy, had become a human rights issue. It was a trade issue. You could see it as a national security issue and companies all around the world were just struggling with how to get legal, how to make sure that I do it right, and how I make sure that I'm treating my customer's data, in the right way. But when I was also leading the agency, a lot of what we were trying to do was to help our U.S. citizens, our folks here around the country solve big public problems by ethically and responsibly using government data to do it. And I can talk about what that meant in a little while. So the inspiration behind why WireWheel was, we need better more technically driven ways to help companies get compliance, to show their customers that they're protecting privacy and to put customers, our customers onto a path where they can start using the customer data better, faster and stronger, but most importantly, ethically. And that's really what we try to tackle at WireWheel. >> Right, excellent. Thank you for that. I mean, yeah you know, in the early days of social media, people kind of fluffed it off and oh there is no privacy in the internet, blah, blah, blah. And then wow, it became a huge social issue and public policy really needed to step in but also technology needs this to help solve this problem. So let's try to paint a picture for people as to really dig into the problem that you solve and why it's so complicated. We actually have a graphic. It's a map of the U S that we want to pull up here. Explain this. >> Yeah, I mean, what you're saying here is that every one of your, our viewers today is going to be looking at privacy laws moving across the country Dave but there's a lot of different ones. You know, if you're a company that's launching and building your product, that you might be helping your customers your consumer facing. The law, and you're even let's assume you want to do the right thing. You want to treat that customer data responsibly and protect it. When you look at a map like this and you can see three States have already passed different privacy laws, but look at the number of different States all across the country that are considering their own privacy laws. It really could be overwhelming. And Virginia, as you can see is just about to pass it's next privacy law but there's something like 23,24 States that are moving them through. The other thing Dave, that's really important about this is, these are not just breach laws. You know, I think years ago we were all looking at these kinds of laws spreading across the country and you would be saying, okay, that's just a breach law. These laws are very comprehensive. They have a lot to them. So what we have been really helping companies with is to enable you to get compliant with a lot of these very quickly. And that's really what we've tried to take on. Because if you're trying to do the right thing there should be a way to do it. >> Got it. Yeah, I can't even imagine what the it had been so many permutations and complexities but imagine this, if this were a globe we were looking at it says it gets out of control. Okay, now you guys well you use a term called phrase beyond compliance? What do we mean by that? >> There are a couple of things. So I'd say almost every company taking a product to market right now, whether you're B2C or B2B you want to make sure you can answer the customer question and say, yes, I'm compliant. And usually that means if you're a B2C company it means that your customers can come to your site. Your site is compliant with all of the laws out there. You can take consents and preferences. You can get their data back to them. All of these are legal requirements. If you're a B2B company, you're also looking at making sure you can create some critical compliance records that's it, right? But when we think beyond compliance, we think of a couple of basic things. Number one, do you tell the story about all the trust and protection you put around your data in a way that your customers want to do business with you? I mean Dave, if you went to CES the last couple of years and you were walking into the center or looking at a virtual version of it, on every billboard, the top five, top 10 global companies advertise that they take care of your data and they're onto something, they're onto something. You can actually build a winning strategy by solving a customer's problem and also showing them that you care, and that they're trustworthy. Because there are too many products out there, that aren't. The second thing, I'm sorry, go ahead. >> No, please carry on. >> No, I mean the second thing, and then I think I'd say is going beyond compliance also means that you're thinking about how you can use that data for your customer, to solve all of their problems. And Dave, what I'd say here is imagine a world right now, in which, you know you trusted that the data that you gave to companies or to the government, was protected and that if you changed your mind and you wanted it back that they would delete it or give it back to you. Can you imagine how much more quickly we would have solved getting a COVID vaccine? Can you imagine how much data would have been available to pharmaceutical companies to actually develop a vaccine? Can you imagine how much more quickly we would have opened the economy? The thing is companies can't solve every problem that they could for a customer because customers don't trust that the data is going to be used correctly and companies don't know how to use it in that way and ethically. And that's what we're talking about when we say getting beyond compliance which is we want to enable our customers to use the data in the best way and most ethical way to solve all of their customer's problems. >> Okay, so I ask the elephant in the room question. If you asked most businesses about personal information, where it's stored, you know who has access to it, the fact is that most people can't answer it. And so when they're confronted with these uncomfortable questions. The other documents and policies that maybe check some boxes, why is that not a good idea? I mean, there's an expense to going beyond that but so why is that not just a good idea to check it off? >> Well look, a lot of companies do need to just check it off and what I mean, get it right, make sure you label and the way we've thought about this is that when you're building on a backbone like AWS, it does give you the ability to buy a lot of services quickly and scale with your company. But it also gives us an ability to comply faster by leveraging that infrastructure to get compliant faster. So if you think about it, 20 years ago whenever I wanted to buy storage or if I wanted to buy servers and look we're a company that built in the cloud, Dave it would have been very difficult for us to buy the right storage and the processing we needed, given that we were starting. But I was able to buy very small amounts of it until our customer profile grew. But that also means my data moved out of a single hard drive and out of a single set of servers, into other places that are hosted in the cloud. So the entire tech stack that all of our customers are building on means they're distributing personal data into the cloud, into SAS platforms. And there's been a really big move through integration platforms as a service to allow you to spread the personal data quickly. But that same infrastructure can be used to also get you compliant faster, and that's the differentiation. So we built a platform that enables a company to inventory their systems, to track what they're doing in those systems and to both create a compliance record faster by tracking what they're doing inside the cloud and in SAS systems. And that's the different way we've been thinking about it as we've been going to market. >> So, okay. So what actually do you sell, you sell a service? Is it a subscription? >> Yeah. >> And AWS is underneath that, maybe you could put down a picture for us. >> Sure, we're a cloud hosted software as a service. We have two core offerings. One is the WireWheel Trust Access Consent Solution. So if you go to a number of major brands, and you go to their website, when they tell you here's the data we're collecting about you, when they collect your consents and preferences, when they collect a request for data correction or deletion of the data, all the way from the request to delivery back to the consumer, we have an end to end system that our customers use with their customers, a completely cloud hostable in a subscription. So enables even very small startups, to build that experience into their website and into their products, from the very beginning, at a cost efficient point. So if you want to stand up a compliant website or you want to build into your product that Trust Access Consent Solution, we have a SAS platform, and we have developer tools and our developer portal to let you do it quickly. The second thing we do is we have a privacy operations manager. So this is the most security center but for privacy operations. It helps you inventory your systems, actually create data flow maps and most critically create compliance records that you need to comply with, you know the European law, the Brazilian law, and that whole spectrum of U.S. privacy laws that you showed a few minutes ago. And those are the two core offerings we have. >> I love it. I mean, it's the cloud story, right? One is you don't have to spend a millions of dollars on hardware and software. And the second is, when you launch you enable small companies, not just the biggest companies you give them the same, essentially the same services. And that's a great story. Who do you sell to Justin? What does a typical customer engagement look? >> Yeah, we, in many of our customers and in the AWS say startup environment, you often don't have companies that have like a privacy officer. They often don't even have a general counsel. So we sell a package that will often go to whoever is responsible at the company for privacy compliance. And, you know, interestingly Dave in some startups that might be a marketing officer, it might be a CLO, it might be the CTO. So in startups and sort of growing companies, we've put out a lot of guidance, and our core WireWheel developer portal is meant to give even a startup all they need to stand up that experience and get it going, so that when you get that procurement imagine you're about to go sell your product, and they ask you, are you compliant, then you have that document ready to provide. We also do provide this core infrastructure for enormous enterprises. So think telecoms, think top three global technology companies. So Dave, we get excited about is we've built a core software platform privacy infrastructure that is permanently being used by some of the largest companies in the world. And our goal is to get that infrastructure at the right price point into every company in the world, right? We want to enable any company to spend and stand up the right system, that's leveraging that same privacy infrastructure that the big folks have, so that as they scale, they can continue to do the right thing. >> That's awesome. I mean, you mentioned a number of roles of marketing folks. I can even see a sales, let's say sales lead saying, okay we got this deal on the table. How do we get through the procurement because we didn't check the box, all right. So, let me ask you this. We talked a little bit about designing privacy in a and it's clear you help do that. How do you make it, you know fundamental to customer's workloads? Do they have to be like an AWS customer to take advantage of that concept? Or how did they make it part of their workflow? >> Yeah, so there's a couple of critical things. How do you make it part of the workflow? The first thing is, you go to any company's website right now, they have to be compliant with the California law. So a very straightforward thing we do is we can for both B2B and B2C companies stand up an entire customer experience that matches the scale of the company that enables it to be compliant. That means you have a trust center that shows the right information to your customers, it collects the consents, preferences, and it stands up with a portal to request data. These are basics. And for a company that's standing up the internal operations, we can get them app collecting that core record and create a compliance record very fast. With larger companies, Dave you're right. I mean, when you're talking about understanding your entire infrastructure and understanding where you're storing and processing data it could seem overwhelming, but the truth is, the way we onboard our customers is we get you compliance on your product and website first, right? We focus on your product to get that compliance record done. We focus on your website so that you can sell your product. And then we go through the rest of the major systems where you're handling personal information, your sales, your marketing, you know, it's like a natural process. So larger enterprises we have a pretty straightforward way that we get them up and running, but even small startups we can get them to a point of getting them compliant and starting to think about other things very, very quickly. >> And so Justin, you're a government so you understand big, but how I talk about the secret ingredient that allows you to do this at scale and still handle all that diversity, like what we showed in that graphic, the different locations, different local laws, data sovereignty, et cetera. >> Yeah, there's a couple things on the secret source. One is, we have to think about our customers every day. And we had to understand that companies will use whatever their infrastructure is to build. Like you've seen, even on AWS there are so many different services you can use. So number one, we always think with an engineering point of view in mind. Understand the tools, understand the infrastructure in a way that brings that kind of basic visibility to whoever it is that's handling privacy, that basic understanding. The second is, we focused on core user experience for the non-technical user. It's really easy to get started. It's really easy to stand up your privacy page and your privacy policy. It's really easy to collect that and make that first record. The third is, and you know, this is one of those key things. When I was in the government, I met with folks in the intelligence community at one point day, and this always stuck with me. They were telling me that 20 years ago, you know to do the kind of innovation that you have going on now, you would have had to have had a defense contract. You would have had to have invested an enormous amount of money to buy the processing and the services and the team. But the ability for me as a startup founder, to understand the big picture and understand that companies need to be compliant fast, get their website compliant fast, get their product compliant fast, but build on a cloud infrastructure that allowed me to scale was incredible. Because it allows us to do a lot with our customers that a company like ours would have been really challenged to do without that cloud backbone. >> Love this, the agility and the innovation. Last question, give us the company update Justin, you know where are you? What can you share with us, fundraising, head count, are you generating revenue? Where you are? >> Oh yeah, we're excited as I mentioned, we are already the privacy platform of choice of some of the larger brands in the world, which we're very excited about. And we help them solve both the trust, access consent problem for their customers, and we help with the privacy operations management. We recently announced a new $20 million infusion of capital, led by a terrific venture capital fund, ForgePoint Capital. We've been lucky to have been supported by NEA, Sands Capital, Revolution Capital, Pritzker Capital, PSP. And so we have a terrific group of investors behind us. We are scaling, we've grown the company a lot in the last year. Obviously it's been an interesting and challenging year with COVID, but we are really focused on growing our sales team, our marketing team, and we're going to be offering some pretty exciting solutions here for the rest of the year. >> The timing was unbelievable, you had the cloud at your beck and call, you had the experience in government. You've got your background as a lawyer. And it all came in, and the legal come into the forefront of public policy, just a congratulations on all your progress today. We're really looking forward to seeing you guys rocket in the future. I really appreciate you coming on. >> Dave, thanks so much for having me, really enjoyed it. And I look forward to seeing you soon. >> Great, and thank you for watching everyone is Dave Vellante for theCUBE on cloud startups. Keep it right there. (upbeat music)

(upbeat music) >> We're here theCUBE on Cloud Startup Showcase brought to you by AWS. And right now we're going to explore the next frontier for privacy, you know, security, privacy, and compliance, they're often lumped together and they're often lumped on as an afterthought bolted on to infrastructure, data and applications. But, you know, while they're certainly related they're different disciplines and they require a specific domain knowledge and expertise to really solve the challenges of today. One thing they all share is successful implementations, must be comprehensive and designed in at the start and with me to discuss going beyond compliance and designing privacy protections into products and services. Justin Antonipillai, who is the founder and CEO of WireWheel, Justin awesome having you on the AWS Startup Showcase. Thanks for being here >> Dave, thanks so much for having me. It's a real honor, and I appreciate it. Look forward to the discussion. >> So I always love to ask founders, like, take us back. Why did you start this company? Where did your inspiration come from? >> So Dave, I was very lucky. I had the honor of serving in president Obama's second term as an Acting Under Secretary for Economic Affairs. So I ran the part of the government that includes the U.S. Census Bureau and the Bureau of Economic Analysis. So core economic statistical bureaus. But I helped lead a lot of the Obama administration's, outreach and negotiations on data privacy around the world. Including on something called the EU-U.S. Privacy Shield. So at the time the two jobs I had really aligned with what our discussion is here today. The first part of it was, I could see that all around the world in the U.S. and around the world, data privacy and protecting privacy, had become a human rights issue. It was a trade issue. You could see it as a national security issue and companies all around the world were just struggling with how to get legal, how to make sure that I do it right, and how I make sure that I'm treating my customer's data, in the right way. But when I was also leading the agency, a lot of what we were trying to do was to help our U.S. citizens, our folks here around the country solve big public problems by ethically and responsibly using government data to do it. And I can talk about what that meant in a little while. So the inspiration behind why WireWheel was, we need better more technically driven ways to help companies get compliance, to show their customers that they're protecting privacy and to put customers, our customers onto a path where they can start using the customer data better, faster and stronger, but most importantly, ethically. And that's really what we try to tackle at WireWheel. >> Right, excellent. Thank you for that. I mean, yeah you know, in the early days of social media, people kind of fluffed it off and oh there is no privacy in the internet, blah, blah, blah. And then wow, it became a huge social issue and public policy really needed to step in but also technology needs this to help solve this problem. So let's try to paint a picture for people as to really dig into the problem that you solve and why it's so complicated. We actually have a graphic. It's a map of the U S that we want to pull up here. Explain this. >> Yeah, I mean, what you're saying here is that every one of your, our viewers today is going to be looking at privacy laws moving across the country Dave but there's a lot of different ones. You know, if you're a company that's launching and building your product, that you might be helping your customers your consumer facing. The law, and you're even let's assume you want to do the right thing. You want to treat that customer data responsibly and protect it. When you look at a map like this and you can see three States have already passed different privacy laws, but look at the number of different States all across the country that are considering their own privacy laws. It really could be overwhelming. And Virginia, as you can see is just about to pass it's next privacy law but there's something like 23,24 States that are moving them through. The other thing Dave, that's really important about this is, these are not just breach laws. You know, I think years ago we were all looking at these kinds of laws spreading across the country and you would be saying, okay, that's just a breach law. These laws are very comprehensive. They have a lot to them. So what we have been really helping companies with is to enable you to get compliant with a lot of these very quickly. And that's really what we've tried to take on. Because if you're trying to do the right thing there should be a way to do it. >> Got it. Yeah, I can't even imagine what the it had been so many permutations and complexities but imagine this, if this were a globe we were looking at it says it gets out of control. Okay, now you guys well you use a term called phrase beyond compliance? What do we mean by that? >> There are a couple of things. So I'd say almost every company taking a product to market right now, whether you're B2C or B2B you want to make sure you can answer the customer question and say, yes, I'm compliant. And usually that means if you're a B2C company it means that your customers can come to your site. Your site is compliant with all of the laws out there. You can take consents and preferences. You can get their data back to them. All of these are legal requirements. If you're a B2B company, you're also looking at making sure you can create some critical compliance records that's it, right? But when we think beyond compliance, we think of a couple of basic things. Number one, do you tell the story about all the trust and protection you put around your data in a way that your customers want to do business with you? I mean Dave, if you went to CES the last couple of years and you were walking into the center or looking at a virtual version of it, on every billboard, the top five, top 10 global companies advertise that they take care of your data and they're onto something, they're onto something. You can actually build a winning strategy by solving a customer's problem and also showing them that you care, and that they're trustworthy. Because there are too many products out there, that aren't. The second thing, I'm sorry, go ahead. >> No, please carry on. >> No, I mean the second thing, and then I think I'd say is going beyond compliance also means that you're thinking about how you can use that data for your customer, to solve all of their problems. And Dave, what I'd say here is imagine a world right now, in which, you know you trusted that the data that you gave to companies or to the government, was protected and that if you changed your mind and you wanted it back that they would delete it or give it back to you. Can you imagine how much more quickly we would have solved getting a COVID vaccine? Can you imagine how much data would have been available to pharmaceutical companies to actually develop a vaccine? Can you imagine how much more quickly we would have opened the economy? The thing is companies can't solve every problem that they could for a customer because customers don't trust that the data is going to be used correctly and companies don't know how to use it in that way and ethically. And that's what we're talking about when we say getting beyond compliance which is we want to enable our customers to use the data in the best way and most ethical way to solve all of their customer's problems. >> Okay, so I ask the elephant in the room question. If you asked most businesses about personal information, where it's stored, you know who has access to it, the fact is that most people can't answer it. And so when they're confronted with these uncomfortable questions. The other documents and policies that maybe check some boxes, why is that not a good idea? I mean, there's an expense to going beyond that but so why is that not just a good idea to check it off? >> Well look, a lot of companies do need to just check it off and what I mean, get it right, make sure you label and the way we've thought about this is that when you're building on a backbone like AWS, it does give you the ability to buy a lot of services quickly and scale with your company. But it also gives us an ability to comply faster by leveraging that infrastructure to get compliant faster. So if you think about it, 20 years ago whenever I wanted to buy storage or if I wanted to buy servers and look we're a company that built in the cloud, Dave it would have been very difficult for us to buy the right storage and the processing we needed, given that we were starting. But I was able to buy very small amounts of it until our customer profile grew. But that also means my data moved out of a single hard drive and out of a single set of servers, into other places that are hosted in the cloud. So the entire tech stack that all of our customers are building on means they're distributing personal data into the cloud, into SAS platforms. And there's been a really big move through integration platforms as a service to allow you to spread the personal data quickly. But that same infrastructure can be used to also get you compliant faster, and that's the differentiation. So we built a platform that enables a company to inventory their systems, to track what they're doing in those systems and to both create a compliance record faster by tracking what they're doing inside the cloud and in SAS systems. And that's the different way we've been thinking about it as we've been going to market. >> So, okay. So what actually do you sell, you sell a service? Is it a subscription? >> Yeah. >> And AWS is underneath that, maybe you could put down a picture for us. >> Sure, we're a cloud hosted software as a service. We have two core offerings. One is the WireWheel Trust Access Consent Solution. So if you go to a number of major brands, and you go to their website, when they tell you here's the data we're collecting about you, when they collect your consents and preferences, when they collect a request for data correction or deletion of the data, all the way from the request to delivery back to the consumer, we have an end to end system that our customers use with their customers, a completely cloud hostable in a subscription. So enables even very small startups, to build that experience into their website and into their products, from the very beginning, at a cost efficient point. So if you want to stand up a compliant website or you want to build into your product that Trust Access Consent Solution, we have a SAS platform, and we have developer tools and our developer portal to let you do it quickly. The second thing we do is we have a privacy operations manager. So this is the most security center but for privacy operations. It helps you inventory your systems, actually create data flow maps and most critically create compliance records that you need to comply with, you know the European law, the Brazilian law, and that whole spectrum of U.S. privacy laws that you showed a few minutes ago. And those are the two core offerings we have. >> I love it. I mean, it's the cloud story, right? One is you don't have to spend a millions of dollars on hardware and software. And the second is, when you launch you enable small companies, not just the biggest companies you give them the same, essentially the same services. And that's a great story. Who do you sell to Justin? What does a typical customer engagement look? >> Yeah, we, in many of our customers and in the AWS say startup environment, you often don't have companies that have like a privacy officer. They often don't even have a general counsel. So we sell a package that will often go to whoever is responsible at the company for privacy compliance. And, you know, interestingly Dave in some startups that might be a marketing officer, it might be a CLO, it might be the CTO. So in startups and sort of growing companies, we've put out a lot of guidance, and our core WireWheel developer portal is meant to give even a startup all they need to stand up that experience and get it going, so that when you get that procurement imagine you're about to go sell your product, and they ask you, are you compliant, then you have that document ready to provide. We also do provide this core infrastructure for enormous enterprises. So think telecoms, think top three global technology companies. So Dave, we get excited about is we've built a core software platform privacy infrastructure that is permanently being used by some of the largest companies in the world. And our goal is to get that infrastructure at the right price point into every company in the world, right? We want to enable any company to spend and stand up the right system, that's leveraging that same privacy infrastructure that the big folks have, so that as they scale, they can continue to do the right thing. >> That's awesome. I mean, you mentioned a number of roles of marketing folks. I can even see a sales, let's say sales lead saying, okay we got this deal on the table. How do we get through the procurement because we didn't check the box, all right. So, let me ask you this. We talked a little bit about designing privacy in a and it's clear you help do that. How do you make it, you know fundamental to customer's workloads? Do they have to be like an AWS customer to take advantage of that concept? Or how did they make it part of their workflow? >> Yeah, so there's a couple of critical things. How do you make it part of the workflow? The first thing is, you go to any company's website right now, they have to be compliant with the California law. So a very straightforward thing we do is we can for both B2B and B2C companies stand up an entire customer experience that matches the scale of the company that enables it to be compliant. That means you have a trust center that shows the right information to your customers, it collects the consents, preferences, and it stands up with a portal to request data. These are basics. And for a company that's standing up the internal operations, we can get them app collecting that core record and create a compliance record very fast. With larger companies, Dave you're right. I mean, when you're talking about understanding your entire infrastructure and understanding where you're storing and processing data it could seem overwhelming, but the truth is, the way we onboard our customers is we get you compliance on your product and website first, right? We focus on your product to get that compliance record done. We focus on your website so that you can sell your product. And then we go through the rest of the major systems where you're handling personal information, your sales, your marketing, you know, it's like a natural process. So larger enterprises we have a pretty straightforward way that we get them up and running, but even small startups we can get them to a point of getting them compliant and starting to think about other things very, very quickly. >> And so Justin, you're a government so you understand big, but how I talk about the secret ingredient that allows you to do this at scale and still handle all that diversity, like what we showed in that graphic, the different locations, different local laws, data sovereignty, et cetera. >> Yeah, there's a couple things on the secret source. One is, we have to think about our customers every day. And we had to understand that companies will use whatever their infrastructure is to build. Like you've seen, even on AWS there are so many different services you can use. So number one, we always think with an engineering point of view in mind. Understand the tools, understand the infrastructure in a way that brings that kind of basic visibility to whoever it is that's handling privacy, that basic understanding. The second is, we focused on core user experience for the non-technical user. It's really easy to get started. It's really easy to stand up your privacy page and your privacy policy. It's really easy to collect that and make that first record. The third is, and you know, this is one of those key things. When I was in the government, I met with folks in the intelligence community at one point day, and this always stuck with me. They were telling me that 20 years ago, you know to do the kind of innovation that you have going on now, you would have had to have had a defense contract. You would have had to have invested an enormous amount of money to buy the processing and the services and the team. But the ability for me as a startup founder, to understand the big picture and understand that companies need to be compliant fast, get their website compliant fast, get their product compliant fast, but build on a cloud infrastructure that allowed me to scale was incredible. Because it allows us to do a lot with our customers that a company like ours would have been really challenged to do without that cloud backbone. >> Love this, the agility and the innovation. Last question, give us the company update Justin, you know where are you? What can you share with us, fundraising, head count, are you generating revenue? Where you are? >> Oh yeah, we're excited as I mentioned, we are already the privacy platform of choice of some of the larger brands in the world, which we're very excited about. And we help them solve both the trust, access consent problem for their customers, and we help with the privacy operations management. We recently announced a new $20 million infusion of capital, led by a terrific venture capital fund, ForgePoint Capital. We've been lucky to have been supported by NEA, Sands Capital, Revolution Capital, Pritzker Capital, PSP. And so we have a terrific group of investors behind us. We are scaling, we've grown the company a lot in the last year. Obviously it's been an interesting and challenging year with COVID, but we are really focused on growing our sales team, our marketing team, and we're going to be offering some pretty exciting solutions here for the rest of the year. >> The timing was unbelievable, you had the cloud at your beck and call, you had the experience in government. You've got your background as a lawyer. And it all came in, and the legal come into the forefront of public policy, just a congratulations on all your progress today. We're really looking forward to seeing you guys rocket in the future. I really appreciate you coming on. >> Dave, thanks so much for having me, really enjoyed it. And I look forward to seeing you soon. >> Great, and thank you for watching everyone is Dave Vellante for theCUBE on cloud startups. Keep it right there. (upbeat music)