(upbeat digital music) >> Hey welcome back, get ready. Jeff Frick here with theCUBE. We're in our Palo Alto studio for a Cube Conversation. Again, we love talking with little companies, emerging companies, kind of maybe technology you haven't heard of before and we're excited to have our next guest 'cause he's right in the heart of security space, which is always a hot topic, continues to be a hot topic and will never go away 'cause the bad guys they just keep working hard to try to break everything that we create. So our next guest is Ambuj Kumar, the co-founder and CEO of Fortanix. Ambuj welcome. >> Thank you, Jeff. >> So give, for the people who aren't familiar with Fortanix kind of the basic 101. >> Yeah, so if you look at all the security today, it falls into three categories. One is protecting your data address. So what that means is, if somebody steals your laptop, how do you protect your hard drive from getting exposed? >> Right. >> So we use encryption for that. Similarly, we also use encryption to secure our data in use. So we connect to some bank website and our data goes encrypted through TELUS and so what that means is if somebody's doing wiretapping our data is protected. However once the applications start to run, whether it's in your data center or public cloud, then the data applications are being exposed. So to fix that Runtime vulnerabilities what the industry has done so far is to secure the infrastructure, try to secure the infrastructure and that is $80 billion per year industry. But we have failed to that because infrastructure is just so vastly complex. So what we do is we use something called Runtime encryption and idea is that your data and applications remain encrypted, so even when people who are running your cloud they're untrusted and they want to get your data, they can't do anything with it. >> So, a lot of stuff there to unpack. So first off we know the perimeter systems don't work anymore. >> Yeah >> I mean you got to put them up they do some level of stuff But you can't secure the perimeter anymore. So it is all this kind of working your security >> Yeah and the encryption all the way through the process. But this is pretty interesting I've never heard of encryption actually at Runtime, I mean it begs the question, you know how does the microprocessor run the encrypted data? >> That's right So it's a long research problem in security. People had been working on something called Fully homomorphic encryption and the idea is that: Can I take my program encrypted data encrypted and run in totally untrusted environment and give you the result that you can decrypt. Chances are that you can do that with very simple programs, like if you're adding some numbers, multiplying those numbers and even in those cases slow by many orders of magnitude. So what normally some operations takes one second will it will take three years. >> Okay >> Not good. >> Laughs >> So what we do is we use some new instructions from Intel called Software Guard Extension, Intel SGX and your data and your programs, they get decrypted in a secure region of CPU So all the memory, all the operating systems accessible things, anything that can be touched by any other process, they only can look at encrypted stuff. Your data get decrypted right when instructions are working on them and at that point it is accessible only to your write process. >> Right. >> So you use this hardware capability to accelerate the encryption decryption. So we can provide all the benefits of fully owned morphic encryption at a performance that is totally acceptable to our customers. >> So let me make sure I understand, So it decrypts it literally at the last possible obviously not second >> Yeah but last possible (laughs) in microprocessor time >> Yeah cycle, runs that process and then is write only to the output of that process. And is that immediately encrypted again >> Exactly >> On the write side as well? >> Yeah Yeah, exactly. Exactly. >> (laughs) So you mentioned the Intel instructions So is this relatively new, the SGX? >> Yeah, so we were first vendor to commercialize Intel SGX, its a new technology, but it's coming in all their CPU's so right now it's in all client CPU's, and some of the data centers CPU's But five years from now all the CPU's you will get from Intel will hopefully have this technology >> Right So obviously Skylake >> Yeah Skylake has it and all newer architecture. >> Wow So a little bit more about the company How long you guys been around, how long you been working on this problem you know funding kind of give us the overview on the company. >> Yeah >> So I have been working on encryption for last seven years the company was founded two years ago >> Okay >> We are funded by some well known security VC's including Foundation Capital and NeoTribe Ventures >> Okay >> We are widely recognized as the pioneers in this field that we are creating Runtime encryption. Recognized by Gartner's Cool Vendor we came number two in RSA Innovation Sandbox you know hundreds of security companies. We have several S&P 500 customers already so we are deployed in their products and environment, we are securing trillions of dollars of assets in realtime. Our goal is to convince CIA to run their most prestigious most sensitive applications on some untrusted cloud in some enemy country. >> Laughs >> It's a long shot >> Are you doing like a POC of something like that with them? Are you in active conversations or is that more of kind of a philosophical goal? >> I cannot confirm of deny that >> Okay, fair enough >> But that's our goal. And until we achieve that, we have something to keep working on. >> Okay. And then where do you guys sit kind of in the world of public clouds with AWS and Azure and Google versus either private (mumbles) or multiple clouds inside the company or you know some of these other kind of options like we hear like the Equinix which I think is one of the places >> Yeah >> How's that work? >> Yeah So our goal is to extricate security from infrastructure So in the end, our goal is that infrastructure will provide you compute cycles and the security will come from the customers, end customers who are developing the applications and deploying the applications. >> Right >> So its cloud agnostic security so meaning that we will go after on-prem customers, we'll go after public cloud, colo and all of that >> Right >> So in the meantime for our go-to market what we did was we partnered with two of really well known strong forces in the industry, one is IBM Cloud >> Yeah where IBM is putting this servers and running our technology and with Equinix, which is world's largest data provider and so if you are in any of the public cloud, if you are in IBM cloud you get our security by default so you are continuous running encryption >> Right >> Isolated from all the threats that might be there, or if you are in some other public cloud you can use it Equinix colo so if you have some applications that you don't want to be hacked you can use our SAS service to run those applications encrypted. >> Right And of course Equinix has got the direct connect to all the public clouds >> Yeah >> So minimum latency integration >> Couple of milliseconds. >> with all the other stuff >> in the public cloud. >> Yeah exactly. So what's the expense, both kind of the overhead expense on the computing side to do this when it's done properly and then what's the expense to run this is this something that is expensive can only be used for the most critical applications, or do you see this several times being more general purpose execution? >> So its will be used to secure anything that you don't want to be hacked and the cost of using Runtime encryption is minimal so I expect it to be wisely adopted and we make it really easy for developers and security organizations to use this technology. So you have to bring in your container and then Fortanix process attaches to your container you don't need to recompile your source code we never get to look at your source code there's no binary transfers nothing like that. And then so it's a simple millisecond long process and we give you modified container and now you can take this modified container run on any cloud you want and if it runs it runs securely. From that point onwards. >> Right And today you just have to make sure its got right microprocessor >> Yeah and in the future hopefully that will be more general purpose. >> Yeah >> Alright So what's next? What are you working on, what's a priority for the balance of 2018? >> Yeah, so we have lots of integration work going on VIA World is coming next week We have support for something called Kermit that allows you to secure your estorial box v send et cetera with Fortanix. Now we are also running integration with some data bases some multi party computers and things like that. So our goal is to make our technology more widely available to a large variety of customers. >> Alight, well Ambuj very interesting story, Encryption at Runtime so >> Yeah >> So we look forward to watching the story unfold. >> Awesome, yeah This is a decade long journey and I think when we have done infrastructure security will be irrelevant. So its going to be very exciting for all the parties involved. >> Alright, we'll keep eye, thanks for stopping by. >> Thanks >> Alrighty, Ambuj Kumar You're watching theCube from our Palo Alto studios See you next time. And thanks for watching. (epic orchestra music)