SecureDB Offers Encryption as a Service
SecureDB, a company in the encryption-as-a-service space, has been up and running for about a year. After going through an intensive cybersecurity accelerator program in Washington, D.C., called MACH37, SecureDB got down to the nitty-gritty of building its product, says Founder and CEO Karthik Bhat during a telephone interview earlier this fall. When it finished building the product, SecureDB launched into sell mode.
"Our product has been very well liked among developers," says Bhat. "I'm really glad that we're tackling this problem because I always believe that the more difficult the problem you're trying to solve, the more fun it is."
Learn Cloud Security
During the aforementioned interview, InfoSec Institute asked Bhat about what exactly the company does, what makes its offering unique, and why developers should sit up and take notice. What follows is a portion of the interview.
1. What does SecureDB do?
SecureDB is an encryption-as-a-service company. So what we do is we help developers and young companies and other start-ups to encrypt and store the data in the cloud. So we have three main modules. The first one is to encrypt and store user profile data like customer data. The second one is to encrypt and install other relation data like…stuff that you use for your app, and the third one is to encrypt and store files. So those are the three modules that we support. So to come back to your question as to what does it actually do, we have APIs, restful APIs, that we expose to developers. When developers are building their applications, mobile apps, web apps, IoT apps, they call our restful APIs and our restful APIs encrypt any incoming data and store it in an encrypted database. When the developer's application requests that data, that data gets automatically decrypted and sent back to the application. So, in a nutshell, a developer can build a fully encrypted database in about 10 minutes.
2. What were the reasons behind your founding the company? Were you hoping to fill a need in the market that otherwise wasn't being met?
Pre-2013…was really the beginning of the hacking season, if you may. That's when the mega breaches started happening. I classify mega breach as anything that has millions of records exposed. And I saw one very specific trend in all these breaches – the data that was breached was always in clear text. It was not encrypted. And some of these companies that were getting breached were Fortune 500 companies, companies with deep pockets. And then I started thinking, what about the little guy? What about the start-ups? What about a small or medium business? Where are the tools for these companies to encrypt data? That's why we started SecureDB.
3. What sets your company apart from the competition out there?
I think the security focus is unique. When it comes to these breaches in information security, we've lost innocence. The 80s, 90s and the last decade – I think those were innocent times. It's no longer the case today. Every application must have strong data encryption addressed…and that's exactly what we provide. We provide one thing and one thing only – strong data protection….We have a cloud offering and also an on-premise offering.
4. What specific problem(s) will SecureDB help web and application developers to solve?
When it comes to implementing encryption, the problem has always been its cost, its complexity, its time to market. Implementing encryption is an expensive [endeavor]. The key management solutions need to be baked in and it is expensive because you need to hire specialized developers…, and it always pushes your time to market to the right because now all of a sudden you need to implement something really complicated that needs to be tested very thoroughly and also pentested….As a result, a lot of companies don't encrypt at all, and that's the problem we're trying to solve. We're telling developers, 'Here are easy-to-use APIs. Go and implement encryption in 10 minutes.' That's exactly the problem we're solving. There's a friction in the market today when it comes to encryption and we're shaking that friction away. We're telling developers, 'Hey, you want to encrypt something? Go ahead. 10 minutes straight and you're done. You're data is encrypted in the database.'
5. As CEO of the company, do you find that developers are as aware as they should be about the need for encryption or is it part of your job to educate them about this?
I think developers are getting better. Of all the time that we've been doing this demo, no one has said, 'This is not something we need.' Everybody knows that encryption is something they should be baking into their application and for the last 10, 20, 30 years what cryptographers could not do, these breaches have done it. It has raised the awareness among developers to such an extent that they see something like SecureDB and they say, 'Thank God this product is there now.' From an education perspective, I think developers have been extremely sensitized over the last two or three years.
6. What about the learning curve for using SecureDB?
For SecureDB, it's just restful APIs; there's nothing else to learn. Almost every developer already knows how to call restful APIs….There are a lot of articles out there that say that the reason encryption is not being adopted by developers is the lack of tools, and we've solved that problem.
While there are lots of things SecureDB can do, Bhat cautions that there are definitely certain things that developers should not expect of the product.
Learn Cloud Security
"We've always been very clear that SecureDB is not a silver bullet," says Bhat, adding that the FAQ section on the company's website addresses this very issue.