Los Gatos, Calif-based data protection and privacy firm Titaniam has raised $6 million seed funding from Refinery Ventures, with participation from Fusion Fund, Shasta Ventures and individual investors. Titaniam seeks to square the circle between data protection and data usability.
Encryption is the current standard for sensitive data protection. If encrypted data is lost without the decryption keys, it cannot be considered lost. But encrypted data also loses much of its value to the data owner – it can be neither searched nor processed without decryption.
“At a basic level,” Titaniam founder and CEO Arti Raman told SecurityWeek, “encryption is not searchable – so, if you need to both protect and use the data, you have a problem.” Encrypted data is effectively immune to ransomware’s exfiltration extortion, general cyberattacks, insider threats and accidental exposure – but at the same time, it is almost as useless to the keeper as it is to the criminals.
“So, the first thing Titaniam developed,” she continued, “is high performance encrypted search and analytics.” Most of the pertinent data is kept in large scale databases. “We figured out how to work with the big data indexes without needing to decrypt anything. That’s the basis.”
With Titaniam in use, even a privileged intruder will only see encrypted data. Decryption is only applied as required by specific downstream systems and functions and limited to what is required. “We keep valuable data secure, whether it is on the move, in storage, or being actively used in applications,” said Raman. “We built a unique platform, got it certified, and helped numerous organizations protect their data in the face of relentless cyberattacks.”
When the data needs to be processed, it can be released to the downstream functions in any of nine different privacy preserving formats – some functions might require certain fields to be decrypted or masked or tokenized. “When you do your daily processing, you have a choice on how to release the data to the functions,” she continued. “You can apply some pretty granular privacy policies while having closed the biggest weakness in the attack chain – stolen administrator credentials.”
The acid test for privacy protection is whether it can stand up to GDPR’s Schrems II ruling. At its heart, this ruling states that if US law enforcement or intelligence agencies can gain access to European personal data via FISA 720, it contravenes GDPR. By keeping the data encrypted, PII cannot simply be subpoenaed in a meaningful form – which just leaves the keys. Titaniam’s recommendation here is for the keys to be kept in a separate third-party vault. The customer, not Titaniam, is responsible for the keys – and private procedures can be put in place to make it difficult if not impossible for law enforcement to obtain them. On the surface, Titaniam can go a long way to satisfying Schrems II requirements: allowing the customer to both store and process European personal data.
Titaniam’s encryption is all powered by NIST-approved and patented innovations. The system provides visibility into data that was accessed, observed, or exfiltrated, and delivers field-level documentation certifying that throughout any attack, the protected data retained strong encryption, regardless of access privilege.
The new funding, says Titaniam, will be used to support ‘an aggressive sales expansion and further product innovations.’
Related: Enterprise Data Privacy Startup Piiano Emerges From Stealth Mode
Related: Solving the Right to be Forgotten Problem
Related: Europe’s Hypocrisy Over Personal Data Privacy Exposed
Related: Austrian Regulator Says Google Analytics Contravenes GDPR

Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.
More from Kevin Townsend
- OWASP’s 2023 API Security Top 10 Refines View of API Risks
- Zoom Expands Privacy Options for European Customers
- SBOMs – Software Supply Chain Security’s Future or Fantasy?
- Threat Actor Abuses SuperMailer for Large-scale Phishing Campaign
- Quantum Decryption Brought Closer by Topological Qubits
- IBM Delivers Roadmap for Transition to Quantum-safe Cryptography
- CISO Conversations: HP and Dell CISOs Discuss the Role of the Multi-National Security Chief
- Court Rules in Favor of Merck in $1.4 Billion Insurance Claim Over NotPetya Cyberattack
Latest News
- VMware Plugs Critical Flaws in Network Monitoring Product
- Hackers Issue ‘Ultimatum’ Over Payroll Data Breach
- US, Israel Provide Guidance on Securing Remote Access Software
- OWASP’s 2023 API Security Top 10 Refines View of API Risks
- Android’s June 2023 Security Update Patches Exploited Arm GPU Vulnerability
- ChatGPT Hallucinations Can Be Exploited to Distribute Malicious Code Packages
- Blumira Raises $15 Million for SMB-Tailored XDR Platform
- Microsoft Will Pay $20M to Settle US Charges of Illegally Collecting Children’s Data
