Los Gatos, Calif-based data protection and privacy firm Titaniam has raised $6 million seed funding from Refinery Ventures, with participation from Fusion Fund, Shasta Ventures and individual investors. Titaniam seeks to square the circle between data protection and data usability.
Encryption is the current standard for sensitive data protection. If encrypted data is lost without the decryption keys, it cannot be considered lost. But encrypted data also loses much of its value to the data owner – it can be neither searched nor processed without decryption.
“At a basic level,” Titaniam founder and CEO Arti Raman told SecurityWeek, “encryption is not searchable – so, if you need to both protect and use the data, you have a problem.” Encrypted data is effectively immune to ransomware’s exfiltration extortion, general cyberattacks, insider threats and accidental exposure – but at the same time, it is almost as useless to the keeper as it is to the criminals.
“So, the first thing Titaniam developed,” she continued, “is high performance encrypted search and analytics.” Most of the pertinent data is kept in large scale databases. “We figured out how to work with the big data indexes without needing to decrypt anything. That’s the basis.”
With Titaniam in use, even a privileged intruder will only see encrypted data. Decryption is only applied as required by specific downstream systems and functions and limited to what is required. “We keep valuable data secure, whether it is on the move, in storage, or being actively used in applications,” said Raman. “We built a unique platform, got it certified, and helped numerous organizations protect their data in the face of relentless cyberattacks.”
When the data needs to be processed, it can be released to the downstream functions in any of nine different privacy preserving formats – some functions might require certain fields to be decrypted or masked or tokenized. “When you do your daily processing, you have a choice on how to release the data to the functions,” she continued. “You can apply some pretty granular privacy policies while having closed the biggest weakness in the attack chain – stolen administrator credentials.”
The acid test for privacy protection is whether it can stand up to GDPR’s Schrems II ruling. At its heart, this ruling states that if US law enforcement or intelligence agencies can gain access to European personal data via FISA 720, it contravenes GDPR. By keeping the data encrypted, PII cannot simply be subpoenaed in a meaningful form – which just leaves the keys. Titaniam’s recommendation here is for the keys to be kept in a separate third-party vault. The customer, not Titaniam, is responsible for the keys – and private procedures can be put in place to make it difficult if not impossible for law enforcement to obtain them. On the surface, Titaniam can go a long way to satisfying Schrems II requirements: allowing the customer to both store and process European personal data.
Titaniam’s encryption is all powered by NIST-approved and patented innovations. The system provides visibility into data that was accessed, observed, or exfiltrated, and delivers field-level documentation certifying that throughout any attack, the protected data retained strong encryption, regardless of access privilege.
The new funding, says Titaniam, will be used to support ‘an aggressive sales expansion and further product innovations.’
Related: Enterprise Data Privacy Startup Piiano Emerges From Stealth Mode
Related: Solving the Right to be Forgotten Problem
Related: Europe’s Hypocrisy Over Personal Data Privacy Exposed
Related: Austrian Regulator Says Google Analytics Contravenes GDPR