Building a Cyber Security Company from Israel: Aki Eldar, CEO of Secure Islands (Part 4)

Sramana Mitra: What are the types of data and the sources of data that you’re securing? You talked about email earlier.

Aki Eldar: We’re talking about any unstructured data. Unstructured data could be emails, files, or documents. Regarding your question about the source, it could be any source. It could be any application. It could be any repository on or off-premise. It could be any source of data creation.

Sramana Mitra: What is the architecture of the product? Where does it fit and how does it get deployed?

Aki Eldar: Before I answer your question, I will elaborate a bit about our concept. We are calling it data immunization. We are immunizing that data and making the threat irrelevant. This data immunization contains five elements. The first element is the central policy. We will be able to define policies for the protection. The second one is the interception. It is our ability to intercept any data creation from any source, which is really very important. We are not talking only about office. We are talking about any application whether it’s Salesforce.com or SAP.

The third element is our ability to classify the data based on the central policy, context, and content. This allows us to reach 100% accuracy. This is unique to the industry. No one can really claim such a thing. Because we are analyzing where the data is created, we can be deterministic. The fourth element is the protection itself. We are not developing our own encryption. Encryption is a commodity. There is no need to invest in something that is already in the market and works very well. We decided not to invest in commodity technology. What is needed is how to work with encryption in an enterprise environment.

The fifth element is Big Data analytics where we’re analyzing the risk and the usage of information. This is what we’re calling data immunization. In order to work in an enterprise environment and not to hinder the business process and the IT environment, we must support the entire information lifecycle, which is the interception at the moment of creation and do all the things that I mentioned. We can do it automatically, by system recommendation, or as a last resort by manual classification where the end user needs to classify. This is only the last resort because we can cover most of the sensitive information automatically and transparently to the end user with 100% accuracy.

Sramana Mitra: There are heuristics that you’ve come up with that do that automatic classification. Then there’s a bit of manual stuff which you then transform to automated heuristics as well.

Aki Eldar: It’s not heuristics because in heuristics, there are false positives. Our approach is deterministic because we analyze exactly which application created the file. Let me give you a small example – Excel spreadsheets with hundreds of thousands of names with all the details. It could be either a list of employees or customers. It looks the same. The list for employees can be generated only from the HR model in the SAP. The list of customers can be generated only from the CRM. Because we know how to define which application created the identical spreadsheet, we can distinguish between employees and customers.

Sramana Mitra: That’s a good use case. You explained it very well.

This segment is part 4 in the series : Building a Cyber Security Company from Israel: Aki Eldar, CEO of Secure Islands
1 2 3 4 5 6 7