“You may’t hack what isn’t there,” Very Good Security co-founder Mahmoud Abdelkader tells me. His startup assumes the legal responsibility of storing delicate information for different firms, substituting dummy bank card or Social Safety numbers for the true ones. Then when the information must be moved or operated on, VGS injects the unique information with out shoppers having to vary their code.
It’s basically an information financial institution that permits companies to cease storing confidential information beneath their unsecured mattress. Or you may consider it as Amazon Net Companies for information as an alternative of servers. Given all of the high-profile breaches of late, it’s clear that many firms can’t be trusted to deal with delicate information. Andreessen Horowitz is betting that they’d relatively go away it to an professional.
That’s why the well-known enterprise agency is main an $8.5 million Series A for VGS, and its accomplice Alex Rampell is becoming a member of the board. The spherical additionally contains NYCA, Vertex Ventures, Sluggish Ventures and PayPal mafioso Max Levchin. The money builds on VGS’ $1.four million seed spherical, and can pay for its first large advertising initiative and extra salespeople.
“Hey! Cease doing this your self!,” Abdelkader asserts. “Put it on VGS and we’ll allow you to function in your information as if you happen to possess it with not one of the legal responsibility.” Whereas no information is ever 100 p.c unhackable, placing it in VGS’ meticulously secured vaults means shoppers don’t need to turn out to be safety geniuses themselves and as an alternative can deal with what’s distinctive to their enterprise.
“Privateness is part of the UN Declaration of Human Rights. We must always have the ability to construct progressive functions with out sacrificing our privateness and safety,” says Abdelkader. He bought his begin within the business by reverse-engineering video games like StarCraft to construct cheats and coach software program. However after finding out discrete arithmetic, cryptology and quantity principle, he craved a headier problem.
Abdelkader co-founded Y Combinator-backed payment system Balanced in 2010, which additionally raised money from Andreessen. However out-muscled by Stripe, Balanced shut down in 2015. Whereas transitioning clients over to fellow YC alumni Stripe, Balanced acquired curiosity from different firms wanting it to retailer their information in order that they could possibly be PCI-compliant.
Now Abdelkader and his VP from Balanced, Marshall Jones, have returned with VGS to promote that as a service. It’s concentrating on startups that deal with information like cost card info, Social Safety numbers and medical information, although finally it might invade the bigger enterprise market. It will probably rapidly assist these shoppers obtain compliance certifications for PCI, SOC2, EI3PA, HIPAA and different requirements.
VGS’ innovation is available in changing this information with “format preserving aliases” which might be privateness secure. “Your app code doesn’t know the distinction between this and really delicate information,” Abdelkader explains. In 30 minutes of integration, apps could be reworked to route site visitors via VGS with out ever speaking to a salesman. VGS locks up the true strings and sends the aliases to you as an alternative, then intercepts these aliases and swaps them with the originals when crucial.
“We don’t truly see your information that you simply vault on VGS,” Abdelkader tells me. “It’s mainly modeled after jail. The property are saved in isolation.” Which means a enterprise’ differentiator is their enterprise logic, not the way in which they retailer information.
For instance, fintech startup LendUp works with VGS to challenge digital bank card numbers which might be changed with faux numbers in LendUp’s databases. That method if it’s hacked, customers’ don’t get their playing cards stolen. However when these card numbers are despatched to a processor to really make a cost, the true card numbers are subbed in last-minute.
VGS expenses per information document and operation, with the primary 500 information and 100,000 delicate API calls free; $20 a month will get shoppers double that, after which they pay four cent per document and a pair of cents per operation. VGS supplies entry to insurance coverage too, working with quite a lot of underwriters. It begins with $1 million insurance policies that may be a lot bigger for Fortune 500s and different large firms, which could need $20 million per incident.
Clearly, VGS must be obsessive about its personal safety. A breach of its vaults might kill its model. “I don’t sleep. I fear I’ll miss one thing. Are we a large honey pot?,” Abdelkader wonders. “We’ve invested a major quantity of our cash into 24/7 monitoring for intrusions.”
Past the specter of hackers, VGS additionally has to battle with others choosing away at a part of its stack or attempting to compete with the entire, like TokenEx, HP’s Voltage, Thales’ Vormetric, Oracle and extra. But it surely’s do-it-yourself safety that’s the established order and what VGS is actually attempting to disrupt.
However VGS has an enormous accruing benefit. Every time it really works with a shoppers’ companions like Experian or TransUnion for an organization working with credit score checks, it already has a relationship with them the following time one other shoppers has to attach with these companions. Abdelkader hopes that, “Successfully, we turn out to be a typical of information safety and privateness. All of the establishments will simply say ‘why don’t you utilize VGS?’”
That normal solely works if it’s consistently evolving to win the cat-and-mouse sport versus attackers. Whereas an organization is worrying in regards to the explicit worth it provides to the world, these clever human adversaries can discover a weak hyperlink of their safety — costing them a fortune and ruining their relationships. “I’m promoting belief,” Abdelkader concludes. That peace of thoughts is commonly well worth the value.