Ionic Security exits stealth, debuts crypto-at-scale data protection

By: Robert Hackett @rhhackett

Link to original article on Fortune:

After more than four years of prep, the security startup has launched a service that claims to have solved the burden of cryptographic key management.

In late 2010, Adam Ghetti—founder and CTO of the security startup Ionic Security that exited so-called “stealth mode” on Tuesday—started building a tool that would allow him to have more control over his information across services like Twitter, Facebook, and Dropbox. He was tired, he says, of implicitly trusting them, of feeling as though he had no insight into what they were doing with his data. He called the program “social fortress.”

“It started with Zuck being a pain in the butt and changing the privacy settings every couple weeks in summer 2010,” Ghetti says of Facebook’s CEO, with a touch of jocularity. What he soon realized, he continues, was that this is more than just a consumer-level issue; large enterprises faced the same challenges. “Executives and operators don’t understand enough about what’s going on and that scares them,” he says.

Ghetti demoed a dummy version of the product to chief information security officers about four years ago. Their response helped persuade him to target the corporate market instead, and for the past two years, his company has worked closely with industry—about a half dozen Fortune 100 companies—to develop the common data protection platform it launched Tuesday.

“The previous architecture of the last 20 years has been to push data through gateways,” says Steve Abbott, the company’s CEO and a former co-founder of PGP Corporation, one of the pioneers of public key cryptography. “But a key tenet is that there is traffic that has to flow through it, and that just doesn’t work in a many-to-many world.”

Security should not cause friction nor bottlenecks, he says. Moats and sandboxes and perimeters are no way to secure a network. “All you need to do is protect the data,” he adds.

Ionic has operated on a trickle-down sales model, working mainly to win over big corporate customers that may make it easier to get the green light from smaller organizations later on. The company’s average customer today—it has 6 spanning industries such as financial services, insurance, energy, retail, and manufacturing—is a Fortune 56 company, Ghetti says, not revealing any names.

“We started off elephant hunting and said that if we couldn’t satisfy them, then this whole point of pivoting into the enterprise for us as a business was moot,” Ghetti says. To date, the company has raised more than $78 million from firms including Kleiner Perkins Caulfield & Byers, Google Ventures, Tech Operators and Jafco Ventures, and Meritech Capital Partners.

A week after visiting the office, Ghetti remotely conducted a demo of Ionic’s platform for Fortune from the company’s headquarters in Atlanta, Ga. The service, it seems, allows one to intuitively manage permissions and privileges of users based on a variety of drop-down menu variables, ranging from geographic location and device, to role within an organization among other filters. The controls work down to the word and sentence level. So a document might appear complete to one person, yet to a higher privileged user it might reveal hidden redactions in the form of layers of highlighted text. (Black and blue for you, white and gold for your VP of sales, a prismatic layer cake for your board of directors—but only while they’re physically present in the boardroom.)

Less conspicuously, on a social service like Yammer, a post may read: “** RESTRICTED CONTENT **”.

“Folks are scared of breaches, they’re scared of the cloud, and they’re scared of the insider,” Ghetti says. “With Ionic we make network breaches no longer mean data breaches; we make insecure cloud no longer mean insecure enterprise data; we make privileged insiders who have access to your devices and your applications no longer have privileged access to your data.”

Ionic is now about a 130-person company with about 100 people in tech roles and the rest in customer sales, management and overall operations. Within the next couple of years, Ghetti plans for the company to offer a consumer-facing freemium service, although the details have yet to be ironed out.

Ionic is not alone in its mission. Last week another company, Vera (formerly Veradocs), exited stealth with a similar key management platform that works alongside cloud services like Google Drive and Box, just like Ionic. But Vera, which in fall 2014 raised $14 million in a Series A round led by Battery Ventures, focuses instead on encrypting entire files rather than the granular level of textual control offered by Ionic. CEO and co-founder Ajay Arora tells Fortune that he recently dropped “docs” in the company’s name to reflect the company’s ability to secure files beyond documents.

Ionic—a word that describes a type of tight chemical bond–hints at Ghetti’s ambitions, too. “We’re securing every atomic piece of data across all parties at the scale of internet,” he says.