Feb
06
2019
--

vArmour, a security startup focused on multi-cloud deployments, raises $44M

As more organizations move to cloud-based IT architectures, a startup that’s helping them secure that data in an efficient way has raised some capital. vArmour, which provides a platform to help manage security policies across disparate public and private cloud environments in one place, is announcing today that it has raised a growth round of $44 million.

The funding is being led by two VCs that specialise in investments into security startups, AllegisCyber and NightDragon.

CEO Tim Eades said that also participating are “two large software companies” as strategic investors that vArmour works with on a regular basis but asked not to be named. (You might consider that candidates might include some of the big security vendors in the market, as well as the big cloud services providers.) This Series E brings the total raised by vArmour to $127 million.

When asked, Eades said the company would not be disclosing its valuation. That lack of transparency is not uncommon among startups, but perhaps especially should be expected at a business that operated in stealth for the first several years of its life.

According to PitchBook, vArmour was valued at $420 million when it last raised money, a $41 million round in 2016. That would put the startup’s valuation at $464 million with this round, if everything is growing at a steady pace, or possibly more if investors are keen to tap into what appears to be a growing need.

That growing need might be summarised like this: We’re seeing a huge migration of IT to cloud-based services, with public cloud services set to grow 17.3 percent in 2019. A large part of those deployments — for companies typically larger than 1,000 people — are spread across multiple private and public clouds.

This, in turn, has opened a new front in the battle to secure data amid the rising threat of cybercrime. “We believe that hybrid cloud security is a market valued somewhere between $6 billion and $8 billion at the moment,” said Eades. Cybercrime has been estimated by McAfee to cost businesses $600 billion annually worldwide. Accenture is even more bullish on the impact; it puts the impact on companies at $5.2 trillion over the next five years.

The challenge for many organizations is that they store information and apps across multiple locations — between seven and eight data centers on average for, say, a typical bank, Eades said. And while that may help them hedge bets, save money and reach some efficiencies, that lack of cohesion also opens the door to security loopholes.

“Organizations are deploying multiple clouds for business agility and reduced cost, but the rapid adoption is making it a nightmare for security and IT pros to provide consistent security controls across cloud platforms,” said Bob Ackerman, founder and managing director at AllegisCyber, in a statement. “vArmour is already servicing this need with hundreds of customers, and we’re excited to help vArmour grow to the next stage of development.”

vArmour hasn’t developed a security service per se, but it is among the companies — Cisco and others are also competing with it — that are providing a platform to help manage security policies across these disparate locations. That could either mean working on knitting together different security services as delivered in distinct clouds, or taking a single security service and making sure it works the same policies across disparate locations, or a combination of both of those.

In other words, vArmour takes something that is somewhat messy — disparate security policies covering disparate containers and apps — and helps to hand it in a more cohesive and neat way by providing a single way to manage and provision compliance and policies across all of them.

This not only helps to manage the data but potentially can help halt a breach by letting an organization put a stop in place across multiple environments.

“From my experience, this is an important solution for the cloud security space,” said Dave DeWalt, founder of NightDragon, in a statement. “With security teams now having to manage a multitude of cloud estates and inundated with regulatory mandates, they need a simple solution that’s capable of continuous compliance. We haven’t seen anyone else do this as well as vArmour.”

Eades said that one big change for his company in the last couple of years has been that, as cloud services have grown in popularity, vArmour has been putting in place a self-service version of the main product, the vArmour Application Controller, to better target smaller organizations. It’s also been leaning heavily on channel partners (Telstra, which led its previous round, is one strategic of this kind) to help with the heavy lifting of sales.

vArmour isn’t disclosing revenues or how many customers it has at the moment, but Eades said that it’s been growing at 100 percent each year for the last two and has “way more than 100 customers,” ranging from hospitals and churches through to “8-10 of the largest service providers and over 25 financial institutions.”

At this rate, he said the plan will be to take the company public in the next couple of years.

Feb
05
2019
--

Backed by Benchmark, Blue Hexagon just raised $31 million for its deep learning cybersecurity software

Nayeem Islam spent nearly 11 years with chipmaker Qualcomm, where he founded its Silicon Valley-based R&D facility, recruited its entire team and oversaw research on all aspects of security, including applying machine learning on mobile devices and in the network to detect threats early.

Islam was nothing if not prolific, developing a system for on-device machine learning for malware detection, libraries for optimizing deep learning algorithms on mobile devices and systems for parallel compute on mobile devices, among other things.

In fact, because of his work, he also saw a big opportunity in better protecting enterprises from cyberthreats through deep neural networks that are capable of processing every raw byte within a file and that can uncover complex relations within data sets. So two years ago, Islam and Saumitra Das, a former Qualcomm engineer with 330 patents to his name and another 450 pending, struck out on their own to create Blue Hexagon, a now 30-person Sunnyvale, Calif.-based company that is today disclosing it has raised $31 million in funding from Benchmark and Altimeter.

The funding comes roughly one year after Benchmark quietly led a $6 million Series A round for the firm.

So what has investors so bullish on the company’s prospects, aside from its credentialed founders? In a word, speed, seemingly. According to Islam, Blue Hexagon has created a real-time, cybersecurity platform that he says can detect known and unknown threats at first encounter, then block them in “sub seconds” so the malware doesn’t have time to spread.

The industry has to move to real-time detection, he says, explaining that four new and unique malware samples are released every second, and arguing that traditional security methods can’t keep pace. He says that sandboxes, for example, meaning restricted environments that quarantine cyberthreats and keep them from breaching sensitive files, are no longer state of the art. The same is true of signatures, which are mathematical techniques used to validate the authenticity and integrity of a message, software or digital document but are being bypassed by rapidly evolving new malware.

Only time will tell if Blue Hexagon is far more capable of identifying and stopping attackers, as Islam insists is the case. It is not the only startup to apply deep learning to cybersecurity, though it’s certainly one of the first. Critics, some who are protecting their own corporate interests, also worry that hackers can foil security algorithms by targeting the warning flags they look for.

Still, with its technology, its team and its pitch, Blue Hexagon is starting to persuade not only top investors of its merits, but a growing — and broad — base of customers, says Islam. “Everyone has this issue, from large banks, insurance companies, state and local governments. Nowhere do you find someone who doesn’t need to be protected.”

Blue Hexagon can even help customers that are already under attack, Islam says, even if it isn’t ideal. “Our goal is to catch an attack as early in the kill chain as possible. But if someone is already being attacked, we’ll see that activity and pinpoint it and be able to turn it off.”

Some damage may already be done, of course. It’s another reason to plan ahead, he says. “With automated attacks, you need automated techniques.” Deep learning, he insists, “is one way of leveling the playing field against attackers.”

Feb
05
2019
--

Databricks raises $250M at a $2.75B valuation for its analytics platform

Databricks, the company founded by the original team behind the Apache Spark big data analytics engine, today announced that it has raised a $250 million Series E round led by Andreessen Horowitz. Coatue Management, Green Bay Ventures, Microsoft and NEA, also participated in this round, which brings the company’s total funding to $498.5 million. Microsoft’s involvement here is probably a bit of a surprise, but it’s worth noting that it also worked with Databricks on the launch of Azure Databricks as a first-party service on the platform, something that’s still a rarity in the Azure cloud.

As Databricks also today announced, its annual recurring revenue now exceeds $100 million. The company didn’t share whether it’s cash flow-positive at this point, but Databricks CEO and co-founder Ali Ghodsi shared that the company’s valuation is now $2.75 billion.

Current customers, which the company says number around 2,000, include the likes of Nielsen, Hotels.com, Overstock, Bechtel, Shell and HP.

“What Ali and the Databricks team have built is truly phenomenal,” Green Bay Ventures co-founder Anthony Schiller told me. “Their success is a testament to product innovation at the highest level. Databricks is without question best-in-class and their impact on the industry proves it. We were thrilled to participate in this round.”

While Databricks is obviously known for its contributions to Apache Spark, the company itself monetizes that work by offering its Unified Analytics platform on top of it. This platform allows enterprises to build their data pipelines across data storage systems and prepare data sets for data scientists and engineers. To do this, Databricks offers shared notebooks and tools for building, managing and monitoring data pipelines, and then uses that data to build machine learning models, for example. Indeed, training and deploying these models is one of the company’s focus areas these days, which makes sense, given that this is one of the main use cases for big data, after all.

On top of that, Databricks also offers a fully managed service for hosting all of these tools.

“Databricks is the clear winner in the big data platform race,” said Ben Horowitz, co-founder and general partner at Andreessen Horowitz, in today’s announcement. “In addition, they have created a new category atop their world-beating Apache Spark platform called Unified Analytics that is growing even faster. As a result, we are thrilled to invest in this round.”

Ghodsi told me that Horowitz was also instrumental in getting the company to re-focus on growth. The company was already growing fast, of course, but Horowitz asked him why Databricks wasn’t growing faster. Unsurprisingly, given that it’s an enterprise company, that means aggressively hiring a larger sales force — and that’s costly. Hence the company’s need to raise at this point.

As Ghodsi told me, one of the areas the company wants to focus on is the Asia Pacific region, where overall cloud usage is growing fast. The other area the company is focusing on is support for more verticals like mass media and entertainment, federal agencies and fintech firms, which also comes with its own cost, given that the experts there don’t come cheap.

Ghodsi likes to call this “boring AI,” since it’s not as exciting as self-driving cars. In his view, though, the enterprise companies that don’t start using machine learning now will inevitably be left behind in the long run. “If you don’t get there, there’ll be no place for you in the next 20 years,” he said.

Engineering, of course, will also get a chunk of this new funding, with an emphasis on relatively new products like MLFlow and Delta, two tools Databricks recently developed and that make it easier to manage the life cycle of machine learning models and build the necessary data pipelines to feed them.

Feb
04
2019
--

Workplace messaging platform Slack has confidentially filed to go public

Slack, the provider of workplace communication and collaboration tools, has submitted paperwork with the Securities and Exchange Commission to go public later this year, the company announced on Monday.

This is its first concrete step toward becoming a publicly listed company, five years after it launched.

Headquartered in San Francisco, Slack has raised more than $1 billion in venture capital investment, including a $427 million funding round in August. The round valued the business at $7.1 billion, cementing its position as one of the most valuable privately held businesses in the U.S.

The company counted 10 million daily active users around the world and 85,000 paying users as of January 2019. According to data provided (via email) by SensorTower, Slack’s new users on mobile increased roughly 21 percent last quarter compared to Q4 2017, while total installs on mobile grew 24 million. The company recorded 8 million installs in 2018, up 21 percent year-over-year.

Slack’s investors include SoftBank’s Vision Fund, Dragoneer Investment Group, General Atlantic, T. Rowe Price Associates, Wellington Management, Baillie Gifford, Social Capital and IVP, as well as early investors Accel and Andreessen Horowitz.

Slack is one of several tech unicorns on deck to go public this year. Uber and Lyft have both similarly filed confidentially to go public in what are expected to be traditional initial public offerings. Slack, however, is expected to pursue a direct listing, following in Spotify’s footsteps. Instead of issuing new shares, Slack will sell directly to the market existing shares held by insiders, employees and investors, a move that will allow it to bypass a roadshow and some of Wall Street’s exorbitant IPO fees.

Feb
04
2019
--

Chicago RPA startup Catalytic hauls in $30M Series B

Robotics process automation (RPA) is as hot as any enterprise technology at the moment, as companies look for ways to marry their legacy systems with a more modern flavor of automation. Catalytic, a startup from the Midwest, is putting its own flavor on RPA, aiming at more unstructured data. Today it was rewarded with a $30 million Series B investment.

The investment was led by Intel Capital, with participation from Redline Capital and existing investors NEA, Boldstart and Hyde Park Angel. Today’s round brings the total raised to almost $42 million, according to the company.

RPA helps automate highly mundane processes. Sean Chou, Catalytic co-founder and CEO, says there are a couple of ways his company’s solution diverts from his competition, which includes companies like Blue Prism, Automation Anywhere and UIPath.

For starters, Chou says, his company’s solution concentrates on unstructured data, like pulling information from documents or emails using a variety of techniques, depending on requirements. It could be old-fashioned scanning and OCR or more modern natural language process (NLP) to “read” the document, depending on requirements.

It is designed like all RPA tools to take humans out of the loop when it comes to the most mundane business processes, but, as Chou says, his company wants human employees in the loop whenever needed, whether that’s exception processing or tasks that are simply too challenging to program at the moment.

The company launched in 2015 using money Chou had earned from the sale of his previous company, Fieldglass, which he had sold the previous year to SAP for more than $1 billion dollars. Fieldglass helped with outsourcing, and as Chou developed that company, he saw a growing problem around automating certain tedious business processes, especially when they touched legacy systems inside an organization. He raised $3.1 million in seed money from Boldstart Ventures in NYC in 2016 and began building out the product in earnest.

Today, Catalytic has a dozen customers, including Bosch, the German manufacturing conglomerate. It employs 60 people in its Chicago headquarters. While its investors come from the coasts, Catalytic is building a company in the heart of the Midwest, a part of the country that has often been left out of the startup economy.

With $30 million, Catalytic can begin expanding the number of employees, including helping service its large customers, building out it partner network with other software companies and systems integrators and bringing in more engineering talent to continue building out the product.

The product is offered on a subscription basis as a cloud service.

Jan
29
2019
--

Timescale announces $15M investment and new enterprise version of TimescaleDB

It’s a big day for Timescale, makers of the open-source time-series database, TimescaleDB. The company announced a $15 million investment and a new enterprise version of the product.

The investment is technically an extension of the $12.4 million Series A it raised last January, which it’s referring to as A1. Today’s round is led by Icon Ventures, with existing investors Benchmark, NEA and Two Sigma Ventures also participating. With today’s funding, the startup has raised $31 million.

Timescale makes a time-series database. That means it can ingest large amounts of data and measure how it changes over time. This comes in handy for a variety of use cases, from financial services to smart homes to self-driving cars — or any data-intensive activity you want to measure over time.

While there are a number of time-scale database offerings on the market, Timescale co-founder and CEO Ajay Kulkarni says that what makes his company’s approach unique is that it uses SQL, one of the most popular languages in the world. Timescale wanted to take advantage of that penetration and build its product on top of Postgres, the popular open-source SQL database. This gave it an offering that is based on SQL and is highly scalable.

Timescale admittedly came late to the market in 2017, but by offering a unique approach and making it open source, it has been able to gain traction quickly. “Despite entering into what is a very crowded database market, we’ve seen quite a bit of community growth because of this message of SQL and scale for time series,” Kulkarni told TechCrunch.

In just over 22 months, the company has more than a million downloads and a range of users from older guard companies like Charter, Comcast and Hexagon Mining to more modern companies like Nutanix and and TransferWise.

With a strong base community in place, the company believes that it’s now time to commercialize its offering, and in addition to an open-source license, it’s introducing a commercial license. “Up until today, our main business model has been through support and deployment assistance. With this new release, we also will have enterprise features that are available with a commercial license,” Kulkarni explained.

The commercial version will offer a more sophisticated automation layer for larger companies with greater scale requirements. It will also provide better lifecycle management, so companies can get rid of older data or move it to cheaper long-term storage to reduce costs. It’s also offering the ability to reorder data in an automated fashion when that’s required, and, finally, it’s making it easier to turn the time series data into a series of data points for analytics purposes. The company also hinted that a managed cloud version is on the road map for later this year.

The new money should help Timescale continue fueling the growth and development of the product, especially as it builds out the commercial offering. Timescale, which was founded in 2015 in NYC, currently has 30 employees. With the new influx of cash, it expects to double that over the next year.

Jan
26
2019
--

Has the fight over privacy changed at all in 2019?

Few issues divide the tech community quite like privacy. Much of Silicon Valley’s wealth has been built on data-driven advertising platforms, and yet, there remain constant concerns about the invasiveness of those platforms.

Such concerns have intensified in just the last few weeks as France’s privacy regulator placed a record fine on Google under Europe’s General Data Protection Regulation (GDPR) rules which the company now plans to appeal. Yet with global platform usage and service sales continuing to tick up, we asked a panel of eight privacy experts: “Has anything fundamentally changed around privacy in tech in 2019? What is the state of privacy and has the outlook changed?” 

This week’s participants include:

TechCrunch is experimenting with new content forms. Consider this a recurring venue for debate, where leading experts – with a diverse range of vantage points and opinions – provide us with thoughts on some of the biggest issues currently in tech, startups and venture. If you have any feedback, please reach out: Arman.Tabatabai@techcrunch.com.


Thoughts & Responses:


Albert Gidari

Albert Gidari is the Consulting Director of Privacy at the Stanford Center for Internet and Society. He was a partner for over 20 years at Perkins Coie LLP, achieving a top-ranking in privacy law by Chambers, before retiring to consult with CIS on its privacy program. He negotiated the first-ever “privacy by design” consent decree with the Federal Trade Commission. A recognized expert on electronic surveillance law, he brought the first public lawsuit before the Foreign Intelligence Surveillance Court, seeking the right of providers to disclose the volume of national security demands received and the number of affected user accounts, ultimately resulting in greater public disclosure of such requests.

There is no doubt that the privacy environment changed in 2018 with the passage of California’s Consumer Privacy Act (CCPA), implementation of the European Union’s General Data Protection Regulation (GDPR), and new privacy laws enacted around the globe.

“While privacy regulation seeks to make tech companies betters stewards of the data they collect and their practices more transparent, in the end, it is a deception to think that users will have more “privacy.””

For one thing, large tech companies have grown huge privacy compliance organizations to meet their new regulatory obligations. For another, the major platforms now are lobbying for passage of a federal privacy law in the U.S. This is not surprising after a year of privacy miscues, breaches and negative privacy news. But does all of this mean a fundamental change is in store for privacy? I think not.

The fundamental model sustaining the Internet is based upon the exchange of user data for free service. As long as advertising dollars drive the growth of the Internet, regulation simply will tinker around the edges, setting sideboards to dictate the terms of the exchange. The tech companies may be more accountable for how they handle data and to whom they disclose it, but the fact is that data will continue to be collected from all manner of people, places and things.

Indeed, if the past year has shown anything it is that two rules are fundamental: (1) everything that can be connected to the Internet will be connected; and (2) everything that can be collected, will be collected, analyzed, used and monetized. It is inexorable.

While privacy regulation seeks to make tech companies betters stewards of the data they collect and their practices more transparent, in the end, it is a deception to think that users will have more “privacy.” No one even knows what “more privacy” means. If it means that users will have more control over the data they share, that is laudable but not achievable in a world where people have no idea how many times or with whom they have shared their information already. Can you name all the places over your lifetime where you provided your SSN and other identifying information? And given that the largest data collector (and likely least secure) is government, what does control really mean?

All this is not to say that privacy regulation is futile. But it is to recognize that nothing proposed today will result in a fundamental shift in privacy policy or provide a panacea of consumer protection. Better privacy hygiene and more accountability on the part of tech companies is a good thing, but it doesn’t solve the privacy paradox that those same users who want more privacy broadly share their information with others who are less trustworthy on social media (ask Jeff Bezos), or that the government hoovers up data at rate that makes tech companies look like pikers (visit a smart city near you).

Many years ago, I used to practice environmental law. I watched companies strive to comply with new laws intended to control pollution by creating compliance infrastructures and teams aimed at preventing, detecting and deterring violations. Today, I see the same thing at the large tech companies – hundreds of employees have been hired to do “privacy” compliance. The language is the same too: cradle to grave privacy documentation of data flows for a product or service; audits and assessments of privacy practices; data mapping; sustainable privacy practices. In short, privacy has become corporatized and industrialized.

True, we have cleaner air and cleaner water as a result of environmental law, but we also have made it lawful and built businesses around acceptable levels of pollution. Companies still lawfully dump arsenic in the water and belch volatile organic compounds in the air. And we still get environmental catastrophes. So don’t expect today’s “Clean Privacy Law” to eliminate data breaches or profiling or abuses.

The privacy world is complicated and few people truly understand the number and variety of companies involved in data collection and processing, and none of them are in Congress. The power to fundamentally change the privacy equation is in the hands of the people who use the technology (or choose not to) and in the hands of those who design it, and maybe that’s where it should be.


Gabriel Weinberg

Gabriel Weinberg is the Founder and CEO of privacy-focused search engine DuckDuckGo.

Coming into 2019, interest in privacy solutions is truly mainstream. There are signs of this everywhere (media, politics, books, etc.) and also in DuckDuckGo’s growth, which has never been faster. With solid majorities now seeking out private alternatives and other ways to be tracked less online, we expect governments to continue to step up their regulatory scrutiny and for privacy companies like DuckDuckGo to continue to help more people take back their privacy.

“Consumers don’t necessarily feel they have anything to hide – but they just don’t want corporations to profit off their personal information, or be manipulated, or unfairly treated through misuse of that information.”

We’re also seeing companies take action beyond mere regulatory compliance, reflecting this new majority will of the people and its tangible effect on the market. Just this month we’ve seen Apple’s Tim Cook call for stronger privacy regulation and the New York Times report strong ad revenue in Europe after stopping the use of ad exchanges and behavioral targeting.

At its core, this groundswell is driven by the negative effects that stem from the surveillance business model. The percentage of people who have noticed ads following them around the Internet, or who have had their data exposed in a breach, or who have had a family member or friend experience some kind of credit card fraud or identity theft issue, reached a boiling point in 2018. On top of that, people learned of the extent to which the big platforms like Google and Facebook that collect the most data are used to propagate misinformation, discrimination, and polarization. Consumers don’t necessarily feel they have anything to hide – but they just don’t want corporations to profit off their personal information, or be manipulated, or unfairly treated through misuse of that information. Fortunately, there are alternatives to the surveillance business model and more companies are setting a new standard of trust online by showcasing alternative models.


Melika Carroll

Melika Carroll is Senior Vice President, Global Government Affairs at Internet Association, which represents over 45 of the world’s leading internet companies, including Google, Facebook, Amazon, Twitter, Uber, Airbnb and others.

We support a modern, national privacy law that provides people meaningful control over the data they provide to companies so they can make the most informed choices about how that data is used, seen, and shared.

“Any national privacy framework should provide the same protections for people’s data across industries, regardless of whether it is gathered offline or online.”

Internet companies believe all Americans should have the ability to access, correct, delete, and download the data they provide to companies.

Americans will benefit most from a federal approach to privacy – as opposed to a patchwork of state laws – that protects their privacy regardless of where they live. If someone in New York is video chatting with their grandmother in Florida, they should both benefit from the same privacy protections.

It’s also important to consider that all companies – both online and offline – use and collect data. Any national privacy framework should provide the same protections for people’s data across industries, regardless of whether it is gathered offline or online.

Two other important pieces of any federal privacy law include user expectations and the context in which data is shared with third parties. Expectations may vary based on a person’s relationship with a company, the service they expect to receive, and the sensitivity of the data they’re sharing. For example, you expect a car rental company to be able to track the location of the rented vehicle that doesn’t get returned. You don’t expect the car rental company to track your real-time location and sell that data to the highest bidder. Additionally, the same piece of data can have different sensitivities depending on the context in which it’s used or shared. For example, your name on a business card may not be as sensitive as your name on the sign in sheet at an addiction support group meeting.

This is a unique time in Washington as there is bipartisan support in both chambers of Congress as well as in the administration for a federal privacy law. Our industry is committed to working with policymakers and other stakeholders to find an American approach to privacy that protects individuals’ privacy and allows companies to innovate and develop products people love.


Johnny Ryan

Dr. Johnny Ryan FRHistS is Chief Policy & Industry Relations Officer at Brave. His previous roles include Head of Ecosystem at PageFair, and Chief Innovation Officer of The Irish Times. He has a PhD from the University of Cambridge, and is a Fellow of the Royal Historical Society.

Tech companies will probably have to adapt to two privacy trends.

“As lawmakers and regulators in Europe and in the United States start to think of “purpose specification” as a tool for anti-trust enforcement, tech giants should beware.”

First, the GDPR is emerging as a de facto international standard.

In the coming years, the application of GDPR-like laws for commercial use of consumers’ personal data in the EU, Britain (post-EU), Japan, India, Brazil, South Korea, Malaysia, Argentina, and China will bring more than half of global GDP under a similar standard.

Whether this emerging standard helps or harms United States firms will be determined by whether the United States enacts and actively enforces robust federal privacy laws. Unless there is a federal GDPR-like law in the United States, there may be a degree of friction and the potential of isolation for United States companies.

However, there is an opportunity in this trend. The United States can assume the global lead by doing two things. First, enact a federal law that borrows from the GDPR, including a comprehensive definition of “personal data”, and robust “purpose specification”. Second, invest in world-leading regulation that pursues test cases, and defines practical standards. Cutting edge enforcement of common principles-based standards is de facto leadership.

Second, privacy and antitrust law are moving closer to each other, and might squeeze big tech companies very tightly indeed.

Big tech companies “cross-use” user data from one part of their business to prop up others. The result is that a company can leverage all the personal information accumulated from its users in one line of business, and for one purpose, to dominate other lines of business too.

This is likely to have anti-competitive effects. Rather than competing on the merits, the company can enjoy the unfair advantage of massive network effects even though it may be starting from scratch in a new line of business. This stifles competition and hurts innovation and consumer choice.

Antitrust authorities in other jurisdictions have addressed this. In 2015, the Belgian National Lottery was fined for re-using personal information acquired through its monopoly for a different, and incompatible, line of business.

As lawmakers and regulators in Europe and in the United States start to think of “purpose specification” as a tool for anti-trust enforcement, tech giants should beware.


John Miller

John Miller is the VP for Global Policy and Law at the Information Technology Industry Council (ITI), a D.C. based advocate group for the high tech sector.  Miller leads ITI’s work on cybersecurity, privacy, surveillance, and other technology and digital policy issues.

Data has long been the lifeblood of innovation. And protecting that data remains a priority for individuals, companies and governments alike. However, as times change and innovation progresses at a rapid rate, it’s clear the laws protecting consumers’ data and privacy must evolve as well.

“Data has long been the lifeblood of innovation. And protecting that data remains a priority for individuals, companies and governments alike.”

As the global regulatory landscape shifts, there is now widespread agreement among business, government, and consumers that we must modernize our privacy laws, and create an approach to protecting consumer privacy that works in today’s data-driven reality, while still delivering the innovations consumers and businesses demand.

More and more, lawmakers and stakeholders acknowledge that an effective privacy regime provides meaningful privacy protections for consumers regardless of where they live. Approaches, like the framework ITI released last fall, must offer an interoperable solution that can serve as a model for governments worldwide, providing an alternative to a patchwork of laws that could create confusion and uncertainty over what protections individuals have.

Companies are also increasingly aware of the critical role they play in protecting privacy. Looking ahead, the tech industry will continue to develop mechanisms to hold us accountable, including recommendations that any privacy law mandate companies identify, monitor, and document uses of known personal data, while ensuring the existence of meaningful enforcement mechanisms.


Nuala O’Connor

Nuala O’Connor is president and CEO of the Center for Democracy & Technology, a global nonprofit committed to the advancement of digital human rights and civil liberties, including privacy, freedom of expression, and human agency. O’Connor has served in a number of presidentially appointed positions, including as the first statutorily mandated chief privacy officer in U.S. federal government when she served at the U.S. Department of Homeland Security. O’Connor has held senior corporate leadership positions on privacy, data, and customer trust at Amazon, General Electric, and DoubleClick. She has practiced at several global law firms including Sidley Austin and Venable. She is an advocate for the use of data and internet-enabled technologies to improve equity and amplify marginalized voices.

For too long, Americans’ digital privacy has varied widely, depending on the technologies and services we use, the companies that provide those services, and our capacity to navigate confusing notices and settings.

“Americans deserve comprehensive protections for personal information – protections that can’t be signed, or check-boxed, away.”

We are burdened with trying to make informed choices that align with our personal privacy preferences on hundreds of devices and thousands of apps, and reading and parsing as many different policies and settings. No individual has the time nor capacity to manage their privacy in this way, nor is it a good use of time in our increasingly busy lives. These notices and choices and checkboxes have become privacy theater, but not privacy reality.

In 2019, the legal landscape for data privacy is changing, and so is the public perception of how companies handle data. As more information comes to light about the effects of companies’ data practices and myriad stewardship missteps, Americans are surprised and shocked about what they’re learning. They’re increasingly paying attention, and questioning why they are still overburdened and unprotected. And with intensifying scrutiny by the media, as well as state and local lawmakers, companies are recognizing the need for a clear and nationally consistent set of rules.

Personal privacy is the cornerstone of the digital future people want. Americans deserve comprehensive protections for personal information – protections that can’t be signed, or check-boxed, away. The Center for Democracy & Technology wants to help craft those legal principles to solidify Americans’ digital privacy rights for the first time.


Chris Baker

Chris Baker is Senior Vice President and General Manager of EMEA at Box.

Last year saw data privacy hit the headlines as businesses and consumers alike were forced to navigate the implementation of GDPR. But it’s far from over.

“…customers will have trust in a business when they are given more control over how their data is used and processed”

2019 will be the year that the rest of the world catches up to the legislative example set by Europe, as similar data regulations come to the forefront. Organizations must ensure they are compliant with regional data privacy regulations, and more GDPR-like policies will start to have an impact. This can present a headache when it comes to data management, especially if you’re operating internationally. However, customers will have trust in a business when they are given more control over how their data is used and processed, and customers can rest assured knowing that no matter where they are in the world, businesses must meet the highest bar possible when it comes to data security.

Starting with the U.S., 2019 will see larger corporations opt-in to GDPR to support global business practices. At the same time, local data regulators will lift large sections of the EU legislative framework and implement these rules in their own countries. 2018 was the year of GDPR in Europe, and 2019 be the year of GDPR globally.


Christopher Wolf

Christopher Wolf is the Founder and Chair of the Future of Privacy Forum think tank, and is senior counsel at Hogan Lovells focusing on internet law, privacy and data protection policy.

With the EU GDPR in effect since last May (setting a standard other nations are emulating),

“Regardless of the outcome of the debate over a new federal privacy law, the issue of the privacy and protection of personal data is unlikely to recede.”

with the adoption of a highly-regulatory and broadly-applicable state privacy law in California last Summer (and similar laws adopted or proposed in other states), and with intense focus on the data collection and sharing practices of large tech companies, the time may have come where Congress will adopt a comprehensive federal privacy law. Complicating the adoption of a federal law will be the issue of preemption of state laws and what to do with the highly-developed sectoral laws like HIPPA and Gramm-Leach-Bliley. Also to be determined is the expansion of FTC regulatory powers. Regardless of the outcome of the debate over a new federal privacy law, the issue of the privacy and protection of personal data is unlikely to recede.

Jan
24
2019
--

Microsoft acquires Citus Data

Microsoft today announced that it has acquired Citus Data, a company that focused on making PostgreSQL databases faster and more scalable. Citus’ open-source PostgreSQL extension essentially turns the application into a distributed database and, while there has been a lot of hype around the NoSQL movement and document stores, relational databases — and especially PostgreSQL — are still a growing market, in part because of tools from companies like Citus that overcome some of their earlier limitations.

Unsurprisingly, Microsoft plans to work with the Citus Data team to “accelerate the delivery of key, enterprise-ready features from Azure to PostgreSQL and enable critical PostgreSQL workloads to run on Azure with confidence.” The Citus co-founders echo this in their own statement, noting that “as part of Microsoft, we will stay focused on building an amazing database on top of PostgreSQL that gives our users the game-changing scale, performance, and resilience they need. We will continue to drive innovation in this space.”

PostgreSQL is obviously an open-source tool, and while the fact that Microsoft is now a major open-source contributor doesn’t come as a surprise anymore, it’s worth noting that the company stresses that it will continue to work with the PostgreSQL community. In an email, a Microsoft spokesperson also noted that “the acquisition is a proof point in the company’s commitment to open source and accelerating Azure PostgreSQL performance and scale.”

Current Citus customers include the likes of real-time analytics service Chartbeat, email security service Agari and PushOwl, though the company notes that it also counts a number of Fortune 100 companies among its users (they tend to stay anonymous). The company offers both a database as a service, an on-premises enterprise version and the free open-source edition. For the time being, it seems like that’s not changing, though over time I would suspect that Microsoft will transition users of the hosted service to Azure.

The price of the acquisition was not disclosed. Citus Data, which was founded in 2010 and graduated from the Y Combinator program, previously raised more than $13 million from the likes of Khosla Ventures, SV Angel and Data Collective.

Jan
24
2019
--

Humio raises $9M Series A for its real-time log analysis platform

Humio, a startup that provides a real-time log analysis platform for on-premises and cloud infrastructures, today announced that it has raised a $9 million Series A round led by Accel. It previously raised its seed round from WestHill and Trifork.

The company, which has offices in San Francisco, the U.K. and Denmark, tells me that it saw a 13x increase in its annual revenue in 2018. Current customers include Bloomberg, Microsoft and Netlify .

“We are experiencing a fundamental shift in how companies build, manage and run their systems,” said Humio CEO Geeta Schmidt. “This shift is driven by the urgency to adopt cloud-based and microservice-driven application architectures for faster development cycles, and dealing with sophisticated security threats. These customer requirements demand a next-generation logging solution that can provide live system observability and efficiently store the massive amounts of log data they are generating.”

To offer them this solution, Humio raised this round with an eye toward fulfilling the demand for its service, expanding its research and development teams and moving into more markets across the globe.

As Schmidt also noted, many organizations are rather frustrated by the log management and analytics solutions they currently have in place. “Common frustrations we hear are that legacy tools are too slow — on ingestion, searches and visualizations — with complex and costly licensing models,” she said. “Ops teams want to focus on operations — not building, running and maintaining their log management platform.”

To build this next-generation analysis tool, Humio built its own time series database engine to ingest the data, with open-source tools like Scala, Elm and Kafka in the backend. As data enters the pipeline, it’s pushed through live searches and then stored for later queries. As Humio VP of Engineering Christian Hvitved tells me, though, running ad-hoc queries is the exception, and most users only do so when they encounter bugs or a DDoS attack.

The query language used for the live filters is also pretty straightforward. That was a conscious decision, Hvitved said. “If it’s too hard, then users don’t ask the question,” he said. “We’re inspired by the Unix philosophy of using pipes, so in Humio, larger searches are built by combining smaller searches with pipes. This is very familiar to developers and operations people since it is how they are used to using their terminal.”

Humio charges its customers based on how much data they want to ingest and for how long they want to store it. Pricing starts at $200 per month for 30 days of data retention and 2 GB of ingested data.

Jan
23
2019
--

Anchorage emerges with $17M from a16z for ‘omnimetric’ crypto security

I’m not allowed to tell you exactly how Anchorage keeps rich institutions from being robbed of their cryptocurrency, but the off-the-record demo was damn impressive. Judging by the $17 million Series A this security startup raised last year led by Andreessen Horowitz and joined by Khosla Ventures, #Angels, Max Levchin, Elad Gil, Mark McCombe of Blackrock and AngelList’s Naval Ravikant, I’m not the only one who thinks so. In fact, crypto funds like Andreessen’s a16z crypto, Paradigm and Electric Capital are already using it.

They’re trusting in the guys who engineered Square’s first encrypted card reader and Docker’s security protocols. “It’s less about us choosing this space and more about this space choosing us. If you look at our backgrounds and you look at the problem, it’s like the universe handed us on a silver platter the Venn diagram of our skill set,” co-founder Diogo Monica tells me.

Today, Anchorage is coming out of stealth and launching its cryptocurrency custody service to the public. Anchorage holds and safeguards crypto assets for institutions like hedge funds and venture firms, and only allows transactions verified by an array of biometrics, behavioral analysis and human reviewers. And because it doesn’t use “buried in the backyard” cold storage, asset holders can actually earn rewards and advantages for participating in coin-holder votes without fear of getting their Bitcoin, Ethereum or other coins stolen.

The result is a crypto custody service that could finally lure big-time commercial banks, endowments, pensions, mutual funds and hedgies into the blockchain world. Whether they seek short-term gains off of crypto volatility or want to HODL long-term while participating in coin governance, Anchorage promises to protect them.

Evolving past “pirate security”

Anchorage’s story starts eight years ago when Monica and his co-founder Nathan McCauley met after joining Square the same week. Monica had been getting a PhD in distributed systems while McCauley designed anti-reverse engineering tech to keep U.S. military data from being extracted from abandoned tanks or jets. After four years of building systems that would eventually move more than $80 billion per year in credit card transactions, they packaged themselves as a “pre-product acqui-hire” Monica tells me, and they were snapped up by Docker.

As their reputation grew from work and conference keynotes, cryptocurrency funds started reaching out for help with custody of their private keys. One had lost a passphrase and the $1 million in currency it was protecting in a display of jaw-dropping ignorance. The pair realized there were no true standards in crypto custody, so they got to work on Anchorage.

“You look at the status quo and it was and still is cold storage. It’s the same technology used by pirates in the 1700s,” Monica explains. “You bury your crypto in a treasure chest and then you make a treasure map of where those gold coins are,” except with USB keys, security deposit boxes and checklists. “We started calling it Pirate Custody.” Anchorage set out to develop something better — a replacement for usernames and passwords or even phone numbers and two-factor authentication that could be misplaced or hijacked.

This led them to Andreessen Horowitz partner and a16z crypto leader Chris Dixon, who’s now on their board. “We’ve been buying crypto assets running back to Bitcoin for years now here at a16z crypto. [Once you’re holding crypto,] it’s hard to do it in a way that’s secure, regulatory compliant, and lets you access it. We felt this pain point directly.”

Andreessen Horowitz partner and Anchorage board member Chris Dixon

It’s at this point in the conversation when Monica and McCauley give me their off-the-record demo. While there are no screenshots to share, the enterprise security suite they’ve built has the polish of a consumer app like Robinhood. What I can say is that Anchorage works with clients to whitelist employees’ devices. It then uses multiple types of biometric signals and behavioral analytics about the person and device trying to log in to verify their identity.

But even once they have access, Anchorage is built around quorum-based approvals. Withdrawals, other transactions and even changing employee permissions requires approval from multiple users inside the client company. They could set up Anchorage so it requires five of seven executives’ approval to pull out assets. And finally, outlier detection algorithms and a human review the transaction to make sure it looks legit. A hacker or rogue employee can’t steal the funds even if they’re logged in because they need consensus of approval.

That kind of assurance means institutional investors can confidently start to invest in crypto assets. That swell of capital could help replace the retreating consumer investors who’ve fled the market this year, leading to massive price drops. The liquidity provided by these asset managers could keep the whole blockchain industry moving. “Institutional investing has had centuries to build up a set of market infrastructure. Custody was something that for other asset classes was solved hundreds of years ago, so it’s just now catching up [for crypto],” says McCauley. “We’re creating a bigger market in and of itself,” Monica adds.

With Anchorage steadfastly handling custody, the risk these co-founders admit worries them lies in the smart contracts that govern the cryptocurrencies themselves. “We need to be extremely wide in our level of support and extremely deep because each blockchain has details of implementation. This is inherently a very difficult problem,” McCauley explains. It doesn’t matter if the coins are safe in Anchorage’s custody if a janky smart contract can botch their transfer.

There are plenty of startups vying to offer crypto custody, ranging from Bitgo and Ledger to well-known names like Coinbase and Gemini. Yet Anchorage offers a rare combination of institutional-since-day-one security rigor with the ability to participate in votes and governance of crypto assets that’s impossible if they’re in cold storage. Down the line, Anchorage hints that it might serve clients recommendations for how to vote to maximize their yield and preserve the sanctity of their coin.

They’ll have crypto investment legend Chris Dixon on their board to guide them. “What you’ll see is in the same way that institutional investors want to buy stock in Facebook and Google and Netflix, they’ll want to buy the equivalent in the world 10 years from now and do that safely,” Dixon tells me. “Anchorage will be that layer for them.”

But why do the Anchorage founders care so much about the problem? McCauley concludes that, “When we look at what’s potentially possible with crypto, there a fundamentally more accessible economy. We view ourselves as a key component of bringing that future forward.”

Powered by WordPress | Theme: Aeros 2.0 by TheBuckmaker.com