Apr
12
2021
--

Microsoft goes all in on healthcare with $19.7B Nuance acquisition

When Microsoft announced it was acquiring Nuance Communications this morning for $19.7 billion, you could be excused for doing a Monday morning double take at the hefty price tag.

That’s surely a lot of money for a company on a $1.4 billion run rate, but Microsoft, which has already partnered with the speech-to-text market leader on several products over the last couple of years, saw a company firmly embedded in healthcare and it decided to go all in.

And $20 billion is certainly all in, even for a company the size of Microsoft. But 2020 forced us to change the way we do business from restaurants to retailers to doctors. In fact, the pandemic in particular changed the way we interact with our medical providers. We learned very quickly that you don’t have to drive to an office, wait in waiting room, then in an exam room, all to see the doctor for a few minutes.

Instead, we can get on the line, have a quick chat and be on our way. It won’t work for every condition of course — there will always be times the physician needs to see you — but for many meetings such as reviewing test results or for talk therapy, telehealth could suffice.

Microsoft CEO Satya Nadella says that Nuance is at the center of this shift, especially with its use of cloud and artificial intelligence, and that’s why the company was willing to pay the amount it did to get it.

“AI is technology’s most important priority, and healthcare is its most urgent application. Together, with our partner ecosystem, we will put advanced AI solutions into the hands of professionals everywhere to drive better decision-making and create more meaningful connections, as we accelerate growth of Microsoft Cloud in Healthcare and Nuance,” Nadella said in a post announcing the deal.

Holger Mueller, an analyst at Constellation Research, says says that may be so, but he believes that Microsoft missed the boat with Cortana and this is about helping the company catch up on a crucial technology. “Nuance will be not only give Microsoft technology help in regards to neural network based speech recognition, but also a massive improvement from vertical capabilities, call center functionality and the MSFT IP position in speech,” he said.

Microsoft sees this deal doubling what was already a considerable total addressable market to nearly $500 billion. While TAMs always tend to run high, that is still a substantial number.

It also fits with Gartner data, which found that by 2022, 75% of healthcare organizations will have a formal cloud strategy in place. The AI component only adds to that number and Nuance brings 10,000 existing customers to Microsoft including some of the biggest healthcare organizations in the world.

Brent Leary, founder and principal analyst at CRM Essentials, says the deal could provide Microsoft with a ton of health data to help feed the underlying machine learning models and make them more accurate over time.

“There is going be a ton of health data being captured by the interactions coming through telemedicine interactions, and this could create a whole new level of health intelligence,” Leary told me.

That of course could drive a lot of privacy concerns where health data is involved, and it will be up to Microsoft, which just experienced a major breach on its Exchange email server products last month, to assure the public that their sensitive health data is being protected.

Leary says that ensuring data privacy is going to be absolutely key to the success of the deal. “The potential this move has is pretty powerful, but it will only be realized if the data and insights that could come from it are protected and secure — not only protected from hackers but also from unethical use. Either could derail what could be a game changing move,” he said.

Microsoft also seemed to recognize that when it wrote, “Nuance and Microsoft will deepen their existing commitments to the extended partner ecosystem, as well as the highest standards of data privacy, security and compliance.”

Kate Leggett, an analyst at Forrester Research thinks healthcare could be just the first step and once Nuance is in the fold, it could go much deeper than that.

“However, the benefit of this acquisition does not stop [with healthcare]. Nuance also offers market-leading customer engagement technologies, with deep expertise and focus in verticals such as financial services. As MSFT evolves their industry editions into other verticals, this acquisition will pay off for other industries. MSFT may also choose to fill in the gaps within their Dynamics solution with Nuance’s customer engagement technologies,” Leggett said.

We are clearly on the edge of a sea change when it comes to how we interact with our medical providers in the future. COVID pushed medicine deeper into the digital realm in 2020 out of simple necessity. It wasn’t safe to go into the office unless absolutely necessary.

The Nuance acquisition, which is expected to close some time later this year, could help Microsoft shift deeper into the market. It could even bring Teams into it as a meeting tool, but it’s all going to depend on the trust level people have with this approach, and it will be up to the company to make sure that both healthcare providers and the people they serve have that.

Mar
24
2021
--

Ketch raises $23M to automate privacy and data compliance

Ketch, a startup aiming to help businesses navigate the increasingly complex world of online privacy regulation and data compliance, is announcing that it has raised $23 million in Series A funding.

The company is also officially coming out of stealth. I actually wrote about Ketch’s free PrivacyGrader tool last year, but now it’s revealing the broader vision, as well as the products that businesses will actually be paying for.

The startup was founded by CEO Tom Chavez and CTO Vivek Vaidya. The pair previously founded Krux, a data management platform acquired by Salesforce in 2016, and Vaidya told me that Ketch is the answer to a question that they’d begun to ask themselves: “What kind of infrastructure can we build that will make our former selves better?”

Chavez said that Ketch is designed to help businesses automate the process of remaining compliant with data regulations, wherever their visitors and customers are. He suggested that with geographically specific regulations like Europe’s GDPR in place, there’s a temptation to comply globally with the most stringent rules, but that’s not necessary or desirable.

“It’s possible to use data to grow and to comply with the regulations,” Chavez said. “One of our customers turned off digital marketing completely in order to comply. This has got to stop […] They are a very responsible customer, but they didn’t know there are tools to navigate this complexity.”

Ketch orchestration screenshot

Image Credits: Ketch

The pair also suggested that things are even more complex than you might think, because true compliance means going beyond the “Hollywood façade” of a privacy banner — it requires actually implementing a customer’s requests across multiple platforms. For example, Vaidya said that when someone unsubscribes to your email list, there’s “a complex workflow that needs to be executed to ensure that the email is not going to continue … and make sure the customer’s choices are respected in a timely manner.”

After all, Chavez noted, if a customer tells you, “I want to delete my data,” and yet they keep getting marketing emails or targeted ads, they’re not going to be satisfied if you say, “Well, I’ve handled that in the four walls of my own business, that’s an issue with my marketing and email partners.”

Chavez also said that Ketch isn’t designed to replace any of a business’ existing marketing and customer data tools, but rather to “allow our customers to configure how they want to comply vis-à-vis what jurisdiction they’re operating in.” For example, the funding announcement includes a statement from Patreon’s legal counsel Priya Sanger describing Ketch as “an easily configurable consent management and orchestration system that was able to be deployed internationally” that “required minimal engineering time to integrate into our systems.”

As for the Series A, it comes from CRV, super{set} (the startup studio founded by Chavez and Vaidya), Ridge Ventures, Acrew Capital and Silicon Valley Bank. CRV’s Izhar Armony and Acrew’s Theresia Gouw are joining Ketch’s board of directors.

And if you’d like to learn more about the product, Ketch is hosting a webinar at 11am Pacific today.

Mar
23
2021
--

OneTrust adds ethics to its privacy platform with Convercent acquisition

OneTrust, a late stage privacy platform startup, announced it was adding ethics and compliance to the mix this morning by acquiring Convercent, a company that was built to help build more ethical organizations. The companies did not share the purchase price.

OneTrust just raised $300 million on a fat $5.1 billion valuation at the end of last year, and it’s putting that money to work with this acquisition. Alan Dabbiere, co-chairman at OneTrust sees this acquisition as a way to add a missing component to his company’s growing platform of services.

“Integrating Convercent instantly brings a proven ethics and compliance technology, team, and customer base into the OneTrust, further aligning the Chief Ethics & Compliance Officer strategy alongside privacy, data governance, third-party risk, GRC (governance, risk and compliance), and ESG (environmental, social and governance) to build trust as a competitive advantage,” he said.

Convercent brings 750 customers and 150 employees to the OneTrust team along with its ethics system, which includes a way for employees to report ethical violations to the company and a tool for managing disclosures.

Convercent can also use data to help surface bad behavior before it’s been reported. As CEO Patrick Quinlan explained in a 2018 TechCrunch article:

“Sometimes you have this interactive code of conduct, where there’s a new vice president in a region and suddenly page views on the sexual harassment section of the Code of Conduct have increased 200% in the 90 days after he started. That’s easy, right? There’s a reason that’s happening, and our system will actually tell you what’s happening.”

Quinlan wrote in a company blog post announcing the deal that joining forces with OneTrust will give it the resources to expand its vision.

“As a part of OneTrust, we’ll be combining forces with the leader across privacy, security, data governance, third-party risk, GRC, ESG—and now—ethics and compliance. Our customers will now be able to build centralized programs across these workstreams to make trust a competitive differentiator,” Quinlan wrote.

Convercent was founded in 2012 and has raised over $100 million, according to Pitchbook data. OneTrust was founded in 2016. It has over 8000 customers and 150 employees and has raised $710 million, according to the company.

Mar
10
2021
--

DataGrail snares $30M Series B to help deal with privacy regulations

DataGrail, a startup that helps customers understand where their data lives in order to help comply with a growing body of privacy regulations, announced a $30 million Series B today.

Felicis Ventures led the round with help from Basis Set Ventures, Operator Collective and previous investors. One of the interesting aspects of this round was the participation from several strategic investors including HubSpot, Okta and Next47, the venture firm backed by Siemens. The company has now raised over $39 million, according to Crunchbase data.

That investor interest could stem from the fact that DataGrail helps organizations find data by building connectors to popular applications and then helps ensure that they are in compliance with customer privacy regulations such as GDPR, CCPA and similar laws.

“DataGrail [is really] the first integrated solution with over 900 integrations (up from 180 in 2019) to different apps and infrastructure platforms that allow the product to detect when new apps or new infrastructure platforms are added, and then also perform automated data discovery across those applications,” company CEO and co-founder Daniel Barber explained to me. This helps users find customer data wherever it lives and enables them to comply with legal requirements to manage and protect that data.

Victoria Treyger, general partner at lead investors Felicis Ventures says that one of the things that attracted her to DataGrail was that she had to help implement GDPR regulations at a previous venture and felt the pain first hand. She said that her firm tends to look for startups in large markets where the product or service being offered is a critical need, rather an option, and she believes that DataGrail is an example of that.

“I really liked the fact that privacy management is such a hard problem, and it is not optional. As a business, you have to manage privacy requests, which you may do manually or you may do it with a solution like DataGrail,” Treyger told me.

HubSpot’s Andrew Lindsay, who is SVP of corporate and business development, says his company is both a customer and an investor because DataGrail is helping HubSpot customers navigate the complexity of privacy regulation. “DataGrail’s unique ecosystem approach, where they are integrating with key Saas and business applications is an easy way for many of our joint customers to protect their customers’ privacy,” Lindsay said.

The company has 40 employees today with plans to grow to 90 or 100 by the end of this year. It’s worth noting that Treyger is joining the Board, which already has 3 other women. That shows shows a commitment to gender diversity at the board level that is not typical for startups.

Jan
22
2021
--

Extra Crunch roundup: Digital health VC survey, edtech M&A, deep tech marketing, more

I had my first telehealth consultation last year, and there’s a high probability that you did, too. Since the pandemic began, consumer adoption of remote healthcare has increased 300%.

Speaking as an unvaccinated urban dweller: I’d rather speak to a nurse or doctor via my laptop than try to remain physically distanced on a bus or hailed ride traveling to/from their office.

Even after things return to (rolls eyes) normal, if I thought there was a reliable way to receive high-quality healthcare in my living room, I’d choose it.

Clearly, I’m not alone: a May 2020 McKinsey study pegged yearly domestic telehealth revenue at $3 billion before the coronavirus, but estimated that “up to $250 billion of current U.S. healthcare spend could potentially be virtualized” after the pandemic abates.

That’s a staggering number, but in a category that includes startups focused on sexual health, women’s health, pediatrics, mental health, data management and testing, it’s clear to see why digital-health funding topped more than $10 billion in the first three quarters of 2020.

Drawing from The TechCrunch List, reporter Sarah Buhr interviewed eight active health tech VCs to learn more about the companies and industry verticals that have captured their interest in 2021:

  • Bryan Roberts and Bob Kocher, partners, Venrock
  • Nan Li, managing director, Obvious Ventures
  • Elizabeth Yin, general partner, Hustle Fund
  • Christina Farr, principal investor and health tech lead, OMERS Ventures
  • Ursheet Parikh, partner, Mayfield Ventures
  • Nnamdi Okike, co-founder and managing partner, 645 Ventures
  • Emily Melton, founder and managing partner, Threshold Ventures

Full Extra Crunch articles are only available to members
Use discount code ECFriday to save 20% off a one- or two-year subscription


Since COVID-19 has renewed Washington’s focus on healthcare, many investors said they expect a friendly regulatory environment for telehealth in 2021. Additionally, healthcare providers are looking for ways to reduce costs and lower barriers for patients seeking behavioral support.

“Remote really does work,” said Elizabeth Yin, general partner at Hustle Fund.

We’ll cover digital health in more depth this year through additional surveys, vertical reporting, founder interviews and much more.

Thanks very much for reading Extra Crunch this week; I hope you have a relaxing weekend.

Walter Thompson
Senior Editor, TechCrunch
@yourprotagonist

8 VCs agree: Behavioral support and remote visits make digital health a strong bet for 2021

Woman having a medicine video conferencing with her doctor using digital tablet. Senior woman on a video call with a doctor using her tablet computer at home.

Image Credits: Luis Alvarez (opens in a new window) / Getty Images

Lessons from Top Hat’s acquisition spree

Image Credits: Bryce Durbin

In the last year, edtech startup Top Hat acquired three publishing companies: Fountainhead Press, Bludoor and Nelson HigherEd.

Natasha Mascarenhas interviewed CEO and founder Mike Silagadze to learn more about his content acquisition strategy, but her story also discussed “some rumblings of consolidation and exits in edtech land.”

How VCs invested in Asia and Europe in 2020

Last year, U.S.-based VCs invested an average of $428 million each day in domestic startups, with much of the benefits flowing to fintech companies.

This morning, Alex Wilhelm examined Q4 VC totals for Europe, which had its lowest deal count since Q1 2019, despite a record $14.3 billion in investments.

Asia’s VC industry, which saw $25.2 billion invested across 1,398 deals is seeing “a muted recovery,” says Alex.

“Falling seed volume, lots of big rounds. That’s 2020 VC around the world in a nutshell.”

Decrypted: With more SolarWinds fallout, Biden picks his cybersecurity team

Image Credits: Treedeo (opens in a new window) / Getty Images

In this week’s Decrypted, security reporter Zack Whittaker covered the latest news in the unfolding SolarWinds espionage campaign, now revealed to have impacted the U.S. Bureau of Labor Statistics and Malwarebytes.

In other news, the controversy regarding WhatsApp’s privacy policy change appears to be driving users to encrypted messaging app Signal, Zack reported. Facebook has put changes at WhatsApp on hold “until it could figure out how to explain the change without losing millions of users,” apparently.

Hot IPOs hang onto gains as investors keep betting on tech

A big IPO debut is a juicy topic for a few news cycles, but because there’s always another unicorn ready to break free from its corral and leap into the public markets, it doesn’t leave a lot of time to reflect.

Alex studied companies like Lemonade, Airbnb and Affirm to see how well these IPO pop stars have retained their value. Not only have most held steady, “many have actually run up the score in the ensuing weeks,” he found.

Dear Sophie: What are Biden’s immigration changes?

lone figure at entrance to maze hedge that has an American flag at the center

Image Credits: Bryce Durbin / TechCrunch

Dear Sophie:

I work in HR for a tech firm. I understand that Biden is rolling out a new immigration plan today.

What is your sense as to how the new administration will change business, corporate and startup founder immigration to the U.S.?

—Free in Fremont

Hello, Extra Crunch community!

Hello in Different Languages

Image Credits: atakan (opens in a new window) / Getty Images

I began my career as an avid TechCrunch reader and remained one even when I joined as a writer, when I left to work on other things and now that I’ve returned to focus on better serving our community.

I’ve been chatting with some of the folks in our community and I’d love to talk to you, too. Nothing fancy, just 5-10 minutes of your time to hear more about what you want to see from us and get some feedback on what we’ve been doing so far.

If you would be so kind as to take a minute or two to fill out this form, I’ll drop you a note and hopefully we can have a chat about the future of the Extra Crunch community before we formally roll out some of the ideas we’re cooking up.

Drew Olanoff
@yoda

In 2020, VCs invested $428m into US-based startups every day

Last year was a disaster across the board thanks to a global pandemic, economic uncertainty and widespread social and political upheaval.

But if you were involved in the private markets, however, 2020 had some very clear upside — VCs flowed $156.2 billion into U.S.-based startups, “or around $428 million for each day,” reports Alex Wilhelm.

“The huge sum of money, however, was itself dwarfed by the amount of liquidity that American startups generated, some $290.1 billion.”

Using data sourced from the National Venture Capital Association and PitchBook, Alex used Monday’s column to recap last year’s seed, early-stage and late-stage rounds.

How and when to build marketing teams at deep tech companies

Pole lifting rubber duck with hook in its head

Image Credits: Andy Roberts (opens in a new window) / Getty Images

Building a marketing team is one of the most opaque parts of spinning up a startup, but for a deep tech company, the stakes couldn’t be higher.

How can technical founders working on bleeding-edge technology find the right people to tell their story?

If you work at a post-revenue, early-stage deep tech startup (or know someone who does), this post explains when to hire a team, whether they’ll need prior industry experience, and how to source and evaluate talent.

Bustle CEO Bryan Goldberg explains his plans for taking the company public

Bustle Digital Group CEO Bryan Goldberg

Bustle Digital Group CEO Bryan Goldberg. Image Credits: Bustle Digital Group

Senior Writer Anthony Ha interviewed Bustle Digital Group CEO Bryan Goldberg to get his thoughts on the state of digital media.

Their conversation covered a lot of ground, but the biggest news it contained focuses on Goldberg’s short-term plans.

“Where do I want to see the company in three years? I want to see three things: I want to be public, I want to see us driving a lot of profits and I want it to be a lot bigger, because we’ve consolidated a lot of other publications,” he said.

It may not be as glamorous as D2C, but beauty tech is big money

Directly Above Shot Of Razors On Green Background

Image Credits: Laia Divols Escude/EyeEm (opens in a new window) / Getty Images

The U.S. Federal Trade Commission is not a huge fan of personal-care D2C brands merging with traditional consumer product companies.

This month, razor startup Billie and Proctor & Gamble announced they were calling off their planned merger after the FTC filed suit.

For similar reasons, Edgewell Personal Care dropped its plans last year to buy Harry’s for $1.37 billion.

In a harsher regulatory environment, “the path to profitability has become a more important part of the startup story versus growth at all costs,” it seems.

Twilio CEO says wisdom lies with your developers

SAN FRANCISCO, CA – SEPTEMBER 12: Founder and CEO of Twilio Jeff Lawson speaks onstage during TechCrunch Disrupt SF 2016 at Pier 48 on September 12, 2016 in San Francisco, California. Image Credits: Steve Jennings/Getty Images for TechCrunch

Companies that build their own tools “tend to win the hearts, minds and wallets of their customers,” according to Twilio CEO Jeff Lawson.

In an interview with enterprise reporter Ron Miller for his new book, “Ask Your Developer,” Lawson says founders should use developer teams as a sounding board when making build-versus-buy decisions.

“Lawson’s basic philosophy in the book is that if you can build it, you should,” says Ron.

Dec
21
2020
--

OneTrust nabs $300M Series C on $5.1B valuation to expand privacy platform

OneTrust, the four-year-old privacy platform startup from the folks who brought you AirWatch (which was acquired by VMmare for $1.5 billion in 2014), announced a $300 million Series C on an impressive $5.1 billion valuation today.

The company has attracted considerable attention from investors in a remarkably short time. It came out of the box with a $200 million Series A on a $1.3 billion valuation in July 2019. Those are not typical A round numbers, but this has never been a typical startup. The Series B was more of the same — $210 million on a $2.7 billion valuation this past February.

That brings us to today’s Series C. Consider that the company has almost doubled its valuation again, and has raised $710 million in a mere 18 months, some of it during a pandemic. TCV led today’s round joining existing investors Insight Partners and Coatue.

So what are they doing to attract all this cash? In a world where privacy laws like GDPR and CCPA are already in play, with others in the works in the U.S. and around the world, companies need to be sure they are compliant with local laws wherever they operate. That’s where OneTrust comes in.

“We help companies ensure that they can be trusted, and that they make sure that they’re compliant to all laws around privacy, trust and risk,” OneTrust Chairman Alan Dabbiere told me.

That involves a suite of products that the company has already built or acquired, moving very quickly to offer a privacy platform to cover all aspects of a customer’s privacy requirements, including privacy management, discovery, third-party risk assessment, risk management, ethics and compliance and consent management.

The company has already attracted 7,500 customers to the platform — and is adding1,000 additional customers per quarter. Dabbiere says that the products are helping them be compliant without adding a lot of friction to the building or buying process. “The goal is that we don’t slow the process down, we speed it up. And there’s a new philosophy called privacy by design,” he said. That means building privacy transparency into products, while making sure they are compliant with all of the legal and regulatory requirements.

The startup hasn’t been shy about using its investments to buy pieces of the platform, having made four acquisitions already in just four years since it was founded. It already has 1,500 employees and plans to add around 900 more in 2021.

As they build this workforce, Dabbiere says being based in a highly diverse city like Atlanta has helped in terms of building a diverse group of employees. “By finding the best employees and doing it in an area like Atlanta, we are finding the diversity comes naturally,” he said, adding, “We are thoughtful about it.” CEO Kabir Barday also launched a diversity, equity and inclusion council internally this past summer in response to the Black Lives Matter movement happening in the Atlanta community and around the country.

OneTrust had relied heavily on trade shows before the pandemic hit. In fact, Dabbiere says that they attended as many as 700 a year. When that avenue closed as the pandemic hit, they initially lowered their revenue guidance, but as they moved to digital channels along with their customers, they found that revenue didn’t drop as they expected.

He says that OneTrust has money in the bank from its prior investments, but they had reasons for taking on more cash now anyway. “The number one reason for doing this was the currency of our stock. We needed to revalue it for employees, for acquisitions, and the next steps of our growth,” he said.

Dec
16
2020
--

BigID keeps rolling with $70M Series D on $1B valuation

BigID has been on the investment fast track, raising $94 million over three rounds that started in January 2018. Today, that investment train kept rolling as the company announced a $70 million Series D on a valuation of $1 billion.

Salesforce Ventures and Tiger Global co-led the round with participation from existing investors Bessemer Venture Partners, Scale Venture Partners and Boldstart Ventures. The company has raised almost $165 million in just over two years.

BigID is attracting this kind of investment by building a security and privacy platform. When I first spoke to CEO and co-founder Dimitri Sirota in 2018, he was developing a data discovery product aimed at helping companies coping with GDPR find the most sensitive data, but since then the startup has greatly expanded the vision and the mission.

“We started shifting I think when we spoke back in September from being this kind of best of breed data discovery privacy to being a platform anchored in data intelligence through our kind of unique approach to discovery and insight,” he said.

That includes the ability for BigID and third parties to build applications on top of the platform they have built, something that might have attracted investor Salesforce Ventures. Salesforce was the first cloud company to offer the ability for third parties to build applications on its platform and sell them in a marketplace. Sirota says that so far their marketplace includes just apps built by BigID, but the plan is to expand it to third-party developers in 2021.

While he wasn’t ready to talk about specific revenue growth, he said he expects a material uplift in revenue for this year, and he believes that his investors are looking at the vast market potential here.

He has 235 employees today with plans to boost it to 300 next year. While he stopped hiring for a time in Q2 this year as the pandemic took hold, he says that he never had to resort to layoffs. As he continues hiring in 2021, he is looking at diversity at all levels from the makeup of his board to the executive level to the general staff.

He says that the ability to use the early investments to expand internationally has given them the opportunity to build a more diverse workforce. “We have staff around the world and we did very early […] so we do have diversity within our broader company. But clearly not enough when it came to the board of directors and the executives. So we realized that, and we are trying to change that,” he said.

As for this round, Sirota says like his previous rounds in this cycle he wasn’t necessarily looking for additional money, but with the pandemic economy still precarious, he took it to keep building out the BigID platform. “We actually have not purposely gone out to raise money since our seed. Every round we’ve done has been preemptive. So it’s been fairly easy,” he told me. In fact, he reports that he now has five years of runway and a much more fully developed platform. He is aiming to accelerate sales and marketing in 2021.

The company’s previous rounds included a $14 million Series A in January 2018, a $30 million B in June that year and a $50 million C in September 2019.

Nov
08
2020
--

Tim Berners Lee’s startup Inrupt releases Solid privacy platform for enterprises

Inrupt, the startup from World Wide Web founder Tim Berners-Lee, announced an enterprise version of the Solid privacy platform today, which allows large organizations and governments to build applications that put users in control of their data.

Berners-Lee has always believed that the web should be free and open, but large organizations have grown up over the last 20 years that make their money using our data. He wanted to put people back in charge of their data, and the Solid open source project, developed at MIT, was the first step in that process.

Three years ago he launched Inrupt, a startup built on top of the open source project, and hired John Bruce to run the company. The two shared the same vision of shifting data ownership without changing the way websites get developed. With Solid, developers use the same standards and methods of building sites, and these applications will work in any browser. What Solid aims to do is alter the balance of data power and redirect it to the user.

“Fast forward to today, and we’re releasing the first significant technology as the fruits of our labor, which is an enterprise version of Solid to be deployed at scale by large organizations,” Bruce explained.

The core idea behind this approach is that users control their data in online storage entities called Personal Online Data Stores or Pods for short. The enterprise version consists of Solid Server to manage the Pods, and developers can build applications using an SDK to take advantage of the Pods and access the data they need to do a particular job like pay taxes or interact with a healthcare provider. Bruce points out that the enterprise version is fully compatible with the open source Solid project specifications.

The company has been working with some major organizations prior to today’s release including the BBC and National Health Service in the UK and the Government of Flanders in Belgium as they have been working to bring this to market.

To give you a sense of how this works, the National Health Service has been building an application for patients interacting with them, who using Solid can control their health data. “Patients will be able to permit doctors, family or at-home caregivers to read certain data from their Solid Pods, and add caretaking notes or observations that doctors can then read in order to improve patient care,” the company explained.

The difference between this and more conventional web or phone apps is that it is up to the user who can access this information and the application owner has to ask the user for permission and the user has to explicitly grant it and under what conditions.

The startup launched in 2017 and has raised about $20 million so far. Bruce and Berners-Lee understand that for this to take root, it has to be easy to use, be standards-based and and have the capacity to handle massive scale. Anyone can download and use the open source version of Solid, but by having an enterprise version, it gives large organizations like the ones they have been working with the support, security and scale that these companies require.

Oct
26
2020
--

DataFleets keeps private data useful and useful data private with federated learning and $4.5M seed

As you may already know, there’s a lot of data out there, and some of it could actually be pretty useful. But privacy and security considerations often put strict limitations on how it can be used or analyzed. DataFleets promises a new approach by which databases can be safely accessed and analyzed without the possibility of privacy breaches or abuse — and has raised a $4.5 million seed round to scale it up.

To work with data, you need to have access to it. If you’re a bank, that means transactions and accounts; if you’re a retailer, that means inventories and supply chains, and so on. There are lots of insights and actionable patterns buried in all that data, and it’s the job of data scientists and their ilk to draw them out.

But what if you can’t access the data? After all, there are many industries where it is not advised or even illegal to do so, such as in healthcare. You can’t exactly take a whole hospital’s medical records, give them to a data analysis firm, and say “sift through that and tell me if there’s anything good.” These, like many other data sets, are too private or sensitive to allow anyone unfettered access. The slightest mistake — let alone abuse — could have serious repercussions.

In recent years a few technologies have emerged that allow for something better, though: analyzing data without ever actually exposing it. It sounds impossible, but there are computational techniques for allowing data to be manipulated without the user ever actually having access to any of it. The most widely used one is called homomorphic encryption, which unfortunately produces an enormous, orders-of-magnitude reduction in efficiency — and big data is all about efficiency.

This is where DataFleets steps in. It hasn’t reinvented homomorphic encryption, but has sort of sidestepped it. It uses an approach called federated learning, where instead of bringing the data to the model, they bring the model to the data.

DataFleets integrates with both sides of a secure gap between a private database and people who want to access that data, acting as a trusted agent to shuttle information between them without ever disclosing a single byte of actual raw data.

Illustration showing how a model can be created without exposing data.

Image Credits: DataFleets

Here’s an example. Say a pharmaceutical company wants to develop a machine-learning model that looks at a patient’s history and predicts whether they’ll have side effects with a new drug. A medical research facility’s private database of patient data is the perfect thing to train it. But access is highly restricted.

The pharma company’s analyst creates a machine-learning training program and drops it into DataFleets, which contracts with both them and the facility. DataFleets translates the model to its own proprietary runtime and distributes it to the servers where the medical data resides; within that sandboxed environment, it grows into a strapping young ML agent, which when finished is translated back into the analyst’s preferred format or platform. The analyst never sees the actual data, but has all the benefits of it.

Screenshot of the DataFleets interface. Look, it’s the applications that are meant to be exciting. Image Credits: DataFleets

It’s simple enough, right? DataFleets acts as a sort of trusted messenger between the platforms, undertaking the analysis on behalf of others and never retaining or transferring any sensitive data.

Plenty of folks are looking into federated learning; the hard part is building out the infrastructure for a wide-ranging enterprise-level service. You need to cover a huge amount of use cases and accept an enormous variety of languages, platforms and techniques, and of course do it all totally securely.

“We pride ourselves on enterprise readiness, with policy management, identity-access management, and our pending SOC 2 certification,” said DataFleets COO and co-founder Nick Elledge. “You can build anything on top of DataFleets and plug in your own tools, which banks and hospitals will tell you was not true of prior privacy software.”

But once federated learning is set up, all of a sudden the benefits are enormous. For instance, one of the big issues today in combating COVID-19 is that hospitals, health authorities, and other organizations around the world are having difficulty, despite their willingness, in securely sharing data relating to the virus.

Everyone wants to share, but who sends whom what, where is it kept, and under whose authority and liability? With old methods, it’s a confusing mess. With homomorphic encryption it’s useful but slow. With federated learning, theoretically, it’s as easy as toggling someone’s access.

Because the data never leaves its “home,” this approach is essentially anonymous and thus highly compliant with regulations like HIPAA and GDPR, another big advantage. Elledge notes: “We’re being used by leading healthcare institutions who recognize that HIPAA doesn’t give them enough protection when they are making a data set available for third parties.”

Of course there are less noble, but no less viable, examples in other industries: Wireless carriers could make subscriber metadata available without selling out individuals; banks could sell consumer data without violating anyone in particular’s privacy; bulky datasets like video can sit where they are instead of being duplicated and maintained at great expense.

The company’s $4.5 million seed round is seemingly evidence of confidence from a variety of investors (as summarized by Elledge): AME Cloud Ventures (Jerry Yang of Yahoo) and Morado Ventures, Lightspeed Venture Partners, Peterson Ventures, Mark Cuban, LG, Marty Chavez (president of the board of overseers of Harvard), Stanford-StartX fund, and three unicorn founders (Rappi, Quora and Lucid).

With only 11 full-time employees DataFleets appears to be doing a lot with very little, and the seed round should enable rapid scaling and maturation of its flagship product. “We’ve had to turn away or postpone new customer demand to focus on our work with our lighthouse customers,” Elledge said. They’ll be hiring engineers in the U.S. and Europe to help launch the planned self-service product next year.

“We’re moving from a data ownership to a data access economy, where information can be useful without transferring ownership,” said Elledge. If his company’s bet is on target, federated learning is likely to be a big part of that going forward.

Oct
14
2020
--

Zoom to start first phase of E2E encryption rollout next week

Zoom will begin rolling out end-to-end encryption to users of its videoconferencing platform from next week, it said today.

The platform, whose fortunes have been supercharged by the pandemic-driven boom in remote working and socializing this year, has been working on rebooting its battered reputation in the areas of security and privacy since April — after it was called out on misleading marketing claims of having E2E encryption (when it did not). E2E is now finally on its way though.

“We’re excited to announce that starting next week, Zoom’s end-to-end encryption (E2EE) offering will be available as a technical preview, which means we’re proactively soliciting feedback from users for the first 30 days,” it writes in a blog post. “Zoom users — free and paid — around the world can host up to 200 participants in an E2EE meeting on Zoom, providing increased privacy and security for your Zoom sessions.”

Zoom acquired Keybase in May, saying then that it was aiming to develop “the most broadly used enterprise end-to-end encryption offering”.

However, initially, CEO Eric Yuan said this level of encryption would be reserved for fee-paying users only. But after facing a storm of criticism the company enacted a swift U-turn — saying in June that all users would be provided with the highest level of security, regardless of whether they are paying to use its service or not.

Zoom confirmed today that Free/Basics users who want to get access to E2EE will need to participate in a one-time verification process — in which it will ask them to provide additional pieces of information, such as verifying a phone number via text message — saying it’s implementing this to try to reduce “mass creation of abusive accounts”.

“We are confident that by implementing risk-based authentication, in combination with our current mix of tools — including our work with human rights and children’s safety organizations and our users’ ability to lock down a meeting, report abuse, and a myriad of other features made available as part of our security icon — we can continue to enhance the safety of our users,” it writes.

Next week’s roll out of a technical preview is phase 1 of a four-stage process to bring E2E encryption to the platform.

This means there are some limitations — including on the features that are available in E2EE Zoom meetings (you won’t have access to join before host, cloud recording, streaming, live transcription, Breakout Rooms, polling, 1:1 private chat, and meeting reactions); and on the clients that can be used to join meetings (for phase 1 all E2EE meeting participants must join from the Zoom desktop client, mobile app, or Zoom Rooms). 

The next phase of the E2EE rollout — which will include “better identity management and E2EE SSO integration”, per Zoom’s blog — is “tentatively” slated for 2021.

From next week, customers wanting to check out the technical preview must enable E2EE meetings at the account level and opt-in to E2EE on a per-meeting basis.

All meeting participants must have the E2EE setting enabled in order to join an E2EE meeting. Hosts can enable the setting for E2EE at the account, group, and user level and can be locked at the account or group level, Zoom notes in an FAQ.

The AES 256-bit GCM encryption that’s being used is the same as Zoom currently uses but here combined with public key cryptography — which means the keys are generated locally, by the meeting host, before being distributed to participants, rather than Zoom’s cloud performing the key generating role.

“Zoom’s servers become oblivious relays and never see the encryption keys required to decrypt the meeting contents,” it explains of the E2EE implementation.

If you’re wondering how you can be sure you’ve joined an E2EE Zoom meeting a dark padlock will be displayed atop the green shield icon in the upper left corner of the meeting screen. (Zoom’s standard GCM encryption shows a checkmark here.)

Meeting participants will also see the meeting leader’s security code — which they can use to verify the connection is secure. “The host can read this code out loud, and all participants can check that their clients display the same code,” Zoom notes.

Powered by WordPress | Theme: Aeros 2.0 by TheBuckmaker.com