Ameesh Divatia appears on theCUBE at AWS re:Inforce to talk about proxy architecture and the future of data security

By Ameesh Divatia, CEO and co-founder | August 2, 2022

Baffle CEO Ameesh Divatia talks with John Furrier of theCUBE at the AWS re:Inforce 2022 Security Conference for Amazon Web Services. Since compliance is driving data owners to adopt data-centric protection measures, security should be incorporated into data pipelines.

 

John Furrier:

Welcome back everyone in live coverage here, theCUBE, Boston, Massachusetts for AWS reInforce 2022 Security Conference for Amazon Web Services. I’m John Furrier, host with a great guest Ameesh Divatia, co-founder and CEO of Baffle. You guys are hot right now, but you’re in an area that’s going to explode, we believe. The super cloud is here. We’ve been covering that on theCUBE, that people are building on top of the Amazon hyperscalers and without the CAPEX they’re building platforms. The application tsunami has come and still coming, it’s not stopping. Modern applications are faster, they’re better and they’re driving a lot of change under the covers. And you’re seeing structural change happening in real time and in ops, and the network. You guys got something going on in the encryption area, data. Talk about what you guys do.

Ameesh Divatia:

We believe very strongly that the next frontier in security is data. We’ve had multiple waves in security. The next one is data because data is really where the threats will persist. If the data shows up in the wrong place, you get into a lot of trouble with compliance. So, we believe in protecting the data all the way down at the field or record level. 

John Furrier:

And you guys doing all kinds of encryption or other things?

 

Ameesh Divatia:

Yes. we do data transformation, which encompasses three different things. It can be tokenization, which is format preserving. We do real encryption with counter mode, or we can do masked views. So tokenization, encryption and masking all with the same platform.

 

John Furrier:

So, pretty wide ranging capabilities with respect to having that kind of safety?

 

Ameesh Divatia:

Yes. Because it all depends on how the data is used down the road. Data is created all the time. Data flows through pipelines all the time. You want to make sure that you protect the data, but don’t lose the utility of the data. That’s why we provide all that flexibility.

 

John Furrier:

So, Kurt was on stage today on one of the keynotes. He’s the VP of the platform at AWS, he was talking about “encrypt everything.” He said we need to rethink it encryption. Good job, we like that. But then he said, we have encryption at rest.

 

John Furrier:

That’s kind of been there, done that.

 

Ameesh Divatia:

Yes-

 

John Furrier:

And in flight.

 

Ameesh Divatia:

Yeah, that’s been there.

 

John Furrier:

But what about in use?

 

Ameesh Divatia:

So, that’s exactly what we plug. What happens right now is that data at rest is protected because of disks that are already self encrypting, or you have transparent data encryption that comes native with the database. You have data in flight that is protected because of SSL, but when the data is actually being processed, it’s in the memory of the database or data store, it is exposed. So, the threat is if the credentials of the database are compromised as happened back then with Starwood, or if the cloud infrastructure is compromised with some sort of an insider threat like a CapitalOne, that data is exposed. That’s precisely what we solve by making sure that the data is protected as soon as it’s created. We use standard encryption algorithms, AES, and we either do format preserving or through encryption with counter mode and that data – it doesn’t really matter where it ends up because it’s always protected.

 

John Furrier:

Well, that’s awesome. And I think this brings up the point that we want been covering on SiliconANGLE in theCUBE, is that there’s been structural change that’s happened called cloud computing and then hybrid. Scale, role of data, higher level abstraction of services, developers are in charge, value creation, startups and big companies. That success is causing now a new structural change happening now. This is one of them. What areas do you see that are happening right now that are structurally changing that’s right in front of us? One is more cloud native so the success has become now the problem to solve, to get to the next level. So what are some of those?

 

Ameesh Divatia:

What we see is that instead of security being an afterthought – something that you use as a watchdog – you create ways of monitoring where data is being exposed or data is being exfiltrated, you want to build security into the data pipeline itself. As soon as data is created, you identify what is sensitive data and you encrypt it or tokenize it as it flows into the pipeline using things like Kafka plugins or what we are very clearly differentiating ourselves with is proxy architectures so that it’s completely transparent. You think you’re writing to the data store, but you’re actually writing to the proxy, which, in turn, encrypts the data before its stored.

 

John Furrier:

Do you think that’s an efficient way to do it or is the only way to do it?

 

Ameesh Divatia:

It is a much more efficient way of doing it because of the fact that you don’t need any app dev resources. There are many other ways of doing it, in fact, the cloud vendors provide development kits where you can just go do it yourself. So, that is actually something that we completely avoid and what makes it really interesting is that once the data is encrypted in the data store or database, we can do what is known as Privacy Enhanced Computation. So, we can actually process that data without decrypting it.

 

John Furrier:

And so proxies then with cloud computing can be very fast, not a bottleneck. 

 

Ameesh Divatia:

In fact, the cloud makes it so. Things in static infrastructure. In the cloud, there’s infinite amount of processing available and there’s containerization.

 

John Furrier:

And you have good network?

 

Ameesh Divatia:

You have very good network, you have load balancers, you have ways of creating redundancy. So, the cloud is actually enabling solutions like this.

 

John Furrier:

In the old way proxies were seen as an architectural fail, in the old antiquated static web.

 

Ameesh Divatia:

And this is where startups don’t have the baggage. We looked at the problem and said, of course, we’re going to use a proxy because this is the best way to do this in an efficient way.

 

John Furrier:

Well, you bring up something that’s happening right now that I hear a lot of CSOs and CIOs and executives, say CXOs, say all the time, “our stuff has gotten complicated. So, now I have tools sprawl, I have skill gaps and on the rise, all these new managed services coming at me from the vendors who have never experienced my problem.” And their reaction is they don’t get my problem and they don’t have the right solutions, it’s more complexity. They solve the complexity by adding more complexity.

 

Ameesh Divatia:

Yes. I think again, the proxy approach is a very simple.

 

John Furrier:

That you’re solving that with that approach.

 

Ameesh Divatia:

Exactly, very simple. And again, we don’t get in the way. That’s really the biggest differentiator. The forcing function really here is compliance because compliance is forcing these CSOs to actually adopt these solutions.

                                                                            

John Furrier:

So, show about the on premise versus the cloud workload dynamic right now. Hybrid is a steady state right now. Multi-cloud is a consequence of having multiple vendors, not true multi-cloud but like, they have Azure… I get that, but hybrid really is the steady state cloud operations. How are the workloads and the analytics, the data being managed on-prem and in the cloud? What’s the relationship? What’s the trend? What are you seeing happening there?

 

Ameesh Divatia:

I think the biggest trend we see is pipelining. The new ETL is streaming. You have these Kafka and Kinesis capabilities that are coming into the picture where data is being ingested all the time. It is not a one time migration, it’s a stream. So, plugging into that stream is very important from an ingestion perspective.

 

John Furrier:

So, it’s not just a watchdog?

 

Ameesh Divatia:

No, its built in.

 

John Furrier:

It’s built in, it’s real time that’s where streaming it’s another diverse access to data. You got data lakes, you have pipeline, you got streaming you mentioned that. So, talk about the old school OLTP, the old BI world. I think Power BI is a $30 billion product and you got Tableau built on, OLTP building cubes, aren’t we just building cubes in a new way or is there any relevance to the old school?

 

Ameesh Divatia:

I think there is some relevance and in fact that’s again, another place where the proxy architecture really helps because it doesn’t matter when your application was built. You can use Tableau which nobody has any control over and still process encrypted data and so can with Power BI. Any SQL application can be used and that’s actually exactly what we like to promote.

 

John Furrier:

So, I was talking to your team, and I knew you were coming on and they gave me a sound bite that I’m going to read to the audience and I want to get your reaction to it because I love this. I fell out of my chair when I first read this. Data is the new oil in 2010 that was mentioned here on theCUBE, of course. Data is the new oil, but we have to ensure that it does not become the next asbestos. That is really clever. So, we all know about asbestos. I add to the Dave Vellante, lead paint too, remember lead paint? You got to scrape it out and repaint the house. Asbestos obviously causes a lot of cancer, joking aside, the point is it’s problematic.

Explain why that sentence is relevant?

 

Ameesh Divatia:

Sure. It’s the assets and liabilities argument. You have an asset which is data, but thanks to compliance regulations and Gartner says 75% of the world will be subject to privacy regulations by 2023, it’s a liability. So, if you don’t store your data well, if you don’t process your data responsibly, you are going to be liable. So, while it might be the oil and you’re going to get lots of value out of it, be careful about the flip side.

 

John Furrier:

And the point is there could be the Grim Reaper waiting for you if you don’t do it right, the consequences that are quantified would be being out of business?

 

Ameesh Divatia:

Yes, but here’s something that we just discovered actually from a survey that we did. While 93% of respondents said that they have had lots of compliance related effects on their budgets, 75% actually thought that it makes them better. They can use the security postures as a competitive differentiator. That’s very heartening to us. We don’t like to sell the fear aspect of this, we like to sell the fact that you look better compared to your neighbor if you have better data hygiene.

 

John Furrier:

There’s the fear of missing out or as I say, keeping up with the Joneses making sure that your yard looks better than the next one. I get the vanity of that, but you’re solving real problems. And this is interesting and I want to get your thoughts on this. I read that you guys protect more than 100 billion records across highly regulated industries – financial services, healthcare, industrial IoT, retail and government. Is that true?

 

Ameesh Divatia:

Absolutely, because what we are doing is enabling SaaS vendors to actually allow their customers to control their data. So, we’ve had the SaaS vendor who has been working with us for over three years now. They store confidential data from 30 different banks in the country.

 

John Furrier:

How many customers do you have? The next round of funding’s probably they’re lining up to put money into you guys.

 

Ameesh Divatia:

Well again, this is a very important problem and there are people’s businesses are dependent on this. We’re just happy to provide the best tool out there that can do this.

 

John Furrier:

So, what’s your business model behind? I’d love the success by the way, I wanted to quote that stat to one verify it. What’s the business model? Service, software?

 

Ameesh Divatia:

The business model is software. We don’t want anybody to send us their confidential data, we embed our software into our customers’ environments. In case of SaaS, we are not even visible we are completely embedded. We are doing other relationships like that right now.

 

John Furrier:

They pay you how?

 

Ameesh Divatia:

They pay us based on the volume of the data that they’re protecting. In that case, which is a large enterprise customers.

 

It is pay as you go. Everything is annual licenses although multi-year licenses are very common because once you adopt the solution, it is very sticky. And then for smaller customers, we do base our pricing also just on the number of databases.

 

John Furrier:

And the technology just reviewed low code, no code implementation kind of thing?

 

Ameesh Divatia:

It is by definition no code when it comes to proxy. When it comes to API integration, it could be low code. It’s all cloud friendly, cloud native.

 

John Furrier:

No disruption to operations.

 

Ameesh Divatia:

No, actually I’ll give an example of a migration. We can do live migrations. So, while the databases are still alive as you write.

 

John Furrier:

Live secure migrations?

 

Ameesh Divatia:

Exactly. You’re securing your data as it migrates.

 

John Furrier:

All right. So, how much funding have you guys raised so far?

 

Ameesh Divatia:

We raised $36.5 Million. A and B now, we raised that late last year.

 

John Furrier:

Who’s the venture funders?

 

Ameesh Divatia:

True Ventures is our largest investor followed Celesta Capital. National Grid Partners is an investor, and so is Engineering Capital and Clear Vision Ventures.

 

John Furrier:

Well, privacy has a big concern, big application for you guys, privacy secure migrations?

Ameesh Divatia:

Very much so. So, what we believe very strongly and the security is personal – security is yours and my data. Privacy is what the data collector is responsible for. So, the enterprise better be making sure that they’ve complied with privacy regulations because they don’t tell you how to protect the data, they just find you.

 

John Furrier:

Well, you’re technically six year-old start company, six, seven years old roughly? So, startups can go on long like that. Still startup privately-held, you’re growing, got big records under management there, congratulations. What’s next?

 

Ameesh Divatia:

I think scaling the business. We are seeing lots of applications for this particular solution. It’s going beyond just regulated industries. Like I said it’s a differentiating factor now. So retail and a lot of other IoT-related industrial customers are also coming.

 

John Furrier:

Ameesh, talk about the show here. We’re at re:Inforce, actually we’re live here on the ground, the show floor buzzing. What’s your takeaway? What’s the vibe this year? If you had to share what your opinion, the top story here at the show, what would be the two top things or three things?

 

Ameesh Divatia:

I think it’s two things. First of all, it feels like we are back. It’s amazing to see people on the show floor, people coming in and asking questions and getting to see the product. The second thing that I think is very gratifying is people come in and say, I’ve heard of you guys so thanks to digital media and digital marketing. Looks like our outreach has helped and has kept the continuity, which is a big deal.

 

John Furrier:

And now you’re a CUBE alumni. Welcome to the fold. Appreciate you coming on and we looking forward to profiling you someday in our startup showcase and certainly, we’ll see you in the Palo Alto Studios. We’ll have to have you come in for a deeper dive.

 

Congratulations on all your success and thanks for coming on theCUBE here at re:Inforce.

We’re here on the ground live coverage, Boston, Massachusetts for AWS reInforce ‘22. I’m John Furrier, your host of theCUBE.