Ionic Security wants to secure not just your emails and internal documents, but every piece of data, down to the paragraph.
The company, which announced a $40 million raise earlier this year, is emerging from stealth today with the introduction of its data-securing platform. It’s the second such company to emerge out of stealth in a week, and with VCs increasingly interested in security startups, more competition is likely to follow.
The phrase “data-securing platform” may sound vague, but what it means is that Ionic has created a way to give IT managers a global view of all devices accessing and storing data from an enterprise network, with the capability to implement wide-ranging security policies for groups of documents or any material shared between executives and other groups. The platform updates in real time, meaning that if a suspect device is trying to access enterprise data, IT managers have the capability to reject access to immediately.
Ionic secures pieces of data, not just whole documents, using trillions of symmetric keys — a type of cryptography that uses one set of keys to encrypt and decrypt information. Ionic’s innovation is in the way it keeps symmetric keys private.
In practice, that means if you send a document to your colleague via email and someone with malicious intent is able to intercept it, they would need multiple keys to decrypt the whole document — a difficult endeavor, and one that’s likely not worthwhile for most hackers.
“Everyone understands now that they’re going to get breached, and that’s a big change,” says Ted Schlein, who led Kleiner Perkins Caufield and Byers’ investment in Ionic. Businesses know that their information is vulnerable and that it’s not a matter of if they’ll get hacked — but when. As a result, security startups are clamoring to develop a solution that goes beyond preventing the bad guys from getting in to safeguarding individual bits of data. The race to build the right software has created a hot area of investment for VCs and the launch of a lot of new players.
Vera, which has raised $14 million in investor funding, launched its own document-security platform late last week. The company uses similar technology to Ionic, though it encrypts whole documents as opposed to individual snippets of information and integrates with many of the same file-sharing applications that Ionic does, like Google Drive, Dropbox, and Box.
There’s also Bluebox Security, which has been around since 2012 and raised $27 million for its data- and end-point security software.
The focus for many of these scrappy newcomers has been to make the traditionally opaque world of enterprise networks more visible in a way that’s compatible with the cloud and bring-your-own-device work environments, while simultaneously creating a blissfully simple user experience for the average office drone.
Advances in computing power have largely driven innovation around encryption key management, making that seamless user experience an attainable goal. The realization of that technology, through startups like Ionic and Vera, means consumers may soon have access, too.
Ionic CTO Adam Ghetti admitted that the company has consumer product aspirations.
“Within the next year to two years, we plan on making this available to an individual,” says Ghetti. He envisions the consumer product as operating on a freemium model, though the details are far from concrete.
A consumer-level data-encryption tool would be revolutionary for both businesses and regular folk. It could potentially close the security gap that exists between businesses and consumers, for instance enabling for more detailed protection of personal information exchanged between banks and their consumers. But, as Ghetti noted, that sort of innovation is still a few years off.
Until then, these new data security startups have a lot of pitching to do.
To date, Ionic Security has raised a total of $77 million in investor funding.