Our Interview With All About Security
Last week, I sat down with Davor Kolaric, the owner of the All About Security podcast, to discuss ShardSecure’s origins, technical features, and more. Today, I’m recapping our conversation and expanding on our platform’s benefits for data security, privacy, and resilience.
Explaining the name ShardSecure
First, the “Secure” part of our name. Cybersecurity is the foundation of what we do, and it’s the foundation of our customers’ concerns. Our goal is to help organizations regain control of their data and secure their sensitive information in on-prem, cloud, and multi-cloud environments.
Second, the “Shard.” Sharding for performance and resilience has been around for decades, most notably in database storage systems. Traditional data sharding has often been used to improve performance. However, it has limited security benefits, as the average shard size is at least several megabytes and sometimes up to several kilobytes.
Our technology uses microsharding, an innovative technology based on sharding that can break data into tiny fragments as small as a few bytes. By fragmenting data so completely that it’s no longer sensitive, we render it unintelligible to unauthorized users and third parties. The result is that customer data remains completely private and secure. (More on our benefits for data privacy below.)
Why we started ShardSecure
As we explain in our origin story, we started ShardSecure as a response to a real-world problem. About five years ago, we were seeing the trend of customers moving to cloud services like AWS, Microsoft Azure, and Google Cloud Platform. We believe data should be in the cloud — it brings greater productivity and cost savings, and it’s often easier to manage, particularly in remote work environments.
But migrating data to the cloud also introduces security concerns. Large enterprises have petabytes of sensitive data, leading to major problems if a storage location is compromised. To address this problem, our platform desensitizes data, rendering it unintelligible and unexploitable to unauthorized users. With ShardSecure, even cloud providers and infrastructure admins can’t read or reassemble the data stored within their services.
We also founded our company in response to the growing need for resilience in the cloud. We wanted to ensure that data would remain available and accurate in the event of a cloud outage or other downtime. With these principles in mind, ShardSecure was born.
Simplifying security for our global customers
As my host Davor noted, everyone expects that a good security solution will be highly technical and complex. He commented how surprising it is that ShardSecure is conceptually very simple and that it streamlines data security for organizations.
Davor and I agreed that customers can have different cultural attitudes and different organizational needs depending on where on the globe they’re located. Still, customers all around the world are facing similar cybersecurity and privacy challenges. We sell our platform to EU- and NATO-aligned companies primarily in Europe and North America, meaning that we’re all facing common cyberthreats. This helps us offer a unified solution.
With headquarters in New York City and Stockholm — and team members spread across the United States, Europe, and beyond — we’re able to maintain a global perspective on data security and resilience. As one of ShardSecure’s founders, I travel extensively and especially enjoy spending time in the US, Germany, and Sweden to meet our customers, hear about their problems, and build trust.
Addressing key customer challenges
We wrapped up the interview by discussing some of the more technical aspects of the ShardSecure platform and exploring several key customer challenges that ShardSecure addresses.
Unstructured data, agents, and more
Databases and structured data are relatively easy to secure with traditional encryption solutions. ShardSecure can and does secure this kind of data, but we focus mainly on semi-structured and unstructured data, which are underserved markets and typically more complicated to protect. These categories of data tend to include a lot of PII and sensitive information, and we often see large enterprises suffering major breaches of their unstructured data.
To simplify our protection of unstructured data, the ShardSecure platform does not require agents. We function as an abstraction layer, which allows customers to consolidate all their storage interfaces into one, including interfaces from different cloud providers. These features reduce the complexity and resource-intensiveness of storing data in a multi-cloud architecture.
Thanks to its foundations in data sharding, its use of parallel I/O, and compression, the ShardSecure platform doesn’t add more than double-digit milliseconds of latency at most. In some cases, the platform even improves performance. This is in contrast to traditional encryption solutions, which often slow performance significantly.
Hybrid- and multi-cloud data resilience
Maintaining robust data resilience in complex data architectures is a growing challenge. This is particularly true in hybrid-cloud architectures, which involve a mix of on-prem and cloud storage, and multi-cloud architectures, which involve using more than one cloud provider. In these environments, we hear the same customer concern over and over again: What happens when networks go down?
The ShardSecure platform helps mitigate outages and downtime, including in hybrid- and multi-cloud architectures. Our unique solution for multi-cloud data resilience offers high availability, with virtual clusters that can be run on-prem or in the cloud, to keep data available without the need for full data redundancy. Our platform also offers multiple data integrity checks and an automatic self-healing process to restore data that’s been tampered with, deleted, or otherwise compromised.
The ShardSecure platform offers advanced data privacy through our innovative microsharding process. Unauthorized users can neither read nor reassemble the fragments of data, rendering sensitive data unintelligible in the face of data breaches, ransomware attacks, IP theft, and other cyber threats. By design, even ShardSecure can’t read customer data, and we do not process or store customer data ourselves.
Our data privacy features also support data sovereignty and compliance with cross-border data protection regulations like the GDPR. We were recently named a 2023 Gartner® Cool Vendor in Privacy, and we believe our benefits for advanced data privacy speak for themselves.
Protecting AI models and training data
No conversation about technology in 2023 would be complete without mentioning artificial intelligence and machine learning. Davor pointed out that every major company in Germany is using AI, and the ShardSecure team has certainly been talking about it extensively in our discussions with other organizations.
What’s important to note is that AI models involve a massive amount of training data: petabytes and petabytes of unstructured data that all need to be secured.The ShardSecure platform protects AI/ML models and training data, allowing companies to control exactly who has access to their high-value datasets in the cloud.