Interview with MacLane Wilkison
CEO and Co-Founder at NuCypher, MacLane Wilkison's company is one of the buzziest cybersecurity providers in Silicon Valley, with several financial services industry clients under its protection and over $5 million in funding raised to-date. Remarkably, the technology behind this trusted brand was developed just a couple of years ago — as a side line.
Check out our exclusive Q&A session with MacLane:
NuCypher’s team includes a mix of corporate and academic backgrounds. Do you think this is an effective combination? Has it been important to your success?
I think that this mix has been part of our success: we are working with deep technology, distributed systems, cryptography, blockchain and big data platforms, so having that academic and scientific researchers’ background is important. My co-founder and CTO [Michael Egerov] has a PhD in an area close to the related quantum cryptography, graduated in mass consume physics and technology, probably one of the most talented and technical people in the Valley. On our advisory board we have some leading cryptographers in the world. On one hand it is great if you can build a product that is very robust and secure, the cutting edge of cryptography, on the other, you also have to build a business and monetize it and get familiar with the actual businesses and requirements is important as well. So, building that balance of talented people to have both perspectives is important to make sure that you are covering all the bases.
One of NuCypher’s biggest points of difference is its ability to protect distributed systems. Was there a technological eureka! moment when your team worked out how to do this?
The eureka moment for us was when our co-founder [Michael Egerov, CTO] and I were working on an opensource database called ZeroDB, which allows to query the encrypted data without actually sharing the private keys with the data-based server.
One of the features we built into that was the ability to allow other third-parties to query encrypted data as well; we used a technology called proxy re-encryption to achieve that.
We realized this feature we built as part of ZeroDB is actually a super-elegant and relevant solution for securing distributed systems generally, so we pulled it out and made it not just a feature of ZeroDB, but this more general encryption layer that we could take and apply to different distributed systems. We first applied it to Hadoop, then to Kafka, to blockchain more recently, and there’s a lot of interesting stuff we have on the roadmap for IOT as well. It was just this realization that this little side thing that we had was actually the most interesting, relevant and important piece.
What drew your attention to the need/opportunity for someone to provide a security solution for big data?
My co-founder and I noticed this explosion in all these new distributed systems: Cloud, big data, blockchain and realized that traditional approach on security we are focused on doesn’t really fit in this new environment where data could be on-premise, in the Cloud, on the public network like blockchain, or PFS, and it used to be accessed by hundreds of people that could be inside or outside of your organization.
There is the need of more scalable and data-centric approach to security, one that protects data both when lives as well as all the different places where it can go in the course of its life. We realized that things like public re-encryption is more scalable, modern and suited for these systems where you have got to share data across many different recipients and partners. It was something desperately needed.
In your view, what makes proxy re-encryption the best fit for big data?
What makes proxy re-encryption the best fit for big data and distributed systems more broadly is that is very scalable from what I’d call “many-to-many data sharing patterns”.
Traditional public-key encryption is very good for one-to-one communication, so if I want to share a secret message with you, I can encrypt it with your public key, and you can decrypt it with your private key. But, if I need to share that message with, say, dozens or hundreds of recipients, I have to encrypt that message again for each recipient, so it scales really poorly.
With proxy re-encryption I can encrypt that data one time, with one key, and then delegate and revoke access to pretty much as many recipients as I like. And if you look under the hood of big data platforms like Hadoop or Kafka or blockchain, they’re really characterized by this many-to-many data sharing pattern. Proxy re-encryption is the perfect fit for that.
A data security company needs to be able to offer cutting edge protection from day one. How did you manage to build a team and prepare a product capable of achieving this?
It is actually a lot different for us as a security company than it is for the same typical startup building a web application that is used by consumers. In the security space, you can’t really move fast and break things, or else you’re going to pretty much irrevocably lose your customers’ trust. You have to have something that’s very robust, secure and functional from day one. I think our team has a good combination of people that have a background in financial services and understand the importance of security in the industry and business contacts, but also people who have a background in distributed systems.
Since we are on re-encryption solution, we have a couple of cryptographers on our team, as well as on the advisory board, they can bring that academic and research expertise to the table. Beyond that, there is the rest of the team split out between distributed system engineers, security engineers and one of the things that has helped doing this was embracing our DNA as an open source company and that has helped us to attract a lot of very talented engineers.
NuCypher will need to keep engineering new solutions as new cyber threats emerge. How will you ensure that your product remains field-leading for years to come?
Our vision is to be the encryption or security layer for all of the important distributed systems. Right now, that means cloud, big data, blockchain and IOT; in the future it could mean a new platform or computing environment. We’re interested in solving the problem for each of those and solving it very, very well. That means staying on top of the latest distributed systems technology, staying on top of the latest in encryption and cryptography, and keeping up with the security industry more broadly.
That’s one of the things that’s exciting and fun and interesting about working in a startup — you get to work at the intersection of a lot of very complex, interesting and exciting new technologies.
Many of your existing clients are in financial services. Was this simply where the demand lay, or was it the result of a strategic decision by NuCypher?
This was a strategic decision by us for a couple of reasons. First, financial services companies obviously have enough data to be using the distributed systems we work with. Second, a lot of the data they have is very sensitive. Third, they tend to have some of the strictest security requirements.
We knew that whatever we built for them based off of their product requirements would almost by definition be good enough for pretty much every other vertical. So, if we build something for financial services it’s going to work for healthcare, for telecommunications, and very likely for government as well, with a few changes.
To a lesser degree, there is also a lot of demand and there has been a lot of very high profile data reaches in the financial services: JP Morgan and most recently Equifax, which leaked half of the entire US population social security numbers. So, the awareness of that need in financial services is very high.