Never Create a Category, Unless You Must

Building the data privacy vault

Today we announced our $45M Series B round led by Insight Partners. I wanted a lead investor who knows startups are hard, people are the core, and that building big transformational companies takes time. George Mathew at Insight Partners was at Salesforce in the earliest days, and ran multiple startups. I am excited that he is joining our board. 

You can read more about the funding details here. Let me share how we started, how we got here, and what we plan to do next.

We started Skyflow two and a half years ago with a very simple but ambitious idea: what if you built a developer-centric product to solve one of the biggest challenges we are facing today — keeping personal data secure, ensuring privacy, and meeting the needs of data protection laws not just in letter, but also in spirit. 

There's a huge market today, filled with point solution companies selling "cybersecurity" to enterprises. If you are a fintech company, healthtech, company or just about any company with customer data, you are inundated with tools for every problem you can imagine:

Tools for data encryption, tools for finding PII in APIs, tools for finding PII in databases, tools for tokenizing credit card numbers, tools for observing data in your databases, tools for governing data in your data lakes, and so on. What is a customer supposed to do with all these tools?

We believe that the current cybersecurity industry was built for a different era — when we bought servers, storage, databases, app servers, email servers — and stitched them together working with large system integrators. One cybersecurity tool for each layer of the stack might have made sense then, but does it make sense now?

That was the era of IT and the server. The era we are in today is the era of the developer and API. 

The primitives developers build with are cloud APIs from AWS or Azure. And they use other cloud APIs to solve all sorts of challenging core problems — payments (Stripe), identity (Okta), telecom (Twilio). What would it look like to bring data privacy, security,  and compliance into the API era?

In short — What if privacy had an API?

When we set out to create an answer to this question, we realized we must start from first principles as others had done before us.

New Categories and New Models

In 2007, I quit Oracle because they were not moving into the public cloud market fast enough. I spent the next six years at Salesforce helping Marc Benioff and team completely rethink how Salesforce automation is done: A new business model (subscriptions), a new deployment model (SaaS), a new integration model (APIs), and a new partnership model (App Store).

Similarly, the privacy problem cannot be solved by existing cybersecurity companies using existing approaches and piecemeal thinking. It needs a beginner’s mind. 

We started by looking at who’s doing the best job at data protection today. Leading companies like Netflix, Apple, Google, and many others have adopted a zero trust architecture to solve data privacy issues. They have built isolated and logically centralized mechanisms to protect all PII while giving limited, governed access to users and apps — essentially a vault.

We took the core idea of this zero trust vault architecture, applied it to PII data, and further enhanced it by solving a key challenge: can you keep the data protected and still allow it to be harnessed? 

With our polymorphic data encryption approach, we broke down the dichotomy between encrypting the data and being able to use this data for apps, workflows, and analytics. 

(It’s really cool tech. You can learn more about our polymorphic data encryption here.)

That's how we built the customer data privacy vault.

As soon as we launched our product last year, we started getting inbound interest from the smallest startups to pre-IPO companies to some of the largest financial institutions and healthcare companies in the world.

Developers today are using us for:

• Storing credit card data and meeting PCI compliance needs in days, rather than months
• Building and launching new fintech apps
• Securely sharing healthcare data for use cases ranging from medical devices to vaccination data
  

We now have customers ranging from two-person startups to large public companies that run global clinical trials — even credit card platforms — using our vault API.

We believe we are witnessing the creation of a new category — the data privacy vault. 

If you want to work on an important problem with an ambitious team, join us on this mission. We’re hiring across all roles.