eWEEK content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.
Ionic Security announced today that it has raised a Series C round of funding that brought in $40.1 million. Total funding to date for the security startup now totals $78.1 million as it builds out its vision of creating a new enterprise security policy platform for data security.
The idea behind Ionic Security was initially triggered by the company founder’s frustration in trying to keep his social media settings private and secure.
“About four years ago, I created a little project called Social Fortress,” Adam Ghetti, founder and CTO of Ionic Security, told eWEEK. “That project came into existence because [Facebook CEO] Mark Zuckerberg kept changing the privacy settings on Facebook, and I kept getting frustrated that I had to keep resetting the settings.”
After fourth time resetting his Facebook privacy settings, Ghetti came to the realization that the settings were not actually about user privacy. Rather in his view, they were mostly just about making users feel more confident using the service when, in reality, users don’t actually have full control over their information in Facebook.
“I just get buttons that I can click, but Facebook can change what it does at any moment in time. They already have all my information and photos,” Ghetti said. “This is really not a control or privacy setting.”
It wasn’t just Facebook whose privacy settings concerned Ghetti. In fact, in 2010, most of the privacy-related tooling that was available was limited. The realization that privacy settings didn’t actually secure user data led him to examine how cryptography could secure his online information.
“I found that the biggest impediment to keeping the encryption market from ever being useful to the mass market is that the friction of managing encryption keys was so high that it’s difficult to use,” he said.
That realization led Ghetti to create Social Fortress, which evolved into Ionic Security. Ghetti created the initial Social Fortress project to give himself an independent control plane over his data before it went into Facebook, while not breaking the overall Facebook experience. The goal of the tool was to enable Ghetti’s friends to still be able to interact with him the same way they always had.
Since then, Ghetti and his team have evolved Social Fortress for an enterprise audience to help secure data as it moves to the cloud.
“We have really doubled-down on the enterprise focus and highly regulated large enterprises,” he said.
The name change from the Social Fortress project to Ionic Security says it all regarding what the company is now trying to do. Ionic Security isn’t just about helping enterprises secure data on social networking sites, Ghetti said. “Ionic bonds are the strongest bonds in chemistry, and our solution bonds to your data while you’re creating it and we never let go,” he said. “So we protect your data while it’s being created, and that can never be undone.”
Technology
Although Ionic Security leverages encryption, Ghetti emphasized that Ionic is not just an encryption play.
“We have a combination of several things that when they all come together produce a user experience that is simple and is able to scale, not just technically but also from a management perspective,” he said.
Ionic Security Raises $40.1 Million for Enterprise Data Security
The company’s biggest differentiator in the market is it has found a way to make encryption work without friction across devices and deployment models, according to Ghetti.
“We have taken the concept of actually managing the cryptography out of the equation, and we have automated the orchestration across the environments that enterprises are already using,” he explained.
Data needs to be secure while in motion across a network as well as when it is at rest on a storage device or database. Ionic Security uses standard Transport Layer Security (TLS) for data in motion and whole disk encryption to protect data at rest. Looking beyond traditional in-motion and at-rest encryption, Ghetti said Ionic’s data protection layer is independent, providing an additional layer of security.
“So your data is actually encrypted and protected while you’re creating it in whatever environment you are creating the data,” Ghetti said. “You are independently protected while data is going through a TLS tunnel or sitting on a hard drive.”
As such, if there is a man-in-the-middle (MiTM) attack against TLS or if the hard drive encryption key is stolen, it doesn’t matter for Ionic Security users, since the actual data was encrypted before it ever entered the tunnel or was stored on the hard drive.
Ionic Security is currently in stealth mode, with plans to emerge in the first half of 2015.
“We’re months away from coming out of stealth,” Ghetti said.
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.