Cybersecurity expert and Enveil CEO Dr Ellison Anne Williams thinks organisations could be getting more from their data, while still keeping it safe.
Data is the linchpin of many businesses in operation and, while many are keen to focus on the growth opportunities that lie within it, the security of said data is of vital importance. This is something Enveil CEO Dr Ellison Anne Williams knows well.
With more than a decade of experience spearheading large-scale analytics, privacy and more at the US National Security Agency (NSA) and the Johns Hopkins University Applied Physics Library, her expertise led her to found Enveil in 2016.
A non-traditional path into cybersecurity
Describing her career trajectory as “a very non-traditional path”, Williams was recruited to the NSA, which is said to be the largest employer of mathematicians in the world. This unique environment meant exciting learning opportunities. “I ended up exposed to a lot of things that weren’t available anywhere else,” said Williams.
A mathematician by training, she was “bitten by the security bug” while at the NSA. She developed Enveil’s core homomorphic encryption technology at the agency and built it out in the commercial world with a highly skilled team.
The company focuses on a single element of what Williams called the “data triad”: data in use. The other elements are data at rest and data in transit. “We deal with the security posture of what happens to your data when you use it in some capacity; when you run a search or run analytics. It’s really where your data becomes most valuable when you are extracting some information or insight from it.”
Williams explained: “The crux of the problem that we needed to solve [in the NSA] was, how do we perform trusted compute in locations that we don’t trust at all?”
Enveil helps regulated services stay secure
Williams says that Enveil clients are most often highly regulated services such as healthcare and finance, but there are a range of use cases, which she succinctly described as a “stack”. She continued: “At the bottom of the stack you have use cases like compliance and regulation, helping organisations meet their compliance or regulatory requirements.”
Protection of the most sensitive data within an organisation or “crown-jewel data protection” is another key area for Enveil. Williams noted that reputational damage is something organisations are keen to avoid, particularly those that handle sensitive personal data.
She said that allowing data to be processed securely can make people more confident in their cloud migration plans. “We open up new places where people can securely process workloads that are sensitive to them,” she said, allowing for secure, encrypted access in a cloud environment, which is traditionally not a trusted environment.
The spectre of third-party risk
Williams added that third-party risk is a serious issue, particularly for health insurance firms, but allowing a third party to “process over” claims data “in a completely encrypted fashion” can give clients piece of mind and more control. This also allows for new revenue opportunities to be generated, but in a secure and private capacity.
She is well aware that most people and organisations view encryption as “a means to an end”, but stressed that they need to think about their data “holistically, throughout its life cycle”.
Key trends to look out for
At the forefront of the cybersecurity landscape, Williams says that nation state attacks are a key trend. “What was previously being carried out by actors such as China, Russia, Iran, very esoteric channels for specific military or intelligence purposes … is now becoming ubiquitous,” she said, with nation state actors now targeting the intellectual property of some commercial organisations.
Williams also predicts more Spectre and Meltdown-esque attacks targeting “the memory or processing layer because when you lock down that traditional means for them, they are just going to find some other way to get in”.
Want stories like this and more direct to your inbox? Sign up for Tech Trends, Silicon Republic’s weekly digest of need-to-know tech news.