INSUBCONTINENT EXCLUSIVE:
&You can&t hack what isn&t there,& Very Good Security co-founder Mahmoud Abdelkader tells me
His startup assumes the liability of storing sensitive data for other companies, substituting dummy credit card or Social Security numbers
Then when the data needs to be moved or operated on, VGS injects the original info without clients having to change their code.It
essentially a data bank that allows businesses to stop storing confidential info under their unsecured mattress
Or you could think of it as Amazon Web Services for data instead of servers
Given all the high-profile breaches of late, it clear that many companies can&t be trusted to house sensitive data
Andreessen Horowitz is betting that they&d rather leave it to an expert.That why the famous venture firm is leading an $8.5 million Series
A for VGS, and its partner Alex Rampell is joining the board
The round also includes NYCA, Vertex Ventures, Slow Ventures and PayPal mafioso Max Levchin
The cash builds on VGS& $1.4 million seed round, and will pay for its first big marketing initiative and more salespeople.&Hey! Stop doing
this yourself!,& Abdelkader asserts
&Put it on VGS and we&ll let you operate on your data as if you possess it with none of the liability.& While no data is ever 100 percent
unhackable, putting it in VGS& meticulously secured vaults means clients don&t have to become security geniuses themselves and instead can
focus on what unique to their business.&Privacy is a part of the UN Declaration of Human Rights
We should be able to build innovative applications without sacrificing our privacy and security,& says Abdelkader
He got his start in the industry by reverse-engineering games like StarCraft to build cheats and trainer software
But after studying discrete mathematics, cryptology and number theory, he craved a headier challenge.Abdelkader co-founded Y
Combinator-backed payment system Balanced in 2010, which also raised cash from Andreessen
But out-muscled by Stripe, Balanced shut down in 2015
While transitioning customers over to fellow YC alumni Stripe, Balanced received interest from other companies wanting it to store their
data so they could be PCI-compliant.Very Good Security co-founder and CEO Mahmoud AbdelkaderNow Abdelkader and his VP from Balanced,
Marshall Jones, have returned with VGS to sell that as a service
It targeting startups that handle data like payment card information, Social Security numbers and medical info, though eventually it could
invade the larger enterprise market
It can quickly help these clients achieve compliance certifications for PCI, SOC2, EI3PA, HIPAA and other standards.VGS& innovation comes in
replacing this data with &format preserving aliases& that are privacy safe
&Your app code doesn&t know the difference between this and actually sensitive data,& Abdelkader explains
In 30 minutes of integration, apps can be reworked to route traffic through VGS without ever talking to a salesperson
VGS locks up the real strings and sends the aliases to you instead, then intercepts those aliases and swaps them with the originals when
necessary.&We don&t actually see your data that you vault on VGS,& Abdelkader tells me
&It basically modeled after prison
The valuables are stored in isolation.& That means a business& differentiator is their business logic, not the way they store data.For
example, fintech startup LendUp works with VGS to issue virtual credit card numbers that are replaced with fake numbers in LendUp databases
That way if it hacked, users& don&t get their cards stolen
But when those card numbers are sent to a processor to actually make a payment, the real card numbers are subbed in last-minute.VGS charges
per data record and operation, with the first 500 records and 100,000 sensitive API calls free; $20 a month gets clients double that, and
then they pay 4 cent per record and 2 cents per operation
VGS provides access to insurance too, working with a variety of underwriters
It starts with $1 million policies that can be much larger for Fortune 500s and other big companies, which might want $20 million per
incident.
Obviously, VGS has to be obsessive about its own security
A breach of its vaults could kill its brand
I worry I&ll miss something
Are we a giant honey pot,& Abdelkader wonders
&We&ve invested a significant amount of our money into 24/7 monitoring for intrusions.&Beyond the threat of hackers, VGS also has to battle
with others picking away at part of its stack or trying to compete with the whole, like TokenEx, HP Voltage, Thales& Vormetric, Oracle and
But it do-it-yourself security that the status quo and what VGS is really trying to disrupt.But VGS has a big accruing advantage
Each time it works with a clients& partners like Experian or TransUnion for a company working with credit checks, it already has a
relationship with them the next time another clients has to connect with these partners
Abdelkader hopes that, &Effectively, we become a standard of data security and privacy
All the institutions will just say ‘why don&t you use VGS'&That standard only works if it constantly evolving to win the cat-and-mouse
While a company is worrying about the particular value it adds to the world, these intelligent human adversaries can find a weak link in
their security — costing them a fortune and ruining their relationships
&I&m selling trust,& Abdelkader concludes
That peace of mind is often worth the price.
