Cape Privacy's Head of Marketing Reesha Dedhia recently sat down for a two-part conversation with the company's Co-Founder and CTO, Gavin Uhma. In Part Two, Gavin describes what happens when an organization grasps the idea that they can keep data encrypted and still put it to work–in the cloud. Then he explains why Cape Privacy's partnership with Snowflake is the ideal combination for financial services organizations. Finally, Gavin offers an inspiring vision of what's possible when data–and individual privacy–is protected by default.* *
Reesha: How do the capabilities of the Cape Privacy platform inspire users, and what are some of the surprising things that they've done with it?
Gavin: We deal with a lot of financial services companies who have highly confidential data that they tend to keep on-premise, because they control the environment. We know that there's good reason for organizations to move to the cloud, largely driven by cost. It's cheaper to be in the cloud. Oftentimes, it's easier to expand. It's easier to scale up, and it's easier to scale down if you need to. And so organizations want to move to the cloud.
The problem is that they don't want to move their highly confidential data to the cloud because, once they do, they don't control everything like they did on-premise. Moving to cloud-based storage in itself is not the issue because they know they can client-side encrypt the data before they upload it, keeping the key on-premise. But then you're losing a lot of the benefits of the cloud because when you go to use the data, you either need to download it to decrypt it, or upload the encryption key. So it's a trade-off between data use and data security.
That's the thing where users really get inspired by Cape because they can start thinking about all of the ways they can encrypt data, move it to the cloud, and process it in the cloud in that encrypted form. It opens up a lot of use cases where they say, for instance, "We want to use Snowflake for this given use case," but they've been unable to do that because the underlying data is considered highly confidential.
Cape Privacy enables financial services companies to move highly confidential data to the cloud, keep the high level of security they get from client-side encryption, and work with the data by applying Cape's encryption in-use technology.
Reesha: Why is Cape Privacy focused on the financial services market when the privacy and security issues that industry faces aren't that different from healthcare, retail, etc.?
Gavin: Financial services tend to be willing to invest in and adopt new technology. We see that in financial services, where they spend a lot on machine learning technologies, and a lot on big data technologies. They're willing to invest in new technology to get a competitive edge. And oftentimes a competitive edge means better data security, and privacy in the cloud.
The willingness of financial services organizations to move quickly on adopting a new technology like Cape Privacy makes it a good beachhead, so to speak, for us in our go-to-market strategy.
As for other industries, it's really easy to get passionate about problems in health care related to privacy and security, and on machine learning being applied to our own personal health care data. We look forward to being able to apply Cape to health care when we feel like that balance is right, and when we feel like health care is ready for us.
Reesha: In November Cape Privacy announced a partnership with Snowflake. What are the implications of that relationship both at the brand level but also from the perspective of applying Cape Privacy's capabilities to a business model that is 100% cloud aligned?
Gavin: Snowflake is a really amazing company because they've gone after such a massive market, being the one database for all your data in the cloud. They've done that in a way which is multi-cloud as well, which is really cool. They abstracted the customer away from the different paradigms of the various cloud databases.
With Snowflake, you can have one database, but you can say, for example, I want to store this on AWS or I want to store this on Azure. As far as the underlying data is concerned, they make it really easy to do that. They also have a super interesting business model, which is usage based. It's not the usual SAAS subscription that we're accustomed to where you pay so much money per month per user, or for a certain amount of data or something like that. It's entirely usage based. So you put all of the data into Snowflake and you just pay when you use it, when you process it, when you query it.
A usage based model is really interesting because it makes it much easier for organizations to move a bunch of data to Snowflake and then start using it if they want to or not. Most of them end up using it a lot more than they thought they would, because the product is so easy. Suddenly, you have all this data that used to be in all these disparate systems and now it's in this one place in Snowflake. So you're using your data in a lot more ways than you thought you could because it's so much more accessible.
We like that model for Cape as well. People can encrypt their data, move it into Snowflake, and when they want to process that encrypted data using Cape, they just pay for the usage. There's no SaaS subscription fee or anything like that for Cape. It's usage based, like Snowflake.
Things are growing quickly at Snowflake because of that model, and they have an emphasis on the financial services vertical, focusing on large banks and insurance companies that are moving to the cloud. That cross between Snowflake already going out and finding those innovative customers, but those customers also have highly confidential data that they need to move. It makes Snowflake perfect for Cape to partner with.
Snowflake has done a great job of building those relationships with the financial services customers already, and with our partnership, we can provide a solution that eases their concerns as it relates to moving that highly confidential data into Snowflake. The true value of Snowflake is realized when you move all of your data, and Cape helps make that a goal that can be realized now.
Reesha: What is your vision for the company? When historians (or Wikipedians…) write about Cape Privacy, what do you want them to say?
Gavin: I'd like to see the technology we develop at Cape have an impact and influence over secure computation becoming the default. Meaning, the apps and services that consumers and companies use should work entirely with encrypted data. The only time you need to decrypt is when a human needs to consume the data. Computers can process encrypted data. That is a fact. So we need to make the technology accessible so that it is broadly adopted.
And that's why open source is so important. No single company can own a technology this far reaching. Start ups, as we know, are risky companies in general. And I think that as a company, by investing in open source, we're investing in something that can have a lasting impact, regardless of the outcome of our company. And the other thing enabled by open source is that it allows individuals, like developers or entrepreneurs–or even large companies or industries that we're not focused on–allowing them to adopt the technology and use it in a way that maybe we're not ready to go to market with yet. That's the power of the permissionless nature of open source.
For example, we're not going into health care yet, but if somebody in health care wants to come and use our open source, they can. If a university student or an independent developer wants to build a new secure social network with a secure news feed algorithm that only processes encrypted data, they could go do that. That's not a target use case for us today; but if they want to use our technology to innovate, we're excited to see it.
And I hope that, with that strategy, we can have an impact helping move the world to where all of our data is encrypted by default: when you store it, when you move it, when you process it. It's always encrypted. And that means that when you ask the voice assistant in your kitchen to set a timer, or for a recipe, or to put on a song, you're not trading your privacy for that convenience. Or, when you drive an autonomous vehicle, that you're not trading your privacy for the luxury of an autonomous vehicle. That shouldn't be the case, right?
When you buy a car, you're not buying a machine to produce exhaust. That is not a thing that you want. You're buying the car to drive somewhere and the exhaust is just an unfortunate by-product. The privacy trade-off when we adopt technology is like exhaust. You're not buying a product that collects your voice. You're signing up for a voice assistant to help you about your day. And so I think if we can have technology in our lives _and _have privacy, all things being equal, people will choose the products with privacy.
Finally, I'll add that, in many places, including North America, we're pretty lucky. Privacy may not be top of mind, but there are many places in the world where privacy is actually a life or death thing. A lack of privacy can lead to very serious forms of oppression. Here we might trade our privacy for a better voice assistant or autonomous car, but elsewhere, being able to use technology _and _have privacy could be the difference between life or death. Privacy and security technologies are important to freedom.