Women are a minority in tech, with an average of three men for every one woman. When it comes to cybersecurity, the imbalance is even more acute.
A 2020 report shows that female cybersecurity experts are outnumbered five to one by their male counterparts. Inside the National Security Agency, cybersecuritys inner sanctum, the ratio is anyones guess.So the fact that a woman not only entered, but conquered and emerged victorious, from the NSA andwith the rights to market the ultimate encryption treasureis a feat worthy of attention.
How did she do it?Math, said Ellison Anne Williams (pictured), founder and chief executive officer of Enveil Inc. Math and grit.
Williams spoke withJohn Furrier, host of theCUBE, SiliconANGLE Medias mobile livestreaming studio, during the RSA Conference in San Francisco. They discussed her time at the NSA and how homomorphic cryptography provides the missing link in the cybersecurity chain.
The treasure Williams carried from the NSA is one that has often been described as the Holy Grail of cryptologists: Homomorphic encryption. Developed within the NSA by researchers wanting to maintain security for data in-use,the technology enables data to be handled securely while remaining encrypted.
This week theCUBE spotlights Williams in its Women in Tech feature.
Data security has three parts: data at rest, data in transit, and data at use, explained Williams. The first part involves securing data at rest on the file system and the database.This would be your more traditional in-database encryption, she said.
The second part is securing data as its moving around through the network, known as data in transit. The third part of the data security process is securing data that is in-use data under analysis or search. This is when the data is both at its most vulnerable and its most valuable.
While there are many security solutions for both data at rest and in transit, protecting data while it is being processed has always been the weak point. Data was secure before and after processing but had to be decrypted in order to be accessed, then re-encrypted. Homomorphic encryption solves that issue.
It means we can do things like take searches or analytics, encrypt them, and then go run them without ever decrypting them at any point during processing, Williams explained.
Williams holds adoctorate in mathematics (algebraic combinatorics) from North Carolina State University and two masters degrees, one in mathematics from the University of South Carolina and another in computer science from Nova Southeastern University in Florida.
As an undergrad, Williams was a pre-med student with a plan to study infectious diseases. Instead, she fell in love with math and became an expert in distributed computing and algorithms, cryptographic applications, graph theory, combinatorics, machine learning, and data mining.
After graduating from North Carolina State, Williams joined the research team at the NSA, where she spent 12 years doing a little bit of everything, including large-scale analytics, information security and privacy, computer network exploitation, and network modeling. She also advocated for women to join the NSAs team and mentored her male colleagues.
During her last few years at the NSA, she had the opportunity to work at The John Hopkins University Applied Physics Laboratory in Maryland. It was there that she worked on homomorphic encryption as part of a larger project for the NSA.
Although she had worked in research her whole career, Williams had always harbored entrepreneurial dreams. So when she learned she could declassify some of her research through the NSA Technology Transfer Program, she jumped at the chance to create a homomorphic encryption solution for the marketplace.
The idea of homomorphic encryption is not new. The concept has been around since 1978, but a first-generation fully homomorphic solution wasnt proposed until 2009. Research continued, and second- and third-generation fully homomorphic solutions were proposed. But problems remained with implementing these solutions at scale.
With the launch of Enveil Inc. in 2016, Williams took a bet that by combining the entrepreneurship in her DNA with the results of her years of research at John Hopkins and the NSA she could change that.
Less than a year after founding, the company got the cybersecurity communitys attention at the finals of theRSA Innovation Sandbox. Thats where the conversation really started to change around this technology called homomorphic encryption, the market category space called securing data in use, and what that meant, Williams said.
Williams expected a surprised reaction when the community discovered Enveil had a market-ready homomorphic encryption solution. She didnt expect that big-name early adopters, such as Bloomberg Beta, Thomson Reuters Corp., Capital One Financial Corp., and Mastercard Inc., would be eager to strategically invest in the company.
The enthusiasm is because homomorphic encryption solves the problem of secure data sharing. New technologies such as machine learning rely on ingesting massive amounts of data. Being restricted to just one data source limits the potential for powerful insights, but sharing data resources for analysis is a risky business.
There are also codes and regulations that govern data sharing, such as Europes General Data Protection Regulationand the California Consumer Privacy Act, which limit how data can be managed.Not to mention, people can get upset if they discover a company has a cavalier attitude tosharingpersonal data; as Google discovered withProject Nightingale.
This makes the ability to maintain anonymity and security while sharing data critically important for businesses, especially those in the financial sectors, where the payoff and the risks are high stakes. Say a bank suspects a client of financial misconduct, such as money laundering, and as part of establishing the trail, it needs to verify transactions with other institutions.
[Banks] cant necessarily openly, freely share all the information. But if I can ask you a question and do so in a secure and private capacity, still respecting all the access controls that youve put in place over your own data, then it allows that collaboration to occur, Williams stated.
Homomorphic encryption enables the data to be searched while remaining encoded, so no personally identifiable information is ever revealed and regulation compliance and security is ensured.
Current use casesamong Enveils clients include financial regulation, with banks able to securely share information to combat money laundering and other fraudulent activity. Global transactions are simplified by allowing collaboration regardless of national privacy restrictions. And in healthcare, hospitals and clinics can share patient details to research facilities and remain confident that they are not disclosing sensitive personal data.
After just over three years in operation, Williams is proud of what her company has accomplished. Its really pretty impressive, she said.
It is. Breaking the male-dominated culture of cybersecurity, Williams has created a company that is at the forefront of data in-use security, recently announceda $10 million Series A funding and is looking to expand globally with new product lines that enable advanced decisioning in a completely secure and private capacity.
Were creating a whole new market, Williams said. [Were] completely changing the paradigm about where and how you can use data for business purposes.
Heres the complete video interview, part of SiliconANGLEs and theCUBEs coverage of theRSA Conference:
Show your support for our mission with our one-click subscription to our YouTube channel (below). The more subscribers we have, the more YouTube will suggest relevant enterprise and emerging technology content to you. Thanks!
Support our mission: >>>>>> SUBSCRIBE NOW >>>>>> to our YouTube channel.
Wed also like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we dont have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.The journalism, reporting and commentary onSiliconANGLE along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams attheCUBE take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.
If you like the reporting, video interviews and other ad-free content here,please take a moment to check out a sample of the video content supported by our sponsors,tweet your support, and keep coming back toSiliconANGLE.
Originally posted here:
How a former NSA scientist grasped the Holy Grail of encryption and changed the paradigm for safely sharing data - SiliconANGLE