Aviva Zacks of Safety Detectives enjoyed interviewing Concentric’s Founder and CEO Karthik Krishnan because she got a chance to ask him about Concentric’s SaaS platform.
Safety Detectives: What motivated you to start Concentric?
Karthik Krishnan: In my roles at Aruba and Niara, every security professional I met was struggling to secure unstructured data. Their users managed files and documents that contained all sorts of business-critical data, such as personally identifiable information (PII), strategic plans, and contracts. The security team had no good way to know where that data was, how it was being shared, or who had access to it. They tried data loss prevention tools but those needed complex rules that were impossible to write and maintain. They tried asking end-users to identify each file they owned/touched but that wasn’t very reliable and had its own costs, such as training. Unstructured data security was a big problem and there weren’t any great answers.
At the same time, I’d been following developments in security applications for machine learning. I spent some time with my friend and co-founder Madhu Shashanka—who’s an expert in deep learning and natural language processing—and we realized the technology was ready to go to work to solve this big problem my colleagues were facing. If you want to secure unstructured data, first you have to know what you have. Deep learning is the ideal tool for the job, so we set out to build a company that delivers on the promises deep learning can deliver.
SD: Tell me about Concentric’s product.
KK: Concentric’s unique approach uses deep learning to help prevent data loss by discovering high-value data and identifying risky sharing without rules or complex upfront configuration. We detect and protect against common vulnerabilities such as inappropriate third-party access, high-value assets in the wrong location, misclassified documents, and lateral movement of assets across data stores. Our solution can take action to remediate issues, reducing the risk to data and preventing data loss. We are a SaaS platform, completely agentless, easy to deploy, and delivering value in days without any upfront work by our customers. Other tools that require rules and complex configuration can take weeks just to set up.
SD: What types of companies use your technology?
KK: Virtually everyone has sensitive information stashed in a spreadsheet or document somewhere, so we’ve talked to companies from every industry. Regulations have a big influence on the type of data a given company might really care about. Healthcare, for example, has a focus on protected health information (PHI). Our financial customers often focus more on governance controls, meaning they’re looking for ways to keep non-public, financial information out of the hands of non-authorized employees or third parties. High tech customers care about intellectual property. Everyone has a use case that is unique, but the needs Concentric addresses are the same.
Company size makes a difference too—if you’re big enough to be thinking about a data security program, you’re a good candidate for Concentric.
SD: What is the worst cyberthreat out there?
KK: Anything targeting users. Cybercriminals are really focused on phishing and other ways to penetrate a company by tricking an employee into helping them. And once they are inside, they have access to all the sensitive data the compromised employee had access to. Or in some cases, cybercriminals can convince an employee to act as an insider. Fortunately, deep learning gives us the tools we need to spot risk, even across millions of files located on-premises and in the cloud.
SD: How has the COVID-19 pandemic changed cybersecurity forever?
KK: COVID has led many to suggest remote work will be a permanent part of corporate life for the foreseeable future, even after the pandemic is over. Remote work increases sharing and online collaboration. It puts end users in the driver’s seat for security decisions, such as where to store a file or whom to share it with. Remote work plus increased collaboration places more sensitive data at risk. So with COVID, I see a rising and permanent threat associated with poor or careless choices made by end-users when it comes to data security.