How a former NSA scientist grasped the Holy Grail of encryption and changed the paradigm for safely sharing data
Women are a minority in tech, with an average of three men for every one woman. When it comes to cybersecurity, the imbalance is even more acute.
A 2020 report shows that female cybersecurity experts are outnumbered five to one by their male counterparts. Inside the National Security Agency, cybersecurity’s inner sanctum, the ratio is anyone’s guess. So the fact that a woman not only entered, but conquered and emerged victorious, from the NSA and with the rights to market the ultimate encryption treasure is a feat worthy of attention.
How did she do it? “Math,” said Ellison Anne Williams (pictured), founder and chief executive officer of Enveil Inc. “Math and grit.”
Williams spoke with John Furrier, host of theCUBE, SiliconANGLE Media’s mobile livestreaming studio, during the RSA Conference in San Francisco. They discussed her time at the NSA and how homomorphic cryptography provides the missing link in the cybersecurity chain.
The treasure Williams carried from the NSA is one that has often been described as the “Holy Grail” of cryptologists: Homomorphic encryption. Developed within the NSA by researchers wanting to maintain security for data in-use, the technology enables data to be handled securely while remaining encrypted.
This week theCUBE spotlights Williams in its Women in Tech feature.
The data security triad
Data security has three parts: data at rest, data in transit, and data at use, explained Williams. The first part involves securing data at rest on the file system and the database. “This would be your more traditional in-database encryption,” she said.
The second part is securing data as it’s moving around through the network, known as data in transit. The third part of the data security process is securing data that is in-use — data under analysis or search. This is when the data is both at its most vulnerable and its most valuable.
While there are many security solutions for both data at rest and in transit, protecting data while it is being processed has always been the weak point. Data was secure before and after processing but had to be decrypted in order to be accessed, then re-encrypted. Homomorphic encryption solves that issue.
“It means we can do things like take searches or analytics, encrypt them, and then go run them without ever decrypting them at any point during processing,” Williams explained.
Doing a “little bit of everything”
Williams holds a doctorate in mathematics (algebraic combinatorics) from North Carolina State University and two master’s degrees, one in mathematics from the University of South Carolina and another in computer science from Nova Southeastern University in Florida.
As an undergrad, Williams was a pre-med student with a plan to study infectious diseases. Instead, she fell in love with math and became an expert in distributed computing and algorithms, cryptographic applications, graph theory, combinatorics, machine learning, and data mining.
After graduating from North Carolina State, Williams joined the research team at the NSA, where she spent 12 years doing “a little bit of everything,” including large-scale analytics, information security and privacy, computer network exploitation, and network modeling. She also advocated for women to join the NSA’s team and mentored her male colleagues.
During her last few years at the NSA, she had the opportunity to work at The John Hopkins University Applied Physics Laboratory in Maryland. It was there that she worked on homomorphic encryption as part of a larger project for the NSA.
Although she had worked in research her whole career, Williams had always harbored entrepreneurial dreams. So when she learned she could declassify some of her research through the NSA Technology Transfer Program, she jumped at the chance to create a homomorphic encryption solution for the marketplace.
Longtime solution, first-time commercial product
The idea of homomorphic encryption is not new. The concept has been around since 1978, but a first-generation fully homomorphic solution wasn’t proposed until 2009. Research continued, and second- and third-generation fully homomorphic solutions were proposed. But problems remained with implementing these solutions at scale.
With the launch of Enveil Inc. in 2016, Williams took a bet that by combining the entrepreneurship in her DNA with the results of her years of research at John Hopkins and the NSA she could change that.
Less than a year after founding, the company got the cybersecurity community’s attention at the finals of the RSA Innovation Sandbox. “That’s where the conversation really started to change around this technology called homomorphic encryption, the market category space called ‘securing data in use,’ and what that meant,” Williams said.
Williams expected a surprised reaction when the community discovered Enveil had a market-ready homomorphic encryption solution. She didn’t expect that big-name early adopters, such as Bloomberg Beta, Thomson Reuters Corp., Capital One Financial Corp., and Mastercard Inc., would be eager to strategically invest in the company.
The enthusiasm is because homomorphic encryption solves the problem of secure data sharing. New technologies such as machine learning rely on ingesting massive amounts of data. Being restricted to just one data source limits the potential for powerful insights, but sharing data resources for analysis is a risky business.
There are also codes and regulations that govern data sharing, such as Europe’s General Data Protection Regulation and the California Consumer Privacy Act, which limit how data can be managed. Not to mention, people can get upset if they discover a company has a cavalier attitude to sharing personal data; as Google discovered with Project Nightingale.
This makes the ability to maintain anonymity and security while sharing data critically important for businesses, especially those in the financial sectors, where the payoff and the risks are high stakes. Say a bank suspects a client of financial misconduct, such as money laundering, and as part of establishing the trail, it needs to verify transactions with other institutions.
“[Banks] can’t necessarily openly, freely share all the information. But if I can ask you a question and do so in a secure and private capacity, still respecting all the access controls that you’ve put in place over your own data, then it allows that collaboration to occur,” Williams stated.
Homomorphic encryption enables the data to be searched while remaining encoded, so no personally identifiable information is ever revealed and regulation compliance and security is ensured.
Current use cases among Enveil’s clients include financial regulation, with banks able to securely share information to combat money laundering and other fraudulent activity. Global transactions are simplified by allowing collaboration regardless of national privacy restrictions. And in healthcare, hospitals and clinics can share patient details to research facilities and remain confident that they are not disclosing sensitive personal data.
After just over three years in operation, Williams is proud of what her company has accomplished. “It’s really pretty impressive,” she said.
It is. Breaking the male-dominated culture of cybersecurity, Williams has created a company that is at the forefront of data in-use security, recently announced a $10 million Series A funding and is looking to expand globally with new product lines that enable advanced decisioning in a completely secure and private capacity.
“We’re creating a whole new market,” Williams said. “[We’re] completely changing the paradigm about where and how you can use data for business purposes.”
Here’s the complete video interview, part of SiliconANGLE’s and theCUBE’s coverage of the RSA Conference:
Since you’re here …
Show your support for our mission with our one-click subscription to our YouTube channel (below). The more subscribers we have, the more YouTube will suggest relevant enterprise and emerging technology content to you. Thanks!
Support our mission: >>>>>> SUBSCRIBE NOW >>>>>> to our YouTube channel.
… We’d also like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.’s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we don’t have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.