Cybersecurity has undergone a massive transformation over the past decades, with more experts now advocating for zero-trust and no-view security solutions.

Odaseva Technologies SAS, which evolved out of Salesforce Inc., looks to be the no-view security provider for large enterprises trying to maintain data compliance. The company recently secured a $54 million Series C round for expanding internationally.

“The role of Odaseva is to help customers complete and execute with them the different responsibility that they have from a security standpoint: from the confidentiality, making sure the data is not going to be stolen; integrity, making sure the data is not going to be corrupted; availability, making sure the system is not going to into facing an outage; and then compliance, helping to execute compliance from privacy regulation or industry regulation or even security regulations,” said Sovan Bin (pictured), founder and chief executive officer of Odaseva.

Bin spoke with Christophe Bertrand, principal analyst for theCUBE Research, for an exclusive interview on theCUBE, SiliconANGLE Media’s livestreaming studio. They discussed the evolution of security and compliance, as well as its impact on artificial intelligence.

Data compliance in the modern era

In 2015, Microsoft Corp. outlined a shared responsibility model for cloud computing, which means that the user is partially responsible for managing the back up and confidentiality of their data. This can be a complex task for many customers who have to navigate compliance regulations.

“When you work with very large enterprise and you protect and secure their data, the first thing that you need to make sure that you are doing is by securing the data that you don’t generate a security risk,” Bin said. “So, we decided at the creation of the company to become a no-view provider.”

With no-view security, a company processes information for its customers but its own employees cannot actually see the data itself. This safeguards the company’s system against hacking, according to Bin.

Since the first wave of cybersecurity regulations in the late 1990s, data compliance has evolved to be “an extension in a sense of human rights into data,” as Bertrand puts it. The first major shift came with the 2016 General Data Protection Regulation, a piece of European Union legislation aimed at protecting personal data.

“It was a huge revolution in the regulation industry because, suddenly, the regulation was less on the legal side but very strict on how you should operate the data at the architectural level,” Bin said. “From GDPR, which was on the privacy regulation, it propagated first of all from Europe to the U.S. with CCP in California being the first. But that was the beginning of a huge wave of regulation across the globe.”

Following GDPR, China then redefined the concept of residency with a focus on all data being stored and processed in Chinese borders. Since then, data and security compliance has grown trickier for companies to follow.

“[GDPR] triggered a wave of regulation dedicated to technology with the acceleration of the cloud, the acceleration of AI,” Bin said. “It’s one thing to have a copy of your data. It’s another thing to prove that you have a DRP, a disaster recovery plan that you are testing very regularly and proving that in case of an incident you have not only the right technology, you have the right procedure.”

Shifting to no-view security

Odaseva went through a long development, with a seed round in 2017 raised by Salesforce Venture and Partech, followed by a Series B with Eight Roads and F-prime in the Fidelity group, and most recently, a Series C that raised $54 million with Silver Lake.

“Extracting, loading, transforming, securing or encrypting data without viewing it is actually easier said than done,” Bin said. “It took us five years to implement the solution to both be able to scale and do all of those operations from a no-view product perspective. After five years, the problem was being solved and then we were ready for go to market.”

No-view security will hold a lot of value for AI, an area that has been the focus of a lot of privacy concerns. With Odaseva, customers can avoid the security risks posed by large language models by encrypting their data before plugging it in, a reassuring proposition for the AI era.

“The revolution that we bring with Odaseva Zero Trust is you no longer need to trust a vendor. That’s why you will trust them to the maximum level, because they cannot steal from you and they cannot see the information that you have,” Bin said. “That will apply to AI as well. If you like, for example, to store information that you like to be able to retrieve through AI, but you don’t want this information to be visualized directly, you can proceed with encryption or tokenization.”

Here’s theCUBE’s complete video interview:

Photo: SiliconANGLE