Outward VC led the £2.3m round in eXate with additional backing from ING Ventures and Triple Point Ventures.
Organisations of all shapes and sizes are dedicating greater focus than ever over the governance and protection of sensitive data, which is almost ubiquitously viewed as mission critical due to a number of emerging drivers and challenges. These include a growing number of jurisdiction-by-jurisdiction regulatory regimes (e.g. GDPR, CCPA), increase in the frequency of cyber-attacks and data breaches, an exponential increase in data produced on individuals and businesses, and the complexities of technology stacks that data now sits, particularly within large enterprise. The importance of striking an appropriate balance between data privacy and protection along with the commercial opportunities presented by data has never been greater.
This challenge has resulted in a boom of cutting-edge technologies designed specifically to protect sensitive data and maintain sufficient integrity and utility, broadly known as privacy enhancing technologies (PETs). These emerging PETs include various methods of data encryption (e.g. Homomorphic encryption), the addition of probabilistic ‘noise’ to data (e.g. Differential Privacy), new secure computational environments (e.g. hardware secured enclaves), synthetic data and a long list of others, each attempting to enable an organisation to protect its most sensitive data. This is particularly relevant for use cases such as analytics, machine learning, application testing, cross-border data transfers, third-party data sharing and other business applications that may vary from sector to sector.
The proliferation of these technologies have been effective in addressing some of these challenges, especially at a micro level (e.g. a single application or system). At an organisational or enterprise level however, this can create further issues. This is in part due to the technological limitations of PETs, which are each typically well suited to a narrow set of use cases, but also due to legacy practices within many large organisations, where data protection has historically been managed at an application level, meaning it is managed and controlled across hundreds, or even thousands, of applications and APIs.
The combination of these two factors lead to material costs, inconsistencies with how identical data attributes are protected across multiple applications, and significant complexities around governing data access, analysis and sharing by an organisation, both internally and externally. Material costs commonly result in projects involving sensitive data at large organisations never getting off the ground, whilst inconsistencies in data protection and poor data governance can lead to a lack of regulatory compliance and/or data breaches. In all cases, the costs can be severe.
Founders Peter Lancos and Sonal Rattan – two ambitious former business leaders at HSBC – set out to address these problems experienced first-hand through a bold, collaborative approach to simplifying the way that data is securely accessed, shared and governed – referred to as DataSecOps.
Founded in 2018 and designed on these principles, eXate combines and orchestrates multiple PETs within a single platform, built on a foundation of rich governance and controls. The platform enables the owners of data policies within an organisation to create granular rules through a simple, intuitive interface that reflect the data policies. Once set up, the platform can automate the technical enforcement of these rules at scale across a variety of data infrastructures, including databases, APIs and CSV files, ensuring data is appropriately and consistently protected at an attribute level. The result – what formerly took clients days or weeks to achieve on an application-by-application basis -can now be realised in minutes, at scale.
It is no surprise that some of the world’s largest organisations across a range of sectors including banking (including incoming investors, ING), asset management and telco are now working with eXate, as they look to move away from legacy data protection practices and move forward toward principles of DataSecOps. Use cases range from third-party data sharing, testing of production data in non-production environments, and cross-border data flows that must adhere to a number of local data laws and regulations. Whilst the use cases vary, the drivers are consistent. The old ways of managing data have reached a threshold of difficulty that are no longer tolerable for organisations that intend to be truly data driven.
What is more of a surprise is that Peter and Sonal have taken eXate to this point with a very lean (but highly driven) team and incredibly modest funding. Their proven ability to build an enterprise-grade product along with their vision, infectious personalities and tireless work ethic made them a perfect fit for Outward.
We look forward to supporting the team on their mission of simplifying data protection through DataSecOps and building a category defining business in this exciting space.