The global pandemic, along with the digital transformation it accelerated, broadened corporate attack surfaces exponentially. As a result, there were almost 1,800 publicly reported data breaches in the first six months of 2021 alone, accounting for the exposure of 18.8 billion records. Among these were devastating, large-scale breaches of consumer names, contact details and financial records, such as the ongoing Accellion compromise that has impacted over 100 companies, organizations and government agencies, and the recent T-Mobile breach that exposed the details of 47 million customers.
Tide Foundation, a Sydney-based, five-person startup competing in TechCrunch Disrupt Startup Battlefield this week, claims that its “first-of-its-kind” encryption protocol could make this so-called “cyber breach pandemic” — a tagline the nonprofit was using before the global crisis struck — a thing of the past.
However, tackling cybercrime hasn’t always been the mission of Tide co-founders Michael Loewy and Yuval Hertzog. In fact, the startup was born out of the team’s prior business, a marketing platform called Ziva that helped to connect enterprises with consumers over Internet of Things (IoT) devices. While the business grew quickly, attracting a number of big-name enterprise clients, Ziva soon ran into a privacy problem when architecting a campaign for Kellogg’s. The campaign in question was a “Special K Fitness Challenge,” with participants sharing data from wearables with rewards based on the number of kilometers completed.
“We collected accounts of tens of thousands of people, and we knew everything about their lives — way beyond what they knew themselves; their habits, health and even their nutrition,” said Hertzog, who runs the technology side of the startup. “This was a treasure trove for enterprises, but we couldn’t avoid the fact that we’re sitting on very sensitive information.”
Tide realized that it needed to safeguard this data but failed to find an existing solution that ticked all of the boxes. That’s when Tide, a blockchain-based encryption method, was masterminded.
The protocol, which the startup claims is the first “true” zero trust authentication method, can be deployed into an organization to encrypt sensitive data, such as customer records and financial information. Each record has its own encryption key, and each key is controlled by a decentralized guardian.
“No one has nailed a proper zero trust model, because no one really has zero in their trust model. We are the only one offering an entirely zero trust model,” said Loewy.
It’s “virtually impossible” to hack, too, according to the startup. The key is split between a group of nodes, and no node has access to or knowledge of the whole key, or the authority to act on its own. This makes malicious access to your key almost impossible.
“When — not if — you hack it, you have to invest resources to hack at least 20 computers, at 20 locations around the world, and even then you reach a fraction of the data you are after,” said Hertzog, adding that while Tide has worked to make its technology hacker-proof, it’s also been keen to ensure it passes the “grandpa test.”
“This link between the human world and the computer world is very challenging. We put a lot of effort into human interaction, and we built a way for human beings to engage with the system through the simplest mechanism that exists today, which is username and password,” said Hertzog. “It’s definitely not foolproof, but at least with us, it’s billions of times harder to attack you using a password. Saying that, our technology starts with supporting usernames and passwords, but it can support biometric authentication.”
To date, the Tide Foundation has raised the equivalent of $2 million, primarily from Angel investors, and the five-year-old startup has also secured the backing of some big names in the cybersecurity world. Willy Susilo, a distinguished professor at the School of Computing and Information Technology in Wollongong, Australia, is an adviser to the company, alongside the likes of former Microsoft director Peter Ostick and Tom Dery, former global chairman of M&C Saatchi.
The well-supported startup is now focused on getting Tide out to the market, and as a result of the pandemic and the cybersecurity chaos that ensued, it’s already in demand.
“We were talking to companies abut privacy and protection before the pandemic, and the response we got was that ‘if we get hacked, we’re in good company,’ ” Hertzog said. “The conversation changes after COVID. We’ve been chased down by the academic world, healthcare, law practices and critical infrastructure — an entire area that is completely exposed.”