Several years ago, on a dairy farm in the small Irish village of Dundrum, four technologists — Maxim Dressler, Ryan Lasmaili, Shaun Mc Brearty and Tilo Weigandt — brainstormed solutions for what they saw as a fundamental problem in data security: unencrypted text files. According to a 2016 survey commissioned by CyberArk, 40% of organizations store admin passwords in a Word document. A separate study from Entrust, published in 2021, found that only 42% of organizations use encryption to secure customer data.
Spurred by the trends (and the large addressable market), Dressler, Lasmaili, Mc Brearty and Weigandt developed software that let companies work with fully encrypted data without first needing to decrypt it. They then commercialized it, founding Vaultree, which sells access to the software in a software-as-a-service model.
“Most companies encrypt data at rest on their server, often sacrificing security for performance speeds to do so. However, when their employees, customers and partners use data in apps, it’s unencrypted and vulnerable,” CEO Lasmaili told TechCrunch via email. “Unencrypted data is shared with third-party companies, creating even more cyber vulnerabilities… We wanted to grab the problem at its root, going straight to fully encrypted data processing in live production database environments and enable a truly encrypted tomorrow.”
Vaultree uses a form of encryption known as “homomorphic encryption” to secure data. Unlike traditional forms of encryption, which make using encrypted data impossible without decryption, homomorphic encryption allows software to perform computations, searches or analytics as if the data wasn’t encrypted. With homomorphic encryption, users don’t have to surrender their encryption keys. And if a data leak occurs, the encryption renders it unusable to bad actors — in theory, at least.
While not new — one of the first homomorphic encryption schemes was proposed in 1978 — recent innovations have made homographic encryption viable to implement at scale on today’s hardware.
“Third-party apps [are] able to work on encrypted ‘Vaultree’d’ data as if it’s decrypted, enabling unlimited, easy collaboration,” Lasmaili said. “Operational performance is not inhibited, and [t]here are no complexities such as plugins, proxies or APIs… [E]xisting tech stack and database architectures can be used.”
There’s a growing market for homomorphic encryption, and Vaultree is just one of several startups rising to meet the demand. (Global Market Insights predicts the industry could be worth $300 million by 2030.) Ravel and Duality are two others; Duality recently scored a $14 million DARPA contract for its hardware-accelerated homomorphic encryption tech.
All homomorphic encryption platforms have their drawbacks, to be clear. As homomorphic encryption struggles with poor performance — encrypted files tend to be larger than their unencrypted counterparts — it’s infeasible for certain computationally heavy applications. It also doesn’t provide “verified computing”; without additional steps, homomorphic encryption offers no guarantee that the correct computation was performed.
Lasmaili didn’t address those limitations directly, save claiming that the Vaultree platform offers better-than-average performance. But he asserted that Vaultree improves upon rival platforms by offering more flexibility in what companies can encrypt: data in use, at rest or in transit.
Vaultree is a Google Cloud partner, delivering what it claims is one of the first fully managed, functional data-in-use encryption schemes. And for on-premises setups, Vaultree provides a software development kit that lets customers slot its tech into their existing software environments.
Investors apparently like what they see. Vaultree this week closed a $12.8 million Series A round co-led by Molten Ventures and Ten Eleven Ventures with participation from SentinelOne, Elkstone Partners, CircleRock Capital and Cyber Club London, building on an October 2021 seed round totaling $3.3 million.
“An enterprise can opt for which databases, columns and even column names to encrypt or not, with granular access levels to mitigate risks even further,” Lasmaili explained. “Vaultree does not hold client data or keys — control and ownership stays completely with the enterprise using our toolkit.”
Vaultree, which has a staff of 48 and has raised $16.1 million in venture capital to date, claims to have recently onboarded “several multinational corporations,” including U.S., European and “international” healthcare sector organizations and financial institutions as clients. (Lasmaili declined to reveal the size of Vaultree’s customer base or early revenue numbers, or burn rate.) The focus over the coming months will be iterating features and covering new databases to expand support for various tech stacks, Lasmaili said, as Vaultree prepares to make its service generally available after a months-long beta.
“Cybersecurity is one of the most essential tech sectors and pretty strongly positioned to overcome potential headwinds,” he added when asked about the current economic climate and its potential impact on business. “Encryption in particular has been receiving a lot of attention over the last few years and that we were able to secure such a significant investment in these times is proof that the space is growing further in importance and size. Vaultree itself is putting a high focus on R&D with continued efforts in cryptographic innovation development and patent registrations to always be at the forefront of data protection.”