© CEOCFO Magazine -
CEOCFO Magazine, PO Box 340
Palm Harbor, FL 34682-
Lynn Fosse, Senior Editor
Steve Alexander, Associate Editor
Bud Wayne, Marketing
& Production Manager
Christy Rivers -
Founder and CEO
Interview conducted by:
Lynn Fosse, Senior Editor
Published – January 11, 2021
CEOCFO: Mr. Kumar, what is the vision behind Kapalya?
Mr. Kumar: When I started the company, I was a cyber security consultant working with the State of Hawaii’s CIO and was assigned the responsibility of protecting the 2016 presidential elections data from getting breached. I recognized that there were many foreign government sponsored cyber criminals that were trying to infiltrate the election systems to steal voter registration data, which contains social security numbers, home addresses, phone numbers; basically, personal identifiable information. These data are people’s livelihoods and their identity to society. Therefore, my mandate was to protect this data and that is where the idea for Kapalya was born. Kapalya’s mission, our mission, is to make it as difficult as possible for cybercriminals to infiltrate, breach, and extract data regardless of where the data resides.
CEOCFO: How are you able to do it in a way that perhaps others have not recognized yet?
Mr. Kumar: What many companies do is what I call “prevention”; they are doing blocking and tackling. That means that they will say, “Let us see which avenue or angle the cybercriminal will penetrate my network, which way will they penetrate my servers, or which way will they penetrate my cloud account,” and they start blocking and tackling there. However, there is a myriad of companies that are already doing that, but what is it that the cybercriminal objective at the end of the day? At the end of the day, the cybercriminal wants your data, because data is now the new “gold or oil”. Data is valuable when it is interpretable. Therefore, one of the best ways to protect your data is to encrypt it. However, data encryption is only half of the solution. If you encrypt your data, you need a key to decrypt it. Now, if the key is readily available and cybercriminal can quickly find it, you will be compromised. That means preserving and maintaining the keys for the data set becomes paramount. What we have found was that many companies are struggling to manage encryption keys for thousands or tens of thousands or even hundreds of thousands of users across multiple devices and geographical locations. It becomes a very daunting and challenging task. We are saying that we will encrypt all the data regardless of where it resides, then we will ensure that the way that we manage the keys is a different approach than what the industry is doing today, making our solution so much more superior to what is offered in the industry.
CEOCFO: Would you tell us about the unique approach?
Mr. Kumar: Absolutely. I will give you a very simple analogy. Generally, people have different keys for different things; you would have a key to get inside your office, a key drive your car and a key to open the door to your house. Those are three different keys. You do not want one key to open all three doors for you, because if this one key gets stolen -
CEOCFO: How does someone get the key to a file they want to open?
Mr. Kumar: That is the secret sauce that we have developed, and our intellectual property. Essentially, we have
servers that are serving from private, public or hybrid cloud, so we serve the keys in real time. Kapalya agent would be running on your mobile or end-
With Kapalya’s solution, the user experience is exactly the same. You would double click on the Excel spreadsheet, but because the file is encrypted you need to decrypt the file before Excel launching the content. Once the file is double clicked on, the request is sent to our cloud service to say, “This is Lynn; she is coming from her laptop, she is a registered user and she wants to open this file called Excel123.” Then in real time, we run our algorithms on our service to verify the following: 1. That is actually Lynn coming in and authenticate you. 2. You are coming from a device that is registered to you. Unless those two checks are passed successfully, and the particular file is legitimate, we will not give you the key. If all of those checks and tests are passed then, in real time, we go to a different server; i.e, where the keys are stored, which is a FIPS-
CEOCFO: Can you open files from different devices?
Mr. Kumar: We allow each user to register up to five devices. It could be a combination of laptops, tablets, phones or even a virtual desktop environment. We offer two models for our services. First model, the company virtually buy all the servers and we would empower their systems administrators to then register the users. The company knows their users and the type of devices issued to their users, so the systems administrators would then register your device to the user profile. If your device is not registered, you will not be able to get any of the keys or do anything else. The second model is, where we would manage everything for the company. It is in a multi-
CEOCFO: What types of companies, industries, sizes or geographies recognize what you are doing and are understanding and want to get involved?
Mr. Kumar: We started with state government, basically the public sector. Then we also started engaging with the Federal government. I was actually invited to present our solution inside the Pentagon last year personally. However, they wanted me to tweak my program based on their requirement, but they were very intrigued and very interested in it. That was basically where we started from and since then, we have branched out to the private sector and the industries that we started targeting was the software services industry in Silicon Valley. Where we are finding a lot of traction is with other regions where they do not have access to public cloud services like Amazon Cloud, Google Cloud or Microsoft Azure Cloud. Where many cloud services provide, or offer their own services and they can offer encryption as a service, so they are embracing this service. We are signing up couple of those currently. We have not really hit the healthcare market yet, but the financial services are very excited about our solution. The legal companies and accounting firm are very excited about this because there are many sensitive documents that go back and forth and they want to ensure as much confidentially and protection as possible. Industries that have requirements to protect intellectual property, confidential, private information, personal health information or personally identifiable information, including government, are all prime targets for our solution.
CEOCFO: When you are speaking with the right person at a potential client, do they understand Kapalya? Is there an “aha moment” when someone listens and says, “Oh yes, we have to do that.” What do you find when you are presenting Kapalya?
Mr. Kumar: The answer to that is “It depends.” Usually, there are clients, like smaller companies, that do not really have an IT department, let alone having a security department. They say, “Yes, we get it, we understand that this is a requirement.” The more sophisticated/technical savvy client that have large budgets and that have a large IT department; at first, are very skeptical, simply because, they say, “We already have all bases covered and our team has everything under control.” Then I will say, “Give me another chance to explain and I will go through the details.” Usually on the second or the third meeting, they really see how different our solution is, and what we are doing, verses what they already have existing in place. That is when they say, “Yes, this seems like something we would like to try.” Those are the kinds of reactions that I have been getting most of the time.
CEOCFO: What is involved with implementation?
Mr. Kumar: Usually, we will sell them two different servers. One is our provisioning server and the second server is the key server. When I say server, it is a virtual server software license that they purchase; they can install them on their instance of any private, like, the Amazon AWS Cloud, or they can install it on their private could, inside their own data center. Then they install the agents across their endpoints; meaning all of their laptops, desktops, VDI and mobile apps on their smartphones and their tablets. Our solution pretty much takes care of everything.
CEOCFO: Would you tell us about your recent funding and how you will be using the money?
Mr. Kumar: We are pretty excited about this. The funding was not through a traditional VC. It came through a strategic investor, predominantly, in the United States, where they are very active in construction space. They work on very large projects, including building the new segment of the San Francisco, Oakland Bay Bridge in California. However, in other parts of the world, they have a cyber security practice, and they saw Kapalya as one of the key elements that would complement their existing cyber security offerings. Once we started connecting to their customer base, they were able to see the excitement and the traction with their entire existing customer base. That is when they said, “You know what, we would like to make an investment and take share of the company, that way we are more closely aligned and then we will make this venture successful.” That is the reason why they made the investment. The investment money will be used in two main areas. One is on the research and development on the engineering side to enhance our product and to build new features and to keep rolling out new versions with new feature sets that their customers are asking. The second, which is the most important one, is to really, ramp up our sales and marketing. That is because the sales and marketing budgets are huge and they take a long time to close deals, and that is where the bulk of the money would be going. Therefore, I would say that three quarters of the money will be going towards sales and marketing and closing customers and supporting those customers. The reminder of the fund will go to R&D, where we will be enhancing the product and rolling out new versions.
CEOCFO: What have you learned as more and more people are using your product?
Mr. Kumar: That is a great question. What I am initially finding is, that people have a poor sense of protection and that making me somewhat concerned. “I got this solution so I am protected,” and I say, “Not really.” When I go to the deeper conversation, and I explain to them that existing product only protects them only in one place and does not protect them all the way, that is when they light up. What I am finding out is that more and more people recognize cyber security as an essential business requirement, and that they need to invest on. I also recognize that they have bought all these solutions and implemented them, but I am finding that there is a false sense of security and they really need to understand more about the cyber security. I am educating them on where they are vulnerable and how they cyber criminals are actually using very sophisticated techniques including artificial intelligence to penetrate their systems and breach them, especially with ransomware. My biggest finding so far is that most people think that they are protected but that is a false sense of protection. Just because they get a compliance sheet from the government or whatever industry they are in, and they check that box to say, “I got that system, so I am protected.” However, just because you checked a box from a compliance sheet, does not make you protected. You need to do all of these other details that are not provided by existing solution. That is what I am educating them on and that is why I am explaining them what our solution will do for them, to make sure that we are part of the last line of defense, when everything else has been penetrated and their bots steal your data. We say, “Go ahead and steal it, you will not be able to read it.” Your data will be worthless to them.
CEOCFO: Do you see a point in the future when insurance companies or government agencies might require your system?
Mr. Kumar: Yes. Cyber insurance has become a major thing right now. Many companies are saying, “That is great that you have a solution, but I have cyber insurance, so if something happens it is not on me, it is the cyber insurance that is going to cover the cost.” While having cyber insurance you will be covered for the cost of recovery after a breach, but what about the intangible damage that was done to your company, to your brand name, and to your reputation, and how your customers will perceive you? It will be very difficult to gain their customer’s trust and business. Using our solution, ensures that your data is protected and unreadable if copied by any cybercriminal. Governments and insurance companies must recognize that there is a huge need for our solution and I am hoping that they will start partnering with us. I am not saying that they have to officially mandate something of this nature, but they need to recognize the real need for our solution and work very closely with us; absolutely.
CEOCFO: Why does Kapalya standout?
Mr. Kumar: It is simple. Everyone is, as I said, shouting prevention, prevention, prevention, but what they are doing is perimeter defense. The market is crowded, there is too much noise and generally speaking, enterprises and consumers are confused. Our message is, we know what the cybercriminal are looking for; your data. How do we protect your data? By encrypting it. How do we manage the encryption keys? By using a very innovative technique that we have developed. Therefore, we have cut the chase of giving you fancy cyber-
Kapalya, Sudesh Kumar, Encryption Management Server, Key Management System, Protect your Data, wherever it Resides, CEO Interviews 2021, Business Services Companies, Government Services Companies, Global Company, Encryption Management Platform, Encryption Key Management Plan, Key Management Service, Key Management Software, Key Management Infrastructure, Manage keys, encrypt data, encrypted file sharing, encryption key server, share data across endpoints, safely share data across public clouds and private clouds, Kapalya Press Releases, News, Twitter, Facebook, Linkedin
“While having cyber insurance you will be covered for the cost of recovery after a breach, but what about the intangible damage that was done to your company, to your brand name, and to your reputation, and how your customers will perceive you? It will be very difficult to gain their customer’s trust and business. Using our solution, ensures that your data is protected and unreadable if copied by any cybercriminal.” Sudesh Kumar