This Interview was made possible by our friends at
Domain name registration, premium domain auctions, and domain monetization services
Manmeet Singh is the Founder and CEO of Dataguise. Manmeet comes from a technical background, he received a Master’s Degree in Computer Science from Thapar Institute of Engineering and Technology in India. Over his career he started out as an engineer but has also taken on roles in marketing and operations. He has held two VP of Engineering positions at Miri Technologies and Zeneb Inc. He also was a technology manager at Oracle. Dataguise is Manmeet’s current entrepreneurial venture.
Dataguise is a data security company. It specializes in finding sensitive information using their DgDiscover tool. It allows enterprises to identify and find sensitive data and then provides actionable information for managers to help secure it. The second product Dataguise sells is DgMasker which allows companies to control what information is passed to different applications and whether or not to mask elements of it. Dataguise aims to help enterprises with their compliance needs and information security.
How did you come up with the idea for Dataguise? Is the company that exists today what you originally envisioned?
I gained my IT experience working at large banks, healthcare organizations, and in retail. One thing these all these industries have in common is that within these organizations, substantial numbers of people had unfettered access to volumes of private information that had no bearing on their jobs. This was especially the case with data residing in “non-production” settings such as test and development or QA environments. I had been aware of this since the early 90’s, and after years of discussing it with the other Dataguise co-founders – whom I have known for years – we decided to do something about it and founded Dataguise in 2007. Dataguise products were developed to address the security and privacy issues that come with that kind of exposure.
The best way to secure data in non-production environments is to mask it by scrambling it or replacing it with false data, so if the database was breached the information would be useless. However, before you actually mask any data you need to know what to mask, which is how our first product, DgDiscover came into play. Masking itself was an existing technology but people were not doing masking because masking vendors weren’t leveraging the advantages offered by database technology. By leveraging the power of the database, we enabled organizations to automate the process, introducing the ability to set policies and implement granular controls based on the organization’s business requirements. Our ability to leverage the inherent advantages of database technology has enabled us to transform data masking, turning what used to take months and weeks into hours and minutes. For more information on exactly how we do that, please visit http://www.dataguise.com/resources/index.html.
As for the second part of your question, the company that exists today has way exceeded my expectations. As a first time entrepreneur starting a company in 2007, I never thought I have would be able to grow the company this big. Right now we have about 43 people, 25 in the US and 18 in India. This includes a strong focus for both commercial and federal customers. Despite the rough economic climate we have been able to raise money, close deals, and hire great people. Even more exciting is that 2011 is looking to be a tornado year in which we experience spiked growth.
You’ve hired a nice sized team, what has been the hardest part about bringing in talent to Dataguise? What strategies and techniques do you use to find the right people?
Initially, the biggest challenge I had talent-wise, was finding senior technical people that had the right mixture of database and security expertise. Despite the fact that there has been quite a bit of recent hype surrounding database security, I found it tough to effectively recruit people with the right blend of expertise -especially when it comes to masking, which conceptually relates more to the database side then the security side.
Initially, I used my own connections to find these people. People I or the other founders had known or worked with in the past. LinkedIn and other professional social networks at the time were not as powerful or evolved as they are today, so our efforts consisted of culling through hundreds of business cards, rolodexes, and emails, targeting the people I thought would be the best fit, found out who was working where now, and them sought them out. Then came the challenge of selling them on Dataguise and convincing them to join the company.
The first year we did not have a lot of money, so retaining that technical talent was tough. It was no easy feat to convince them to leave companies such as Oracle and VMware. Once we raised some money it became easier to recruit the needed talent and I was able to hire developers, architects, product managers, etc. However, then I had to raise more money, which was challenging given the economic climate of the past two years. Next I needed a sales team, which put me in an area where I did not have any connections. In order to find good salespeople, I had to use headhunters.
What are biggest weaknesses in any organization’s IT infrastructure and what type of basic policies can a startup employ to try and mitigate their risk?
Data security is a huge issue and there is no silver bullet or one-stop shop. Dataguise has built a business on helping enterprises attacking one piece of the problem – securing non-production data – and doing it better than anyone else. The use cases we focus on – securing data in test, QA and development environments in particular – have been terribly underserved by the security community.
In order to craft a useful data masking strategy, you need to understand what the data is being used for. Once you know that, you can craft policies accordingly. For example – you work for a University, and are collaborating with two other universities on doing clinical research. Everyone needs to know out of 1,000 patients, how many of the over 40 have had heart attacks, what city and state they live in, their sex, their age, and the relevant medical info. But you don’t need to share their names, street addresses, birthdates, or social security numbers – so why not mask that data?
In a corporate setting, the CSO’s group would likely be the one deciding what data needs to be masked, but the questions you need to ask are the same: Who will be accessing the data? What for? Do they need full access to everything? Why or why not? Once you have that context, you can create masking policies that will allow you to leverage database information needed for people do their jobs and mitigate the risk of anything bad happening if the data was stolen or accidentally exposed.
What are some of the biggest privacy concerns that enterprises face? What trends do you see in enterprises regarding privacy?
I see two major drivers influencing how enterprises will approach privacy: regulatory compliance and cloud computing.
From PCI to GLBA, SOX, HIPAA and the Massachusetts Data Privacy Law (referred to as HiTECH) enterprises have all sorts of requirements surrounding how to manage, secure, store and share information about and with employees, customers and partners. And that’s just in the U.S. If you are a global company, privacy requirements can differ from country to country, which can add a great deal of complexity to the process.
As companies gain experience dealing with the requirements of one regulation, a new one comes out, which unfortunately, makes the whole thing a bit of a tail-chase. With the Federal government coming out with it’s own version of HiTECH, we expect an even greater focus on data privacy in 2011 and beyond.
The push to move data to cloud environments means that an organization’s IT infrastructure is going to be outside the house. Not only will they be moving their test and development databases to the cloud, which should absolutely be masked before they are moved, but both enterprises and cloud providers will have to test the integrity of the cloud environment itself, which should absolutely be done using masked data.
Your company is focused on the company side of protecting information. Data leaks do happen on occasion and most of the time you hear about the company’s response. What can users/consumers do to protect themselves beforehand and afterward?
The best thing consumers can do is to educate themselves on how the data will be stored and shared before they provide it. If they can’t do that, then they need to take a much more active role in how do they manage the data. A lot of people care about how data is shared between third parties, but they don’t care so much about how the data is shared and disseminated within the organization – in most cases the person interfacing with the end user – the doctor, the banker, the retailer, have NO CLUE what the chain of custody of the data is across a 50,000+ person company.
If enough people start asking that, then there will be pressure for them to have answers, and that is a start. Our society is based on convenience – people have no qualms about sharing sensitive information – once you put it online, you have NO idea how exposed that information is, and it is completely accessible to a lot of people inside the organization – do they really need full access to every single detail in order to do their jobs?
If they answer is no, which it is in the majority of cases, then they should be thinking about how to protect it so that if a breach does occur the impact is minimal.
You worked at Oracle in the past. If you were advising a fresh graduate/entrepreneur, would you recommend joining an industry heavyweight before trying to create a startup in a field?
Experience, of course, is always relevant, but an entrepreneur should not be blinded by someone having big company experience simply because they have it. Working in a big company – an Oracle or IBM, for example – gives you visibility and mindshare with customers that is either harder or takes longer to achieve at a start-up. At the end of the day it is still about what the individual brings to the table.
In fact, in some cases it could be a detriment – sometimes larger companies only expose you to only one aspect of life, you never get exposed to anything beyond them. If I am evaluating two candidates for the same position, it is all about their skill set and what they can contribute. Because smaller companies have less people and resources, employees can end up, out of sheer necessity, taking on a wider set of responsibilities that result in them having a more sophisticated or strategic approach to their jobs.
One thing I would encourage young entrepreneurs do, no matter what size company they are in, is to find a mentor. Having someone who either has experience with what they are trying to achieve to guide and them through the process is incredibly helpful.
Find the right Domain Name for your business at Fabulous.com!