Interview: Haventec explains security through decentralisation
Robert Morrish joined cybersecurity startup Haventec as CEO in 2016 from Macquarie Group, where, as head of Digital Architecture and Strategy, he was instrumental in transforming its digital API platforms. Throughout his career he has always focused on solving massive challenges that affect millions of people, though he credits an incident in his childhood for teaching him a valuable lesson about resilience:
“I was hit by a bus when I was young. After three weeks of hell, I was presented with a choice — continue to try and save my foot, or amputate. My decision to amputate became one of the most empowering decisions I ever made. It inspired me to always prove to myself that I could do anything. I learned how to identify goals and break down the steps I needed to take. Since then, I have been a Paralympian, travelled the world and helped build two technology firms. My job now is to turn the game-changing technology developed at Haventec into a global commercial success.
Haventec was founded in 2015 with the aim of revolutionising cybersecurity by restoring privacy to interactions between individuals and organisations. It offers two technology platforms — Authenticate and Sanctum — that decentralise data and user authentication storage to make core system hacks impossible.
Robin Block sat down with Robert to discuss the impact of this technology.
What differentiates your technology offering and why does it matter?
Robert: Our goal is to give organisations a more trustworthy way to manage sensitive and critical data, while also allowing them to deliver a slick, frictionless customer experience.
The problem with traditional data security is that key stores are often on the very networks they are protecting, and the perimeters of networks have all but disappeared with BYOD, cloud applications and SaaS solutions. So when hackers target an organisation they have plenty of ways of getting in — and they are highly focused, funded and motivated to do that, because as soon as they get to the key store they can unlock and steal even more valuable data quickly and easily.
The necessary question is: how do we store data in a way that is actually safe? Encryption is the common answer, but it is insufficient. Computing capabilities are advancing to the point that most current encryption will be rendered useless within a few years. Right now people are stealing encrypted data knowing they won't have to wait long for a way to break into it.
Haventec aims to futureproof organisations against the threats of hackers using quantum computing. We had independent testing done by David Hook, who wrote cryptography for Android, and his first report said our identity management product Authenticate was built on quantum resistant attack architecture — which we knew, but it was great to hear in an independent review.
We don't use central key stores. Our products encrypt data, deconstruct the data, and then distribute it into multiple locations — meaning a hacker has to approach multiple locations simultaneously within a very limited timeframe to launch an attack before we change everything around.
Our Sanctum product decentralises sensitive information such as PCI, so whenever you unlock a crypto vault on Sanctum, we actually destroy the old vault, create a new one and then deconstruct it.
For our Authenticate product, we decentralise user identity into three parts. The hacker has to come after our server, your device and the secret that is in your head. That last piece of information is never stored or transmitted in its raw form, and changes every time you interact with us. We have basically made it really expensive and really hard — if not impossible — to go after one account, let alone millions, and we have made it completely impossible to have a central network breach. Losing a million accounts in one go won't happen with our system.
What are the main verticals you are looking at as expansion opportunities?
Robert: We began the commercialisation phase of the company in February of this year — prior we had been building and perfecting our technology. Our intent has been to talk to everyone and see which sectors, verticals and industries spark the most traction, and so far the three most significant areas are financial services, IT and real estate. Real estate was the surprise, but, in both the commercial and residential space, there is a huge opportunity with the advent of IoT and smart buildings.
We have two delivery models. One is a cloud-managed SaaS solution and the other is on-premise. However, with the latter, we literally deploy our cloud platform on-premise and integrate it into the organisation with a multi-tenant platform, which allows us to use one code base. The next move is to finish the process of getting PCI compliance for our cloud service, so we can launch Sanctum into the payment space and eliminate credit card tokenisation stores.
How are you building the business — what is the future for Haventec?
Robert: We've signed our first Australian contract with banking and financial services company Cuscal, which will see it roll out a new app on Haventec Authenticate. We are in the process of signing a deal to licence both Authenticate and Sanctum to a property transactions firm, and our focus over the next 12-18 months is to prove our product stories in Australia, Singapore and America: we have real products that solve real problems.
Our platform is a ubiquitous replacement for usernames, passwords, and two-factor/one-time password codes. We give you one simple experience that doesn't require a mobile device. We built our platform to work on anything — a network switch, a car, a fridge, an app or a mainframe. It is not bound by platform or product — that is a significant differentiation. Our technology takes away the risk of someone stealing PII or PCI, and takes away the risk of all your user accounts being stolen in one hit. The opportunity is huge.