What's your background, and what are you working on?
My name is Stephen Cavey and together with my co-founder, Peter Duthie, we conceived Ground Labs in 2007 with a concept of developing a pure-play security software company that helps organizations find all the personal data they handle and store. The motivation for this concept came about after we had been discussing the largely unacknowledged problem of insecure credit card data storage within the Payment Card Industry (PCI). Due to our deeply rooted backgrounds as technologists and experience in security (including antivirus in Peter’s case), and Electronic Payments in my case, we wanted our core strength to be on our engineering capabilities coupled with our domain knowledge in payment security because we knew that we could create something far more powerful and useful than what was on the market.
Fast forward 10 years, our achievements have come from our two biggest assets; our core technology that was designed from the ground up to find any kind of data in a high performance, multi-platform manner and our global team that has helped us evolve our capabilities over time. Without these two key factors, we would not have the global market presence we possess today.
Our fascination continued to grow with what we believed was an incredibly obvious problem yet largely ignored or denied by companies who collected customer payment and personal data.
Around the same time we started seeing far larger data breaches happen, including a large US payment processor who in 2008 suffered a data loss of more than 100 million credit cards. As data volumes increased so did the potential risk, and in the years that followed, it became a normal occurrence to see large-scale data breaches reported in the media involving almost any form of personal data and from every industry.
This lead to both industry groups and government evolving data privacy regulations and compliance standards to bring about a new focus on not just securing a companies infrastructure from intrusion, but to equally focus on the underlying data requiring protection which from our standpoint, represented excellent timing in where our product had evolved to as it expanded beyond PCI DSS to incorporate controls for HIPAA, GDPR, and more recently the CCPA and NYDFS requirements that take an equally strong stance on knowing the data being stored so it can be secured.
As we scoured the market for a solution to help organizations manage the growing volume of data, we did not see anything that met our standards from a technical background. We also saw a huge need for organizations that faced the challenge of evolving compliance regulations. While a company might be compliant in one region of the world, it might be at risk in another.
No solution came close to helping companies mitigate the risk of data exposure as well as achieving compliance; until Ground Labs, no solution worked to discover all of an organization’s data. Existing platforms only enabled organizations to manage data they knew about, but this left a problem of the data residing in the unknown.
Just recently, we announced the establishment of our North American headquarters in Austin, Texas. Ground Labs has grown exponentially over the last few years and North America presented itself as a key market for us to continue expansion on a global scale. For the immediate future, we’ll be very focused on growing our channel and partner program in the North American region. We’re also very focused on expanding our team here, helping to support our continued growth overall.
What motivated you to get started with your company?
Data continues to grow exponentially — in places both familiar and unfamiliar. This is why we felt it was time for organizations to be able to take control by discovering, securing and remediating their most sensitive data — across multiple types and locations, both on-premise and in the cloud.
One thing we are very clear about at Ground Labs is that fear cannot drive an organization's security outlook. In order to stay one step ahead of cybercriminals, businesses need a more proactive, holistic approach to data protection. Only with a full view of all data can organizations take the appropriate actions to safeguard and remediate this information, subsiding fears of the digital unknown.
Simultaneously, compliance regulations are perpetually evolving — at local and global levels. Whether it’s GDPR or the CCPA, organizations need to be extremely vigilant of the “unknown” to remain fully compliant, without any guesswork. With breaches making regular headlines and organizations’ reputations on the line, businesses need more than Data Loss Prevention (DLP) tools to remain compliant and secure; they need to understand, uncover and protect their most sensitive data.
What went into building the initial product?
Our first product, Card Recon, is outwardly a seemingly simple application - a stand-alone tool that scans a computer system for PCI-related data. The reality is that in order to do this to a degree such that the results are robust in the face of an audit, there is a lot more work involved than simply running a regular expression across the filesystem looking for payment cards. We decided to apply the same principles of thoroughness and accuracy, where false positive results are to be minimized, and false negatives are unacceptable.
The design processes for the product involved reusing established working design patterns from the anti-virus world. We implemented a core data processing engine with a pipeline broken into three stages - data acquisition, data parsing, and pattern matching. This data pipeline was designed from the ground up as a stream oriented system, allowing large quantities of complex data to be read, decoded, and scanned without requiring corresponding resources on the host system.
One of our key goals was to be able to run seamlessly on any target platform with zero system dependencies, as we could foresee this application being used in environments where system changes may be disallowed, thus ruling out platforms like as .NET or Java.
The choice was made to develop our core engine under C++, as this enabled us to develop high performance platform independent software, producing dependency free native applications for all of our supported target systems.
How have you attracted users and grown your company?
The biggest differentiator for Ground Labs has been our position as a legacy provider. We’ve been in the data discovery space for over 10 years. There is no other solution on the market that has the experience we do in data discovery. While many solutions guarantee that they will secure your data and enable you to achieve compliance, we have found with our solution that these technologies only scrape the surface when it comes to actually identifying all sensitive data within an organization.
With our professional networks, we were able to self fund the company, remaining privately funded to this day. This allows us to have complete control over the direction of the company, our culture and how we continue to grow.
Now that we are operating in major markets like the EU, APAC and NA, our business model has evolved from direct sales to channel, aiming to grow it by over 40 percent. The channel is such an effective way to partner with other leading technologies while reaching a much wider breadth of potential business. Leveraging evolving compliance regulations as a fuel for growth, we’ve been able to successfully penetrate some of the world’s biggest brands in all regions and markets.
What are your goals for the future?
We’re very excited about the future of Ground Labs as we look to become the data discovery solution of choice for enterprises world-wide. A huge focus for us is to establish and normalize the term “data discovery”, helping to close the gap between traditional DLP solutions and other compliance centric technologies for companies looking to stay one step ahead. As we continue to pave the way in the industry, partnering with today’s most respected technology partners will be a main goal for us. In doing so, we’ll be able to continue scaling the market, growing in tandem with the rapid growth rate of data within organizations.
What are the biggest challenges you've faced and obstacles you've overcome? If you had to start over, what would you do differently?
Data experts of all levels and roles are very aware of DLP technologies and the benefits they provide. But there is a knowledge gap in the fact that most don’t understand or are reluctant to face the reality about how much PII data they have and where it all lives. It’s easy to go to sleep at night feeling like your job is done if your DLP solution is confirming that all known data is secure -- but what about the unknown data?
Our biggest challenge has been educating the industry on what data discovery is and the fact that compliance is not a one time item on your checklist. Achieving compliance is a never ending journey in today’s dynamic consumer data landscape. As consumers demand more privacy, compliance regulations continue to evolve, generally becoming stricter.
We are not saying that DLP technologies are outdated or wrong. In fact, when paired with data discovery, the duo actually works extremely well together. It’s getting experts to this point of realization that has often been an obstacle for our growth.
What's your advice for entrepreneurs who are just starting out?
Follow what makes you passionate. Find a problem or issue that you can identify with and drives you to want to make the world a better place. You don’t have to save lives to make a difference in the world. As our world continues to digitize, new opportunities arise every day and we challenge young and seasoned entrepreneurs to think about where they can make a difference.
Where can we go to learn more?
To learn more about Ground Labs, we encourage you to visit our website and social channels. If you have questions, drop us a line in the comment section below.
Website: https://www.groundlabs.com/
Twitter: https://twitter.com/groundlabs