Data’s importance in value creation is skyrocketing - IDC predicts a 307% growth in global data volume by 2025. Not only has the sheer volume of data grown exponentially, but financial institutions also struggle to keep track of their sensitive data and manage the ballooning risks it presents. In addition, access management is an ongoing nightmare to manage, and data protection regulations are making life harder. Data volumes and complexity are expected to continue growing exponentially, while IT security budgets are not.
This changing landscape presented an opportunity for Qohash to create an innovative data security platform designed to efficiently manage data-related risks. With expertise in defence and aerospace, cybersecurity, risk management, data protection and product development, the team was energetic about shaking things up and providing innovative products for a hard problem.
For example, one of our customers came to us after one of their employees leaked a substantial amount of sensitive information on the black market. The nefarious employee obtained sensitive data using legitimate means and stored it on company-owned devices prior to leaking it. The problem: our customer had no way to detect this illicit movement and accumulation of sensitive data prior to the breach.
How could this happen? Financial institutions need to continually reconcile opposing needs; (1) the need to make data accessible to their employees and (2) the need to protect it.
The solution: Qohash created the Qostodian platform to find sensitive data, understand who has access to it and provide smart remediation options to customers. The platform leverages modern data security strategies and the latest technological advances to deliver performance, precision and actionable results for financial institutions. All of this without impeding business processes or limiting access to data
Funding: Qohash closed a seed round of more than $2M and is now preparing for the Series A. The funds from the seed round came from both Canadian and American investors, making Qohash the first Quebec-founded tech startup to receive US funding at such an early stage.
Who is your target demographic?
We target insurance companies and banks that have sensitive customer information under their custody. We’ve been piloting our solution with a large 50,000 employee financial institution and currently target financial firms with as few as 500 employees. Our annual revenue per account is between $50K and $500K, depending on the account size.
We sell to the Chief Information Security Officer (CISO/CIO) and the Chief Risk Officer (CRO), who bear the ultimate responsibility for the security and integrity of their firm’s information networks and data assets. They are the stakeholders who best see the data related risks and can understand the merits of the enhanced performance and flexibility our solutions provide. Given the importance of data breaches for a firm’s reputation, deals will often be backed by the CEO (or even the board of directors), especially in smaller organizations.
We’ve been reaching customers through a founder-led sales approach and are now beginning to work with channel partners offering cybersecurity services. The plan is to enable our channel partners to use our tools to provide entry-level data discovery capabilities to their existing customers - effectively demoing core aspects of our offer. This is done using a “snapshot” model which we call Qostodian RECON.
In Canada, we’ve partnered with MNP, one of the largest full-service chartered accountancy and business advisory firms. A pilot of the snapshot model is scheduled for Q1 2020 with one of its largest enterprise customers.
In the US (New York), we’ve partnered with Friedman Cyzen LLP, a leading accounting, tax and business consulting firm. We’ll also be piloting the RECON product with them.
Both partners offer cybersecurity and data governance services, where the use of our solution is highly attractive. The solution is to be deployed in a pilot at Friedman’s New York office in March 2020. Following a successful pilot, Friedman Cyzen LLP will be in a position to recommend our solutions to their growing list of accounts.
How do you protect yourself from the competition?
Some competitors in North America include Varonis, Netwrix, Spirion, Lepide, Cipherpoint, and Amazon Macie. Yet, the problem of data breaches is a growing concern that motivates the development of new and innovative approaches. Our mission is to deliver exceptional solutions to protect our customer’s most precious data assets.
There is substantial dissatisfaction amongst insurance companies and banks about existing tools related to their low performance, high price point, complex deployment and lifecycle management. We address these complaints directly with our innovative solutions. We provide a better alternative with a long-term focus on developing a platform that serves the needs of all types of financial institutions. We’ve been working directly with early adopters and consulting firms (Friedman, MNP) to pinpoint dissatisfaction and provide a product that meets financial institutions’ requirements.
Our solutions are delivered using a Hybrid-SaaS model that adapts to various environments, use cases and security requirements. Qohash differentiation:
- Focused on the financial sector (both banks and insurance companies)
- 10X+ improvement of scanning performance
- Substantial reduction of scan failure rates
- Sensitive data never leaves the customer’s infrastructure
- Ease of deployment (up and running in minutes not hours)
- Smart remediation options
Through an NRC-IRAP collaboration, we are actively developing a financial valuation module that will help our customers establish the financial value ($) of their data assets. This is the first step towards more accurate risk management, including an understanding of economic impact for data-related risks, representing another differentiating aspect of our approach and platform. This R&D initiative is especially exciting for insurance companies interested in better understanding (and predicting) data-related risks.
From an architectural standpoint, the solution includes a cloud-based Web dashboard and on-premises components. The Web dashboard is used to control the solution and for reporting and searching functionalities. The on-premises components (agent, proxy, ICAP, virtual appliance, cloud, etc.) are provided to interface with the customer’s data sources.
With its modular design, the solution allows the use of our Cloud Security Services (web dashboard) to create automated workflows using discovery, analysis or security control components which can be positioned as control points in various architectural manners: agent, proxy, ICAP, virtual appliance, cloud, etc. Lastly, our solution can be optionally integrated with existing tools such as DLP or Tokenization tools.
What are your next steps for Qohash?
2020 is an exciting year for Qohash. The company is growing rapidly and will enter the US market, starting with New York, one of the largest financial centers in the world. We also have several shows and conferences planned where we are supported by various government organizations dedicated to helping companies export their solutions. For example, we have accompanied the Canadian delegation at RSA 2020 in San Francisco the week of February 23rd.
Right now, we are in an ideal position to service the US market with a much-needed solution. Many major US cities are just next door and existing offerings have yet to address the problem of data breaches properly, which explains the increase in both their frequency and magnitude. You can expect to hear a lot more from Qohash in 2020, as we expand our operations, win new customers and perfect our solutions.
|Jean Le Bouthillier