Story image

Interview: Haventec explains security through decentralisation

16 Nov 2017

Robert Morrish joined cybersecurity startup Haventec as CEO in 2016 from Macquarie Group, where, as head of Digital Architecture and Strategy, he was instrumental in transforming its digital API platforms. Throughout his career he has always focused on solving massive challenges that affect millions of people, though he credits an incident in his childhood for teaching him a valuable lesson about resilience:

“I was hit by a bus when I was young. After three weeks of hell, I was presented with a choice — continue to try and save my foot, or amputate. My decision to amputate became one of the most empowering decisions I ever made. It inspired me to always prove to myself that I could do anything. I learned how to identify goals and break down the steps I needed to take. Since then, I have been a Paralympian, travelled the world and helped build two technology firms. My job now is to turn the game-changing technology developed at Haventec into a global commercial success.”

Haventec was founded in 2015 with the aim of revolutionising cybersecurity by restoring privacy to interactions between individuals and organisations. It offers two technology platforms — Authenticate and Sanctum — that decentralise data and user authentication storage to make core system hacks impossible.

Robin Block sat down with Robert to discuss the impact of this technology.

What differentiates your technology offering and why does it matter?  

Robert: Our goal is to give organisations a more trustworthy way to manage sensitive and critical data, while also allowing them to deliver a slick, frictionless customer experience.

The problem with traditional data security is that key stores are often on the very networks they are protecting, and the perimeters of networks have all but disappeared with BYOD, cloud applications and SaaS solutions. So when hackers target an organisation they have plenty of ways of getting in — and they are highly focused, funded and motivated to do that, because as soon as they get to the key store they can unlock and steal even more valuable data quickly and easily.

The necessary question is: how do we store data in a way that is actually safe? Encryption is the common answer, but it is insufficient. Computing capabilities are advancing to the point that most current encryption will be rendered useless within a few years. Right now people are stealing encrypted data knowing they won’t have to wait long for a way to break into it.  

Haventec aims to futureproof organisations against the threats of hackers using quantum computing. We had independent testing done by David Hook, who wrote cryptography for Android, and his first report said our identity management product Authenticate was built on quantum resistant attack architecture — which we knew, but it was great to hear in an independent review.

We don’t use central key stores. Our products encrypt data, deconstruct the data, and then distribute it into multiple locations — meaning a hacker has to approach multiple locations simultaneously within a very limited timeframe to launch an attack before we change everything around.

Our Sanctum product decentralises sensitive information such as PCI, so whenever you unlock a crypto vault on Sanctum, we actually destroy the old vault, create a new one and then deconstruct it.

For our Authenticate product, we decentralise user identity into three parts. The hacker has to come after our server, your device and the secret that is in your head. That last piece of information is never stored or transmitted in its raw form, and changes every time you interact with us. We have basically made it really expensive and really hard — if not impossible — to go after one account, let alone millions, and we have made it completely impossible to have a central network breach. Losing a million accounts in one go won't happen with our system.

What are the main verticals you are looking at as expansion opportunities?

Robert: We began the commercialisation phase of the company in February of this year — prior we had been building and perfecting our technology. Our intent has been to talk to everyone and see which sectors, verticals and industries spark the most traction, and so far the three most significant areas are financial services, IT and real estate. Real estate was the surprise, but, in both the commercial and residential space, there is a huge opportunity with the advent of IoT and smart buildings.

We have two delivery models. One is a cloud-managed SaaS solution and the other is on-premise. However, with the latter, we literally deploy our cloud platform on-premise and integrate it into the organisation with a multi-tenant platform, which allows us to use one code base. The next move is to finish the process of getting PCI compliance for our cloud service, so we can launch Sanctum into the payment space and eliminate credit card tokenisation stores.

How are you building the business — what is the future for Haventec?

Robert:  We’ve signed our first Australian contract with banking and financial services company Cuscal, which will see it roll out a new app on Haventec Authenticate. We are in the process of signing a deal to licence both Authenticate and Sanctum to a property transactions firm, and our focus over the next 12-18 months is to prove our product stories in Australia, Singapore and America: we have real products that solve real problems.

Our platform is a ubiquitous replacement for usernames, passwords, and two-factor/one-time password codes. We give you one simple experience that doesn’t require a mobile device. We built our platform to work on anything — a network switch, a car, a fridge, an app or a mainframe. It is not bound by platform or product — that is a significant differentiation. Our technology takes away the risk of someone stealing PII or PCI, and takes away the risk of all your user accounts being stolen in one hit. The opportunity is huge.   

Article by Robin Block.

Why 'right to repair' legislation could be a new lease on life for broken devices
“These companies are profiting at the expense of our environment and our pocketbooks as we become a throw-away society that discards over 6 million tonnes of electronics every year.”
Attacks targeting Cisco Webex extension explode in popularity - WatchGuard
WatchGuard's Internet Security Report for Q4 2018 also finds growing use of a new sextortion phishing malware customised to individual victims.
SAS partners with NVIDIA on deep learning and computer vision
“By partnering with NVIDIA, we combine our strengths to augment human intelligence and realise the true potential of AI.” 
Why businesses must embrace automation to ensure success
“For many younger workers, the traditional view of a steady job at one company, perhaps for life, simply doesn’t reflect reality."
Dropbox invests in hosting data inside Australia
Global collaboration platform Dropbox has announced it will now host Australian customer files onshore to support its growing base in the country.
TYAN unveils new inference-optimised GPU platforms with NVIDIA T4 accelerators
“TYAN servers with NVIDIA T4 GPUs are designed to excel at all accelerated workloads, including machine learning, deep learning, and virtual desktops.”
Worldwide spending on security to reach $103.1bil in 2019 - IDC
Managed security services will be the largest technology category in 2019.
How Cognata and NVIDIA enable autonomous vehicle simulation
“Cognata and NVIDIA are creating a robust solution that will efficiently and safely accelerate autonomous vehicles’ market entry."