Who are the founders of Profian?
Profian was co-founded by Mike Bursell, former Chief Security Architect at Red Hat, and Nathaniel McCallum, former Virtualization Security Architect at Red Hat.
Who has invested in Profian?
Profian’s seed round raised $US5m. The round was led by Project A and Illuminate Financial, and included angel investors: Olivier Pomel, Chief Executive Officer of Datadog; Tyler McMullen, Chief Technology Officer of Fastly; Till Schneidereit, Chairman of Bytecode Alliance; and Sarah Novotny, Board Member of the Linux Foundation.
What is Profian?
Profian is a security company, providing products and services in the Confidential Computing space. Profian is committed to open source software, and is based on the Enarx project.
Where is Profian based?
A remote-first company with co-founders based in the UK and the US, Profian has other employees in Germany, Brazil, the Netherlands and South Africa.
What is Confidential Computing?
Confidential Computing is the protection of data in use by performing computation in a hardware-based Trusted Execution Environment (TEE). This is the definition from the Confidential Computing Consortium, of which Profian is a member. TEE implementations are available from Intel (SGX) and AMD (SEV), and both Arm and IBM have announced product plans.
TEEs allow applications to run on the untrusted cloud: in other words, workloads are protected even from malicious or compromised hosts in the public Cloud, on the Edge or on-premises. Profian will simplify deployment of applications on TEEs, maintaining the highest security postures whilst allowing cross-platform, hybrid cloud solutions with minimum effort to organisations.
Why is open source so important for Confidential Computing?
Confidential Computing protects organisations’ most valuable software and data assets from compromise and leakage, and central to its approach is a reducing the risk to those organisations by limiting the number of components and companies that need to be trusted. Open source software is key to this, allowing anybody to evaluate and review the infrastructure which protects organisations’ “crown jewels”. Enarx, on which Profian’s products and services are based, is open source (under the Apache 2.0), as explained in Mike’s blog post Why Enarx is open.
Does Profian own the Enarx project?
No - Enarx is a Linux Foundation project, under the Confidential Computing Consortium. Profian will act as a custodian of the Enarx project, encouraging broad industry contribution and facilitating collaboration with other projects.
How is Profian different from existing solutions?
Profian will provide products and services to deploy cloud-native applications in line with established workflows, using existing languages and development tools. Profian believes that customers should not need to change the languages, programming approaches or deployment pipelines in order to benefit from Confidential Computing.
Profian also believes that the greatest transparency leads to the greatest security, and for that reason, is committed to providing completely open source solutions.
What sectors need Confidential Computing?
Almost all sectors have data or applications which are sensitive, whether those are customer information, financial transactions, healthcare or pharmaceutical research or lower level data such as cryptographic keys, logging and auditing records or network configurations - and many sectors operate within specific regulatory regimes such as GDPR, CCPA or HIPAA. Profian will provide products and services applicable across sectors, but will initially focus on the financial services sector, where there is a well-defined set of use cases and a strong appetite for solutions which meet the strong confidentiality and integrity requirements applicable to enterprises in this space.
Where can I find out more about Profian?
Please visit https://profian.com or email firstname.lastname@example.org for more information.
Mike is co-founder and CEO of Profian and is based near Cambridge, in the UK. Mike moved into security in the late 1990s after roles in distributed systems and web development, and has held architecture and product management roles in the space ever since. He has worked at a number of companies, including Citrix, Intel and Red Hat, where he was Chief Security Architect in the Office of the CTO. While at Red Hat, he co-founded the Enarx project with Nathaniel McCallum, and they left to found Profian in mid-2021.
Mike studied English Literature and Theology at King’s College, Cambridge, graduating in 1994. He subsequently received an MBA from the Open University in 2001. He has written a book, due to be published by Wiley shortly: Trust in Computer Systems and the Cloud. Mike is a passionate open source advocate and a contributor and Correspondent at Opensource.com. He speaks globally at conferences and maintains the security-leaning blog Alice, Eve and Bob at https://aliceevebob.com.
Mike’s other activities include volunteering as a Community First Responder for the East of England Ambulance Service, serving as a school governor, spending time with his family and pets, drinking single malt whisky, gaming, reading sci-fi and wondering where all the hours in the day went.
Nathaniel is co-founder and CTO of Profian and is based in Raleigh, NC, USA. Nathaniel has been engineering systems at scale for more than fifteen years, with an emphasis on cryptography and security for the last ten. Before co-founding Profian he was the Virtualization Security Architect for Red Hat where he led Red Hat’s Confidential Computing strategy. Nathaniel has worked at other companies such as IBM and Cypress Semiconductor and has been an early employee in numerous startups, including Zenoss and Canonical.
Nathaniel studied Theology, Philosophy and Music Composition at Indiana Wesleyan University and graduated in 2002. He is an advocate for Open Source and a regular speaker on security topics at leading security and open source conferences such as the RSA Conference, Red Hat Summit, and DevConf. After co-founding the Enarx project, Nathaniel established himself as a leading technical voice in the Confidential Computing ecosystem. Before that he contributed to numerous security projects including MIT Kerberos, FreeIPA, FreeOTP, and Red Hat’s Network Bound Disk Encryption. He is also one of the inventors of the McCallum-Relyea cryptographic key exchange.
Nathaniel loves international travel. He goes out of his way to record local music traditions and experience provincial cuisines. But most weekends you can find him spending time with his wife and five children who love camping, playing board games and watching science fiction.
Do you agree that, if Confidential Computing were in place, the ability for your engineering teams to innovate would increase dramatically? Yes: 91%, No 9%.
Another approach to shoring up cybersecurity, particularly when addressing communications and data privacy, is confidential computing. The idea of confidential computing is to encrypt the entire computing process, not just the data, creating additional layers of security around sensitive information. Google, Microsoft, IBM, Alibaba, and VMware are helping develop new protocols and best practices by way of the Confidential Computing Consortium. The tech is still in a state of relative infancy, but we should begin to see confidential computing slide into the mainstream in 2021.
Imagine being able to collaborate on genomic research in the cloud across geographies, across competitors, all while preserving privacy of confidential health records. Imagine being able to more quickly design or discover vaccines and to cure diseases as a result of secure collaboration. The possibilities are endless. Transformational technologies will truly solve problems that will make our lives better.
“Even for the most reluctant organizations, there are now techniques such as confidential computing that can address lingering concerns,” says Steve Riley, Senior Director Analyst, Gartner. “You can stop worrying about whether you can trust your cloud provider.”, Senior Director Analyst, Gartner. “You can stop worrying about whether you can trust your cloud provider.”