How the Cybersecurity Factory Will Secure Our Software
About Our Summer Program for Security Startups
From our devices to our cars to our homes, software is coming to run our lives. It is exciting that software can help us remember friends’ birthdays, parallel park our cars, and manage the lights when on when we’re on vacation. The price is that we need to be able to trust systems we can’t even see.
Unfortunately, the recent high-profile attacks on Sony, Target, and more have demonstrated that the systems we currently have are not secure. The problem is only going to get worse: we are going to have more complex software running on even more kinds of data. To continue innovating, we are going to need to solve the problem of security.
People with money are recognizing that security is important. For the past few years, security spending by companies has seen steady yearly growth of over 10 percent and is currently estimated to be about $77 billion dollars in 2015. Venture capital spending in security has increased 74 percent in the last year to about $800 million. Many believe that because larger companies tend to be slower-moving, innovation needs to come from startups.
Where Are the Security Startups?
We don’t often hear about security startups — but not because there is a lack of solutions in this space. In MIT’s Computer Science and Artificial Intelligence Laboratory (CSAIL) alone, there are research projects on computing with encrypted data, replaying logs to discover security companies, tools for automatically finding security vulnerabilities in software, techniques for building provably secure systems, web frameworks designed to be secure by construction, and techniques for analyzing the security of networks.
It is difficult for researchers to commercialize these ideas because security startups face a unique set of challenges. First of all, many security solutions are for enterprise rather than consumers. Finding enterprise clients requires developing a different kind of network than the ones academic researchers already have. Security startups also need to establish trust with their enterprise clients. Not only would they like to know the companies will be around to maintain the software in six months or a year, but they also need to trust that the companies are providing the services they claim to. Another way in which security startups are different is that the products are often difficult to demo. While most people know how to evaluate Tinder for dogs, it is far less obvious how to evaluate security tools based on the absence of bugs rather than the presence of features.
Cybersecurity Factory: A Summer Program for Security Startups
We created the Cybersecurity Factory (@cybersecfactory) to lower the barriers to forming security companies. Cybersecurity Factory is an 8-week summer program that helps academics to launch security startups. We have partnered with Highland Capital to provide teams with a $20,000 investment, office space, and mentoring. The goal is to provide a space for companies. By providing this space, we also hope to encourage more researchers to think about commercializing their security research. By the end of the summer, teams should be prepared to raise a seed round.
So far, the response has been immensely positive. Security researchers have said that our existence has encouraged them to think harder about commercializing their products. Successful security entrepreneurs and senior security people in industry have reached out to us to mentor companies, citing the challenges they faced in this space as a motivation. Our mentors include leading academics in security research, as well as veteran security experts including OKCupid founder Maxwell Krohn and executives at companies including Box, Imprivata, Akamai, vArmour, and Qualys. Our more public recognition includes articles in BostInno and The Boston Globe. We also received a citation from the Cambridge City Council.
Summer 2015 Companies
This summer, we are running the pilot program for Cybersecurity Factory. Because we are still experimenting and confirming hypotheses about the security space, we wanted to take a small number of teams and work closely to tailor the program their needs. Programming includes legal and technical workshops, as well as talks by our mentors and other veterans in the security industry. In addition to scheduled activities, teams will also work with their academic and industry mentors.
We are excited to announce our first batch of companies. While both teams were interested in commercialization before joining, their acceptance into the program kick-started the formation of the actual companies.
Aikicrypt. Aikicrypt is developing a new solution for outsourcing individual and corporate data securely to the cloud. They are using strong encryption algorithms to guarantee that customers’ data remains secure even if the cloud servers are compromised. Their solution is unique because it is easy to integrate into existing systems, and customers can continue enjoying availability, convenience and efficiency of their cloud services. To deliver it, Sergey Gorbunov, who recently defended PhD at MIT in design of encryption tools for the cloud, is partnering with his colleague Alexey Gribov from Moscow State University, who also works on new encryption tools.
Oblivilock. When you send or receive data to cloud storage providers, you reveal not only your data but also metadata. Oblivilock provides the first, complete security solution to this problem: when you store data on the cloud, strong cryptographic techniques will protect both your data and metadata. Behind Oblivilock are Chris Fletcher and Ling Ren, both graduate students at MIT. For their graduate careers they have done work ranging from hardware to software to theory in bringing powerful cryptographic tools to practice.
What’s Next
Our program officially started this past Monday (June 22) and runs through August 14. We are excited to spend a summer exploring the possibilities in this space with our teams. You can look forward to more posts from us about the evolution of our teams’ products, as well as the evolution of our understanding of the security startup space!
