Safety Detectives’ Aviva Zacks had a chat with Elmar Eperiesi-Beck, CEO and Founder of eperi. She found out that his company’s product Gateway pseudonymizes and anonymizes data, and what that means for companies.
Safety Detective: How did you start in cybersecurity?
Elmar Eperiesi-Beck: In the 90s, before the internet was mainstream, I was part of Chaos Computer Club e.V., a hacker group that worked at that time via the FidoNet. It was the first time that hackers came together to discuss issues on a global basis. There, we took a closer look at credit cards and bank cards and the codes on their magnetic strips. As we had a large number of magnetic strips, we were able to analyze this meaningful sample.
It turned out that the PIN code was kind of obfuscated a little bit, but not really encrypted or secured. As soon as we found the correct algorithm, it was very easy for us to disclose the respective PIN codes from the code on the magnetic stripe. Our demonstration to the banks resulted in a revolution of the banks’ security systems for PIN codes. That was the beginning of my IT-security career.
SD: What was next on your journey and what motivated you to start eperi?
EEB: I worked at IBM as a “principal” where I successfully managed global IT-projects. Afterward, I built up a start-up in the banking sector together with a German bank. There we had very big transaction volumes that were transferred unsecured over the wire. Everyone was doing business via the internet, so-called “e-business,” but without the proper security. There, I started wondering why an administrator needed to have access to critical data. There is no technical need, but all administrators all over the world had access to sensitive data. At that point, I had the idea of building a trustworthy open-source solution that supports people to stay in control of their personal data and that can be reviewed by everybody.
Five years ago, this system came alive with the founding of eperi. We built a great product called “eperi Gateway,” where the security of data and especially a data-centric security system is the focus. We think that no one can prevent data from getting stolen, but the eperi Gateway, our software solution, can prevent someone from using the stolen data. As it is encrypted and tokenized.
This is the paradigm shift that we were aiming for because we believe that the standard security of an IT system is not enough. Securing an IT system with firewalls and antivirus solutions—that is just a part of the puzzle. As data travels, you have to ensure, that critical data is secured not only at rest but also in use and in transit. With encryption, you are able to ensure, that you stay in control of your data – at any time.
SD: What is eperi’s flagship product?
EEB: We only have one product, the eperi Gateway. It’s a solution that pseudonymizes and anonymizes data, so technically speaking, it’s about encryption and tokenization of data. It’s a proxy that is transparent in the data stream, which means you don’t have to install anything on the client side or on the server side. It works for databases, applications, and file storage, which means data is encrypted prior to being sent to the cloud.
The beauty of our product is our patented template solution. It allows the definition of what to secure and how to secure it outside the source code. These templates can be built by eperi, but also by partners and by the customers themselves. Our product is the only one in the world that has that broad support for all applications like SAP SuccessFactors, ServiceNow, and Salesforce and Office 365—now Microsoft 365. By the way, eperi is the only company in the world that is able to secure Microsoft 365 mail and calendar entries. We have recently released our enhanced product for Teams, which will add new features to the standard OneDrive and SharePoint integration (e.g. real-time encryption of chat messages).
SD: What industries use your solution? It sounds like everybody could use it.
EEB: We are indeed industry agnostic. Having said that, there are three main areas that are heavily regulated—public sector, banking, and health care.
Deutsche Bank uses our solution worldwide for securing their customized Salesforce environment. Because the regulator in Singapore has a different understanding than the regulator in Switzerland and the regulator in Luxembourg. They have a totally different understanding as to what pseudonymization of data means.
Deutsche Telekom—Germany’s biggest telco provider—uses our solution when they outsource, or data leaves their control and is sent to the cloud.
UBS uses the eperi Gateway for generating compliant test data, Lufthansa for their medical data, and BYD uses it for IoT. BYD received the approval from the regulator for an electric car to be allowed to drive in Europe simply because all data flowing to the Chinese cloud are completely anonymized. They collect tons of critical data and send them to China like who is driving, how fast is he/she driving, what the speed limit is, etc. Due to regulatory requirements like GDPR, this data needs to be properly secured.
Worldwide more than 16 million users use our product—most of them without knowing it.
SD: What do you feel is the worst cyberthreat today?
EEB: Data is being stolen, and people do not even realize it. Especially during COVID-19, people have started using cloud services and are putting critical data into the cloud, but they are forgetting about regulatory and compliance issues. We will soon see that Privacy Shield will be struck down by the EU-Court and other legal gray zones will disappear, too. There will be a shift in thinking about the security of the data—especially in cross border data transfers.
If a company processes personally identifiable information (PII) data, then they are responsible for these data, and the management has the legal obligation to take care of it. This responsibility cannot be outsourced to the cloud provider and the management is liable with their personal assets in case of data breaches.
SD: How do you feel that the COVID-19 pandemic is going to change cybersecurity?
EEB: I think that home office and digitalization are the key trends. There are three steps that companies are taking:
- At the beginning of the crisis, companies started to react quickly and respond, which meant going to the cloud, and doing just what they needed to keep up with their existing business.
- Then the next step is that companies started to recover and to think about security. They started rethinking their security posture and what security means for them. Cloud, working from home, and digitalization are the new, post-COVID normal.
- As a third step, we see that a lot of companies start to renew their digital infrastructure, which is important for their existence as a company, and security is a very important process of this modernization.
Eperi has seen a tremendous increase in demand for our product for securing data because no one can prevent data from getting stolen, but proper encryption can prevent someone from being able to use the stolen data.