Cutting-edge Cryptography & Data Protection Solutions at your Fingertips.
Tell Us About the Business, How Did it Come About?
We founded Cossack Labs in 2014 in London, UK, to solve a number of challenging data security and privacy issues that modern innovative products face. We offer customers open-source and proprietary software, bespoke solutions based on it—all aimed at making modern data security an integral part of software that is eating the world so quickly.
We all came from very different backgrounds with similar experiences—data security tooling is clunky, easy to misuse, and very hard to build sophisticated data flow protection measures on. On the other side, speeding up digital transformation, growing compliance pressure, emergence of public cloud, disappearance of “trusted network perimeter”, growth in sophistication of cybersecurity threats requires application developers to protect more data with more serious measures.
Since inception, we’ve focused on balancing R&D (in the form of research and publication of novel security techniques, participation in security community standards, and collaborations with organisations with exciting novel classes of security risks that can be alleviated through cryptography and security engineering) and practical adoption (in the form of proprietary software and bespoke solutions that rely on results of our research).
As a result, our software components protect sensitive data in tens of millions of users’ devices, enable transaction privacy in well-known cryptocurrencies, provide security and transparency in adtech networks, critical national infrastructure, payment processors and financial institutions.
In short, we’re here to empower developers to easily build secure applications that treat sensitive data responsibly.
What Have You Learnt So Far?
Security is a fast-moving train: threats are changing, techniques are being proven ineffective, and things you rely on yesterday become security concerns today. It is and will remain an ongoing agenda point for a growing number of organisations—there is no “I’ve got security done” point, due to dynamic competition between attackers and defenders.
Good security exists to mitigate real business risks in real-world circumstances—and often exciting novel technologies just don’t fit with all functional and non-functional requirements. This is a humbling experience—with all the best intentions of building an “ultimate protection layer”, you spend way more time balancing the trade-offs to requirements that make security feasible in the first place.
What Challenges Have You Overcome? How Have You Responded During Covid?
Gathering strongly experienced security auditors, academic cryptographers, software and security engineers in one team inspired by the common mission was a really huge challenge.
Though building the right team and hiring the right type of people is very hard, it’s even harder when you’re looking to combine unique in-depth skills in one company. And data security requires a very specific knowledge set: understanding cryptography, crypto attack and defences, building crypto-based systems, etc. We’ve gathered a brilliant engineering force, and we’re still growing.
As for Covid, it exacerbated security gaps in many companies and accelerated lots of processes. Since we work for our customers to be on the safe side under changing circumstances, we had to meet their new realities as quickly as possible. We supported their growing desire to deliver better and faster, with security protocols and policies being completely overhauled by remote work.
COVID restrictions changed the way we share our research too: in pre-COVID times, we spoke at conferences a lot, giving talks, workshops, and educational events. Regardless of how much we miss sharing a pint with colleagues at proper industry events, online-first has enabled more interesting conversations, more people, more events. And it freed up time to bring back even more to the community—we’ve started our applied crypto R&D internship program completely online and got both great results and demand for a new round.
What are Your Plans for Growth?
We gathered a large body of applied research and evidence from our customers, and we’re turning it into open-source and proprietary tools. We aspire to provide all necessary building blocks of sensitive data protection in cloud apps and enable modern efficient data security and cryptography. Fairly soon we’re revealing a number of new tools—both open-source and proprietary ones—based on continuous R&D with some of our early adopters.
Also, we will continue supporting applied research on secure search and private information retrieval, as well as transparency systems, zero-knowledge proofs, and application security around data security—by contributing to standards, speaking at big conferences and various events, etc.