Jean le Bouthillier, founder and CEO of Qohash, discussed his company’s origins and their ambitious plans for the future with Efma’s Boris Plantier.
What led to the creation of Qohash?
Data’s importance in value creation is skyrocketing - IDC predicts a 307% growth in global data volume by 2025. Not only has the sheer volume of data grown exponentially, but financial institutions also struggle to keep track of their sensitive data and manage the ballooning risks it presents. In addition, access management is an ongoing nightmare to manage, and data protection regulations are making life harder. Data volumes and complexity are expected to continue growing exponentially, while IT security budgets are not.
This changing landscape presented an opportunity for Qohash to create an innovative data security platform designed to efficiently manage data-related risks. With expertise in defence and aerospace, cybersecurity, risk management, data protection and product development, the team was energetic about shaking things up and providing innovative products for a hard problem.
For example, one of our customers came to us after one of their employees leaked a substantial amount of sensitive information on the black market. The nefarious employee obtained sensitive data using legitimate means and stored it on company-owned devices prior to leaking it. The problem: our customer had no way to detect this illicit movement and accumulation of sensitive data prior to the breach.
How could this happen? Financial institutions need to continually reconcile opposing needs: 1. The need to make data accessible to their employees and 2. the need to protect it.
The solution: Qohash created the Qostodian platform to find sensitive data, understand who has access to it and provide smart remediation options to customers. The platform leverages modern data security strategies and the latest technological advances to deliver performance, precision, and actionable results for financial institutions. All of this without impeding business processes or limiting access to data.
Could you present Qohash's solutions?
Qohash offers data security solutions to help financial institutions, including banks and insurance companies, protect against data breaches.
Our Qostodian solution is a platform designed to help customers find sensitive data across different sources such as cloud, networked drives, and devices. Then it reports who has access to that data and provides recommendations to enhance security. Our clients use Qostodian to dramatically reduce their risk of a data breach and to comply with regulations. We recently helped a large bank improve its data loss prevention scanning performance by more than 10X and reduce their scan failure rates by 30%.
Qostodian is useful to the CIO/CISO and Chief Risk Officers seeking to reduce the risk of data breaches. Our solution provides the following benefits:
1. Cost efficiency: We provide customers with several modalities to achieve their desired coverage with one solution. We want customers to replace two or more legacy tools and deliver more efficient and unified security across their infrastructure.
2. Performance: We provide enhanced performance allowing financial institutions to scan larger volumes of data more rapidly. We’ve also spent a lot of time perfecting our detection algorithms to minimize false-positives. Higher performance and accuracy encourages broader deployment and coverage.
3. Simplicity: We aim to provide, simple, easy to use, and feature-complete products that amaze customers because of their performance and versatility. We seek to simplify deployments by focusing solely on servicing the needs of financial institutions. We’re not designing one-size-fits-all solutions that strive to work for everyone, everywhere, all the same time. We are very focused.
4. Risk-management insights: We provide simple, easy to understand and actionable insights about data risks to allow customers to act and reduce their risks.
We sell our solutions under a term license model, in which customers acquire subscriptions to our software-based services for a specified term (typically for three years). These subscriptions are invoiced up-front each year of the license term on ordinary payment terms and are non-refundable.
Our subscriptions include cloud-based and on-premises components together forming the software-based services (also known as a "Hybrid-SaaS" model). The licensing model supports hybrid deployments. For example, customers can start with on-premises modules (i.e., during a proof-of-concept) and connect them to the cloud for improved control, analytics, and reporting.
Pricing is based on the size of a customer's workforce (size of the company). The size of the company defines the tier level (and thus the cost per employee) while an allocation prevents excessive use of the solution (i.e. indexing the internet). This predictable pricing ensures that customers know what they will pay with no surprises. There are no unexpected bills because customers are processing more data or covering more systems.
We also offer premium support, which includes a dedicated technical support manager, additional support resources, tuning, and customization to help our customers optimize their deployment and maximize their ROI.
From an architectural standpoint, the solution includes Cloud Security Services and on-premises components (Agent and optional Proxy). The Cloud Security Services exposes a web dashboard that is used to control the solution and for reporting and searching functionalities. The on-premises components are provided to interface with the customer’s data sources.
With its modular design, the solution allows the use of our Cloud Security Services to create automated workflows using discovery, analysis, or security control components which can be positioned as control points in various architectural manners as per customers’ requirements. Lastly, our solution can be integrated with existing DLP or Tokenization tools.
The problem of data breaches is a growing concern that motivates the development of new and innovative approaches. Our mission is to deliver exceptional solutions to protect our customer’s most precious data assets.
There is substantial dissatisfaction amongst financial institutions about existing tools related to their low performance, high price point, complex deployment, and lifecycle management. We address these complaints directly with our innovative solutions. We provide a better alternative with a long-term focus on developing a platform that serves the needs of all types of financial institutions.
- Focused on the financial sector
- 10X+ improvement of scanning performance
- Substantial reduction of scan failure rates
- Sensitive data never leaves the customer’s infrastructure
- Ease of deployment (up and running in minutes not hours)
- Smart remediation options
What's coming next for Qohash?
2020 is an exciting year for Qohash. The company is growing rapidly and will enter the US market, starting with New York, one of the largest financial centers in the world. We also have several shows and conferences planned where we are supported by various government organizations dedicated to helping companies export their solutions. For example, we have accompanied the Canadian delegation at RSA 2020 in San Francisco the week of February 23rd.
Right now, we are in an ideal position to service the US market with a much-needed solution. Many major US cities are right next door and existing offerings have yet to address the problem of data breaches properly, which explains the increase in both their frequency and magnitude. You can expect to hear a lot more from Qohash in 2020, as we expand our operations, win new customers, and perfect our solutions.
We’ve been engaging customers directly and are now beginning to work with channel partners offering cybersecurity services. We seek to enable our channel partners to use our risk assessment tool to provide much-needed data discovery capabilities to their existing customers.