Protect It. Share It. Control It: An Introduction to Virtru Collaborate

Full Transcript

Brett McCrae
So welcome, everyone, and thank you for joining us today.
My name is Brett McCrae. I'm the VP of customer success at Virtru, and I'll be your host for the next forty five minutes or so. Today, we're gonna cover a lot of ground, on our new collaborate product.
We're very excited for you all to see that. And by the end of this session, you're going to walk away with a clearer picture of of both why the way most organizations share sensitive files today is fundamentally broken and what our better approach looks like in practice.
Virtru new TDF driven approach that we're introducing into the file sharing space is fundamentally different from what exists in the market today, and throughout this session, you're going to learn why. Here's the reality we're all navigating.
Organizations today have to share sensitive data to get things done with partners, customers, contractors, regulators, vendors, you name it. Million different places that data needs to go in order to achieve the most business or mission value, that it has in it, and that's not going away.
Problem is most of the tools that people use to do that weren't built with compliance or control in mind, The consequences of that gap are becoming harder and harder to ignore. Today, we're gonna dig into that problem honestly and introduce something that we've built specifically to solve it that may initially look familiar to you, but architecturally and in practice is like something you've never seen before.
To do that, I've brought two people who know this space from very different but very complementary angles, and I'll go ahead and introduce them now. I'll start with Cole Grolmus.
Cole is the founder of Strategy of Security, one of the most widely read independent publications covering the business and strategy of cybersecurity. He writes for practitioners and leaders who want rigorous, unsponsored analysis.
And he's here today not as a Virtru partner, but as someone who spends his career studying exactly the problem that we're going to be talking about. I'm also joined by Mike Morper.
Mike is the senior vice president for product marketing here at Virtru, and has been at the center of how we think about and how we've been building Collaborate, including why we built it and the problems that it solves. So before we kick off the conversation, I'll just frame the stakes a little bit before turning it over to Cole.
As I said at the beginning of the intro, organizations today have to share sensitive data to operate. Again, with a variety of different partners, customers, regulators, vendors, you name it.
The list goes on and on. The question is, can you do that without losing control?
And, again, we're gonna show you the product here coming up in a little bit, but first, I'd like to start with that framing. So, Cole, let's just take a step back, level set everybody here with what you're seeing across the world of of security, the problems that I highlighted, and just what you're seeing in industry.
Give us kind of a perspective to start this with today.

Cole Grolmus
Yeah. Thanks, Brett.
And first, I I just wanna kinda quickly ground my perspective here too. So, what I spend my time doing nowadays is is what Brett mentioned, you know, strategy security strategy of security, covering the cybersecurity industry broadly and, you know, as with companies and developing trends, etcetera.
What I did before that kind of at the start of my career, you know, now almost twenty years ago, was I worked at PwC in both the, audit and the advisory practice. So this is going all the way from, like, relatively early days of Sarbanes Oxley and and some of the the foundations of the compliance, the the different types of compliance requirements that we have today.
And then kind of moving over into the advisory side, which was both consulting and advising with Fortune 500 companies on, meeting those requirements as well as implementing technologies around them. So all this is to say, I've I've kind of grown up with a lot of these different requirements from a compliance and regulation standpoint that we're seeing today.
And I feel like that's given me a relatively good view in, like, watching how things have matured and grown, but also, like, based on what I do now, a a pretty a pretty good view into what's what I think is going to happen in the future. So the first point is about enterprise security and and it formally being perimeter centric.
Like, we're all kind of used to the the perimeter based firewall based architectures of the past. Like, that was that was certainly what things were like when I when I started and what a lot of my clients were were built around.
For a lot of reasons that changed. Right?
And I think it I think it changed in layers. I I think it's a little over exaggerated to say that the perimeter has completely disappeared.
I think what's happening is it's kind of going away in different stages and evolving both in terms of how we collaborate with external parties as well as what things look like internally. Like, firewalls are still gonna be there when all of us are are done working too.
I'm pretty confident about that, and there are pretty large hardware firewall hardware and software firewall businesses that exist today. But what what is clearly already going away is, like, the idea of a VPN centric.
I am either outside of a network or I am inside of a network type of an architecture. Like, of course, VPN still exists too, but, you know, things like the the pandemic and changing the way that we work, the rise of mobile, the change of business in general around how we're collaborating with external partners has has really, like, evolved network architecture in a way that is both more open at the perimeter and also kind of tighter within, you know, within the boundaries of an organization.
I would say along along with that, I've seen the regulatory environment change too. Like, early on, a lot of the requirements were very internal centric and perimeter centric.
Like, they were kind of designed and imposed for one government organization or one, you know, one private company and in the context of, like, its own employees. Like, that was the workforce.
And as our business changed and we started working and relying with a lot more third parties, the compliance requirements changed with them. Like, now we we we have, regulations like Glibba that are a little bit more focused on what it what it actually means to interact with third parties.
And so in some ways, I think that's good. I think and in some ways, I think that's bad.
We'll get into that a little bit more. But all this is to say is we're kinda moving away from these, like, very, you know, rigid siloed regulations to ones that are more purpose built for collaboration.
I think one of the the themes within that, though, or one of the implications of there not being a perimeter is that this you can't anchor your security model around that. Like, you you of course, you still should.
I mean, there are layers of controls. You still should have firewalls.
You still should have network based controls. You still should have identity and access control, you know, etcetera.
But I think, like, ultimately, what you can trace that through to is that you have to have controls around data now. Like like, data is a standalone object that is ultimately, like, what attacker attackers and adversaries are after a lot of the time.
And if you, you know, really interpret the intent of a lot of regulation, like, it is regulating data, not not what surrounds the data. Right?
So us securing applications or file shares or whatever is kind of just a historical artifact of of how we implemented controls before, but really only it's about protecting data. One kind of forward looking aside on this too, like, we moved from firewalls and, you know, very internal centric collaboration to a bit more, you know, open inter interactive like SASE or SSE based integration.
I think that what's coming, you know, probably later in some very highly regulated industries, but what is definitely coming is a completely new set of third parties. Like, I think that agents, and and AI tools in general or or maybe even more broadly, like, programmatic access and interactions to, the data that we have and are are going to become a lot more common.
Like, we're we're moving way beyond LLMs just being able to, you know, read and repeat information to agents actually being able to take action upon them. And so, I think, you know, that's going to be, like, a whole other set of things that we're gonna have to deal with probably sooner than we think in terms of, like, what it even means to be a third party interacting with data.
I think what that means for the tools that we have is that not only do we need to build and have tools that are meant for humans, we also need, like, the technical underpinnings to be able to program you know, continue to securely and programmatically access, and work with that data, you know, through either traditional means like like ETL pipelines or through, you know, nondeterministic, identic means. That's what's really changing.
I think what all this means for the collaboration tools that are out there already, like, of of course, it makes sense to use things like Google Workspace, Box, SharePoint, Slack. You know, I I I still, to this day, use many of those things.
But I think you have to acknowledge the limitations of them, which is that they are primarily and first and foremost meant for internal use. So they're meant for sharing and interacting within your organization.
They have, over time, developed fairly good capabilities for allowing third party access to, you know, third parties to collaborate. Like, I have shared Slack channels with with many of my clients today.
But what they still kinda, like, don't fully cover is what happens when the third party in that workspace downloads a file or takes it outside of that scope of control, like, then then you sort of lose visibility and lose control over it. And I think, you know, but but but the flip side, you know, sometimes that's fine.
Like, if you're doing something relatively relatively, you know, benign, that might not matter with a very trusted party. But when you're talking about a regulated environment and regulated data, like, just because the just because that data leaves your scope of control doesn't mean that your compliance obligations end.
It's still it's still your data, and you still need the ability to retain control over it. So I think that's that's, like, one of the hardest challenges that those of us working in regulated environments have today.
We're we're kind of at this point where, like, I sense this tension. There's this tension between of course, we need to meet our regulatory requirements.
We need to stay compliant. You know, that's the thing that we have to do foundationally. But it's it's not at it's not like an or anymore.
It's not like we can do that, but we can have a terrible partner experience and or or just, you know, really make it difficult to access our data. Like, that can't happen anymore.
We're heading towards a world where business expect like like, compliance is kinda mature. It's like that's something we're gonna have to we're gonna have to deal with with it.
We've accepted it. We're gonna move on. Like, business expectations and customer expectations and partner expectations are becoming such that we need to be able to work with regulated data and still have a good experience at at collaborating around it.

Mike Morper
You know,

Cole Grolmus
So,

Mike Morper
I I think that last point is spot on. We are absolutely seeing that.
We are seeing, a need for organizations not to just share information, but to collaborate. But those organizations want to maintain that governance and control over that information and, don't want to, give up that governance just because they shared something across the transom.
And. regulatory obligations just add a little bit more, bite to that. And as a result, we had our we had, historic customers that have used our, secure email products say, works great, fantastic, but we also have file based workflows that we need to be able to, orchestrate as well.
And. it was specifically CMMC that was that tipping point for a large population of our customer base that said, we are no longer going to be able to conduct business with the US national government if we do not have a way to meet these regulatory obligations, specifically CMMC level two. So they.
came to us and said, your email products are absolutely solving that problem, but there's fundamentally, for the most part, an unmet need in in the market. We need to be able to collaborate.
We need to be able to real time share information, but we need to maintain those that governance and control. And that's fundamentally what brought us now to this moment and Virtru Collaborate.
So very consistent from our observation, from what our customers were telling us, echoing a lot of the, observations that that you're seeing as well.

Cole Grolmus
Yeah.

Brett McCrae
So

Cole Grolmus
Yeah.

Brett McCrae
oh, go ahead, Cole.

Cole Grolmus
Oh, yeah. I mean, I would just say my closing point on this to to somewhat echo and tie up what what Mike said, you know, with specific customer anecdotes.
Like, the good part about some of these regular well, good and bad depending. It's it's annoying at times.
But, like, one one attribute of of some of these regulations is, like, they're not super prescriptive about actually about, like, how you implement technology. Right?
Like, they have control objectives and and requirements that you need to meet, but they're not sitting there telling you, like, use product category x, y, or. z.
I mean, of course, they're they're they're, like, mutually agreed upon ways with, you know, within the industry or consensus with with auditors of how we implement some of these things. But, like, ultimately, it we, you know, it we retain choice in what we do and how we solve some of these problems.
And so I think that's going to be the thing going forward is as we're looking to balance both, you know, business and partner enablement and regulatory compliance, like, we are going to be looking more towards solutions that enable both, and we have a lot better, you know, a lot better choices and a lot better options out there than we've ever had before.

Brett McCrae
I'd love to I'd love to jump in right there because I think, Cole, you just set up perfectly for the next part of the webinar. So first thing, I'd love to introduce a poll to the audience.

The poll is how confident are you that a sensitive file is still protected after you send it to an external partner? You'll see the options right there, very confident, somewhat confident, not confident at all.
And while while folks are looking at that and answering the poll, I'd love to just offer an opinion, and I think a bridge, Mike, to to your section where we'll get into the product a little bit more, which is, you know, working on Virtru's customer success side, we see this every day, whether it's a, you know, a single practitioner medical office or or a Fortune 100 company where that sensitive data needs to move. It does.
And, again, it could move in a variety of places, a regulator for a compliance reason. It could move to a business partner to facilitate a business transaction or some kind of event.
But what we see all the time and and really what Virtru position is, and it's resonated a lot with a lot of the customers that I've talked to is how and why do we spend all of this time and effort and and honestly budget implementing all of these different tools, which to your point earlier, Cole, we need to. The firewall will still exist.
You know, hopefully when, or I don't know about hopefully, but when I'm retired. But that said, how do we do all of these things and put all of these things in place only to let that data walk out the front door like it didn't like it never mattered at all?
And that's a big thing that we are aiming to solve with this collaborate product. So, you know, with that said, I don't know if we've given our folks enough time for the the poll question, just yet.
But, it looks like Mike will turn it over to you and start going into a little bit more of the product itself. So I'll turn it over to you for that.

Mike Morper
That's great. I need, the poll turned off so I can share a screen. And and by the way, what we're looking at here is very consistent with, you know, what we hear as, as well and, frankly, what a lot of us experience.
So, the the notion that once you send something that you have any control over it, until, until many of the organizations that we conduct business with, have a chance to start using our products, there is not a realization that, there are products that are fundamentally unlike anything else out there on the market. Virtru's products are based on an open, secure data standard called the trusted data format.
And what I'm about to show you is a way that each one of you have the ability to confidently share information yet maintain that governance and control. So let me see if I can, walk and chew gum here and get this up and rolling.

Brett McCrae
And. while you while you get that rolling, Mike, I think that just highlights the point that we just that all of us made in a different way. Right?
Like, we spend all this time and effort and energy and budget trying to make sure that we protect our most sensitive data only to share it away or or have it taken or stolen or all these other things. And and what we're about to show you here, like Mike said, via the TDF really is unlike any other security, I'll say posture that is that is designed to share.
It's designed for it to be productive, and that's fundamentally different, we believe, in the market today. So go.
ahead, Mike. Jump

Mike Morper
Great.

Brett McCrae
in there.

Mike Morper
And, just a technology check. I'm assuming you can see the, Acme login here okay.

Brett McCrae
We can, Mike. Yes.

Mike Morper
Great. Okay.

So let me set the stage here so you understand, what you're looking at and what we're about to go through. I am at the front door of Virtru Collaborate.
Virtru Collaborate is a 100% browser based application. There is no software to install.
And, a tenant of every application that Virtru produces is hyper focused on user experience. We appreciate that there is little to no training that goes into using software these days, and that's absolutely true in in most organizations, whether you're a small health care practice or a large enterprise.
So we focus on making the experience of getting into our products as easy as possible. And you can see, in this case, I'm logging in, taking advantage of my, Google Workspace SSO, and that quickly, I am logged right into the application itself.
So what you're looking at is the workspaces that are available in Virtru Collaborate. So what's a workspace?
A workspace is a secure enclave where you can go ahead and share your most sensitive information. An enclave itself is set up by the data owner.
He or she can go ahead and decide who is eligible to access that information and then, obviously, what information can be loaded into it. As I had mentioned before, it is completely browser based, so, you can very easily upload files into here.
I'll show you what that experience is like in a moment. And, of course, it's very easy to go ahead and view the files in here.
This is a very consistent experience to many of the applications I think, many of you use today, and that's purposeful. We all recognize that there's patterns that we've all become familiar with, uploading files, viewing files, sharing files.
We have mapped those patterns into this application itself so that, that training curve is as low as possible. People can become productive as quickly as possible.
Now as I alluded to a a moment ago, enclaves are a secure location or excuse me. Workspaces are a secure enclave, a location where you can control as the data owner what happens in there.
So I had set this one up right before we, got started here. You can see that I am the owner, and, I have invited this this Mike Morper character right here.
I can see how many files are in my enclave and what security settings are present in this enclave. Now, of course, it's very easy for me to go ahead and add others into an enclave and, even create new enclaves.
One of the things that's happening under the hood that you don't see regardless of any location that you go into. While you can see dot PDF files, dot doc files, Excel files, CAD files, etcetera, every single one of these files is actually being wrapped as a trusted data format or TDF object.
So why is that important? As you heard Brett stay at the beginning of our our session, we are unlike any other security company that you have worked with in the past. We do not believe that everything needs to be locked down.
Rather, you can think of us as a secure sharing company. So the trusted data format is fundamental to that.
So for getting any of these files into this secure space, they are securely uploaded, encrypted client side, And when they land in here, they land in here as a dot t d f file or a trusted data format file. Now you can still see all the native file extensions here, but everything that is stored in here is a dot t d f.
A few things have happened on that journey. First and foremost, when it lands in any of these workspaces, unique attributes are assigned to that file.
So in this case, there's a unique attribute that's been added to the dot t d f manifest that is now inside of of that object to say, this file is associated with this workspace. In fact, this file has specific entitlements associated with it.
So what what's an entitlement? An entitlement is what individuals are permitted to do something with this file. Now that entitlement travels with the file itself.
So if I share this file or give access specifically to this workspace to a third party, I am in complete control and governance over what he or she may or may not be able to do. So, for example, if I go into my, legal workspace here, you can see that I could say, you know what?
I'm okay with individuals viewing this file. I do not want this file downloaded.
In fact, as part of that, I'm going to watermark these files. I can go in here and say, every file in this workspace is now going to be, watermarked.
In the process of doing that, I am also now blocking the ability for them to be downloaded. So if I go into here now and view any of the files, I'll just I'll just pick one here and view it, it is now watermarked, and my login email address is, painted across those files.
Why do we do that? Obviously, if someone were to screenshot this, that email address is gonna be painted across those, and, of course, there's no way to download this file. Now,

Brett McCrae
I I'd love to jump in with a quick question because I think you're you're hitting on something that's really important and especially with some of the statements that we made at the beginning of this webinar. So I was just looking at at some of the audience members in here, and I see a variety of different of different titles from from folks in IT or security leadership, other folks more on, I'll call it, like, the productivity side of the house, like maybe somebody that's running an office or or somebody who's running a clinic.
Can you kind of help me understand and and phrase it and kind of with those personas in mind, like, what does this actually mean for them? Like, if I'm a a CIO or a VP of IT or security, like, why does this matter?
And then the same thing for someone that's more of, I'll say, like, a practitioner or an end user. Could you.
help me kind. of bring it there?

Mike Morper
Yeah. You bet.
So let's let's start at the beginning here. Let's say let's say I work for, law enforcement.
I am conducting, an investigation, and I have the need to be able to share some sensitive information with the, district attorney. So I'm gonna go ahead in here and create a folder called, evidence.
I could obviously give it a a helpful name if I wanted to, and I can go ahead and invite, individuals. So let's say there's this Cole character, at this organization, and we'll pretend that that's our district attorney.
I need to share some of that sensitive information with Cole. So I'm gonna go ahead and create, this sensitive, enclave, this environment, and here is that environment.
So, obviously, there's no files in here. I need to add some information.
So I'm gonna go over here. I have two ways of adding information.
I can go ahead and pick something from my, local desktop, and I'll go ahead and say, here's that evidence, file that I want, and I can go ahead and upload that. And that quickly, it went from my desktop, client side encrypted, created as a trusted data format client side, and moved up into the environment.
Now instantly, Cole now has access to this information. So, I potentially could put Cole on the hot spot here, and he would be able to immediately have access to this.
He would have just received a notification via email that said, hey. This Mike character just shared a file and provide a link where he could go ahead and log in to his own workspace, and he would go ahead and see this exact same file present in his environment.

Cole Grolmus
I just happen to be sitting in my workspace right now, and I instantly saw it when you shared it. And I can confirm that it is several footprints.
Those are that is that is the evidence.

Brett McCrae
And

Mike Morper
let's see if he's let's see if he's telling the truth. So there.

Cole Grolmus
There you

Mike Morper
go. Not bad.

Cole Grolmus
go.

Mike Morper
Not bad.

Brett McCrae
good when it works. So so, Mike, I'm I'm sure there's someone out there who's thinking like, hey.
This this looks nice, but, like, I've seen this before. Right?
Like, hey. I can do this with another file sharing system. I'm using Google Drive or I'm using SharePoint or something like that.
I really wanna get at why this is fundamentally different. Like, give give me the ten second like, what should the audience leave here and just have burned with their brain about whether this is fine why this is fundamentally different than something they're using today?
That control piece, I think, is critical

Mike Morper
Yeah. So I'll I'll I'll start right there.
First and foremost, and you've heard both Brett and I touch on this a couple of times,

Brett McCrae
here.
Mike Morper

the trusted data format, an open standard that helps to ensure that the data owner has governance and control over their most sensitive information. Every single file that is uploaded into this, whether it is a, 100 k, JPEG or a 15 gigabyte, body cam video footage file, all get wrapped in this trusted data format to ensure that governance and control.
That's that's number one for sure. Secondly, this application is not constrained to your own perimeter, touching back on something Cole was, referencing, in his introduction.
Instead, this application is within Virtru's FedRAMP environment. So what does that mean?
For organizations that are conducting business with the US federal government, this is a FedRAMP authorized application. So if you're specifically, in the the DIB, as an example, the defense industrial base, and you have a CMMC level two obligation that is a big brick wall coming up in November, you can go ahead and use this application.
It already will help you to achieve your CMMC regulatory obligations. Those are two great big bucket items.
Brett, any any other thing thoughts that were coming to mind that you wanted to add?

Brett McCrae
I I think that's pretty spot on, Mike. Like, just and I where I'd love to go for just a second here is is, again, just looking at the titles of folks, I think there's a lot of people in a lot of different industries.
We've highlighted the DIB, but in our experience so far, we've seen a ton of different use case across a ton of different industries. But a lot of the points that you made, Mike, are really central to that.
Just where it lives in Virtru, FedRAMP moderate environment and the control, over that data as it is being shared, which it needs to be, but that is maintained over those files. Like, we have customers that are using us to share things like, CJIS information from a school to a local law enforcement agency.
We have customers that are using us to just send, you know, really big sensitive medical files, like imaging files from, you know, from a provider to a patient, which seems like it should be really easy, but it's not to do that today in a in a secure way.

Mike Morper
Yeah.

Brett McCrae
We oh, go ahead, Mike.

Mike Morper
Yeah. No.
I was just gonna say you you mentioned something that that resonated, and I think it's important to broach. It's a I touched on this when I first logged in.
We spend a lot of time on the user experience. We wanna make this as intuitive and as easy as possible for organizations to adopt and start using.
And we really like to say, we like to extend into the tools you're already using. So while I gave an example of uploading a file from my desktop, we also extend into other applications such as Google Drive, OneDrive.
This is a Google Workspace account, so, you see that label here. I can easily log in to that, go through the SSO process, and I can now see all of my shares.
And I can easily go in and say, hey. Here's that, know your customer document that I wanted to make sure was added into here.
And that easily that file is going to transfer from that perimeter based environment into this FedRAMP authorized environment as well. So I just wanted to make sure I touched on that capability, Brett.

Brett McCrae
Yeah. I think that's great, Mike. And and, you know, Cole, I'd love to pivot back to you for a minute here.
You know, we Mike and I have been talking. We've we're obviously familiar with the product.
But just, you know, as an outside party, as you look at this and and hear what we're saying, just what's your reaction? What's your
on this?

Cole Grolmus
and kind of the for me was, like, you know, on the surface, this looks like a collaboration platform, and it certainly is. But with OpenTDF and and the entire standard behind it, like, there's a lot more going on behind the scenes than what it looks like, you know, just directly through the user interface.

Like, one of the things that is always, you know, really difficult as, like, a third party that's collaborating with, you know, the owner of some of the traditional workspaces like this is, like, you know, I I I I kinda I anything that I put into it, for example, I I I may not have the ability to to control or get back out. Like, once I give up my data, I can't get it back.
And I just think, like, there are a lot of scenarios in here that allow for so much more equal and better collaboration because, like, yes, it is a shared workspace, but there's also a lot better, like, provenance and lineage around, you know, who put data in and where it came from and what they retain, and that's, like, fundamentally different than what we're used to seeing.

Mike Morper
Yeah. You know what?
The the the term collaborate has come up a bunch, not just obviously the name of the product, but the realization that the way organizations work today is real time back and forth. And not just a throw it over the fence, wait for someone to do something, and, you know, days later it comes back.
There are many situations where that real time joint collaboration must take place. So one of the things that, our customers that are using this product are gonna be seeing in the not too distant future is the ability to actually real time collaborate on documents.
So while I can show it today, coming to a, Virtru Collaborate, screen near you in the not too distant future, all Microsoft Office file formatted documents. You're gonna be able to click on this and optionally have the opportunity to edit it in this secure environment.
So real time collaboration will be able to take place. Data owner maintains governance and control.
This is all courtesy of the trusted data format. So I did wanna go ahead and give a little bit of tease of something that's gonna be coming here shortly.

Brett McCrae
I think that's really important, Mike, and and, Cole, to kinda bring you like, I'd love to hear your reaction to that. Like, security and collaboration when you know, are seem, you know, fundamentally opposed to each other sometimes.
Right? But it's also both necessary things of today's of today's world. We have to be secure, and we have to collaborate both internally and externally.
So, you know, as you hear those things, is that is that a trend that you're hearing in the file sharing market today that's fundamentally broken? Like, tell me a little bit about that.

Cole Grolmus
Yeah. I mean, I think maybe even taken it one level higher, like, you know, and thinking of it more as a as a security practitioner. Like, one thing that's always just been impossible or seemingly impossible for my entire time in security has been, like, controlling files once they leave an environment or controlling data once they leave an environment.
And we, like, we kinda got there in some ways, or there have been attempts at that over time, but it it it tended to be, you know, proprietary, like, vendor specific formats or just, you know, other limitations that didn't really make it work from a practical level. Like, TDF is is really the first, you know, fully open way that I have seen that makes this if effective or makes it possible.
Like, the ability to, you know, put access control around data no matter where it goes, even if it's, you know, outside of my collaboration platform. And and, you know, we haven't really even talked about this, but, like, a mind blowing thing for me is, like, the ability to tie that back to existing identity providers and and, you know, authentication and authorization, platforms that we already have and use those to control access is huge.
Like, that's just something that I never thought would even be possible, and and and now it is, or at least we're making a lot of progress towards that.

Mike Morper
Yeah. And, Cole, you're bringing up a great point and something we like to, repeat, here at Virtru.
We pride ourselves with a a very elegant policy and access control, methodology where we live at that intersection of, attributes that describe the data and entitlements that describe the humans or nonhumans that need to access that information. So if you're still looking at the screen here, I assigned an entitlement to this workspace.
In this case, that entitlement was cole at Strategy of Security dot com, is entitled to have read write access to this repository. Now I can go ahead and modify the entitlement and now say, that simply that user now only has view access to this repository.
The way we enforce this is by taking advantage of the existing identity provider that is used. So you all saw me authenticate in through, Google's authentication, regime.
If this if you happen to be, on a Microsoft domain, you would go ahead and authenticate through that same process. If you use Okta, same same process.
We get validation of that identity, and then we compare the policy that is embedded within that trusted data format object to determine whether or not that identity is entitled to that information. If they are not entitled to that information, they are blocked and they cannot view that information.
They cannot download that information. So it's a very unique way to ensure absolute governance and control over that information. And, it would be, probably appropriate for me to share the reason we have landed on the trusted data format.
Not only is it an open standard so anyone can build applications taking advantage of this this metadata standard, but our intelligence community here in The US, our, military depend on this technology. Its origin is the NSA.
It was developed by our cofounder while he was at the NSA, and it is now being leveraged by well over 6,000 organizations every single day. Millions of messages, millions of pieces of sensitive information are protected by this format.

Brett McCrae
I'd love to jump in, Mike, with with one quick, you know, administrative thing that we do have a q and a. So if you have any questions as we're getting here towards the end, please please jump them in there.
We'll try to we'll try to pick out ones that are maybe most relevant to the broader audience, but we will follow-up with everyone, individually after this if you have a question that we didn't get to. But, Mike, I wanna I wanna pick up off of what you were just saying, which is which is kind of the data centric security component of Virtru.
And and when you can apply, you know, security and access and policy control to data itself, back to what we were saying in the beginning that this is fundamentally different, like, that's at the core of what we're talking about. So, Mike, you mentioned some of the use cases in the public sector.
I mean, Cole, you mentioned some of the challenges you had as a practitioner at PwC and then working with many organizations after that. But, like, I I think a lot of times we think of security as like a, you know, this big thing.
Like, we've got an alarm on our house. It covers everything.
Right? It's back to your point at the beginning, Cole, like, the perimeter is important. We need locks on our front door.
We need wanna keep our windows closed. But that's certainly not the end all be all and not where it ends.
And I think what this product and and Virtru has been offering this for a long time, this is why we are so fundamentally different. This is why we're a security company unlike any other is really based on that.
We can lock your kitchen cabinet. We can lock your bedrooms.
We can lock access to, you know, maybe you have someone in the house. I'm not not throwing, you know, throwing anyone under the bus here that that has a sweet tooth.
Well, we could lock that up to. But we can lock up in a way that still allows it to be productive.
Like, Cole, you mentioned or you saw with just Mike's Screenshare live, it's super, super easy. And, Cole, I'd love on that point, like, you see the you know, security imparts friction.
Collaboration can impart friction too. When you're looking at this and thinking of, like, almost putting aside the security piece for a moment, but but the productivity piece, like, what do you see?
Cole Grolmus
Yeah. Well, I mean, I was gonna add one part, like, my own experience of receiving that file first.

Brett McCrae
Yeah.

Cole Grolmus
Like like, it it's it's it's I mean, super simple. Like, I I was in in in less than thirty seconds as soon as Mike shared it.
Like, I have Google, you know, Google on my end too. And so, you know, I was just able to sign in with my existing Google credentials, and I I had the file, like, right away.
So I mean, that that, you know, fundamentally I know that sounds really basic, but, like, from a user experience perspective, I mean, both as a as a customer as a customer, you know, and as a collaborator, you know, in a b to b context, like, most of the time, you've gotta go create an account with with whatever, you know, secure file sharing services out there. And, like, I might use that once once every year, once every two years.
And it's just it's really, like, cumbersome and annoying to have to deal with that, like, where, you know, the fact that I was able to log in with my own credentials was was really huge.

Brett McCrae
And I think, Cole, just I mean, this is something we hear on our customer side all the time. Right?
Like, you know, shadow IT. Right?
It's a topic that's been covered ad nauseam. We don't need to get into it here, but it's a real problem.
And and if end users and, again, I'm looking at just some of the folks that are in this. Some folks are security and IT practitioners.
Other folks are end users, just trying to be productive and do your job. Well, with this, you can do both.
Right? You can be you can apply security at a data centric level, two pieces of data individually. And also, Cole, to your point, have it move.

Have it be easy for for the third party, Cole, it, you know, to access sent from Virtru and somebody named Mike. Right?
And that is so fundamental because when productive productivity and security are trade offs, nobody wins. So, Mike, you know, anything you wanna add to that because that's really core to what to what Virtru is is doing.
It's certainly core to this product in the file sharing space. Would love your thoughts on that.

Mike Morper
No. I I think you just hit it right on the head. Our charter, our number one focus is obviously, respect the data, respect the people.
We wanna make certain that those that own the data maintain that governance and control, yet at the same time, data is it's created to be shared. And our organizations, our businesses, are in the process of collaborating with other humans.
We need to get that information shared as efficiently and as safely as possible. And, hopefully, you've all been able to see, a really simple experience, making certain that individuals can easily get the information they need to another individual, is our charter and our purpose for this application.

Brett McCrae
I think that's a a great way to to start to bring this to a close, Mike. Again, I'm I'm not seeing a ton of questions in the chat, but we'll follow-up with everybody individually.
But, Cole, would love to give you any parting thoughts that you might have after seeing this.

Cole Grolmus
Yeah. I mean, again, I think it's I think it's really it it it it it's really changing the paradigm to go from, you know, having to keep my data on premise or or within, an environment that I control versus being able to let it go and not have to worry about it.
Right? Or at least knowing that I can retain control. Like, in a way, you're kind of delivering the best possible experience to both users and security practitioners.
Like, I described the user side of it where it was super easy for me to get a file that was emailed to me and get in. You know?
But, like, I I also am empathetic and and excited from a security practitioner side because, you know, I know that I can just sort of let my users collaborate in the way that they want to. And as long as they're using, you know, something like Virtru Virtru collaborate, I can go revoke access to that data if I have to.
Like, that's that's just it's a control point that I never I never thought I would have before and something that I was never used to having that I now have at my disposal, and that really makes life a lot easier.

Brett McCrae
I think that's spot on, Cole. Couldn't have said it better myself.
It's certainly something that we're seeing from early reactions from customers and prospects across, again, tons of different industries. I mean, we've mentioned the dib, but we're seeing a lot of traction in the health care space.
Folks working in state local government, folks working in in banking and finance where there's a ton of data. It's extremely sensitive data across all of those, and it always needs to move.
And these files need to be shared in order for them to be fully productive. So I I will bring this to a close now by saying this.
First, thank you for listening. We really appreciate everyone's time today.
We will get back to everyone that had a question that we may not, have gotten to already. We will answer those directly, but please feel free to reach out to your CSMs or sales reps at Virtru if you if you have any questions, that that weren't covered today.
We'd be happy to do a demo, happy to have a conversation, explore your specific, specific use cases here. And as I see that, I'm I'm gonna I'm gonna pivot a little bit because I see a few quick questions coming in.
You know, Richard, I see a question around interoperability and our road maps on that. I'll speak generally, and then Mike would love for you to chime in.
I mean, we've been really focused on being complimentary to a lot of different platforms out there. So as far as, like, specific partnerships with the companies you mentioned, Michael, I'll punt that to you.

Mike Morper
Sure.

Brett McCrae
But as you can see here, like, we're super focused on just making data productive, and we know data lives in a lot of areas. It lives in a lot of spaces.
It might be something like Google Drive or OneDrive. It might be something like in a Palantir instance.
Right? So, Mike, anything you wanna add there about going to where the data is and interoperability with collaborate moving forward?

Mike Morper
Sure. Everything we've been speaking to and the application that, I just demoed is built upon Virtru's data centric security platform.
The platform itself, is what we use to service our commercial SaaS business. It is also a platform that can be deployed in a self managed environment, And I alluded to, the intelligence community and and national security.
That's how they deploy it. The platform itself is fully extensible, built on top of or exposes APIs to be able to build applications like Virtru Collaborate. Reason I'm giving this background is, interoperability was or extending data centric security into other workflows and applications was, fundamentally, a a core tenant of what we were intending when we built the platform itself.
So the ability to extend into third parties, whether it is a DSPM solution, whether it's a a unified communication application sitting on top of the platform, whether it's, an icon ICAM vendor, is completely possible. We have an entire ecosystem of partners that are taking advantage of these of this tooling now.

So, yes, all built on open standards, SDKs to extend this into other workflows as well. So, hopefully,

Cole Grolmus
K.
Mike Morper
that Richard touches on, some of your questions there. Obviously, we could get into much more specific details around the, platforms that you're referring to.

Cole Grolmus
I was gonna add one more quick, like, broader thing too. Like, I mean, we we kind of actually talked about some interoperability already.
Right? Like, where it'll it'll work with different identity providers or or, you know, widely known identity platforms. The other one that that I think is actually very cool that we didn't really talk about all that much at all is, like, data security posture management or data classification.
So, you know, it the the broader virtual platform, like, already can work with some of those leading companies who, you know, if you if you already have a a broader a broader data security platform that's classifying your data, Like, Virtru doesn't have to classify it. It can it can integrate with that and pull in those classifications as well.
And so, I I just I think that's pretty important where, like, it all plays nicely with standard enterprise technologies across different security domains.

Brett McCrae
Cole, I don't wanna go too deep into that, but I think that's super important. Could you just give us, like, the like, what's actually happening there?
Like, what those DSPM tools are doing? Why something like the TDF and virtual matters as a downstream, you know, that workflow?

Cole Grolmus
Oh, sure. Yeah. I mean, the, you know, data security posture manager or just broadly data classification, like, especially in larger, you know, larger organizations, like, it's really hard to know where your data is. Like, there's it's all over the place.
And so it'll it'll go kind of discover your data footprint, you know, both on premise in the cloud, you know, everywhere it lives, you know, within your scope of control. And then it it it applies, like, very sophisticated classification algorithms to it, you know, some deterministic and some nondeterministic to basically say, like, is this data sensitive?
Is it not? What type of data is this? Is this PII?
Is this a credit card? Is this PHI? Is it, you know, intellectual property, etcetera?
And then, you know, it'll in in some ways, at least within your environment, will will lock down controls or lock lock down, like, access control, to limit access to it. You know, Virtru will do some of that out of the box.
Like, if you don't have one of those, it's okay, and and it'll do some basic data classification. But, you know, many enterprises are very invested in those technologies.
Like, they've spent hundreds of thousands of dollars and lots of time and potentially lots of services time, you know, working on their data security platforms for classification. That's okay.
Like, if you wanna rely on that and use that as an input, then then Virtru will work with a lot

Brett McCrae
Yeah. I think, Cole, to to summarize what you said, and this is certainly what we're seeing is we're spending a ton of time and effort figuring out what our data state looks like.
Right? And and logging, you know, this is sensitive. This is not all of those things.
But then the question becomes, well, how can I have it be productive? Because I need it to be.
So and that's where I don't wanna those d s you know, DSPM tools in that category is extremely impressive and extremely important, but a lot of our customers are starting to ask the next question, which is, okay. Well, now I know all this.
What do I do next?

Cole Grolmus
Yeah.

Brett McCrae
And
Cole Grolmus
mean,

Brett McCrae
I think

Cole Grolmus
think this is kinda like the what a a logical extension of that. Right?
Like, there are a lot of things that you need to do just to manage and control your data on premise, but this this is, like, another way of getting value out of the investments that you already have in some of those technologies as well as other categories like identity and security operations. Like, you know, you you can you can sort of extend all of those, you know, all of those foundational security tools to data that goes off premise, which is which is a big deal.

Mike Morper
Yeah.

Brett McCrae

I. think that's a huge deal and a a great place for us to kind of bring it home where, you know, in a lot of ways, Cole and Mike, I mean, what we've talked about today, like, it it takes a takes a village of of tools, of personas, of of inputs to be to be secure, but, also, it it takes a village to be productive and that data needs to move. Right?
We spend all of that time and effort and energy there. But, ultimately, you know, that data at times for it to be most productive and valuable, be it for a a public sector organization with a specific mission, you know, or a commercial company trying to trying to, you know, make money, be productive, and and not get in trouble and do best by their customers, this is a great option for that.
So, you know, I'll I'll close with this that, you know, our our very strong opinion, as you heard at the beginning, is we are unlike any other in this way. You know, unlocking that capability at a at a data level.
You've seen some of the different controls that were illustrated by by Mike's demo and and Cole's, you know, real world experience as a practitioner. We'd love to speak with you more about this.
We are learning more from our customer base and our prospects out there every day about ways in this that this can be used. And we're hearing about how productive and helpful it's been, you know, for for those different categories of of Virtru users.
So, remember that that governance and protection traveling with data is super important. Collaborate is how Virtru does that with files.
We're looking forward to having conversations with with many of you about how we can help in that way. Thank you for your time this morning or, almost this afternoon, maybe for a couple of you.
And Cole and Mike, great to be with you both. Again, really appreciate your input and insight this morning.

Cole Grolmus
Thank you.

Mike Morper
Thanks.

Brett McCrae
Alright. Thanks, everyone.