Interview: Mohit Tiwari, CEO, Symmetry Systems

Not many professors are willing to give up a tenured professorship at the University of Texas in Austin to develop an unproven data security startup, but that’s exactly what Mohit Tiwari did when he packed his bags in Austin and moved to San Francisco to co-found Symmetry Systems.

Tiwari, along with student turned business partner Casen Hunger, founded Symmetry Systems in 2018 after conducting a decade’s worth of research into how to build a system stack where users control their dat,a even when they use untrusted applications on untrusted data centers, thereby preserving privacy and the most valuable asset of all – a company’s data. The results were compelling enough to drive a brand new approach to data security, and so Symmetry Systems was born.

Today, the California-based company delivers purpose-built Data Store and Object Security (DSOS) to provide visibility and unified access control of organizations’ most valuable data assets, with Tiwari serving in the role of CEO.

Infosecurity recently spoke with Tiwrai to learn more about his transition from professor to tech startup co-founder and the wider mission of Symmetry Systems.

How and why did you move from a professorship to set up a data security startup?

UT Austin loves it when its research makes it into the real world, and my colleagues have co-founded companies on everything from full duplex radios to robots in hospitals. Therefore, it was natural for our team to also think about practical impact.

Symmetry’s DataGuard helps a small team of security engineers to protect data across a large organization. Our research lab has worked on data-centric security for more than a decade, and over time, kept getting pulled into collaborations with regulated industries where security was blocking innovation.

In all cases – be it a hospital, a major defense contractor, a cloud-services provider, etc. – the problem was that every application or containerized service had to be hardened to get it over the security and compliance hurdles. Small flaws or exploits could mean major data breaches.

Our goal, and the goal of our entire research area, is a platform that directly secures data, even if applications and identities are exploited, and as a result be the focus of compliance and security evaluations.

We met our investors at Forgepoint and Prefix last year, who introduced us to 50+ security teams and we’ve been very fortunate to have had their feedback while building DataGuard as the first step towards a data security platform.

“It was natural for our team to also think about practical impact”

What is unique about Symmetry Systems’ offering?

Firewalls protect an organizations’ most valuable persistent assets – first networks and then applications – and cover a range of detection and protection measures (rule- and behavior-based). Symmetry DataGuard effectively creates firewalls around all your data objects.

We designed Symmetry DataGuard for data stores in a hybrid-cloud. Amazon S3 is such a different beast that it has a reputation of being hard to secure, but there are production data stores (SQL, NoSQL, caches, queues), analytics data lakes, etc. that contain sensitive data and talk to the internet. Each data store exposes a different set of knobs that are hard to set up and keep synchronized. So, being able to scale operationally across data stores was a major goal for us.

The other big design goal was to build for security engineers who guard data stores (versus making developers label data and re-write authorization logic). This was inspired by the paved path model that Netflix has pioneered for building cloud services and drives data-related security and compliance.

“DSOS is about measuring data risk and improving it systematically”

What is the biggest data security challenge that Symmetry Systems seeks to overcome?

Securing data against breaches or ransomware is a top priority for security teams, but the primary defenses have been stuck at encryption and related tools. This is why our design partners and mentors guided us towards pulling several disparate-looking pain points as symptoms of a deeper problem – DSOS. 

DSOS is about measuring data risk and improving it systematically. DSOS is thus a focused set of problems for a customer. It requires understanding of data stores and objects’ attributes, permissions and usage patterns. DSOS admits several types of solutions – you could build a code analysis based ‘shift left’ solution, a ‘paved path’ production infrastructure solution, focus only on service meshes or a family of applications, etc. 

As long as the interfaces are open and customers can answer the above questions, customers can put a DSOS program in place without being locked to specific vendors.

What is Symmetry Systems’ mission for the next five years and how does the company aim to achieve it?

Our mission is to amplify security engineers. Security is a fascinating but very specialized field and if it’s a part of a ‘paved road,’ it allows functionality developers to innovate safely and ideally unlocks regulated industries like healthcare and education to modern applications.

Symmetry is working with extremely security conscious organizations, and our first priority is to help protect the most valuable data wherever it resides.

Our longer-term goal is to bake these operational lessons into Symmetry DataGuard so every data store has a DataGuard. Even small teams in any industry should spin it up with every data store they work with. This way, every application is built to work with users’ data safely and users (and developers) don’t see fantastic applications and privacy as a zero-sum game.

What’s Hot on Infosecurity Magazine?