Charles Lyons-Burt
Shannon Vaughn is a passionate cybersecurity proponent who has put his weight behind data-centric security and privacy company Virtru for the last year and a half. As general manager, Vaughn collaborates directly with federal government customers. He brings experience as a U.S. Army officer to his current role, as well as an international knowledge base rooted in Chinese language and policy. Vaughn spent time as a senior China cyber analyst for Booz Allen Hamilton and a Chinese-Mandarin linguist for the Georgia National Guard.
Vaughn recently engaged in a dialogue with ExecutiveBiz regarding the ways Virtru aims to tackle the government’s most pressing cyber threat protection conundrums and advance mission partner collaboration, the conditions created by the Zero Trust Executive Order and more.
Tell us a little bit about Virtru. How did the company start and what does it provide?
Virtu was founded in 2011 by two brothers, our CEO John Ackerly and CTO Will Ackerly, but our story goes back much further. John and Will were both working for the federal government — at the White House and the NSA, respectively — and they observed how difficult it is to share information securely within government and, even more so, with partner nations.
While Will was at the NSA, he led the creation of the Trusted Data Format or TDF. TDF is an open source standard used extensively by the U.S. military and intelligence communities that allows agencies to place a protective wrapper around their data. This approach ensures that the owner of the data maintains control over the data at all times and that the information is protected wherever it is stored or shared. It’s the ultimate data-centric security solution, and it’s the foundation of Virtru’s value proposition: to provide simple, yet powerful, data protection.
What is your role at Virtru?
I work directly with federal government customers to ensure our solutions meet their current and future needs. That includes providing them with technology that allows them to securely and efficiently exchange information with our international allies and mission partners. To that end, I also work closely with foreign militaries and agencies around the world to ensure that they can leverage our technologies to easily share data while maintaining complete control over who can access information.
Can you tell us a bit about your public sector customers?
Many U.S. agencies are using Virtru’s data-centric security solutions to allow secure sharing of information both within and outside U.S. borders. For example, our solutions are actively being used not only by the U.S. Department of Defense and U.S. combatant commands, but also by Five Eyes Alliance partners like the United Kingdom and Australia. Information is being securely shared by these allies as we speak, supporting their intelligence operations.
Several nations are also using Virtru’s Secure Collaboration Platform. Our motto has always been to let our customers use the apps they’re already using, and we’ll make them more secure. That’s what the SCP does. It layers enforcement and “need to know” policies onto collaboration applications that governments use every day — Outlook, Sharepoint, chat, you name it. Users can only see and share what they are authorized to access depending on their countries’ classification systems.
To put this in perspective, a British soldier receives a document from an Australian soldier. If that British soldier is authorized to receive the information, they’ll be able to view it, edit it, and send it back to Australia unimpeded. And yet the data remains completely secure as it travels between endpoints and is used by each individual. Control is maintained by the document owner, and access can be revoked at any time.
How are your customers approaching data security?
The biggest thing we hear is that while there is a place for traditional, network-centric security, it is an outdated approach that does not align to the Zero Trust mandates. As agencies modernize, they’re also looking to modernize their security policies and processes. That means having better control over and protection around their data.
Right now, when the U.S. wants to share information with, for example, France or the United Kingdom, we have to create separate networks for both, or any other ally. It’s a massively inefficient process.
Bringing security down to the data level solves this problem. It ensures better security while allowing agencies and their employees to share information easily and without disruption–and without the need to build separate networks. They also don’t need to worry about being blocked by network security policies, because the data is self-describing and protected.
Plus, data owners can control who can see information, access it, and benefit from it. If a person isn’t authorized to read certain information, they won’t even be able to see the file names. This is a big change from prior secure networks.
This is important, especially for sharing information amongst allies. Maintaining a strong defense and diplomatic relations require an international effort based on easy and fast – yet secure – information sharing that moves at the speed of the mission. Putting a wrapper around the data lets U.S. and international agencies accomplish their missions without being bogged down by slow and tedious security protocols.
What does Virtru have in store for 2023?
Our goal is to continue to be at the center of data centricity as it relates to secure collaboration and information sharing. That means providing the Department of Defense with security solutions that support the mission of Joint All Domain Command and Control and the Mission Partner Environment. And it means continuing to strike major deals with international partners.
We’re also going to continue to make our offerings available on any platform. For example, our solutions work with Google Workspace and Microsoft. We want to continue to enable collaboration anywhere, anytime, and from any system.
As we go down these paths, our federal team will become a large growth driver within the organization. There’s simply so many opportunities for us in this space and we are confident that we have the solutions to meet those opportunities.
I truly believe we have something that will radically change data security forever. We provide an important piece of the cybersecurity puzzle, and it’s the kernel that will allow agencies to better communicate and collaborate with one another while protecting their most valuable digital assets.
