Symphonic’s founder says watching the door is no longer enough when it comes to protecting data

Symphonic Software has gone from being a cybersecurity research project to offering a contextualised data user experience to massive banks and governments around the world.

“We are like a club doorman,” says Derick James, CEO and founder of Symphonic Software, the dynamic authorization solution provider. While some doormen might only subjectively assess whether or not the guest is of legal drinking age before letting them in, the doorman in this analogy is considerably busier because he’s making sure people only do what they are allowed to do. “What we do is we apply rules at each stage,” James explains. “You can dance now, or stop dancing if you’re wearing stilettos. Have a cocktail if you’re over 21 or stick to a mineral water. If you then replace the club with the company’s digital solution and the drinks and the dancing with the data, then you basically have the idea.

Or to put it in another way, Symphonic’s software provides a contextualised user experience where their clients set out rules for who can access what data and when. For example, with modern digital banking there are many rules in place for how customers can access their accounts. A customer who regularly pays the same payee can easily do so, but there is more risk involved when they pay someone new, which is why users are often asked to authenticate themselves again. Symphonic provides software that allows rules to be implemented to check various data in real-time with a view to minimising the risk of fraud.

The company was launched in 2014, having spun out of a research project from one of Edinburgh’s leading Universities. “The idea came from the notion that information access was being opened up much more widely,” James explains.

Before the internet, computers might have been linked within a company, and data perhaps only shared with other company functions. Over time, this landscape has grown considerably in scale and scope.

As companies have grown in complexity and digital traffic ever increases, businesses have begun to open up data assets to partners, customers and suppliers. Often, this opening up of their digital infrastructure was protected by developers hand-crafting rules into each application which is error-prone, inconsistent, laborious and inefficient in times of change.

At the same time the rules about what data different people could access have been increasingly subject to regulators’ scrutiny. Eventually, the application by application approach just becomes too complicated and the risks of inappropriate access is difficult to manage. “It used to be the case that if your username and password were right, you were in and then after that nothing was checked at all, or if it was very little,” James continues. This has created considerable risk now that lawmakers are imposing strict data privacy laws such as the EU’s General Data Protection Regulation (GDPR) and open banking/PSD2, and consumers in any case want more control of their own data.

Symphonic’s idea was to create a solution that took all of those rules out of the applications and essentially created a digital shield around the infrastructure that supports customers’ services and data. Instead of having to build these rules into each application, clients could use Symphonic to incorporate the new rules into the shield. ”Symphonic does not touch or see the data,” James explains. “Our software gets in between a request to see the
data and the data itself and applies rules to determine whether or not this is allowed.” One of the key advantages of this is that it brings consistency into the approach to prevention of fraud and cybersecurity breaches.

To get the startup off the launchpad, Symphonic raised a £280,000 seed round in 2014 in order to fund initial market testing of the company’s solution. “That allowed us to get our first customer traction,” he says.

From its early engagement in health, where data is just as sensitive as financial data, Symphonic has expanded extensively into finance. Moreover, it has worked with both smaller and larger banks, including some of the UK’s leading banking organisations. Symphonic also signed technology partnerships with companies like Janrain, which was later acquired by Akamai, and Ping Identity. “That let our partners distribute parts of our technology allowing us to expand overseas,” James says.

“Our strong customer traction gave us the opportunity to really scale the business and to expand the team significantly,” he recalls.

After further rounds in 2015 and 2017, the scaleup raised a £2m round in 2019. Maven Capital Partners led the latest raise. The capital injection was also supported by Symphonic’s earlier investors Edinburgh-based Par Equity and the Scottish Investment Bank. “That enabled us to double the size of our engineering team, to bring in further sales, marketing, finance and operations experience and to start really driving the business forward,” James says.

Today, Symphonic has customers in Australia, the US, and Europe. Having originally targeted the health and finance sectors, the company is now protecting data for consumer goods, marketing services and insurance companies as well as some government departments. “So we are diversifying our geography and our sector penetration, as we continue to grow,” James concludes.

Six years into the company’s history, it seems as if Symphonic’s doorman is about to get really busy.

Symphonic was recently named in the CyberTech100 2020 list, to check out the full list click here: CyberTech100

Enjoyed the story? 

Subscribe to our weekly RegTech newsletter and get the latest industry news & research

Copyright © 2018 RegTech Analyst


The following investor(s) were tagged in this article.