We are immensely proud and excited to announce the launch of Profian, a start-up company to create Confidential Computing products and services based on the Enarx project (https://enarx.dev).  We’re a truly global and distributed company, with our CEO (Mike) based near Cambridge, in the UK, our CTO, (Nathaniel) in Raleigh, North Carolina (US), and other employees in the US, Brazil, Germany and another joining us shortly in the Netherlands.

This article is a brief introduction to Profian – you can find more on our website, of course.  We also encourage you to engage with us on social media via Twitter, Instagram and LinkedIn.  We’d also love to see you get involved with the community over at Enarx, the open source project for which Profian is the custodian: you can go straight to the Enarx github and chat to start right away.

Who are the founders of Profian?

Profian was co-founded by Mike Bursell, former Chief Security Architect at Red Hat, and Nathaniel McCallum,, former Virtualization Security Architect at Red Hat.

Who has invested in Profian?

Profian’s seed round raised $US5m. The round was led by Project A and Illuminate Financial, and included angel investors: Olivier Pomel, Chief Executive Officer of Datadog; Tyler McMullen, Chief Technology Officer of Fastly; Till Schneidereit, Chairman of Bytecode Alliance; and Sarah Novotny, Board Member of the Linux Foundation.

What is Profian?

Profian is a security company, providing products and services in the Confidential Computing space.  Profian is committed to open source software, and is based on the Enarx project.

Where is Profian based?

A remote-first company with co-founders based in the UK and the US, Profian has other employees in Germany, Brazil, the Netherlands and South Africa.

What is Confidential Computing?

Confidential Computing is the protection of data in use by performing computation in a hardware-based Trusted Execution Environment (TEE).  This is the definition from the Confidential Computing Consortium, of which Profian is a member.  TEE implementations are available from Intel (SGX) and AMD (SEV), and both Arm and IBM have announced product plans.

TEEs allow applications to run on the untrusted cloud: in other words, workloads are protected even from malicious or compromised hosts in the public Cloud, on the Edge or on-premises.  Profian will simplify deployment of applications on TEEs, maintaining the highest security postures whilst allowing cross-platform, hybrid cloud solutions with minimum effort to organisations.

Why is open source so important for Confidential Computing?

Confidential Computing protects organisations’ most valuable software and data assets from compromise and leakage, and central to its approach is a reducing the risk to those organisations by limiting the number of components and entities that need to be trusted.  Open source software is key to this, allowing anybody to evaluate and review the infrastructure which protects organisations’ “crown jewels”.  Enarx, on which Profian’s products and services are based, is open source (under the Apache 2.0), as explained in Mike’s blog post Why Enarx is open.

Does Profian own the Enarx project?

No – Enarx is a Linux Foundation project, under the Confidential Computing Consortium.  Profian will act as a custodian of the Enarx project, encouraging broad industry contribution and facilitating collaboration with other projects.

How is Profian different from existing solutions?

Profian will provide products and services to deploy cloud-native applications in line with established workflows, using existing languages and development tools.  Profian believes that customers should not need to change the languages, programming approaches or deployment pipelines in order to benefit from Confidential Computing.

Profian also believes that the greatest transparency leads to the greatest security, and for that reason, is committed to providing completely open source solutions.

What sectors need Confidential Computing?

Almost all sectors have data or applications which are sensitive, whether those are customer information, financial transactions, healthcare or pharmaceutical research or lower level data such as cryptographic keys, logging and auditing records or network configurations – and many sectors operate within specific regulatory regimes such as GDPR, CCPA or HIPAA.  Profian will provide products and services applicable across sectors, but will initially focus on the financial services sector, where there is a well-defined set of use cases and a strong appetite for solutions which meet the strong confidentiality and integrity requirements applicable to enterprises in this space.

Where can I find out more about Profian?

Please visit https://profian.com or email [email protected] for more information.