Blog
Subscribe

Join Profian

Hi, my name is Mike Bursell. I'm the CEO and co-founder of Enarx and Profian. Profian is a company based in the U.S., but I'm based in the U.K., near Cambridge. We currently have 8 people across 7 countries in 4 continents.

Profian is about providing proven security for the untrusted cloud. What does that mean? Well, it's about using the Enarx project, which is an open source project on Confidential Computing, and providing services and products around that, targeted first at the financial sector, but we'll be going more broadly assuming everything goes really well, and allowing you to take sensitive data, sensitive applications and run them on the cloud, or in the edge, or wherever you want, in ways you just couldn't before because it wasn't safe.

The success of cloud native computing over the last 5 years - that's where we expect Confidential Computing going in the next 5 years from now. There is an open source community grown around not only the Enarx project but more broadly around Confidential Computing run by the Confidential Computing Consortium, which is part of the Linux Foundation.

What's special about Profian specifically? Not only we are doing the cool stuff, but we are a very open culture. Think open, be open, be transparent. We do all of our development in the open. All of our code is in the open, on GitHub (you can look at it now). We believe that openness is important not only to the code we write but to the culture we are trying to promote. A bunch of us got kids, or family, or other commitments, and we take this very seriously, so it's absolutely family-first. We think taking time is important.

We got some very senior folks, and some more junior folks, and we are looking across that as well. So we got people who could mentor you in. But, on the other hand, if you are looking into really take the top of your game and make the most of it, there are some really good opportunities. There are some really difficult, really interesting stuff we are doing at the moment.

We got 5 million dollars of seed fund, which is really fantastic, since September. We are going to absolutely concentrate on building out that technical team and then moving to sales and marketing - but for now: core technical team.

What are we looking for? What would you have, that we want? Basically you are going to be coming from a low level system background. We don't care if you know about Confidential Computing. If you have a bit of security background, that's great. But believe me, you'll learn it - it's what we think, what we do all the time.

Let me list some of the stuff we are doing: Rust, Git, GitHub (everything we do is open source), WebAssembly, distributed systems, low level syscall management, cryptographic protocols, attestation. There is a whole bunch of stuff there to get get your teeth into.

If you are interested in those things, we want to talk to you. Gerald is the guy who can tell you more about what we are doing. Get in touch with him, and find out all the stuff that you need.

Meet the founder - Nathaniel
Meet the founder - Nathaniel

Why did you start Enarx?

Enarx is about building primitives for trust in the cloud at scale. It's really hard today to have strong assurances about computing trust in the cloud because it just simply wasn't built for that - it doesn't have the primitives for that. Enarx is about building those primitives so that we can build really interesting things where we have a baseline of trust across the cloud.

Why did you start Profian?

I started my first company when I was sixteen, offering computer services to local companies.  I've always had a bit of an entrepreneurial spirit, and I've worked in start-ups on and off throughout my career, but starting Profian is about making Enarx successful.  I think WebAssembly is the future and I want to do my bit to make that happen, for provably secure and privacy-respecting applications.

How did you get involved with Confidential Computing?

Around November 2018, Mike and I were working at Red Hat, and we had this idea to improve TEEs (Trusted Execution Environments). We were given the go-ahead from the executive team to see if we could make it work. That's how the Enarx project was born. Our team moved through a set of proofs of concept and underlying engineering and when, in July/August 2019, IBM came to Red Hat asking whether they should support the creation of a new consortium under the Linux Foundation dedicated to Confidential Computing, Red Hat agreed not only to join the consortium as a Founding Member, but also to donate the Enarx project to it.

What application do you want to see executed the most in a TEE?

I want to see a "Tang" server in a Keep.  Tang is an implementation of the McCallum-Relyea cryptographic key exchange (in Red Hat Enterprise Linux, it's called "Network-Bound Disk Encryption"), and it's a good fit for TEEs because you really need to protect it.  But then again, I would want that, because my name's on the protocol!

Do you see Confidential Computing as the default way to deploy apps in the future?

Yes! Perhaps the thing I'm most excited about is our extreme vision of portability. We really love the idea of being able to move everything from large mainframes through the cloud all the way to the edge. Being able to move the same workload all around your infrastructure precisely because you have the baseline of trust in place to do so is what's really exciting to me.

What got you started with open source?

I got started in open source because I was a poor college kid and I needed software.  I knew software piracy wasn't the solution and in my academic context, peer review made a lot of sense.  I have worked in open source almost exclusively since then.  I was a developer for Gentoo, Ubuntu, Fedora and Red Hat and along the way I picked up a love for cryptography and security.

What was your first computer?

An IBM PS/2 model 25. It originally came with two floppy disks, but I upgraded it to have a 20MB hard drive.  It came with 512k RAM and we upgraded it to 640k - which nobody will ever need more than, of course.  It also came with a - very loud - dot matrix printer.

How do you relax?

I love international travel. I go out of my way to record local music traditions and experience provincial cuisines. But most weekends, you can find me spending time with my wife and five children who love camping, playing board games, and watching science fiction.

Is a hotdog a sandwich?

Very possibly, but far more concerning to me is the fact that cereal might be soup.

Emacs or vi?

vi, to Mike's chagrin.

Meet the founder - Mike
Meet the founder - Mike

Why did you start Enarx?

Around the end of 2018, Nathaniel and I were working for Red Hat, and came up with an idea to improve how Trusted Execution Environments. Red Hat were very supportive, and we founded the Enarx project.  It happened that the Confidential Computing Consortium was being founded a few months later, and we were very happy when Red Hat decided to donate the project.

Why did you start Profian?

Because we believed in what Enarx was beginning to promise, and really wanted to make it happen.  We felt that it was time to take it to the world, and I, for one, couldn't see myself not working on Enarx. Creating a start-up ("Profian" wasn't the first name) ended up being the best way to do that.

How did you get involved with Confidential Computing?

I was part of a telecommunications standards group called ETSI NFV (Network Function Virtualisation), which was looking at moving hardware appliance-based applications to virtualised workloads. Around 2013, I was working in the Security Working Group when a set of use cases presented themselves for workloads which couldn't fully trust the host.  We were in a bit of a bind until I remembered what I'd heard about a new technology from Intel called SGX which might help.  It was early days, and nobody used the words "Confidential Computing" till around 2018-2019 as far as I'm aware, but that was when I started getting involved in the field.

What application do you want to see executed the most in a TEE?

I remember when the canonical answer to any question like this was "a Beowulf cluster", and before that, "Quake3A" (or even "Doom").  I'm not sure what my answer is: maybe "any application which is processing my or my family's personal data".  I'll feel happier when I know that Confidential Computing is protecting my day-to-day.

Do you see Confidential Computing as the default way to deploy apps in the future?

Yes.  We're not there yet, but I hope we can move, in the next few years, from "do I need to be protect this app with Confidential Computing?" to "why wouldn't I deploy this app with Confidential Computing?".  The subtext should change to "of course I expect the assurances and protections provided by Confidential Computing".  I suspect that we'll be in a position for a while where Confidential Computing isn't the obvious choice, but don't see a good reason why it shouldn't become so, if Profian and companies like us get it right and make it easy to use for apps of all types.

What got you started with open source?

In about 1997, I was working with a start-up, learning my trade as a developer, working on Java and ODBC on Windows machines.  The guy I was working with on a particular projected inducted me into the ways of Emacs, and soon after that, the person in the company we'd probably now refer to as the "Ops guy" introduced me to Squid (an http proxy) and Linux.  I was pretty immediately hooked, and have used Linux as my main desktop since around 1998.

What was your first computer?

A BBC model B, though my first experience programming was on a ZX81 with 1k memory and a 16k expansion pack (which wobbled from time to time and lost all of the work you'd painstakingly typed in).  On the "Beeb", I played Elite (released in 1984), a game I'm still playing (though in a much more recent incarnation).

How do you relax?

Reading (mainly, but not exclusively, sci-fi), watching films (again, sci-fi, but action thrillers, old war movies and more).  I enjoy a nice single malt whisky or a good glass of wine.  Or beer, preferably real ale.  I'm a Community First Responder with my local ambulance trust, which means that when I can find the time, I go on duty with a defibrillator, oxygen and some other kit and attend local call-outs if I may get there before the ambulance crews.  

Is a hotdog a sandwich?

I absolutely refuse to answer this question, and feel fine with that decision for the simple reason that hotdogs aren't really part of my day-to-day experience.  And because I can't cope with the controversy and pain that any definitive answer on my part might raise.

Emacs or vi?

Emacs every time.  I don't code much these days (though I learned Rust in 2020 and wrote some proof of concept code for Enarx - don't worry, it didn't get merged), and when I do, I tend to use a more modern IDE, but I insist on Emacs key-bindings.

Profian joins the Confidential Computing Consortium
Profian joins the Confidential Computing Consortium

We're pleased to announce that Profian has joined the Confidential Computing Consortium.

Two years ago, the Linux Foundation formed the Confidential Computing Consortium, a community dedicated to defining and accelerating the adoption of Confidential Computing. Jim Zemlin, executive director at the Linux Foundation, highlighted the importance of bringing together different entities to reach these common goals:

Every time that you have a major initiative to advance technology as complicated as this, the industry realizes that it takes a whole ecosystem. You need hardware vendors working together with software vendors working with cloud providers working with academics to accelerate something like this... The key here is that you have a broad set of stakeholders across the different components in the technical supply chain coming together. Essentially, the end goal is to enable better data security by protecting that data in use. To do that, you need to make the technology that you use to create those environments accessible, well understood, and built in a standardized way, and that’s why it’s really important for the whole industry to come together like this.

One of the very first projects that was donated to this newly formed organization was the Enarx project, led by Mike Bursell and Nathaniel McCallum, who at the time were working at Red Hat, and who went on to found Profian in 2021.

Mike and Nathaniel have been part of the Confidential Computing Consortium since its very inception, so it's only natural for Profian to join this organization. Mike and Nathaniel also fundamentally share the same sentiment eloquently expressed by Jim and equally shared by other members of this community: of the utmost importance of coming together to make Confidential Computing accessible, well understood, and built in a standardized way.

Making Confidential Computing accessible is a challenge because the technology is evolving rapidly and involves complex concepts, from attestation to cryptography, and is being made available across a wide range of architectures (from Intel's SGX and TDX, AMD's SEV, Arm's Realms, to IBM's PEF). Mike and Nathaniel built Enarx to be simple, abstracting away complex concepts and supporting multiple architectures transparently so that users don't have to worry about these. To make this technology even more accessible and secure, they've also decided to make Enarx open source.

Additionally, making Confidential Computing well understood means reaching a clear definition of what actually constitutes Confidential Computing together with the community - this is not something that will be defined by a single company. Fundamentally, defining Confidential Computing is about providing users of this technology the ultimate level of trust and assurance, without compromises. Among the risks of getting the definition wrong are limiting the true potential of the technology and misleading users into believing that their data is fully protected, when in fact it's not.

And finally, making Confidential Computing built in a standardized way will require working together with several organizations to develop common protocols and standards. Enarx offers a run-time "Keep", running in a TEE instance and based on WebAssembly, an open standard that was designed by the W3C (World Wide Web Consortium) and on which the Bytecode Alliance builds. The Confidential Computing Consortium also collaborates with standards organizations like the IETF (Internet Engineering Task Force) and the IEEE (Institute of Electrical and Electronics Engineers).

Profian believes that working together with the Linux Foundation and other organizations to make Confidential Computing accessible, well understood, and built in a standardized way is not only important, but key to bringing cryptographic proof and verifiable trust to general computing. By joining the Confidential Computing Consortium, it reaffirms its commitment to advance this technology that will have a major impact across all industries.

Introducing Profian

We are immensely proud and excited to announce the launch of Profian.

Introducing Profian

We are immensely proud and excited to announce the launch of Profian, a start-up company to create Confidential Computing products and services based on the Enarx project (https://enarx.dev).  We’re a truly global and distributed company, with our CEO (Mike) based near Cambridge, in the UK, our CTO, (Nathaniel) in Raleigh, North Carolina (US), and other employees in the US, Brazil, Germany and another joining us shortly in the Netherlands.

This article is a brief introduction to Profian - you can find more on our website, of course.  We also encourage you to engage with us on social media via Twitter, Instagram and LinkedIn.  We'd also love to see you get involved with the community over at Enarx, the open source project for which Profian is the custodian: you can go straight to the Enarx github and chat to start right away.

Who are the founders of Profian?

Profian was co-founded by Mike Bursell, former Chief Security Architect at Red Hat, and Nathaniel McCallum,, former Virtualization Security Architect at Red Hat.

Who has invested in Profian?

Profian’s seed round raised $US5m. The round was led by Project A and Illuminate Financial, and included angel investors: Olivier Pomel, Chief Executive Officer of Datadog; Tyler McMullen, Chief Technology Officer of Fastly; Till Schneidereit, Chairman of Bytecode Alliance; and Sarah Novotny, Board Member of the Linux Foundation.

What is Profian?

Profian is a security company, providing products and services in the Confidential Computing space.  Profian is committed to open source software, and is based on the Enarx project.

Where is Profian based?

A remote-first company with co-founders based in the UK and the US, Profian has other employees in Germany, Brazil, the Netherlands and South Africa.

What is Confidential Computing?

Confidential Computing is the protection of data in use by performing computation in a hardware-based Trusted Execution Environment (TEE).  This is the definition from the Confidential Computing Consortium, of which Profian is a member.  TEE implementations are available from Intel (SGX) and AMD (SEV), and both Arm and IBM have announced product plans.

TEEs allow applications to run on the untrusted cloud: in other words, workloads are protected even from malicious or compromised hosts in the public Cloud, on the Edge or on-premises.  Profian will simplify deployment of applications on TEEs, maintaining the highest security postures whilst allowing cross-platform, hybrid cloud solutions with minimum effort to organisations.

Why is open source so important for Confidential Computing?

Confidential Computing protects organisations’ most valuable software and data assets from compromise and leakage, and central to its approach is a reducing the risk to those organisations by limiting the number of components and entities that need to be trusted.  Open source software is key to this, allowing anybody to evaluate and review the infrastructure which protects organisations’ “crown jewels”.  Enarx, on which Profian’s products and services are based, is open source (under the Apache 2.0), as explained in Mike’s blog post Why Enarx is open.

Does Profian own the Enarx project?

No - Enarx is a Linux Foundation project, under the Confidential Computing Consortium.  Profian will act as a custodian of the Enarx project, encouraging broad industry contribution and facilitating collaboration with other projects.

How is Profian different from existing solutions?

Profian will provide products and services to deploy cloud-native applications in line with established workflows, using existing languages and development tools.  Profian believes that customers should not need to change the languages, programming approaches or deployment pipelines in order to benefit from Confidential Computing.

Profian also believes that the greatest transparency leads to the greatest security, and for that reason, is committed to providing completely open source solutions.

What sectors need Confidential Computing?

Almost all sectors have data or applications which are sensitive, whether those are customer information, financial transactions, healthcare or pharmaceutical research or lower level data such as cryptographic keys, logging and auditing records or network configurations - and many sectors operate within specific regulatory regimes such as GDPR, CCPA or HIPAA.  Profian will provide products and services applicable across sectors, but will initially focus on the financial services sector, where there is a well-defined set of use cases and a strong appetite for solutions which meet the strong confidentiality and integrity requirements applicable to enterprises in this space.

Where can I find out more about Profian?

Please visit https://profian.com or email press@profian.com for more information.

Subscribe to Profian

Sign up for a chance to win the book:

"Trust in Computer Systems and the Cloud"

from Profian CEO Mike Bursell

Your Name
Subscribe