Despite the Covid-19 crisis, Castlepoint Systems has managed to grow and is now gearing up to tackle data compliance issues around the world.
Rachael Greaves co-founded Castlepoint Systems in 2018 to empower regulated firms to stay on top of their data. This is not as simple as it may sound.
In the decades since computers became commonplace in offices across the globe, all organisations have accumulated massive amounts of information on their clients, their employees and essentially every entity they have interacted with. The organisations often do not know exactly what data they have and where it is.
The problem is that not knowing what data they sit on could leave them exposed to legal woes, particularly when considering the wave of data security and privacy legislation that has been introduced by regulators over the past decade. Organisations have lost millions of dollars to failed compliance projects, caused catastrophic harm to some citizens due to failures in information control, and lost decades of sensitive data to foreign hackers – all of which could have been avoided with effective information governance.
That’s where Castlepoint comes in. Its solution essentially helps businesses know what data they have, where it is, who is doing what to it, what risk or value it has, and what rules apply to it (and whether they are being met). It has been designed to completely change the way the world manages its information assets.
“Castlepoint uses artificial intelligence to read, register and regulate every document, email, database row, web page, or chat message, for example, in every system, all through a central portal,” Greaves says.
“Without using agents or connectors that affect source system upgrade paths and support, we access each system in a network and use natural language processing to understand what its data is about. We also extract all of its metadata and audit trail, and we use that combination of information to match the records against all applicable acts, regulations, policies, best-practices, codes of conduct and other rules for information handling and security.”
Once the data has been categorised, Castlepoint then monitors, tracks and alerts on all compliance requirements for data as it changes. This enable businesses to know when they can legally dispose of records, what the risks of data security spillage are and how to avoid them, how privacy information is captured, and how all the data is stored.
“We call this the Data Castle, and it’s a brand new paradigm for managing information” Greaves says. “It stands in the middle of a network ‘kingdom’ and provides a command-and-control position over all the people, processes and data. The information remains in-place in its source system, so there is zero impact on users and no security or integrity risks for data.”
She and her co-founder Gavin McKay first started to collaborate in 2012, auditing major projects in government and industry to identify why and how they were going wrong.
“My certifications are in records management, security management, systems audit and privacy, and Gavin is an experienced technologist and architect,” Greaves remembers. “What we found consistently was that these information projects weren’t succeeding because they simply could not have succeeded, as the technology was just not available to get full control of the environment.”
Looking at Australia as a whole, they found 1.1 million organisations that have to adhere to laws regulating the handling, retention, privacy, and security of information. “These businesses are also subject to foreign regulation if they have customers overseas, or domicile data offshore,” Greaves says.
In short, data management is a growing concern for businesses and not just in Australia. “This is a global challenge affecting more than 200 million organisations around the world, who need to effectively manage their risk, and get maximum value out of their existing data holdings,” Greaves says.
Armed with this information, they decided to do something about it. They launched Castlepoint with Greaves as CEO and McKay as CTO. The two co-founders started by reaching out to their clients to better understand their challenges and the opportunities of the data management sector. They also researched regulations, findings from audits and inquiries, academic studies, AI, and the ethical challenges that they’d have to overcome. Once they’d developed their first iteration of the Data Castle solution, many of their existing clients were happy to trial it.
“We partnered with universities and research organisations once we had a production solution, to ensure that we could keep focusing on best-practice technology and ethical design,” Greaves says. “And we partnered with peak bodies and other organisations to understand the end users of our platform, and get feedback on their preferences and priorities.”
The product was launched in October 2018 and was first implemented in January 2019, which Greaves suggests was the first time organisations had this capability available to them anywhere in the world. “We are first to market with this concept and currently have no known competitors who can offer records compliance, security and discovery across all systems and formats, with no user or system impact,” she says.
The product soon gained traction. Australian federal and state government, universities and businesses soon lined up to implement Castlepoint’s solution to the data management problem. “The adoption by the market here has been very rapid as Australian government and industry have a strong appetite for effective information and security management,” Greaves continues.
“As a geographically isolated nation, organisations here must work with overseas stakeholders in order to grow and succeed. One of the key limitations to expanding that reach overseas, and growing our own knowledge economy, has been the cyber and compliance threat inherent in working across borders.
“Our ability to address that risk, at scale, without business or system impacts, has already made a big difference for many of our clients who are navigating that globalising landscape. We have found the market very ready to adopt RegTech, including the government at all levels.”
The success also provided the founders with an opportunity to top up their financials. Having bootstrapped the initial development of the solution, they were able to attract a small amount of angel investment.
“We also qualified for a small loan from a Canberra based not-for-profit organisation called Epicorp, focused on helping local technology startups grow through access to a draw-down debt facility,” Greaves says. “We have also been awarded several small grants from the Australian Capital Territory and federal government. We are currently completing a raise of AUS$3m to expand our internal capability, to ensure that we are able to service the growing number of client opportunities here and overseas.”
Since launching Castlepoint in 2016, the company has grown from just consisting of the two co-founders to a team of over 25 employees. A significant part of that growth has happened during and despite the pandemic.
While the coronavirus crisis forced the company to postpone their planned move to a new office and with its employees having to work from home, Castlepoint was able to overcome this hurdle thanks to it already having a flexible working scheme in place. They have since been able to move into the new office.
Despite the challenges, Covid-19 had some benefits. “I think most people would agree that there is very little upside to a global pandemic,” Greaves says. “However, what it did do, as it tore across the world, was make companies like ours even more relevant. Almost overnight, businesses were forced to send their employees home. People simply grabbed their company laptop and were suddenly working remotely. Many businesses were not set up for this. What data was where, who had access to it, what were they able to suddenly do with it?”
In other words, there was a huge opportunity for Greaves and her team to educate businesses on how to manage the data and to actively help them do so. “Castlepoint launched a series of webinars, now also released as a podcast series, speaking to a range of Australian and international industry experts across a range of relevant issues relating to records management, strategy, security, discovery and audit,” Greaves says.
She also attributes the success to Castlepoint’s delivering a Software-as-a-Service solution, making it easy for customers to sign off on a monthly charge and to integrate it in their structures. “This is a key way for us to scale globally, manage implementations in the time of coronavirus, address the SME market, and achieve consistent monthly recurring revenue,” Greaves says.
Castlepoint has also begun to leverage a carefully selected partner network to increase its sales reach and to provide consulting services around the system. “Leveraging these trusted relationships will further shorten sales cycles and expand our sales funnel,” she adds.
The company has also begun to engage several “carefully selected strategic relationships with other software providers” that can offer whole integrated products, where Castlepoint provides a way to ingest the entire enterprise’s data set so that forensic and security tools, for example, can get better reach without costly connectors. Castlepoint is also partnering with consultancy and audit firms, who can use the software to get better outcomes for their clients’ remediation, migration, digitisation, business transformation, and investigtaion projects. “This will allow us to increase our sales reach leveraging our strategic partners sales network,” Greaves said. “It will also allow us to reduce sales lead times by being able to offer solutions rather than products.”
“Our growth to global clients, partners, and integrators has been enabled by the pandemic, as people have become more comfortable working together online and via video. Some of our recent work in the Netherlands and Scotland would not have been possible pre-pandemic, as we would have been expected to attend in person. The work-from-home orders have opened an expanded horizon of opportunities for local companies to operate globally.”
Copyright © 2021 FinTech Global