Statistical Data Analysis

Nuix seeks out digital needles from haystacks

Companies that can roll back and pick through information to find the needles in digital haystacks are highly prized these days. The ability to go deep into datacentres and devices to find out how a security threat developed, who sent an email the broke corporate governance covenants, or who possesses indecent images on their computers and how they got there is vital. And that ability is engendered by the modern tools used by today’s forensic detectives to understand vulnerabilities, solve crimes or uncover malfeasance. Once upon a time it was a field that companies like Autonomy owned but today it is often the domain of specialists able to inspect and report back on what has gone on in ICT systems.

eddie-sheehy-200px-250px-0One such company is Nuix, founded (and still headquartered in) Sydney, Australia. It may not be a well-known name but Nuix is a rising star in this important but often obscure and little understood corner of technology.

“We make sense of structured and unstructured information, what’s in the data and what stories it tells,” says Eddie Sheehy, the company’s Irish CEO when we speak.

In the wake of Enron in 2001 and other corporate scandals that fostered Sarbanes-Oxley and myriad other corporate governance rules and safeguards, e-discovery firms like Zantaz – later acquired by Autonomy – rose to prominence, but Sheehy says that today’s world needs a more sophisticated approach.

“They went after this document by document and we went at it at the binary level, the ones and zeroes,” he claims, reverse-engineering not only common file types for popular applications like Word, Excel and PowerPoint, but also zipped files, Exchange databases and “700 other file types you’ve never heard of, across platforms [to create] forensic artefacts. It’s our job to figure out how things happened. We can make it much easier for the investigator.”

A different path

Nuix hasn’t been your traditional tech startup rocket rise. The company was founded in 2000 but had a “restart” in 2006. When Sheehy joined about that time his team was two developers and himself. (“I’d learned from experience how not to run a company, how not to sell and how not to support it,” he says of a previous employer.)

“[Nuix] was pretty raw: cables in the ground and six-year-old PCs for the developers, but I thought there was a future in it.”

Turns out he was right. Today, Nuix is a team of 250 with 1,500 customers and tens of thousands of end-users. Revenue has been growing at about 60 per cent year on year and, while declining to provide specific numbers, Sheehy concedes that I wouldn’t be far wrong if I guesstimated revenues being over $100m. Money comes in in roughly equal parts from litigation teams, consulting, government and regulators, and private corporations.

Nuix did not pursue the classic route of seeking VC millions but is self-funding and staff hold about 30 per cent of the company. Success has been about having a fast, comprehensive, highly scalable product and good people, he says.

“People say ‘do it in Nuix because I trust it’,” he says. “That’s why we’re around and [older companies are] not. The world has moved on a lot and the digital footprint is no longer just the email from the email database.

“We run on self-generated cash flow… it’s not a Silicon Valley, pumped up, throw-money-at-it organisation but built on hard work, blood, sweat, tears. It’s been head down, bum up, ignore the competition and do things right in terms of the software and quality of people and support.”

Still that doesn’t mean that Sheehy will necessarily reject the lure of that traditional pot of gold at the end of the rainbow, the IPO. An eventual share offering, he says, could act as reward for the hard work employees have put in. But in the meantime there are plenty of challenges.

“Our mission is to protect and enable the world and the world we live in today is much more risky and dangerous than the one we started in,” he says.

Today of course, with Apple and the FBI engaged in a stand-off, everyone has an opinion on the ethical conundrum of data security versus the right to privacy. Sheehy sits somewhere in the middle, believing strongly in the right to privacy but recognising that sometimes there are compelling circumstances that mitigate that right.

“Four weeks ago, I was in California at an event held in Berkeley and there were a lot of Silicon Valley insiders there, and everyone was adamant: not a single doubt in their minds that Apple should help out law enforcement. Not a single person thought there were two sides of the story. I do.”

Still he is optimistic that lessons are being learned and that organisations are being more responsible and smart about how they safeguard data. He says that if we had been as well instrumented back in 2001 “we might have been able to stop the planes” on 9/11, and he believes that the fallout from the Edward Snowden affair means that we are more careful about who gets access to what data.

“After 9/11 they gave more access to more individuals and that meant the bigger the probability of someone like Ed Snowden doing what he did.”

But as more details emerge on the technology awareness of how the Paris attackers communicated using disposable brand new phones he’s less optimistic about the bigger picture.

“I think the bad guys are so much ahead of the good guys at one level of access. [Organised digital crime perpetrators] could teach any Fortune 100 about how efficient they could be.”

But, he says, at least dark areas of life like fraud and child abuse can be targeted so long as we can locate those needles in those haystacks.


« Typical 24: Askar Sheibani, The Comtek Group


FlashCast: Ads and public SMS engagement on Kenyan matatus »
Martin Veitch

Martin Veitch is Contributing Editor for IDG Connect

  • twt
  • twt
  • Mail


Do you think your smartphone is making you a workaholic?