Un(b)locking value in sensitive data
Modern data security is much more than enabling "data at rest encryption" checkbox on AWS S3 or using TLS connection between database and backend. Ten Commandments of Software by the US Department of Defense states that "Data should always be encrypted unless it is part of an active computation", which means that the default state for valuable data should be encrypted, protected from adversaries and insiders alike.
Encryption layer should keep the data usable, products fast & efficient, and the business unblocked. Since 2014 we have been building data security tools and custom solutions from greenfield to "just add encryption".
Typical challenges with data security
Developers are not crypto engineers
Many application developers do cryptography wrong: select improper cryptographic primitives, use low entropy secrets, store keys poorly, or even make "home-baked-very-secure" crypto.
Key management is hard
Key management flow is more than "how to generate keys and where to store them". It depends on tech stack, product UX, key rotation, revocation and incident response policies, regulations and compliance.
Compliance is vague
There is a growing gap between the general compliance demands — which cannot be implemented by a standardised checklist — and the practical implementation efforts. Crypto export regulations and compliance demands are quite far from the capabilities of modern crypto.