Nandini Jolly looks relaxed enough lounging on a sofa in her 19th-floor Bay Street corner office, but it's all an act.
"What you see here is a little bit of fix-me-up with some Chanel here and there" she says with a laugh. "It's not like this all the time."
As president and CEO of fledgling software firm CryptoMill Technologies Ltd., Ms. Jolly has spent the last two years learning the ropes in the high-stakes enterprise data security industry, and it hasn't been easy. She left a promising banking career, sacrificed time with her family and spent more than a few sleepless nights trying to get the company ready for prime time. If CryptoMill succeeds, the rewards could be huge; in the meantime, it's an exhausting uphill slog.
However, a recent string of breaches has demonstrated that even security-conscious companies have a long way to go toward protecting sensitive information. Canadian Imperial Bank of Commerce said recently its mutual funds subsidiary Talvest lost a hard drive containing personal data for 470,000 investors. That incident followed the revelation that a hacker had stolen customer information, including credit card numbers, from U.S.-based TJX Cos., the parent of retailers Winners and HomeSense.
CryptoMill's specialty is providing protection for Portable storage devices, which are one of the weakest links -- all the network security in the world can't protect against a thief who swipes a laptop or hard drive.
"There's a clear need here," says Paul Steep, director of research for software and IT services with Scotia Capital Inc. "[Data leakage]is a huge problem, so it's also a huge opportunity. But it remains a challenging environment out there for small software vendors."
CryptoMill's specialized software, SEAhawk, encrypts information no matter what medium it's stored on, and ensures that it can only be viewed on the client company's own computers; even if a disgruntled employee were to walk out the door with an iPod full of social insurance numbers, that data would be hopelessly garbled if it were opened outside company headquarters. SEAhawk therefore plugs one of the most vexing sources of security breaches -- the malicious insider.
"This is the next anti-virus," Ms. Jolly says, predicting that software such as SEAhawk will one day be as indispensable for security-conscious companies as anti-virus software is today.
However, she says getting clients to take a chance on a tiny startup like CryptoMill has been "sheer hell." Ms. Jolly is ready, though -- she's stared down plenty of obstacles over the course of her career.
Young, Indian and female, Ms. Jolly is not your typical Bay Street executive. She spent the bulk of her career in global financial services at Bank of America, working in cash management. Her age and race were seldom issues, she says, but not so with what she delicately calls "the gender issue." She had to carve out a niche in the macho environment of the trading desk by making sure her colleagues knew exactly how she wanted to be treated. It was a "sink or swim" environment, she says, "where I started to learn that I was a tough individual."
That assertiveness came in handy later when it was time to run her own shop at CryptoMill, she says.
Ms. Jolly joined the startup as director of corporate strategy in late 2003, when the company was known as Cyrca. Soon after, a falling-out among Cyrca's founders fractured the company but Ms. Jolly remained to lead the software development arm, which became CryptoMill.
"It was very, very tough," she says. "Raising money, paying the rent, getting the engineers, and not getting paid myself." But she managed to refill the coffers enough to finish the software and start cultivating clients.
The switch from a decade-long career in finance to software presented a steep learning curve as well.
"My education has been a team effort," she says. CryptoMill co-founder and chief technology officer Daniel Thanos spent hours explaining the software and how it worked, so that Ms. Jolly could make her pitches directly to IT managers without having to rely on the engineers to explain the finer points. "I take it as a compliment when my engineers say I'm becoming a geek," she says.
However, the working hours have stretched her to the limit too.
"I've doubled up, I belong to both worlds, business and tech" she says. That means she's often up at 5 a.m. to take a conference call with potential clients in England and then stays up late working with the software engineers who keep their own odd hours.
Her time out each day is 5 to 7 p.m., which she sets aside for her son, 6-year-old Arun, and her husband Marc. She also got rid of her BlackBerry -- on doctor's orders. "Work-life balance is an oxymoron," she says. "I'm a young mother running a company. I have no work-life balance."
Jolly has high expectations for CryptoMill. The company has a growing roster of prospective customers testing the software and recently made its first major sale to buyout firm Onex Corp. The stress and long days it took to get the company to this point look to be on the verge of paying off. "I believe in the work," she says, "but anything worthwhile, you have to go through fire for it."