Passion and purpose

In a world full of devices and data, Nandini Jolly and her team focus on protecting your texts, images and all vital information.

The night before the release of 40 million HP desktops, laptops and tablets armed with her firm’s game-changing encryption technology back in March 2014, Nandini Jolly, founder, president and CEO of Toronto-based CryptoMill Technologies, and her Big Bang team of engineers/coders wanted something special to mark the occasion of their biggest deal to date. They stayed up all night to write, sing and record a song for Hewlett-Packard to the tune of Daft Punk’s “Get Lucky.”

“We sent it to HP executives the morning of the shipment,” says Jolly, who built her career in finance with Bank of America and Deloitte before founding CryptoMill in 2007, where she is the only nonengineer. “Months later, I still kept hearing how they played it at internal meetings. Apparently, no one had ever written them a song before.” In addition to being a turning point for CryptoMill, the HP deal also set a precedent. Each new partnership will be sealed with a song. “It’s serious work, but it’s got to be fun, too,” says Jolly.

If all goes to plan, songs for Motorola and OpenText are next for the Canadian boutique startup that now has the attention of global multinationals, thanks to its common-sense approach to security: protect data and preserve privacy. With this mandate, the company designed a technology, Circles of Trust, that encrypts data wherever it resides, thereby enabling secure, private sharing of data and collaboration within and outside organizations.

Protecting the actual data and not the devices where it can be found means if hackers get into a network like they did with Sony, iCloud and, more recently, US law firms representing Wall Street banks and Fortune 500 companies, it doesn’t matter because the data is encrypted. It’s safe. Plus, the encrypted files are only shared with authenticated recipients. That’s the second premise of the innovation — that only a trusted group of people has access. Once deemed to be bona fide, the group has whatever level of access the originator of the data wants. The group has complete control over whom it shares data with, to what extent others can access that data and for how long. Even after a document has been downloaded, if access is revoked the downloaded document will not be accessible any longer.

Circles of Trust is hitting the market at a time when cyber threats are at an all-time high and growing. According to cyber-security firm Symantec, in 2015, an estimated half a billion personal records were lost or stolen; spear phishing campaigns targeting employees increased 55%; and ransomware attacks, where network-connected devices are held hostage, were up 35%. The EMC Global Data Protection Index pegs the average cost of lost data in a single breach at more than US$914,000.

Recognizing the strength of demand and the fact that as a tiny firm with just 25 employees, CryptoMill does not have the bandwidth to scale up on its own, Jolly’s go-to market strategy is to partner with companies that are leaders in their own space. She is not afraid to pick up the phone and cold call potential clients.

“From healthcare to law firms to finance to aerospace to policing — all these industries are custodians of sensitive assets. Our solution applies to all by being agnostic and protecting the data,” says Jolly, who is equal parts bold salesperson and deeply spiritual, driven by a moral obligation to do good.


Born in India and raised in the Hindu faith, Jolly was educated at a convent in England before going on to earn her undergraduate degree in economics and masters degree in international finance from the London School of Business.

“I can do nothing about all the horrible acts of terrorism happening around the world, but together with my team we can make the change we want to see by protecting information and privacy from hackers who are taking data from anywhere,” she says. “We can certainly be the drop in the ocean when it comes to security.”

And it appears the company is on the right track. CryptoMill’s technology is on trend, according to Micah Clark, senior research associate, national security and public safety, at The Conference Board of Canada and lead researcher at the Cyber Security Centre, which is focused on the policy and governance aspects of cyber-security. “There has been a significant shift in approach to cyber-security, largely driven by the huge proliferation of in-points (mobile phones, tablets, laptops, the Internet of Things), which make the traditional concept of cyber-security — create the strongest digital perimeter possible around your institution and put all your important things inside it — no longer practical,” he says. “People are recognizing that data moves and the notion that you can put a big wall around it is falling by the wayside. There is an appreciation and acceptance that if we want privacy, security has to travel with the data.”

Encryption is not a new thing. What’s new is that encryption has reached down to the file level. This is known as distributed digital rights/asset management and has been described as the future of cyber-security. Companies such as Locklizard, based in the UK, and Silent Circle, headquartered in Switzerland, have adopted a similar approach. But where these companies focus on protecting PDF documents, USB drives and ebooks (Locklizard) and communications devices (Silent Circle), CryptoMill’s technology protects intellectual property, text, images, audio and video.

Still, there are challenges. “Regardless of how advanced the technology, its usability and user compliance is crucial. The most technically sophisticated security solution is completely useless if it isn’t used correctly by those within the organization,” says Clark. “Vendors typically like to develop really good technical solutions — which they should do — but it’s always important to supplement that by making them simple to use. The technologies that are going to succeed are the ones that make the process of protecting information idiot-proof.”

That’s where CryptoMill is hoping to differentiate itself by providing security, privacy and control while allowing for seamless and simple sharing and collaboration. PC Magazine was impressed. It gave HP Trust Circles (the technology Jolly and her team embedded in all those computers) four stars out of five, praising its high-level security and ease of use.

Ann Cavoukian, former information and privacy commissioner for Ontario and current executive director of the Privacy and Big Data Institute at Ryerson University, is also a fan. She met Jolly when as privacy commissioner she created the Privacy by Design framework, which focuses on making privacy a core component of IT systems and business practices. It has since become an international standard translated into 38 languages. The new EU General Data Protection Regulation now coming into force is the first to embed Privacy by Design in legislation. Jolly was among the first Privacy by Design ambassadors because of CryptoMill’s end-to-end focus on embedding privacy into all it does.

“Nandini spearheaded a truly exclusive product that enables functionality. Her background in finance means she comes to security and encryption with a practical business perspective,” says Cavoukian. “It’s security and privacy. Not one or the other. And business as usual.”


From the moment you enter Cryptomill’s inconspicuous office nestled between restaurants on the corner of Front and Jarvis Streets in Toronto, there is a feeling of warmth not typically associated with a high-tech security company. Area rugs overlay industrial carpeting. With its leather couches, the reception area feels more like a family room. On the coffee table a book about US patents sits next to India: Then and Now.

The boardroom offers a clear view of historic St. Lawrence Market, where Jolly’s team often goes for lunch or coffee or to purchase treats to welcome visitors (this visitor was met with a caramel cake). “Everyone’s a guest — why wouldn’t we have cake?” says Jolly. The location may as well be a world away from CryptoMill’s former office at Bay and Richmond Streets in Toronto’s financial district — and from Jolly’s background in international finance. She wouldn’t have it any other way. “I try to shield my team. I feel they do their best, most creative work when they are happy.” And healthy. Jolly, who herself is in remission from a rare autoimmune disease, kickboxes seven days a week to stay fit and release pressure. She brings her coach, Jason Battiste, a former Canadian kickboxing champion, to parks near the office so her team can take part in impromptu workouts.

The sense of fun and collegiality is complemented by a clear sense of purpose and urgency. Jolly credits her mother with instilling in her a profound sense of spirituality and for introducing her to the Vedanta monks she now calls on for guidance. When she raised her first million dollars, a monk from Germany came and blessed her office. In the elevator, on his way out, he shared a story about business guru Peter Drucker, who, when asked the greatest single quality he looks for in a CEO, replied, “A PhD in spirituality.” That idea stayed with Jolly.                                                                                     

“My monks taught me that nothing is secular; everything is spiritual. Our logo, the wheel of virtue, upholds actions performed towards righteousness, mitigating the bad, preserving the good. That’s exactly what we are doing: trying to keep the hackers out and protect the sanctity of assets from a security and privacy standpoint,” says Jolly. “The three things that matter to me are: can we fix something, will it work and is it worth it? Even if we stop one attack, we are doing something meaningful.”


Cavoukian has seen that passion and purpose up close. The women have shared the stage many times over the years speaking about privacy and security, and they’ve coauthored a report on protecting health records. In 2013, she nominated Jolly for the Women’s Executive Network’s (WXN) Canada’s Most Powerful Women: Top 100 award. “I thought, here is an amazing woman leading a remarkable company who walks the talk and lives the principles she offers in her company.” She won the recognition precisely for her ability to lead by example and break new ground in a male-dominated field.

“Of our 871 Top 100 winners, Nandini is unique,” says Linsay Moran, vice-president of programs and events at WXN. “She is a woman, a visible minority working in technology, having moved from a career in finance to become an entrepreneur. She leads with self-awareness and honesty. She is a proponent of women in leadership, a proud mom, and talks about her son and family openly and how being a mother and wife has allowed her to shape her business. It’s a powerful message.”

And one that also resonated with MP Kellie Leitch and Canada’s Status of Women, which profiled Jolly at Leitch’s behest as part of Women History Month in 2014 in recognition of her entrepreneurial spirit and willingness to mentor other women.

While her mother kindled her spirituality, Jolly describes her father, who worked as a financial controller for OPEC oil companies around the globe, as her lion, a force always pushing forward. Together, she says, they provided a home environment that taught her all things are possible if you believe in yourself.

That belief was reinforced during her time at Sisters of Providence Convent in England, where she attended school and lived with 90 young girls from around the globe when her family was based in Nigeria. She credits these experiences for her success at Bank of America’s Toronto office, where she was one of a handful of women among 400 men on the trading desk. “I promised myself I would be a star in whatever I did. At the end of the day, in treasury and sales, you are your last deal,” says Jolly. “Through sheer determination I landed one of the biggest accounts we had at that time, Broadcast Music Inc. That was the deal that got me to VP level within a year.”

When her son, Arun, was born in 2000, after she had suffered three miscarriages, she decided she needed to make a change. A few years later she joined Deloitte’s risk management team in Toronto as a senior manager. She took the biggest risk of her career when, with the support of her husband, Marc Marlier (“my biggest cheerleader”), she became a tech entrepreneur. “I still have my copy of Learning Cryptography for Dummies. I didn’t know anything about being an entrepreneur, how to hire engineers, how to raise money, what it meant to be rejected by venture capitalists,” says Jolly.

One such rejection stands out in particular. “I had one potential investor come to my office, eat my cake and say, ‘Love your technology. The problem with this company is that you are not a white, Anglo-Saxon male.’”


But she continued moving forward. In the early days of the technology, encryption was used to protect hardware. About four years ago, Jolly and her team realized that with the proliferation of devices, data can and does reside anywhere. So they innovated and have a global patent on encryption that follows the data wherever it goes.

Another differentiator: no back doors. Neither CryptoMill nor any partner it works with is able to recover the encrypted data — only the client can do that. This is a big change from companies such as Apple or BlackBerry, which host key management recovery systems. It means in the case of national security breaches, for example, the FBI or RCMP have to go directly to the client. CryptoMill has nothing to hand over to anyone.

Jeffrey Brandt, CIO at Jackson Kelly PLLC, a law firm based in Charleston, W. Va., with 200 attorneys in 12 locations across the US, has been assessing Circles of Trust and appreciates the approach Jolly and CryptoMill have taken. The firm is looking to encrypt its 4.5 terabytes of work product. “We want to avoid a Panama Papers scenario,” says Brandt.

“Law firms are ripe targets for hackers because we have multiple clients’ data, which can include anything from IP work to nation-state issues. To quote the FBI, law firms are the soft underbelly of the corporate world. Pressure is on us from our clients and the FBI to tighten up that belly,” he says. “Our goal is to be able to tell our clients we have full control over our documents. This technology stands out because how the circles are managed and facilitated gives us a lot more granular control over how our documents are managed and maintained.”

Alexis Roy, consul and trade commissioner at the Consulate General of Canada in Chicago, is responsible for providing support to Canadian startups and cross-border investors and helped connect Jolly and CryptoMill with Motorola Solutions Venture Capital. “I’ve met a lot of entrepreneurs. One of the elements to be successful is that their great idea has to address a real problem. Nandini Jolly has created a unique solution for all industries trying to secure data. The potential is huge.”

The only question: what will the next song be?