Charles Lyons-Burt
Last year, long-running data storage company Seagate made the decision to refocus its core harddrive business, especially in emerging markets. This shift resulted in a necessary shuttering of its federal arm and, in turn, opened up a new opportunity for now-former Seagate exec Bill Downer. The spry businessman endeavored to partner with a colleague who owns a successful service-disabled, veteran-owned small business, with more than 70 cleared engineers who support both large and small integrators in implementing secure data storage solutions.
Together, on Oct. 1, Downer and company founded a brand new organization, Red Data, to continue the work they had been doing at Segate—specifically, developing NSA Commercial Solutions for Classified-certified storage devices, primarily solid-state drives. The enterprise has developed a five-year product roadmap aimed at delivering a range of NSA CSfC-certified solutions.
We spoke with Downer about this exciting new venture for an Executive Spotlight interview that explored the cyber threats facing the federal government today and how Red Data is providing critical capabilities to fight them.
ExecutiveBiz: What new trends or shifts are you seeing at the intersection of cybersecurity and national security, and how are those trends influencing the public sector and private sector today?
Bill Downer: The National Security Agency created Commercial Solutions for Classified, or CSfC, several years ago as an approved encryption methodology. It’s designed for use by commercial companies and civilian agencies that can’t use Type 1 encryption devices, which are reserved for the Department of Defense. CSfC provides a next-level-down solution—NSA-approved and certified—for protecting data up to the top secret level without requiring Type 1 hardware.
Our work centers on expanding access to this level of encryption across all parts of the government. We strongly believe, based on growing evidence, that many networks have already been compromised by adversaries. So it’s critical that federal agencies have access to NSA-grade encryption—even if they’re not part of the defense community.
We’re also pushing for broader adoption of CSfC within the private sector. Commercial organizations should be able to rely on encryption standards vetted by the U.S. government to protect their most sensitive data.
Right now, we’re collaborating with a range of system integrators—from the traditional primes to newer, more agile government contractors like Anduril and Saronic. Many of these firms are developing autonomous platforms and swarm-based systems, and they need secure, affordable data storage solutions.
Our goal is to make CSfC-level protection accessible for all use cases by offering low-cost, dual-encryption-capable devices that secure data at rest—regardless of mission or environment.
EBiz: What work is Red Data doing specifically to combat national cyber threats?
I firmly believe—and I think most would agree—that many of our networks, whether in the commercial space or across DOD and civilian agencies, have already been compromised. As data becomes more central to everything—from AI to next-gen compute—it’s increasingly critical to secure it.
We’ve focused on protecting data at rest, which is the largest attack surface. That means encrypting and dual-encrypting data, as required by the NSA’s CSfC guidelines.
We’re also focused on ensuring data integrity for AI and machine learning applications. Our goal is to make sure the data used to train and run models is secure, accurate and scalable—and that it can keep pace with the speeds demanded by NVIDIA GPUs and other next-gen processing systems.
We’re already working on two future generations of high-speed storage devices designed for those environments. These solutions will maintain encryption, ensure data fidelity and help protect critical assets in high-performance computing use cases.
EBiz: Data is coming in from an expanding network of connected sensors and devices. How does cybersecurity (and specifically zero trust) factor into the data conversation?
Downer: I like this topic because there’s still a lot of confusion in the market—both among vendors and end users—about what zero trust really is. At its core, zero trust is about access control. It’s designed to verify, every single time, that the person or device trying to access data has the proper credentials and authorization. It’s not just about authentication—it’s also about determining whether someone should be accessing a given dataset. Who’s touching the data, why and do they have a valid need to know?
But I see our work as the next level beyond that. Let’s say a user is properly authenticated and has access. Now the question becomes: has the data itself been modified?
One of the emerging threats—particularly in the AI era—is the manipulation or poisoning of data. It’s not always obvious when data has been altered, but subtle changes can significantly impact outcomes, especially in machine learning or automated decision environments. So we believe it’s critical to ensure the provenance of the data—that we know where it came from, that it hasn’t been tampered with and that it’s still trustworthy.
To protect against that, we emphasize dual encryption—not just for data in transit, but also for data at rest. Both layers need to be secured. That approach ensures that even if access controls are bypassed or credentials are compromised, the data itself remains protected and verifiable.
EBiz: What kind of tools and technologies can organizations use to make their data more accessible and understandable?
Downer: To make data more accessible and understandable, I think we need to shift our focus. Right now, most of the excitement around AI is centered on algorithms—what they can do, how fast they can process, how they’re evolving. But increasingly, the real priority needs to be on verifying the accuracy of the data those algorithms rely on.
The DOD has spent years working to prove the provenance of both data and devices. That’s critical groundwork. But we now need to apply AI tools to take that even further—to ensure that systems are what they claim to be, that their components haven’t been compromised and that no hidden functionality is altering the data in subtle ways.
It’s not enough to just access or visualize data. We need to be able to trust it. And that means building in mechanisms—powered by AI and other technologies—to validate the integrity of both the data and the infrastructure it runs on.
EBiz: Anything else you wanted to highlight?
Downer: We’re focused on developing commodity-priced devices that still use the most advanced methods to protect data. The goal is to make high-assurance storage more accessible without sacrificing security.
To do that, we’re actively seeking partnerships with anyone interested in helping us build a model centered around producing large quantities of affordable devices—ideally manufactured in secure facilities, either in the U.S. or in trusted locations abroad. What matters is that we have complete transparency into the components: where they came from, how they were made and what they’re being used for.
That said, like many others across the government and industry, we’re working to shift more of our manufacturing and systems integration into IAR (Industrial Assurance and Resilience) facilities based in the U.S. We’re planning for all possible future scenarios, including changes in global supply chains, so we can always source from environments that are fully under U.S. control.
