Cy4Data Labs (San Jose, Salt Lake City) protects sensitive data with field-level encryption, securing information even in use. With retired Brig. Gen. Paul Craft joining as a key advisor, the company targets public and private sector clients facing growing cyber threats.
September 3, 2025 — San Jose - Salt Lake City
When the state of Nevada shut down its offices, phone systems, and websites for two days following a ransomware cyberattack in late August 2025, it exposed how fragile government infrastructure remains — even in America. For Lance Smith, CEO of Cy4Data Labs, this wasn’t a theoretical warning; it was a brutal reminder of why his company exists. “It only takes one password,” Smith told TechBuzz. “Once attackers are inside, they escalate permissions, set up new accounts, and you don’t know how long they’ve been there. The real damage happens at the database level. That’s where the records live—and that’s what hackers want.”
Utah Roots, National Ambitions
Cy4Data Labs launched in 2023. Although much of its leadership is based in the Bay Area, its engine is rooted in Utah. Most of its employees are based in Salt Lake City—many with backgrounds in database and storage engineering. Smith brings his own Utah pedigree: he was part of Fusion-io’s early team that went through IPO and acquisition (by SanDisk in 2014). As he puts it, “Utah has been good to us. It’s where we’ve built strong engineering teams in the past, and it’s where we continue to find the kind of database and systems talent this technology requires.”
Encryption That Never Stops Guarding
Standard cybersecurity measures focus on data at rest or in transit, but leave a critical blind spot: data in use during queries or processing. Cy4Secure, Cy4’s flagship platform, fills that gap by keeping every individual field encrypted—even when applications access it. Each database field—like SSNs, health info, or transactions—receives its own cryptographic key. Applications behave normally; users don’t know anything has changed. Performance remains intact, even at scale.
“Attackers are getting into systems all the time,” Smith explained. “But if the data they steal is always encrypted—whether in storage, in motion, or being actively used—it’s useless to them.” Subscribers also get both simple encryption setup and clean undo: they can bulk-decrypt the whole system at any time. Pricing is based on key usage, not storage footprint, making it cost-effective for both small and large customers.
“Nomadic Data” and GDPR Built-In
Cy4’s innovation extends beyond encryption. Its “nomadic data” feature empowers encrypted fields to travel across environments—from HR to legal to healthcare—without losing control. Authorization decides who gets a key, not location. This also solves the GDPR Right to Be Forgotten: to "remove" data, a customer simply deletes the key. “Delete the key, and the data is gone everywhere—even in every backup copy,” said Smith. “Nobody can decrypt it again.”
Leaving the Competition Behind
Traditional alternatives falter. Columnar database encryption devours performance. Data masking is easy to bypass. Tokenization is cumbersome. Smith recounted one customer’s pain: “They had 3.2 million tax IDs to process via tokenized workflow, which took a week and a half. With Cy4, the same workload took just three hours.” Another early customer, a credit bureau, deployed 50 million keys on day one. Insurance companies are also encrypting sensitive subrogation data with third parties, consuming hundreds of thousands of keys per month. “Users don’t even notice—systems just work,” Smith added.
Real Customers, Real Adoption
Cy4 is selling both privately and to governments. Use cases include:
Cy4 was built with U.S. government requirements in mind. All development is done by U.S. citizens, and the platform is compatible with Defense Department environments (IL4–IL6), including air-gapped setups. It’s also designed for stringent supply chain and software vetting.
Paul Craft Appointment
Today Cy4 announced it has appointed decorated cybersecurity veteran U.S. Army Brigadier General Paul G. Craft (ret.) to its Board of Advisors. Brigadier General Craft is the Army’s longest-serving Chief of Cyber.
Smith said, “With a distinguished career defending against hostile nation-states, cybercrime syndicates, and evolving digital threats, Brigadier General Craft will be instrumental in shaping our roadmap.”
$10 Million Pelion Investment
After two years in production, Cy4 raised $10 million in April 2025 from Draper, Utah-based Pelion Ventures.
“We believe Cy4Data Labs is solving one of the most urgent problems in cybersecurity,” said Blake Modersitzki, Managing Partner at Pelion Venture Partners. “Their team has developed a truly novel approach that doesn’t force a trade-off between performance and protection. That kind of innovation is rare, and it’s why we’re excited to lead this investment.”
The Cy4 team remains lean—under 50 staff, scaling in measured steps. “We’re not chasing headcount,” Smith emphasized. “We’re chasing resilience and scalability.”
Smith shared that Cy4’s backend boasts 100% uptime and offers “five nines” reliability. The system handles key generation and authorization without ever touching actual data. “We don’t touch customer data,” explained Smith. “We just manage whether someone has the right to access it.”
Smith sees databases as the circulatory system of modern systems. With Fusion-io, he worked to make them faster. With Cy4, the mission is to make them secure. “Databases make the world go round,” he reflected. “Fusion-io was about making them faster. Cy4 is about making them secure.”
Backed by a crack engineering team (mostly based in Utah), well-established venture capital, and validated by military-grade, highly-vetted credentials, Cy4Data Labs may not be a household name yet—but in a $10 trillion cybercrime economy, a company ensuring that data is always encrypted just might be the kind of player cybersecurity desperately needs.
To learn more, visit: cy4datalabs.com.
Check out the downloadable overview slide deck and informational "Closing the Gaps" document, below:
View Instagram video below of Cy4 CEO Lance Smith talking about the $10 million investment from Pelion:
