Welcome!

Cloud Security Authors: Darren Anstee, Elizabeth White, Mark Hoover, Peter Silva, Srinivasan Sundara Rajan

Related Topics: @CloudExpo, Java IoT, Linux Containers, Cloud Security

@CloudExpo: Blog Post

Enterprises Can Abandon Their On-Premises Hardware & Servers, Embrace BYOD

RSA Interview with Craig Lund, Chief Executive Officer at SecureAuth

Thanks for taking the time to answer my questions. Please tell us, what is SecureAuth Corporation all about and what do you do?

Craig Lund: SecureAuth provides 2-Factor Access Control to all industries, extending to mobile, cloud, web, and network resources. We have developed a range of products that enable two-factor authentication, single sign-on, and identity management services on-premises or hosted on the cloud. Our main product, SecureAuth IdP, can deploy into virtually any environment, facilitates flexible authentication via our 20+ authentication mechanisms, asserts identities to all applications through SSO, and provides help desk and user management services, including logging and auditing, 1-Touch Revocation, and self-service password reset.

SecureAuth set out to fix common authentication problems, and by designing our solution scalable and with the future in mind, we have been able to adapt to all movements away from VPNs and hard tokens, and into cloud and mobile business without requiring major adjustments.

Our solution enables any organization to become its own Identity Provider (IdP), maintaining internal control of identities and access, while enabling uncomplicated access for employees, partners, contractors, and customers.

What are you launching at RSA?

Lund: At RSA 2014, SecureAuth will be unveiling its 100% cloud-based authentication solution, 2-Factor as a Service (2FaaS). Hosted in the infinitely scalable Google Apps Engine, any organization can deploy two-factor authentication for all of its users, especially customers. 2FaaS accepts any identity and authenticates via SMS, Telephony, and E-mail One-time Passwords (OTPs), and our patent-pending, low-friction Device Fingerprinting to ensure secure access to web and mobile applications.

With 2FaaS, organizations can abandon their on-premises hardware and servers, embrace BYOD, and implement confident security into their corporate resources without ever storing user information or passwords on the cloud.

The biggest challenge for us in telling the 2FaaS story is assuring customers that their data remains secure even with a cloud-hosted solution. In a post-PRISM world, organizations are rightfully cautious about utilizing cloud resources to access confidential data. We are no longer tied to desktops and web servers that rest securely in our protected networks; we employ mobile devices and communicate and work within applications that are open to the world.

However, 2FaaS is unique in its architecture. It deploys within individual applications without requiring any identity provisioning. It simply conducts the authentication without any passwords or personal profile information required. Because this seems impossible, conveying this message to others has been difficult; but we are steadily acquiring believers.

Who is your target audience and how do you intend to reach them? What is the biggest challenge you face right now in telling your story and winning over new clients?

Lund: SecureAuth's target audience for 2FaaS is organizations that require customers to access their resources. Because this solution requires no identity provisioning, hardware, or thick clients, and can be utilized by any user on any device, the lightweight authentication is ideal for users outside of internal networks.

The biggest challenge for us in telling the 2FaaS story is assuring customers that their data remains secure even with a cloud-hosted solution. 2FaaS is unique in its architecture as it deploys within individual applications without requiring any identity provisioning. It simply conducts the authentication without any passwords or personal profile information required. Because this seems impossible, conveying this message to others has been difficult; but we are steadily acquiring believers.

I'd be curious to hear any general thoughts you have on market trends...

Lund: The trend is now moving away from traditional networks and enforcement points and toward applications and browsers. There are ways to safely and easily access any application from any glass, so why go through a traditional VPN? Google has proven this model to work quite well. It's the future.

What is the viral aspect of your product?

Lund: 2FaaS is a drop-in solution for applications with a simple web redirect to our service. We don't duplicate the users' PII in the cloud like other solutions. Our phone is ringing off the hook from ISPs and enterprises looking to protect their users' PII. We are a true B2C BYOD solution because we don't need to control the end point; we are all server side code.

What's the business model? How will you make money?

Lund: We sell a per user/per year subscription through a direct sales channel and also through traditional security resellers, like Fishnet and Accuvant. We also sell through an OEM and white label model where SecureAuth is invisible to the user of a branded product or service.

Who are your competitors?

Lund: It is cliché to say we have no competitors but there really is no other integrated solution that combines two-factor authentication, identity federation, Identity management, and mobile security all in a single platform that deploys out-of-the-box. We do have competitors in targeted point solutions like RSA, Okta, and Ping Identity.

How do you differentiate from your competitors?

Lund: Our competitors specialize in one area; SecureAuth specializes in four. We have the most flexible strong authentication, the most extensive federation, have expanded further into mobile security than anyone else, and include IdM tools, including cost-saving and effective user self-services. And we achieve all of that in a single product, whereas our competitors would require third-party tools and extensive professional services to attempt tie together several products to achieve the same functionality as SecureAuth.

How does your technology differentiate from the competition and can you elaborate on the different technology deployed?

Lund: SecureAuth has been awarded numerous patents and has several more pending. Our technologies on X.509 delivery, authentication, and revocation; secure mobile access; and two-factor-to-SSO architecture have launched our products to the top of the market, while our technologies on user-device registration have resulted in major customer wins.

Device Fingerprinting is a unique technology that comes with SecureAuth IdP and SecureAuth 2FaaS. The system pulls unique characteristics from mobile or desktop devices, and maps them to users in the enterprise directory. This enables low-friction subsequent authentication as the SecureAuth solution recognizes the device and authenticates via the fingerprint rather than requiring an OTP or token. This enables high security with no user friction - a true BYOD solution.

What business or technology could yours disrupt?

Lund: SecureAuth's technology has the potential to eliminate traditional authentication and point-solutions by deploying a company portal protected by SecureAuth wherein the enterprise does not need a traditional VPN to provide secure access to any application for employees, partners, contractors, and customers. By designing an adaptable and modern solution that facilitates convenient authentication and identity federation for all resources with a single license, products that cover only one aspect of enterprise security or require high-friction workflows (hard tokens, thick clients, etc.) do not make sense anymore.

Who founded the company, when? What can you tell me about the story of the company's founding?

Lund: I founded SecureAuth with my technical co-founder, Garret Grajek, whom I met back in the early days of IAM at Netegrity. We worked together again at IBM where I ran the security sales teams for the Americas, and through numerous customer interactions it became clear to us that a browser-based authentication solution that integrated with identity and federation tools was the future. Seemed logical to us that if you were going to federate an identity, shouldn't you be really sure who they are first? And yet there wasn't a solution that combined authentication and federation/assertions, thus SecureAuth was born.

What is your distribution model? Where to buy your product?

Lund: SecureAuth sells directly and through the channel. The product can be purchased directly via contact with the SecureAuth Sales team or through any one of SecureAuth's certified resellers.

What's next on your product roadmap?

Lund: It's all about mobile - any device to any application. We also continue to add new authentication methods to our workflow funnel as new threats emerge.

Are you targeting a first VC round? If yes when and what will you use the funds for?

Lund: We have raised 21 million to date. Our two largest investors are Toba Capital led by Vinnie Smith, and Allen Miner of Sunbridge.

How much money is being sought?

Lund: We are projecting cash flow positive in 2014 while maintaining our streak of 100% growth. So for us it's not a question of raising money for ongoing operations, but rather, do we want to do a very large raise with a top tier VC to push for more than 100% growth? Those discussions are ongoing.

What else would you like to add?

Lund: It's a great time to be in the IT security business. The market is very receptive to effective, innovative, cost-effective solutions. I love going to work every day.

Partnerships, collaborations or affiliations:

Lund: FishNet Security, Unisys, Accuvant

Federal or state grants, contracts or awards received:

Lund: SecureAuth was awarded the Stevie Award for "Fastest-Growing Company" in 2012 by The American Business Awards, won the People's Choice Stevie Award for Favorite Security Solution, was selected as "Favorite BYOD Security Solution" by UP-START, ranked highest in Customer Satisfaction in the Forrester Wave Report, was deemed "positive" in the Gartner WAM Report, and was recognized as a "visionary" provider in the latest Gartner Authentication Magic Quadrant.#

All product and company names herein may be trademarks of their registered owners.

More Stories By Xenia von Wedel

Xenia von Wedel is a Tech blogger and Enterprise Media Consultant in Mountain View, serving clients in a variety of industries worldwide. She is focused on thought leadership content creation and syndication, media outreach and strategy. She mainly writes about Enterprise, B2B solutions, social media and open source software, but throws the occasional oddball into the mix. Buy her a coffee if you like her article: http://xeniar.tip.me

@ThingsExpo Stories
SYS-CON Events announced today that Bsquare has been named “Silver Sponsor” of SYS-CON's @ThingsExpo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. For more than two decades, Bsquare has helped its customers extract business value from a broad array of physical assets by making them intelligent, connecting them, and using the data they generate to optimize business processes.
I'm a lonely sensor. I spend all day telling the world how I'm feeling, but none of the other sensors seem to care. I want to be connected. I want to build relationships with other sensors to be more useful for my human. I want my human to understand that when my friends next door are too hot for a while, I'll soon be flaming. And when all my friends go outside without me, I may be left behind. Don't just log my data; use the relationship graph. In his session at @ThingsExpo, Ryan Boyd, Engi...
SYS-CON Events announced today that Pulzze Systems will exhibit at the 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. Pulzze Systems, Inc. provides infrastructure products for the Internet of Things to enable any connected device and system to carry out matched operations without programming. For more information, visit http://www.pulzzesystems.com.
SYS-CON Events announced today that Commvault, a global leader in enterprise data protection and information management, has been named “Bronze Sponsor” of SYS-CON's 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. Commvault is a leading provider of data protection and information management solutions, helping companies worldwide activate their data to drive more value and business insight and to transform moder...
Fact is, enterprises have significant legacy voice infrastructure that’s costly to replace with pure IP solutions. How can we bring this analog infrastructure into our shiny new cloud applications? There are proven methods to bind both legacy voice applications and traditional PSTN audio into cloud-based applications and services at a carrier scale. Some of the most successful implementations leverage WebRTC, WebSockets, SIP and other open source technologies. In his session at @ThingsExpo, Da...
Almost two-thirds of companies either have or soon will have IoT as the backbone of their business in 2016. However, IoT is far more complex than most firms expected. How can you not get trapped in the pitfalls? In his session at @ThingsExpo, Tony Shan, a renowned visionary and thought leader, will introduce a holistic method of IoTification, which is the process of IoTifying the existing technology and business models to adopt and leverage IoT. He will drill down to the components in this fra...
The vision of a connected smart home is becoming reality with the application of integrated wireless technologies in devices and appliances. The use of standardized and TCP/IP networked wireless technologies in line-powered and battery operated sensors and controls has led to the adoption of radios in the 2.4GHz band, including Wi-Fi, BT/BLE and 802.15.4 applied ZigBee and Thread. This is driving the need for robust wireless coexistence for multiple radios to ensure throughput performance and th...
Enterprise IT has been in the era of Hybrid Cloud for some time now. But it seems most conversations about Hybrid are focused on integrating AWS, Microsoft Azure, or Google ECM into existing on-premises systems. Where is all the Private Cloud? What do technology providers need to do to make their offerings more compelling? How should enterprise IT executives and buyers define their focus, needs, and roadmap, and communicate that clearly to the providers?
SYS-CON Events announced today that SoftLayer, an IBM Company, has been named “Gold Sponsor” of SYS-CON's 18th Cloud Expo, which will take place on June 7-9, 2016, at the Javits Center in New York, New York. SoftLayer, an IBM Company, provides cloud infrastructure as a service from a growing number of data centers and network points of presence around the world. SoftLayer’s customers range from Web startups to global enterprises.
There is little doubt that Big Data solutions will have an increasing role in the Enterprise IT mainstream over time. Big Data at Cloud Expo - to be held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA - has announced its Call for Papers is open. Cloud computing is being adopted in one form or another by 94% of enterprises today. Tens of billions of new devices are being connected to The Internet of Things. And Big Data is driving this bus. An exponential increase is...
DevOps at Cloud Expo, taking place Nov 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA, is co-located with 19th Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world. The widespread success of cloud computing is driving the DevOps revolution in enterprise IT. Now as never before, development teams must communicate and collaborate in a dynamic, 24/7/365 environment. There is no time to wait for long dev...
Digital innovation is the next big wave of business transformation based on digital technologies of which IoT and Big Data are key components, For example: Business boundary innovation is a challenge to excavate third-party business value using IoT and BigData, like Nest Business structure innovation may propose re-building business structure from scratch, as Uber does in the taxicab industry The social model innovation is also a big challenge to the new social architecture with the design fr...
Data is an unusual currency; it is not restricted by the same transactional limitations as money or people. In fact, the more that you leverage your data across multiple business use cases, the more valuable it becomes to the organization. And the same can be said about the organization’s analytics. In his session at 19th Cloud Expo, Bill Schmarzo, CTO for the Big Data Practice at EMC, will introduce a methodology for capturing, enriching and sharing data (and analytics) across the organizati...
IoT is fundamentally transforming the auto industry, turning the vehicle into a hub for connected services, including safety, infotainment and usage-based insurance. Auto manufacturers – and businesses across all verticals – have built an entire ecosystem around the Connected Car, creating new customer touch points and revenue streams. In his session at @ThingsExpo, Macario Namie, Head of IoT Strategy at Cisco Jasper, will share real-world examples of how IoT transforms the car from a static p...
The many IoT deployments around the world are busy integrating smart devices and sensors into their enterprise IT infrastructures. Yet all of this technology – and there are an amazing number of choices – is of no use without the software to gather, communicate, and analyze the new data flows. Without software, there is no IT. In this power panel at @ThingsExpo, moderated by Conference Chair Roger Strukhoff, panelists will look at the protocols that communicate data and the emerging data analy...
SYS-CON Events announced today that China Unicom will exhibit at the 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. China United Network Communications Group Co. Ltd ("China Unicom") was officially established in 2009 on the basis of the merger of former China Netcom and former China Unicom. China Unicom mainly operates a full range of telecommunications services including mobile broadband (GSM, WCDMA, LTE F...
The Transparent Cloud-computing Consortium (abbreviation: T-Cloud Consortium) will conduct research activities into changes in the computing model as a result of collaboration between "device" and "cloud" and the creation of new value and markets through organic data processing High speed and high quality networks, and dramatic improvements in computer processing capabilities, have greatly changed the nature of applications and made the storing and processing of data on the network commonplace.
Video experiences should be unique and exciting! But that doesn’t mean you need to patch all the pieces yourself. Users demand rich and engaging experiences and new ways to connect with you. But creating robust video applications at scale can be complicated, time-consuming and expensive. In his session at @ThingsExpo, Zohar Babin, Vice President of Platform, Ecosystem and Community at Kaltura, will discuss how VPaaS enables you to move fast, creating scalable video experiences that reach your...
Big Data has been changing the world. IoT fuels the further transformation recently. How are Big Data and IoT related? In his session at @BigDataExpo, Tony Shan, a renowned visionary and thought leader, will explore the interplay of Big Data and IoT. He will anatomize Big Data and IoT separately in terms of what, which, why, where, when, who, how and how much. He will then analyze the relationship between IoT and Big Data, specifically the drilldown of how the 4Vs of Big Data (Volume, Variety,...
If you’re responsible for an application that depends on the data or functionality of various IoT endpoints – either sensors or devices – your brand reputation depends on the security, reliability, and compliance of its many integrated parts. If your application fails to deliver the expected business results, your customers and partners won't care if that failure stems from the code you developed or from a component that you integrated. What can you do to ensure that the endpoints work as expect...