Welcome!

Cloud Security Authors: Craig Lowell, Pat Romanski, Shelly Palmer, Ed Featherston, Elizabeth White

Related Topics: @CloudExpo, Java IoT, Linux Containers, Cloud Security

@CloudExpo: Blog Post

Enterprises Can Abandon Their On-Premises Hardware & Servers, Embrace BYOD

RSA Interview with Craig Lund, Chief Executive Officer at SecureAuth

Thanks for taking the time to answer my questions. Please tell us, what is SecureAuth Corporation all about and what do you do?

Craig Lund: SecureAuth provides 2-Factor Access Control to all industries, extending to mobile, cloud, web, and network resources. We have developed a range of products that enable two-factor authentication, single sign-on, and identity management services on-premises or hosted on the cloud. Our main product, SecureAuth IdP, can deploy into virtually any environment, facilitates flexible authentication via our 20+ authentication mechanisms, asserts identities to all applications through SSO, and provides help desk and user management services, including logging and auditing, 1-Touch Revocation, and self-service password reset.

SecureAuth set out to fix common authentication problems, and by designing our solution scalable and with the future in mind, we have been able to adapt to all movements away from VPNs and hard tokens, and into cloud and mobile business without requiring major adjustments.

Our solution enables any organization to become its own Identity Provider (IdP), maintaining internal control of identities and access, while enabling uncomplicated access for employees, partners, contractors, and customers.

What are you launching at RSA?

Lund: At RSA 2014, SecureAuth will be unveiling its 100% cloud-based authentication solution, 2-Factor as a Service (2FaaS). Hosted in the infinitely scalable Google Apps Engine, any organization can deploy two-factor authentication for all of its users, especially customers. 2FaaS accepts any identity and authenticates via SMS, Telephony, and E-mail One-time Passwords (OTPs), and our patent-pending, low-friction Device Fingerprinting to ensure secure access to web and mobile applications.

With 2FaaS, organizations can abandon their on-premises hardware and servers, embrace BYOD, and implement confident security into their corporate resources without ever storing user information or passwords on the cloud.

The biggest challenge for us in telling the 2FaaS story is assuring customers that their data remains secure even with a cloud-hosted solution. In a post-PRISM world, organizations are rightfully cautious about utilizing cloud resources to access confidential data. We are no longer tied to desktops and web servers that rest securely in our protected networks; we employ mobile devices and communicate and work within applications that are open to the world.

However, 2FaaS is unique in its architecture. It deploys within individual applications without requiring any identity provisioning. It simply conducts the authentication without any passwords or personal profile information required. Because this seems impossible, conveying this message to others has been difficult; but we are steadily acquiring believers.

Who is your target audience and how do you intend to reach them? What is the biggest challenge you face right now in telling your story and winning over new clients?

Lund: SecureAuth's target audience for 2FaaS is organizations that require customers to access their resources. Because this solution requires no identity provisioning, hardware, or thick clients, and can be utilized by any user on any device, the lightweight authentication is ideal for users outside of internal networks.

The biggest challenge for us in telling the 2FaaS story is assuring customers that their data remains secure even with a cloud-hosted solution. 2FaaS is unique in its architecture as it deploys within individual applications without requiring any identity provisioning. It simply conducts the authentication without any passwords or personal profile information required. Because this seems impossible, conveying this message to others has been difficult; but we are steadily acquiring believers.

I'd be curious to hear any general thoughts you have on market trends...

Lund: The trend is now moving away from traditional networks and enforcement points and toward applications and browsers. There are ways to safely and easily access any application from any glass, so why go through a traditional VPN? Google has proven this model to work quite well. It's the future.

What is the viral aspect of your product?

Lund: 2FaaS is a drop-in solution for applications with a simple web redirect to our service. We don't duplicate the users' PII in the cloud like other solutions. Our phone is ringing off the hook from ISPs and enterprises looking to protect their users' PII. We are a true B2C BYOD solution because we don't need to control the end point; we are all server side code.

What's the business model? How will you make money?

Lund: We sell a per user/per year subscription through a direct sales channel and also through traditional security resellers, like Fishnet and Accuvant. We also sell through an OEM and white label model where SecureAuth is invisible to the user of a branded product or service.

Who are your competitors?

Lund: It is cliché to say we have no competitors but there really is no other integrated solution that combines two-factor authentication, identity federation, Identity management, and mobile security all in a single platform that deploys out-of-the-box. We do have competitors in targeted point solutions like RSA, Okta, and Ping Identity.

How do you differentiate from your competitors?

Lund: Our competitors specialize in one area; SecureAuth specializes in four. We have the most flexible strong authentication, the most extensive federation, have expanded further into mobile security than anyone else, and include IdM tools, including cost-saving and effective user self-services. And we achieve all of that in a single product, whereas our competitors would require third-party tools and extensive professional services to attempt tie together several products to achieve the same functionality as SecureAuth.

How does your technology differentiate from the competition and can you elaborate on the different technology deployed?

Lund: SecureAuth has been awarded numerous patents and has several more pending. Our technologies on X.509 delivery, authentication, and revocation; secure mobile access; and two-factor-to-SSO architecture have launched our products to the top of the market, while our technologies on user-device registration have resulted in major customer wins.

Device Fingerprinting is a unique technology that comes with SecureAuth IdP and SecureAuth 2FaaS. The system pulls unique characteristics from mobile or desktop devices, and maps them to users in the enterprise directory. This enables low-friction subsequent authentication as the SecureAuth solution recognizes the device and authenticates via the fingerprint rather than requiring an OTP or token. This enables high security with no user friction - a true BYOD solution.

What business or technology could yours disrupt?

Lund: SecureAuth's technology has the potential to eliminate traditional authentication and point-solutions by deploying a company portal protected by SecureAuth wherein the enterprise does not need a traditional VPN to provide secure access to any application for employees, partners, contractors, and customers. By designing an adaptable and modern solution that facilitates convenient authentication and identity federation for all resources with a single license, products that cover only one aspect of enterprise security or require high-friction workflows (hard tokens, thick clients, etc.) do not make sense anymore.

Who founded the company, when? What can you tell me about the story of the company's founding?

Lund: I founded SecureAuth with my technical co-founder, Garret Grajek, whom I met back in the early days of IAM at Netegrity. We worked together again at IBM where I ran the security sales teams for the Americas, and through numerous customer interactions it became clear to us that a browser-based authentication solution that integrated with identity and federation tools was the future. Seemed logical to us that if you were going to federate an identity, shouldn't you be really sure who they are first? And yet there wasn't a solution that combined authentication and federation/assertions, thus SecureAuth was born.

What is your distribution model? Where to buy your product?

Lund: SecureAuth sells directly and through the channel. The product can be purchased directly via contact with the SecureAuth Sales team or through any one of SecureAuth's certified resellers.

What's next on your product roadmap?

Lund: It's all about mobile - any device to any application. We also continue to add new authentication methods to our workflow funnel as new threats emerge.

Are you targeting a first VC round? If yes when and what will you use the funds for?

Lund: We have raised 21 million to date. Our two largest investors are Toba Capital led by Vinnie Smith, and Allen Miner of Sunbridge.

How much money is being sought?

Lund: We are projecting cash flow positive in 2014 while maintaining our streak of 100% growth. So for us it's not a question of raising money for ongoing operations, but rather, do we want to do a very large raise with a top tier VC to push for more than 100% growth? Those discussions are ongoing.

What else would you like to add?

Lund: It's a great time to be in the IT security business. The market is very receptive to effective, innovative, cost-effective solutions. I love going to work every day.

Partnerships, collaborations or affiliations:

Lund: FishNet Security, Unisys, Accuvant

Federal or state grants, contracts or awards received:

Lund: SecureAuth was awarded the Stevie Award for "Fastest-Growing Company" in 2012 by The American Business Awards, won the People's Choice Stevie Award for Favorite Security Solution, was selected as "Favorite BYOD Security Solution" by UP-START, ranked highest in Customer Satisfaction in the Forrester Wave Report, was deemed "positive" in the Gartner WAM Report, and was recognized as a "visionary" provider in the latest Gartner Authentication Magic Quadrant.#

All product and company names herein may be trademarks of their registered owners.

More Stories By Xenia von Wedel

Xenia von Wedel is a Tech blogger and Enterprise Media Consultant in Mountain View, serving clients in a variety of industries worldwide. She is focused on thought leadership content creation and syndication, media outreach and strategy. She mainly writes about Enterprise, B2B solutions, social media and open source software, but throws the occasional oddball into the mix. Buy her a coffee if you like her article: http://xeniar.tip.me

@ThingsExpo Stories
Early adopters of IoT viewed it mainly as a different term for machine-to-machine connectivity or M2M. This is understandable since a prerequisite for any IoT solution is the ability to collect and aggregate device data, which is most often presented in a dashboard. The problem is that viewing data in a dashboard requires a human to interpret the results and take manual action, which doesn’t scale to the needs of IoT.
Internet of @ThingsExpo has announced today that Chris Matthieu has been named tech chair of Internet of @ThingsExpo 2016 Silicon Valley. The 6thInternet of @ThingsExpo will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA.
SYS-CON Events announced today the Enterprise IoT Bootcamp, being held November 1-2, 2016, in conjunction with 19th Cloud Expo | @ThingsExpo at the Santa Clara Convention Center in Santa Clara, CA. Combined with real-world scenarios and use cases, the Enterprise IoT Bootcamp is not just based on presentations but with hands-on demos and detailed walkthroughs. We will introduce you to a variety of real world use cases prototyped using Arduino, Raspberry Pi, BeagleBone, Spark, and Intel Edison. Y...
Much of IT terminology is often misused and misapplied. Modernization and transformation are two such terms. They are often used interchangeably even though they mean different things and have very different connotations. Indeed, it is somewhat safe to assume that in IT any transformative effort is likely to also have a modernizing effect, and thus, we can see these as levels of improvement efforts. However, many businesses are being led to believe if they don’t transform now they risk becoming ...
CenturyLink has announced that application server solutions from GENBAND are now available as part of CenturyLink’s Networx contracts. The General Services Administration (GSA)’s Networx program includes the largest telecommunications contract vehicles ever awarded by the federal government. CenturyLink recently secured an extension through spring 2020 of its offerings available to federal government agencies via GSA’s Networx Universal and Enterprise contracts. GENBAND’s EXPERiUS™ Application...
What does it look like when you have access to cloud infrastructure and platform under the same roof? Let’s talk about the different layers of Technology as a Service: who cares, what runs where, and how does it all fit together. In his session at 18th Cloud Expo, Phil Jackson, Lead Technology Evangelist at SoftLayer, an IBM company, spoke about the picture being painted by IBM Cloud and how the tools being crafted can help fill the gaps in your IT infrastructure.
SYS-CON Events announced today that LeaseWeb USA, a cloud Infrastructure-as-a-Service (IaaS) provider, will exhibit at the 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. LeaseWeb is one of the world's largest hosting brands. The company helps customers define, develop and deploy IT infrastructure tailored to their exact business needs, by combining various kinds cloud solutions.
The best-practices for building IoT applications with Go Code that attendees can use to build their own IoT applications. In his session at @ThingsExpo, Indraneel Mitra, Senior Solutions Architect & Technology Evangelist at Cognizant, provided valuable information and resources for both novice and experienced developers on how to get started with IoT and Golang in a day. He also provided information on how to use Intel Arduino Kit, Go Robotics API and AWS IoT stack to build an application tha...
Whether your IoT service is connecting cars, homes, appliances, wearable, cameras or other devices, one question hangs in the balance – how do you actually make money from this service? The ability to turn your IoT service into profit requires the ability to create a monetization strategy that is flexible, scalable and working for you in real-time. It must be a transparent, smoothly implemented strategy that all stakeholders – from customers to the board – will be able to understand and comprehe...
It’s 2016: buildings are smart, connected and the IoT is fundamentally altering how control and operating systems work and speak to each other. Platforms across the enterprise are networked via inexpensive sensors to collect massive amounts of data for analytics, information management, and insights that can be used to continuously improve operations. In his session at @ThingsExpo, Brian Chemel, Co-Founder and CTO of Digital Lumens, will explore: The benefits sensor-networked systems bring to ...
"Tintri was started in 2008 with the express purpose of building a storage appliance that is ideal for virtualized environments. We support a lot of different hypervisor platforms from VMware to OpenStack to Hyper-V," explained Dan Florea, Director of Product Management at Tintri, in this SYS-CON.tv interview at 18th Cloud Expo, held June 7-9, 2016, at the Javits Center in New York City, NY.
Identity is in everything and customers are looking to their providers to ensure the security of their identities, transactions and data. With the increased reliance on cloud-based services, service providers must build security and trust into their offerings, adding value to customers and improving the user experience. Making identity, security and privacy easy for customers provides a unique advantage over the competition.
SYS-CON Events announced today that Venafi, the Immune System for the Internet™ and the leading provider of Next Generation Trust Protection, will exhibit at @DevOpsSummit at 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. Venafi is the Immune System for the Internet™ that protects the foundation of all cybersecurity – cryptographic keys and digital certificates – so they can’t be misused by bad guys in attacks...
Is your aging software platform suffering from technical debt while the market changes and demands new solutions at a faster clip? It’s a bold move, but you might consider walking away from your core platform and starting fresh. ReadyTalk did exactly that. In his General Session at 19th Cloud Expo, Michael Chambliss, Head of Engineering at ReadyTalk, will discuss why and how ReadyTalk diverted from healthy revenue and over a decade of audio conferencing product development to start an innovati...
For basic one-to-one voice or video calling solutions, WebRTC has proven to be a very powerful technology. Although WebRTC’s core functionality is to provide secure, real-time p2p media streaming, leveraging native platform features and server-side components brings up new communication capabilities for web and native mobile applications, allowing for advanced multi-user use cases such as video broadcasting, conferencing, and media recording.
Large scale deployments present unique planning challenges, system commissioning hurdles between IT and OT and demand careful system hand-off orchestration. In his session at @ThingsExpo, Jeff Smith, Senior Director and a founding member of Incenergy, will discuss some of the key tactics to ensure delivery success based on his experience of the last two years deploying Industrial IoT systems across four continents.
There will be new vendors providing applications, middleware, and connected devices to support the thriving IoT ecosystem. This essentially means that electronic device manufacturers will also be in the software business. Many will be new to building embedded software or robust software. This creates an increased importance on software quality, particularly within the Industrial Internet of Things where business-critical applications are becoming dependent on products controlled by software. Qua...
"There's a growing demand from users for things to be faster. When you think about all the transactions or interactions users will have with your product and everything that is between those transactions and interactions - what drives us at Catchpoint Systems is the idea to measure that and to analyze it," explained Leo Vasiliou, Director of Web Performance Engineering at Catchpoint Systems, in this SYS-CON.tv interview at 18th Cloud Expo, held June 7-9, 2016, at the Javits Center in New York Ci...
SYS-CON Events has announced today that Roger Strukhoff has been named conference chair of Cloud Expo and @ThingsExpo 2016 Silicon Valley. The 19th Cloud Expo and 6th @ThingsExpo will take place on November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. "The Internet of Things brings trillions of dollars of opportunity to developers and enterprise IT, no matter how you measure it," stated Roger Strukhoff. "More importantly, it leverages the power of devices and the Interne...
The Internet of Things will challenge the status quo of how IT and development organizations operate. Or will it? Certainly the fog layer of IoT requires special insights about data ontology, security and transactional integrity. But the developmental challenges are the same: People, Process and Platform. In his session at @ThingsExpo, Craig Sproule, CEO of Metavine, demonstrated how to move beyond today's coding paradigm and shared the must-have mindsets for removing complexity from the develo...