Welcome!

Security Authors: Liz McMillan, Elizabeth White, James Carlini, Pat Romanski, Peter Silva

Related Topics: Cloud Expo, Java, Linux, Security

Cloud Expo: Blog Post

Enterprises Can Abandon Their On-Premises Hardware & Servers, Embrace BYOD

RSA Interview with Craig Lund, Chief Executive Officer at SecureAuth

Thanks for taking the time to answer my questions. Please tell us, what is SecureAuth Corporation all about and what do you do?

Craig Lund: SecureAuth provides 2-Factor Access Control to all industries, extending to mobile, cloud, web, and network resources. We have developed a range of products that enable two-factor authentication, single sign-on, and identity management services on-premises or hosted on the cloud. Our main product, SecureAuth IdP, can deploy into virtually any environment, facilitates flexible authentication via our 20+ authentication mechanisms, asserts identities to all applications through SSO, and provides help desk and user management services, including logging and auditing, 1-Touch Revocation, and self-service password reset.

SecureAuth set out to fix common authentication problems, and by designing our solution scalable and with the future in mind, we have been able to adapt to all movements away from VPNs and hard tokens, and into cloud and mobile business without requiring major adjustments.

Our solution enables any organization to become its own Identity Provider (IdP), maintaining internal control of identities and access, while enabling uncomplicated access for employees, partners, contractors, and customers.

What are you launching at RSA?

Lund: At RSA 2014, SecureAuth will be unveiling its 100% cloud-based authentication solution, 2-Factor as a Service (2FaaS). Hosted in the infinitely scalable Google Apps Engine, any organization can deploy two-factor authentication for all of its users, especially customers. 2FaaS accepts any identity and authenticates via SMS, Telephony, and E-mail One-time Passwords (OTPs), and our patent-pending, low-friction Device Fingerprinting to ensure secure access to web and mobile applications.

With 2FaaS, organizations can abandon their on-premises hardware and servers, embrace BYOD, and implement confident security into their corporate resources without ever storing user information or passwords on the cloud.

The biggest challenge for us in telling the 2FaaS story is assuring customers that their data remains secure even with a cloud-hosted solution. In a post-PRISM world, organizations are rightfully cautious about utilizing cloud resources to access confidential data. We are no longer tied to desktops and web servers that rest securely in our protected networks; we employ mobile devices and communicate and work within applications that are open to the world.

However, 2FaaS is unique in its architecture. It deploys within individual applications without requiring any identity provisioning. It simply conducts the authentication without any passwords or personal profile information required. Because this seems impossible, conveying this message to others has been difficult; but we are steadily acquiring believers.

Who is your target audience and how do you intend to reach them? What is the biggest challenge you face right now in telling your story and winning over new clients?

Lund: SecureAuth's target audience for 2FaaS is organizations that require customers to access their resources. Because this solution requires no identity provisioning, hardware, or thick clients, and can be utilized by any user on any device, the lightweight authentication is ideal for users outside of internal networks.

The biggest challenge for us in telling the 2FaaS story is assuring customers that their data remains secure even with a cloud-hosted solution. 2FaaS is unique in its architecture as it deploys within individual applications without requiring any identity provisioning. It simply conducts the authentication without any passwords or personal profile information required. Because this seems impossible, conveying this message to others has been difficult; but we are steadily acquiring believers.

I'd be curious to hear any general thoughts you have on market trends...

Lund: The trend is now moving away from traditional networks and enforcement points and toward applications and browsers. There are ways to safely and easily access any application from any glass, so why go through a traditional VPN? Google has proven this model to work quite well. It's the future.

What is the viral aspect of your product?

Lund: 2FaaS is a drop-in solution for applications with a simple web redirect to our service. We don't duplicate the users' PII in the cloud like other solutions. Our phone is ringing off the hook from ISPs and enterprises looking to protect their users' PII. We are a true B2C BYOD solution because we don't need to control the end point; we are all server side code.

What's the business model? How will you make money?

Lund: We sell a per user/per year subscription through a direct sales channel and also through traditional security resellers, like Fishnet and Accuvant. We also sell through an OEM and white label model where SecureAuth is invisible to the user of a branded product or service.

Who are your competitors?

Lund: It is cliché to say we have no competitors but there really is no other integrated solution that combines two-factor authentication, identity federation, Identity management, and mobile security all in a single platform that deploys out-of-the-box. We do have competitors in targeted point solutions like RSA, Okta, and Ping Identity.

How do you differentiate from your competitors?

Lund: Our competitors specialize in one area; SecureAuth specializes in four. We have the most flexible strong authentication, the most extensive federation, have expanded further into mobile security than anyone else, and include IdM tools, including cost-saving and effective user self-services. And we achieve all of that in a single product, whereas our competitors would require third-party tools and extensive professional services to attempt tie together several products to achieve the same functionality as SecureAuth.

How does your technology differentiate from the competition and can you elaborate on the different technology deployed?

Lund: SecureAuth has been awarded numerous patents and has several more pending. Our technologies on X.509 delivery, authentication, and revocation; secure mobile access; and two-factor-to-SSO architecture have launched our products to the top of the market, while our technologies on user-device registration have resulted in major customer wins.

Device Fingerprinting is a unique technology that comes with SecureAuth IdP and SecureAuth 2FaaS. The system pulls unique characteristics from mobile or desktop devices, and maps them to users in the enterprise directory. This enables low-friction subsequent authentication as the SecureAuth solution recognizes the device and authenticates via the fingerprint rather than requiring an OTP or token. This enables high security with no user friction - a true BYOD solution.

What business or technology could yours disrupt?

Lund: SecureAuth's technology has the potential to eliminate traditional authentication and point-solutions by deploying a company portal protected by SecureAuth wherein the enterprise does not need a traditional VPN to provide secure access to any application for employees, partners, contractors, and customers. By designing an adaptable and modern solution that facilitates convenient authentication and identity federation for all resources with a single license, products that cover only one aspect of enterprise security or require high-friction workflows (hard tokens, thick clients, etc.) do not make sense anymore.

Who founded the company, when? What can you tell me about the story of the company's founding?

Lund: I founded SecureAuth with my technical co-founder, Garret Grajek, whom I met back in the early days of IAM at Netegrity. We worked together again at IBM where I ran the security sales teams for the Americas, and through numerous customer interactions it became clear to us that a browser-based authentication solution that integrated with identity and federation tools was the future. Seemed logical to us that if you were going to federate an identity, shouldn't you be really sure who they are first? And yet there wasn't a solution that combined authentication and federation/assertions, thus SecureAuth was born.

What is your distribution model? Where to buy your product?

Lund: SecureAuth sells directly and through the channel. The product can be purchased directly via contact with the SecureAuth Sales team or through any one of SecureAuth's certified resellers.

What's next on your product roadmap?

Lund: It's all about mobile - any device to any application. We also continue to add new authentication methods to our workflow funnel as new threats emerge.

Are you targeting a first VC round? If yes when and what will you use the funds for?

Lund: We have raised 21 million to date. Our two largest investors are Toba Capital led by Vinnie Smith, and Allen Miner of Sunbridge.

How much money is being sought?

Lund: We are projecting cash flow positive in 2014 while maintaining our streak of 100% growth. So for us it's not a question of raising money for ongoing operations, but rather, do we want to do a very large raise with a top tier VC to push for more than 100% growth? Those discussions are ongoing.

What else would you like to add?

Lund: It's a great time to be in the IT security business. The market is very receptive to effective, innovative, cost-effective solutions. I love going to work every day.

Partnerships, collaborations or affiliations:

Lund: FishNet Security, Unisys, Accuvant

Federal or state grants, contracts or awards received:

Lund: SecureAuth was awarded the Stevie Award for "Fastest-Growing Company" in 2012 by The American Business Awards, won the People's Choice Stevie Award for Favorite Security Solution, was selected as "Favorite BYOD Security Solution" by UP-START, ranked highest in Customer Satisfaction in the Forrester Wave Report, was deemed "positive" in the Gartner WAM Report, and was recognized as a "visionary" provider in the latest Gartner Authentication Magic Quadrant.#

All product and company names herein may be trademarks of their registered owners.

More Stories By Xenia von Wedel

Xenia von Wedel, Tech blogger and SVP of Transform PR/San Francisco- Mountain View. She mainly writes about B2B solutions, social media and open source software. Transform Public Relations is a full-service PR agency, serving clients in a variety of industries worldwide. The agency is focused on thought leadership content creation and syndication, media outreach and strategy. Buy her a coffee if you like her article: http://xeniar.tip.me

@ThingsExpo Stories
"At our booth we are showing how to provide trust in the Internet of Things. Trust is where everything starts to become secure and trustworthy. Now with the scaling of the Internet of Things it becomes an interesting question – I've heard numbers from 200 billion devices next year up to a trillion in the next 10 to 15 years," explained Johannes Lintzen, Vice President of Sales at Utimaco, in this SYS-CON.tv interview at @ThingsExpo, held Nov 4–6, 2014, at the Santa Clara Convention Center in Santa Clara, CA.
The Internet of Things is a misnomer. That implies that everything is on the Internet, and that simply should not be - especially for things that are blurring the line between medical devices that stimulate like a pacemaker and quantified self-sensors like a pedometer or pulse tracker. The mesh of things that we manage must be segmented into zones of trust for sensing data, transmitting data, receiving command and control administrative changes, and peer-to-peer mesh messaging. In his session at @ThingsExpo, Ryan Bagnulo, Solution Architect / Software Engineer at SOA Software, focused on desi...
SYS-CON Events announced today that Gridstore™, the leader in hyper-converged infrastructure purpose-built to optimize Microsoft workloads, will exhibit at SYS-CON's 16th International Cloud Expo®, which will take place on June 9-11, 2015, at the Javits Center in New York City, NY. Gridstore™ is the leader in hyper-converged infrastructure purpose-built for Microsoft workloads and designed to accelerate applications in virtualized environments. Gridstore’s hyper-converged infrastructure is the industry’s first all flash version of HyperConverged Appliances that include both compute and storag...
"People are a lot more knowledgeable about APIs now. There are two types of people who work with APIs - IT people who want to use APIs for something internal and the product managers who want to do something outside APIs for people to connect to them," explained Roberto Medrano, Executive Vice President at SOA Software, in this SYS-CON.tv interview at Cloud Expo, held Nov 4–6, 2014, at the Santa Clara Convention Center in Santa Clara, CA.
"For over 25 years we have been working with a lot of enterprise customers and we have seen how companies create applications. And now that we have moved to cloud computing, mobile, social and the Internet of Things, we see that the market needs a new way of creating applications," stated Jesse Shiah, CEO, President and Co-Founder of AgilePoint Inc., in this SYS-CON.tv interview at 15th Cloud Expo, held Nov 4–6, 2014, at the Santa Clara Convention Center in Santa Clara, CA.
Today’s enterprise is being driven by disruptive competitive and human capital requirements to provide enterprise application access through not only desktops, but also mobile devices. To retrofit existing programs across all these devices using traditional programming methods is very costly and time consuming – often prohibitively so. In his session at @ThingsExpo, Jesse Shiah, CEO, President, and Co-Founder of AgilePoint Inc., discussed how you can create applications that run on all mobile devices as well as laptops and desktops using a visual drag-and-drop application – and eForms-buildi...
We certainly live in interesting technological times. And no more interesting than the current competing IoT standards for connectivity. Various standards bodies, approaches, and ecosystems are vying for mindshare and positioning for a competitive edge. It is clear that when the dust settles, we will have new protocols, evolved protocols, that will change the way we interact with devices and infrastructure. We will also have evolved web protocols, like HTTP/2, that will be changing the very core of our infrastructures. At the same time, we have old approaches made new again like micro-services...
Code Halos - aka "digital fingerprints" - are the key organizing principle to understand a) how dumb things become smart and b) how to monetize this dynamic. In his session at @ThingsExpo, Robert Brown, AVP, Center for the Future of Work at Cognizant Technology Solutions, outlined research, analysis and recommendations from his recently published book on this phenomena on the way leading edge organizations like GE and Disney are unlocking the Internet of Things opportunity and what steps your organization should be taking to position itself for the next platform of digital competition.
The 3rd International Internet of @ThingsExpo, co-located with the 16th International Cloud Expo - to be held June 9-11, 2015, at the Javits Center in New York City, NY - announces that its Call for Papers is now open. The Internet of Things (IoT) is the biggest idea since the creation of the Worldwide Web more than 20 years ago.
As the Internet of Things unfolds, mobile and wearable devices are blurring the line between physical and digital, integrating ever more closely with our interests, our routines, our daily lives. Contextual computing and smart, sensor-equipped spaces bring the potential to walk through a world that recognizes us and responds accordingly. We become continuous transmitters and receivers of data. In his session at @ThingsExpo, Andrew Bolwell, Director of Innovation for HP's Printing and Personal Systems Group, discussed how key attributes of mobile technology – touch input, sensors, social, and ...
In their session at @ThingsExpo, Shyam Varan Nath, Principal Architect at GE, and Ibrahim Gokcen, who leads GE's advanced IoT analytics, focused on the Internet of Things / Industrial Internet and how to make it operational for business end-users. Learn about the challenges posed by machine and sensor data and how to marry it with enterprise data. They also discussed the tips and tricks to provide the Industrial Internet as an end-user consumable service using Big Data Analytics and Industrial Cloud.
Building low-cost wearable devices can enhance the quality of our lives. In his session at Internet of @ThingsExpo, Sai Yamanoor, Embedded Software Engineer at Altschool, provided an example of putting together a small keychain within a $50 budget that educates the user about the air quality in their surroundings. He also provided examples such as building a wearable device that provides transit or recreational information. He then reviewed the resources available to build wearable devices at home including open source hardware, the raw materials required and the options available to power s...
Things are being built upon cloud foundations to transform organizations. This CEO Power Panel at 15th Cloud Expo, moderated by Roger Strukhoff, Cloud Expo and @ThingsExpo conference chair, addressed the big issues involving these technologies and, more important, the results they will achieve. Rodney Rogers, chairman and CEO of Virtustream; Brendan O'Brien, co-founder of Aria Systems, Bart Copeland, president and CEO of ActiveState Software; Jim Cowie, chief scientist at Dyn; Dave Wagstaff, VP and chief architect at BSQUARE Corporation; Seth Proctor, CTO of NuoDB, Inc.; and Andris Gailitis, C...
There's Big Data, then there's really Big Data from the Internet of Things. IoT is evolving to include many data possibilities like new types of event, log and network data. The volumes are enormous, generating tens of billions of logs per day, which raise data challenges. Early IoT deployments are relying heavily on both the cloud and managed service providers to navigate these challenges. In her session at Big Data Expo®, Hannah Smalltree, Director at Treasure Data, discussed how IoT, Big Data and deployments are processing massive data volumes from wearables, utilities and other machines...
"There is a natural synchronization between the business models, the IoT is there to support ,” explained Brendan O'Brien, Co-founder and Chief Architect of Aria Systems, in this SYS-CON.tv interview at the 15th International Cloud Expo®, held Nov 4–6, 2014, at the Santa Clara Convention Center in Santa Clara, CA.
SYS-CON Media announced that Splunk, a provider of the leading software platform for real-time Operational Intelligence, has launched an ad campaign on Big Data Journal. Splunk software and cloud services enable organizations to search, monitor, analyze and visualize machine-generated big data coming from websites, applications, servers, networks, sensors and mobile devices. The ads focus on delivering ROI - how improved uptime delivered $6M in annual ROI, improving customer operations by mining large volumes of unstructured data, and how data tracking delivers uptime when it matters most.
In this Women in Technology Power Panel at 15th Cloud Expo, moderated by Anne Plese, Senior Consultant, Cloud Product Marketing at Verizon Enterprise, Esmeralda Swartz, CMO at MetraTech; Evelyn de Souza, Data Privacy and Compliance Strategy Leader at Cisco Systems; Seema Jethani, Director of Product Management at Basho Technologies; Victoria Livschitz, CEO of Qubell Inc.; Anne Hungate, Senior Director of Software Quality at DIRECTV, discussed what path they took to find their spot within the technology industry and how do they see opportunities for other women in their area of expertise.
While great strides have been made relative to the video aspects of remote collaboration, audio technology has basically stagnated. Typically all audio is mixed to a single monaural stream and emanates from a single point, such as a speakerphone or a speaker associated with a video monitor. This leads to confusion and lack of understanding among participants especially regarding who is actually speaking. Spatial teleconferencing introduces the concept of acoustic spatial separation between conference participants in three dimensional space. This has been shown to significantly improve comprehe...
The Industrial Internet revolution is now underway, enabled by connected machines and billions of devices that communicate and collaborate. The massive amounts of Big Data requiring real-time analysis is flooding legacy IT systems and giving way to cloud environments that can handle the unpredictable workloads. Yet many barriers remain until we can fully realize the opportunities and benefits from the convergence of machines and devices with Big Data and the cloud, including interoperability, data security and privacy.
Performance is the intersection of power, agility, control, and choice. If you value performance, and more specifically consistent performance, you need to look beyond simple virtualized compute. Many factors need to be considered to create a truly performant environment. In his General Session at 15th Cloud Expo, Harold Hannon, Sr. Software Architect at SoftLayer, discussed how to take advantage of a multitude of compute options and platform features to make cloud the cornerstone of your online presence.