Click here to close now.

Welcome!

Cloud Security Authors: Elizabeth White, Pat Romanski, Liz McMillan, Harry Trott, Peter Silva

Related Topics: Cloud Security, Mobile IoT, @CloudExpo Blog

Cloud Security: Blog Post

BYOD Security Issues – Solved with Appthority SaaS

Security Chat with Domingo Guerra, president and co-founder of Appthority

Thanks for taking the time to answer my questions. Please tell us, what is Appthority all about and what do you do?

Guerra: Appthority is an app risk management company with a Software-as-a-Service solution that analyzes mobile apps for hidden behaviors that pose privacy and security risks. Our main customers are large organizations and we provide them with the first all-in-one App Risk Management service to uncover the hidden actions of apps and enable enterprises to create custom policies to prevent unwanted app behaviors. Appthority combines the largest global database of analyzed public and private apps with advanced policy management tools to automate control over risky app actions to protect corporate data on company-issued and BYOD mobile phones as employees bring their own apps to work.

With the shift from desktop computing to mobile spurring the rise of the BYOD, BYOApps, and Mobile First movements, people are mixing personal and corporate data on their mobile devices. This has created enormous security and privacy implications. Since 91% of apps lack encryption and 79% can access corporate data, there is obviously the potential for serious problems. Appthority enables organizations to prevent risky apps from entering the workplace while still enabling the workforce to leverage their mobile devices to their maximum potential.

What's new in terms of products?

Guerra: We just announced several key upgrades to the Appthority Service. We've done a lot of market research and IT and security administrators are really interested in being able to construct highly customizable policies. The upgrades to the Appthority Service improve workflow processes in a number of ways: It provides support for multiple app allowance policies simultaneously - by company department, by geography or even by device type - whether company or employee owned. This includes approving and enforcing custom, acceptable use polices at scale, to supporting the creation and implementation of multiple group and role-based policies. An enforcement workflow (do x for y days, then to z for n days, when a specific risky behavior is detected) is now also available. Finally, we've added additional rules and detection for cloud-based file storage violations, which are a big worry for companies trying to protect their IP.

The biggest challenge we face now in winning over new clients is a lack of awareness of the challenge of protecting and securing organizations and their employees from risky mobile app behavior. Most customers are aware of the malware risks on the Android OS, however, some organizations are not aware that there are many other risks beyond malware from a privacy, security and data management perspective that affect iOS and the Android OS.

Who is your target audience and how do you intend to reach them?

Guerra: Our target audiences are Chief Information and Security Officers of Fortune 500 companies who are building mobile risk management policies, as well as IT Administrators responsible for their organization's Mobile Device Management (MDM).

I'd be curious to hear any general thoughts you have on market trends...

Guerra: According to Gartner, by 2015, the number of employees using mobile applications in the workplace will double. More organizations are adopting a Mobile First strategy, to support employees who are using the mobile device as their primary computer more and more. Employees are, on average, downloading 50-200 apps from the millions of apps in the global app ecosystem onto devices that are connecting to the corporate network. The cost and complexity of manually managing app risk policy functions is enormous, so there is a strong need for technology that can mitigate the risks apps bring into the enterprise.

What is the viral aspect of your product?

Guerra: There are millions of apps in the app ecosystem and even more if you consider that each version of an app is a net-new app. Keeping adequate coverage and analysis of all of the apps out there is a huge task. The Appthority Service integrates directly into the top MDMs, which gives us a huge mobile footprint. As a result, any time an employee anywhere in the world downloads a new app or a new version to an existing app, our system gets immediately notified and processes the app for analysis. The viral effect is that when other employees, even if they work at different companies, download that same app, our system will already have the analysis complete and IT administrators can rest easy knowing that our database with over 2 million apps stays relevant and always up-to-date.

What's the business model? How will you make money?

Guerra: Appthority's solution is delivered as Software-as-a-Service. It is subscription-based in which we charge per device / per month.

Who are your competitors?

Guerra: There are other security companies that focus on mobile risk, however most only focus on malware and thus on Android. Other vendors focus only on app vulnerabilities, (programing mistakes), but these are short-sighted approaches, as most of the enterprise risks in mobile apps are from behaviors the developer incorporated into the app by design. Only Appthority was built from the ground up to focus on iOS and Android and analyze apps for total risk with respect to risky security behaviors and risky privacy behaviors as well as malware.

How do you differentiate from your competitors?

Guerra: The Appthority Mobile App Risk Management Service integrates with MDM technology to automatically identify risky behaviors in mobile apps and grant employees access to the apps they can securely use. We are the only service to automate an otherwise manual process to reduce risk and costs so our customers can leverage mobility and empower a smarter, safer and more productive mobile workforce.

How does your technology differentiate from the competition and can you elaborate on the different technology deployed?

Guerra: Appthority is the first and only product available today that acts as a truly actionable and fully automated app risk management service, including app reputation (risky behavior) analysis and policy management in an entirely integrated platform. Appthority's policy management innovation is the next step in the evolution of App Risk Management - from discovering and analyzing risky app behaviors to automated enforcement capabilities.

With Appthority, IT Administrators responsible for their organization's Mobile Device Management (MDM) program are able to know the risky app behaviors present on employees' managed devices within minutes. They can then create custom policies based on their organization's unique risk profile. Using Appthority's analysis, IT administrators can now also take the next step of creating custom and unique app enforcement and remediation policies for all devices under management. This includes generating blacklists and whitelists that auto-populate based on the behavior of new apps entering the environment.

What business or technology could yours disrupt?

Guerra: Many companies today are following one of three models when it comes to mobile security. A number of companies aren't doing anything - they are still hanging onto their Blackberries, but are doing their homework as iOS and Android phones sneak onto the network. Next are the companies using containers, which are seen as essential by really early adopters and big financial firms, but the productivity and usability impact on users is so dramatic that the longevity of this approach is questionable. Finally, there are companies using Mobile Device Management (MDM) solutions, which while it is undoubtedly here to stay, MDMs can't look into the risky behaviors within an app, which is where all the risks lie.

This is where Appthority comes in. By integrating with MDMs and enterprise app stores, Appthority provides companies with the comprehensive solution needed to protect corporate data while allowing employees the freedom to use their smart phones or tablets for work.

Who founded the company, when? What can you tell me about the story of the company's founding?

Guerra: My cofounders Kevin Watkins, Anthony Bettini, and I founded the company in early 2011 to create a safer enterprise mobile environment. Our founding team saw IT's frustration in dealing with CoIT (Consumerization of IT) and the BYOD (Bring Your Own Device) movement, where organizations struggled with the loss of control, visibility and security coverage of some of their most valuable data. Through early interaction with enterprise customers, eager to find a solution to their mobile IT woes, Appthority stepped up to the challenge and envisioned a world where IT could embrace, rather than fear, mobile devices and the many advantages of a mobile workforce. And just like that, Mobile App Risk Management was born. After nearly a year of stealth-mode development, we launched The Appthority Platform at the 2012 RSA Conference Innovation Sandbox where Appthority was named "The Most Innovative Company of RSA Conference 2012."

What is your distribution model? Where to buy your product?

Guerra: Our distribution model is diverse, from direct via our sales organization to VARs, to system integrators to carriers. Our product is available worldwide and available in seven languages, though our focus is on Fortune 500 companies in the U.S. that have deployed an EMM / MDM solution.

What's next on your product roadmap?

Guerra: We will continue to add more customizable features to the Appthority Portal as customers become more sophisticated with their mobile risk management processes. We are seeing a lot of growth from early adopters making their way to other enterprise accounts and it's exciting to offer customization and automation that fits customers' diverse mobile app security needs.

What else would you like to add?

Guerra: As we see apps power the Internet of Things, there are now apps in cars, televisions and refrigerators. Just like with mobile devices, apps are empowering other economies that will thrive and create opportunity for developers as well. However, it is important to learn from the mobile app security issues we've seen to-date and start early with embedded apps as the Internet of Things booms.

Partnerships, collaborations or affiliations: Our most critical technology partners are AirWatch, Apperian, and MobileIron. For the consumer market, we are partnered with carriers like Swisscom.

Federal or state grants, contracts or awards received: Appthority is a current finalist for four industry awards: Global Mobile Awards 2014 Finalist for Best Enterprise Mobile Service; SC Magazine Awards 2014 Finalist for Rookie Security Company of the Year; 2013 SINET 16 Innovator; Tech Trailblazers Finalist 2014 - Mobile.

Market size being pursued: By 2015: Enterprise mobile app development is an $8B/year market and the enterprise mobile device management market (includes MDM, EMM, MAM, Containers, etc.) is a $9B/year market. Appthority plays in both markets.

Is the company profitable? As a privately held company, Appthority does not release revenue information.

Appthority's App Risk Management service automates discovering the hidden behaviors of millions of apps and allowing the apps that employees can securely use. Only Appthority combines the largest global database of millions of analyzed public and enterprise apps with a policy management engine to speed app review and approval and enforce custom, acceptable use polices for thousands of employees within minutes. With unprecedented visibility and control over risky app behaviors, Appthority enables companies to leverage mobility and empower a smarter, safer, mobile workforce. Headquartered in San Francisco, Appthority is venture-backed by U.S. Venture Partners (USVP) and Venrock. More information on Appthority can be found at https://www.appthority.com.

All product and company names herein may be trademarks of their registered owners.

More Stories By Xenia von Wedel

Xenia von Wedel, Tech blogger and PR Consultant in Mountain View. She mainly writes about B2B solutions, social media and open source software. She is an SVP with a full-service PR agency, serving clients in a variety of industries worldwide. The agency is focused on thought leadership content creation and syndication, media outreach and strategy. Buy her a coffee if you like her article: http://xeniar.tip.me

@ThingsExpo Stories
"We have a tagline - "Power in the API Economy." What that means is everything that is built in applications and connected applications is done through APIs," explained Roberto Medrano, Executive Vice President at Akana, in this SYS-CON.tv interview at 16th Cloud Expo, held June 9-11, 2015, at the Javits Center in New York City.
The Internet of Things is not only adding billions of sensors and billions of terabytes to the Internet. It is also forcing a fundamental change in the way we envision Information Technology. For the first time, more data is being created by devices at the edge of the Internet rather than from centralized systems. What does this mean for today's IT professional? In this Power Panel at @ThingsExpo, moderated by Conference Chair Roger Strukhoff, panelists addressed this very serious issue of profound change in the industry.
Explosive growth in connected devices. Enormous amounts of data for collection and analysis. Critical use of data for split-second decision making and actionable information. All three are factors in making the Internet of Things a reality. Yet, any one factor would have an IT organization pondering its infrastructure strategy. How should your organization enhance its IT framework to enable an Internet of Things implementation? In his session at @ThingsExpo, James Kirkland, Red Hat's Chief Architect for the Internet of Things and Intelligent Systems, described how to revolutionize your archit...
It is one thing to build single industrial IoT applications, but what will it take to build the Smart Cities and truly society-changing applications of the future? The technology won’t be the problem, it will be the number of parties that need to work together and be aligned in their motivation to succeed. In his session at @ThingsExpo, Jason Mondanaro, Director, Product Management at Metanga, discussed how you can plan to cooperate, partner, and form lasting all-star teams to change the world and it starts with business models and monetization strategies.
To many people, IoT is a buzzword whose value is not understood. Many people think IoT is all about wearables and home automation. In his session at @ThingsExpo, Mike Kavis, Vice President & Principal Cloud Architect at Cloud Technology Partners, discussed some incredible game-changing use cases and how they are transforming industries like agriculture, manufacturing, health care, and smart cities. He will discuss cool technologies like smart dust, robotics, smart labels, and much more. Prepare to be blown away with a glimpse of the future.
Internet of Things is moving from being a hype to a reality. Experts estimate that internet connected cars will grow to 152 million, while over 100 million internet connected wireless light bulbs and lamps will be operational by 2020. These and many other intriguing statistics highlight the importance of Internet powered devices and how market penetration is going to multiply many times over in the next few years.
Internet of Things (IoT) will be a hybrid ecosystem of diverse devices and sensors collaborating with operational and enterprise systems to create the next big application. In their session at @ThingsExpo, Bramh Gupta, founder and CEO of robomq.io, and Fred Yatzeck, principal architect leading product development at robomq.io, discussed how choosing the right middleware and integration strategy from the get-go will enable IoT solution developers to adapt and grow with the industry, while at the same time reduce Time to Market (TTM) by using plug and play capabilities offered by a robust IoT ...
Today air travel is a minefield of delays, hassles and customer disappointment. Airlines struggle to revitalize the experience. GE and M2Mi will demonstrate practical examples of how IoT solutions are helping airlines bring back personalization, reduce trip time and improve reliability. In their session at @ThingsExpo, Shyam Varan Nath, Principal Architect with GE, and Dr. Sarah Cooper, M2Mi’s VP Business Development and Engineering, will explore the IoT cloud-based platform technologies driving this change including privacy controls, data transparency and integration of real time context wi...
SYS-CON Events announced today that BMC will exhibit at SYS-CON's 16th International Cloud Expo®, which will take place on June 9-11, 2015, at the Javits Center in New York City, NY. BMC delivers software solutions that help IT transform digital enterprises for the ultimate competitive business advantage. BMC has worked with thousands of leading companies to create and deliver powerful IT management services. From mainframe to cloud to mobile, BMC pairs high-speed digital innovation with robust IT industrialization – allowing customers to provide amazing user experiences with optimized IT per...
There will be 150 billion connected devices by 2020. New digital businesses have already disrupted value chains across every industry. APIs are at the center of the digital business. You need to understand what assets you have that can be exposed digitally, what their digital value chain is, and how to create an effective business model around that value chain to compete in this economy. No enterprise can be complacent and not engage in the digital economy. Learn how to be the disruptor and not the disruptee.
The Internet of Things is not only adding billions of sensors and billions of terabytes to the Internet. It is also forcing a fundamental change in the way we envision Information Technology. For the first time, more data is being created by devices at the edge of the Internet rather than from centralized systems. What does this mean for today's IT professional? In this Power Panel at @ThingsExpo, moderated by Conference Chair Roger Strukhoff, panelists will addresses this very serious issue of profound change in the industry.
Business as usual for IT is evolving into a "Make or Buy" decision on a service-by-service conversation with input from the LOBs. How does your organization move forward with cloud? In his general session at 16th Cloud Expo, Paul Maravei, Regional Sales Manager, Hybrid Cloud and Managed Services at Cisco, discusses how Cisco and its partners offer a market-leading portfolio and ecosystem of cloud infrastructure and application services that allow you to uniquely and securely combine cloud business applications and services across multiple cloud delivery models.
In his General Session at 16th Cloud Expo, David Shacochis, host of The Hybrid IT Files podcast and Vice President at CenturyLink, investigated three key trends of the “gigabit economy" though the story of a Fortune 500 communications company in transformation. Narrating how multi-modal hybrid IT, service automation, and agile delivery all intersect, he will cover the role of storytelling and empathy in achieving strategic alignment between the enterprise and its information technology.
Buzzword alert: Microservices and IoT at a DevOps conference? What could possibly go wrong? In this Power Panel at DevOps Summit, moderated by Jason Bloomberg, the leading expert on architecting agility for the enterprise and president of Intellyx, panelists peeled away the buzz and discuss the important architectural principles behind implementing IoT solutions for the enterprise. As remote IoT devices and sensors become increasingly intelligent, they become part of our distributed cloud environment, and we must architect and code accordingly. At the very least, you'll have no problem fillin...
Growth hacking is common for startups to make unheard-of progress in building their business. Career Hacks can help Geek Girls and those who support them (yes, that's you too, Dad!) to excel in this typically male-dominated world. Get ready to learn the facts: Is there a bias against women in the tech / developer communities? Why are women 50% of the workforce, but hold only 24% of the STEM or IT positions? Some beginnings of what to do about it! In her Opening Keynote at 16th Cloud Expo, Sandy Carter, IBM General Manager Cloud Ecosystem and Developers, and a Social Business Evangelist, d...
Converging digital disruptions is creating a major sea change - Cisco calls this the Internet of Everything (IoE). IoE is the network connection of People, Process, Data and Things, fueled by Cloud, Mobile, Social, Analytics and Security, and it represents a $19Trillion value-at-stake over the next 10 years. In her keynote at @ThingsExpo, Manjula Talreja, VP of Cisco Consulting Services, discussed IoE and the enormous opportunities it provides to public and private firms alike. She will share what businesses must do to thrive in the IoE economy, citing examples from several industry sectors.
In his keynote at 16th Cloud Expo, Rodney Rogers, CEO of Virtustream, discussed the evolution of the company from inception to its recent acquisition by EMC – including personal insights, lessons learned (and some WTF moments) along the way. Learn how Virtustream’s unique approach of combining the economics and elasticity of the consumer cloud model with proper performance, application automation and security into a platform became a breakout success with enterprise customers and a natural fit for the EMC Federation.
SYS-CON Events announced today that the "Second Containers & Microservices Conference" will take place November 3-5, 2015, at the Santa Clara Convention Center, Santa Clara, CA, and the “Third Containers & Microservices Conference” will take place June 7-9, 2016, at Javits Center in New York City. Containers and microservices have become topics of intense interest throughout the cloud developer and enterprise IT communities.
SYS-CON Events announced today that the "First Containers & Microservices Conference" will take place June 9-11, 2015, at the Javits Center in New York City. The “Second Containers & Microservices Conference” will take place November 3-5, 2015, at Santa Clara Convention Center, Santa Clara, CA. Containers and microservices have become topics of intense interest throughout the cloud developer and enterprise IT communities.
With major technology companies and startups seriously embracing IoT strategies, now is the perfect time to attend @ThingsExpo in Silicon Valley. Learn what is going on, contribute to the discussions, and ensure that your enterprise is as "IoT-Ready" as it can be! Internet of @ThingsExpo, taking place Nov 3-5, 2015, at the Santa Clara Convention Center in Santa Clara, CA, is co-located with 17th Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world. The Internet of Things (IoT) is the most profound change in personal an...