Welcome!

Security Authors: Elizabeth White, Liz McMillan, Vormetric Blog, Trevor Parsons, Peter Dyer

Related Topics: Security, Wireless, Cloud Expo

Security: Blog Post

BYOD Security Issues – Solved with Appthority SaaS

Security Chat with Domingo Guerra, president and co-founder of Appthority

Thanks for taking the time to answer my questions. Please tell us, what is Appthority all about and what do you do?

Guerra: Appthority is an app risk management company with a Software-as-a-Service solution that analyzes mobile apps for hidden behaviors that pose privacy and security risks. Our main customers are large organizations and we provide them with the first all-in-one App Risk Management service to uncover the hidden actions of apps and enable enterprises to create custom policies to prevent unwanted app behaviors. Appthority combines the largest global database of analyzed public and private apps with advanced policy management tools to automate control over risky app actions to protect corporate data on company-issued and BYOD mobile phones as employees bring their own apps to work.

With the shift from desktop computing to mobile spurring the rise of the BYOD, BYOApps, and Mobile First movements, people are mixing personal and corporate data on their mobile devices. This has created enormous security and privacy implications. Since 91% of apps lack encryption and 79% can access corporate data, there is obviously the potential for serious problems. Appthority enables organizations to prevent risky apps from entering the workplace while still enabling the workforce to leverage their mobile devices to their maximum potential.

What's new in terms of products?

Guerra: We just announced several key upgrades to the Appthority Service. We've done a lot of market research and IT and security administrators are really interested in being able to construct highly customizable policies. The upgrades to the Appthority Service improve workflow processes in a number of ways: It provides support for multiple app allowance policies simultaneously - by company department, by geography or even by device type - whether company or employee owned. This includes approving and enforcing custom, acceptable use polices at scale, to supporting the creation and implementation of multiple group and role-based policies. An enforcement workflow (do x for y days, then to z for n days, when a specific risky behavior is detected) is now also available. Finally, we've added additional rules and detection for cloud-based file storage violations, which are a big worry for companies trying to protect their IP.

The biggest challenge we face now in winning over new clients is a lack of awareness of the challenge of protecting and securing organizations and their employees from risky mobile app behavior. Most customers are aware of the malware risks on the Android OS, however, some organizations are not aware that there are many other risks beyond malware from a privacy, security and data management perspective that affect iOS and the Android OS.

Who is your target audience and how do you intend to reach them?

Guerra: Our target audiences are Chief Information and Security Officers of Fortune 500 companies who are building mobile risk management policies, as well as IT Administrators responsible for their organization's Mobile Device Management (MDM).

I'd be curious to hear any general thoughts you have on market trends...

Guerra: According to Gartner, by 2015, the number of employees using mobile applications in the workplace will double. More organizations are adopting a Mobile First strategy, to support employees who are using the mobile device as their primary computer more and more. Employees are, on average, downloading 50-200 apps from the millions of apps in the global app ecosystem onto devices that are connecting to the corporate network. The cost and complexity of manually managing app risk policy functions is enormous, so there is a strong need for technology that can mitigate the risks apps bring into the enterprise.

What is the viral aspect of your product?

Guerra: There are millions of apps in the app ecosystem and even more if you consider that each version of an app is a net-new app. Keeping adequate coverage and analysis of all of the apps out there is a huge task. The Appthority Service integrates directly into the top MDMs, which gives us a huge mobile footprint. As a result, any time an employee anywhere in the world downloads a new app or a new version to an existing app, our system gets immediately notified and processes the app for analysis. The viral effect is that when other employees, even if they work at different companies, download that same app, our system will already have the analysis complete and IT administrators can rest easy knowing that our database with over 2 million apps stays relevant and always up-to-date.

What's the business model? How will you make money?

Guerra: Appthority's solution is delivered as Software-as-a-Service. It is subscription-based in which we charge per device / per month.

Who are your competitors?

Guerra: There are other security companies that focus on mobile risk, however most only focus on malware and thus on Android. Other vendors focus only on app vulnerabilities, (programing mistakes), but these are short-sighted approaches, as most of the enterprise risks in mobile apps are from behaviors the developer incorporated into the app by design. Only Appthority was built from the ground up to focus on iOS and Android and analyze apps for total risk with respect to risky security behaviors and risky privacy behaviors as well as malware.

How do you differentiate from your competitors?

Guerra: The Appthority Mobile App Risk Management Service integrates with MDM technology to automatically identify risky behaviors in mobile apps and grant employees access to the apps they can securely use. We are the only service to automate an otherwise manual process to reduce risk and costs so our customers can leverage mobility and empower a smarter, safer and more productive mobile workforce.

How does your technology differentiate from the competition and can you elaborate on the different technology deployed?

Guerra: Appthority is the first and only product available today that acts as a truly actionable and fully automated app risk management service, including app reputation (risky behavior) analysis and policy management in an entirely integrated platform. Appthority's policy management innovation is the next step in the evolution of App Risk Management - from discovering and analyzing risky app behaviors to automated enforcement capabilities.

With Appthority, IT Administrators responsible for their organization's Mobile Device Management (MDM) program are able to know the risky app behaviors present on employees' managed devices within minutes. They can then create custom policies based on their organization's unique risk profile. Using Appthority's analysis, IT administrators can now also take the next step of creating custom and unique app enforcement and remediation policies for all devices under management. This includes generating blacklists and whitelists that auto-populate based on the behavior of new apps entering the environment.

What business or technology could yours disrupt?

Guerra: Many companies today are following one of three models when it comes to mobile security. A number of companies aren't doing anything - they are still hanging onto their Blackberries, but are doing their homework as iOS and Android phones sneak onto the network. Next are the companies using containers, which are seen as essential by really early adopters and big financial firms, but the productivity and usability impact on users is so dramatic that the longevity of this approach is questionable. Finally, there are companies using Mobile Device Management (MDM) solutions, which while it is undoubtedly here to stay, MDMs can't look into the risky behaviors within an app, which is where all the risks lie.

This is where Appthority comes in. By integrating with MDMs and enterprise app stores, Appthority provides companies with the comprehensive solution needed to protect corporate data while allowing employees the freedom to use their smart phones or tablets for work.

Who founded the company, when? What can you tell me about the story of the company's founding?

Guerra: My cofounders Kevin Watkins, Anthony Bettini, and I founded the company in early 2011 to create a safer enterprise mobile environment. Our founding team saw IT's frustration in dealing with CoIT (Consumerization of IT) and the BYOD (Bring Your Own Device) movement, where organizations struggled with the loss of control, visibility and security coverage of some of their most valuable data. Through early interaction with enterprise customers, eager to find a solution to their mobile IT woes, Appthority stepped up to the challenge and envisioned a world where IT could embrace, rather than fear, mobile devices and the many advantages of a mobile workforce. And just like that, Mobile App Risk Management was born. After nearly a year of stealth-mode development, we launched The Appthority Platform at the 2012 RSA Conference Innovation Sandbox where Appthority was named "The Most Innovative Company of RSA Conference 2012."

What is your distribution model? Where to buy your product?

Guerra: Our distribution model is diverse, from direct via our sales organization to VARs, to system integrators to carriers. Our product is available worldwide and available in seven languages, though our focus is on Fortune 500 companies in the U.S. that have deployed an EMM / MDM solution.

What's next on your product roadmap?

Guerra: We will continue to add more customizable features to the Appthority Portal as customers become more sophisticated with their mobile risk management processes. We are seeing a lot of growth from early adopters making their way to other enterprise accounts and it's exciting to offer customization and automation that fits customers' diverse mobile app security needs.

What else would you like to add?

Guerra: As we see apps power the Internet of Things, there are now apps in cars, televisions and refrigerators. Just like with mobile devices, apps are empowering other economies that will thrive and create opportunity for developers as well. However, it is important to learn from the mobile app security issues we've seen to-date and start early with embedded apps as the Internet of Things booms.

Partnerships, collaborations or affiliations: Our most critical technology partners are AirWatch, Apperian, and MobileIron. For the consumer market, we are partnered with carriers like Swisscom.

Federal or state grants, contracts or awards received: Appthority is a current finalist for four industry awards: Global Mobile Awards 2014 Finalist for Best Enterprise Mobile Service; SC Magazine Awards 2014 Finalist for Rookie Security Company of the Year; 2013 SINET 16 Innovator; Tech Trailblazers Finalist 2014 - Mobile.

Market size being pursued: By 2015: Enterprise mobile app development is an $8B/year market and the enterprise mobile device management market (includes MDM, EMM, MAM, Containers, etc.) is a $9B/year market. Appthority plays in both markets.

Is the company profitable? As a privately held company, Appthority does not release revenue information.

Appthority's App Risk Management service automates discovering the hidden behaviors of millions of apps and allowing the apps that employees can securely use. Only Appthority combines the largest global database of millions of analyzed public and enterprise apps with a policy management engine to speed app review and approval and enforce custom, acceptable use polices for thousands of employees within minutes. With unprecedented visibility and control over risky app behaviors, Appthority enables companies to leverage mobility and empower a smarter, safer, mobile workforce. Headquartered in San Francisco, Appthority is venture-backed by U.S. Venture Partners (USVP) and Venrock. More information on Appthority can be found at https://www.appthority.com.

All product and company names herein may be trademarks of their registered owners.

More Stories By Xenia von Wedel

Xenia von Wedel, Tech blogger and SVP of Transform PR/San Francisco- Mountain View. She mainly writes about B2B solutions, social media and open source software. Transform Public Relations is a full-service PR agency, serving clients in a variety of industries worldwide. The agency is focused on thought leadership content creation and syndication, media outreach and strategy. Buy her a coffee if you like her article: http://xeniar.tip.me

@ThingsExpo Stories
The Industrial Internet revolution is now underway, enabled by connected machines and billions of devices that communicate and collaborate. The massive amounts of Big Data requiring real-time analysis is flooding legacy IT systems and giving way to cloud environments that can handle the unpredictable workloads. Yet many barriers remain until we can fully realize the opportunities and benefits from the convergence of machines and devices with Big Data and the cloud, including interoperability, data security and privacy.
Things are being built upon cloud foundations to transform organizations. This CEO Power Panel at 15th Cloud Expo, moderated by Roger Strukhoff, Cloud Expo and @ThingsExpo conference chair, addressed the big issues involving these technologies and, more important, the results they will achieve. Rodney Rogers, chairman and CEO of Virtustream; Brendan O'Brien, co-founder of Aria Systems, Bart Copeland, president and CEO of ActiveState Software; Jim Cowie, chief scientist at Dyn; Dave Wagstaff, VP and chief architect at BSQUARE Corporation; Seth Proctor, CTO of NuoDB, Inc.; and Andris Gailitis, C...
Since 2008 and for the first time in history, more than half of humans live in urban areas, urging cities to become “smart.” Today, cities can leverage the wide availability of smartphones combined with new technologies such as Beacons or NFC to connect their urban furniture and environment to create citizen-first services that improve transportation, way-finding and information delivery. In her session at @ThingsExpo, Laetitia Gazel-Anthoine, CEO of Connecthings, will focus on successful use cases.
The Internet of Things will greatly expand the opportunities for data collection and new business models driven off of that data. In her session at @ThingsExpo, Esmeralda Swartz, CMO of MetraTech, discussed how for this to be effective you not only need to have infrastructure and operational models capable of utilizing this new phenomenon, but increasingly service providers will need to convince a skeptical public to participate. Get ready to show them the money!
The 3rd International Internet of @ThingsExpo, co-located with the 16th International Cloud Expo - to be held June 9-11, 2015, at the Javits Center in New York City, NY - announces that its Call for Papers is now open. The Internet of Things (IoT) is the biggest idea since the creation of the Worldwide Web more than 20 years ago.
The industrial software market has treated data with the mentality of “collect everything now, worry about how to use it later.” We now find ourselves buried in data, with the pervasive connectivity of the (Industrial) Internet of Things only piling on more numbers. There’s too much data and not enough information. In his session at @ThingsExpo, Bob Gates, Global Marketing Director, GE’s Intelligent Platforms business, to discuss how realizing the power of IoT, software developers are now focused on understanding how industrial data can create intelligence for industrial operations. Imagine ...
The Internet of Things is tied together with a thin strand that is known as time. Coincidentally, at the core of nearly all data analytics is a timestamp. When working with time series data there are a few core principles that everyone should consider, especially across datasets where time is the common boundary. In his session at Internet of @ThingsExpo, Jim Scott, Director of Enterprise Strategy & Architecture at MapR Technologies, discussed single-value, geo-spatial, and log time series data. By focusing on enterprise applications and the data center, he will use OpenTSDB as an example t...
Today’s enterprise is being driven by disruptive competitive and human capital requirements to provide enterprise application access through not only desktops, but also mobile devices. To retrofit existing programs across all these devices using traditional programming methods is very costly and time consuming – often prohibitively so. In his session at @ThingsExpo, Jesse Shiah, CEO, President, and Co-Founder of AgilePoint Inc., discussed how you can create applications that run on all mobile devices as well as laptops and desktops using a visual drag-and-drop application – and eForms-buildi...
There is no doubt that Big Data is here and getting bigger every day. Building a Big Data infrastructure today is no easy task. There are an enormous number of choices for database engines and technologies. To make things even more challenging, requirements are getting more sophisticated, and the standard paradigm of supporting historical analytics queries is often just one facet of what is needed. As Big Data growth continues, organizations are demanding real-time access to data, allowing immediate and actionable interpretation of events as they happen. Another aspect concerns how to deliver ...
The 3rd International Internet of @ThingsExpo, co-located with the 16th International Cloud Expo - to be held June 9-11, 2015, at the Javits Center in New York City, NY - announces that its Call for Papers is now open. The Internet of Things (IoT) is the biggest idea since the creation of the Worldwide Web more than 20 years ago.
Scott Jenson leads a project called The Physical Web within the Chrome team at Google. Project members are working to take the scalability and openness of the web and use it to talk to the exponentially exploding range of smart devices. Nearly every company today working on the IoT comes up with the same basic solution: use my server and you'll be fine. But if we really believe there will be trillions of these devices, that just can't scale. We need a system that is open a scalable and by using the URL as a basic building block, we open this up and get the same resilience that the web enjoys.
In their session at @ThingsExpo, Shyam Varan Nath, Principal Architect at GE, and Ibrahim Gokcen, who leads GE's advanced IoT analytics, focused on the Internet of Things / Industrial Internet and how to make it operational for business end-users. Learn about the challenges posed by machine and sensor data and how to marry it with enterprise data. They also discussed the tips and tricks to provide the Industrial Internet as an end-user consumable service using Big Data Analytics and Industrial Cloud.
How do APIs and IoT relate? The answer is not as simple as merely adding an API on top of a dumb device, but rather about understanding the architectural patterns for implementing an IoT fabric. There are typically two or three trends: Exposing the device to a management framework Exposing that management framework to a business centric logic Exposing that business layer and data to end users. This last trend is the IoT stack, which involves a new shift in the separation of what stuff happens, where data lives and where the interface lies. For instance, it's a mix of architectural styles ...
Technology is enabling a new approach to collecting and using data. This approach, commonly referred to as the "Internet of Things" (IoT), enables businesses to use real-time data from all sorts of things including machines, devices and sensors to make better decisions, improve customer service, and lower the risk in the creation of new revenue opportunities. In his General Session at Internet of @ThingsExpo, Dave Wagstaff, Vice President and Chief Architect at BSQUARE Corporation, discuss the real benefits to focus on, how to understand the requirements of a successful solution, the flow of ...
Cloud Expo 2014 TV commercials will feature @ThingsExpo, which was launched in June, 2014 at New York City's Javits Center as the largest 'Internet of Things' event in the world.
"People are a lot more knowledgeable about APIs now. There are two types of people who work with APIs - IT people who want to use APIs for something internal and the product managers who want to do something outside APIs for people to connect to them," explained Roberto Medrano, Executive Vice President at SOA Software, in this SYS-CON.tv interview at Cloud Expo, held Nov 4–6, 2014, at the Santa Clara Convention Center in Santa Clara, CA.
Performance is the intersection of power, agility, control, and choice. If you value performance, and more specifically consistent performance, you need to look beyond simple virtualized compute. Many factors need to be considered to create a truly performant environment. In his General Session at 15th Cloud Expo, Harold Hannon, Sr. Software Architect at SoftLayer, discussed how to take advantage of a multitude of compute options and platform features to make cloud the cornerstone of your online presence.
In this Women in Technology Power Panel at 15th Cloud Expo, moderated by Anne Plese, Senior Consultant, Cloud Product Marketing at Verizon Enterprise, Esmeralda Swartz, CMO at MetraTech; Evelyn de Souza, Data Privacy and Compliance Strategy Leader at Cisco Systems; Seema Jethani, Director of Product Management at Basho Technologies; Victoria Livschitz, CEO of Qubell Inc.; Anne Hungate, Senior Director of Software Quality at DIRECTV, discussed what path they took to find their spot within the technology industry and how do they see opportunities for other women in their area of expertise.
Wearable devices have come of age. The primary applications of wearables so far have been "the Quantified Self" or the tracking of one's fitness and health status. We propose the evolution of wearables into social and emotional communication devices. Our BE(tm) sensor uses light to visualize the skin conductance response. Our sensors are very inexpensive and can be massively distributed to audiences or groups of any size, in order to gauge reactions to performances, video, or any kind of presentation. In her session at @ThingsExpo, Jocelyn Scheirer, CEO & Founder of Bionolux, will discuss ho...
DevOps Summit 2015 New York, co-located with the 16th International Cloud Expo - to be held June 9-11, 2015, at the Javits Center in New York City, NY - announces that it is now accepting Keynote Proposals. The widespread success of cloud computing is driving the DevOps revolution in enterprise IT. Now as never before, development teams must communicate and collaborate in a dynamic, 24/7/365 environment. There is no time to wait for long development cycles that produce software that is obsolete at launch. DevOps may be disruptive, but it is essential.