Email – ZIVVER’s CEO Rick Goud would not be the first to emphasise – is fundamentally insecure. But with all but the most security-conscious unlikely to swap it outright for alternative channels anytime soon, this Dutch startup founder is trying to work with change-averse human nature as it is.
“We started with full integration into the Microsoft Office suite, and basically we’ve disguised ourselves as email, so people don’t need to change the way they are working”, he tells Computer Business Review.
His company (backed to the tune of $12 million by London-based VC firm Dawn Capital in a Series A funding round late last year) offers a cloud-based SaaS that aims to bolster email and file transfer security, with services including encrypted file transfer and its USP: machine learning-powered guidance designed to pre-empt the human errors responsible for the vast majority of data breaches, via a range of real-time prompts.
Using APIs and plentiful encryption it essentially works behind the on-premise and cloud versions of Office 365 to add additional security to emails; running ML over their content and attachments to flag to users if their outgoing email features personal information, has been inappropriately cc’d, etc.
It may not be glamorous, but it has been welcomed: having made aggressive inroads into the Dutch public sector market in just 24 months (securing 2,700 customers including 40 percent of Dutch hospitals and 30 percent of Dutch local government), ZIVVER now has its eye firmly on expansion into the UK.
ZIVVER Signed Up UK Channel Partners This Month
The company earlier this month signed up RnD Systems Integration and C-STEM as channel partners/resellers, as well as distributor Progress Technology Services, as it launches in the UK market, aiming to replicate Dutch success.
“Our route to market in the UK is primarily through the channel,” said Darren Parker, EMEA Channel Manager at ZIVVER. “By also partnering with cyber security-focused distributor Progress, this solid channel structure gives us the support, expertise and scalability we require to grow quickly in the UK.”
Goud, who has a PhD from the University of Amsterdam in “computerized decision support in healthcare” told Computer Business Review: “We’ve disguised ourselves as email, but because we use different technology – fully API-based – we can add value that would not be possible with normal emails, because the SMP protocol’s very poor and very old.
“But by disguising ourselves as email we can leverage value by, while people are typing, real-time we classify what are people are doing: is it medical, is it legal, is it financial, does it contain social security numbers, credit card numbers (we check this inside attachments too)?”
“And we look at who you are sending it to.
“With those facts we can basically do three types of things: we can say ‘hey, your attachment A or B contains a lot of social security numbers. Are you sure you want to share that and are you aware that it’s sensitive?
“The second is security measures. So if you said ‘hey, I’m five minutes late’ it might not need to be encrypted, per se. But if it is medical information leaving your organisation, we can make sure it is encrypted and ideally protected with two-factor authentication. The third is recipient: if we regularly share medical data on a day-to-day basis, it’s normal behaviour. But if we suddenly see someone sharing medical data with someone they haven’t before, we give feedback while they are typing on that basis: confirming it is the right recipient, the right content and the right security measures.”
None of that data is available to ZIVVER itself, he emphasises, with particularl types of encryption used to ensure that only the (intended) sender and recipients can read the secure messages sent via its platform, with neither the user’s password nor the user’s private encryption key ever stored. (The company details its other security measures in a whitepaper here).
Goud’s firm is, as in Holland, initially targeting the healthcare market (guilty of most end-user error-driven data breaches, according to Kroll last year), but is also sees scope for business growth in financial services.
It can operate on multiple clouds, with the requirement that data centres are in Europe, ISO27001 compliant, etc. and a G-Suite version is coming “this quarter” as well, Goud promises, touting a mobile application, server-side “linking possibilities” and reasonably priced subscription offering (“for large organisations, over 10,000 seats, around £1-£2 per month”).
Whether his team can crack the UK remains to be seen, but as Goud puts it: “We want to demonstrate that we’re not just a Dutch healthcare practice, so we decided to target three new markets – finance, legal and insurance – and three new countries: Germany, Belgium and the UK.”
With regulators getting ever tougher on GDPR breaches, he thinks ZIVVER might just be the right product at the right time.