View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Software
April 8, 2010

Q&A with Andrew Henderson, MD of GrIDsure

Andrew Henderson, authentication software vendor GrIDsure’s new managing director, talks to CBR about the challenges facing him and the wider industry.

By Steve Evans

Q. You’ve been in the role for nearly two months now. What are the targets for your first year in the job?
A. The main focus is broadening out sales. We’ve made hits in banking, healthcare and local government and want to broaden out. The challenge is understanding why a local authority would want to use authentication software and why it would want to use us.

Q. And what’s the answer to that?
A. Local governments need to save money. There is a project in Northern Ireland to encourage home working – there are less seats and desks than there are civil servants, which saves on building and travel costs. They are combining lots of buildings into one – if you want to into work, you go to the nearest office and log in. This creates a huge need for people to authenticate themselves. How does the back end system know it’s me who is logging in? GrIDsure is entirely software-based; it sits on top of the active directory so a lot of the management costs associated with things like tokens just aren’t there. It’s a much more cost effective solution. It’s a secure, one-time password system, which a lot of people are now used to using in the office.

Q. So how does it know that you are the right person it’s authenticating?
A. Your username has to be entered and the back end system is looking for a particular sequence of numbers, a sequence that only you know because you’ve set the pattern. It’s a shared system between me and the back end system. The one-time password is adequate for most corporates.

Q. If you are looking to branch further into the public sector area, what are the main adoption drivers for your technology there?
A. Compliance is a big driver. There is requirement for councils to ensure that anyone accessing council data remotely is doing it in a secure manor. If not, there are fines levied not against the council but against the designated officer in charge. Once a couple of fines are handed out by the government then everyone will take it a bit more seriously.

Q. But isn’t that the sort of thing that companies should be doing anyway?
A. It is, and you’d expect most councils to comply anyway. But we have to understand what the drivers are that make potential customers want to buy our product. The drivers for home working, and the technologies that people use to access information – netbooks, PDAs and so on – make it much easier to access this information than five or 10 years ago. People tend not to think ‘how do I secure it?’ That tends to be an add on.

Q. Does the increase in home workers and mobile devices present you guys with any additional challenges?
A. Only in the sense that anyone wanting to develop software that works across all operating system has to do a development for each OS, and you don’t know which OSes will be around in five years time.

Q. What about people using their own mobile devices – such as phones or the iPad – for work?
A. If a worker is using a device that the IT department has not purchased to access the company’s systems, that is a concern. You don’t want to open your corporate network up to anyone. With home working a number of companies are now giving their employees money to buy a device. You have to ensure that only the right person is coming into your network – that’s where GrIDsure comes in. It authenticates the user and device – whether bought by the company or not.

Content from our partners
Unlocking growth through hybrid cloud: 5 key takeaways
How businesses can safeguard themselves on the cyber frontline
How hackers’ tactics are evolving in an increasingly complex landscape

Q. Single sign on may be seen as quite a narrow approach. Does GrIDsure have any plans to widen its scope to include more general security products?
A. We’re very much focused on authentication at the moment. There are no plans, but who knows in a couple of years time where we’ll be? Perhaps we’ll be a wider IT security house through a number of products or firms we’ve bought. It’s just guesswork, but maybe we’ll run a managed service for every Facebook user to come to us to get their password.

Q. Do you think you’ll be an acquisition target for one of the bigger security houses?
A. In that sense, the world is our oyster. Logically speaking the answer is yes, but that’s a long way down the line. The target at the moment is to grow the customer base.


Carousel image courtesy of Max (Tj), Flickr, CC licence.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.