Are you starting to see the green shoots of recovery among your customers?
Yes, we saw strong sales throughout 2010. Even within the local government sector, where we have a considerable share, we have seen continued investment in security despite severe budget pressure.
How did you become interested in authentication and managed security?
I only became involved in IT security when we completed the management buyout of CRYPTOCard. I then quickly became interested in password security, and I realised the value of taking authentication to the mass market through the SaaS (Software as a Service) model.
Many IT teams are aware passwords can be a weak link in their security infrastructure. So why hasn’t every firm already implemented stronger authentication?
In the past it has been too complicated and too costly, but we have a plan to change that. First you have to ask why it’s complicated and costly. The in-house, back-end authentication server: if that goes down, nobody can do any work, so it needs managing. Then there is the cost and complexity of buying and administering tokens.
So if you want to do this stuff but don’t want cost and complexity, how do you do it? What if you don’t have to install anything? We offer a managed service that does all the back-end authentication, and integrates with what you need to integrate with in your environment – Active Directory for instance. Then the tokens we can do as iPhone tokens, or SMS tokens, or you can go tokenless, then you effectively rent it all. We’re making strong authentication easy.
How is your firm championing the need to secure cloud environments adequately?
Passwords have always been one of the weakest points for network security, and with the migration to the cloud, this has never been truer.
Last year, CRYPTOCard’s survey revealed there is a growing appetite to move to cloud-based services, with over 48% of those surveyed saying they either already used cloud services within their IT infrastructure or were planning to apply them within six months. At the same time, two-thirds of companies surveyed had not considered evaluating and mitigating network security, application security or access control for these cloud environments.
Whilst many organisations have good security policies in place, we have witnessed instances where these have been ignored or bypassed as business managers have acquired cloud applications directly.
So cloud security is the big focus today?
For companies building a portfolio of cloud, the biggest vulnerability is not where the data is stored – 99% of attackers are hitting cloud applications at log-on, finding ways of breaking the password or pretending to be a legitimate user somehow.
We see SaaS as the future for CRYPTOCard, and have invested heavily in our CRYPTOMAS managed service. Our aim is to provide service providers and systems integrators with a SaaS-based two-factor authentication solution they can easily and cost-effectively take to market to customers. We have had considerable success following the signing of HP and Virgin Media and we are looking to expand outside the UK.
We are also seeing increasing need for our solutions within military and defence requirements. For example, we are becoming an associate partner at Niteworks, an MOD/ industry collaboration that advises on applying enterprise technology to the military environment.
There’s an awful lot of hype around cloud today. Is there a risk of your message being lost in the ‘noise’?
We were one or two years early with our cloud vision, I think we recognise that. But it’s absolutely the right message now. We’re going from hearing people saying ‘that’s a nice idea’ to ‘that’s interesting’ to ‘I want to do that’. We think there is also a new wave of interest thanks to the soft token and tokenless technologies.
We’re also seeing interest growing for our grid-based authentication: this is where users are presented a different grid of characters and pick out their ‘token’ based on their own unique pattern that applies to that grid.
What is CRYPTOCard’s message to CISOs/CIOs for 2011?
Don’t forget that passwords in securing digital identities are still the weakest link in your network – particularly with the rise in cloud platforms and technology.