December 2013 | SafeLogic

Archive for December, 2013

30 Dec 2013

Thank You for an Amazing 2013!

RayPotter

Ray Potter

This is not your typical “CEO’s year end blog post with predictions.” This is more about introspection and gratitude. And don’t worry… I promise not to use terms like ‘synergy’ or ‘bleeding edge.’

2013 has truly been an amazing year. SafeLogic’s performance exceeded my (already very high!) expectations, which just raises the stakes for next year. We’re ready, and I’m excited. In addition to our traction with customers, here’s some other cool stuff that happened this year:

  • Launch! It’s hard to believe, but we only just came out of stealth in early March.
  • We established a rocking advisory board.
  • We participated in a number of events, including speaking at the first ever International Cryptographic Module Conference.
  • Our blog posts were relevant and published consistently. (Let’s face it, it’s easy to procrastinate those.)
  • I was interviewed by Forbes.
  • Our ‘Crypto for Constrained Devices’ talk was accepted for RSA 2014.
  • We launched a cool new product ahead of the incumbents.
  • We became the first third-party vendor to get FIPS-tested on both iOS 6 and iOS 7 (again, bye bye incumbents).

Three very simple factors brought us here:

Our awesome customers. You put your reputation in the hands of a start-up, and you built our solution into your products. Not only have you helped drive development and features, but you’ve also referred us to your colleagues and counterparts. Your feedback has been extremely valuable, and we feel lucky to work with you and help push your business forward. Thank you!

The amazing SafeLogic team. I’m impressed by all of you. You’ve worked so hard and you each bring special skills that push this company forward. Our team is driven, talented… and FUN! I really do love my SafeLogic family.

Incredible allies. I’ve been blown away by the number of folks who have helped us grow, without anything to gain personally. Complete strangers have introduced us to customers; others have offered insight on our roadmap and goals. The common theme is that they have contributed with no strings attached. Especially in the competitive landscape of Silicon Valley, it’s just stellar to see such selflessness and genuine desire to help.

2014 is right around the corner, bringing an aggressive roadmap, lots of goals, higher expectations, major productivity, and a whole lot of synergy energy. Dammit! That was close…

Let’s do this!!

– Ray

BlogFooter_Ray

23 Dec 2013

The 12 Days of Cryptmas!

CryptmasOn the first day of Cryptmas, SafeLogic gave to me:
a FIPS validated module.

On the second day of Cryptmas, SafeLogic gave to me:
two Wearables,
and a FIPS validated module.

On the third day of Cryptmas, SafeLogic gave to me:
3 mentors,
2 Wearables,
and a FIPS validated module!

On the fourth day of Cryptmas, SafeLogic gave to me:
4 RapidCerts,
3 mentors,
2 Wearables,
and a FIPS validated module!

On the fifth day of Cryptmas, SafeLogic gave to me:
iOS 7,
4 RapidCerts,
3 mentors,
2 Wearables,
and a FIPS validated module!

On the sixth day of Cryptmas, SafeLogic gave to me:
6 figure savings,
iOS 7,
4 RapidCerts,
3 mentors,
2 Wearables,
and a FIPS validated module!

On the seventh day of Cryptmas, SafeLogic gave to me:
7 tested platforms,
6 figure savings,
iOS 7,
4 RapidCerts,
3 mentors,
2 Wearables,
and a FIPS validated module!

On the eighth day of Cryptmas, SafeLogic gave to me:
8 algorithms,
7 tested platforms,
6 figure savings,
iOS 7,
4 RapidCerts,
3 mentors,
2 Wearables,
and a FIPS validated module!

On the ninth day of Cryptmas, SafeLogic gave to me:
9 phones enabled,
8 algorithms,
7 tested platforms,
6 figure savings,
iOS 7,
4 RapidCerts,
3 mentors,
2 Wearables,
and a FIPS validated module!

On the tenth day of Cryptmas, SafeLogic gave to me:
10 hacks-a-thwarted,
9 phones enabled,
8 algorithms,
7 tested platforms,
6 figure savings,
iOS 7,
4 RapidCerts,
3 mentors,
2 Wearables,
and a FIPS validated module!

On the eleventh day of Cryptmas, SafeLogic gave to me:
11 happy clients,
10 hacks-a-thwarted,
9 phones enabled,
8 algorithms,
7 tested platforms,
6 figure savings,
iOS 7,
4 RapidCerts,
3 mentors,
2 Wearables,
and a FIPS validated module!

On the twelfth day of Cryptmas, SafeLogic gave to me:
12 month reductions,
11 happy clients,
10 hacks-a-thwarted,
9 phones enabled,
8 algorithms,
7 tested platforms,
6 figure savings,
iOS 7,
4 RapidCerts,
3 mentors,
2 Wearables,
and a FIPS validated module!

Merry Cryptmas everyone!

BlogFooterWalt

19 Dec 2013

An Early Christmas Gift

It’s that magical time of year… Folks are bundled up to go caroling, there’s a Santa on every corner, and we all feel like kids again, hoping to find that special gift under the tree…

I must have been really good this year.  Because, not to brag, but I got an early present, and I don’t think you get speaking slots at the RSA Conference if you’re on the naughty list!  There wasn’t any wrapping paper, certainly no bow or ribbon, and it wasn’t even remotely close to under the tree, but this may be my best surprise of the season.  Don’t tell my kids I said that!

I am proud to announce that I will be discussing the future of security with the inimitable Whitfield Diffie, my mentor and a member of SafeLogic’s Advisory Board.  Our session is titled Crypto for Constrained Devices, and we’ll talk about unique features of cryptographic use cases for a new generation.  It is scheduled for Wednesday, February 26th at noon as a featured talk on the Security Mashup track.

RSAConference

With innovative designs for powerful yet smaller and more integrated devices, Wearables are just one of the sectors that demand special attention to security.  Mobile health initiatives, industrial embedded devices, and a litany of others ensure that our work with constrained devices will reach every person on the planet and that is simply incredible.

So please mark it on your calendar.  Come to the RSA Conference, February 24th – 28th in San Francisco, and see what we’ve got up our sleeve (and in our watches and glasses, too.)

Happy Holidays!

BlogFooter_Ray

10 Dec 2013

The DoD Doesn’t Want to “Pull a Snowden”

Let’s face it.  Few organizations address security proactively.  They do it because of a regulatory mandate, or they do it because something happened.  In the case of the federal government, sometimes both.  Without getting political on the Edward Snowden situation, he certainly made everyone to think more about security.  As a result, organizations in all industries are scrambling to ensure an insider doesn’t “Pull a Snowden” and put them at risk.  Hey, I just coined a term!

DoDlogoThe DoD is taking security seriously, so much so that it’s limiting use of smart devices until a suitable security solution is rolled out (and stay tuned… we have some exciting news there!).  Even then, it’s a phased, multi-layered approach.  Secure mobility is a dynamic and complex market; there is no silver bullet, and challenges won’t be solved overnight.  In fact, it gets worse: tomorrow’s challenges for enablement and data protection aren’t even realized yet.  When they become apparent, hot new technology will answer, but it will have to meet strict assurance requirements before it can be deployed.  A perfect storm, indeed.

Strong security, while not always glamorous, helps people stay out of the news, and that’s exactly what the DoD wants.  It goes deeper and is even more real than that: a security or data breach can mean a hit to your reputation and potentially a loss of market cap.  In the case of DoD, it can mean a loss of life.  Scary.

The DoD’s renewed commitment means substantial opportunity for mobile security solution providers.  This is good news for our industry.  Earning a piece of that pie has the opposite effect of a breach – it builds reputation and market share for your solution!  The stakes are high, but you know the hurdles and the barriers to entry.  You can’t get to the table unless you meet FIPS 140 compliance requirements.  It’s absolutely required by the DoD.  And you have to act fast.  Certain vendors have already completed their validation, more are in progress and cutting through the red tape, and some particularly smart solutions are leveraging SafeLogic’s RapidCert to ensure that they are ready and eligible to bid on these upcoming contracts.

Are you prepared for the RFPs?

BlogFooter_Ray

4 Dec 2013

It’s Shopping Season!

AmazonDroneIt’s definitely that time of year. Black Friday, then Cyber Monday… It’s Shopping Season!

I can practically hear the delivery drones buzzing overhead, bringing lots of toys for nice kids of all ages.

The naughty kids, however, are having even more fun. Cyber Monday shopping is like, well, Christmas for hackers. Pinging e-tailer servers and seeking vulnerabilities like unencrypted payment systems is even better than peeking inside advent calendars. The treasure inside is likely to be much more lucrative, you can bet on it.

The sheer number of transactions this time of year gives the advantage to the malicious, and the secretive nature of holiday presents is really just a gift to the criminals. How many times have you heard this: “Sweetie, don’t look at the credit card bill until January, I don’t want to spoil the surprise!” Well, I’ll tell you what the real surprise is – trying to identify and remember each of those umpteen line items on last month’s statement when you finally get around to reviewing it. How easy would it be to not notice a few relatively small purchases?

It’s just not reasonable to think that consumer-level audits are a reasonable level of protection. It is our responsibility to move up the stack and safeguard at the payment system level. The Payment Card Industry Data Security Standard (PCI-DSS) demands encryption for full compliance, but the program itself is not mandated by the US government and is voluntary for participation. The PCI Security Standards Council invests a lot of effort into the program and they’ve made a ton of progress, but there is still a great deal of work left to be done. For example, FIPS 140-2 completely satisfies the Data Security Standard, but is not an explicit requirement. As you well know, that leaves a lot of leeway for participants to cut corners and reach compliance while still containing vulnerabilities.

SafeLogic will be devoting resources to pursuing more accountability, higher participation, and an increase in FIPS-validated encryption in PCI-DSS in 2014, so stay tuned for more information. In the meantime, do your part as a consumer – shop with retailers who participate in PCI-DSS, review your own statements, and report any suspicious activity. The more information that you can provide to your bank or credit card provider, the better our chances will be to identify the holes in the system. We must all help fix the problem and expose potential vulnerabilities.

And if we succeed, our devious counterparts in the future will have to resort to low tech options to disrupt our holidays… like shooting down those delivery drones!

BlogFooter_Ray