jump to navigation

TiE Boston Mobile Security Panel Event February 10, 2012

Posted by TiE Boston- "The Network for Entrepreneurs" in Entrepreneurship, Mobile, Software & Services, Technology.
Tags: , , , , , , , , , ,
add a comment

TiE-Boston’s “Securing your Critical Mobile Applications” event was held on January 12, 2012. It featured: Hot topic, very knowledgeable panelists, and an extremely lively discussion with a focus on data security on mobile devices.

We all know the primary drivers of the problems: Bring Your Own Device (BYOD), untrusted apps on the Android marketplace and the fact that iOS is not 100% secure either – just to name a few. And what are they after? Well the obvious answers are: enterprise data, user data, payment data (bought anything on your mobile device recently?) and then there is the whole question of just plain privacy.

There are startups and big companies focused on the problem space. There are companies wrapping apps within a secure wrapper i.e. containerization, ones that separate the data and the user from the device and those that address the problem with a personas based approach (aka VMWare Horizon) to just name a few approaches. So, what remains within the problem space that still needs to be solved? Well, turns out there are plenty and the panelists with full of ideas on what next to solve. Let us talk first about some opportunities addressing specific use cases:

• Containerization of email attachments. The most used app on mobile devices is email. Email attachments constitute one of the most common threat vectors for malware entry on to a device. As it stands today, there is no widely adopted or embedded method to open all email attachments within a secure or permissions restricted container so that the actions that any potential malware can effect are limited or curtailed
• Password unlock: Today the most common way to lock a mobile device is with a pin. Innovative ways to enter the pin other than just plain from a keyboard would make it harder for malware such as key loggers to read the pin. For example, Microsoft recently announced a method by which a picture is presented to the user and a sequence of touches of specific points on the picture constitute a password that unlocks the device

Then there are the larger, broader topics that enterprises are scrambling to tackle and represent some of the larger opportunities for startups:

• Solve problems around compliance : What kinds of enterprise data can reside on the device? If it is resident on the device then is the user allowed to access it all times? What if the user is accessing the data from a public network? And what does all this mean for compliance?
• Solve problems around APTs: The user is now the new perimeter of security defense and not just the enterprise network. The footprint that an Advanced Persistent Threat (APT) can attack is now your whole employee base multiplied by the number of devices they own on average! This is a new class of attacker who is sophisticated, extremely well funded, typically with a very targeted goal and is willing to wait as long as it takes to get there. But remember, the attacker is not rewarded for finding the hardest way in but rather the easiest way in. No security measure is 100% secure. So, what can you offer that can increase the cost of intrusion?
• Device Traffic monitoring for security: What is coming in and going out of every single user’s device? What is the level of visibility that the enterprise has to this? What is the level of visibility the user has to this? What traffic behaviors can be analyzed to protect against known and zero day malware?
• Mobile+Social+Cloud : All of this exists on your device today already – Facebook Mobile+Zynga is probably the most recognizable example. How do we protect against the threat vectors that this combination opens up?
• Gamification of Enterprise mobile security: Yes, I know – this one is a little bit out there but this really could be an out of the box way to think about not just mobile security but enterprise security? What can we learn from game industry in terms of user and autonomous agent behaviors as well as incentivization and bring to the security space? Gaming+Mobile = hot space. Gaming+Mobile+User Incentivization= Security could be an interesting equation. Ash Devata might be on to something here and this may be a wonderful topic for a follow on discussion

And then as I sat there listening to the panel, I realized – wait a second, I bring MY device to the enterprise to improve MY productivity FOR the enterprise. The solution approaches are being thrust on to MY device! So, why should I not be allowed to Bring Your Own Security (BYOS)? Who is tackling the consumer mobile security problem? Something to chew on …

Panelists:
• Puneesh Chaudhry, CEO Copiun
• Todd Christy, CTO Verivo Software
• Ashok Devata, Marketing Manager Data Security, RSA Security
• Andrew Borg, Senior Research Analyst, Aberdeen Group
• Moderator: Rodney Brown, Mass High Tech

By: Vikram Venkatasubramanian

About the writer: Vikram is a TiE Boston member and security industry professional based out of the Boston area who is very interested in the mobile and virtualization security problems.

TiE Boston Launches TiE Angels Investment Group January 25, 2011

Posted by TiE Boston- "The Network for Entrepreneurs" in Angel investing, CleanTech and Energy, funding, General, Life Sciences & Healthcare, News and Views, Software & Services, Wireless & New Media.
Tags: , , , , , , , , , ,
1 comment so far

TiE Angels to Provide Entrepreneurs with Start-up Capital and Strategic Support

BOSTON, MA – January 25, 2011 – TiE Boston, a nonprofit organization that fosters entrepreneurship in the New England area, today announced the launch of TiE Angels, an angel investment group comprised of charter members of TiE Boston. TiE Angels’ mission is to provide entrepreneurs access to seed capital and ongoing strategic and operational support. Entrepreneurs are encouraged to visit TiE Angels website (www.tieangelsboston.com) to submit their business plans for investment consideration.

According to the latest Money Tree Report, venture capital funding increased by 19 percent in dollars and 12 percent in the number of deals in 2010 over the prior year, the first such annual increase since 2007. However, according to the most recent data released by the University of New Hampshire’s Center for Venture Research, angel investors across the country put much less money into startup deals during the first half of 2010 than they did in 2009 or 2008. The study found that in the first half of 2010, 65 percent of membership in angel groups were “latent” angels, or individuals who have the necessary net worth but have not made an investment — an increase of non-participation from 2009 of 54 percent and 36 percent from 2008.

“Increased VC funding is a good sign for entrepreneurs and the economy, but angel investing still hasn’t picked up yet and entrepreneurs are having a difficult time securing funding in the current economy,” said Abhishek Jain, chair of the TiE Angels steering committee. “With TiE Angels our goal is to help promising early stage companies, particularly those in the Northeast, bridge the gap between innovative ideas and successful operational companies. TiE Angels is a natural extension of TiE Boston’s primary goal of fostering entrepreneurship. Now, in addition to all of the entrepreneur-related mentoring and events TiE already provides, we are enabling start-ups to launch with initial capital.”

Members of TiE Boston include successful entrepreneurs, top executives of Fortune 500 companies, Venture Capitalists, academicians, analysts and policy makers. TiE Boston charter members have founded or head some of the best known businesses in their respective industries. The 35 founding members of TiE Angels have significant financial and experiential resources to invest in promising new ventures.

“As an investor and an entrepreneur, I’m thrilled to be part of TiE Angels to help finance, advise, and take a bet on other promising entrepreneurs in the area,” said Ramesh Motwane, TiE Angels steering committee member. “Our economy depends on the innovation and fresh ideas that entrepreneurs provide. TiE Angels’ expertise and flexible operating structure will allow us to move quickly to seed fund the next great business ideas.”

TiE Angels plans to invest in a range of early-stage companies, with priority given to those in the following sectors: healthcare, clean-tech, Internet/digital media, mobile, software, financial technology, technology-enabled services, and communications. The group expects a typical angel investment to be approximately $500,000, but they can syndicate up to $2 million.

TiE Angels aims to provide a forum for innovative companies to present their ideas and to attract funding from an accomplished group of individual investors. Entrepreneurs seeking capital may submit their plans to TiE Angels at www.tieangelsboston.com to enter the evaluation process.

For more information, visit the TiE Angels Website at: www.tieangelsboston.com
About TiE Angels
TiE Angels is an angel investment group of TiE Boston. The mission of TiE Boston is to foster entrepreneurship through Networking, Mentoring and Education. TiE plays a critical role in bringing together investors, entrepreneurs, service providers and public organizations to create an eco-system that fosters the genesis of great companies. TiE-Boston launched TiE Angels to provide entrepreneurs and start-ups with much needed seed capital and the support that they need to get to the next level. TiE Angels is governed by a Steering Committee.

TIE ANGELS is not a venture fund, an investment bank, a broker/dealer, investment clearing-house, or an Investment advisor, but rather a forum in which investors may be educated on aspects of investment and business, as well as be introduced to companies for possible investment. TIE ANGELS is not registered with the Securities Exchange Commission or any state securities commission. Each member of TIE ANGELS is responsible for his or her own investment decisions, and TIE ANGELS is not recommending any particular company for investment. Investors must conduct their own due diligence and negotiate the terms of any investment they elect to make.

Media Contacts:
John Isaf
Weber Shandwick
(617) 520-7056

Vanita Shastri
TiE Angels
(781) 272-3875

Cyber Security in the Age of the Cloud – Software and Services SIG March 30, 2010

Posted by vikram46 in Software & Services.
Tags: , , , ,
add a comment

The ‘cloud’ enables, the entrepreneur proposes and the cloud infrastructure vendor imposes might well be the key message to keep in mind as startups race to leverage the ‘the cloud’.  The panel was of the opinion that true cloud services are characterized by their elasticity, ability to handle multi-tenancy and a ‘pay by the drink’ payment model. While the much advertised advantages of the cloud provide sufficient motivation for companies large and small to look towards the cloud for various infrastructure and service needs, there is still much ambiguity about the security of data on the cloud. So, what kind of data can be stored on the cloud? What is the level of security that cloud vendors offer and what are the business implications of these security levels? What is the level of transparency that cloud vendors offer on the location and storage of the data? What liabilities do cloud vendors assume and start ups that utilize these service have to assume? These were the issues that were at the fore front of the discussions between the panelists and the audience Q&A.

The panel was composed of

Moderator
Andrew Jaquith, Senior Analyst, Forrester Research 

Panelists  
George Adams, Board Member & Former CEO SSH Communications Security, Inc., CEO, Arrowpoint 
Arabella Hallawell, Vice President of Corporate Strategy, Sophos
Michael Sutton, VP Security Research, Zscaler 
Chris Wysopal, CTO, Veracode 

As the CEO of a company that is significantly leveraging the cloud to develop and deliver our product, the following points raised by the panel were key takeaways for me: 

  • From a legal standpoint, cloud security is a white space area i.e. one where there is not much legal precedence to provide a guideline
  • If you are collecting customer data that requires you to be PCI compliant, be aware that most cloud infrastructure providers are not compliant and that the compliance may need to be an additional layer of security that your firm has to provide. So, while there may still be a strong case in favor of the cloud in terms of cost of hosting the infrastructure yourself versus using the cloud, make sure to understand closely how much more you may need to ‘pay for the same drink’ with the needed levels of security coverage
  • There are plenty of white spaces of opportunity for entrepreneurs in cloud security and security management. Examples include virtual appliances for management of multiple clouds, data security compliance, data porting from one cloud vendor to another,  etc
  • Organizations have little negotiating power with cloud infrastructure vendors. This has significant impact on everything from pricing, knowledge of where your customer’s data resides and data compliance to your service level agreements with your customers. The business models that most of these vendors operate with do not provide a strong enough business case for them to provide custom contracts especially for smaller companies
  • If it impacts your organization, take the time to understand the depth and impact of SAS 70 level 1 and 2 audits, especially if you are a time to market driven stealth mode start up

About the author: Vikram Venkatasubramanian is CEO and co-founder of SIPtopics, a stealth mode software startup company that is developing a new communications paradigm for topic based voice communications. He can be reached at vikram@siptopics.com

Follow

Get every new post delivered to your Inbox.

Join 1,033 other followers