Access all areas
Thomas and Christian Pederson hit upon the idea behind OneLogin when they were working for Zendesk, the cloud-based customer service platform. Through talking to some of the larger clientele, they identified that although cloud solutions were helping organisations to be more versatile and efficient, they weren’t without their flaws. “Whilst all of these technologies are helping organisations to be more productive than they ever have been in the past, there are some risks associated with this,” says Daniel Power, director of EMEA at OneLogin.
One issue is that the more applications and services the average employee comes to rely upon, the more login details they are forced to remember. “When it comes to cloud services, you can end up with 100 different passwords for 100 different applications,” Power says. Another is the fact that it’s becoming increasingly hard to revoke access to services once an employee leaves the company. “When you let somebody go, you basically say ‘can I have your laptop back and can I have the keys to the offices back?’” he continues. “But obviously with the cloud, that’s much harder to address.”
OneLogin helps address both of these issues. “Firstly, it’s a single sign-in platform so we basically allow users to have a single password to access all of these services,” explains Power. Rather than having to log-in multiple times, users simply sign in a single time and gain access to all their accounts. Secondly, it allows enterprises to revoke access to applications as and when it is needed. “In laymen’s terms, OneLogin acts as a centralised killswitch,” he continues. “If somebody leaves your organisation, you can go to one place and revoke access to all of those services.”
After raising seed money from Charles River Ventures and some Silicon Valley angels, the firm has grown significantly since 2011. It counts amongst its customers companies like Netflix, the American Automobile Association, News UK and Conde Nast. And its ascent looks set to continue: Power references stats that indicate 86% of new services being developed are now being delivered via the cloud. “This means almost every organisation in the world is going to need a service like ours to be able to manage all of those services,” he says. “So from our perspective it’s a very exciting opportunity.”
A machine of one’s own
Founded by the trio of Ian Pratt, Simon Crosby and Gaurav Banga, Bromium is an excellent example of just what can be achieved when British innovation meets Silicon Valley’s ambition. “Both Simon and myself are Brits; we both used to work at the University of Cambridge,” explains Pratt. “The funding came from Cupertino but the engineering heritage is very much from Cambridge.”
A lot of cyber-security efforts are targeted at detecting threats online and terminating them before they can do any damage. “All of the existing products really rely on detection as the main means of trying to protect the system,” Pratt says. “But that of course relies on someone having seen it before and having created an appropriate signature to enable other machines to spot it.” And even once something has been identified, there is very little that stops an attacker tweaking their code so it once again evades detection.
Bromium flips this on its head. Rather than running tasks in an unsecured environment and then shutting down malicious code when it arises, Bromium creates a virtual machine – essentially a simulated computer system – for each process the user conducts. “The effect is as though you’re unwrapping a brand new computer, using it just for that task and then, as soon as you’ve finished it, throwing it away,” Pratt explains. This means malicious code can never reach the vulnerable part of the system or access sensitive data.
Already the firm has seen significant uptake amongst large organisations, from those in the intelligence community to many of the world’s top banks and insurance firms. But it has its eyes on a much broader market in the long run. “Right now we are really focusing on the people that really need it, the people that have a lot to lose,” says Pratt. “But we see this as something that will ultimately be a consumer product.”
Worth a thousand passwords
The concept for PixelPin first came when co-founder and CEO Brian Taylor was doing some consultancy work the Metropolitan Police. “He was in the black and white van and all of the police’s laptops crashed,” explains Geoff Anderson, his fellow co-founder and COO. Out came the officers’ notebooks as all involved had to feverishly look up reams of passwords and login details to get all the kit back online. “It was just an off-the-cuff thought really; ‘there has got to be a better way’,” he says. “That’s how it all came about.”
Part of the problem is passwords are often hard for people to remember but easy for machines to crack. “I always say 95% of people don’t really understand security, so giving them complexity isn’t helping them because they’ll just misuse it,” Anderson says. “Passwords are the classic one that’s misused because although theoretically it’s very strong, 95% of the population don’t use them properly.” PixelPin’s solution addresses this; users select four points on a picture, which makes it far easier to remember and yet very hard to crack.
Having obtained an £100,000 like-for-like grant and secured investment through Telefonica’s Wayra, PixelPin has been developing the product with input from some large organisations. Inevitably it has seen particular interest from fintech firms as they have significant assets to protect. The firm is currently looking to raise again and expand it’s team to deal with the demand it’s seeing. “We have a big pipeline so it’s just a question of working through it,” says Anderson.