Enterprise security startup Bluebox takes a unique angle on mobile devices, forgoing device lockdown to secure data and applications from end to end.
Mobile, BYOD, and BYOA are the unholy trinity of headache producers for the modern chief information security officer (CISO).
Along with the potential opportunities for innovation that mobile brings, comes a deluge of budding security vulnerabilities and openings for bad guys to sneak in and steal data. Bluebox is an enterprise mobile security startup that wants to simplify the process of making mobile secure in your organization.
The company was founded by industry veterans Caleb Sima and Adam Ely in 2012, and provides technology to distribute, manage, and secure the data and the mobile apps that employees need for their jobs.
"It's not about securing devices, it's about being able to secure the data and the applications on that device," Sima said.
Bluebox secures corporate data from end to end and builds a wall of protection around the applications themselves, turning them into self-defending apps. Sima said that the market is shifting from locking down individual devices to protecting the most valuable part of the process, the data and applications.
According to the company's website, the service is held up by four, patent-pending, tech innovations:
- Data wrapping, which encrypts and protects the data on a device.
- Instant app protection, which secures and deploys corporate or public apps with no need for additional lines of code or SDKs.
- Data awareness engine, which separates corporate and personal data and provides visibility for enterprise data.
- Invisible workspace, a secure workspace made of Bluebox-approved apps that manages passwords and security policies.
One of the interesting aspects of the company is how it keeps corporate data separated from personal data on the device. This used to be accomplished with a feature called "personal mode" that allowed users to suspend their access to corporate data. Personal mode was born from Sima's desire to know if a company could read his SMS messages, or emails, or access his facebook data.
Now, however, he said that they have evolved the way they approach the work/life data divide. Bluebox can give users access to company data without having to access the user's personal data.
"Now, inside a Bluebox, the enterprise can give you access to these applications and this data without getting access or control of your device at all, period," Sima said. "Therefore, privacy and personal mode is no longer needed because it's always private and it's always personal."
Sima got his start in security early in the 1990s working on reverse engineering, writing exploits for software, and performing penetration tests. After identifying the vulnerabilities in web applications, he started the company SPI Dynamics, which was acquired by HP.
Then he went to Taipei-based Armorize, where he was introduced to some malware that would infect your laptop or desktop, late infecting and pulling data from the mobile phone you plugged into that computer. This is what got him thinking about mobile security.
At the time, co-founder Adam Ely was working as CISO at a major company and running into problems securing mobile devices. The pair put their heads together to find a solution and when they kept coming up empty, they decided to build it.
The only options they had at the time were mobile device management (MDM) solutions, but those didn't help with the security side of things and they posed some threats to employee privacy.
Immediately before founding Bluebox, Sima was working as an entrepreneur-in-residence at venture capital firm Andreessen Horowitz. It was there that he worked with Andreessen Horowitz partner Scott Weiss, who said that Bluebox is solving problems for the CISO who is concerned about where their data is and where it is going.
Weiss said that the world is moving from traditional ecosystems like Windows to Android and mobile-only or mobile/SaaS ecosystems, and hacks such as the recent one experienced by Sony are expediting the process.
Applications are replacing traditional software solutions quickly, and Weiss said that the Bluebox team timed its entrance into the market perfectly.
"The insecurity that's resident in the old patch world of the Microsoft stack, these hacks are serving to illuminate just how bad it is and hasten the move to the new paradigm," Weiss said. "And, I think that's going to put Bluebox squarely in the right place at the right time."
The company is still young, but it has good traction, even counting video streaming company Netflix among its users. For the company to continue its success and make a big impact, Weiss said that it will need to focus on two thing: Speed and simplicity.
When asked about future plans, Sima said they are working on some "very cool things," but he could not share them on the record at this time.