Remotium, a startup helping companies support bring-your-own-device policies, is proving that BYOD is top of mind for everyone. It won the most innovative startup award at the Innovation Sandbox competition at the computer security-oriented RSA conference in San Francisco today.
During the competition, RSA organizers showed the audience a series of word clouds reflecting the keywords used in contest submissions from 2008 to today. In the beginning everyone was worried about compliance, but quickly after 2011, the words cloud, mobile, and BYOD got bigger and bigger.
The sophistication of attacks is also increasing, making security an ever-greater concern for every company.
“The people we had to worry about were almost experimenters,” said Hugh Thompson, the chief security strategist at Bluecoat Systems and an RSA organizer, at the RSA Innovation Sandbox today. “If you look at the attackers today, they’re different.”
BYOD makes the risk even greater. You’ve been living under a rock if you didn’t know companies are scared about employees bringing their devices to work. A lot of people have tried to solve this problem by locking specific apps down, allowing IT staff access to specific parts of the personal device only, and providing other compliance measures.
Remotium’s approach is different, making your phone into a sort of virtual window into your work phone. Just as you might access your work computer virtually from home using a remote-access program, Remotium lets you remotely access your “work phone.”
That is, it sets up a virtual environment where all your work phone applications are. It streams any apps you use, and saves all data straight to the virtual machine. Nothing is ever stored on your actual phone, and the virtual phone apps are always controlled by the company.
However, as a business you must trust that Remotium can protect that information. If this is a huge problem, however, Remotium does have an option to move the virtual machine to your own data centers. Of course, then you wouldn’t be completely responsible for it.
RSA awarded the top prize to Remotium because it solves a problem that so many companies are dealing with today: How to manage mobile security.
What’s next for mobile tech in the enterprise? Security and BYOD are big concerns for many companies — and those topics are part of the discussion at VentureBeat’s upcoming Mobile Summit, April 1-2 in Sausalito, Calif.
Here are our top three favorite runners-up:
Wickr: Wickr is paranoid about data for you. It is afraid of what could happen if your messages, videos, photos, even voice mails are intercepted by someone who could use that data for their own gain. That’s why the founders behind Wickr created a self-destructing messaging app that is, as they call it, not a security company, but a social company with security baked right in.
It’s not like your typical Snapchat-like self-destructing app, which many think may have been the fastest growing app of 2012. Nico Sell, co-founder of Wickr, says her app actually grew faster than Snapchat in 32 countries. Your data is completely encrypted, you don’t enter any private information, your are completely anonymous except for your username, and not even Wickr knows what you’re sending. The company completely shreds any of the messages you send, so nothing is ever stored on Wickr’s servers.
“I’m trying to protect my family and friends from the Internet and the Way-back machine,” said Nico Sell, co-founder of Wickr.
Victrio: When we think of attacks on our data, we often forget about social engineering — the tactic that took down Wired reporter Mat Honan when a hacker called a customer service representatives to gain access to his accounts.
Victrio’s technology listens to your voice and saves a variety of “deep vocal tract elements” it calls a voiceprint. It associates your voiceprint with your account and if a fraudster attempts to pretend to be you, it will send a warning to the customer service representative standing between them and your account.
The dashboard a customer service representative sees displays four different levels of authentication. A bar will light up with colors. Fully green means go; partially green means it’s probably safe, but ask another security question just to be sure; yellow indicates that the representative should ask a few more questions while Victrio figures it out; and red means this is fraud.
Victrio holds a database of all the calls deemed fraudulent (if that company allows Victrio to take that data). This is where things get tricky, especially if you were wrongly deemed a fraud, though Victrio says there are ways to get “off the list.”
Nok Nok Labs: Different companies have different policies when it comes to security. If you’re a bank, you’re going to have a lot more internal security measures than the blog down the street. But every business that has its employees using the Internet is going to need to authenticate them at some point, and with people bringing their own devices into the workplace, that has become much harder than a simple username and password combination.
Nok Nok Labs isn’t creating a new technology that will take over passwords. Instead, it’s using the technology that already exists and letting your company dictate just how much of it you use. For example, if you’re a high-security business and one of your employees has a fingerprint reader installed on their computer, you might tell Nok Nok that person must scan their fingerprint to get into the system. If the device has a retina scanner, you might have that person authenticate using that piece of technology.
Depending on the company’s desires and the technology available, Nok Nok facilitates the authorization transaction. The company says it has the potential to take over passwords one day.
Other participants in the Innovation Sandbox startup competition:
Silent Circle: Similar to Wickr, Silent Circle is another encrypted messaging application that hopes to take over all of your communications apps. Created by the man who founded PGP, Phil Zimmermann, and the man who helped run the resulting company, Jon Callas, Silent Circle believes your “privacy is being abused by criminals and rogue governments.”
In your “circle,” you have a completely encrypted messaging experience that Silent Circle can’t even read. It, too, doesn’t store any information on its servers. Different than Wickr, however, you can call people and have a normal phone conversation within the circle, or buy packages that allow you to call or messages those outside the circle, those who might not even have the app downloaded. Silent Circle says this is less of a secure experience, but is more secure than using the traditional modes of communication.
Bromium: You are driving your employees to bring their own devices to work because you put so much “crap” between them and their work, according to Bromium. The security protocols, compliance measures, black lists, and more separate workers from the tools that help them be productive and it sucks.
Bromium, which has previously gotten funding from a number of well-known investors such as Andreessen-Horowitz, wants to get rid of all the barriers by pairing up each employee with a virtual machine. The “microvisor,” as Bromium calls it, is physically hooked up to each employees’ desktop and runs all activity there first to make sure its safe. It is not connected to the company’s systems, and thus anything that is unsafe is trapped on the virtual machine.
Skyhigh Networks: Skyhigh Networks is solving the problem of Shadow IT, or, in the cloud’s case, all the application employees use without permission. Skyhigh asked one of its clients, a Fortune 10 company, how many cloud apps it believed had access to or held company information. It guessed 30. Skyhigh found 500.
Not knowing where your information is on the web is incredible dangerous for a company. Skyhigh comes in and looks at all the cloud applications your employees are using and then assesses and analyzes their risk. For instance, apps that let you share files will likely have a higher risk score. It then gives your company a dashboard from which to manage those apps and keep on top of any future apps that may come into your system.
Spotflux: When you think about all of the information advertisers have about us, it often gives you the hee bee gee bees. Names, genders, political views, sexual orientations, brands liked, previous purchases, websites visited, and so much more give advertisers an extra bit of power when targeting you.
Spotflux is an app that you can download to your Mac, PC, iPhone, or Android phone that encrypts all of your traffic, and further attempts to erase your path as your surf the web. It doesn’t allow websites to access information about your computer’s location, it deletes all cookies, removes advertisements, and otherwise watches for malware.
Privatecore: If you are worried about not having physical access to those hypervisors, Privatecore created the “vCage,” which encrypts your information even if a person psychically standing next to your server takes out the memory card to copy it. It does this by encrypting the data not just while it’s being transmitted, but also while it’s being used. The technology is only available, however, on commodity x86 servers.
Light Point Security: Light Point Security also uses virtual machines, but doesn’t connect each computer to one. Instead, it believes it’s easier to manage if your company hooks up to a virtual machine they handle. It focuses, however, just on activity that happens in the browser. The company allows you to surf the Internet and perform all usual tasks, but instead of happening on the company’s network, it happens in the hypervisor where it cannot attack the network.
All images via Meghan Kelly/VentureBeat