Awareness Technologies

23 July 2010

DLP for Smartphones via the Cloud
Posted by Larry Walsh

LegiTime Technology is probably a company you've never heard of. This isn't because it doesn't make good products -- applications for authenticating and managing smartphone messages -- but rather it's a small Yankee startup. What makes LegiTime significant is its acquisition by Awareness Technologies (ATI), which plans to leverage LegiTime's technology to extend data security to smartphones.

The acquisition was announced earlier this week, and ATI is already making plans to push out its first security applications for BlackBerry devices. The company promises releases for other smartphones in the near future.

Smartphones are a stepping stone in ATI's plan to break away from its consumer roots and expand in the SMB security market. The company recently hired Ken Totura as chief channel officer. He's charged with building a partner network to resell ATI's cloud-based mashup of data loss prevention, URL filtering, traffic monitoring and laptop security (I have to explain this part later).

Full disclosure: Ken Totura is a longtime friend and is a member of the Channel Vanguard Council, a collaborative group that I chair. That said, he gets no breaks from me, and I invite criticism and critiques if anyone thinks I'm not being balanced.

Today, ATI is primarily a direct and Web-based sales model, which generates the overwhelming majority of the company's revenue. ATI want to leverage the channel to expand its current user base from 10,000 primarily small business and consumer installations to larger SMB customers. Totura says the value proposition isn't DLP or Web filtering, per se. Rather it's about providing end-user organizations with greater transparency into what users are doing on their PCs and, now, smartphones.

It's hard to fully define ATI and its products. It's definitely security, but a rather interesting amalgamation. It's started as traffic monitoring to see if PC users were surfing for porn and entertainment sites while at work. The addition of URL filtering is a nice complement to ensure both inappropriate and malicious sites are blocked. And data loss prevention is another synergistic match that keeps sensitive data from being purposely or inadvertently disclosed.

The way ATI products work is a client-cloud infrastructure. Agents installed on PCs monitor traffic and enforce data security policies. The administration and enforcement of those policies are done at ATI's data center. The end user's IT team or a managed service provider could push policy changes and generate reports through a portal to the ATI data center. Does this make it a cloud solution? That's really an issue for debate, but I would say calling it a cloud solution is a bit of a stretch. Users have the option of deploying the management end of the solution locally in their data center, which further weakens the cloud positioning.

I did say above that I would explain the laptop security aspects. Well, here it is. ATI has a LoJack-like application that locates stolen and lost laptops via their wireless and network signals. Once identified, it allows users to download data and encrypt the remaining data. A user may not retrieve the device, but he can get the data and ensure nothing is exposed (in theory). I've seen many such applications like this over the years. While the rationale is sound -- more than 30,000 laptops are lost or stolen each month in the U.S. and sensitive data falls into the wrong hands -- I've seen few end users ever get excited over similar technologies.

Totura will likely debate me on the cloud aspects of ATI's positioning, since he says that the remote management and ATI hosting of the administration functions make it easy for solution providers to sell the applications. Additionally, he says that ATI's model makes data-level security more approachable and affordable for the customer. The ATI solution is sold on a subscription at an average price of $11 per seat per month.

How partners get a cut of this action depends on their level of engagement with ATI. Totura has crafted a three-tier system for partner engagement. Solution providers can simply resell the subscriptions, perform installation and deployment support, and provide Tier 1, ongoing support and billing. The more solution providers do, the more they earn in the ATI program.

ATI is just one of several vendors pushing to get DLP and other data-aware technologies into the cloud. It believes that it's not really competing with any other DLP or Web filtering vendors because of its target market, but several other vendors -- Websense, Symantec, Code Green and Palisade Systems -- have ambitions for both cloud-based DLP and greater SMB penetration. Extending DLP to smartphone is an interesting twist, but it's likely going to develop into a battleground among all the security vendors in the near future. In security, there are few vacuums.