Cybersecurity: Securing the cloud

This article first appeared in Enterprise, The Edge Malaysia Weekly, on February 12, 2018 - February 18, 2018.

Hiring an IT professional to manage an office with five people is very expensive. It is simply overkill. > Paul

What SMEs want is for technology and security not to hinder their ability to execute their business. They want it to be simple, fast and with few overheads and low upfront costs. > Peter

-A +A

Cybercrimes such as data theft, ransomware and computer hacks are at an all-time high. If Malaysian small and medium enterprises (SMEs) do not take these threats seriously and arm themselves against them, they run a very real risk of having their key data breached, especially as more employees work remotely or offsite, says Paul Martini, CEO of Boston-based iBoss Cybersecurity.

“Malaysia is experiencing rapid growth in the establishment of high-technology companies. These companies do a lot of business outside the country. So, they will have to deal with the same issue most large organisations are facing — how to manage cybersecurity with employees working remotely,” he adds. 

While mobile devices and cloud storage have made businesses more efficient, this has also made the security process more complicated and costly. Companies have to purchase additional devices and bandwidth to handle the larger load. 

Traditionally, companies relied on external devices at a main location (or headquarters) that served as a gateway for their network, protecting them from any malware. This method used to be effective, until companies realised it was very difficult to manage. 

“Previously, the option that these companies had was to grab a box, which acted as the server, and plug it into the office. This server is responsible for data scanning, cleaning and securing. Every time the company sets up an office, it has to ship a box to the new office, find an IT person to set it up, configure it and ensure that it is working properly. This process is very inefficient,” says Paul.

“It does not help that some of these remote offices are very small. Support offices, for example, usually comprise five people. Hiring an IT professional to manage an office with five people is very expensive. It is simply overkill.” 

What companies need is a decentralised security system that can secure remote offices and mobile device users without the need to backhaul data, says Paul. When he and his twin brother Peter realised this gap, they introduced iBoss Cybersecurity, a secure web gateway (SWG) distributed as a single device engineered to provide the extensive protection required in today’s cyber landscape. 

Founded in 2003, iBoss is fully subscription-based, compared with the model offered by the big players in cybersecurity. “What SMEs want is for technology and security not to hinder their ability to execute their business. They want it to be simple, fast and with few overheads and low upfront costs. If they were to go for traditional solutions, it would cost them about US$50,000 just to buy the equipment,” says Peter.

“Whereas we offer something flexible. Depending on the size and quantity, on average, the starting price is only about US$5 per user per year, or roughly US$60 per year. This is something SMEs can afford for the sake of better security and efficiency.”

Beating the competitors 

In the early 2000s, when iBoss Cybersecurity was founded, the term “cloud computing” was not yet a buzzword. But the need was clear. Companies needed a security solution that could follow users, instead of the other way around. 

“When we saw this need, we spent about five years architecting a platform that was once in the headquarters to the cloud. We finally released our first product in 2005,” says Paul.

“That product was hardware that would redirect data traffic to the cloud to give you the same level of security that the headquarters could give. We spent another five years strengthening the design and bringing it to scale. We re-released it in 2010 and started building our global footprint.”

Today, iBoss is backed by more than 100 patents, with another 50 patents on cloud architecture and cybersecurity pending, says Paul. Looking back, it was not easy convincing clients that iBoss had what they needed, especially when companies did not even realise they had a problem, says Peter. 

“There was an article in PC Magazine in November 2005 that talked about how we pioneered security to the middle internet. At the time, the term ‘cloud’ did not really exist, so they called it ‘middle internet’.

“That was how early it was. By 2010, the term became more common, things became more connected, the iPhone was out and everybody had a smartphone in their pocket, or were getting one. That was when the need for security devices in the cloud became more of a concern and when our products started taking of,” he adds. 

Since its inception, iBoss has been bootstrapping and turning down investment offers. It finally accepted US$35 million from Goldman Sachs in 2015. “That was an important milestone for us because Goldman Sachs is actually one of the largest employers of developers and security professionals,” says Peter.

“The company has about 6,000 employees in the IT department, so it understands the industry. When it invests in a company, it really makes sure that the company passes its validation on whether the technology is viable. That is where we get credibility.”

Another reason the investment is important is that it demonstrates a shift  among large companies, where they are no longer solely trusting big brands to supply them with IT solutions, says Paul. “Nobody ever fires you for buying from big brands. If a breach happens, you will say, ‘It is not my fault. I bought the solution from this well-known brand’, and nobody will blame you. 

“But that has changed. Over the past few years, we have often heard news reports about big companies being breached even though they spent loads on the most expensive products. The breach likely happened because their employees had to backhaul data to get the corporate headquarters to run it to the legacy servers to get their data secure.”

This happens because the big brands are still insisting that companies need expensive hardware and appliances. “They are very slow at modifying their old architecture. Now, companies have realised that big brands do not necessarily work anymore. We need to find something more cutting edge, something more agile. That is where they started looking for solutions such as ours,” says Paul. 

Peter concurs. “It is kind of like the mobile phone era — 10 years ago, you either owned a Nokia or a Motorola because those were the only brands available. Everybody bought those brands. 

“Then Apple, which was not in that industry at the time, came out with the iPhone and everybody noticed that they did not need a flip phone. They needed a phone like the iPhone, which could give them everything they needed in a mobile phone plus connectivity and a better interface. That is why Apple dominates the space — they are giving customers what others can’t.”

That was the proposition iBoss offered companies to get them to shift to its brand, says Peter. Not only is iBoss offering the solution at a far cheaper rate, it can also process data in a matter of hours, versus months as is offered by the older technologies.

After successful years in the US, iBoss expanded to Europe and South America, before opening up a facility in the Philippines. iBoss is now widely available in major countries, with more than 4,000 clients around the world. 

Paul is optimistic that more companies will be open to adopting SWG in the future, especially as the concept of working in the office becomes gradually obsolete. “Today, it is all about connectivity. But efficiency does come with a risk. We are here to help mitigate the risk,” he says.