No More Passwords
company by Dave Szymanski | Tampa Bay Editor
Ceelox Corp. offers a way for CEOs to secure sensitive information in computers by using fingerprint identification technology.
Banks, hospitals and a host of companies in many industries have sensitive information on customers and other data they have to protect.
But with the advent of the laptop, flash memory devices and other portable data tools, information travels sometimes to places that companies don't want.
In the past year, the Veteran's Administration lost a laptop and with it, valuable private patient health care data.
Losing data can be more than just dangerous. It is also expensive and can undermine consumer confidence. Customers will be more hesitant to entrust a company with investments and finances if they lose their information. (Ask credit card companies burned by hackers.)
"One hundred million plus flash memory devices were sold in the United States last year," says Gerry Euston, CEO of Tampa's Ceelox Corp., a software firm. "With each one of those, if I'm a chief information officer, those have to keep me up at night. People can download information. There's very little security and most of those devices have no good encryption on them."
Ceelox's solution: Secure the information through fingerprint identification, not written passwords, which hackers often figure out.
"A guy in our office can hack into files in less than five minutes," Euston says. "It's very easy to hack a password. Using fingerprint biometrics, it provides options for the user."
The industry is called "biometrics," the ability to identify a computer user with physical characteristics. It isn't the stuff of James Bond movies anymore.
Ceelox, founded in 2003, has been researching and developing its software for three years. It took its software products, including Ceelox Vault and Ceelox ID, to market last year.
Besides securing files, Ceelox also secures emails for companies.
As the fingerprint technology becomes more popular, laptop manufactures are now starting to build fingerprint ID pads into computers.
Ceelox's growth strategy is a mix of direct sales and distribution through third parties such as systems integrators, software vendors and value-added resellers.
Its primary growth has been through third parties, given its focus on highly regulated markets such as banks, utilities, health care and government.
Today, most of Ceelox's customers, about 50, are banks. It wants to be much more active in that market and should still be in it in five years, Euston says.
It also wants to expand into the utilities industry, which is government-regulated and holds a lot of private customer data. The Kissimmee Utilities Authority uses Ceelox ID software.
Later this year, it will also be shifting its focus down market to introduce its products to small and mid-sized businesses, primarily professional services such as law, accounting and doctor's offices.
These are businesses that require higher levels of security in file, folder and email encryption but may have been unable to afford it, either because of the up-front purchase and implementation prices charged by others or ongoing maintenance costs.
Ceelox ID enrolls a new employee's fingerprint by doing several scans of two or more fingers. When it gets sufficient data on each enrolled finger, it builds a biometric template. Ceelox ID notifies the user that enrollment was successful.
Each time an employee logs on, Ceelox ID prompts the employee to authenticate by placing a finger on the fingerprint scanner. The software then compares data obtained from the fingerprint scan to the employee's data file. If the two sets of data match, Ceelox ID grants access. Ceelox ID installs on a network server or single personal computer.
Euston came on as CEO in July 2006. Ceelox followed a fairly typical technology startup pattern. Its vision was too broad. It explored digital-rights media for a short time before focusing down on the enterprise marketplace.
"That's our sweet spot now," Euston says.
Last year was the first year Ceelox sold its product. This year, it expects revenue to climb 15 to 20 times as fast.
"One of the things that attracted me to Ceelox was that I felt like I was at the bottom of a very tall mountain," Euston says. "Consumers are starting to use it."
All development of the software is done in Tampa. It has outsourced some programming, but not the core technology.
Some of the paybacks to clients include the elimination of password management. One IRS official told Ceelox he used 15 to 20 passwords at work, some of which he couldn't always remember. So he wrote them down, which creates a security weakness. Some change every six weeks to 90 days.
It also lowers help desk costs. U.S. companies are spending hundreds of millions of dollars on help desks, with the average cost of one call at about $38.
"If you can replace them with a stronger solution, you eliminate the overhead," Euston says. "It pays back."
A growing market
Ceelox joins an industry with new and established players.
GuardianEdge, based in San Francisco, is a security software company that does end-point data protection. It has been around for more than 10 years and the last couple of years, with a transformation of new leadership, has gone from a small enterprise software shop to provider of solutions to many companies. It now has about 700 active enterprise customers.
Many of its clients are financial services, government agencies and health care companies. Like Ceelox's clients, they are concerned about data loss and data leakage.
Users have to get data on and off machines. Companies want to control it. So the companies want the data encrypted.
California legislators passed a law mandating that if companies lost customers personal information, they need to disclose that to all parties potentially affected. That means staffing a help desk and other costs, which total about $200 per record. With hundreds of thousands of records, that adds up for companies. Thirty-nine other states adopted similar laws.
There are projections for one billion Windows-based laptops to be in circulation by the middle of this year. And the advent of smartphones means there is another device that can carry critical information. So encryption has become more important.
"It is a substantial and fast-growing market," says Joseph Gow, senior director of product management for GuardianEdge.
"No CFO wants to read about loss of data on the front of the New York Times," says Andy Kicklighter, director of product marketing for GuardianEdge. "This is first and foremost a business problem. But you're asking your tech people to make sure the risk is mitigated. Biometrics will play a role in the solution."
Here is a summary of Ceelox's products:
• Ceelox ID: Authenticates users via biometrics before allowing access to personal computers, files, external drives and networks.
• Ceelox Vault: Portable, fast, drag and drop file and folder encryption and decryption capabilities for your desktop or laptop computer, flash memory drive or portable hard disk drive.
• Ceelox ID Online: Secures and manages user access to internet sites or networks using biometric authentication. Fingerprint-enabled layered encryption authentication for Web sites and networks.
• Ceelox SecureMail: Encrypts electronic mail exchanged over a network or the Internet which includes an Outlook plug-in.
• K[id]: Deploys fingerprint identification to authenticate and protect parents and children in childcare environments and facilities.
Company: Ceelox Corp.
Industry: Computer encryption software
Key: Secure computer-based information for companies.