Security worries give start-ups hope

With the hope that corporate security concerns will translate into spending, two newcomers this week will debut offerings intended to keep network intruders at bay.

With the hope that corporate security concerns will translate into spending, two newcomers this week will debut offerings intended to keep network intruders at bay.

Singlefin, a $1 million privately funded company, will offer a service that promises to scrub e-mails for viruses and keep other unwanted missives off corporate networks. Separately, Imprivata, a $13.6 million venture-backed company, will offer a gateway appliance that works with client software to let customers apply single-sign-on control over custom and Web-based applications.

The companies are entering the market at a time when security budgets are expected to increase more than overall IT spending as companies install or improve antivirus, content filtering and authentication software, and firewalls. About 40% of 225 CIOs who Morgan Stanley polled last month cited security software as their top spending priority in 2003.

Singlefin developed its own content-filtering and antispam engine, which it will sell as part of its service. Singlefin uses Sophos and Trend Micro antivirus software as part of its service, for which it charges $50 per month to process 100M bytes of data for antivirus and content-filtering, and 30 cents per megabyte over that. Singlefin will compete against service providers such as Brightmail and Postini.

The start-up also will take its content-filtering engine and collocate it on a customer’s site as an appliance and manage it remotely for $2,500 per month – dropping the per-megabyte charges.

Some early adopters of Singlefin’s service say it’s an inexpensive and highly effective way to outsource antivirus and content filtering at the gateway. Irvine, Calif., advertising firm Riechesbaird has Singlefin scan for “garbage, porn, viruses and spam,” says Trevor Seeman, the firm’s director of IT. “Last month my company got 12,000 e-mails inbound and 9,500 of them were spam. And Singlefin’s service picked up 154 viruses.”

Seeman says Singlefin provides a console to view any mail that’s filtered out so he and authorized employees can view this quarantined mail to make sure nothing important is sifted out.

Meanwhile, Imprivata, which received its investment money from Polaris, Highland Capital and General Catalyst, is targeting one of the more complicated areas of security management: setting up a way for users to gain access to applications via single sign-on identity management so users don’t have to retain multiple passwords or other credentials.

Imprivata’s OneSign product consists of the single sign-on appliance, which controls access to corporate intranet applications by checking the user’s identity, which is controlled by Imprivata client software.

“This client component basically replaces the Microsoft log-in and authentication,” says Satish Maripuri, Imprivata’s senior vice president of sales. The client can be installed to control access to desktop or network-based applications, both Web and proprietary. The single sign-on package costs $20,000 for up to 5,000 users and is expected to ship later this quarter.

“They’re competing against PassLogix, Protocom Development Systems and Bell Labs in this narrowly defined area of identity management,” says Pete Lindstrom, an analyst with Spire Security. OneSign marks the first time that single sign-on has debuted as an appliance, which often is seen as easier to deploy and manage than software-based security.

Good timing?

The Singlefin and Imprivata services and products could come at a good time as research firms such as AMR Research predict that security budgets will increase 5% this year.

Ohio Savings Bank in Cleveland plans to spend 12% more this year over last on items that include identity management, VPNs and host-based intrusion detection, says Matt Speare, director of IT risk management.

Harlan Bakeries in Avon, Ind., expects to dedicate 9% of its IT budget to security-related purchases, up $30,000 in 2003 from last year, says Thomas Wagenhauser, IT manager.

“This year we are implementing a complete 802.11b wireless network for our dry and frozen warehouses to automate picking and put-away procedures,” Wagenhauser says. “One of our biggest concerns with a wireless network is, and always will be, focused on security.”

The set of federal regulations known as the Health Insurance Portability and Accountability Act (HIPAA) is driving investment in security among healthcare companies. “A high priority is the security necessary to meet the April HIPAA privacy regulation,” says James Olson, CIO at Waterbury Hospital in Connecticut. “Our budget is up $50,000 for security.”

Gartner anticipates hardware-based appliances and managed service providers are likely to gain share in security user spending at the expense of security software vendors. For Singlefin, as a service provider of e-mail antivirus and content filtering, and Imprivata, which is beta-testing its single sign-on gateway appliance, that’s a good omen.