Welcome!

Related Topics: Cloud Security, Mobile IoT, @CloudExpo

Cloud Security: Blog Post

BYOD Security Issues – Solved with Appthority SaaS

Security Chat with Domingo Guerra, president and co-founder of Appthority

Thanks for taking the time to answer my questions. Please tell us, what is Appthority all about and what do you do?

Guerra: Appthority is an app risk management company with a Software-as-a-Service solution that analyzes mobile apps for hidden behaviors that pose privacy and security risks. Our main customers are large organizations and we provide them with the first all-in-one App Risk Management service to uncover the hidden actions of apps and enable enterprises to create custom policies to prevent unwanted app behaviors. Appthority combines the largest global database of analyzed public and private apps with advanced policy management tools to automate control over risky app actions to protect corporate data on company-issued and BYOD mobile phones as employees bring their own apps to work.

With the shift from desktop computing to mobile spurring the rise of the BYOD, BYOApps, and Mobile First movements, people are mixing personal and corporate data on their mobile devices. This has created enormous security and privacy implications. Since 91% of apps lack encryption and 79% can access corporate data, there is obviously the potential for serious problems. Appthority enables organizations to prevent risky apps from entering the workplace while still enabling the workforce to leverage their mobile devices to their maximum potential.

What's new in terms of products?

Guerra: We just announced several key upgrades to the Appthority Service. We've done a lot of market research and IT and security administrators are really interested in being able to construct highly customizable policies. The upgrades to the Appthority Service improve workflow processes in a number of ways: It provides support for multiple app allowance policies simultaneously - by company department, by geography or even by device type - whether company or employee owned. This includes approving and enforcing custom, acceptable use polices at scale, to supporting the creation and implementation of multiple group and role-based policies. An enforcement workflow (do x for y days, then to z for n days, when a specific risky behavior is detected) is now also available. Finally, we've added additional rules and detection for cloud-based file storage violations, which are a big worry for companies trying to protect their IP.

The biggest challenge we face now in winning over new clients is a lack of awareness of the challenge of protecting and securing organizations and their employees from risky mobile app behavior. Most customers are aware of the malware risks on the Android OS, however, some organizations are not aware that there are many other risks beyond malware from a privacy, security and data management perspective that affect iOS and the Android OS.

Who is your target audience and how do you intend to reach them?

Guerra: Our target audiences are Chief Information and Security Officers of Fortune 500 companies who are building mobile risk management policies, as well as IT Administrators responsible for their organization's Mobile Device Management (MDM).

I'd be curious to hear any general thoughts you have on market trends...

Guerra: According to Gartner, by 2015, the number of employees using mobile applications in the workplace will double. More organizations are adopting a Mobile First strategy, to support employees who are using the mobile device as their primary computer more and more. Employees are, on average, downloading 50-200 apps from the millions of apps in the global app ecosystem onto devices that are connecting to the corporate network. The cost and complexity of manually managing app risk policy functions is enormous, so there is a strong need for technology that can mitigate the risks apps bring into the enterprise.

What is the viral aspect of your product?

Guerra: There are millions of apps in the app ecosystem and even more if you consider that each version of an app is a net-new app. Keeping adequate coverage and analysis of all of the apps out there is a huge task. The Appthority Service integrates directly into the top MDMs, which gives us a huge mobile footprint. As a result, any time an employee anywhere in the world downloads a new app or a new version to an existing app, our system gets immediately notified and processes the app for analysis. The viral effect is that when other employees, even if they work at different companies, download that same app, our system will already have the analysis complete and IT administrators can rest easy knowing that our database with over 2 million apps stays relevant and always up-to-date.

What's the business model? How will you make money?

Guerra: Appthority's solution is delivered as Software-as-a-Service. It is subscription-based in which we charge per device / per month.

Who are your competitors?

Guerra: There are other security companies that focus on mobile risk, however most only focus on malware and thus on Android. Other vendors focus only on app vulnerabilities, (programing mistakes), but these are short-sighted approaches, as most of the enterprise risks in mobile apps are from behaviors the developer incorporated into the app by design. Only Appthority was built from the ground up to focus on iOS and Android and analyze apps for total risk with respect to risky security behaviors and risky privacy behaviors as well as malware.

How do you differentiate from your competitors?

Guerra: The Appthority Mobile App Risk Management Service integrates with MDM technology to automatically identify risky behaviors in mobile apps and grant employees access to the apps they can securely use. We are the only service to automate an otherwise manual process to reduce risk and costs so our customers can leverage mobility and empower a smarter, safer and more productive mobile workforce.

How does your technology differentiate from the competition and can you elaborate on the different technology deployed?

Guerra: Appthority is the first and only product available today that acts as a truly actionable and fully automated app risk management service, including app reputation (risky behavior) analysis and policy management in an entirely integrated platform. Appthority's policy management innovation is the next step in the evolution of App Risk Management - from discovering and analyzing risky app behaviors to automated enforcement capabilities.

With Appthority, IT Administrators responsible for their organization's Mobile Device Management (MDM) program are able to know the risky app behaviors present on employees' managed devices within minutes. They can then create custom policies based on their organization's unique risk profile. Using Appthority's analysis, IT administrators can now also take the next step of creating custom and unique app enforcement and remediation policies for all devices under management. This includes generating blacklists and whitelists that auto-populate based on the behavior of new apps entering the environment.

What business or technology could yours disrupt?

Guerra: Many companies today are following one of three models when it comes to mobile security. A number of companies aren't doing anything - they are still hanging onto their Blackberries, but are doing their homework as iOS and Android phones sneak onto the network. Next are the companies using containers, which are seen as essential by really early adopters and big financial firms, but the productivity and usability impact on users is so dramatic that the longevity of this approach is questionable. Finally, there are companies using Mobile Device Management (MDM) solutions, which while it is undoubtedly here to stay, MDMs can't look into the risky behaviors within an app, which is where all the risks lie.

This is where Appthority comes in. By integrating with MDMs and enterprise app stores, Appthority provides companies with the comprehensive solution needed to protect corporate data while allowing employees the freedom to use their smart phones or tablets for work.

Who founded the company, when? What can you tell me about the story of the company's founding?

Guerra: My cofounders Kevin Watkins, Anthony Bettini, and I founded the company in early 2011 to create a safer enterprise mobile environment. Our founding team saw IT's frustration in dealing with CoIT (Consumerization of IT) and the BYOD (Bring Your Own Device) movement, where organizations struggled with the loss of control, visibility and security coverage of some of their most valuable data. Through early interaction with enterprise customers, eager to find a solution to their mobile IT woes, Appthority stepped up to the challenge and envisioned a world where IT could embrace, rather than fear, mobile devices and the many advantages of a mobile workforce. And just like that, Mobile App Risk Management was born. After nearly a year of stealth-mode development, we launched The Appthority Platform at the 2012 RSA Conference Innovation Sandbox where Appthority was named "The Most Innovative Company of RSA Conference 2012."

What is your distribution model? Where to buy your product?

Guerra: Our distribution model is diverse, from direct via our sales organization to VARs, to system integrators to carriers. Our product is available worldwide and available in seven languages, though our focus is on Fortune 500 companies in the U.S. that have deployed an EMM / MDM solution.

What's next on your product roadmap?

Guerra: We will continue to add more customizable features to the Appthority Portal as customers become more sophisticated with their mobile risk management processes. We are seeing a lot of growth from early adopters making their way to other enterprise accounts and it's exciting to offer customization and automation that fits customers' diverse mobile app security needs.

What else would you like to add?

Guerra: As we see apps power the Internet of Things, there are now apps in cars, televisions and refrigerators. Just like with mobile devices, apps are empowering other economies that will thrive and create opportunity for developers as well. However, it is important to learn from the mobile app security issues we've seen to-date and start early with embedded apps as the Internet of Things booms.

Partnerships, collaborations or affiliations: Our most critical technology partners are AirWatch, Apperian, and MobileIron. For the consumer market, we are partnered with carriers like Swisscom.

Federal or state grants, contracts or awards received: Appthority is a current finalist for four industry awards: Global Mobile Awards 2014 Finalist for Best Enterprise Mobile Service; SC Magazine Awards 2014 Finalist for Rookie Security Company of the Year; 2013 SINET 16 Innovator; Tech Trailblazers Finalist 2014 - Mobile.

Market size being pursued: By 2015: Enterprise mobile app development is an $8B/year market and the enterprise mobile device management market (includes MDM, EMM, MAM, Containers, etc.) is a $9B/year market. Appthority plays in both markets.

Is the company profitable? As a privately held company, Appthority does not release revenue information.

Appthority's App Risk Management service automates discovering the hidden behaviors of millions of apps and allowing the apps that employees can securely use. Only Appthority combines the largest global database of millions of analyzed public and enterprise apps with a policy management engine to speed app review and approval and enforce custom, acceptable use polices for thousands of employees within minutes. With unprecedented visibility and control over risky app behaviors, Appthority enables companies to leverage mobility and empower a smarter, safer, mobile workforce. Headquartered in San Francisco, Appthority is venture-backed by U.S. Venture Partners (USVP) and Venrock. More information on Appthority can be found at https://www.appthority.com.

All product and company names herein may be trademarks of their registered owners.

More Stories By Xenia von Wedel

Xenia von Wedel is a Tech blogger and Enterprise Media Consultant in Mountain View, serving clients in a variety of industries worldwide. She is focused on thought leadership content creation and syndication, media outreach and strategy. She mainly writes about Enterprise, B2B solutions, social media and open source software, but throws the occasional oddball into the mix. Buy her a coffee if you like her article: http://xeniar.tip.me

Latest Stories
In his general session at 18th Cloud Expo, Lee Atchison, Principal Cloud Architect and Advocate at New Relic, discussed cloud as a ‘better data center’ and how it adds new capacity (faster) and improves application availability (redundancy). The cloud is a ‘Dynamic Tool for Dynamic Apps’ and resource allocation is an integral part of your application architecture, so use only the resources you need and allocate /de-allocate resources on the fly.
What happens when the different parts of a vehicle become smarter than the vehicle itself? As we move toward the era of smart everything, hundreds of entities in a vehicle that communicate with each other, the vehicle and external systems create a need for identity orchestration so that all entities work as a conglomerate. Much like an orchestra without a conductor, without the ability to secure, control, and connect the link between a vehicle’s head unit, devices, and systems and to manage the ...
Apache Hadoop is a key technology for gaining business insights from your Big Data, but the penetration into enterprises is shockingly low. In fact, Apache Hadoop and Big Data proponents recognize that this technology has not yet achieved its game-changing business potential. In his session at 19th Cloud Expo, John Mertic, director of program management for ODPi at The Linux Foundation, will explain why this is, how we can work together as an open data community to increase adoption, and the i...
If you had a chance to enter on the ground level of the largest e-commerce market in the world – would you? China is the world’s most populated country with the second largest economy and the world’s fastest growing market. It is estimated that by 2018 the Chinese market will be reaching over $30 billion in gaming revenue alone. Admittedly for a foreign company, doing business in China can be challenging. Often changing laws, administrative regulations and the often inscrutable Chinese Interne...
As ridesharing competitors and enhanced services increase, notable changes are occurring in the transportation model. Despite the cost-effective means and flexibility of ridesharing, both drivers and users will need to be aware of the connected environment and how it will impact the ridesharing experience. In his session at @ThingsExpo, Timothy Evavold, Executive Director Automotive at Covisint, will discuss key challenges and solutions to powering a ride sharing and/or multimodal model in the a...
Let’s face it, embracing new storage technologies, capabilities and upgrading to new hardware often adds complexity and increases costs. In his session at 18th Cloud Expo, Seth Oxenhorn, Vice President of Business Development & Alliances at FalconStor, discussed how a truly heterogeneous software-defined storage approach can add value to legacy platforms and heterogeneous environments. The result reduces complexity, significantly lowers cost, and provides IT organizations with improved efficienc...
Cloud computing is being adopted in one form or another by 94% of enterprises today. Tens of billions of new devices are being connected to The Internet of Things. And Big Data is driving this bus. An exponential increase is expected in the amount of information being processed, managed, analyzed, and acted upon by enterprise IT. This amazing is not part of some distant future - it is happening today. One report shows a 650% increase in enterprise data by 2020. Other estimates are even higher....
SYS-CON Events announced today that CDS Global Cloud, an Infrastructure as a Service provider, will exhibit at the 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. CDS Global Cloud is an IaaS (Infrastructure as a Service) provider specializing in solutions for e-commerce, internet gaming, online education and other internet applications. With a growing number of data centers and network points around the world, ...
DevOps at Cloud Expo – being held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA – announces that its Call for Papers is open. Born out of proven success in agile development, cloud computing, and process automation, DevOps is a macro trend you cannot afford to miss. From showcase success stories from early adopters and web-scale businesses, DevOps is expanding to organizations of all sizes, including the world's largest enterprises – and delivering real results. Am...
SYS-CON Events announced today that LeaseWeb USA, a cloud Infrastructure-as-a-Service (IaaS) provider, will exhibit at the 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. LeaseWeb is one of the world's largest hosting brands. The company helps customers define, develop and deploy IT infrastructure tailored to their exact business needs, by combining various kinds cloud solutions.
Big Data has been changing the world. IoT fuels the further transformation recently. How are Big Data and IoT related? In his session at @BigDataExpo, Tony Shan, a renowned visionary and thought leader, will explore the interplay of Big Data and IoT. He will anatomize Big Data and IoT separately in terms of what, which, why, where, when, who, how and how much. He will then analyze the relationship between IoT and Big Data, specifically the drilldown of how the 4Vs of Big Data (Volume, Variety,...
19th Cloud Expo, taking place November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA, will feature technical sessions from a rock star conference faculty and the leading industry players in the world. Cloud computing is now being embraced by a majority of enterprises of all sizes. Yesterday's debate about public vs. private has transformed into the reality of hybrid cloud: a recent survey shows that 74% of enterprises have a hybrid cloud strategy. Meanwhile, 94% of enterpri...
WebRTC is bringing significant change to the communications landscape that will bridge the worlds of web and telephony, making the Internet the new standard for communications. Cloud9 took the road less traveled and used WebRTC to create a downloadable enterprise-grade communications platform that is changing the communication dynamic in the financial sector. In his session at @ThingsExpo, Leo Papadopoulos, CTO of Cloud9, discussed the importance of WebRTC and how it enables companies to focus...
Internet of @ThingsExpo, taking place November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA, is co-located with 19th Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world. The Internet of Things (IoT) is the most profound change in personal and enterprise IT since the creation of the Worldwide Web more than 20 years ago. All major researchers estimate there will be tens of billions devices - comp...
For basic one-to-one voice or video calling solutions, WebRTC has proven to be a very powerful technology. Although WebRTC’s core functionality is to provide secure, real-time p2p media streaming, leveraging native platform features and server-side components brings up new communication capabilities for web and native mobile applications, allowing for advanced multi-user use cases such as video broadcasting, conferencing, and media recording.