Security worries give startups upper hand

With the hope that corporate security concerns will translate into spending, two newcomers this month will debut offerings intended to keep network intruders at bay.

Singlefin Inc., a US$1 million privately funded company, will offer a service that promises to scrub e-mails for viruses and keep other unwanted missives off corporate networks. Separately, Imprivata Inc., a US$13.6 million venture-backed company, will offer a gateway appliance that works with client software to let customers apply single-sign-on control over custom and Web-based applications.

The companies are entering the market at a time when security budgets are expected to increase more than overall IT spending as companies install or improve antivirus, content filtering and authentication software and firewalls. About 40 per cent of 225 CIOs who Morgan Stanley polled last month cited security software as their top spending priority in 2003.

Singlefin developed its own content-filtering and antispam engine, which it will sell as part of its service. Singlefin uses Sophos PLC and Trend Micro Inc. antivirus software as part of its service, for which it charges US$50 per month to process 100MB of data for antivirus and content-filtering, and 30 cents per megabyte over that. Singlefin will compete against service providers such as Brightmail Inc. and Postini Corp.

The startup also will take its content-filtering engine and collocate it on a customer’s site as an appliance and manage it remotely for US$2,500 per month – dropping the per-megabyte charges.

Some early adopters of Singlefin’s service say it’s an inexpensive and highly effective way to outsource antivirus and content filtering at the gateway. Irvine, Calif., advertising firm Riechesbaird has Singlefin scan for “garbage, porn, viruses and spam,” says Trevor Seeman, the firm’s director of IT. “Last month my company got 12,000 e-mails inbound and 9,500 of them were spam. And Singlefin’s service picked up 154 viruses.”

Seeman says Singlefin provides a console to view any mail that’s filtered out so he and authorized employees can view this quarantined mail to make sure nothing important is sifted out.

Meanwhile, Imprivata is targeting one of the more complicated areas of security management: setting up a way for users to gain access to applications via single sign-on identity management so users don’t have to retain multiple passwords or other credentials.

Imprivata’s OneSign product consists of the single sign-on appliance, which controls access to corporate intranet applications by checking the user’s identity, which is controlled by Imprivata client software.

“This client component basically replaces the Microsoft login and authentication,” says Satish Maripuri, Imprivata’s senior vice-president of sales. The client can be installed to control access to desktop or network-based applications, both Web and proprietary. The single sign-on package costs US$20,000 for up to 5,000 users and is expected to ship later this quarter.

“They’re competing against PassLogix, Protocom Development Systems and Bell Labs in this narrowly defined area of identity management,” says Pete Lindstrom, an analyst with Spire Security. OneSign marks the first time that single sign-on has debuted as an appliance, which often is seen as easier to deploy and manage than software-based security.

The Singlefin and Imprivata services and products could come at a good time, as research firms such as AMR Research Inc. predict that security budgets will increase five per cent this year. For example, Ohio Savings Bank in Cleveland plans to spend 12 per cent more this year over last on items that include identity management, VPNs and host-based intrusion detection, says Matt Speare, director of IT risk management.