Of all of the challenges enterprise IT specialists are facing today, there may be no bigger than the BYOD trend. While the PC may not be dead, many enterprise employees increasingly do their work on mobile devices. This raises an important challenge for IT. How can they keep their sensitive corporate data safe when company employees are increasingly using their mobile devices outside of the Office. The challenge for IT is to find a mobile cybersecurity solution that will be robust enough to provide data protection, but not so intrusive that employees will find it impacts their productivity. One startup that has embraced that challenge is Bluebox. I believe Bluebox has come up with a unique mobile cybersecurity solution, and joining us here today to discuss it further is Bluebox’s COO and Cofounder Adam Ely. IT Specialist: Thank you for answering our questions today Adam. To start with, can you provide some brief background on Bluebox, such as what year you were started and the background of the founders? Adam : Bluebox was founded in May of 2012 by myself and my cofounder our CEO Caleb Sima. Prior to founding Bluebox I was the Chief Information Security officer (CISO) at the Heroku business unit of Salesforce. I also previously led security and compliance at Tivo, and held a number of roles within Walt Disney dealing with security operations and compliance. Caleb was previously an Entrepreneur in Residence at the VC firm Andreessen Horowitz, and before that was CEO of Armorize, a SaaS-based malware monitoring firm. Previously he pioneered web application security tools by co-founding SPI Dynamics which was ultimately acquired by HP. IT Specialist: What was the inspiration behind the founding of Bluebox? Was there one ‘aha!’ moment or is this something you’ve been looking at for a long time? Adam: Bluebox was founded based on practical experiences Caleb and I had in previous jobs. When I was at Disney, Steve Jobs was on our Board, and as a result we were an early adopter of the iPhone, starting with the first version. Naturally, employees ended up wanting to use their devices for work as well as for their personal lives. The inspiration for founding Bluebox was on the frustration of not being to find an MDM (mobile device management) solution that both protected my company’s key data but was also not cumbersome for end-users to use and also did not intrude on their privacy. We decided that if we could develop a solution that was effective, dynamic and easy to use while also keeping employees privacy concerns regarding their own personal apps and data in mind, we could create something unique. And that’s how the idea for Bluebox was born. IT Specialist: What is the current BYOD landscape in your view from a security perspective – what is lacking in your view for how current BYOD cybersecurity protection has been done by previous or even existing mobile cybersecurity vendors? Adam: Sure, let me give you an overview of what the problems are. MDM solutions generally focus on the device itself. As a result, many enterprise employees consider these types of solutions way too intrusive and worry about the privacy of their private applications and don’t want IT seeing everything on their device. Another option that does provide more privacy are cybersec solutions based on the principle of “containerization”, or the creation of virtual containers wrapped around the company apps. The problem here is that enterprises have to specifically choose which of their apps they want protected by their container-based solutions. However, when you want to add a new app, the container doesn’t work because there is no integration. Even if you move from one version of an app to a new version integration doesn’t happen automatically. Now, your new app is not protected, and you have to go through the whole process of “containerizing” something again. This all makes container-based mobile solutions very cumbersome for both employees and IT. Now, if you are large enough you can still go to Salesforce and have them design something customized for you that can be embedded for your employees, but again, this takes time and you’ll always be a few months behind the latest version of their solution. IT Specialist: Could you give us a brief overview of how your technology works in terms of it’s specific features? As I understand, you are focused on protecting the underlying data itself, not the devices? I assume of course that it is software only? Adam: That’s correct, we focus on the data itself. The key point about Bluebox’s technology is that the protection of all of the apps happens dynamically. Basically, you just download the Bluebox solution which essentially creates like a microvisor. Any new apps can be added and the integration with Bluebox happens automatically. No waiting, no custom development, no extra hassle for the IT person or the remote employee. The very simple fact – which I constantly discovered at my previous jobs – was that if you make something too cumbersome or difficult for the employee to use, they will find a way around it and then you’re stuck with no security. The remote sales exec in the last week of the quarter does not need to be worried about updating a complex security solution when they are trying to close business or make their numbers, and they will find a workaround to whatever BYOD cybersec solution IT has previously installed. The ultimate objective here is to make the actual performance of the protected apps as close to a native experience as possible for end-user employees. The only time they will ever have to do anything different is if the app times out the employee has to type in a passcode to reactivate it. Let me summarize here the top features of our technology: Data Wrapping protects all corporate data, including email attachments, with document-level AES 256 encryption and security policies that allow you to track, revoke or wipe data. Instant App Protect secures data in any internal or public app; no SDKs or coding required. Context aware policies control data leakage on the device, between apps, and over the network to cloud storage locations. Device and application integrity with full-fledged defense mechanism against platform level vulnerabilities, app tampering as well as jailbreaking/rooting Secure data end-to-end – from your internal or cloud storage applications down to the device. Separate corporate from personal data with flexible configurations Here is an image that provides some context to what I am saying: IT Specialist: What has been the response from end-user employees in the enterprises who are using your solution? Adam: The feedback from IT departments has been excellent. Employees love the ease of use. Since Bluebox is dynamic, new applications can be added with no extra hassle, as again, the integration with Bluebox is done dynamically. The other thing employees love is that all of their personal applications and data are totally separate from the corporate applications protected by Bluebox. Of course, we knew from personal experience many en-users will still be suspicious – i.e. “how do I really know the company isn’t spying on my personal stuff?” To combat this fear, we actually built in a special privacy dashboard for the end-users. This dashboard shows the employee exactly what the company has access to and what it doesn’t. This is huge for the end-users. They can instantly confirm that their personal apps are untouched by Bluebox, which really promotes trust between IT and the employees, and makes it much more likely that employees will actually accept the Bluebox solution. IT Specialist: What role does the enterprise IT professional play in implementing and managing a Bluebox solution – how easy is it to install? Does Bluebox have a management or control function for IT where they can have visibility to what’s going on and collect statistics? Adam: From an IT standpoint, we wanted implementation of a Bluebox solution to be easy. We didn’t want to build something that would require multiple teams to be involved in implementation or require extensive post-sales professional services support. As part of this approach of simplicity, we also made our pricing really basic. We simply charge a flat fee per user/per year. Many MDM solutions make you pay by the device, but with Bluebox, once you pay for the user the solution can be used on as manyemployees devices for the individual as you want. In addition, the Bluebox solution still allows the IT department in-depth detail into what is going on with their corporate data. For example, IT can ask a question like ‘which app has the highest amount of our most sensitive private corporate data on it’, for example company credit card info, and IT can then track every corporate app where that sensitive data is located to see where it goes and ensure that it’s protected. Furthermore, because of our data centric approach, IT can take action with surgical precision to reduce risk and prevent data loss. For example, they can delete a specific document with company credit card info from an individual user, or remove all instances of that same document across all employees’ mobile devices. IT Specialist: Turning now to the corporate level, can you tell us how much money Bluebox has raised and who your core investors are? Adam: Sure. Bluebox has raised $27.5 million so far. We closed a $9.5 million Series A financing round led by Andreessen Horowitz in June, 2012. We also recently raised $18 million in Series B funding from Tenaya Capital, Andreessen Horowitz, Sun Microsystems Co-founder Andreas Bechtolsheim, and SV Angel. IT Specialist : Finally, for people who may be interested in testing the Bluebox solution or beginning a dialogue with you, what is the best way for them to start working with you? Adam: We invite people to visit our site – www.bluebox.com and browse. Feel free to download a white paper providing an overview of our solution here: http://www.bluebox.com/whitepaper-download/ . We also would encourage those interested to just e-mail email@example.com and we’ll get back to you immediately. IT Specialist : Thank you very much for your time Adam. Sounds like a great value-proposition and I’ll certainly be keen to watch your ongoing progress.