Sync NI: SaltDNA's John Bailie talks secure business communication, recent awards, and an exciting year ahead
Every large business needs to communicate regularly between different offices, but how do you keep those lines of communication secure? Belfast-based cyber-security company SaltDNA has been making big waves recently in the field of enterprise communication with its secure platform that integrates into existing business practices and helps businesses comply with ongoing regulatory requirements.
It's been a great year for SaltDNA, with the firm being named in the top half of the CyberSecurity 500 and being recently awarded Highly Commended in the Innovative Business of the Year category at the 2018 BEFTA award. I caught up with Head of Marketing John Bailie to discuss the need for secure business communications, why other platforms may not be protecting your information, and what the future holds for the company.
Sync NI: Your original target market for your services was lawyer and their clients. Has that changed over the years?
John Bailie: It's somewhat changed. Whenever we got into the market to begin with, we saw legal as a massive space for us to go into. Since that decision was taken, from direct approach from other companies, we've altered our product a bit to meet requirements in a number of different industries. Legal would still be a key one for us, but it would also go alongside financial, defense, and security - the likes of government and law enforcement clients.
Are there any companies that should be aware of like this that maybe aren't yet?
Effectively anyone. The way we sell our product is that we allow important people to discuss important matters even when they can't be in the same room as each other. That fits across so many industries, so anyone who is sharing confidential information in an insecure way would be our target audience.
Something that a lot of people don't get for cyber-security is the importance of end-to-end encryption. So why is that so important?
It's hugely important because a lot of people believe that encryption is security, and that's the way the consumer products have set the market up is that encryption is not secure. If you look at Whatsapp and Signal and Viber and you look at the consumer applications on the market, by offering encryption we don't believe it is security. That's why we believe that the end-to-end aspect and the closed aspect of our system is what makes it secure.
If you look at secure email providers as another example, if I was to send Nicole here for example a secure email then there's nothing stopping her from forwarding that on to ten people who don't use secure emails. Unless it's end-to-end and unless it's closed, the encryption needs to sort of stop at the end-to-end point, and if it's one-way encryption then it's simply no good.
That's why we believe that the closed aspect of what we offer. The fact that both people have to be on the application, and that the organisation controls who speaks to who, is what really creates and allows an organisation to secure its information.
So the important thing is having a closed ecosystem for communication?
Yes, and that's what we have been built on from day one. End-to-end encryption is great and it's absolutely necessary for effectively everything we do, but unless you have the management aspect and the control capacity of who speaks to who and ensuring it's a closed group, then that end-to-end encryption can just be opened and sent out via insecure methods to the point that your information isn't protected any more.
That could be very important with regard to data breaches as part of GDPR. So have many companies come to you regarding GDPR?
Yes, a number have, and we were quite pro-active with it as we knew it would be a requirement. Even in the financial industries there are new regulations like MiFID II, so we've altered our solution to incorportate a compliance mode to allow organisations to keep a securely archived version of their communications within their own premises. We don't want to have access to it, and by providing them access to their own system and regulating it and setting it up the way they need it to be, will allow them to meet greater regulations.
You see your service as an ongoing thing that allows companies to deal with compliance and new laws etc too then?
Exactly. I think it needs to be, and everything we've done since day one has been flexible both in terms of our development process, keeping ahead of trends and analysing the market, but also in terms of the customer approach -- In this case it's large organisations.
Business is becoming a highly regulated environment with new laws being introduced all the time, so we need to be flexible to the approach of our customers. If we were to set up an all-premises deployment to allow customers to take this solution and place this within their own infrastructure, we need to be flexible to how they deploy it and the plugins and enablement around other solutions as well.
You offer server-based and cloud-based solutions. Often the problem with cloud solutions is that you don't have control over the physical infrastructure your system runs on. So what's your approach when dealing with cloud systems to ensure security?
Our SaaS model is not one that we just pay for and it's 'out there', it's a G-Cloud infrastructure with tier 3 data centre, and it's extremely secure and extremely compliant. So we know everything about it and we know where it's being stored, it's a cloud solution for customers that don't need to store it within their own infrastructure.
So the cloud infrastructure is fully under your control, it's really for the scaling and deployment benefits of cloud rather than being hosted on a shared cloud service?
Yes, so we need to know everything about it in order to sell it as a secure information technology system. So we know where it's being stored, we've actually been there numerous times to see it in practice. We don't trust just anyone, we are diligent in ensuring that everything is secure.
You were recently awarded Highly Commended in the Innovative Business of the Year category at the 2018 BEFTA awards. What went into that achievement?
Everything we do is about continually innovating our product, and it's about listening to customers. Our product roadmap and everything we do internally is never done just because we want to do it, it's always done based on feedback from customers and partners. We're always innovating, and we're always keeping ahead of competition. We know that secure communications is a growing industry, so in order to be the leaders of it we need to be continually innovating and improving our product.
Some of the stuff that the guys have done in 2018 has been incredible, even the new message broadcasting feature we brought out and continued improvements to the app. We already know what's coming in 2019 and it's going to be even bigger for us. To understand that there's a small team in our office in terms of the development process and how it works, but the amount of stuff they actually push out on a consistent basis is incredible. It's all to do with the incredible levels of innovation shown by the development team here.
What is on the horizon, are there any new services or new markets on the radar?
At the minute we're obviously pushing the same product but we're continuing to take on feedback from customers and partners. We'll be making a big product announcement when we're at RSA in the first week of March, and toward the end of 2019 we have a completely different feature that we will be releasing into the market around November time. It's going to change up the dynamics of our application, offer it into a completely different market, effectively it's a completely different solution in addition to what we have.
Is any of this a consumer solution or is this still very much enterprise?
Still enterprise. We've continued to toy with the consumer space, and it completely goes against everything we believe in from a closed system dynamic, and from the experience the team and customers have had. Our approach is still going to be enterprise, and it's still going to be global. We'll hopefully be reaching out and expanding with new major partnerships and opportunities in different regions.
Of course, you have clients and partners all over the world. What's it like being a small company from Northern Ireland competing on the global stage?
The company was founded around six years ago now, and it was developing and solidifying the product was the first key point we needed to make. This was a process we thought would take 12 to 18 months and it ended up taking around 24 to 30 months. Whenever we went to the market and see where we could sell this to, it was a completely different market than what we anticipated from our previous industry research.
From day one we didn't believe we had a market here locally. Domestic market is normally where you grow a product and grow your sales and then you expand, whereas we really didn't have an option in our opinion - we had to expand to start with. We had to go to different markets, so we looked at Africa and the Middle East. We didn't think that there was enough of a target audience here at home, and we didn't think that there was an understanding of the issue we were trying to solve.
We had to move further abroad to places like Africa and the Middle East where people understood the threat of mobile interception a bit more. We're now seeing that people here understand the issue now, and we're starting to see some traction locally and we're being recognised with some awards for the level of innovation we're showing. We have some major opportunities now in the UK, but we had to reach out to come back in.
Does it help that there are a lot more laws coming in here that businesses need to be prepared for?
Yes, 100%. I think the interesting bit is that we built our reputation globally and we're recognised in the CyberSecurity 500 which consists of the 500 top cyber security firms in the world, but if you go out in Belfast and mention SaltDNA not a lot of people know who we are. It's quite nice in a way, but on a different level we're doing something really cool here and solving the issues of some of the largest organisations in the world, and we're doing that from Belfast. We're trying to build our client base here and in the UK, and I think more and more people will hear about us in the next few years.
Originally posted by Brendan Drain at Sync NI
SaltDNA, ranked in the top half in the Cybersecurity 500, provides a fully enterprise-managed software solution that enables absolute privacy in mobile communications. It is easy to deploy and uses multi-layered encryption techniques to meet the highest of security standards. The SaltDNA Desktop and Mobile apps are intuitive and easy to install and use. The SaltDNA Communication Manager provides a console for tight management of users and can be configured for the management of regulatory compliance. SaltDNA is headquartered in Belfast, Ireland, for more information visit www.saltdna.com.