Java IoT Authors: Liz McMillan, Sematext Blog, Carmen Gonzalez, Yeshim Deniz, Jim Kaskade

Related Topics: Cloud Security, Mobile IoT, @CloudExpo

Cloud Security: Blog Post

BYOD Security Issues – Solved with Appthority SaaS

Security Chat with Domingo Guerra, president and co-founder of Appthority

Thanks for taking the time to answer my questions. Please tell us, what is Appthority all about and what do you do?

Guerra: Appthority is an app risk management company with a Software-as-a-Service solution that analyzes mobile apps for hidden behaviors that pose privacy and security risks. Our main customers are large organizations and we provide them with the first all-in-one App Risk Management service to uncover the hidden actions of apps and enable enterprises to create custom policies to prevent unwanted app behaviors. Appthority combines the largest global database of analyzed public and private apps with advanced policy management tools to automate control over risky app actions to protect corporate data on company-issued and BYOD mobile phones as employees bring their own apps to work.

With the shift from desktop computing to mobile spurring the rise of the BYOD, BYOApps, and Mobile First movements, people are mixing personal and corporate data on their mobile devices. This has created enormous security and privacy implications. Since 91% of apps lack encryption and 79% can access corporate data, there is obviously the potential for serious problems. Appthority enables organizations to prevent risky apps from entering the workplace while still enabling the workforce to leverage their mobile devices to their maximum potential.

What's new in terms of products?

Guerra: We just announced several key upgrades to the Appthority Service. We've done a lot of market research and IT and security administrators are really interested in being able to construct highly customizable policies. The upgrades to the Appthority Service improve workflow processes in a number of ways: It provides support for multiple app allowance policies simultaneously - by company department, by geography or even by device type - whether company or employee owned. This includes approving and enforcing custom, acceptable use polices at scale, to supporting the creation and implementation of multiple group and role-based policies. An enforcement workflow (do x for y days, then to z for n days, when a specific risky behavior is detected) is now also available. Finally, we've added additional rules and detection for cloud-based file storage violations, which are a big worry for companies trying to protect their IP.

The biggest challenge we face now in winning over new clients is a lack of awareness of the challenge of protecting and securing organizations and their employees from risky mobile app behavior. Most customers are aware of the malware risks on the Android OS, however, some organizations are not aware that there are many other risks beyond malware from a privacy, security and data management perspective that affect iOS and the Android OS.

Who is your target audience and how do you intend to reach them?

Guerra: Our target audiences are Chief Information and Security Officers of Fortune 500 companies who are building mobile risk management policies, as well as IT Administrators responsible for their organization's Mobile Device Management (MDM).

I'd be curious to hear any general thoughts you have on market trends...

Guerra: According to Gartner, by 2015, the number of employees using mobile applications in the workplace will double. More organizations are adopting a Mobile First strategy, to support employees who are using the mobile device as their primary computer more and more. Employees are, on average, downloading 50-200 apps from the millions of apps in the global app ecosystem onto devices that are connecting to the corporate network. The cost and complexity of manually managing app risk policy functions is enormous, so there is a strong need for technology that can mitigate the risks apps bring into the enterprise.

What is the viral aspect of your product?

Guerra: There are millions of apps in the app ecosystem and even more if you consider that each version of an app is a net-new app. Keeping adequate coverage and analysis of all of the apps out there is a huge task. The Appthority Service integrates directly into the top MDMs, which gives us a huge mobile footprint. As a result, any time an employee anywhere in the world downloads a new app or a new version to an existing app, our system gets immediately notified and processes the app for analysis. The viral effect is that when other employees, even if they work at different companies, download that same app, our system will already have the analysis complete and IT administrators can rest easy knowing that our database with over 2 million apps stays relevant and always up-to-date.

What's the business model? How will you make money?

Guerra: Appthority's solution is delivered as Software-as-a-Service. It is subscription-based in which we charge per device / per month.

Who are your competitors?

Guerra: There are other security companies that focus on mobile risk, however most only focus on malware and thus on Android. Other vendors focus only on app vulnerabilities, (programing mistakes), but these are short-sighted approaches, as most of the enterprise risks in mobile apps are from behaviors the developer incorporated into the app by design. Only Appthority was built from the ground up to focus on iOS and Android and analyze apps for total risk with respect to risky security behaviors and risky privacy behaviors as well as malware.

How do you differentiate from your competitors?

Guerra: The Appthority Mobile App Risk Management Service integrates with MDM technology to automatically identify risky behaviors in mobile apps and grant employees access to the apps they can securely use. We are the only service to automate an otherwise manual process to reduce risk and costs so our customers can leverage mobility and empower a smarter, safer and more productive mobile workforce.

How does your technology differentiate from the competition and can you elaborate on the different technology deployed?

Guerra: Appthority is the first and only product available today that acts as a truly actionable and fully automated app risk management service, including app reputation (risky behavior) analysis and policy management in an entirely integrated platform. Appthority's policy management innovation is the next step in the evolution of App Risk Management - from discovering and analyzing risky app behaviors to automated enforcement capabilities.

With Appthority, IT Administrators responsible for their organization's Mobile Device Management (MDM) program are able to know the risky app behaviors present on employees' managed devices within minutes. They can then create custom policies based on their organization's unique risk profile. Using Appthority's analysis, IT administrators can now also take the next step of creating custom and unique app enforcement and remediation policies for all devices under management. This includes generating blacklists and whitelists that auto-populate based on the behavior of new apps entering the environment.

What business or technology could yours disrupt?

Guerra: Many companies today are following one of three models when it comes to mobile security. A number of companies aren't doing anything - they are still hanging onto their Blackberries, but are doing their homework as iOS and Android phones sneak onto the network. Next are the companies using containers, which are seen as essential by really early adopters and big financial firms, but the productivity and usability impact on users is so dramatic that the longevity of this approach is questionable. Finally, there are companies using Mobile Device Management (MDM) solutions, which while it is undoubtedly here to stay, MDMs can't look into the risky behaviors within an app, which is where all the risks lie.

This is where Appthority comes in. By integrating with MDMs and enterprise app stores, Appthority provides companies with the comprehensive solution needed to protect corporate data while allowing employees the freedom to use their smart phones or tablets for work.

Who founded the company, when? What can you tell me about the story of the company's founding?

Guerra: My cofounders Kevin Watkins, Anthony Bettini, and I founded the company in early 2011 to create a safer enterprise mobile environment. Our founding team saw IT's frustration in dealing with CoIT (Consumerization of IT) and the BYOD (Bring Your Own Device) movement, where organizations struggled with the loss of control, visibility and security coverage of some of their most valuable data. Through early interaction with enterprise customers, eager to find a solution to their mobile IT woes, Appthority stepped up to the challenge and envisioned a world where IT could embrace, rather than fear, mobile devices and the many advantages of a mobile workforce. And just like that, Mobile App Risk Management was born. After nearly a year of stealth-mode development, we launched The Appthority Platform at the 2012 RSA Conference Innovation Sandbox where Appthority was named "The Most Innovative Company of RSA Conference 2012."

What is your distribution model? Where to buy your product?

Guerra: Our distribution model is diverse, from direct via our sales organization to VARs, to system integrators to carriers. Our product is available worldwide and available in seven languages, though our focus is on Fortune 500 companies in the U.S. that have deployed an EMM / MDM solution.

What's next on your product roadmap?

Guerra: We will continue to add more customizable features to the Appthority Portal as customers become more sophisticated with their mobile risk management processes. We are seeing a lot of growth from early adopters making their way to other enterprise accounts and it's exciting to offer customization and automation that fits customers' diverse mobile app security needs.

What else would you like to add?

Guerra: As we see apps power the Internet of Things, there are now apps in cars, televisions and refrigerators. Just like with mobile devices, apps are empowering other economies that will thrive and create opportunity for developers as well. However, it is important to learn from the mobile app security issues we've seen to-date and start early with embedded apps as the Internet of Things booms.

Partnerships, collaborations or affiliations: Our most critical technology partners are AirWatch, Apperian, and MobileIron. For the consumer market, we are partnered with carriers like Swisscom.

Federal or state grants, contracts or awards received: Appthority is a current finalist for four industry awards: Global Mobile Awards 2014 Finalist for Best Enterprise Mobile Service; SC Magazine Awards 2014 Finalist for Rookie Security Company of the Year; 2013 SINET 16 Innovator; Tech Trailblazers Finalist 2014 - Mobile.

Market size being pursued: By 2015: Enterprise mobile app development is an $8B/year market and the enterprise mobile device management market (includes MDM, EMM, MAM, Containers, etc.) is a $9B/year market. Appthority plays in both markets.

Is the company profitable? As a privately held company, Appthority does not release revenue information.

Appthority's App Risk Management service automates discovering the hidden behaviors of millions of apps and allowing the apps that employees can securely use. Only Appthority combines the largest global database of millions of analyzed public and enterprise apps with a policy management engine to speed app review and approval and enforce custom, acceptable use polices for thousands of employees within minutes. With unprecedented visibility and control over risky app behaviors, Appthority enables companies to leverage mobility and empower a smarter, safer, mobile workforce. Headquartered in San Francisco, Appthority is venture-backed by U.S. Venture Partners (USVP) and Venrock. More information on Appthority can be found at https://www.appthority.com.

All product and company names herein may be trademarks of their registered owners.

More Stories By Xenia von Wedel

Xenia von Wedel is a Tech blogger and Enterprise Media Consultant in Mountain View, serving clients in a variety of industries worldwide. She is focused on thought leadership content creation and syndication, media outreach and strategy. She mainly writes about Enterprise, B2B solutions, social media and open source software, but throws the occasional oddball into the mix. Buy her a coffee if you like her article: http://xeniar.tip.me

@ThingsExpo Stories
Intelligent machines are here. Robots, self-driving cars, drones, bots and many IoT devices are becoming smarter with Machine Learning. In her session at @ThingsExpo, Sudha Jamthe, CEO of IoTDisruptions.com, will discuss the next wave of business disruption at the junction of IoT and AI, impacting many industries and set to change our lives, work and world as we know it.
SYS-CON Events announced today that Enzu will exhibit at the 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. Enzu’s mission is to be the leading provider of enterprise cloud solutions worldwide. Enzu enables online businesses to use its IT infrastructure to their competitive advantage. By offering a suite of proven hosting and management services, Enzu wants companies to focus on the core of their online busine...
The explosion of new web/cloud/IoT-based applications and the data they generate are transforming our world right before our eyes. In this rush to adopt these new technologies, organizations are often ignoring fundamental questions concerning who owns the data and failing to ask for permission to conduct invasive surveillance of their customers. Organizations that are not transparent about how their systems gather data telemetry without offering shared data ownership risk product rejection, regu...
The Open Connectivity Foundation (OCF), sponsor of the IoTivity open source project, and AllSeen Alliance, which provides the AllJoyn® open source IoT framework, today announced that the two organizations’ boards have approved a merger under the OCF name and bylaws. This merger will advance interoperability between connected devices from both groups, enabling the full operating potential of IoT and representing a significant step towards a connected ecosystem.
November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. Penta Security is a leading vendor for data security solutions, including its encryption solution, D’Amo. By using FPE technology, D’Amo allows for the implementation of encryption technology to sensitive data fields without modification to schema in the database environment. With businesses having their data become increasingly more complicated in their mission-critical applications (such as ERP, CRM, HRM), continued ...
SYS-CON Events announced today that Embotics, the cloud automation company, will exhibit at the 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. Embotics is the cloud automation company for IT organizations and service providers that need to improve provisioning or enable self-service capabilities. With a relentless focus on delivering a premier user experience and unmatched customer support, Embotics is the fas...
SYS-CON Events announced today that Cloudbric, a leading website security provider, will exhibit at the 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. Cloudbric is an elite full service website protection solution specifically designed for IT novices, entrepreneurs, and small and medium businesses. First launched in 2015, Cloudbric is based on the enterprise level Web Application Firewall by Penta Security Sys...
Smart Cities are here to stay, but for their promise to be delivered, the data they produce must not be put in new siloes. In his session at @ThingsExpo, Mathias Herberts, Co-founder and CTO of Cityzen Data, will deep dive into best practices that will ensure a successful smart city journey.
Data is the fuel that drives the machine learning algorithmic engines and ultimately provides the business value. In his session at Cloud Expo, Ed Featherston, a director and senior enterprise architect at Collaborative Consulting, will discuss the key considerations around quality, volume, timeliness, and pedigree that must be dealt with in order to properly fuel that engine.
SYS-CON Events announced today that MathFreeOn will exhibit at the 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. MathFreeOn is Software as a Service (SaaS) used in Engineering and Math education. Write scripts and solve math problems online. MathFreeOn provides online courses for beginners or amateurs who have difficulties in writing scripts. In accordance with various mathematical topics, there are more tha...
Successful digital transformation requires new organizational competencies and capabilities. Research tells us that the biggest impediment to successful transformation is human; consequently, the biggest enabler is a properly skilled and empowered workforce. In the digital age, new individual and collective competencies are required. In his session at 19th Cloud Expo, Bob Newhouse, CEO and founder of Agilitiv, will draw together recent research and lessons learned from emerging and established ...
In his general session at 19th Cloud Expo, Manish Dixit, VP of Product and Engineering at Dice, will discuss how Dice leverages data insights and tools to help both tech professionals and recruiters better understand how skills relate to each other and which skills are in high demand using interactive visualizations and salary indicator tools to maximize earning potential. Manish Dixit is VP of Product and Engineering at Dice. As the leader of the Product, Engineering and Data Sciences team a...
Virgil consists of an open-source encryption library, which implements Cryptographic Message Syntax (CMS) and Elliptic Curve Integrated Encryption Scheme (ECIES) (including RSA schema), a Key Management API, and a cloud-based Key Management Service (Virgil Keys). The Virgil Keys Service consists of a public key service and a private key escrow service. 

The best way to leverage your Cloud Expo presence as a sponsor and exhibitor is to plan your news announcements around our events. The press covering Cloud Expo and @ThingsExpo will have access to these releases and will amplify your news announcements. More than two dozen Cloud companies either set deals at our shows or have announced their mergers and acquisitions at Cloud Expo. Product announcements during our show provide your company with the most reach through our targeted audiences.
@ThingsExpo has been named the Top 5 Most Influential Internet of Things Brand by Onalytica in the ‘The Internet of Things Landscape 2015: Top 100 Individuals and Brands.' Onalytica analyzed Twitter conversations around the #IoT debate to uncover the most influential brands and individuals driving the conversation. Onalytica captured data from 56,224 users. The PageRank based methodology they use to extract influencers on a particular topic (tweets mentioning #InternetofThings or #IoT in this ...
More and more brands have jumped on the IoT bandwagon. We have an excess of wearables – activity trackers, smartwatches, smart glasses and sneakers, and more that track seemingly endless datapoints. However, most consumers have no idea what “IoT” means. Creating more wearables that track data shouldn't be the aim of brands; delivering meaningful, tangible relevance to their users should be. We're in a period in which the IoT pendulum is still swinging. Initially, it swung toward "smart for smar...
Web Real-Time Communication APIs have quickly revolutionized what browsers are capable of. In addition to video and audio streams, we can now bi-directionally send arbitrary data over WebRTC's PeerConnection Data Channels. With the advent of Progressive Web Apps and new hardware APIs such as WebBluetooh and WebUSB, we can finally enable users to stitch together the Internet of Things directly from their browsers while communicating privately and securely in a decentralized way.
In past @ThingsExpo presentations, Joseph di Paolantonio has explored how various Internet of Things (IoT) and data management and analytics (DMA) solution spaces will come together as sensor analytics ecosystems. This year, in his session at @ThingsExpo, Joseph di Paolantonio from DataArchon, will be adding the numerous Transportation areas, from autonomous vehicles to “Uber for containers.” While IoT data in any one area of Transportation will have a huge impact in that area, combining sensor...
With an estimated 50 billion devices connected to the Internet by 2020, several industries will begin to expand their capabilities for retaining end point data at the edge to better utilize the range of data types and sheer volume of M2M data generated by the Internet of Things. In his session at @ThingsExpo, Don DeLoach, CEO and President of Infobright, discussed the infrastructures businesses will need to implement to handle this explosion of data by providing specific use cases for filterin...
What happens when the different parts of a vehicle become smarter than the vehicle itself? As we move toward the era of smart everything, hundreds of entities in a vehicle that communicate with each other, the vehicle and external systems create a need for identity orchestration so that all entities work as a conglomerate. Much like an orchestra without a conductor, without the ability to secure, control, and connect the link between a vehicle’s head unit, devices, and systems and to manage the ...