Making security easy
- By Graeme Browning
- Sep 17, 2001
The more the federal government relies on information technology to run internal operations and deal with citizens, the hotter the issue of network security becomes.
"Federal agencies continue to get hit by hackers. There's no [chief information
officer] in town who's not worried, concerned and constantly figuring out
how to protect his systems," said Joe Leo, cor.porate vice president of
Science Applications International Corp. and former CIO of the Agriculture
Enter Sigaba Corp., a San Mateo, Calif.-based start-up that has two important
ingredients to make its presence felt in the federal IT market: a simple
and powerful e-mail-based security product and investors who have a track
record of picking winners in the federal IT arena.
SigabaSecure, the company's software, encrypts and decrypts e-mail messages
automatically, without the need for user registration or access to a public-key
While the General Services Administration is overseeing the development
of federal PKI efforts to enable secure electronic transactions, Congress
has expressed concern about deploying a PKI system throughout the government
because it is expensive and cumbersome to use, according to sources. To
send or receive e-mail securely in a PKI system, a user has to have one
unique mathematical key to "sign" messages and another key to encode or
decode the message itself. These keys reside on the user's hard drive, meaning
the user can't send secure e-mail from another computer.
Sigaba's system, on the other hand, works with any widely used e-mail program
and on any computer with an Internet connection. It is interoperable with
a PKI system, but requires no key. "We decided that whatever we designed
had to be brain-dead easy," said Jahan Moreh, Sigaba's chief security architect
and a former researcher at AT&T Bell Laboratories. "People who use e-mail
regularly aren't techno-weenies. They don't want to struggle with their
Sigaba authenticates both senders and receivers of its encrypted e-mail
by requiring that they have valid passwords to their e-mail accounts. The
system also allows senders to control when the key to encrypted mail is
released and how long the key is available. In addition, "with Sigaba's
system you don't need the scale you need with PKI, so you can use Sigaba
with a much smaller user base and it's still economical," said an IT expert
who asked not to be identified.
At just 2 years old, Sigaba might have about the same chance of gaining
recognition in the crowded federal IT market as most other security companies.
But the company has more going for it: It boasts a high-profile roster of
executives and investors. Chief executive officer and chairman Robert Cook
founded several successful high-tech ventures, including WebMethods Inc.,
a maker of systems integration software. And major investors include Dan
Young, former CEO of Federal Data Corp., a systems integrator and software
solutions provider purchased last year by Northrop Grumman Corp.; John Toups,
former president and CEO of IT and engineering consulting firm Planning
Research Corp., now a subsidiary of Litton Industries Inc.; Sudhakar Shenoy,
former CEO and president of Information Management Consultants Inc.; and
Tom Hewitt, founder of federal market consulting firm Federal Sources Inc.
"I believe the winner in e-mail security will be the first person who comes
up with a solution that's affordable, easy to install and manage, interoperable
and easy to use. If you don't have those points, people will defeat the
system," Hewitt said.