Wednesday, June 3, 2009
Interview with Trell Rohovit, Venafi
Sandy, Utah-based Venafi (www.venafi.com) is shipping a new product aimed at helping enterprises manage their encryption today. We recently caught up with Trell Rohovit, the firm's President and CEO, to learn more about the company and what it offers.
How is your software used by companies?
Trell Rohovit: We're a systems management company focused on managing encryption. When I saw managing encryption, that's the ability to deploy, scale, manage, and control encryption and policy in an organization--what we call the river of encryption. Companies are finally deploying data protection rules and privacy rules, and they've come around in the last 24 months because there's a lot more pressure on organizations to protect data--companies are moving leaps and bounds than ever before in history. As that takes place, companies looking to expand their encryption footprint have found that it's a very difficult technology to scale, and to control. If you don't manage it correctly, there are severe consequences, including systemic failure--where businesses come to a grinding halt as a result of mismanaged encryption. We provide a management platform which supports multiple types of encryption, across different platforms, laptops, desktops, the network, the data center--so make sure of the efficacy of encryption goals, and that data security can be controlled.
Why use your products instead of whatever a vendor might offer for their products--for example encryption tools from a backup vendor?
Trell Rohovit: There are not many effective tools to manage encryption from vendors, even for their own, specific tools. For example, IBM just released Tivoli Key Cycle Manager to help organizations manage their encryption tapes--and that literally, was just released last December. We OEM a part of that technology. So, the first answer is there's not really much out there. The second is there is harmonic dissonance--just in terms of the voluminous amount of encryption keys and protocols, plus many, many applications. For example, on a laptop, there might be the necessity to encrypt the hard drive. What we've seen, is that an organization can encrypt the hard drive, but might have to deal with full volume encryption, file, encryption, secure email, rights management services, strong authentication, secure IM, and keys for encryption on the hardware on that laptop--not to forget digital signing in Microsoft Office and Adobe. Just in that environment, there are numerous encryption keys and applications. Imagine, if you will, managing keys for thousands of users in that one environment. Data centers are an order of magnitude more difficult, where you have web servers, applications servers, databases, firewalls, routers, tapes--protocols like SSL, IPSEC, SSH, Symmetrikey encryption. That's the long answer. To manage your encryption footprint, holistically, you really need a comprehensive management platform that looks at different encryption types, protocols, and different application types and help to bring that under management.
You mention there's been a lot of demand for your products, are regulations and laws behind that, or what is currently driving demand for your products?
Trell Rohovit: Certainly. There are two things. One is regulation. laws such as California's SB1386, a privacy law--PCI compliance regulations, HIPPA regulations, and there are thirty seven other states enacting privacy laws. That's certainly driving transparency into the marketplace. In the past, when there was a data breach--for example, at TJ MAXX, when that took place you didn't hear about it. Now, with new laws and regulation, that forces transparency. Now, when a laptop drops off the end of a truck, it ends up on the front page of the Wall Street Journal. When it hits your reputation, that hits your board as a fiduciary, and they see what is happening, and down it flows to make that problem go away and to make sure it doesn't happen again. in the past, VP of Operations and CIOs said no to increasing security, because it just caused complexity in the data center. With the new laws, and the reputation risk--driven by those laws on transparency--they can't say no. You have to encrypt, you have no choice, and they just have to figure out how they are going to get it done. The other thing that is driving the business is that the functionality in applications to encrypt data is now there. If you back up to 1999 or 2000, I can't think of anything using encryption. Nothing was encryption enabled, and there was no way to deploy the infrastructure in a scalable way. If you fast forward, I can't think of any major infrastructure component now which isn't encryption enabled. Your firewall, routers, cell phone, Microsoft Office, web server, app server, middleware, database, packaged app, Oracle, SAP, tapes--all of those now have the ability to encrypt data. Turning that on, you need to be able to scale that in your environment, or risk system operation failure. You can't have your web server go down, your provisioning system go down, and you can't have your reservation system go down or trading as a result of mismanaged encryption--that fact leads to most of our sales.
How big is the company, and are all of them in Utah?
Trell Rohovit: We're not all in Utah. We're roughly 35 people in all, with contractors and sales offices throughout the U.S., plus London. We also have resellers in South America and in Asia Pacific.
Finally, what's the next step for the company nowadays?
Trell Rohovit: We're very, very focused on being the premier provider of the systems management platform for companies. We know encryption is only getting more difficult for organizations in the future, and the importance of achieving goals is certainly more critical, in terms of effectively operating a secure business. We've got a major new product release next week, our Encryption Director, which takes the idea of managing encryption to an entirely new level. It provides a management platform that is really flexible for an organization to control, with policy around multiple types of encryption and applications--it really provides a platform to the vision of the company.