Cryptography's Lemon Of A Business Model

If life gives you lemons, make lemonade. Here's how a startup in the encryption market took that saying to heart.

Andrew Conry Murray, Director of Content & Community, Interop

October 23, 2007

3 Min Read

If life gives you lemons, make lemonade. Here's how a startup in the encryption market took that saying to heart.The lemons in this case are regulations such as PCI, HIPAA, and California SB 1386, which essentially force regulated companies to encrypt e-mail and the databases that store credit card and Social Security numbers.

On their own, most companies wouldn't bother. E-mail and data crypto applications do nothing to make business run faster or more efficiently. Key management is insanely complex. Setting up interoperable crypto systems with business partners is a technological, legal, and policy rat hole. And encryption can slow transaction processing on databases.

So who's making lemonade? Voltage Security. The startup sells e-mail and data encryption software and offers e-mail encryption as a service. It has raked in more than $42 million in venture funding since 2002 -- including a recent infusion of $12 million -- and is racing toward profitability. Voltage's most likely destiny is to float an IPO or be acquired.

Voltage was founded to monetize a unique algorithm, identity-based encryption, that can generate public/private key pairs out of simple strings such as an e-mail address. IBE helps simplify key management, making crypto more palatable for the enterprise.

It's also no coincidence that Voltage's new SaaS-based e-mail encryption offering, which further simplifies encryption issues, is the company's fastest-growing product. In six months, the Voltage Security Network has jumped from 1,000 paid subscribers to 36,000. If this pace continues, CEO Sathvik Krishnamurthy believes the managed service will account for a quarter to a half of the company's business.

ENCRYPT YOUR DATA OR WE'LL SHOOT THIS DOG Of course, no one likes to admit that their business model is based on arm-twisting by external regulators, rather than on the intrinsic business value of the product.

Krishnamurthy argues that strategic-minded companies can use encryption as a competitive differentiator and to create revenue opportunities. He points to its bank and insurance customers that attract new clients and retain existing ones because they can offer pain-free encrypted transactions and communications. That's true, but why do bank and insurance clients want encryption? Because of compliance requirements.

Regardless of the drivers, Voltage is poised to make a lot more juice. It will apply its $12 million to expand R&D and drive new sales and marketing efforts around the encryption service and data protection software. It is cash-flow positive over the past two quarters, and has enjoyed top-line revenue growth of 80% over the past four quarters.

The company also has struck a host of OEM deals and partnerships. A recent deal with Code Green Networks, a data loss prevention vendor, will integrate Voltage's service offering with Code Green's gateway appliance. If the appliance, which monitors network traffic, determines an outbound e-mail should be encrypted, it will use Voltage's service to automatically encrypt the message.

It looks like making regulatory requirements a little less bitter can be a sweet business model after all.

About the Author(s)

Andrew Conry Murray

Director of Content & Community, Interop

Drew is formerly editor of Network Computing and currently director of content and community for Interop.

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like

More Insights