We talked with Stacey Lum, President and CEO of InfoExpress, about the company and his take on security of enterprise systems.
What's the background behind InfoExpress?
InfoExpress started in 1993 as a dialup information service, which explains the odd name for a company developing network security products. After a couple of years, it was evident that proprietary networks would be displaced by this thing called the Internet. We applied the core technologies to the corporate security space and found our market with desktop and remote user security.
Our mission is to secure the last mile for desktop and remote systems. This started with our remote access VPN introduced in 1996, the centrally managed CyberArmor endpoint firewall in 1999, and the CyberGatekeeper policy enforcer introduced last year.
What are your company's flagship products and for what market are they intended?
All of our products help enterprise system administrators secure their desktop and remote systems. We've tried to stay focused on end user systems in the enterprise. All of the products work together to secure the user's system, so in a sense all of them are part of the same market and part of the company's flagship product. However, CyberGatekeeper is the latest product and the strict policy enforcement it provides is such a new concept that it has a lot of room to grow.
How was the business year 2002 for your company?
Last year was challenging, but exciting too. We released the CyberGatekeeper appliance, which was well received by customers. The sales for the personal firewall and the VPN were both solid, and the last quarter of fiscal 2002 was one of the best quarters ever. To top it off, the company was profitable for the sixth year in a row.
What are the biggest threats for the corporate enterprise systems?
A big problem today is the lack of control administrators have at the desktop. Notebooks, PDAs, and wireless connectivity are quickly dissolving the line between inside and out, so it's really important to keep the security applications updated and patch the vulnerabilities.
Securing 99% of the vulnerabilities isn't good enough. An organization will have 100 vulnerabilities left on 20,000 systems and with 10-20 vulnerabilities to take care of, you have thousands of systems waiting to be exploited. This observation may seem self serving given that CyberGatekeeper was designed to address this issue, but we developed it because we felt it was a key problem.
What is your take on the firewall market in 2002 and what are your expectations for 2003?
I'm bullish on endpoint security this year. We've seen some effects of the heightened awareness of security in the government space and I think the corporate market will continue to see value in this area as well.