Interview with Erik Kangas, President of Lux Scientiae
by Berislav Kucan - Wednesday, 15 January 2003.
Erik Kangas has a Ph.D. in theoretical physics from the Massachusetts Institute of Technology and is currently President of Lux Scientiae, Incorporated, an Internet services and consulting company based in Boston, Massachusetts. In the interview, Mr. Kangas talks about his company, email security services and the state of secure messaging.

When and with what mission was Lux Scientiae started?

Lux Scientiae was founded in 1999 (then under the name InfiniteDimensions; the name changed to Lux Scientiae in March of 2002) with a two-fold mission. First, to provide Internet consulting services to companies developing database-driven, e-commerce, international, or secure web sites and web applications. Second, to deliver the unusual combination of very responsive and knowledgeable technical support, reminiscent of RackSpace's "Fanatical" support, and a robust and featureful hosting service offering that any technically knowledgeable person would find very satisfying and the newbie very intuitive.

The emphasis of our hosting service offering has been refined somewhat over the years, now emphasizing email hosting in general, and SPAM filtering, IMAP connectivity, and security in particular.

What are the security services your company specializes in?

We specialize in secure email services: IMAP, POP3, SMTP, and WebMail over SSL to provide server authentication and protection from eavesdropping to our clients. We also offer a separate product called "Fort Lux" which is an easy-to-use web-based method of sending and receiving encrypted, signed, and trackable messages that works with any existing email solution that you may have.

On the web hosting front, Lux Scientiae provides secure web sites (over SSL), and managed dedicated servers (Linux or Windows) where we will manage the security and administration of the servers for you.

Furthermore, Lux Scientiae works with many of its clients to improve their web site security by improving and implementing authentication and encryption methods appropriate to the sensitivity of their applications and data.

Is there a market for secure messaging and how big is it?

There is definitely a burgeoning market for secure messaging; unfortunately (fortunately for us) there are not many providers out there that offer a wide range of services. To a large degree, this market currently consists of security professionals, people in professions that deal with sensitive information, and those who understand the inherent lack of security existent in email and don't want to be caught short.

This market is growing. With the finalization of the HIPAA regulations expected late January, 2003, a large segment of the Internet community, all health care workers, will be required to start implementing secure messaging solutions or face fines when the regulations start being enforced. Other segments will follow suite: legal firms, government agencies, accounting and financial companies, etc. The need is there and people are and will be starting to see that and take action.

Should regular business e-mail be encrypted?

Regular business email that gets routed outside of a company's firewall onto the general Internet should be encrypted. The reasons for this are very straightforward. Outside of their firewall, a company has no control over the information. It can be copied and backed up purposefully or automatically on any number of servers. Unencrypted, these messages can be read by anyone with sufficient access to these machines (or, indeed, by anyone sniffing the network traffic). If backups are made, this information may be read months or years later by unknown parties long after the original messages were deemed deleted.


What's the real cost of a security breach?

The majority of business decision makers admit that their organisation will suffer an information security breach and that the cost of recovery could start from around $1 million.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Fri, Feb 12th