Making security easy

The more the federal government relies on information technology to run internal operations and deal with citizens, the hotter the issue of network security becomes.

"Federal agencies continue to get hit by hackers. There's no [chief information officer] in town who's not worried, concerned and constantly figuring out how to protect his systems," said Joe Leo, cor.porate vice president of Science Applications International Corp. and former CIO of the Agriculture Department.

Enter Sigaba Corp., a San Mateo, Calif.-based start-up that has two important ingredients to make its presence felt in the federal IT market: a simple and powerful e-mail-based security product and investors who have a track record of picking winners in the federal IT arena.

SigabaSecure, the company's software, encrypts and decrypts e-mail messages automatically, without the need for user registration or access to a public-key infrastructure.

While the General Services Administration is overseeing the development of federal PKI efforts to enable secure electronic transactions, Congress has expressed concern about deploying a PKI system throughout the government because it is expensive and cumbersome to use, according to sources. To send or receive e-mail securely in a PKI system, a user has to have one unique mathematical key to "sign" messages and another key to encode or decode the message itself. These keys reside on the user's hard drive, meaning the user can't send secure e-mail from another computer.

Sigaba's system, on the other hand, works with any widely used e-mail program and on any computer with an Internet connection. It is interoperable with a PKI system, but requires no key. "We decided that whatever we designed had to be brain-dead easy," said Jahan Moreh, Sigaba's chief security architect and a former researcher at AT&T Bell Laboratories. "People who use e-mail regularly aren't techno-weenies. They don't want to struggle with their messages."

Sigaba authenticates both senders and receivers of its encrypted e-mail by requiring that they have valid passwords to their e-mail accounts. The system also allows senders to control when the key to encrypted mail is released and how long the key is available. In addition, "with Sigaba's system you don't need the scale you need with PKI, so you can use Sigaba with a much smaller user base and it's still economical," said an IT expert who asked not to be identified.

At just 2 years old, Sigaba might have about the same chance of gaining recognition in the crowded federal IT market as most other security companies.

But the company has more going for it: It boasts a high-profile roster of executives and investors. Chief executive officer and chairman Robert Cook founded several successful high-tech ventures, including WebMethods Inc., a maker of systems integration software. And major investors include Dan Young, former CEO of Federal Data Corp., a systems integrator and software solutions provider purchased last year by Northrop Grumman Corp.; John Toups, former president and CEO of IT and engineering consulting firm Planning Research Corp., now a subsidiary of Litton Industries Inc.; Sudhakar Shenoy, former CEO and president of Information Management Consultants Inc.; and Tom Hewitt, founder of federal market consulting firm Federal Sources Inc.

"I believe the winner in e-mail security will be the first person who comes up with a solution that's affordable, easy to install and manage, interoperable and easy to use. If you don't have those points, people will defeat the system," Hewitt said.