SafeLogic
What they do: Provide FIPS-2 encryption validation services.
Problem they solve: FIPS 140-2 is a U.S. government computer security standard used to approve cryptographic modules in security systems. Validation is required to sell security products to the federal government, but the certification process is slow, painful, and expensive.
To achieve FIPS 140-2 validation, vendors need to build or source crypto modules, and then hire consultants to help them complete the process. This typically takes 12-18 months, many hours of work from the engineering team, and hundreds of thousands of dollars.
Yet, entering the federal market is attractive enough – due to the sheer volume of dollars being spent and for the credibility earned by supplying the government – that many software vendors consider the long, hard FIPS 140-2 certification process simply part of the cost of doing business in this space.
How they solve it: SafeLogic provides software and services that work together to yield FIPS 140-2 validation in less than 8 weeks, with “zero effort required from the vendor’s engineering team and at substantial cost savings.”
SafeLogic says that it can help its clients enter the federal market a full year ahead of those following the old, labor-intensive way of getting FIPS 140-2 validation.
Big50-2017 winner @SafeLogic streamlines FIPS 140-2 cert for gov security vendors. #Big50 #Startups http://wp.me/p330ZZ-hu Click To Tweet“Entering the federal market a full year ahead of their rivals is huge. Doing it for less money is even better, and not having to divert engineering resources for the project is the cherry on top,” said Walter Paley, SafeLogic’s Director of Marketing.
Headquarters: Palo Alto, CA
CEO: Ray Potter, who previously founded Apex Assurance Group.
Year Founded: 2012
Funding: The startup has received an undisclosed amount of seed funding from Apex Assurance Group.
Competitors include: Encryption modules are available from Mocana, and DIY vendors can use open-source encryption modules, such as OpenSSL and Bouncy Castle. FIPS 140-2 validation services are available from a number of consultants, with Corsec being the biggest.
WolfSSL is another up-and-comer in this space, but they’re less likely to compete for the same projects with SafeLogic, since WolfSSL has a narrow focus on embedded computing.
Customers include: Hewlett Packard Enterprise, Symantec, CA Technologies, Viptela, Singlewire, and others.
Why they’re in the Big 50-2017: SafeLogic won the online voting and social media engagement competition in group 1. While accelerated validation services typically wouldn’t be on the Startup50 radar, when a startup wins the online voting for its group, we sit up and take notice. You win, and you’re in . . . unless we have a darned good reason to keep you out.
With SafeLogic, the deeper we dug into their story, the more we liked this startup.
We expect that more and more consulting services will come under siege from automation. We also expect a hybrid software-service model to be the logical next step in the progression. “Productizing” consulting isn’t easy, but startups like SafeLogic are starting to figure out how to do it.
