It all started with a lost USB drive
When Jakub Mahdal’s USB drive went missing over 10 years ago during his studies at the Brno University of Technology, he realized that it could happen to anybody. And unlike his, their drives could contain more than just a couple files for school – they could contain very sensitive company data.
This is why in 2007 he started working on the first security product called Discriptor to help encrypt drives. That was only the beginning, though. “A solution like this only helps when the same person is encrypting and working with the data. It doesn’t prevent data leaks on other channels, such as when a file is sent to an incorrect email address or copied to an unsecured device,” adds Petr Žikeš, current CEO at Safetica Technologies.
In 2009, Mahdal and his team started to develop a solution for data loss prevention (DLP), and two years later they launched the first generation of Safetica DLP – the first purely Czech DLP. Today, the company is still selling subsequent generations of that solution.
Sharing data protection knowledge
According to Žikeš, Mahdal’s idea was revolutionary, but the path towards today’s success has been a bumpy one. At the time, most companies thought security just meant installing an antivirus and firewalls – they had no idea there were other aspects of ensuring data protection.
Unfortunately, that situation hasn’t improved much in recent years. Safetica Technologies is still seeing that there are companies with dangerously limited knowledge of the topic as the DLP field is now shifting to a discussion that comes with digitalization. “Even today, owners of companies are still unaware of various security threats. Mass media only reports on the data leaks at huge global companies, but small companies lose sensitive data as well,” adds Žikeš. He says there is more to worry about than just the infamous data leaks of user accounts and stolen credit card information. A leak of data relating to know-how can cause much more damage to a company. “When an employee takes some drawings or contacts from their employer and uses them in starting a competitive company, it saves them the time and money of starting from scratch, but as a result their employer can end up losing millions. We’ve seen dozens of such examples in various regions in the Czech Republic alone.”
In 80% of cases, data isn’t stolen but gets leaked due to a lack of knowledge on the part of employees. “Designers often forward company files to their private email accounts or upload them to a public storage space so they can work on the project at home. In terms of security, this isn’t the best of ways to work with data,” explains Žikeš. He adds that their system is able to detect when a user sends some files outside the company’s secure perimeter.
DLP in just three clicks
Several DLP systems predate Safetica, but they were designed with large companies in mind. As a result, their implementation was complicated, labour-intensive, and in many cases took years to achieve. Jakub Mahdal’s main vision was always “DLP in just three clicks”. While that simple of a goal still remains in the realm of science fiction, Safetica continues to get closer and closer to it. “We want to create a solution so easy to implement that it becomes accessible to small companies as well. Safetica DLP starts providing benefits within just a few hours after implementation,” says Žikeš. The system is also suitable for small to medium-sized companies, i.e. customers with 30+ devices, while a typical customer operates hundreds of devices, and some are much larger, operating thousands of workstations.
Today, Safetica Technologies is one of the main players in data loss prevention. At the beginning of 2019 it was awarded several prizes: it won in Red Herring TOP 100 Europe, a very prestigious competition, and placed very well at the Cybersecurity Excellence Awards in the Data Leakage Prevention category.
The secret to the solution’s simplicity lies in its pre-set templates for usual scenarios and security policies, such as the European GDPR or the American HIPAA for protection of health information. This makes it relatively easy to set up for specific customers in specific countries.
The next generation of the product, a cloud-based one, should go even further in simplifying this implementation.
External investments saved the project
“The path we took wasn’t exactly the simplest one. When developing software primarily for end-point devices you need to overcome a lot of obstacles,” says Žikeš, referring to the fact that their solution has to support various environments. And not only various platforms, as the variety of languages used by individual operating systems plays quite a role as well.
This requires a lot of investment into development, which is why several investors gradually joined the company and helped ensure a quality product before launch.
From the very beginning, Jakub Mahdal wanted to offer his product to the entire world. However, in 2013, he turned his attention elsewhere: at the time, Safetica Technologies had several dozen customers, but lacked substantial feedback from them. That’s why Mahdal decided to focus primarily on the local market and thoroughly surveyed customers to determine their needs. This allowed the company to modify the product so it was soon ready for another wave of expansion. At the same time, Petr Žikeš – who had originally worked for Safetica Technologies as a support manager – became the company’s CEO.
In 2016, Safetica Technologies opened a branch in the USA and joined the ESET technology alliance, whose huge distribution network helped it a lot. “At the beginning of our cooperation, we often received orders from countries that I wasn’t even able to find on the map,” remembers Žikeš, smiling.
Currently, the company has customers in over 95 countries around the world and has been preparing to further expand and strengthen the markets with bigger potential, e.g. Great Britain, Ireland, South Africa, and the USA.
Preparing for fivefold growth
As part of the JIC Platinn program, a mentor from Brno-based company Ysoft has been helping Safetica find the right paths. In appreciation of their cooperation, Žikeš says, “Their business model is very similar to the one we have, and they’ve already explored many directions that eventually led to dead ends. At the same time, however, they showed us the ones that brought them some results.” He adds that the mentoring helped him most with identifying markets and looking for distributors to expand abroad.
Currently, Safetica Technologies and 70 of its employees are based at the premises of JIC. Over the next three years, though, it plans to grow at least five times over, so it will soon have to look for some new premises. It also plans to put more effort into attracting talent from abroad.
“It’s great to be in touch with other companies from our discipline, such as Flowmon or Greycortex, as we can get feedback directly from them as well,” says Žikeš about why it’s good to be based in Brno. They’d like to stay in Brno because – thanks to the JIC and local universities – they are always able to find interesting talent here.