Just weeks after announcing an $18 million Series B funding round, Bluebox Security, a San Francisco, California-based mobile security startup, today officially launched its first product offering.
According to Bluebox, its new cloud-based mobile security solution gives enterprises visibility, control, and security for mobile data, while providing privacy and freedom to employees as they use their mobile devices.
“The new era of mobile security is not about the device or the application,” the company explained on its Web site. “It’s about the data.”
Bluebox, which has been operating in stealth mode since 2012, says its new product secures data at rest, and in transit, in any mobile app on iOS or Android.
Built using ‘data-wrapping’ technology, the Bluebox says its SaaS mobile data security solution delivers:
• Visibility of corporate data as it moves throughout the mobile workflow – With Bluebox, CISOs gain insights into the ‘who, what, where, when and how’ of corporate data. CISOs can inform and dynamically tune security policies based on actual mobile data use, and respond in real-time to security events with surgical precision or comprehensive action to delete, suspend, or lock documents, users, applications, or devices.
• Security across the device, application, and network – Bluebox identifies and dynamically encrypts corporate data on the device, and in applications, as well as secures corporate data traffic end-to-end, from devices to cloud-based and internal applications. Bluebox also automatically detects and protects against platform-level vulnerabilities, application tampering, and jailbreaks for device and app integrity.
• Freedom and privacy for security – Bluebox gives employees the freedom to use any application, maximizing productivity without compromising security. Bluebox’s Instant App Protect secures on-demand any internal or public mobile app, no SDKs or coding required. A transparent privacy dashboard combined with clear separation of corporate and personal data gives employees full visibility into what IT is, and isn’t, tracking.
“The end user doesn’t want to have to care about security and privacy,” Tyler Shields, a Senior Analyst at Forrester, said in a prepared statement. “They expect privacy to be ‘taken care of’ and to be provided to them as a natural right. To be successful, security products must be transparent and seamless.”
“Data goes everywhere in today’s mobile world,” said Caleb Sima, co-founder and CEO, Bluebox Security. “And you can’t secure what you can’t see. We built Bluebox based on feedback from enterprises and employees, which boiled down to two success drivers. First, provide visibility and security of the data so that enterprises trust they are protected on mobile. Second, provide a native and transparent user experience that aligns with the demands of today’s mobile workers. Now CISOs and employees are partners in enabling mobile security.”
Prior to launching Bluebox, Sima served as an “Entrepreneur in Residence” at Andreessen Horowitz. Sima also previously served as Chief Technology Officer for HP’s Application Security Center after joining the company as a result of HP’s acquisition of SPI Dynamics in 2007, a company he co-founded and as CTO oversaw development of WebInspect – a Web application security testing tool.
Co-founder Adam Ely was previously CISO of the Heroku business unit at salesforce.com. Prior to salesforce.com, Adam led security operations, application security, and compliance for TiVo. Before TiVo, he led security functions at Disney.
In July 2013, Bluebox was credited with discovering a serious vulnerability in Android, which would allow attackers to easily turn legitimate apps into Trojans, without affecting the cryptographic signature. In this SecurityWeek podcast, Ely discusses the flaw, which was called an Android Master Key Vulnerability.
More on Bluebox’s mobile security offering is available online.