Connect with us

Hi, what are you looking for?


Malware & Threats

Security Startups: In Focus With Sierraware CEO Gopal Jayaraman

Security Startups Feature

Security Startups Feature

Company: Sierraware  |  Who: Gopal Jayaraman, President and CEO

SecurityWeek: How did you start out in the computer field and in particular, security?

Gopal: I have a Masters in electronics. I started in computing mainly by playing around with micro-controllers and building robots. For a long time I was working with micro-controllers and them I moved to the PC-world. When we first went to the PC-lab, people would tell us not to touch them because of viruses. That was a shell shock to me because in micro-controllers it’s all very small, self-contained – and there’s no security. That’s where I got hooked into security. I realized that there are beautiful computers and technology, and these become unusable simply because they get infected when inserting a floppy. What’s the point of having these computers if we can’t use them? Things need to be immensely better to make them more usable. It’s now 15 years of playing with security ideas – network security, operating system level security.

Photo of Gopal Jayaraman, President and CEO of SierrawareSecurityWeek: What brought you to found Sierraware?

Gopal: Gopu Subramanian, Sierraware’s CTO, and myself founded the company two years ago. The one thing that happened in 2009/ 2010 was the realization that PC is dying and we’re moving to mobile computing. This brings about a new paradigm with newer processors and newer operating systems. It’s a good opportunity not to make the same mistakes as with PCs. PCs have no security architecture inside of them – it’s a bunch of patchwork. There are firewalls, anti-virus, anti-malware scanners. Then you also have external fingerprint scanners. We can now come with new philosophies such as least-privileges, and that is something that’s build on new processors. We can come with a product that can be a philosophical enforcer in the system. Everyone that plugs-in can find its place. It’s not a solution where it’s all patchwork. After all these years we’re moving – and we have the opportunity to do it from scratch. People are realizing that security needs to be inside the system and that’s how we got the idea.

SecurityWeek: What does Sierraware do?

Gopal: Sierraware develops and sells virtualization and Trusted Execution Environment (TEE) software. Let me give you a background about TEEs. ARM Holdings has produced a set of hardware security extensions that they call TrustZone. TrustZone enables equipment vendors to run two separate execution environments – a secure and a non-secure environment- on a single processor. Sensitive information can be stored in the secure environment. In the non-secure environment, end users can run both sensitive business applications and non-business apps without risk. The hardware provides the user with the protection and isolation needed to prevent applications from accessing other applications. We provide a Trusted Execution Environment for mobile platforms to help protect mobile payment apps, Digital Rights Management applications, and anti-malware software. For example, our software allows high definition video to run in the secure environment. This means that the video decoding and playback happen in the secure world so that the user cannot take a screenshot of the video or illegally copy the video. The reason is that film studios and companies like Netflix don’t want end users to record what a device is playing. Similarly, with our SierraTEE software, keyloggers cannot steal passwords because sensitive applications store the passwords in the secure world.

SecurityWeek: How did you turn the idea into an actual business?

Advertisement. Scroll to continue reading.

Gopal: I have been building ARM chips for 8 years. One fundamental problem I saw was that ARM had developed the TrustZone hardware extensions, but companies still needed cost-effective software to implement their own Trusted Execution Environments. If you look at an Android tablet, there are three layers. There is ARM, and then the actual System-On-Chip (SOC), and the Android operating system which is running various applications. In between the SOC vendor and Android, there needs to be a bridge, but equipment vendors do not have a way to build that bridge. As a result, there are dozens of small silicon vendors that develop SOCs, but do not offer the necessary security software to help secure applications. We saw the opportunity and said that we will work on the platform. We started implementing the software and we immediately saw interest from dozens of SOC and equipment vendors. Suddenly, everyone jumped on board and got interested.

SecurityWeek: What are your markets?

Gopal: Any kind of computing platform that handles sensitive data such as a mobile with credit cards, HD media, and industrial apps like power smart grids. Take for example Stuxnet which affected the Siemens controller. They stole the device key from the non-secure world. Once a device key is stolen, any app can be installed on the device. Anti-virus software would not identify it as malware because it’s running with the device key. So, we work with government and satellite communications, airlines, mobile phones, smart-grids, M2M communications.

Any of these new platforms have the same fundamental problem: a highly sophisticated operating system which is hard to certify and protect. Besides our Trusted Execution Environment, we’ve also developed virtualization software for embedded devices. With our hypervisor, equipment vendors can run multiple operating systems on their devices at the same time. Our SierraVisor hypervisor can be used in a wide range of products from cars to smart TVs to to ARM-based servers, and more.

SecurityWeek: At what stage is Sierraware now?

Gopal: We are self-funded so we are lucky where we are. We have 20 employees and we already have a market with customers from the mobile, automotive, and industrial industries.

SecurityWeek: What’s your business model?

Gopal: We work with OEMs that make mobile phones, TVs and system designers. It’s an OS-licensing model since they all have a chip, on top of that there’s Android and we provide the layer in-between.

SecurityWeek: Who are your biggest competitors?

Gopal: In-house development shops. Some of the established vendors decided to take the work and do it by themselves. There’s also market confusion since people hear mobile and containers and think McAfee.

SecurityWeek: What is your biggest challenge?

Gopal: Hiring a team. Building a team is difficult since we require a particular expertise – chip-level programmers who write directly on a chip. When we saw that wasn’t too easy to find, we built programs to train and develop problem-solving engineers. Training takes six months so there’s the high cost of hiring and training. The second challenge is that the chip-making companies are all over the world. Previously, manufacturers were only in Silicon Valley. Now companies are everywhere – France, China, South Korea, Israel, India. It’s difficult to create a sales force and address this type of market. You have customers in every single continent and you need to consider time zones, languages, and travelling requirements.

SecurityWeek: Any tips for other entrepreneurs starting out?

Gopal: There are three: First, be hands-on. If you’re at the mercy of someone else and asking someone else to do it – that’s tough. If you can do it on your own and get to a point of having a proof of concept, then you have an opportunity. Second, pre-plan funding and life for the next 2-3 years since you’re building your life for those next two years. Third, have lots of patience. There’s going to be a lot of ups and downs, but if you’re going down a path, stick to it for a couple of years. Those will be the hardest times, but see where it goes before you change your mind.

SecurityWeek: Other than yours, what is your favorite startup – whether it is in security or not?

Gopal: My favorite startup is one that I worked for – Cavium. It was a startup 8 years back and now it’s a $400M company. The biggest thing about them was their poise and execution. No matter what was the competition – it could be a multi-million company- they were relentless. I saw them grow from a startup and I loved that about them.

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.

CISO Strategy

Security professionals understand the need for resilience in their company’s security posture, but often fail to build their own psychological resilience to stress.


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.