Rapid7 buys BYOD security firm Mobilisafe

The nature of enterprise security is changing. While it used to be just the data centre and directly attached PCs, it now effectively involves any internet-enabled device potentially being used anywhere in the world. Perimeter defense is no longer enough – and BYOD is driving the change. According to Forrester (January 2012), “59% of firms now officially support personally owned smartphones to some extent.” The business world largely comprises those companies that support BYOD, and those companies that will soon support BYOD. But according to Mobilisafe’s own study (April 2012), “71% of devices... contained high severity operating system and application vulnerabilities.”

This change coincides with Rapid7’s own rapid growth. “We took in a giant round of funding last Fall for $50 million,” CEO Mike Tuchen explained to Infosecurity. The purpose, he said, was to drive continued growth and expansion – geographically, in product development, and through acquisitions. “This last has directly led to the acquisition of Mobilisafe,” he added.

Mobilisafe was started in December 2010 by Giri Sreenivas and Dirk Sigurdson. Both had previously worked with T-Mobile, where, Sreenivas told Infosecurity, they “launched all the Android phones going back to the G1. So we watched BYOD developing from the beginning. We saw a big opportunity around mobile security and started to develop Mobilisafe.” Mobilisafe was only launched commercially in June of this year.

Meanwhile, Rapid7 was taking an increasing interest in the mobile world. “What spurred this on our side,” Tuchen explained to Infosecurity, “is that when we talked to our customers about how they viewed the mobile space, literally 100% said that it was a problem that they needed to solve. Since their staff had bought these mobile devices, and really didn’t want to have to carry two devices (personal and company), more and more of them were being forced to offer BYOD as a policy. But what are all of these devices? Who’s using them? How secure are they? What are the risks? Can I set policies to allow only the secure ones and not the insecure ones? Can I do a remote wipe? All of these are things that security administrators need to be able to do in this new BYOD world - and Mobilisafe is a solution that does just that.”

There are, of course, many companies and products that do the same. Many of them, however, involve intrusive clients on the mobile device and/or extensive administration. “What we loved about Mobilisafe,” said Tuchen, “is that not only does it extend the same type of solution that we have today into the mobile world, it’s a simple – easy to use and understand – solution. There’s no agent on the phone; which many users consider intrusive, having their employer stick an agent on their personal device. This really resonated with the same approach that we use already on our side.”

In short, the unspoken cause of this acquisition is Carl Jung’s synchronicity principle – two companies with such a similar philosophy and attitude that it was inevitable that they would get together. That plus the firm belief that the commercial synergy from combining traditional corporate and new BYOD security will benefit both companies and their customers.

What’s Hot on Infosecurity Magazine?