Start-ups to watch: The Key Revolution’s Mobiu

The Key Revolution (TKR) has brought together the innovations of cloud computing and ‘chip and pin’ security technology to create a unique answer to the problem of secure remote working and collaboration with Mobiu. The service backs up data to a secure encrypted online MobiVault; enables collaboration and file sharing in MobiRooms; and uses a SIM (chip used in mobile phones) equipped USB drive for secure two factor authentication and to provide portable applications, e.g. secure anonymous web browsing.  Mobiu is based on technology created and patented by Vodafone, with a platform hosted by NTT and powered by Sun Microsystems.

Mobiu uses the secure ‘chip and pin’ (Personal Identification Number) technology, which banks use to reduce online banking fraud in the UK by 67 percent during the first half of 2007.  Single factor authentication of ‘username and password’ has been proven time and again as inadequate; its not how many bits are devoted to encryption, it’s the human link in the security chain that is weakest.

A study by digital communications agency @www, reveals that 61% of web users use the same password for all their online accounts.  According to RSA, the need for end-users to memorize passwords results in less secure management, with 25% of respondents storing a password spreadsheet or document on the PC, 22% said they record passwords on a PDA or other handheld device and 15% keeping a paper password record in an office/workspace.  People need easy to remember passwords and those passwords often prove easy to guess or are easily found, hence the need for another factor in the authentication process.

Chip and PIN provides two-factor authentication, that is a simple easy to remember PIN and a Chip module (SIM equipped USB), only when you physically have the Chip and you enter the correct PIN can access be granted, which enables Mobiu to provide secure access to your data.  Secure and encrypted online storage and back-up with MobiVault provides virtually unlimited storage, and can only be read by the Mobiu owner of that data and those Mobiu customers authorized by the owner of that data.  Should the Mobiu be lost, data is easily recovered from the MobiVault and the Mobiu can be immediately deactivated.

The Secure Remote Working Landscape breaks down into three broad technology segments shown in this diagram.

  • Browser based.  Secure remote access services that use the web browser on any PC, generally taking advantage of the SSL VPN (Secure Socket Layer Virtual Private Network) capability provided by the browser.  The main weaknesses are it requires the browser have the latest secure updates, no malware (malicious software) present, and it generally only uses single factor authentication.
  • Client based.  Secure remote access applications installed on the laptop.  The main weaknesses are it requires the user to carry around a laptop, but more importantly the data is stored on the laptop, so when the laptop is stolen the company’s data is at risk, and it generally relies upon single factor authentication.
  • Secure USB drive based.  These are USBs with software and/or hardware modifications to enable them to securely store data, however, most rely upon single factor authentication, rather than the more secure ‘chip and PIN’ technology, and do not offer the supported remote working and collaboration service package provided by Mobiu.

In the US there have been approximately 217 million records stolen in the past three years through laptop theft, 2005-2008, according to Paul Stevens, Director of Policy and Advocacy with Privacy Rights Clearinghouse (a private advocacy group).  At a typical cost of $182 per record, that’s nearly $40B over three years!  FBI & CSI’s annual Computer Crime and Security Survey of 2006 stated that 47% of computer security professionals surveyed reported a laptop theft over the past twelve months.

It’s not a matter of if; it’s a matter of when one of your company’s laptop will be stolen.  So Mobiu gives companies the option to either avoid carrying laptops yet still work remotely, or if they do carry laptops store company data with a secure two factor authentication USB.