An entrepreneur's story

16 March 2017

Mum and dad with three kids. They moved to another city a few years ago because of work. A family like so many others, but not quite. Because this family has built up a successful IT security company in the US, attracted Google and Facebook as their first major customers and met Barack Obama.

 

I started telling the president about our company, but he interrupted, saying that he already knew all this, and that was why I was there.

Stina Ehrensvärd, self-employed and founder of Yubico.

 

The path to America's president however, was full of twists and turns. The truth be told, it was quite rough at the beginning.

 

 

A company in the security industry takes time to establish. It's not like creating an entertaining app that can generate millions in just a few weeks. You have to build up trust for anyone to be interested, but no one wants to be the guinea pig. That's why it was so difficult for us at the beginning.

Stina Ehrensvärd, self-employed and founder of Yubico.

 

 

What Stina was struggling to market was a physical USB key, Yubikey, that generates one-time passwords, enabling secure login regardless of location and without having to download any software. In short, a simple way of preventing unauthorised access to computers, servers or Internet-based accounts. It can be compared to banks’ security devices, except simpler.

 

 

We worked on this for three years without any greater market penetration until one day in 2011, when we received an email from a developer at Google. He'd taken a liking to our product and appreciated that we offered it with open source software.

 

 

Collaboration with Google

On that day, everything changed. Google began using Yubico’s key internally and offered to help with development of a more advanced product.

 

 

You could say that Google became our beta tester. And it didn’t stop there. Immediately thereafter, Facebook got in touch and we suddenly had agreements with two of the absolute coolest companies in the world.

Stina Ehrensvärd, self-employed and founder of Yubico.

 

 

Stina and husband Jakob, who is the company’s CTO, understood that it was now or never for them. They decided to take the kids and move to California. They chose a strategic location to make their home, midway between Google’s offices and Facebook’s. 

 

 

Lots of people were shaking their heads when we moved, but we knew we had to be close to our customers. It's not enough to show up now and then for visits, wearing a nice tie and all. It just doesn't work that way. Our engineers have to interact directly with Google's and Facebook's engineers. We have to be close to them and understand the threats they see, how they work and how we can develop our products to help them. And by the way, about the ties, no one wears them here.

Stina Ehrensvärd, self-employed and founder of Yubico.

 

 

Google began with buying a few hundred keys from Yubico. Soon thereafter they were buying thousands of units. 

 

 

With time they purchased hundreds of thousands of keys. We'd then realised that it wasn’t just a matter of a single product, but that we were actually developing a new global standard for secure login. The standard is now called FIDO U2F and is administered by an industry consortium with a number of major players on the board.

Stina Ehrensvärd, self-employed and founder of Yubico.

 

 

Everyone loses when the cloud is hacked

You might think that the other major Internet-based companies would turn up their noses at a standard developed by Yubico in collaboration with Google, but it doesn't work that way.

 

 

On the contrary, in this field, everyone wins by development moving forward. Everyone loses if the cloud is hacked and credibility declines for these types of solutions. You can draw a comparison to the automotive industry. Volvo developed seat belts and made them available to all automakers, both for the good of the customers and the industry. The same thing with air bags. We wanted to be the security world's counterpart to Volvo, you might say.

Stina Ehrensvärd, self-employed and founder of Yubico.

 

 

Just as Volvo during the golden years, the operations Yubico has built up are also quite profitable.

 

 

We benefit considerably by our business concept that involves selling via the Web. The least expensive product costs about $18 and the most expensive $50. And then there are the various software applications, developed by an active open source community. This has enabled sales of millions of units in 150 countries around the world. All with relatively little marketing and a small sales team.

Stina Ehrensvärd, self-employed and founder of Yubico.

 

 

“The President wants to meet you”

The customers of today are not just the cool Internet-based companies, but even government agencies in the US, for example. That agreement also had an odd beginning.

 

 

I was participating in a large security conference when I suddenly received a short text message on my phone: ‘The President wants to meet you.’ I naturally accepted and soon found myself in a room standing in front of Barack Obama. What do you say then? How do you pitch your wares to the President of the United States?

Stina Ehrensvärd, self-employed and founder of Yubico.

 


Stina began by explaining about the company and the benefits the new standard would provide in securing the identities of America’s citizens. She didn’t get far before the president interrupted her and explained that he already knew all this, and that was why she was there.

 

After just a few short minutes, the meeting was over. When Stina was standing there afterwards and thinking about what had actually happened, she didn’t know if there would be a continuation. Whether it would be a cool memory to share, but otherwise run out into the sand. And time passed with nothing else happening, but then one day, an invitation to the White House arrived.

 

 

I didn't get to meet the president, but rather some of his staff, who helped in moving things forward. The idea is to create a counterpart to the Swedish Bank ID solution, but with an inexpensive, open source standard that is not controlled by the banks, the Internet companies or the American authorities, but that enables people to easily and securely log in at American e-gov sites.

Stina Ehrensvärd, self-employed and founder of Yubico.

 

 

Whether the initiative will be implemented, and in such case when, Stina cannot say with certainty. The American wheels grind slowly. Even with presidential assistance. But however it turns out, the small company that no one dared to put their faith in has undeniably come quite far.

Hans Danielsson

Business Area Manager

hans.danielsson@combitech.com

+46 (0)13 18 00 17

Other news

29 October 2020

How do you know if your system is secure, if it has never been tested?

Combitech contributes to a safer and more secure society. An important part of this work is performed by our penetration testers. Their work is to simulate hacker attacks in order to find vulnerabilities and weaknesses in networks and systems. Three of Combitech’s sharpest pentesters, Christoffer Olsen at Combitech Denmark, Michael Johansson at Combitech Sweden and Olav Sortland Thoresen from Watchcom in Norway explain what they do, how they do it and why their work is vital to many companies.

3 April 2019

A Holistic Approach to Cybersecurity

The capabilities and motivations of attackers to go after operational systems in infrastructures critical to society’s resilience are omnipresent. But these sectors are traditionally not prepared to deal with such security threats. It is time to wake up!

21 November 2018

Your organization is “GDPR compliant”, but do you perform penetration tests?

Today’s organizations are facing an ever-expanding set of legal and regulatory compliance requirements regarding how they must handle sensitive information, how they must ensure the resilience of their digital processes, and how they must protect the privacy of individuals. Organizations must not only operate within legal and contractual boundaries but do so in a way that creates the business value that their stakeholders expect of them.

Want to know more?