Tuesday, February 21, 2012

Early Vibe: CO3 Systems

CO3 Systems is a new security company with an excellent position, seasoned management team, and a ton of potential.

CO3 provides a cloud-based service to help companies prepare for, and then navigate through the process of a disclosure event resulting from a breach of regulated data. It fulfills such an obvious need that I am surprised more vendors are not specializing here – every large company will suffer a serious incident and every exposure of regulated data invariably results in expensive pandemonium. CO3 aims to help businesses save significant expense by generating a custom-fit incident response strategy and then providing the tools to manage the complexities of the notification process.

Market need: Most enterprises are affected by several international, federal, and state regulations for regulated data. Furthermore, the regulations regarding consumer privacy and the best practices associated with those regulations can change. Most enterprises are also not in the disclosure security business so CO3 can help educate the business about the potential costs and expected organization and “fire-drill” process when an incident occurs.

Leadership ability: The management team is as strong as they come. In fact, I would feel better about CO3 if they had been thrown from a few more horses. The team lists @Stake, Arbor, Axent, Counterpane, and Symantec in their lists of credits. The only obvious clunker is Authentica and even there engineering was the strength of that company.

Opportunity: The cloud service approach makes a lot of sense as companies will run low-expense what-if exercises most of the time, and then will experience a massive spike in activity when the breach is detected. CO3 will have to figure out how to deliver continuous education/service to maintain a healthy steady-state revenue flow and then price the disclosure service to reflect its value during a breach – without appearing predatory. CO3 can also drive managed service revenues which would make it attractive to large systems integrators, MSSPs, and even insurance companies.

It will be interesting to see how CO3 executes. Most security startups promise to rid the world of an attack or an obsolete security technology, but then have nothing to offer their customers if their product gets beat by a clever attack. CO3 spends the time researching the regulatory disclosure requirements, working with their customers to have an actionable strategy in place, and then helping to coordinate the response. It is one of the few areas in security with clear ROI benefits. They are nicely positioned with an experienced team – look for good things from CO3.

No comments:

Post a Comment