Business Weekly - Cambridge, UK

NCipher

Cambridge based internet security specialist nCipher plc is among the first entries for the 2005 East of England Business Awards and has quite a story to tell. Cambridge based internet security specialist nCipher plc is among the first entries for the 2005 East of England Business Awards and has quite a story to tell.

It has been a year of growth and maturity on a global stage for the business, which has entered the Innovation, Growth & Expansion and Quoted Company of the Year categories of the Awards.

nCipher has continued to see strong year-on-year sales growth, as evidenced by its recently posted first quarter and interim results.

The company reported an operating profit of £0.5m for the last quarter – up from £0.2m in the first quarter. Net profit after tax was £0.8m (Q1: £0.5m) on revenue 6 per cent higher at £4.1m.

For the six months ended June 30, nCipher turned a 2004 first-half loss of £0.8n to a profit of £0.7m. Total revenue was £8m – up 25 per cent. The company also had a strong closing cash balance of £43.2m.

During the reporting period, nCipher secured significant deals with Volvo Group, the Irish Department of Defence and the UK Passport Service.

CEO Alex van Someren hinted at possible acquisitional activity ahead when he revealed: “Our cash reserves remain strong and we currently intend to retain them in order to allow us to exploit strategic opportunities as they arise.

“‘Overall we remain confident that we can continue to grow our revenues and thereby achieve growth in operating profits for the full year 2005.”

nCipher is a leading prov-ider of cryptographic security, enabling customers to meet the challenges of verifying identity, protecting data and complying with security regulations. Its solutions provide a unified approach to cryptographic management providing strict access controls and high assurance trusted processing, overcoming traditional issues of scalability, performance and weak platform security.

World-leading organisations work with nCipher to protect security critical systems such as web site infrastructure, online banking and payment processing networks, PKI, web services, databases and digital rights management schemes.

nCipher reports that dep-loyments of public key infrastructures (PKIs), in which digital certificates are issued by a central authority to identify people or devices, are becoming an increasingly regular feature of the IT security arsenal both within enterprises and across consumer communities.

Alex van Someren said: “We believe we have leadership in the market for the hardware security modules (HSMs) used to safeguard the cryptographic keys which are central to a PKI, and during the first half 47 per cent of our revenues arose from such business.

“An example of a customer using our products in a PKI implementation is Volvo Group. We announced during the quarter that they are using nCipher’s nShield HSMs to underpin the security of digital certificates used by their global email system servicing more than 80,000 employees.”

Part of nCipher’s success is attributable to identification of strategic trends. One that holds much promise for the business revolves around a growing need for data-centric security.

van Someren said: “IT security is changing. The 21st century enterprise increasingly connects employees, customers, partners and suppliers over open networks.

“The business advantage for organisations that move away from the traditional reliance upon a security perimeter, or wall around their business, is clear.

“Transacting over open networks offers significant cost advantages and faster time-to-market, provided that organisations do not allow open networks to expose their business to unacceptable risk or weaken their adherence to increasingly stringent data privacy regulations.

“At a time when the frequency of high-profile, insider attacks is increasing dramatically, any move to soften the traditional network security perimeter can only be considered if other controls are in place.”

An international group of chief information officers from organisations including many of nCipher’s customers, known as the Jericho Forum, is gaining wider participation and recognition: its membership includes Barclays, Boeing, BP, HSBC, ICI, Rolls Royce and Royal Mail.

The Jericho Forum aims to drive the standards for a new security architecture that will align technology and business more closely with an open, internet-connected world in which organisations rely less on their network perimeter for protection - hence the scriptural reference to ‘the walls coming down’.

Earlier this year membership of the forum was extended to include security vendor organisations and nCipher was among the first to join. nCipher also submitted a highly-commended white paper to the first ‘Jericho Challenge’, an opportunity to design and describe a secure architectural solution that is open, interoperable, viable and operates in a de-perimeterised environment.

van Someren said: “In order to reap the benefits of open, interconnected systems while at the same time managing risk and meeting compliance requirements, the new goal must be strong protection of the data itself so that it can move around freely and yet still remain secure.

“To achieve this, enterprises must first be able to accurately and reliably confirm the identity of authorised people and the IT equipment such as desktop PCs, laptops and PDAs which they use to communicate.

“As a result, enterprises are turning to security industry initiatives such as identity management, strong authentication, digital rights management and trusted computing.

“These technologies form the cornerstones of the new de-perimiterised approach and each in turn rely heavily on the use of cryptography, which is nCipher’s core area of expertise.”

Further momentum is evident in the development of the ‘trusted computing’ technology championed by the Trusted Computing Group (TCG), of which nCipher is a also member.

During 2005 Dell and Fujitsu Siemens both announced that they would begin to ship laptop and desktop PCs which include TCG-compliant embedded security devices on their motherboards.

These devices provide a safe repository for key information which uniquely identifies the computer and protects secret information belonging to the primary user, rather like the SIM card does in a mobile phone.

ncipher says this wider deployment of hardware-based security will increase the demand for scalable enforcement of security policies, which will in turn increase the need to manage large numbers of sensitive cryptographic keys.

nCipher’s core expertise in cryptography positions us particularly well to service this increasing demand, and we anticipate it will be a significant driver of growth for us in 2006 and beyond.

Since the end of the reporting period, nCipher has announced the first element of its strategy to address the implications of the de-perimeterised environment.

nCipher keyAuthority is a software solution that centralises the administration and distribution of sensitive cryptographic key material to servers within enterprise IT environments.

keyAuthority satisfies the need to deliver keys to a wide variety of end-point systems, on demand and in a highly resilient and scalable manner without requiring modification of the applications that actually use the keys.

keyAuthority manages both symmetric and asymmetric keys and is described as the perfect complement to existing PKI deployments.

van Someren said: “We expect to make further announcements about the technologies and partnerships which can help to deliver our vision of comprehensive data protection within both traditional and more de-perimiterised IT architectures over the coming quarters.”