PalmTree’s LiveEnsure – Cloud Computing SaaS Authentication

Palm Tree Q410 Highlights

• Releases LiveEnsure Cloud-based SaaS user authentication service
• Lengthy due diligence trials with banks cancelled following the credit crunch in September 2008
• Survived the downturn by moving away from devices to SaaS
• Wants to be ‘the Google Maps’ of authentication for developers
• Prices by transaction rather than annually
• Targets all e-commerce providers and applications, web developers, solutions providers and all verticals including Telecoms and Financial services,
• Offers ‘high volume, low value’ solution
• Cross-platform solution – desktop, laptop, mobile and tablet

Palm Tree – A Difficult Journey Paved With Good Intensions

I’m very interested in how the credit crunch affects the IT market, not least because I started life as an independent analyst in 2009 and chose to size the market at a time of the worst decline in sales the industry has ever experienced. My intention was to tell the truth about the decline at a time when major research companies and vendors were in denial. My rationale was that I would also be the first to plot the recovery accurately and help suppliers with vital planning information.

In talking to PalmTree recently I came across a very real and interesting story. Ross Macdonald is currently the company’s CEO. He described the history of the company as follows:

• Along with others he put some money into the development of algorithms for digital music files back in 2004.
• The company sought to raise money via an IPO in 2005. Although these plans failed the company did succeed in launching an identity security product called ID Insure 1.0 designed to help underwrite insurance policies.
• In 2006 they used more investment money from Close Brothers and friends and family to target banks, choosing Brazil as their first port of call. It also launched ID Insure 1.1 which
• By 2007 it was running a number of ‘proof of concepts’ in Brazil with an approach firmly linked to the VMWare virtualisation environment. It expanded its reach to the UAE and stimulated interest from banks in the USA, Canada and Turkey. AON and United Insurance Brokers became channel partners. Ross remembers the lengthy due diligence process Lloyds bank put the company’s solution through involving the approval of six different divisions. The product evolved into an enterprise blade server appliance.
• By 2008 (when Ross joined as an executive member of the company) the company had ongoing trials in 3 UAE banks (in addition to those in the UK and Brazil), Verari and SGI had been signed to provide technical customer support (it had to provide ‘follow the sun’ support to do business in the financial sector), EDS had taken the software into its labs for testing and they engaged with Transport for London as a possible customer for online top ups for Oyster cards (the cashless payment system used on the London Underground)

In September 2008 of course there was the credit crunch. Ross describes PalmTree as a ‘low profile’ victim, but the effects were devastating. All the trials with banks were called off including the proposed deployment for 15 million retail customers at Lloyds. The company was forced to lay off most of its technical staff. His story continued:

• By 2009 they realised it would need partners to get its products into the banks and so turned to Microsoft and Intel – becoming a software development partner for mobile Internet solutions. After a lengthy courtship it put its reseller relationship with Winfrasoft on ice.
• Fairfax had become increasingly involved as an investment partner and by 2010 was the largest shareholder. PalmTree developed LiveEnsure and in the process shifted its focus away from appliances towards Software as a Service (SaaS) solutions. It managed to win third place in HP Labs Global Security Challenge (impressive for such a small company). It also signed up Mo-Call and Paytoo and took LiveEnsure through beta testing to general availability.

LiveEnsure Provides High Volume, Low Cost Authentication

User authentication is an essential task for any company running Web-based subscription services. Typically a supplier has to pay $100 up front for services to authenticate each subscriber to a company such as EMC’s RSA. It’s a risky investment at a time when the customer is unknown and can prove costly if he or she fails to pay for a whole year’s service.

PalmTree believes developers are looking for ‘the Google Maps’ of user authentication and has developed its offering to help suppliers with high volume, low value authentication needs. It believes it is providing an OpenID-type solution in the two-factor authentification (2FA) space.

LiveEnsure is a Cloud Computing SaaS offering which allows payment in single transactions. It has developed a ‘Smart Channel’ connection to authenticate each session (see Figure 1) – a technique it believes is more secure than the normal method of authenticating through the same browser as the application.

Some Conclusions – Cheaper SaaS Authentication Is A Must

PalmTree was forced to transform its business as a result of the credit crunch. Rather than pursue tightly-integrated solutions on specific devices for the banking sector, it has decided to become a modern Cloud Computing supplier. It has already signed up a number of customers such as Paytoo, which demonstrate its intention of addressing massive scale and covering IT and Communications (ITC) applications.

ITCandor believes that established authentication suppliers will find it hard to follow LiveEnsure’s lower cost, by-transaction model for two reasons:

• They would have to develop the technical ability to authenticate via a different channel from the user application session
• They would seriously undercut the pricing of their existing solutions if they did so

As a result we believe that PalmTree will succeed in building a strong business as the use of the Cloud grows for applications requiring secure connections, identification and authentication. It has a good lead over the competition. We wouldn’t be surprised if a larger supplier acquired this small UK Company in future, although this is more likely to be someone like Citrix than EMC’s RSA. For now we’re going to be watching the take up of LiveEnsure. We believe it’s unlikely that a single event – even one as devastating as the credit crunch – will disturb this new part of the company’s journey.

Do you have a good story of how the credit crunch changed your business for the better? As always please let us know your experiences by commenting on this article.