Important News:SafeLogic's CryptoComply Achieves FIPS 140-3 Validation for 28 OEs and Receives Certificate #4781! Read the blog post!
April 18, 2013 •Walt Paley
... in fair Silicon Valley where we lay our scene ...
This week, SafeLogic posted our first two case studies. (You can download them here.) While I will leave the particulars as a treat for those who read them, here are four reflections that I'd like to share on the similarities between these use cases. Don't worry, I won't write them in iambic pentameter.
- Both customers have sparkling reputations for security, assurance, and reliability. Neither has any appetite for risk in that regard. SafeLogic is a new company, but the expertise of the founders soothed any hesitation and both chose to stake their credibility on the quality of our products.
- Both are extremely large companies that recognize the value in letting their engineering team specialize. Pulling people off of their core tasks in order to learn on the job and reinvent the wheel is something that established teams like to avoid whenever possible. This allows each developer to maximize their time on responsibilities for which they are best suited.
- In addition, in both cases, the client recognized the value proposition of offloading cryptography to SafeLogic. Both are large enough that they could reasonably invest in the R&D of an in-house solution, but both deemed it unnecessary and found the best ROI to be in this scenario. SafeLogic has already done the heavy lifting, and will aggressively maintain the product certification. This saves clients from a massive expense and continuing headache, and offers the immediacy of 'Drop In Compliance'.
- Each client seeks clear differentiation from the market. In the eyes of the federal government, using an unvalidated cryptographic solution is equal to using none at all. Unless you can rely on the independent validation of the module, you cannot rely on it at all. Both of these cases recognized that their end users come to them looking for the absolute best in class, and that meant being able to answer 'Yes' to the questions of compliance.
Although the title of this post references the most famous tragedy of all time, this story definitely has a happily ever after. Every one of these points apply to companies smaller, leaner, and with fewer resources than these two customers. In fact, they aren't just relevant, they take on even more importance. The costs associated with traditional paths to compliance are extremely high, and they represent a more significant investment by ratio to smaller companies. So if the ROI makes sense for companies who can afford to absorb long term costs, you better believe that it pencils out for everybody.
