archTIS turns top-secret data success into global growth trajectory

Issues around data security and access have become increasingly important but most companies’ solutions “don’t understand the depth of the problem,” warns the CEO of an Australian software provider whose ASX listing this week marks the beginning of a rapid expansion phase.

Too many companies had tried to retrofit data control mechanisms on top of existing data solutions but Canberra-based archTIS learned years ago that the only way to effectively manage data with high granularity was to build low-level, enforceable controls into the data-management platform from the beginning.

That’s the core conceit of archTIS’s Kojensi platform, which emerged over a decade ago as the company began pushing its technology to a base of government and military customers that have embraced the tool for managing top-secret data.

Kojensi’s attribute-based access control (ABAC) design allows data access to be tied to particular user-set permissions that enable data owners to restrict access to their data based on a range of criteria other than just a username and password.

“Instead of looking at open collaboration tools and content systems, we had to build one with the security model embedded at the base of it and build on top of that,” CEO and executive director Daniel Lai told CSO Australia.

“When everybody else only new about role-based access control, we turned it upside down with more-granular access controls,” he explained, “so that access can be controlled not just by the person but by their security clearance, nationality, location, and which network they are coming in on. We had to make sure the security controls emulated the way that users produced, shared, and consumed information.”

Tight data controls were naturally crucial for preventing access to data by unauthorised parties, but they were also important for managing inter-agency sharing of data that had previously been considered too sensitive or important to share with other agencies.

This has had very real consequences in limiting the effectiveness of disaster-response efforts, for example, because “agencies had a reticence to share information between the law-enforcement, intelligence, and border protection agencies,” Lai said.

The ABAC-led architecture has built a strong following within defence and other government circles, both here and overseas – where, Lai said, clients had praised the architecture and the innovation of the Australian cybersecurity community.

“They tell us that they can’t find anyone else doing this to this level,” Lai said. “It’s really important that people understand that Australia has a cybersecurity industry which is world-leading.”

“Australians typically don’t have as many resources, and have to come up with smarter ways of doing things,” he said. “We’re inventive, and creative with the way we do things.”

That inventiveness has paid off nicely – the company reported $13m in consulting revenues over the last six years – but archTIS’s public listing on the ASX is intended to help the company pivot into new opportunities across government here and abroad.

The initial public offering and $8m capital raising will support the expansion of Kojensi’s scope with the imminent release of Kojensi Gov, which will target agencies in Five-Eyes governments and will ship in February after a beta program expected to commence by early December.

archTIS’s new go-to-market strategy will be bolstered by a partnership the company has forged with Vault, an Australian provider of PROTECTED-level cloud services that will leverage Kojensi Gov to provide high-grade, secure collaboration for Australian government agencies.

Next year will see the release of a commercial version of the Kojensi Suite, as well as a mobile-targeted Kojensi Field offering and an ABAC offering called Data Cloak that Lai said “can apply that granular level of security to any existing platform.”

“We’re targeting anywhere that you have critical information that needs to be trusted, or is of value to the stakeholder,” he explained.

“It’s not about generic information, but about high-security environments. What people really need to make better decisions is to have information delivered to them in context – and these new security models allow that.”

Copyright © 2018 IDG Communications, Inc.

The 10 most powerful cybersecurity companies