A winning story in Network Security

Date:   Wednesday , June 13, 2012

One of the biggest challenges in cyber-security today is how the software in our operating systems and applications are full of vulnerabilities that can be exploited by hackers. While traditional software makers have made headway in developing more resilient applications, embedded device and system makers lag behind in secure system design and development maturity. It's no wonder that top network equipment makers like Cisco, NETGEAR, D-Link and others have begun to understand the kind of threat that networks are susceptible to, and are actively opting for embedded software to provide their customers a secured networking product. And helping these companies achieve is none other than TeamF1.

Founded in 1998 by two college friends, Mukesh Lulla and Vinai Kolli, TeamF1, headquartered in Fremont, California, is a preeminent supplier of OEM-ready software to the embedded systems market. Understanding the importance of innovative product technologies, and how efficient project management techniques, well-honed software engineering processes and a robust "production-quality" test environment contribute to the making of user-friendly and solid customer products, the company develops software modules and turnkey solutions to secure connected devices used across different market verticals.

"With the most traction in this market, and a significant share of customers and units shipped worldwide for small-medium business security routers, we are not wrong to believe that we are a leader in our field. Our software today is an integral part of the networking devices developed by most Tier-1 networking equipment providers," says Vinai, Co-Founder and Vice-President, TeamF1.

The Eureka! Moment

Buddies since undergraduate school, both Mukesh and Vinai had etched a career of their own in system-on-chip software, and embedded OS & device driver technologies respectively. After years in the industry, both decided that it was time to strike it out on their own. It was at around this time in 1998, the duo noticed that while chip makers were moving to the concept of System-on-Chip by adding diverse complex functionalities on to a single chip and increasing their performance, software vendors of the time were trying to just stick with the lowest common denominator, rather than target the new functionality. And a major functionality was regularly underleveraged — Security.

Enabling the embedded "security" on a chip requires complex algorithms. "When we think of security, we deal with large chunks of data. The chips have low "horse-power" but have dedicated functionality typically for network processing, routing and so on. While these were capable of a lot more, the software companies of that time were trying to broaden their appeal by supporting the maximum number of chips possible, rather than speed up processing using resources on each chip that were different from other chips. Take security as an example - it would benefit the most from acceleration by using native resources on each vendor's chip. What we aimed was to integrate the hardware and software in the embedded chips and get the maximum performance from the native chip functionality," says Vinai. This was the idea that led to the birth of TeamF1 and the rest, as they say, is history. "Our technology offerings build up on existing operating system blocks and we offer our customers embedded network security and performance-critical, hardware-assisted software. We offer these as stand-alone modules or complete turnkey solutions ready for production. We also augment the technology with our professional services offerings to customize our software products. We feel this leverages our clients' core competencies by letting them focus on end-product definition while TeamF1's combination of field-validated standard software components and custom development services help bring a differentiated, advanced, end-product to market in a low-risk and low-cost way," explains Mukesh. And this is indeed true – we find that TeamF1 participates in full life-cycle development on a wide variety of embedded software OEM projects using its technologies including the latest in telecommunications, networking, internet appliances and broadband access devices.

With an emphasis on deep technical expertise, superior quality, and responsiveness of support, TeamF1's offerings have found a home in a diverse set of embedded applications -- internet access, secure communications, industrial automation and control, and aerospace/defense equipment markets. Since its inception, TeamF1 has proven to be a leader in delivering embedded networking and internet infrastructure products. Through the years, TeamF1 has been instrumental in getting products ranging from set-top boxes to wireless Internet appliances & high-end datacom equipment out to market for key players in various segments of the embedded world.

Just like the unique core idea behind the company's formation, there is also a reason behind its unusual name. "Vinai and I are both fans of Formula-1 or F1 racing. The underlying theme of car racing is achieving maximum performance while putting limits on the resources used to achieve that. Also the F1 key in a keyboard is the 'help key'. This is how we got christened the company — TeamF1: we're always there to Help you to get the maximum performance out of hardware-software combination," explains Mukesh.

Conquering the Challenges

Today, over a decade since its founding, the company is self-reliant, cash-flow positive, and operating without any external investment. As the founders like to say, TeamF1 is "customer-success funded". But this journey has not been an easy one for the two founders. In mid-2000, after nearly 18 months of working to develop a product that addressed what they saw as a gap in current technologies, they were ready with a prototype product to be tested in the market. "While we readied our first version, our income was only from providing consulting services and it was really to sustain the few of us that were there in the company including me, Vinai and the first couple of employees that we hired," reminisces Mukesh, thinking back to the early years of the company.

But by the time the founders readied the prototype, the industry was in the throes of the dotcom meltdown, ripples of which had affected the networking and telecom sector, and further down the supply chain to the equipment providers who would be the target market for TeamF1's technologies. Potential customers of TeamF1 were facing the heat, leaving new product development budgets scaled down, technology spending cut, and the founders found themselves in a dilemma.

The company had not yet sold their products when things went topsy-turvy and they saw other technology entrepreneurs get the rug pulled out under them by investors even if they were further ahead in their development of new technologies. TeamF1 had two options to choose from: they could fold the shop like a lot of their peers did at that time for lack of investment, or to see if there was indeed interest in what they had to offer to the market and if they could monetize that interest instead.

And, it turned out that initial Tier 1 customers, including the likes of Cisco and Avaya, saw a lot of value in the software they had developed. So Mukesh and Vinai decided they would license the software even though it was just a module, since it did fulfill a particular need. Instead of focusing on funding needed to grow a technology start-up, they went right ahead and kick-started the business model. Of course, it meant a different trajectory for the company: instead of developing a complete software solution, they decided to license the software module-by-module as they evolved their technology portfolio and use the revenues from customers to grow the business instead. The next few years were very challenging for the industry, but TeamF1 succeeded in adding to what they had developed initially. Customers were eager to license these modules since it was a very intimidating problem for them to solve, and they would rather have that technology in the form of a software "black box" that secured the embedded devices and took the problem off their plate.

Over time, as the company developed a critical mass of these modules, it eventually allowed them to launch complete turnkey product offerings, the flagship one being SecureF1rst Security Gateway Solution (SGS), a turnkey software package that combines field-proven, standard components with an array of customizable options for the ultimate in product flexibility. The product enables equipment makers to deliver leading-edge VPN/firewall gateway devices to the market in record time at far less risk than traditional development approaches. Devices built around SecureF1rst SGS offer end-customers ironclad, networking security; easy-to-use management features; and multiple gateway options. Other products in the offering which are making deep in-roads in the market include Managed Access Point Solution, CPE Gateway Solution and Network Attached Storage Solution.

Answering Security Needs

9/11 played a key role in raising security awareness around the world. While the company was founded on the principles of securing devices long before this, in the months and years following 9/11, government and industry standards around requirements for embedded devices grew more stringent. The company's customers were faced with the prospect of not having their proposals accepted if they did not meet specific security requirements and with security being a complex field, not everyone was keen on developing such technologies from scratch. What customers needed was software they could integrate into their systems without much fuss, and meet the security requirements without having to learn all the details. The problem is that customers already had networking software and one of the common pitfalls in security is that it is most vulnerable wherever there is a seam. All of this needed to be seamless. Connectivity to the internet is what TeamF1’s customers were trying to secure. If their networking software came from elsewhere, and embedded security technology came from TeamF1, putting this together required them to know a lot about the internal mechanics of security. So providing the networking modules in addition to security was a natural next step for TeamF1. The company thus started developing networking modules as they grew, because of the seamlessness that was required to be more efficient and more secure.

Embedded software is the software that resides in devices, giving them the intelligence that we see in our day-to-day lives as "smart appliances". This includes everything from a car navigation system and home/office broadband routers, to mobile phones/tablets. As more of these devices are connected to the internet (after all, witness the growth in mobile embedded devices with smartphones), embedded connectivity and security requirements are on the rise. For TeamF1, its emphasis on high-performance also meant squeezing the maximum out of constrained hardware. Since its software is embedded, TeamF1 works very closely with the hardware in order to extract the expected performance.

The X Factor

In the embedded world, traditionally, the biggest competitors for software providers have been the customers themselves, since equipment vendors (also called "OEMs" or original equipment manufacturers) also develop their own home-grown software. But as software requirements get more complex, companies like TeamF1 are an attractive alternative. TeamF1's ability to offer a complete, customizable, security platform that can protect legacy systems and be the cornerstone of next generation ones makes it a win-win for customers wanting to move away gracefully from home-grown software in existing legacy devices to adopting rich new features that TeamF1 has to offer, in their new products.

TeamF1 found a vacuum where traditional OEMs were not able to cost-effectively or efficiently solve their problems. They found that there were not many commercial competitors in this field which was good news; but the bad news was convincing customers who sometimes think that this was something that they could solve on their own. Many times, this required making them aware of problems that they were not aware of earlier.

As an example, a mantra in the security field is that "Security by obscurity" is fatal. The belief that secrecy (such as secret passwords or commands to control the system that no one knows about) can secure systems from attacks has a couple of serious problems: if a hacker figures out this secret and worse, puts it out on the internet. It's not just one device affected - companies cannot easily recall all the devices from the field. Another is that a secret is only as strong as the people who keep them. A disgruntled employee possessing a secret could put millions of devices in the field at risk by threatening to expose a password. The resistance TeamF1 faced from its customers was frequently not lack of credibility in its technology, but the lack of awareness of security pitfalls. Some of the bigger companies and industry groups have started recognizing it and making it a requirement.

"Customers are now becoming aware that their device is connected to the internet, and the internet is also connected back to the device. This lets them see things in a very different light. On the internet people are able to probe your device, query it and without your knowledge know the profile and signature of your device to hack it using any vulnerability they may find," explains Mukesh.

Working with Customers'

Business Needs

TeamF1 licenses its solutions to customers in a form they call "customizable software". Once delivered to the customer, it is now "customized software" that is specific to that customer and by means of which they can differentiate their product in the market instead of competing only on price. TeamF1 has spent a lot of effort internally to make sure that their offering is comprised of standard building blocks while still being customizable. The customer provides them with their end-product requirements – a blueprint. TeamF1 customizes its software and integrates the modules accordingly. This allows them to deliver the benefits of custom software without the high costs and long time-to-market pitfalls of developing custom software from scratch. Since TeamF1 not only delivers the software solutions their customers need, they deliver these right to the manufacturing floor, so the software has to be "production ready". This product cannot be an experimental technology left in the hands of the customer after that. It is delivered in a form where the end-users can use their products as-is and so, quality remains the top priority. Security is something that is "baked" into the DNA of the product, and is what the company has always been known for. TeamF1 feels that on top of the operating system, there are three major pieces every turnkey solution has: networking, security and management. The company consults with customers during the sales process on how to fulfill their end-market or service provider requirements.

While TeamF1 still licenses modules to large customers seeking to solve specific point problems, most of their revenue tends to be from customers who take a complete software delivery from them and pay licensing fees based on the units shipped, which is aligned with the company's "customer success" based business model.

The Vision Ahead

Despite the success that the company has garnered, it has continued to drive and grow itself organically. The founders cling to the idea of being "Customer Success Funded": the company is only successful if its customers using its products are.

"In retrospect, it turned out to be a very positive thing that due to necessity, the company’s growth has been gradual and organic. This helped us 'embed', pardon the pun, the values that were critical to the longevity of a software company and our vision for our corporate culture. Whether it is our quality processes within our company that have evolved over time, the way new ideas are championed within the company, and rolled in without too much bureaucracy, how new team-members are mentored by the senior team when they enter the company, or how merit-based rewards are used to incentivize key and deserving team-members, it has stayed true to the values we wanted for the company," says Mukesh.

Today, from a humble 2 member company, TeamF1 is 150 people strong with offices in both US and India. The company's view is that the market remains thirsty for secure connectivity of a wider range of devices, especially with the demands of mobile and cloud computing. With its expanding technology portfolio and using its proven engineering processes, TeamF1's vision is to foster embedded innovations by enabling a new generation of secure, high-quality networking products with the shortest time-to-market. Besides its current flagship security gateway and wireless products, TeamF1 has on its roadmap turnkey offerings targeted to (a) advanced broadband gateway devices that deliver a combination of voice, video, wired and wireless data (the so-called "quad-play", considered the holy grail of combined services) securely to home and businesses, and (b) hybrid personal/public cloud storage devices that combine the ubiquity of cloud access with the security and privacy of personal storage.

For a company that has survived as many as three economic downturns and high pressure customer demands, realizing its vision does not seem impossible. In keeping with their fondness for performance car racing, as Mukesh and Vinai like to say, more than a decade into the company's life, they feel their engines are just getting started and they are geared up for the race to come.