« Happenings this week   |   Main   |   IBM surveys perception of On Demand mktng message »

iPass CEO at Stanford’s ETL

I’ve had a hard time getting a bearing on just what iPass does. Their site is rather complex and detailed, so I went to hear their CEO explain his business to Stanford undergrads yesterday. Their CEO, Ken Dunman, spoke to the Stanford Entrepreneurial Thought Leaders series on entrepreneurship and how iPass carved out its path. Ken gave an excellent summary of the company’s history, direction, and strategies during his hour long talk. Below are my notes . His slides, when available, will be posted here (or check the ETL site).

iPass has 400 people worldwide, with 15+ locations. 2004 saw $160M of revenue. They were founded 1996, based on the experiences of one of the founders while working in Japan and trying to connect back into the US headquarters IT systems. He was seeking a local connection with remote authentication, and that’s what they built. They initially targeted the globetrotting road warriors who needed access internationally no matter what the local conditions were. In their approach to building the company, the founders realized that they needed both a platform (the core purpose of the system) and scalability (to handle growth cost effectively and deliver excellent quality of service).

The service they enable off this platform is essentially firewall tunneling through to the corporate network to provide transparent access to the applications, data, communications (VOIP) and infrastructure as if the user was in the office at a price of $9.95 [ed. note - price per connection?? there is no upfront data on website, he says later all pricing done through corporate contracts].

They currently have as customers 237 out of the Fortune 2000, and 2300 customers in total. They do different deals for each customer, customized to their needs and their size, and with a duration of 2-3 years. On the buy side (where they buy access and capacity), they cleverly renegotiate every 6 months, pressuring carriers to lower their prices. Thereby they are able to create a nice buffer of profit and able to manage their bottom line.

Their core strategy relies on the theme that the only global network is internet. Incumbent carriers own the individual networks, but it is the value of the networks put together that is what will power the next generation of innovation. These carriers are still not tracking this market, so that is where iPass identified an entrepreneurial sweet spot (this was for the students, continuing the theme of entrepreneurship). iPass took a different approach than the carriers, putting everything into software that could be updated and expanded as necessary. They started with a software based approach to authentication, not the systems approach common to the carriers. From there, as they shifted to target the enterprise, they built out the software to flexibly work behind firewalls to handle the heterogeneous systems common to enterprise environment. They knew they had to work with everything agnostically because they lacked market power or size. To make this easier, iPass participated in standards bodies - contributing their ideas and helping to form the emerging standards. They coupled this with engineering, and several times pre-built a prototype solution, which they then sold to large customers - then they went to the standards bodies with a solution that already had the backing of customers. With this sort of presales commercialization, they were able to both craft standards that ensured their access (so they wouldn’t be locked out by proprietary solutions) as well as get a jump on having working code to implement the standard.

Ken summarized their current strategy, which I captured verbatim: “iPass has deployed a software-based global platform that enables it to solve the challenges of enabling, securing and managing mobility.” From my view, that shows that iPass is moving towards being able to support the sort of device-independent data access that I have been tracking as a theme. He then reviewed the shifts in iPass’ strategy over the years, that it was first focused on consumers (individual users), then moved to the enterprise (selling remote access across the enterprise) and finally to their current focus on building a comprehensive network where they can orchestrate secure access as employees move around.

Turning to explain the system behind the service, Ken went over how the device works in a graphical slide, similar to this graphic from their website.

I’ll sketch it out quickly since the slides are not yet available. They have client software on the devices. There are 300 network providers each with iPass Network Server software (running on an appliance?). A client connects with one of these network providers, and the request is authenticated and passed via SSL to the iPass network core transaction centers & clearing houses (of which there are 10+ worldwide). iPass authenticates the user and then contacts the hosted corporate data site of the client enterprise, which has the iPass RoamServer software running (on an appliance?). The successful authentication all around establishes an IP VPN between the remote user and the enterprise. I’d summarize it as a AAA ‘man in the middle’. Interestingly, on top of this, iPass can provide policy–based authentication where you define authentication access requirements - making it possible to send devices not up to spec (without updated AV files, if compromised, etc) into quarantineand there perform policy-based mitigation (update AV, clean, alert IT security).

They’re building their product line with a focus on the shift from securing communications and bits, to securing endpoint integrity. The question becomes ‘are both the device and the user allowed on the network?’. They’re looking to bring policy-based value-adds to deliver value over networks they don’t own (nor do they want to, they are a happy service provider). They’re looking forward to supporting technologies that serve a model where every new device is sold with wireless access. They want to integrate access to private corporate networks and the public internet via the 802.1x authentication standard. Following on this strategy, they acquired the Israeli startup Safe3W which has patent on device component fingerprinting. They create hash using the data (registration, serial, driver numbers) off the specific components present in a machine to create a unique fingerprint of its last known-authenticated state, and use that as the basis upon which to allow authentication. Personally, I wonder if that would include memory sticks, USB drives, and ancillary hardware (iPod, external drives) that tech-savvy users are increasingly adding on themselves to help them in their work (disabling this doesn’t work for power users, as Microsoft proved).

In closing, Ken emphasized the importance of architectural choices, that the architecture you lay down both liberates and limits; with startups, it must be cost effective initially, and then it needs to scale. He drew an analogy to the hedgehog concept from Good to Great - a book which he said he was sure all the student have read already (I have not, but consider this a strong recommendation). He highlighted iPass’ ability to integrate and coordinate diverse software systems over the internet, a middleman position with a lot of opportunity for value creation. He stressed the need to build in to the infrastructure and design the capacity for periodic reinvention (so you can respond to changing conditions). He also noted how important it is to provide integration points for partners because no one does it all on their own. He said that interfaces are not, and should not be afterthoughts, but be consciously designed.

Then the audience asked questions, which were mostly of a personal development nature. It was a good session.