ThisData

Harden your security with two lines of code.

thisdata-logoThat’s right, add two lines of JavaScript onto your login form and you’ll be making your web site, and the world, a much safer place.

paypal-phish
It’s convincing, until you look at the From address, view headers, and mouseover the button to discover a bit.ly link

An astonishing proportion of the web server traffic from which you’ve just fetched the page you’re reading now is script kiddies attempting to break in through brute-force password attacks. An even bigger problem for high-volume transactional sites like Paypal and Kiwibank is phishing, where attackers email you and lure you into entering your login credentials into a bogus site. The obvious and common solution to this problem is mandatory two-factor authentication (2FA), but it makes for a clunky user experience and is laborious to implement.

Auckland-based ThisData lets site owners take a different approach: continuous authentication. Only ask people to validate their identity if and when there’s a reason to doubt they’re really who they say they are. So for example if I have a usage pattern of logging in from the same city, with the same IP address, on the same browser, using the same cookie set, and do the same again, there’s an extremely good chance I am who I claim to be. On the other hand, if I suddenly log in from a different continent using a different operating system, or through TOR, you might want to double or triple check my credentials.

All of this is done with the addition of two lines of JavaScript on your login form, which hides a sophisticated back-end analysing geolocation, behavioral analytics, and secret sauce IP. For app and site owners, implementation effort is trivial with enormous and immediate payback.

Pricing starts at $99/month for 500 users, and goes up in usage tiers. They’re considering introducing a free usage tier to get people going. But it’s early days, and they’re still refining the pricing model.

Rich Chetwynd

Founder Rich Chetwynd has run the full startup cycle before. After founding educational software company Litmos in his bedroom, building it into an international concern, and selling it to US-based Callidus Software four years later, he decided it was time for a well-deserved break.

“I got bored though,” he says, “I wanted to ride the rocket again”.

So Chetwynd started Revert.io, a cloud backup solution. But very quickly he recognised that backups are the ambulance at the bottom of the cliff, and the much bigger and less well served opportunity was to prevent break-in and data loss in the first place.

Nick Malcolm
Nick Malcolm

He pulled in CTO Nick Malcolm, one of NZ’s top Rails devs (and erstwhile cofounder of 2011 Startup Weekend Wellington legend usnap.us), and the dream team was born. You’d have to call the change from Revert.io to ThisData more of a reboot than a pivot, but it was a definitely the right move.

Chetwynd’s rocket is about to reach orbit. After the reboot in February 2015, they went on to raise $1.2m from a number of local and offshore angels alongside the Punakaiki fund, did a zoom-out pivot from working specifically with Google apps and Salesforce in February of 2016 to bringing this intelligence to any app. They’re now monitoring over 10,000 end users for a variety of customer types, and are about to onboard another 50,000 for their first big enterprise. They’re architected for scale on AWS, and ready to go much, much bigger.

As great as it sounds, they’re not at the stage yet where the solution sells itself. Building your customer base and distribution is always hard work, especially from New Zealand. Chetwynd spends roughly half his time in the US, and the rest of the time running the team from GridAKL.

Their overarching mission is to make the Internet a safer place for everyone. There are hundreds of thousands of insecure apps and sites in the wild. Chetwynd’s asks app and site owners to ask yourselves, how valuable is the data is your app or site protecting, and how adequately are your users protected?

Ask yourselves: how valuable is the data your app or site is protecting, and how adequately are your users protected?

If you’re a dev and want to give ThisData a spin, check out their easy-to-follow documentation, and then give it a go. You won’t regret the hour or so it will take you to implement.

If you’re the owner or investor in a transactional app or web site and your team is not protecting your company against attacks using a solution like ThisData, I’d want to know why.

The bottom line is that you can put on a sad face if you’re a script kiddie or spear phisher, but the rest of us will sleep easier at night.

Legendary seed investor and SoftechVC founder Jeff Clavier looks for companies to invest in that have “three asses”: A smart-ass team with a kick-ass solution in a big-ass market. ThisData are on a steep trajectory, with an all-star team with a simple-to-implement but difficult-to-replicate solution to a highly painful problem in a massive market.

Watch out universe, here comes Rich Chetwynd riding the ThisData rocket.