Recently Spikes CEO and Founder Branden Spikes was interviewed by Rackspace Studios. Robert's interview reveals some interesting insights into what we've been up to here at Spikes and deals with the big question, "What is an AirGap browser?"
Robert: So... Spikes Inc is here and they have a new kind of browser. One that's going to keep you hyper secure. I keep getting all these stupid spam messages on twitter because some of you out there are clicking on their little links with a little message and getting hacked and your friends are all getting stupid messages. He has, Spikes has an idea for how to solve that problem for all of us. Who are you?
Branden: I'm Branden Spikes and I was the first IT guy at Paypal and SpaceX. So for the last 15 years I've been designing and architecting computer systems and information security and that kind of thing.
Robert: And now you're building, it's not just a browser is it? It's really a technology that can see where attacks are going to come from?
Branden: Good point yeah. I mean it's not just a browser. It's the solution to the biggest cyber security threat facing enterprises right now. So it's much more than just a browser. It's a huge huge solution and has the potential to make a big impact on the world in general and our trust in electronic systems. How much of the current use of computing is done through a browser today is mind boggling.
Robert: I can make up some threats cause I get a thousand spam messages a day and a lot of those are phishing attacks. A lot of social attacks. Trying to convince you that I'm Wells Fargo or Apple Computer and you gotta put your password in here so I can help you out right? Only I'm not Apple Computer or Paypal, you got a bunch of Paypal one's, sort of funny. That's one kind of attack. Then we get the twitter kind of attack and all of a sudden it's running code and stealing all your friends email addresses and twitter status and sending out a lot of spam on your behalf. What other kinds of attacks have you seen because you're in the middle of this. I'm way off to the side.
Branden: Those kinds of social attacks that target consumers and individuals are obviously a really big problem for the world as well. But you know I think sort of the more dangerous attacks are the one's that are targeting the enterprises intellectual property and trying to install malicious software behind corporate firewalls. So those are the one's that pose the much bigger risk and those are the one's that are completely stopped in their tracks by the technology that I've created. And as well we do protect consumer and individuals and their online social profiles. But in general I mean the technology we've created just puts a stop to all that drive by malware and all those phishing attacks and watering hole attacks and all these browser based attacks.
Robert: So uh Rackspace would care deeply about this cause if you get inside our firewall and then you're able to mess with our customers then all of a sudden our brand just evaporates right? If they actually got in that far. So how do you stop that attack of somebody sending an email and getting me to click on it and all of a sudden I'm loading code and I ... see the code load and *boom* my machine is compromised and my friends machines are getting compromised. We saw this in the 1990's with little malicious viruses but this is far deeper at this point. How do you protect against this.
Branden: Well you have to start with the understanding that browsers cannot be secured fundamentally. The way they operate is kind of unique from other applications in that by their very design they go out and talk to untrusted hosts and run code written by other people and that's just the routine of how they're used. So if you come to that conclusion that to run a browser is to run malware then you can see that the only way to really be safe is to not run that browser. Take it off your computer or don't run it, disconnect the cable. Then you're really safe. Short of becoming offline the right solution is put that browser on another computer and use it remotely like a remote desktop kind of thing. Of course we've made it really usable and focused a lot on usability. In that sense that's how it works. Running the actual browser and all that code is running outside the firewall and off your network and off your computer and so you're isolated, and truly hardware isolated from any threat that it can pose.
Robert: Sounds great in theory but we have bring your own device to work now. I mean I stood in line for this device on Friday. The IT people at Rackspace have no clue this thing exists and all of a sudden I'm connected to that WIFI hotspot.
Branden: Yeah it certainly poses a risk.
Robert: Well IT doesn't have control anymore. So how do you convince people to use this browser instead of the Safari browser on this thing or the Chrome browser on that thing.
Branden: Well I'm excited by the future prospect that this browser can become. It's able to be more superior just by, in thanks to, it's technology... it's able to be more superior to Chrome or Safari or Firefox given enough time and "development" on that- but the issue is really, the issue at hand is the threat that's facing enterprises by all of this. When it comes to enforcing these policies on people who bring devices onto the network, one of the easiest solutions is to just block that outbound web access right? And then pop up a message with your proxy that says hey, you know, we require you to use the Spikes browser in order to use the web. That would be a really safe way to secure your network from those threats and even provide that service to the people who bring their own devices. And what I see a lot of people do is put those BYOD's on a separate network that's off the corporate and away from the intellectual property and assets.
Robert: Yeah, ooh, that's a big challenge. Cause you gotta convince a lot of people that your browser's superior. Do you need the browser to have any access to this technology. Or could I get some protection by using Chrome or Safari or Firefox.
Branden: Yeah, we actually support running other browsers in our technology but since they weren't designed to be run on a remote computer it creates a little bit of user confusion. So the experience isn't fluid and I really don't recommend it. We created a new interface designed to be used this way and it gives the users a really intuitive way to use the web. And we can support and create plugins and make the experience work the way people are used to seeing it work so that it doesn't feel like it's some weird thing. It can be a really compelling experience. I'm prepared to show it to you today too so you can get a sense of it.
Robert: Yeah, can we, Rocky can we see this up on the screen. Yeah, lets uh, see what it looks like.
Branden: One of the first questions I usually get is well since it's running remote it must be awfully slow. And that's really not the case. So I've brought up a youtube page here so I can show you an example of video, cause that's often one of the things that don't work well. Big ups to the guys at GoPro for making one of my favourite demonstration videos. Yeah I'll just play the video so you can see. The frame rates high, I can scroll the page and see very clear text. As well as excellent video performance. And this is all done without sacrificing scalability.
Robert: Our little daemon is probably adding some latency. What you see on screen might not be quite as smooth as what I'm seeing on my laptop.
Branden: Well tell them how smooth it is Robert.
Robert: It's smooth. It's smooth. It's so this is actually being hosted on somewhere else outside of our VPN.
Branden: Yeah this is on our servers up in one of the, not in RackSpace apologize for that but we started off small in our own little data center. It's in California just here in the Silicon Valley. But certainly not in the building.
Robert: Now do I have to pay a service fee then to use your browser because you're having to pay for cloud computing service.
Branden: You know secure cloud browsers are a little more common. It kind of exists. I can name a couple of companies you can go to and find those. But this is designed to run on your premises. So I offer it as a cloud service for evaluation and certain VIP's, I could give you an account for example. Really the way to be secure and keep privacy is to take this technology and put it on your enterprise network. So we make it available in that form factor and that's really been successful for us but certainly the cloud offering is there and that ??? service is of use. Certainly as an evaluation tool it's very useful.
Robert: That's pretty cool. Your problem as a business challenge is convincing people to switch and that's a really hard thing to do from Chrome or Safari. You're competing against Google and sorry... they've spent the last 13 years of their life working their way into my head and that's a really hard problem to overcome.
Branden: And it'll take time to win people over, right? But I think people are being exposed to the threat of using the web and are getting hacked and are getting fed up with it and those are the people that will be the early adopters of this technology.
Robert: Now what happens on twitter right now on my direct messages people are emailing me all these stupid things right? What happens if I click one of those links.
Branden: Yeah well uh, you experience, if you do it in the Spikes browser you experience a certain level of fearlessness so I can click anything. Any of these shortened links where you really don't know where they're going.
Robert: So what happens if you do it.
Branden: Lets try it. Lets click a link. That's from Dan Gooden. Took us over to an article on Ars Technica. Thank gosh it wasn't to something not suitable for our audience.
Robert: Now you know, these links now will grab your twitter, will go into twitter and spam, and hack the twitter. So how do I know that that's not happening when I use your browser instead of Chrome browser.
Branden: Well if it was happening, if there was some kind of malicious code there it would be stopped in its tracks. Because of the security behind this technology there's no way for that to be a risk to you. It may impact the browser itself or crash the tab or something but it's isolated outside of the network so you can't, there's no risk to you as the end user there.
Robert: Interesting. Well cool. How are you invested? How do you guys
Branden: We're actually pretty well funded and supported by investors here in San Francisco and in Javelin Venture Partners. Yeah this is uh Series A time for us right now. We'll be raising that Series A at the end of this year.
Robert: For uh, how does somebody, uh know that what you're telling me is the truth. A hacker could know but I'm not a Black Hat hacker. I'm not going to be able to really test out your claims. Do you have testimonials?
Branden: Yes, Good question. More will come but we've definitely had analysts do briefings on it and there's a great number of customers that are evaluating it and willing to talk about it. That'll all come up on our website and over time that reputation will build but currently it's the cybersecurity people who just see by design how secure it is and luckily it doesn't take a lot of explanation. You just say hey, we're doing this in this way and they're like "Wow and you got it to work? Cool". You know, that's the kind of response I get so it's been pretty easy on that front.
Robert: Very Cool. Well thanks so much for what you're doing because keeping the web safe is really important.
Branden: You're welcome, yeah I think so.
Robert: And where do we learn more about it?
Robert: Spikes, S P I K E S. Thankyou so much.