Code Green gives red light to data leaks

Startup brings leak protection to small, midsize firms

Reports of corporate data leaks, lost laptops, and misplaced backup tapes are so commonplace that many no longer warrant a mention in the press. So common are corporate data leaks of one form or another that only the multimegaton events -- TJX, the Veterans Administration, or DuPont -- get covered.

But the data leak problem sure has gotten the attention of corporate boardrooms, even if the media has moved on. For proof of that, look no further than the gaggle of data leak prevention companies that has popped up in recent years. We've already heard this month about startup Provilla, as well as Varonis. Code Green Networks is another aspiring startup that hopes to bring high-end data leak prevention technology to smaller and midsize corporations.

Founded in late 2004, Code Green is the brainchild of Shreekampt and Sudhakar Ravi, both co-founders of security appliance maker Sonicwall. Started with seed money from its two founders, the company has taken in $32 million in venture funding to date and now has 65 employees, says Chip Hay, senior vice president for marketing and customer care at Code Green.

Data leaks aren't just bad publicity for companies, they're also expensive, Hay says. Citing a recent study by the Ponemon Institute, Hay says that lost customer records can cost as much as $182 each to remediate, not counting penalties and legal ramifications from the growing matrix of state and federal data protection and consumer privacy laws. Those factors have stoked enterprise interest in data protection products.

"The big change for us in the last nine months is that we've gone from talking to companies who want to get educated, and now they've decided that [they] want to put data leak prevention in place," Hay says.

Companies -- especially in fields such as high technology -- are also paying attention to protecting their core intellectual property, especially with outsourcing and complex business partner relationships exposing more and more data, he says.

Code Green's flagship product is a content inspection appliance that's installed at egress points on customer networks. The device can inspect SMTP, e-mail, FTP, and IM traffic, among others, and can run in-line to block suspicious traffic or in asynchronous mode to monitor actions and policy enforcement, Hay says.

At the heart of Code Green's technology are algorithms that were originally designed to spot plagiarism in different samples of writing, Hay says. That technology, which analyzes content bit patterns, allows Code Green to spot sensitive information without relying on fallible dictionaries of terms, and without regard to the language used to express the sensitive information. That, and the product's support for more than 400 document formats, allows Code Green to sell into markets like Japan and China, Hay says.

That's increasingly important, amid concern about rampant intellectual property theft -- some of it state sponsored. For example, one Code Green customer recently reported finding proprietary manufacturing process documents published in a Chinese language publication, Hay says.

The company also prides itself on its product's capability to parse message traffic from the sea of Web-based e-mail providers, where no standard message formats are used. Code Green has also forged strategic partnerships with vendors such as Voltage Security for e-mail encryption and with Centennial Software to reach the SMB market.

A new version of the Code Green appliance due out soon will offer enhanced data fingerprinting for reading data in relational databases, and structured and flat files -- as well as better content discovery features. The product already sports connectors to Oracle and Microsoft SQL server and EMC's Documentum content management platform.