In April 2018, Technoport-hosted start-up Passbolt will move up a notch with the official launch of its ‘on-premises’ password management product designed exclusively for businesses. Already tested for almost two years in beta mode, the open source solution has now reached a sufficient level of maturity to take on the market, with promising prospects.
The Passbolt concept was born in India. Young Frenchman Kevin Muller was heading up a web agency employing 60 people, which he initially founded and then ran for several years. He was confronted – like so many others – with the problem of password management. “I myself was affected as I came to realise how much productivity could be lost on a project by the dispersal or even loss of information about passwords and other access codes. Not to mention security and data privacy issues.”
Fit 4 Start, the springboard
Kevin Muller started to reflect on how to solve this problem, believing that the existing market solutions were not optimal. “All of these solutions were cloud-hosted and developed using opaque technologies, with all the risks that this implies in terms of security. None were designed for teamwork purposes; there were no sharing or access control features. We were instead looking for a collaborative solution, like a Google Drive for passwords somehow.’
The first tests carried out internally were promising but soon Kevin Muller and his associates, Cédric Alfonsi and Rémy Bertot, two old friends, began to think more along the lines of ‘products’ rather than ‘services’. They decided to start anew and found themselves in Luxembourg turning their concept into reality. “I am from the part of France that borders Luxembourg so it has always been a location where I potentially saw myself. Our agency in India also had a lot of Luxembourg-based clients. When I heard about the Fit 4 Start programme from one of our clients, I contacted Luxinnovation to apply.”
After going through the preselections, the founders had to present their project in front of a jury composed of investors and experienced business owners. “They were convinced by the quality of our project as well as its ‘data security’ orientation and we got selected among 160 other startups. We then went through 6 months of intensive coaching that really challenged our business model and helped us improve it greatly.”
Two years later, he emphasizes on how much the program has allowed the company to grow quickly. “After graduating from Fit 4 Start, some investors got in touch with us directly. We are really grateful to Luxembourg for having welcomed us with open arms and provided the ecosystem that we needed as a startup. The country has really acquired the resources to become a start-up nation, it has really put its money where its mouth is. ‘
Two years later, he insists on the extent to which this approach has allowed the company to grow quickly. “Investors even found us themselves. We are really grateful to Luxembourg for having rolled out the red carpet and put us at ease as a start-up. The country has really acquired the resources to become a ‘Start-up Nation’, it has really put its money where its mouth is.”
After coming to Luxembourg two years ago, Kevin Muller and his team started from scratch by developing, still in open source, their concept while focusing on the (asymmetric) security model and the use of industry standards (OpenPGP). The architecture of the software was quickly approved following a very positive audit conducted by CakePHP framework designer CakeDC as well as a tight collaboration with security researchers through various ‘Bug Bounty’ programmes.
The solution developed by Passbolt, in addition to a very ergonomic and ‘user friendly’ approach, ensures an end-to-end data encryption: at no point in the communication process can the password be accessed in clear. Moreover, the encryption occurs via a fully autonomous plug-in, so even in the case where the company’s server is corrupted and/or the source code hacked, the content of these passwords cannot be accessed.
“Compared to other solutions on the market, we pay particular attention to security, and we use industry standards extensively, for instance the same as Edward Snowden used when he was communicating with journalists. We also remain open source, so anyone can analyse our software, easily integrate it into their infrastructure, or even adapt it to their needs.”
In the increasingly strict legislative and regulatory framework, with the advent of the GDPR European regulation in May, personal data and data protection are becoming increasingly key. “We are ready for these milestones,” says Kevin Muller, “especially since we are the only ones in Europe to offer a password management solution that focuses on data protection and user privacy”.
15,000 active users
When it comes to commercializing its solution, Passbolt is relying on a very successful test phase: 20,000 downloads recorded in the last six months, 15,000 daily users of the software and an average of 1,000 organic acquisitions per month (against 150 at the beginning). A thousand pre-orders have already been received for the business offer.
Part of the software will remain completely free for users who are ready to handle all of the maintenance and to do without some organisational features. The business model has been based on relatively conservative projections: “To be financially viable, we must reach a minimum of 300 paying customers in the first year”, explains Kevin Muller. The formulas proposed are threefold, based on the size of the companies and the number of users, with a monthly rate ranging from between EUR 4 and 11 per user.
At the same time, the three founding partners (CEO Kevin Muller, COO Cédric Alfonsi and CTO Rémy Bertot) are already working on new developments, including a cloud offer to be launched this summer, followed by the integration of block chain technology into the logs to ensure their integrity at all times. Passbolt is also working on a way to export its key based authentication system to other platforms (e.g Drupal, WordPress, etc), so that users’ usernames and passwords will not be circulating on the network anymore.
After a first round of funding in September 2017 (with the addition of state subsidies in an equivalent amount and Fit 4 Start grants), the company is preparing for a second round to support its development, particularly in terms of support and marketing. “If we want to speed up our growth, we need to recruit quickly. And we have some very interesting KPIs to present to investors.”
Kevin Muller and Cedric Alfonsi (Photo credit: Adel Scott)