It has a touch of prophecy: a man starts out as an electrical engineer with Energy Australia, ends up building intranets for a multinational, consulting for a global integrator and two US vendors, before ending up as a sole distributor for a program called Voltage.
Darren Byrnes had worked in enterprises since the early 1990s. In 2003 he saw the chance to work for himself, and that year niche distributor Synergistex was born.
Byrnes had a friend who had been working for a company which had lost distributorship for a server configuration management, compliance and security software called Configuresoft.
"My partner had done a lot of work with that vendor and they were looking for someone who could take on the business on the sales side. We thought we might be able to take that on," Byrnes says.
The interview process took six weeks, including trips to the US, where the pair eventually convinced the vendor that they could drive the business forward.
Synergistex brought on Alterpoint in 2005 after the vendor formed a partnership with ConfigureSoft. Alterpoint did for networks the same things ConfigureSoft did for servers - configuration, management and compliance.
How does a start-up distribution business compare to working for a global systems integrator?
"It's very different. There's an enormous amount of flexibility but an enormous amount of discipline required. When you're in a start-up it's up to you to get up and do those tasks. You're not accountable to anyone except for the vendor in the States," he says.
Even the vendor didn't expect sales from day one because Synergistex was such a young company, so there wasn't any pressure in terms of numbers and figures in the early days, says Byrnes.
"You really have to get into a mindset of self-discipline and [have] a very clear way to articulate your goals and objectives and stick with them."
That Configuresoft was a "fairly unique" product was a blessing and a curse. On the one hand there was little direct competition but it required the fledgling distributor to educate the market as to why it was needed.
Byrnes says this process involved knocking on a lot of doors. Synergistex also had to set a track record itself through direct sales until it could show a "reasonable" customer base that validated the technology and gave partners confidence to sign up.
It also gave the distributor experience in installation and support which it was then able to offer to its resellers. Time with customers meant a better understanding of the technology, how it should be pitched, what things interest customers and which issues could be solved by the tools, Byrnes says.
Over the years Synergistex refined its message to suit the market's demands. In the early days the focus was configuration management, then it switched to patch and vulnerability assessment and more recently - with the rise of standards such as Sarbanes-Oxley and others - compliance.
The terrorist attacks in the US in 2001 gave the global awareness of compliance a boost and rolled into the US' ongoing crackdown on terrorist threats.
Byrnes kept looking for complementary technologies to the compliance and data protection niche. The Configuresoft-Alterpoint combination covered servers and network but the distie didn't have anything for the above layers such as data in the application.
In August 2006 friend introduced him to a US vendor called Voltage which specialised in identity-based encryption and Byrnes signed on as a distributor.
Marquee-name security vendors that have built businesses protecting gateways and endpoints are moving into data protection. Symantec, Trend Micro and others are adding data leakage protection as an option in their security-as-a-service portfolios.
Byrnes says Voltage stands out because its approach doesn't use a PKI (public key infrastructure) scheme, which relies on accessing a database of public and private keys to encrypt and decrypt messages.
By comparison the key servers in identity-based encryption are stateless - there is no requirement to store millions of keys. This removes the need to enrol senders and receivers with the encryption program before sending a message or distribute certificates, factors which affect the scalability of PKI-based encryption.
"All of that disappears in the Voltage scheme and you end up with a very scalable and cost-effective solution which is usable by millions of users," Byrnes says. "Identity-based encryption is a much more elegant way to manage that encryption-decryption process. I can send anyone in the world and email and they can decode it."
Competing SaaS tools which use a client application for encryption will send non-registered users a link to the SaaS vendor's webmail service where they can read the message. Byrnes says this is flawed because it means the SaaS vendor is storing the confidential contents of that email on its webmail server and anyone with administrative access will be able to read it.
The Voltage method doesn't store any information. Instead it uses an encryption process that uses SMTP and the emails themselves remain in the receiver's or sender's inbox.
A reseller called Nuvola has set up a secure email managed service that uses Voltage encryption, Byrnes says.
Competition
Synergistex no longer is sole distributor for ConfigureSoft. The software was acquired by EMC, shifted over to another EMC acquisition, VMware, and rebranded as vCentre Configuration Manager.
Is Byrnes worried by competition from other VMware distributors? "Longer term, yes. At the moment we have seven-plus years of knowledge with the product which gives us the edge. It's a fairly broad product - it's not something you could just pick up and start selling tomorrow."
The Configuration Manager has some complex features including creating compliance templates and other customisation, Byrnes adds.
Synergistex dumped Alterpoint for the appliance-based Netcordia in mid-2009. Not only did it have a single web interface, companies were swinging towards appliances as better vehicles for security software because they were faster to deploy and considered more secure than server-based software.
"The last thing you want is security tools that have control or visibility of all your systems being easily hacked. Once they are built on an operating system, if you don't lock the operating system down properly that exposes the tool," Byrnes says.
"Many companies like an appliance because the vendor has done a lot of work hardening the appliance. When it arrives you don't manage it, you don't back it up, you don't patch it, it just works."
Synergistex is not looking to sign up any more vendors in the next year. However, it is always on the lookout for resellers.
"If you find an organisation that has similar goals and objectives and you believe they will do a good job of representing a product you're always willing to talk to them. Australia is a very relationship based country. Resellers have very tight relationships with their customers so you're enabling them to be more successful and yourself more successful through leveraging those relationships," Byrnes says.
Synergistex is working with companies at either end of the scale. It has several boutique security firms on its books that specialise in PCI compliance as well as the biggest systems integrators such as IBM, CSC, Dimension Data and Fujitsu.
The size of the reseller is not an issue; it's more about common goals, Byrnes says, predominantly PCI, privacy, general security and compliance. "We're not looking for someone deploying ERP or Active Directory. We are looking for people who are systems management-oriented and interested in compliance or in helping their customers protect information and reduce risk."
That definition is wider than the conventional reseller and includes consulting firms, Byrnes says.
Byrnes says the ultimate goal is to move away from direct interaction with customers to a point where it is only managing and supporting resellers.
.png&w=100&c=1&s=0)
.png&w=100&c=1&s=0)
