Steel Mountain is not your grandpa’s anti-virus software. It’s a new way of looking at digital security for connected homes. Today, internet connected devices are proliferating in the home, and with them, opportunities for breaches of privacy and digital theft. Steel Mountain’s flagship product, Secaura, will attach directly to a home’s wifi router, and provide comprehensive protection against attacks anywhere on its network, 24 hours a day, without impacting the speed of your internet connection. Best of all: it’s self-updating, requiring no intervention from the user to keep security up to date, all year round.
I caught up with Will Butler, CEO at Steel Mountain, to talk about digital home security, and his plans for changing the standards of privacy and safety for the Internet of Things. Our interview is below:
Hi Will, first why don’t you tell us a bit about your team, how you started working together, and how you came up with the idea behind Steel Mountain?
Thomas Maarseveen and I go back seven years whilst studying engineering together in the UK. Since meeting we’ve collaborated on a number of technical projects together; websites and apps, crypto, drones, 3D printers.. We’ve done a lot of cool stuff over the years together.
The idea behind Steel Mountain originally came from Thomas’ browser-based AdBlocker not working. To solve this issue, Thomas decided to block his ads by hacking his router and filtering out the ads there rather than the end-point. This then inspired the idea of blocking digital threats at the gateway of the network- the router. The evolution of this idea was natural as Thomas and I had a history of ethical hacking and experience in cyber security and networking.
What drew you to focusing on security, and particularly consumer level security?
Whilst i hold value in my security and privacy, I have always despised using my anti virus software. It slows down my PC, conflicts with other software and intrudes on my usage with annoying popups all the time. Moreover, with critical security issues fast approaching with the IoT (Internet of Things) booming, a solution is needed now.
The consumer security sector has been neglected for a long time. We haven’t seen much innovation in it for 25 years from the old incumbent companies that we all know, and with the growing complexity of home networks, we now need a new approach to deal with new threats/ That is exactly what Steel Mountain offers.
What makes the technology behind Steel Mountain unique compared to other approaches, like typical firewalls or anti-virus programs?
We deal with the threat at the gateway of the home network with a device that plugs into your existing home router. This means we do not slow any of your devices down, it requires only one installation to protect everything and can provide security for hardware devices that cannot otherwise protect themselves, like smart fridges and lightbulbs.
Back when consumers were first buying PCs, there were not many points of entry for intrusions and exploits. Hacking 30 years ago was focused more on social engineering, exploiting human weaknesses, and less on “brute force” attacks, or finding a bunch of “zero-day” bugs (bugs that no one has reported yet), and using those to compromise a system.
But now you don’t have one processor and one piece of software running in your home. You have dozens and dozens of them, all of which can have vulnerabilities. Your fridge can be hacked. Your nanny-cam can be hacked. Your electrical system, your phone, computer, TV, and video game systems. There are many points of entry, and many potential points of failure now.
Plus those failures are more dangerous than they used to be. Now everything you do is digital, like your finances and even your health. So you have more to lose in an intrusion. A digital intrusion could have even worse consequences than someone physically getting access to your home.
So if the vulnerabilities are multiplying like this, security software just cannot keep up anymore. It’s like you’re building a bigger and bigger city, and you still rely on just one policeman to catch all the criminal activity. You should worry more about what your software can’t see at all, which is what is going on in all those devices you have.
For this, you need a single security layer that stands between your network and the outside world. That is what Steel Mountain does: we are building a single defense point and channeling everything through it. That’s the only way to really provide protection today. This is like the difference between the local cops and the NSA. You need a much more in-depth security system today.
What are some of the dangers most consumers don’t really understand when it comes to home security in a connected world?
That they are currently completely exposed to cyber theft and monitoring if they have IoT in their home or even an android smartphone.
I’m not just trying to be alarmist here. It is this simple. Everything right now is exposed, and nobody, from the device manufacturers to the telcos, to the companies that provide the firmware for these devices, is keeping up with the multitude of threats to IoT devices.
You might think too that you don’t have IoT in your home, so you’re ok. But most of us already do. This technology is now in everything, sometimes whether you realize it or not. Today it’s just a light bulb or a fridge, or a baby monitor, which doesn’t seem so dangerous. But soon home electrical systems and kitchens, and our cars will be controlled this way too. So physical dangers will become more real as well.
Why do you think that despite all the publicity around high-profile data breaches and hacks, as well as digital home invasions, the average consumer is still under-protected?
The average consumer remains under-protected because current solutions are high friction and have no focus on user experience. We still see cyber-security as something geeky and obsessive, even though that idea is pretty out-of-date at this point.
It’s also about who designs and markets security products, which is to say: security obsessed people who aren’t always in touch with the average consumer.
A security product should be passive, non-intrusive and usable by anyone. Current solutions fail to make a complex security solution accessible and seem easy to install or interact with. Current security solutions always seem like “work,” but we think they should be as simple and unobtrusive as possible.
Security is traditional sold through fear mongering, and the problem in doing that is that people become resistant to it over time.
Even here we are talking about all the dangers, and the truth is that most people don’t respond to these triggers. What’s the lesson there? What do people respond to?
So our view is that you have to appeal to people’s sense of responsibility and their more evolved sensibilities: taking responsibility for your family, doing your basic duty as a parent or a homeowner.
You lock your doors and check for mold and termites in your home, so the same logic should apply when you’re securing your network as well. It just has to be part of the basic package of having a safe home. Like child-locks on your medicine cabinets, or having your chimney swept once in awhile. It should be that simple.
So, people make a lot of these basic decisions without thinking too much. Do I buy the regular power strip, or the one with a surge protector? Our responsibility, as a security company, should be to make that decision obvious, and then to follow up on that, and make it simple enough that people stick with it.
Why do you think design is so important for a security company?
We are selling peace of mind, and in order to do that, convenience and user experience is imperative. True peace of mind in our case means you never need to think about it again after installation. (If you don’t want to.)
There is an interesting balancing act in designing something that should be easy to use and to forget about, but is also mission critical for your safety. You have to kind of make it visible, but at the same time non-threatening and friendly. This is why our approach is to create a kind of friendly hockey-puck type device that just sort of sits there and says: “I’m here… everything is fine.”
It’s sort of like something between a smoke detector and an Apple TV. It isn’t daunting or flashy, it’s just there, it’s solid, reliable, always on; nothing to worry about. In some ways this is just applying the same approach to digital security as has existed in physical security design for a long time. Simple, subtle, but not a toy.
You were previously located in Virginia, outside Washington DC, which is a natural hot-spot for digital security products. Why choose Prague and StartupYard as your next home?
We moved back to Europe because we saw an opportunity in the market. Europeans, generally speaking, are more privacy aware. That has been shown very much in the way regulations have evolved in Europe, now including the GDPR privacy regulations. People value privacy, and see it much more as a basic necessity than in other places.
Right now in the US, you have companies like Amazon convincing their customers to put cameras in their homes, so the company can literally watch their homes and their delivery people can enter people’s homes while they’re gone.
That is pretty surprising to many Europeans (and many Americans too). Maybe I’m crazy, but I don’t think Europeans will widely accept that kind of sacrifice of privacy in their homes for more convenience. I hope that they won’t, because it sets a scary precedent for the risks we’re willing to take with our personal security.
But also, Europeans understand that big companies are going to try to compromise our privacy even without us realizing it. These companies would like to listen to everything we say and watch everything we do, because there is money in that. But European culture more or less believes that the welfare of society is more important than the business benefit of intrusive tech.
That is why companies like Facebook and Google have so many more challenges in Europe with regulations and oversight, because they take that kind of thing much more seriously.
The reason we chose StartupYard is because they have a very relevant network which we are currently leveraging. We couldn’t be happier here.
As I don’t have to tell the Czech people reading this, Prague has a long history of security engineering and cyber-security businesses like Avast, AVG, Cognitive Security, etc. Czech businesspeople understand security and take it seriously, which makes our lives easier, and provides more opportunities.
Plus, Czechia has a global reputation for security knowledge and prowess. We have definitely seen that this is based in fact.
What would you say is the most important thing you’ve learned in your time at StartupYard? What was your hardest lesson? Have you grown as a company and as founders because of that experience?
This is my first company. Obviously, you have ideas about how easy it is to make deals, and negotiate with people based on your common interests. When you really believe in your ideas, it feels like you can convince anyone you’re right.
One thing I’ve really appreciated in the process of mentorship at StartupYard, and then talking with corporations and partners about future plans, is that corporations are not one entity at all. They are a collection of different power centers and objectives, mixed with a lot of personal and political motivations as well.
When you start meeting with these companies, you realize that you have a lot of work to do to show many different people that it is in their interest to help you. Having people sponsoring you in a corporation is great, but it only takes one person in a position to block you, and you’re stuck.
As a startup, you move fast every day, and you don’t ask for permission. That’s how you build something new and different, but at the end of the day, people from the older world of business have to buy into what you’re doing. You have to respect the fact that these people have been in the market much longer than you, and they know a lot of things about it that you don’t.
I hope, and I think, that we have become more humble in that regard.
What can we expect from Steel Mountain in the near term? When will people be able to buy your products and use them in their homes?
Steel Mountain will be making it’s flagship product, Secaura, available for pre-ordering from March 2018. Subscribe to our website and we will keep you updated.
We have many details to take care of between now and March, and we are tackling the complex process of manufacturing and distributing the hardware, as well as maintaining the security service that comes with it.
Our aim is to be a part of people’s homes for the foreseeable future, so it’s critical that we build everything now on a solid foundation. Security and privacy is very dependent on trust, so we are building partnerships with trusted companies that have a good track record of delivering on their promises.