Interview With Validian Corporation (NASDAQ OTCBB: VLDI)

The concept of security is at constant issue, whether it be on a Dr. Phil’s most primal of needs scale or measuring the feel of a situation as compared to the week’s ever-changing, color-coded terrorist threat level. Comically, it invites questions that sound like B-movie teasers: Do you really know who lurks around the corner? What lies beyond those bushes? But, thrust into the context of the world of here and now, suddenly it doesn’t seem quite so funny

Security threats abound, leaving us begging for relief, for a stay of execution from the malicious threats that are forever tapping us on the shoulder. Yet how does one steer clear, navigating the maze avoiding the booby traps?

The Internet, though relatively new to the scene, has been for what seems like forever a source of such concern. With computer security beaches of over $15B annually - both a compromising of the integrity of sensitive business documents and an unforgivable waste of money - cracks in the system have no choice but to be plugged.

Businesses are scrambling to safeguard their livelihoods. Workers, oblivious to the ramifications, open up channels of what appears to safe communications within the corporate framework and, without knowledge, expose all things proprietary. Where’s the happy, and nontoxic, medium.

Corporations now realize the myriad of benefits of Instant Messaging (IM) in this fast-paced, time-sensitive economy. This improved, instant e-mail though a perfect vehicle for speed and efficiency, is notoriously insecure providing, as one nasty instance, an access point for backdoor Trojan horses.

Validian Corporation was launched with the belief that securing data and communication exchanges for distributed applications should rightly be within the reach of any organization. With the Company’s patent-pending Application Security Infrastructure (ASI) recently launched, they offer a product line that is concurrently fully secure, simple to deploy and operate, highly reliable, scalable and affordable.

Gartner Research expects that by 2005, IM will be integrated into 50% of the applications that businesses use to directly interact with their customers. Ferris Research counter-estimates that it will be over 65%. Whatever the final tally, there’s going to be a lot of doors swinging wide open in the winds of enterprise. Validian has found a way to shut them…for good.

An interview with Validian Corporation’s President and CEO, Dr. Andre Maisonneuve conducted by Eric David & Sons, Inc. October 22, 2003, follows:

Eric David & Sons, Inc (EDS): Your Application Security Infrastructure (ASI) product allows for a secure exchange of data between applications on the Internet and does so as a multi-tiered solution, focusing primarily on establishing a ‘trust’ level between said applications.

Conceptually, what sets it apart from a virus protection package offered by the likes of a Norton, something that most users equate with a sole security platform?

Validian Corporation (VC): Simply put, a software package like Norton Anti Virus is a network protection, preventing viruses from entering into the corporate framework. For example, it solves the problem of viruses, coming through attached to e-mails; and that’s protection that everyone should have installed.

ASI implements protection of messages from the source application through to its destination application, keeping it safe from ‘point A’ through to the end user at “point B”. Contrary to the (Norton) network protection, ASI operates at the actual application level and is impervious to all viruses. This technology enables the encryption of outgoing messages from inside the source application and carries the encrypted message directly into inside the receiving application with the decryption done within that end application. Side by side, there’s a huge difference from that of Norton’s product from the environment and infrastructure points of view.

EDS: For demonstration purposes, and in layman’s terms, please give us a brief and practical example of the mechanics of ASI.

VC: One of the most fundamental and crowning qualities of ASI is that of its authentication process and ability to truly identify who is talking to whom. In our environment, we first authenticate all of the communicating parties so that communication within ASI is only done amongst pre-qualified people, that is, opposed to you receiving messages and not always knowing whom the messages are from. ASI does that via the services of a domain controller, that registers all participants, but only after actively recognizing their pre-qualification. When that step is complete, and parties and the application have received the authorization to send data from one to another, only then does the communication take place, in a peer-to-peer fashion, without having to go through the domain controller.

This is the underlying difference between what we offer to the world and what other security solutions offer. In other technologies, incoming messages arrive and the end user scrambles to find out who it came from…are they authorized, are they safe? With our technology installed in a communication environment, there are no rogue users, no rogue applications that can sneak in ASI or SIM. All participants and all source and destination applications exchanging data through the ASI network have been thoroughly authenticated before communication takes place.

EDS: Is this similar to the (domain name) blocking feature that a Hotmail email account offers?

VC: Yes, it’s somewhat the same in principle, but obviously domain name blocking features of Hotmail operate on a much smaller and unsecured scale.

EDS: What’s the ETA of the patent applied for re the ASI proprietary knowledge?

VC: The process of applying for and receiving final approval, in itself, may take up to a year and a half (there’s more than one area to be patented) after initial filing. We are already working with the lawyers and engineers making sure all of the material is attended to, but, during the entirety of that period, we’ll remain protected. Another point to keep in mind is we’re software based, so we already have copyright protection, which is the primary method of proprietary safety in the software business.

Patent application is a bit of long and drawn-out process, but most certainly a worthwhile one.

Referencing the intellectual property, please do note that most of our system is based on industry standards. We don’t change the encryption principles, we don’t change the operating system, nor is ASI a new programming language. The way we went about theoretically and mechanically arranging the standards resulting in the unique addressing scheme, however, is worth a patent. The way in which we exchange the keys in order to ensure that there is a unique session key between the communicating parties that only they are privy to is worth a patent. And, at the heart of it, the way we authenticate the process is worth a patent.

All of this is very clever and unique ways to implement these functions. We don’t have anything ‘proprietary’ in terms of standards. They are, literally, standards belonging to the world and, as such, cannot be changed. Our process envelops the standard, working within their existing framework, making it a unique tool.

EDS: Let’s focus on your Secure Instant Messenger (SIM) product, using the ASI platform. Given the combination of IM’s ease of use and desire to incorporate such into a business framework, perhaps you could quantify the parameters and size of the market you’re addressing.

VC: The recently published size of the market suggests, in an educated manner, that IM will surpass e-mail as the primary way in which consumers interact with each other electronically by the end of 2004. According to Gartner, it’s estimated that there are about 30 million business IM users internationally, and that by 2006, that number will increase to 265 million. By any measure, the market and its potential are huge.

More are certainly recognizing the fact that IM allows for tremendous advantages in business. But the caveat is that, in such a situation, everything without exception that’s sent via the three main products (Yahoo, AOL, MSN) are sent through their private networks and is open for anyone to read, and at any time. Messages and files alike, intrinsically confidential in the case of business communication, are literally being sent into the wide open. So, for business transactions, it’s a very risky proposition. It obviously stands to reason that businesses are now focusing on trying to secure IM, in order to enjoy all of its benefits with none of the inherent risks.

Our SIM product works on the public network of the Internet – so everyone may share access to our communication network, unlike the private networks that can only function within their own community – and ASI does so safely and securely as encryption of all messages and attached files is done within the SIM application. Remote and local employees alike are secure in the same manner, from inside their originating SIM application, and complete through to inside the receiving SIM application. Without exception, material flowing over our IM always remains encrypted, and is therefore impenetrable.

Recently attending an IM conference in San Jose, two things were made abundantly clear: Instant Messaging is useful and desired for business, and it needs to be ‘tight as a drum’ secured.

Corporate IT departments having long tried to block the use of private IM because of risky security situations now concede that it’s warranted as a real business tool. That acknowledged, everyone is now focusing on safeguarding it. Businesses need first to secure internal employee communication, the main reason being that 70% of infiltration into proprietary corporate property is done from the inside. If we first close this door, we mitigate the majority of the risks and we educate employees to use a secure communication channel for business use in a routine manner. That cannot be done easily with the public IM systems.

Ours is a very simple way to secure all business communication. With only a few minutes installation time, SIM immediately solves all problems relating to a company’s internal communication, with the added benefit that if we secure within the corporation, we can also secure, by the same token, all of the traveling employees, anywhere in the world, as everyone communicates securely through the same network, the Internet.

EDS: What does SIM offer in the way of scalability?

VC: Scalability in our environment is very easy. ASI is a distributed environment; the domain controller has a number of services, which can be easily duplicated on any computer linked to the Internet to instantly increase capacity.

The fact that we have this distributed environment really automatically takes care of the scalability issue. And because we control every point of entry into our system, we are scalable up as well as down. If we have three services of the same type that are not too loaded up, we can just reduce the system to one or two services. This is a bit unique in the security environment. Usually people have to plan for the highest load factor in the design of their system, whereas we just start at the appropriate level and expand or contract as the business requires and deems appropriate.

Another winning point is that our platform doesn’t necessarily require an onsite server; users have the option to use our own public server that can support tens of thousands of users simultaneously until they decide to implement their own.

EDS: For the first time, Microsoft will have an integrated Instant Messaging product, called Live Communication Server, imbedded in their Office 2003 software package. Have you had the opportunity to review it and see what kind of security transfer measures, if any, are included?

VC: From all indications, it has a transport level security, meaning that the security does not come from within the application. I would imagine that it’s somewhat of an improvement from the last ‘model’, but in no way rivals what we can provide to the same communication situation.

Our SIM solves the security problem behind openly exchanging files, encrypting files, and sending any information securely through the Internet, making us more universal and a broad-based platform (and realistically not appropriate for similar bundling).

EDS: You’ve referred to yours as a ‘virgin market’. That being the case, surely you’re in a constant R & D mode. What else do you have on your roster of product offerings?

VC: ‘Virgin market’ refers not only to the fact that this market remains relatively untapped, but also that bringing security to the IM market, at this point in time and with alternate products, is a bit of a nightmare. Safeguarding the three largest private networks is very complex because security wasn’t built in as a prime concern. The cost of securing those, and the complexity of doing so, really does limit the widespread use to larger corporations with significant technical and financial resources. Our distributed business model is relatively unproblematic in comparison, and, as such, is able to provide a secured situation to a huge market not currently properly serviced.

Validian has unique features afforded to the mobile users. We are the only company that has an implementation of a secure IM product on a USB memory device. It’s physically impossible for the three larger players to come up with that as we, unlike they, use the Internet as a communication network.

SIM on a UBS can be attached to any computer anywhere in the world, never leaving anything on, or having any lasting effects on, the host computer. Case in point: when I travel and ask people if I can use their computer to communicate through this USB device, there’s no problem in doing so. When I requested previously if I could log onto their e-mail system directly, they were very reluctant, as I could easily download viruses with any of my communications. My privacy was compromised as well, as they could have tracked my transmission.

By virtue of our SIM product, the USB has now been upgraded from simply a storage appliance to now that of a portable secure communication device. We’ve taken that directive one step further and now also commercially have the SIM product on a USB device implemented on a wristwatch. As many colleagues have commented, it’s very ‘Dick Tracey’, but is real and here now. The USB device is built into the watch with a wire coming through the watchstrap that plugs into a USB port. You can travel anywhere in the world, take it off, plug it in, do your secure exchanges, save files onto the watch, and be done with it…a completely mobile and secure communication process.

The key point we’re making with that wristwatch example is that not only is SIM totally secure but it’s also tremendously affordable and easy to implement. There’s no way a PKI system (another security infrastructure) could be installed on a watch. There’s no mistaking that we’re already here and active in this advanced arena.

The product’s time to market? Negotiations are on going, but the fact that we’ve actually accomplished it and there are people out there that are using and testing them, gives us the credibility factor necessary to bring it to fruition. Commercially speaking, implementation of SIM on a USB device in a large number of appliances goes far beyond the novelty of Dick Tracey. It stands to be huge in the market.

EDS: While in that arena, are there any limitations to SIM or ASI that you have identified and are addressing?

VC: During our field tests, we haven’t experienced any limitations with the platform. Forging ahead, rather, we’re expanding the link of the product to other applications within the corporation, a targeted example being in Supply Chain Management and Customer Relations Management. We can insert SIM into the communication between individuals cooperating in a SCM system or between a call center and the party calling in a CRM system, thereby managing the exchange of messages and data in a secure IM environment; all overseen by the system manager. Applications in the e-health sector also can definitely benefit from ASI and SIM.

That outlined, the next phase will be integrating our IM into such business applications, increasing the efficiency of that exchange.

EDS: As recent Companies in the news, entities like Endeavors and Zonelabs, only manufacture products that offer an encryption solution to private systems (Yahoo, AOL, MSN). That said, who’s your most immediate competition in the corporate arena?

VC: The most immediate competition is, in fact, those top three, because they’re trying to convince the people that their system is secure. A little closer to home, there’s also a couple of newcomers on the scene, the likes of Jabber offering complex solutions, resulting in a certain degree of IM security in the business situations. They still lack the level of security and the mobility feature that we bring to the market.

Any large market explosive as this will always attract a large number of participants. We know of no one else at this time that can secure application-to-application transmission or exchanges between distributed applications operating in distributed networks. Simply stated, we are quite unique. We found that with alternate technologies, it’s been a nightmare for them to provide application and user authentication in a mobile computing environment. Their whole infrastructures break down.

Validian has also the only platform allowing for easy encryption of attachments including non-text data, not just the messages. That gives us a significant lead-time over the competition.

EDS: Who best to sell your services?

VC: We’ve established sales channels with independent software vendors (IVS) and value added resellers (VAR), allowing them to offer their clients a secure environment at a cost much less than alternate products.

For example, if an IVS sells their corporate software package solution for $500K, but have to install a security component like a PKI solution for another $500K, they will therefore sell the entire solution to its customer for a $1M. With our ASI/SIM product, because it would only cost, for example, $200K, the ISV is able to maintain the same profit margin, but their customer will save $300K on the ISV’s complete software and on a superior security package. We make it a simpler and more effective equation to sell, while protecting the IVS margin. End customers being very sensitive to these factors, we’re confident that this channel will continue to work well for us.

EDS: I understand that the Company has engaged a professional services firm specializing in technology start-ups to advise on the best marketing strategies as well as to design and execute tactical sister vertical markets for you to focus on.

Could you touch on some of the verticals that have been broached? What kind of traction do you have in the markets at present?

VC: The recommendation of that firm has been to focus on two main verticals: Supply Chain Management and Electronic Health.

E-Health, aside from certainly having the need, recognizes the fact that there’s no other technology that will encrypt non-text files. Digitized images and sound files constitute a critical percentage of their communications, and other IM systems do not provide for such transmissions (in the case of sound files) or with the necessary degree of security.

They further have a legal requirement to track all exchanges of their messages. An archiving system is built into our SIM, whereby messages are sent to archiving before the end destination can read it, so messages cannot be modified,. The competition only offers it as a ‘plug in’.

Health sector patrons are often required to send larger files. The advantage of SIM is that as the file comes out of the application and is carried directly through our own infrastructure, the size of the file is really inconsequential. Giving you an exact example, I just impressed one of the system integrators by sending a 2MB file from our office to their destination in seconds. All he said was, ‘Wow!’ This is because once the authentication is complete in SIM, we go peer-to-peer, thus the speed. We don’t go through servers that have to store then move forward, store then move forward, slowing up tremendously the transmission process. SIM just goes directly to where the IP address is.

Validian has over 200 SIM users to date, and we’re confident that we will establish a formidable strength and definitive growth pattern in this, and other targeted, verticals.

EDS: With the massive growth of global Internet usage, do you plan to market your products internationally, particularly to the burgeoning markets of SE Asia?

VC: At this point, we’re focusing on the North American and European markets. We have tried to set up discussions with the SE Asian markets, and have stopped for the time being because we really do need to have a very trusted and centralized partner there, and we’re still looking to establish that.

As a smaller company you have to be careful not to spread yourself too thin. We want to ensure a solid foundation, direct sales and their testimonials here in North America and Europe before we expand beyond those boundaries. That’s a solid fundamental on the road to guaranteeing success.

We’re already in Europe with a development center and here in North America with our U.S. and Canadian offices and are happy for the present time.

EDS: Where does your product line proceed from here?

VC: We’re not going to have a large product line and a huge number of applications like SIM. When you have a winning combination like the targeted product and the established and dedicated sales channels that we’ve set up, you don’t want to venture too far from the original focus.

Our partnered software vendors have devoted customer bases and in-roads into the vertical markets best and immediately suited to our product line. Very few corporations buy security in itself and we make it easy for the software vendor to integrate our solution into their product. It’s been a successful solution to date, and one that we intend to continue concentrating on.

EDS: Strategic alliances? Any targeted acquisitions planned?

VC: The line of attack is to definitely have strategic partners in a field complementary to what we offer. An illustration of that involves a firm we are aware of that monitors the use of private IM systems. If corporations want to use a secure IM for their communications like our SIM, they will need a package to formally monitor all other IM transactions for business purposes. It would make sense for us to broach an alliance with such a group for a more complete business offering. The key for diversification is alliances with more complimentary functions rather than acquiring new offerings, because what we offer now is really ahead of the market.

Furthermore, because we are first to market with a solution for the distributed application arena, which in itself is a multi billion-dollar potential, we feel that down the road we will very likely become an acquisition target of a major player.

Some of the major sector names that we’re talking to in the distribution channels will look for us to establish a commercial capability in usage of the product, i.e. basically more test casing. It’s at that stage that we feel we’ll become an acquisition objective.

EDS: A couple of fundamental questions: What’s been the institutional market reaction to Validian to date?

VC: We’re getting very favorable reaction. The analysts that we’ve talked to, both industry and financial analysts, have come to terms with the fact that the ability of VPN and PKI products to secure distributed applications over distributed networks is practically impossible. They’re not aware of any other company in the world today that has our solution and feel that it’s definitely critical to a market they view the whole world shifting to.

As we see a paradigm shift towards distributed applications and distributed networks, corporations servicing multi billion dollar markets have to come to terms with how to implement this paradigm shift with full security, at an affordable cost and with an ease of implementation. It was noted that, in their viewpoint, they’ve accepted that the old client server architecture and other security procedures are neither designed for nor capable of serving this new paradigm. That said, we’re gaining wonderful acceptance levels.

It’ll then be our plan to move to a more senior exchange. As we build out, we’ll be considering a move up to either the NASDAQ, AMEX or possibly the NYSE. We’ll have a better indication of so as the markets build on their upward swing. We’re staying abreast of how each of those exchanges is reacting to economic indicators as well as those in our sector.

EDS: Company’s Management position of the outstanding?

VC: We have 22M shares outstanding. Management and founders hold a 40% position.

EDS: What’s the Company’s long-term debt situation and ETA to profitability?

VC: We do not have any long-term debt. Since 1999, when we were established, $7M has been invested to get to this stage. We only have a few hundred thousand dollars in short-term commercial debt.

We launched our product in the summer of 2003 and we’re beginning our sales push, rolling out and ramping up in the marketplace. With that, we’ll be expanding our budget in the direct marketing and sales functions to gain traction in the sector. We’re looking at profitability, as a result of those increased and targeted expenditures, in the year 2005.

As we increase that burn rate, we also ensure that we’re increasing our runway. We test out those markets, and, as reactions indicate, increase expenditures in that area. Case in point: we’ve been receiving market pull in the e-health area. SIM addresses the fact that meeting the security, file transfer and archiving demands of that market has not been resolved by alternate technologies or products yet and, with a minimum amount of marketing so far, we’ve been receiving a number of calls. This is certainly a market segment we’ll be funneling more marketing dollars to, resulting in faster revenues.

The same is applicable to the distribution channels we’re going through. As we do deals with the ISVs and VARs, they will pick the verticals they feel will be best suited to their product offering. One of the attractions of that method is that they’ll be applying some of their marketing resources to implementing our products through their channels.

EDS: What’s your view of the economic environment and foreseeable industry trends referencing a return to such corporate spending and what milestones do you wish to reach in the next 3 – 5 years period?

VC: There are really two key factors here: as we’re very much a market driven company, we’ve been talking to major distributors in the marketplace, as our distribution channels have also been talking to the industry analysts as well as the financial analysts, and their viewpoint is that corporations are ramping up the security portions of their IT budgets and will continue to do so. The crux of this is that they must be able to solve both their internal as well as their external security issues. Validian ASI and SIM solve both with one punch.

People knew that implementing security used to be very costly and very complex, but now they are realizing that with Validian it’s much less expensive and much easier. And that rings bells all over the place.

IT security professionals have a mandate to implement security systems that are much more affordable and simpler to integrate into existing systems. We offer one of the very few solutions that can meet those requirements. And we ensure a very rapid return on investment, as well as a low total cost of ownership. That’s critical in making those technology choices and is, indeed, as important as being secure.

In the market context, we’ve talked about not only having a definitive security infrastructure for distributed applications and distributed networks. Our two commercial products address the estimated corporate market of user IM, which is expected to increase from 30M users per year in 2003 to over 265M by 2006. That’s an incredible growth capability right in our backyard. And SIM is the only IM product (secure or not) available on a USB device. The USB market is estimated to grow from 10M units per year, this year, to over 50M units per year by 2006. What we bring to USB devices is pretty unique, converting a USB appliance from a portable storage device into a secure and portable communication device. All that taken into consideration, we know that we have a built-in advantage here.

Major corporations, USB device manufacturers and our distribution channels of ISVs and VARs recognize that ASI and SIM bring significant value added to them in their own marketplace. And that’s a win-win situation for them and for Validian.

Jennifer Gardiner, an Investor Relations veteran and a freelance business writer, is presently consulting with Eric, David and Sons, Inc. Working primarily with micro and small cap Companies, she has assembled and actively maintains international relationships in her roles as Marketing/Communications Strategist, and Investor/Public Relations Managerial consultant.

Please view the EDS disclaimer/disclosure on Validian Corporation.

2003 © Eric, David & Sons, Inc. All Rights Reserved.

--------------------------------------------------
To unsubscribe to the EDS Newsletter, click here.