SafeLogic was founded in 2012 as a spin-off from Apex Assurance Group. CEO Ray Potter had grown Apex into a leading consulting firm since his departure from Cisco, but it was obvious to him that the future was in building products that met compliance requirements, rather than in advisory.
Potter designed the specifications of the first SafeLogic products to meet the needs of Apex clients that had repeatedly faced the same, repetitive roadblocks. It became known as CryptoComply, SafeLogic’s flagship product, a family of encryption modules that have been purpose-built as drop-in replacements for various popular open source crypto libraries. CryptoComply has received a validation certificate for FIPS 140, the requirement for encryption deployed in the U.S. Federal government and other regulated industries. SafeLogic’s RapidCert service accelerates the same validation on behalf of customers by delivering in approximately 8 weeks, rather than the traditional 12-18 months. SafeLogic customers enjoy zero effort, simplified FIPS 140 validations, helping them beat rivals to lucrative Public Sector contracts and as a strong competitive differentiator in all verticals.
The key ingredient was providing the module and validation service together in tandem. The Apex team had significant expertise in completing FIPS 140 validations, but the huge savings in engineering effort and project timeline were unlocked by productizing. There are encryption companies and there are compliance consulting firms - SafeLogic combines the two for unprecedented results.
The company has since established itself as a true leader in the space, boasting major technology players among their customers - Hewlett Packard Enterprise, several of Broadcom’s major acquisitions like Symantec and CA Technologies, Raytheon, VMware, Cisco, Trend Micro, and others. Disruptors who have become household names, like Okta and Zscaler, count on SafeLogic for FIPS 140 validated encryption as well. In the modern Agile workplace, vendors are tightly focused on their core product capabilities, so the ability to outsource a component to a specialized and trusted partner like SafeLogic is a huge advantage.
“We embrace many now-classic start-up philosophies,” said Potter. “A small team, significant collaboration across functions, high levels of independence and responsibility, and most important during the COVID-19 crisis, SafeLogic is a distributed team. We work from anywhere and everywhere, with a seamless and singular focus on productivity. Work is what we do, not where we go.”
"We operate firmly in the ‘get your work done’ philosophy and everyone here takes ownership of their roles,” Potter continued. “We don’t hire managers, we just hire people that can execute on the vision.”
This year has brought new challenges for SafeLogic beyond the pandemic. The National Institute of Standards and Technology (NIST), whose Cryptographic Module Validation Program (CMVP) in partnership with their Canadian counterpart oversees and administers FIPS 140 validation, has rolled out new restrictions for existing certified modules and kicks off the next generation testing program in September 2020. SafeLogic has spent considerable time ensuring that customer certificates will remain active and in force, despite the alterations. That’s crucial to SafeLogic’s business model - once a partner has implemented CryptoComply and deployed it within their product, it should remain valid and as static as possible. Any time that engineers spend on CryptoComply or FIPS 140 is time that they are not spending on product features, a lesson that is often repeated by SafeLogic personnel.
Concurrently during 2020, the ubiquitous open source cryptographic architecture OpenSSL has long been planning their next major version, which will be known as OpenSSL 3.0. They have released six alpha versions which incorporate TLS 1.3 and it will be in high demand once it becomes available for general use. SafeLogic will sync their next major release with it, to guarantee technical compatibility with the new API calls, which will be a very exciting transition.
Unfortunately, despite still working on the 3.0 version, the OpenSSL team officially ended support for their previous 1.0.2 version. While many developers had already migrated to OpenSSL 1.1.1, that version deprecated the necessary FIPS Mode so it is not possible to deploy in any Federal agencies or regulated industries. SafeLogic has been working intently to take care of customers remaining on the EOL version to bridge the gap.
It has been a busy year indeed, particularly with the notable increase in remote work, and SafeLogic continues to innovate and provide solutions for the cryptographic components within each and every product that requires FIPS validation.