Spain's Telefónica has grown to become one of the largest telecommunications companies in the world. In addition to its focus on communications networks, it also develops technologies for health and education. The company is one of many Spanish success stories in the rapidly growing field of information technology and communication, as communications reach ever more distant corners of the world and innovations in computers, phones, and satellites facilitate an increasingly fast information flow.
Securing the Data
In 2006 Spain introduced the country's first electronic identity cards, allowing its citizens to be in secure online touch with its government and health agencies. In what has become a reference point for other countries considering a similar move, participating Spanish citizens can use the cards to do things such as filing their taxes and checking their driving records online. Ten million Spaniards already own these new identity cards, and the government plans to expand them to all 40 million citizens in the next few years.
"The need for security for all these systems provides a competitive advantage to Spanish companies," says Jesús Banegas, president of AETIC, the Spanish Association of Information Technology and Communication Companies (Asociación de Empresas de Electrónica, Tecnologías de la Información y Telecomunicaciones de Espana).
"This is one of the biggest projects in the identity arena," according to Jordi Buch, marketing manager for the information security company Safelayer. Safelayer makes software to manage the digital certificates that ensure the safety of information encoded on the card.
The original Safelayer technology, created a decade ago, verified bank employees and customers, increasingly important after Europe implemented a digital signature law that allows use of digital signatures in place of physical ones. Safelayer captured approximately 80 percent of the Spanish market and expanded to Portugal, France, Morocco, and several countries in Latin America.
Safelayer's innovation, says Buch, lies in software that is easily integrated into existing applications. In the past, companies needed four to six months to integrate security, but "we have a technology that can do the same in one month," says Buch.
Carlos Jiménez formed an interest in virus detection early. In 1988, while he was a university student in Madrid, the Friday the 13th virus threatened university computers. Jiménez created a new method for protecting computers from viruses, monitoring for potential viruses while executing a program instead of when scanning a new disk. He gave his solution to the university for free. "At the time nobody told me to patent the technology: my first mistake," he says, laughing; he sent the solution gratis to other companies as well.
By 1990, when companies had come to him to detect more than 200 viruses, he realized it was time to form a company. Two years later, he opened an office in California. Software magazines recognized his original company, Anyware, for its new method for fighting viruses. "In 1998," Jimenez says proudly, "we were the second most downloaded antivirus software on the Internet."
In 1998, he formed a new company, Secuware, that approaches the problem from a different angle. Instead of detecting known viruses, the technology detects known applications. "It's like what my mother said when I was a child: ‘Don't trust strangers,'" says Jiménez. "It's the same in the platform." Secuware also created a preboot operating system that protects Windows itself. While Windows runs, the system quickly watches and monitors, but it demands little power. This security operating system is in use by the Spanish tax service and the Bank of Spain, among others, and the company has expand internationally to count NATO, Warner Bros., and Walmart among its customers.
RealSec started out as a consultancy, providing original software and integrating third-party technologies. In 2003, RealSec began to focus exclusively on research for original products and technologies. The company received international certification for a hardware security module, an encryption device that meets the security needs of major credit cards, banks, and government institutions. Because it incorporates a tamper resistant layer, any manipulation of the device would cause it to automatically erase the information. It also has a digital key, stored on smart cards allocated to three people in the company who are unknown to one another. RealSec is selling these systems in Spain, in the US, and in a number of Latin American countries.
The founders of S21Sec also saw the challenges in Internet security a decade ago, and they took the question of how to protect companies from infiltration to those who should know the most about it: the hackers themselves. In 1999, the company's founders staged Spain's first hacker's conference in Mallorca. "It was interesting because it wasn't the usual community of security experts," says Igor Unanue, one of the founders.
S21Sec hired the best of the hackers and created a company in San Sebastian, in the north of Spain, to turn their skills into legal and profitable ones. S21Sec's founders had connections with a local bank, and the bank's CEO invited company engineers, all in their early twenties, to come and attack the bank's security.
Engineers took advantage of weak points in applications to infiltrate other supposedly secure systems. Says Miguel Rezola, S21Sec's international director, "We'd show our customers a list of passwords and e-mails. We could get into a company in Spain and fill up planes with passengers, change the price of tickets, everything that involves attacking the infrastructure."
Today S21Sec specializes in anti-phishing and anti-malware software and rescues information that was stolen from customers. They also perform digital surveillance, trolling the Internet in a variety of languages, including English, Spanish, Portuguese and Arabic, to unearth all the information that the Internet provides on their clients' companies or issues.
Bernardo Quintero, founder of the security company Hispasec, says he never planned on founding a company, but his interest in computers began early. When he was 16, his computer became infected for the first time with a virus, "so I programmed a virus detector to prevent it from happening again."
"With the arrival of the Internet, I became interested in security in general," he says. He started by writing a column on security for a Spanish PC magazine. That turned into a website—Hispasec—which Quintero created with other experts in the field to provide daily updates on issues of Internet security. Hispasec's writers became national experts in the field, and companies began to request consultation and security audits from them, "so we were basically obliged to create the company to satisfy the demand," according to Quintero.
Hispasec engineers have developed programs to detect vulnerabilities, penetrate a company's information boundaries, and combat phishing and trojan malware that attempts to hijack computer systems. In 2004, they also developed a service called VirusTotal, a free service that allows the analysis of any file using multiple antivirus programs.
"With VirusTotal, we've classified more than 20 million examples of malware, and it continues to grow at an astounding rate," he says. This knowledge has brought the company unexpected benefits: says Quintero, "Because we have such a huge library of malware, we were able to become a specialized laboratory for trojan malware, which robs bank users of their personal information."
Security also played a key role in the development of Gesfor's Educa project, an online education management tool currently serving millions of users—teachers, students, and parents—in Madrid and in other regions around Spain. Gesfor, which provides IT services around the world, created Educa in cooperation with the local government to provide ongoing information about assignments, due dates, and grades, allowing parents and teachers to follow a student's progress. This project builds on Gesfor's experience managing information systems, human resources, and security for banks, airlines, and the tourism sector.
"Because Educa is used by a lot of young people, the security side of the project was also very important, and we're implementing security functionality that we've developed in house," says Jaime del Rey, Gesfor's chief technical officer.