El Economista (Magazine) / Business Success / PAG. 30 / February 2019
When Facundo Rojo became interested in digital security, prior to 2000, there was still “not much of a market” for this sector, as Rojo affirms. He proposed to create a security department within the company where he worked at that time, they “half listened” to him. So Rojo decided to “kick off on his own”. Going back to 2003, Rojo’s goal was to create a professional computing security company, which back then were not abundant. Rojo had experience as a salesman and technician, so, for his company, he wanted to combine both. This is how in 2004 Víntegris was born. He had no funding from anyone. Its base was made up of the clients known to him from his time in previous companies, and at first, he chooses to work with third-party products. He was creating Víntegris’s client portfolio, until the point where they decided to develop parts as the clients requested so that their personal needs were satisfied. In 2014, the company took a turn: they decided to reduce the sale of third-party technologies to boost their own.
Digital security, a booming demand
“We detected that digital certificates began to be used regularly. They were requested by Revenue & Customs and The Department for Transport. Initially, this certificate was installed on a memory stick. Then, it installed on the computer, and it could be used. However, a problem arose: the companies did not know how many digital certificates they had, where they were and what use was made of them, something that concerned them”, explains Rojo. Digital certificates allow to authenticate the identification of a person on the Internet, so the digital certificate of a company enables to create binding obligations for them.
At this point, Rojo decided to create a system that centralizes all digital certificates of a company on a server, so that you can control who has the certificates, who can use them, track the use made of it and when it expires. Rojo emphasizes in this last point: “It is very important to know when certificates expire because, if this happens, the company can not work”. Later, they wanted to take a step further and put all this infrastructure in the cloud. It is the latest milestone in the firm: the nebulaCERT.
All this digital security technology is essential for companies because with digital certificates – and others – you can act on behalf of society. In Víntegris they are very concerned about the legal guarantees of their products, so they have the highest approvals granted by the European Union that meet its latest regulation, known as eIDAS-. “This is what sets Víntegris apart from the competitors. However, unfortunately, in many cases, the price is valued more than security, certification, quality and legal guarantees”, regrets Rojo
The importance of having a qualified digital certificate
Rojo gives as an example of a contract that he has signed on behalf of his company from his mobile phone. “Digital certificates make life easier for companies because it allows them, among other things, to sign contracts without the need to be physically there.” Within the certificates, there are qualified certificates. They are those that emit an approved entity and using a certified technology.
The procedure is that when a certificate has to be issued, the identity of the subject who must use it is verified – here it is done in person and, when you need to use a digital certificate, you are given a token – a kind of secret number – that only you know, and that reaches your cell phone. Therefore, the operation is reinforced with a security code that just the subject in question knows.
Qualified certificates provide a significant advantage in cases of conflict: the burden of proof in a lawsuit. For example, “if you sign a contract with a bank using a digital certificate and you say you have not signed that contract, you have to provide the proof because the certificate is qualified. The judge will agree with the bank. If the signature is not qualified, who has to provide the proof is the bank. In this way, it takes away the pressure of having to prove that you have signed” Rojo explains, following this logic, that among its 90 clients are large financial institutions, insurers or companies that carry out real estate transactions and, in general, actions that require “serious, formal and legal commitment”. In some countries, such as Germany, according to Rojo, a digital certificate is comparable in some operations to the notarial signature. “In Spain, at the moment, a certificate cannot substitute a notary, because the law says -for example- that a mortgage must be registered and formalized in a public deed before a notary. However, in many other actions, the digital certificate can be used. “
Víntegris looking for partners to expand abroad, especially Germany and Denmark
The role of its partners is to distribute its products
Víntegris partners distribute their technology. Previously, they sold directly through a sales team, but in 2017 Víntegris decided to change the sales model and move to distribution by the partners. “ We leave the direct sales for large accounts and some with a long history with our company”. In the future, Rojo intends that his company is dedicated exclusively to technology and its development and, on the other hand, delegate to the partners all the issues related to services.
Rojo details that they have an “important partner network”. We have Zaragoza, Barcelona, Bilbao, Madrid and six in Latin America. ” The choice of the Latin American region is merely practical: for the language”. Now, they have expanded their network to Great Britain and are looking for partners in Germany and Denmark because “They are using certificates as they offer them.”
The business of digital security is complex, and for the CEO of Víntegris “has not yet awakened.” Its turnover has declined, but “the sales figure of proprietary technology has increased. In addition, we have changed the way we sell it: we no longer sell it as a product but as a service: we sell its use.”
Víntegris closed last year with a turnover of 5.5 million euros – in 2017 it was 5.1 million – and has about 70 employees. The Víntegris road map consists of making “financial muscle in Spain” because there are large overseas operations that can not yet be addressed because, for example, they require opening a company in that particular country to permit the certificates you issue. Meanwhile, this new sector is developing, which is in full regulatory boom in a world where everything goes through digitalization, and where security is a growing concern. They will safeguard their financing with traditional credit policies and with the Center for Industrial Technological Development (CDTI), a tax agency that grants long-term loans and of which only a portion must be repaid.
‘nebulaSUITE’, their newest product
In 2017, they created nebulaSUITE. It is a comprehensive solution that provides the complete infrastructure to issue and manage digital certificates, as well as the qualified digital signature, and all through cloud-based services and protected by robust authentication.
It is designed for computers and mobile devices and has the accreditation of the European Union authorities since it meets the requirements of the latest EU regulation -of 2014-, as well as the revision of the National Cryptology Center. Moreover, in 2016, the company was approved as a trusted service provider.
Original interview PDF: ElEconomista_Facundo Rojo, Víntegris (only in Spanish)
Original interview Online: El Economista (only in Spanish)