Interview: Alex and Nicko van Someren
Interview: Alex and Nicko van Someren

Shared values, an entrepreneurial spirit and a touch of sibling rivalry have led the brothers behind nCipher to success. Paul Fisher reports.

Waiting for lunch to be served in one of the highly coveted private dining rooms at the top of the Gherkin, Alex van Someren, one half of the pony-tailed duo behind Cambridge-based nCipher, muses on the pros and cons of being brothers and business partners.

"Well, it scares venture capitalists, which is very satisfying, because they're always worried that you're going to have a dust-up," he says. "But, in fact, it's quite the reverse. We've had to deal with each other's foibles for 40 years, so we actually know the boundaries, probably better than most business partners."

I'm sitting between the two van Somerens, Nicko to my left, Alex to my right. There's a discernible difference between the two: 42-year-old Alex, suited and booted for the occasion, is the headstrong go-getter who didn't bother with university but is still blessed with a zealous intellect. Nicko, 40, is the academically over-achieving Eton and Cambridge man with multiple degrees. The quieter, slightly shier younger brother appears to be less comfortable with the interview situation - at least at the outset.

But brothers are brothers, so they feed off each other, and the interview becomes a ping-pong of opinions across the elegantly minimalist dining area that looks out across the spread of south London through the Gherkin's signature glazing panels.

The academic and the entrepreneur have made nCipher into another British success story in information security. Publicly listed after an IPO in 2000, the business celebrated its tenth anniversary in 2006 and currently lists Barclays, Bank of America and Volvo among its major clients looking to protect data. With Alex as CEO and Nicko as CTO, the company made its name in cryptography and now offers ID management as part of its product range. The protection and management of public key infrastructure (PKI) remains central to nCipher's business.

Their success, they say, stems from a stable and entrepreneurial upbringing. Their father wanted to run his own business and moved the family back to the UK from America when the boys were still young. It made an impression.

"We were raised in an environment where we were told: 'Yes, sure you can do that, you're perfectly capable of doing that', whatever it was. That sort of can-do attitude is very helpful when you're starting a business," explains Nicko.

Seeing their father working in a special room in the house made the young van Somerens aware that you did not have to get a job to earn a living. The boys earned extra pocket money by licking stamps and stuffing envelopes.

"But I suspect that there are also genes, environment and, ultimately, luck involved. You have to take the opportunity to actually develop a business. We were in Cambridge with computer companies on our doorstep to go play with," Alex points out.

They started fairly early by hanging out in the computer stores and learning to program, as well as getting involved directly in customer support activities - initially unpaid.

Alex eventually got a job with Acorn Computers in customer services, while Nicko got three degrees from Cambridge University and ended up with a PhD in computer science. "I think there's always been a dispositional difference between us about being on the technology side versus the business side," Nicko says.

Alex, meanwhile, soon showed which side he felt more comfortable on and, he says, learned quite early on that it is wise to hire people who are smarter than you are. "When I set up on my own, after two years at Acorn, at age 19, I was bolshy," he recalls. "A new boss went over my head, I didn't like him, so I left. I said 'I'm going to go and set up my own consulting firm', and I did.

"I've never been fazed by not knowing how to do something. I'm just prepared to learn how to do it as I go along. Obviously, there's a risk that you might get it wrong, but that's an entrepreneurial thing."

Alex admits that, with hindsight, it's not just that. It's a kind of blinkered approach to risk. If you knew in advance that what you're about to do is incredible, scary and dangerous - unlikely to succeed - then you wouldn't succeed.

But succeeded they have. And, like others in the vendor community, the brothers are ready to enjoy the growing awareness and investment in information security solutions. For the past four years, nCipher has been profitable, with annual growth of 30 per cent, they say.

"It's about innovation and constantly coming up with new stuff," says Alex. "I don't think you could do that if you just saw this as a cash-cow business. It doesn't work in IT, you have to invest a lot to keep the machine moving forward."

Ah yes, innovation - the word that politicians like, as do salespeople. But what kind of innovation have we seen from nCipher? Nicko leaps in with a story.

"When we first went to a crypto conference in Zurich in 1996, we were told by a famous cryptographer that 1997 was going to be the year of PKI. And pretty much every year since. But by 2001, PKI was a dirty word, because there were a lot of businesses that were selling PKI technology not because the customer had a problem for which it was the best solution, but because PKI was one of the things you had to have if you were a trendy, modern company.

"Baltimore Technologies and Entrust and people like that made quite a lot of money for a time, selling PKI to people who had not the slightest idea what they were going to do with it," he claims.

Now, Nicko says, people have started to appreciate the need for cryptography as they have taken a step back and worked out how to solve these problems. "Looking back at the failures of late 1990s PKI, there were all sorts of people who were desperately trying to change their business process to fit with their PKI, and it's completely the wrong way to do it. What you need to do is make the technology fit with what you're doing," Nicko explains.

Despite all this, I put it to the brothers that perhaps encryption's time has come again and, with the publicity over Microsoft's BitLocker technology, it has become quite a hot topic?

"There's a strong argument that encryption's become a mainstream activity," concedes Alex. "There are a myriad of different places where encryption is clearly the right technique to use to solve various problems, whether it's laptop disencryption or database encryption or email security.

"What's interesting is that a lot of these things have been around for a long time, but they've started to become more accessible and, as a result, they've been deployed much more widely," he adds.

Nicko insists on tackling the BitLocker question. "It's a technology that is capable of solving a very real need for a great number of people. But among our customers, who tend to be very large corporations, they're throwing their hands up in horror at the prospect of deploying BitLocker."

He predicts that deployment is going to be a nightmare, and when people lose their passwords, they're going to need a policy for recovering keys. He thinks that the default mechanism provided by Microsoft, designed to target the threat model of "I've left my laptop in the back of a cab", is not going to cut it.

"We're finding that technology such as BitLocker is great for increasing the awareness and deployment of encryption. From a business point of view, it's actually quite good, because there's a lot of manageability that becomes a visible problem when people start deploying this kind of thing," Nicko says.

The ease with which BitLocker can be used by employees is a theme that Alex has mentioned before. He is worried that businesses don't realise that if it is used and a key is lost, then the data is lost forever. Nicko agrees.

"It's a fact, and the risks are very considerable indeed. Microsoft skilfully makes it easy to protect laptops and disks with BitLocker. The realisation that once that data's been encrypted, it's never coming back unless you have the key will hit some people quite hard when they take active steps to ensure good hygiene in protecting copies of that key," he says.

"The risk is that you might be putting people in a position where they may be worse off because all their data becomes inaccessible, rather than some of their data being accessible to the wrong people," warns Nicko.

So the concern now is that from a point where the innovation of cryptography was overlooked, it is in danger of becoming available ever more easily to lots of people who don't understand the risks involved.

The van Somerens argue that you don't have to understand how cryptography works. What is important is the risks and the mistaken belief that once you switch the technology on, all your problems will be solved.

Alex explains: "Take, for example, people pursuing PCI compliance. There's a get-out clause in the PCI specification that says if you encrypt your data, it's all going to be fine. So it's obvious that people will think: 'Great, we'll buy a pound of encryption and slap it all over the data and it'll be sorted.' They may even actually drill down one level and decide their sensitive data is in the database. So they'll say 'Let's go and encrypt the database, then it will all be taken care of.'

"There is a small but important point here: the reason the data's in the database is so people can get at it. As soon as you start encrypting that data, things break; things you depend on in the organisation, which access the data, maybe without you realising, stop working," he warns.

So, the growing awareness of encryption will bring new problems and fresh opportunities for nCipher. In other words, managing encryption and deployment for clients through software.

Nicko is keen to focus on the positive. "We realised, probably three or four years ago now, that there was going to be a much larger opportunity in solving the problems of managing the use of encryption than there was in simply offering protection for keys and hardware, " he says.

However, not everyone is prepared to spend money on expensive hardware. He sees people who have substantial businesses, with real brands, but are not in the financial services space or in government, that still have a requirement for encryption and will need to manage it safely and carefully. These are the people nCipher has in its sights.

"From a business point of view, the opportunity is to address that 95 per cent of the market that will probably never buy hardware; it's sensible to offer them other tools, and those solutions are software-based," Nicko says. "So we've got key management technology in its second or third generation and, in the past 24 months, everybody and their dog has started coming out with their concept of enterprise key management."

But the final word must go to Alex, who is clearly relishing what he sees as full justification for the nCipher business model.

"It's rather gratifying to see the rest of the market vindicating what we have been doing for several years, and even better to see that they're about where we were six years ago," he says. "They have finally cottoned on that this is an interesting thing to do, but we've already done it once, thrown it away and started again."

IT AND ENTREPRENEURS - emerging from the shadows

The van Someren brothers are a good example of what happens when an entrepreneurial streak is allied to technical innovation. But they are a rarity in a country that struggles to match the level of success enjoyed by IT start-ups in the US and elsewhere. Why is this?

It could be that the UK economy is driven by originality and entrepreneurship in other areas. For example, according to The Economist, Britain is the world's leading exporter of cultural goods, some £8.5 billion in 2003. But the UK fares much worse when it comes to innovation; research and development; and ICT use, ranking around the 15th-mark in all three Economist indexes. The innovation index measures the adoption of new technology and the interaction between business and the scientific sector. The UK lag may be down to science and technology's unfashionable image.

According to Nicko van Someren, there is a perception at school level that sciences are a geeky thing. He tells of how the president of the Royal Academy of Engineering mentioned during a talk in South Korea that Britain was trying to encourage children to choose engineering at university because there was a shortage of graduates in this area.

"This startled his audience because in Korea, almost everybody wants to be an engineer, and they're running out of lawyers and doctors. They couldn't understand why British people grow up wanting to be in the media," he says.

But is this a bad thing? After all, the UK is still a thriving economy. According to policy think tank and seed investor NESTA, we should drop traditional measures of innovation, such as the Economist indexes, and instead look at encouraging "hidden innovation" in industry and elsewhere.

The van Someren's home turf, Cambridge, will always be an incubator of scientific innovation, but successful entrepreneurs are just as likely to emerge from the financial sector, retail and consultancy according to NESTA.

Many would argue that the UK needs to do more when it comes to high-tech companies, but the brothers who founded nCipher see improvements in promoting business-minded science graduates. They talk of a growing realisation that science needs to be more commercial, and that science graduates should be encouraged to become more entrepreneurial in their thinking - just like media graduates in fact.

"That's taken much more seriously than it used to be," suggests Nicko. "You are no longer seen as some mad boffin if you have a technology or patent application you think you can turn into a business."

Ironically, he adds, it's the media and programmes such as Dragon's Den that have made it a sexy thing to do. Alex adds that the like of Richard Branson, although not a technologist, have done a lot to make people think that entrepreneurship can be both successful and cool.

"There's no shortage of students looking enviously at the boys from Yahoo, who were students and built a multi-billion dollar business, or Facebook founder Mark Zuckerberg. This is something that all students use to exchange gossip with each other. I think they get the message," he says.