Baltimore Technologies Inc. has nothing to do with the U.S. city of the same name, but the United States has everything to do with that company's data security strategy.
Baltimore Technologies is trying to establish itself as the premier provider of public key encryption systems for secure electronic commerce.
It claims to already be No. 1 in Europe, but the big prize is the United States-not just for Baltimore, but for competitors that include GTE Corp.'s Cybertrust unit, the digital certificate powerhouse Verisign Inc., and Entrust Technologies Inc., a Canadian-rooted company now based in Plano, Tex.
In September 1996, when Fran Rooney became president and chief executive officer after leading a buyout of Baltimore, the company had six employees. Now there are 500 in 13 offices in eight countries. Fifty have joined in the United States in the past six months.
Mr. Rooney's timing was fortuitous. The Internet was just taking off, and words such as "e-commerce" had not gained currency.
Baltimore explored the public key infrastructure, or PKI, concept, the cryptographic technology that underlies such fundamentals of secure electronic commerce as digital signatures, company seals, and authentication.
Baltimore, which takes its name from an Irish town where its founders happened to have a meal 23 years ago, moved from being a modest specialist in cryptographic library software to competing for global supremacy in enterprise security technology.
"Baltimore's objective is being the leader," said Mr. Rooney, 42. "We win any bid based on our technology, and we only build a product if it's the first, only, or best in its space."
Baltimore's flagship product is the Unicert Certificate Authority, which is used to issue and manage digital credentials for users of e-mail, Web browsers, and virtual private networks.
Mr. Rooney said that though he was always convinced of the superiority of Baltimore products, he came to realize that the company needed help in systems integration. In January, Dublin-based Baltimore merged with Zergo Holdings PLC, a cryptography leader in the United Kingdom with the skills and banking customer base that Mr. Rooney was seeking.
Zergo was founded in 1988 and bought an Australian security software company, Security Domain, in March 1998. This acquisition gave it a strong presence in the Asia-Pacific region.
Zergo went public on the London Stock Exchange in June 1998. It now operates under the Baltimore name.
Mr. Rooney became president and CEO of the new company in May, when Zergo chairman Henry Beker gave up his CEO title.
The time was ripe for focusing on the United States.
"We dominate our market in Europe and Asia," said Tom Larson, senior vice president of Baltimore Americas. "We've had a strong and growing presence in the Americas since the beginning of this year, and we can compete."
Having 30% of the European PKI market and 10% of the Asia-Pacific market gives Baltimore a strong base. Its big-name customers in over 40 countries include ABN Amro Bank, Deutsche Bank, Natwest Group, Lehman Brothers, Visa International, the Society for Worldwide Interbank Financial Telecommunication, and Identrus, a multinational banking venture that includes ABN Amro and Deutsche Bank and which was formerly called the global trust organization.
Identrus on Monday announced it had selected Baltimore's PKI for its pilot test.
The Identrus project could be laying significant groundwork, given the potential five million business customers worldwide that may be linked in the digital certificate hierarchy to smooth authentication of electronic transactions. Identrus plans a full launch of its service next year.
Through relationships with any of the Identrus-owning banks or with associate members, companies will be issued Unicert certificates that will assure security with any company with similar credentials.
"This is the first serious global PKI contract competed for this year," Mr. Rooney said. "We competed from a technical and customer service perspective, and we won it in the backyard of our competitors. I see it as being a huge endorsement of our company, product strategy, and vision of the future."
Baltimore's Unicert, together with a developer tool kit, PKI-Plus, offer an open, scalable, multi-purpose certification authority that can support multiple keys and 12 different directories. Security policies and permissions can be defined by lines of business, users, market segments, and states.
Each Baltimore product is modular, so features can be added or taken away. Any application that works to standards such as Secure Sockets Layer (SSL) or Secure Electronic Transaction (SET) will work with Baltimore's technology.
"The company's product is scalable for both high-end and low-end installations," said Greg F. Naderi, an information technology market analyst at Frost & Sullivan in Mountain View, Calif.
This year 30% of Baltimore's budget will be spent on research and development. Including Zergo, Baltimore had revenue of $30 million last year. The company is 10% owned by Dermot Desmond, an Irish millionaire businessman, 6% by Intel Corp., 20% by employees, and the rest is public.
It hopes to soon carry out an initial public offering on the Nasdaq stock market. "We have engaged bankers and lawyers in the United States to see what approach we should take," Mr. Rooney said.
Baltimore claimed a piece of electronic commerce history last year when President Clinton and Irish Prime Minister Bertie Ahern digitally signed a communique with Baltimore software.
Baltimore's primary competitor for product sales, Mr. Rooney said, is Plano, Tex.-based Entrust Technologies. On the services side it competes against Verisign of Mountain View, Calif., and GTE Cybertrust of Needham, Mass.
Frost & Sullivan's Mr. Naderi said Verisign has been trying to become a brand name in the industry, "but with limited success." He added that both Entrust and Baltimore have had problems getting from pilot to rollout stages.
Baltimore said it has put out 110 bids worldwide and won 15 of the 22 decisions handed down."We're winning most of the bids in Europe," Mr. Rooney said.
In the United States, Baltimore is taking on formidable competitors on their home turf.
"Our commitment to the U.S. is extremely strong," Mr. Rooney said, adding that he expects Baltimore will have 20% to 25% of the U.S. PKI market within two years.
"No one has got this market locked up," said Phil Schacter, director of network strategy services at Burton Group of Midvale, Utah. "A lot of big companies haven't made PKI commitments yet, and it is still very much an open marketplace for someone to grab market share."
He said he likes Baltimore's technology package and believes it has gained credibility in the United States in the last year. He added that Baltimore's late entry can work to its advantage. Entrust had the burden of being "a pioneer and inventing as it went along."
"It is possible to deliver simpler, cleaner architecture, and that's what Baltimore is trying to do," the analyst said.
Mr. Rooney, who has an accounting and programming background, said he resides in Dublin, Ireland, has an office in London, and is spending half his time in the United States.
A deal announced in June with Deutsche Bank "will bring in the old Bankers Trust as a potential customer," he said of the two merged banks, both Identrus founders.
Baltimore caters heavily to the special needs of financial companies. ABN Amro of Amsterdam, for example, turned to Baltimore "to PKI-enable its entire enterprise," said Caelen King, product manager of Unicert. Six months ago, he said, ABN Amro had a diversity of security software and as a result had a problem implementing applications on a timely basis. "It's truly a case of an enterprise embracing PKI."
Bankers are "getting more and more conversant with PKI," Mr. Rooney said. "We don't have to explain to them the fundamentals of the technology or how to use it."
