Belgian Fintech start-up - GuardSquare
Interview with Heidi Rakels (CEO GardSquare)
GuardSquare is the world's leading provider of optimization and obfuscation software for Java and for Android. Their mission is to optimize and protect mobile applications. It helps developers to create apps which are faster, more compact and more secure. They currently have a fast-growing number of financial services clients (international banks, credit card companies, insurance companies, …).
How did GuardSquare start? Can you sketch the history?
Eric Lafortune and me (Heidi Rakels) founded the company in 2001. Eric created our first product, ProGuard, in 2001 as an open source project. ProGuard focussed on making Java programs faster, more compact and more difficult to reverse-engineer (through the process of code obfuscation i.e. convert code so it becomes difficult for humans to understand). It actually started as Eric’s hobby and the first versions were open source, free versions of the software. The advantage we have with ProGuard is that this software evolved and improved slowly with input of the open source community. This means it was extensively tested in a myriad of different environments and circumstances. This makes it a very robust, stable product.
In a quite natural manner it evolved to become the standard for Java and was included in many SDK’s (Software Development Kits – Sun, Intel, Android). ProGuard was mainly used in applets (on websites) and midlets (on cell phones) as having small programs was important for these applications. With the creation of Android in 2008 (which uses Java) ProGuard got a real boost as developers could use it to optimize their Android apps.
A next important milestone was 2010 when Google came with their License Verification Library (LVL – a way to secure apps) which was cracked within a week. As a response Google advised developers to use security software such as ProGuard to better secure their apps. A few months later Google put ProGuard in their SDK. So today each developer using the Google Android SDK has access to ProGuard in can use it to secure and optimize their apps. So Google is actually distributing our software . This of course gave a major boost to the amount of users but also the amount of questions coming in. Most questions focussed on new security features which are more difficult to develop in open source. That is why we started in 2012 with our first real commercial product, DexGuard, built on ProGuard but with multiple extra layers of protection. With the launch of our first commercial product, DexGuard, in 2012 the amount of work started increasing so I joined Eric fulltime in the development of the software.
Did you target the financial sector specifically? How did you get into the Fintech world?
No, actually 2 weeks after the first release of DexGuard in 2012 the software was bought by an international bank. We did not really target banks but more and more banks started buying our software via our website. Last year we discovered that a number of international banks and payments companies tested and evaluated our software. They started asking our a lot of questions on competitive comparison with other software out there and each time they reacted very positively and bought our software. So we know that, especially in the financial services world, after rigorous testing our software is currently the best one out there.
Security is of course an important aspects for all types of financial services apps. Especially given the increased activity in Fintech developments I can see the potential. Where does your software differ from others and how difficult is it to copy what you do?
The advantage we have is that our software is built on a very robust, stable and reliable core which matured over 14 years. We have a learning path others can only be envious of. As ProGuard is part of the Android SDK we have millions of users who do the craziest things with the software and deliver us reports or ask for help. We have tested and adapted the core over and over again and have collected and learned from an enormous amount bug reports throughout those years. This is something which is very difficult to copy. You cannot just catch up with that. There are a number of competitors who try to catch up but it is difficult for them to reach that same level of maturity in a much shorter timeframe.
What is your business model?
Our software used to be quite simple and straightforward. Our free product ProGuard is well-known in the developers community and can cover a number of basic needs. For more advanced features people could buy DexGuard by simply downloading it from the website. Last year Wim Witvrouw and Jurgen Ingels came on board and decided to invest in our company and together with them we are rethinking our business model. Whereas before we focussed on quite knowledgeable smaller developers, now we will additionally target managers in larger organisations who understand the need for security but do not have the know-how themselves. We noticed for example that we received a lot of setup and support questions from large banks. So the goal is to introduce a subscription model for these clients which would include extra services like support, code reviews, training, audits etc. Our next step is to move beyond the product itself to offer more services and to target managers in larger organisations through direct sales and international resellers.
You mention Wim Witvrouw and Jurgen Ingels recently joined the company. How did this happen and how do you see the future together?
Eric and me have always been focussed on our product. We are hardcore programmers and we have very little experience with the business side. As we became more visible as a company we faced quite some challenges we did not really know how to react to. Things like patents, at a certain moment another company tried to acquire us and at these moments Wim, who we know a long time already, always helped us out. As he saw our client base grow and become more international he and Jurgen stepped in to help us professionalize our business. They see the potential and will help us to professionalize as an organisation. They mainly help us out on legal, commercial and business model aspects. The next step is to focus on the sales side and grow our client base beyond the 500 clients we currently have.
Heidi, you are not only a successful entrepreneur and software developer but also a retired judoka and former Olympic medallist. Are there similarities between both?
At the core there is always the passion for what you do. I have this both for sports as for software development. It is the passion that makes sure you persevere when it gets difficult and need to take some risks. I truly believe this passion is crucial.