Question: What do you get when you cross a couple of transactional platform
aficionados from middleware messaging giant Tibco Software with compliance
Answer: Mathon Systems, a provider of information risk management appliances
that combat the legal vultures that circle around companies, looking to
serve subpoenas and nail corporations whose data isn’t preserved and readily
Mathon was formed by Tibco Software co-founder and CTO John Mathon and
former Tibco executive Angus MacDonald. The company took its Integral
information risk-assessment appliance to market in July and is
trolling for customers and partners.
Most recently, the startup partnered with Google, a sign that Mathon is
being taken very seriously by vendors in the market looking to pinpoint the
who, what, when, where and how behind data.
MacDonald discussed the making of Mathon in a recent interview with
Q: Describe the genesis of Mathon Systems.
We’d done a lot of work at Tibco with transactional data, such as helping
FedEx track their packages. But it was clear to us there’s an enormous
opportunity around less structured data, such as documents, spreadsheets and
e-mail, because the same level of discipline and control doesn’t exist for
We began discussions with financial institutions about
the business problems that were driving them. What emerged was a clear
picture around a combination of litigation, regulatory compliance and
information security. Solving these problems required a clear understanding
of what information you had and how it was being utilized.
In order to have that clarity, you had to understand the information. You
had to have the metadata. If you don’t have the metadata, you have to create
the metadata, which means you had to be there when the documents were
In order to be fast enough, you have to be there with the file
system. The volumes are large, it’s highly distributed, which is exactly
what a trading floor is. So we built Integral.
Q: What is Integral and what does it do?
Integral is an appliance. We plug it into a network and it intermediates
between the user and the file system. In particular, we are sitting in front
The first thing we do is we create an audit trail of all the business
activities that are occurring. “John Smith” opened the file, modified the
file, saved the file. Because we’re there when it happens, we can answer
with absolute certainty exactly what John Smith did.
The next thing we do
is classify the information and the files. We can classify them as
systematic metadata, which says it really was John Smith or somebody logged
on as John Smith from this IP address.
The second class we capture is
automatic metadata, which is information we can derive based on where the
file is in the file system.
We can also look inside the file; we do a full-text index of the files as
they come through and use that to drive metadata. This includes key phrases
and references to types of data structures. We also allow customers to
version the files, which turns out to be very valuable. We then use
classification to drive controls.
We do retention periods, security, and so
on. We identify files with a cryptographic hash code, so if the file
appeared anywhere else, it also inherits the same metadata and same controls
Q: Why the appliance approach for something that you might be able to do
with software? Aren’t people trying to reduce the clutter in their datacenters?
We sell this as an appliance in order to make it as simple as possible for
our customers to adopt. Plug and play. You should be able to have your team
leave the office on Friday afternoon with their files looking as they do and
their data structure as it exists, deploy Integral over the weekend, and
then on Monday morning when people turn up, it looks exactly the same and
there is no perceptible difference to the end user. It should be invisible.
The software from other vendors tends to be invasive.
Q: What vendors do you compete with?
Mostly, we compete with lawyers. Because the value of Mathon is driven by
risk and cost. The risk associated with, for example, failing to find a
document that you may have been subpoenaed to find because it was deleted by
accident. That’s a reputation and governance concern for the corporation.
The cost side is also compelling.
Say you want to produce all the files that
John Smith touched in the first week of February of last year that are
related to an account. Doing that today is a very expensive process, because
you have to throw a very broad net. You don’t know which fields John Smith
touched and when he touched him. With Mathon you do. That has a dramatic
impact on the cost of satisfying e-discovery requests.
Q: Okay, so who are some of the vendors out there that also compete with the
lawyers that you compete with?
The other vendors we run into but are not necessarily competing with are
EMC, Attenex, Zantaz, which help with the e-discovery process. They look at
us as allies. We’ll either help reduce the amount of information they have
to process to help their customer, or act as a safe place to put data while
an Attenex works on it. So, we are part of the e-discovery space, but are
complementary to the existing vendors.
Q: Speaking of complementary, Mathon has joined the Google Enterprise
Professional program to integrate Integral with the Google Search Appliance.
What does that entail?
Google supplies the index of the words for files. We bring in the metadata
so that, through the Google interface, you are able to leverage the metadata
You can look for the file that contains the following words
that were created by John Smith in this timeframe, or modified by John Smith
in this timeframe. You can do a refined view, so instead of returning 15,000
documents, it will return a handful of documents you want to look at.
Q: What plans do you have to augment Integral, or augment the business?
Integral addresses the storage file systems. We will extend out to the
desktop. So just as we had an alliance with Google in the search field,
we’ll be extending out towards the desktop as well with partners.
The next logical place is extending towards e-mail. Ultimately what you want to do is have a global audit trail, so no matter where a file is, you can know where it is, who’s touched it and how many copies there are.
Then you want to
have the metadata to describe all of this information, so it gives you
insight to a business process, and then you want to be able to enforce controls
on the information consistently.
So, if you produce board minutes and you
discover erroneous information in them, you can track those files down in a
moment, no matter where they are in an organization.