Columbus, Ohio, doesn’t come immediately to mind as a center of high-tech excellence. But thanks to a thriving new experiment in corporate collaboration, the Buckeye State capital is now beginning to turn some heads in tech — in the increasingly challenging area of information security, no less.

The Columbus Collaboratory was formed three years ago as a for-profit company aimed at developing advanced analytics and cybersecurity technologies and sharing cybercrime-battling best practices among its seven founding members. Each of those firms — American Electric Power Co., Battelle Memorial Institute, Cardinal Health Inc., Huntington Bancshares Inc., L Brands Inc., Nationwide Corp. and OhioHealth Corp. — has pledged $4 million over a four-year period to fund the effort. The state of Ohio kicked in $5 million more, giving the company a cash horde that nearly any Silicon Valley startup would covet.

With that funding, the Collaboratory has hired 33 people, including a veteran executive team, delivered a suite of intelligence products and developed a collaboration model that is investing in technologies and training that its individual members would be hard-pressed to fund on their own.

The innovative effort could provide a model for how to do cybersecurity better. That’s an acute need at a time when attacks such as the recent WannaCry ransomware incident are multiplying in number and severity, with no relief in sight.

The Collaboratory is an Information Sharing and Analysis Organization, or ISAO, one of about 30 that formed with the urging of the U.S. Department of Homeland Security beginning in 2015. But whereas most other ISAOs are basically informal working groups, the Collaboratory has taken the unusual additional steps of raising money, enlisting paying members and seeking profits.

Its board consists of the head information technology executives of the participating companies. “All seven members are equal equity owners as well as our primary customers,” said Jeff Schmidt, vice president and chief cybersecurity innovator. “We exist to serve those seven members.”

One of the outcomes has been the Collaborative Security Bundle, a subscription-based security package based on analytics and expertise provided by the member companies. Last summer, the organization published CognizeR a library for the R statistical programming language that makes it possible for developers to access IBM Corp.’s Watson Developer Cloud using native code. While not directly security-related, CognizeR was a byproduct of the organization’s analytics work.

Hello, Columbus

Columbus is, in many ways, an ideal petri dish for an experiment in technology collaboration. With more than 850,000 people, the city is big enough to support major businesses and academic institutions, including Ohio State University. Its economy is diverse, encompassing education, government, financial services, energy and health care, among other sectors.

It’s also home to five Fortune 500 corporations and the Columbus Partnership, a collaboration of more than 60 of the city’s largest businesses and institutions that has earned praise for its success in attracting businesses and jobs to the area. “Columbus is big enough to have scale and small enough to do something with it,” said Alex Fischer, president and chief executive of the partnership, in a 2014 interview with The Atlantic.

The Collaboratory is cast in the same mold as the Partnership. “The objective is to provide immediate value to the companies as well as put Columbus on the map as a destination for cool data security technology and people,” Schmidt said. “It’s very much a greater-good sort of mentality.”

The company is tackling a paradox that has vexed the cybersecurity world for years. Despite all their griping about threats and risks, businesses are notoriously reluctant to pool resources to fight them. Fears range from intellectual property theft to poaching to airing dirty security laundry in public.

The Collaboratory’s approach begins with choosing member companies that don’t compete with each other and that see value in sharing intelligence. “These companies wanted to work together,” Schmidt said. Regular calls are set up between members with similar job functions to discuss topics ranging from how to respond to ransomware attacks to communication strategies for customers and suppliers. “There’s a lot of rich non-technical communication that spans verticals,” Schmidt said.

Members have pooled technical libraries and even share people through a 20-month program that has young cybersecurity professionals rotating through the security departments of the seven member organizations. Last month it allied with TruSTAR Technology LLC, a software-as-a-service platform that enables anonymous cyberincident-sharing.

“Starting with the fundamental human-to-human relationship is very important,” Schmidt said. “TruSTAR is a sharing mechanism that effectively supports the trusted relationships we’ve created.”

The formal Columbus Collaboratory experiment still has a year to run, but all signs point to the effort continuing well into the future. One key to its success has been the group’s ability to pull off ambitious projects — such as integrating Watson into call-center operations improve agent efficiency – that member organizations probably wouldn’t tackle on their own.

Then there’s the unanimous commitment members’ chief information officers have made to govern the group at the board level. “We haven’t seen another regional information-sharing organizations with this kind of horsepower from the tops of these companies,” Schmidt said.

All that could just put Columbus on the cybersecurity map.

Image: Freeimages.com