Date: 2023-04-14
Author: Anders Adolfsson, Global Product Manager

With smart card management systems, businesses and enterprises can manage their smart cards in a centralized manner. Among them, card issuance, revocation, and data management. Printers allow organizations to quickly personalize smart cards with user information, such as name, photo, barcodes, and other personal details.

Versasec’s integrations

Additionally, Versasec facilitates large deployments allowing businesses to take advantage of the integrations available through Versasec. One of the unique advantages Versasec offers for printer integrations is batch smart card processing: batch issuance and batch revocation. With this feature, businesses can perform audits and revoke in a way that will save time, resources, eliminate repetitive tasks and human error. Watch a quick demo on Versasec batch issuance and revocation.

For larger deployments, Versasec offers issuing stations where one management console can perform batch smart card printing on several smart card printers in parallel. Learn more here.

Matica EDIsecure printers with version 6.7 release

“I am very happy to announce that vSEC:CMS now can make use of the Matica EDIsecure card printer to batch process credential management tasks such as smart card issuance with printing. The much-awaited integration opens up new and exciting opportunities for us, our partners and customers,” said Joakim Thoren, founder and CEO of Versasec.

“Besides the functionality of printing graphics to smart cards they act as a great tool for large deployments – when there is a need to manage large quantities at once. With the use of our issuing stations which makes use of several printers in parallel we can increase the bandwidth to batch process huge volumes of smart card complete with Certificates, PIN policies, physical access configuration, and more.”

Upgrade your security

Incorporating Versasec into your business or organization can greatly enhance security and efficiency. Contact Versasec today to learn more about how we can help you manage your smart cards with purpose and efficiency.

Date: 2023-04-06
Author: Yvonne Moebius, Versasec Human Resources

Faris currently resides in Cyberjaya, Malaysia, the Silicon Valley of Malaysia. In particular, he enjoys the multicultural environment there. He is glad to meet people from various countries such as Egypt, Nigeria, Pakistan, and India. What’s more, he loves the fact that there is no traffic congestion in the area, making it easy to walk or drive to work.

Our new hire is particularly drawn to Versasec for its international platform, diverse team of professionals, and global perspective. Working at Versasec he’s motivated by the challenges he sees in the region.

“As the technology landscape evolves in Southeast Asia, we are witnessing a shift away from traditional hardware tokens. However, it’s important to note that strong security measures don’t have to be compromised as a result of this shift. One promising solution lies in the use of virtual credentials based on Trusted Platform Module (TPM) technology. Both Windows Hello for Business (WHfB) and Versasec Virtual Credentials offer easily accessible options for those seeking this type of secure authentication.

To fully leverage these solutions, however, it’s crucial that we continue to educate the market on the benefits of virtual credentials and TPM technology. By doing so, we can help organizations better understand the value of these solutions and how they can be integrated into their existing security strategies.”

From PKI Specialist to Technical Consultant

In his new role, Faris will be leading our Asia Pacific Region team as Technical Consultant, alongside Paul Rajkumar, Business Development Engineer. Paul states, “we are thrilled to welcome Faris to the Versasec family. His extensive experience in Certificate Authorities brings valuable expertise. Faris will play a key role in determining customer requirements and assisting them to set up and adopt the best PKI solutions. We look forward to working with him to provide our customers with exceptional service.”

Exploring Asia with Family: Faris’ Passion for Travel and Culture

Outside of work, Faris enjoys traveling with his family around Asia. Discovering the energy and rich culture of places like Bali in Indonesia and Thailand. They recently took a trip to Japan, to explore Osaka, Kyoto, and Nara. Experiencing snow was one highlight, which contrasted with Malaysia’s proximity to the equator. In Malaysia, temperatures range from 16 to 24 degrees Celsius throughout the year.

Last but not least, we are excited to have Faris. And, are confident that he will play a key role in driving our organization to even greater success. Faris believes, “One will not grow without facing challenges. A challenge can define your path in life and in business.” Let’s give him a warm welcome to the team!

Date: 2022-05-10
Author: Cybernews Team

Companies are experiencing various cyberattacks, such as password compromise, fraud, ransomware, data breaches, and other threats. It becomes a matter of time when you’re going to experience financial loss or reputational damage.

While getting a Virtual Private Network (VPN) or other traditional cybersecurity solutions can help, they’re typically not enough as the whole organization needs to be protected.

That’s why we invited Joakim Thorén, the CEO and Founder of Versasec – a company that offers highly secure identity and access management products. Thorén shared his views about successful cybersecurity procedures for enterprises.

How did Versasec originate? What would you consider the biggest milestones throughout the years?

Versasec was founded 15 years ago in Stockholm, Sweden. Our mission from the start has been to help organizations manage their digital identities effectively.

The Versasec founders have a solid background in Public Key Infrastructure (PKI) and credential management projects before starting Versasec. PKI projects used to be large, complex, and costly. The Versasec founders saw a need for a product to enable small and mid-size organizations to achieve the same high level of security with PKI-enabled hardware devices without the cost and complexity.

The goal has always been to deliver a Credential Management Solution that is scalable. The vSEC:CMS was developed for the small to the mid-size business tier. Larger businesses noticed the simplicity of deploying credentials using vSEC:CMS and all verticals adopted our product. From small companies with ten employees to companies with hundreds of thousands. Since then, vSEC:CMS has grown to manage FIDO2 and supports the largest list of PKI authenticators.

Can you introduce us to what you do?

Versasec’s award-winning product is vSEC:CMS, a credential management software enabling companies to easily manage digital identities with a wide variety of integrations. It was built to sustain a PKI, so it integrates with key functions, such as Certificate Authorities and HSM’s. With vSEC:CMS, our customers can leverage a world-class PKI without the cost, technical expertise, or having to deploy to their entire organization. With cyber threats on the rise, companies are paying more attention to their defense strategy. Multi-factor authentication and zero trust are key topics in our industry today, raising awareness about the importance of high-level security. Not all authentication methods are created equal. OTP, username-and-password, among others, are legacy systems that do not use PKI and are under attack. And they have been broken by cybercriminals multiple times over.

PKI uses asymmetric cryptography that makes the highest level of authentication and cryptographic operations possible. Managing PKI credentials across an organization with multiple users, users with different access requirements, and integrations already in use by the company can be cumbersome and complex. A simple platform is essential to manage all these different user permissions and integrations, and that is where we come in.

What are the most common ways threat actors use in an attempt to bypass various identity verification measures?

Threat actors easily attack passwords. Multi-factor is also not immune when the technology is weak, for example, intercepting communications or Man-in-the-Middle attacks for stronger MFA. However, for a well set up and managed PKI, there are so far no effective attack vectors for the actual authentication process. Threat actors will therefore look for other weaknesses in the IT system.

How do you think the recent global events affected the cybersecurity landscape?

Times of crisis heighten criminal activity, as with cybersecurity we saw many companies being victims of cyberattacks around the globe. Decision-makers took notice and placed their organizations’ cybersecurity as a priority, starting to place higher security measures in place.

Read the entire article on Cybernews here.

Date: 2022-04-13
Author: Anders Adolfsson, Product Manager

The attack vector is not applicable to vSEC:CMS as it is currently explained in the RCE proof of concept. Versasec does not use Spring in the development process and Tomcat is not a part of the vSEC:CMS Server infrastructure.

For more information or questions, contact us on chat.

Date: 2022-04-12
Author: Carolina Martinez, General Manager

Some of our favorite questions answered during the webinar:

• How does credential lifecycle management support the status of employees at a company?
• How does FIDO2 fit into supporting companies with an MFA strategy?
• How are PIV and FIDO2 phishing-resistant?
• How does FIDO2 integrate with Yubikey and vSEC:CMS 6.3?
• What are PIV use cases with Yubikey managed by vSEC:CMS?
• How does Yubico and Versasec help organizations get started with strong MFA?

For those who didn’t get a chance to watch the webinar, you can now watch it on YouTube. Thank you to everyone who joined the Webinar!

We hope you enjoy the conversation as much as we did! Let us know if you have any questions in general or specific on how to begin evaluating vSEC:CMS version 6.3 over at your organization! We have teams around the world ready to walk you through an evaluation process for your organization! We’d love to hear from you, contact us today!

Date: 2022-04-11
Author: Anders Adolfsson, Intergalactic Product Manager

The new version expands Versasec’s integration with supported credentials by adding FIDO management capabilities. The FIDO Alliance purposed FIDO to enable high-level authentication for web based apps, cloud and SaaS. A FIDO credential can leverage the power of a credential management system, allowing management of the FIDO credentials with the existing PKI credential management flows.

We also bring a completely new user interface for an enhanced design and experience in the vSEC:CMS User application. A new intuitive layout to bring functionality and design together. Here are some screenshots of the new interface.

vSEC:CMS now allows administrators to generate a new system master key in HSM using the AES algorithm. Once a new master key is generated all vSEC:CMS registered credentials can be updated so their keys are derived from the new AES master key.

The new version also incorporates a variety of enhancements, updates and automated tasks, including the following:

• Integration with IdPs for enrolling FIDO credentials on behalf of users, fully integrated with Gluu IdP.
• New vSEC:CMS User application with enhanced design and user experience.
• vSEC:CMS can now generate AES master keys in HSM’s.
• External permission validation is now also available for LDAP directories.
• Updates to the PIN management of Thales eTokens.
• Improvements to the DB restoring process.
• Introducing performance tracking to identify environment bottlenecks.
• Support for device certificates for Sectigo certificate authority.
• Managed credentials PUC are now updated as part of the new master key generation process.

In the coming weeks, we will provide video demos and blogs for version 6.3 key features, step-by-step instructions on functionality. Download your evaluation copy today. You can find the full press release about the news here.

Date: 2022-03-31
Author: Gabriela Peralta, Marketing and Public Relations Coordinator

For many companies and organizations, there are those behind the scenes saving our data while we work away. For startups and small businesses, there might be one person in charge of IT, if there is someone. The fact that World Backup Day exists is a testament that most of us, non-techies, are mostly unaware of the risks and threats that lie outside our firewalls and authentication methods. Working at a cybersecurity company, however, most of our employees are aware and appreciate those who are in charge of the backup infrastructure in place.

Something I’ve learnt since being at our company is that cloud file storage is not a backup in itself for organizations, as it can be for individuals. There exist backup companies that offer data storage that can be used for storing a redundant copy of cloud files. For individuals, however, who store their files on their local drive, they can use cloud storage to save their important files should something happen to their devices. Something else I’ve learnt is data backup environments must be tested to prove data can be restored successfully.

We want to honor world backup day and create awareness for something so simple yet essential in our lives. Let’s make an inventory of the essential items we own digitally. It could be our resume, nobody likes rewriting those if they’re lost, pictures of family members, travel photographs, music collections, maybe even a memoir or journal entry, you might have a copy of your ID/driver’s license and passport too.

There are many different ways our digital information could be lost forever, if not backed up. We can damage our devices accidentally with liquid spills, become victims of physical/virtual thieves or a computer virus.

If you are an IT professional or owner of a small business, you should have more urgency to the matter. Our fearless IT Leader here at Versasec reminds us: “Backup is crucial as losing data can bring your business to a halt. Also backups are important as a mitigation to ransomware. You can then recover your ransomed content from backup and recover from the attack.“

So, I ask you, is your information backed up? And more importantly, how secure is your backup?

Backup is important for every area of a business.
Here are a few Versasec superstars sharing how backup is relevant to their work area.

“With all cloud based services hosting and running our data and applications, backups are critical, or functions, like our accounting, payments could stop working in case of a loss in a vendor’s databases.”

“It’s industry standard to have a backup and a redundant backup. I do this on all of my personal data and important work data. I like to hold a backup in the cloud and a backup locally on an external SSD. Backups help prevent losing all work and are crucial for normal business to continue when life inevitably happens.”

“There are many company key documents that we need to keep, as well as company history. It would be chaos if some of them wouldn’t be available. That said, we live in a modern era where most of the information is online. Working in the cybersecurity sector we look at companies that will store our data with a critical eye.”

“It is a plan B provision should you risk all your data stored at your work laptop, cloud drive is an awesome option for work files backup.”

Make a plan!
If you have thought of some items that you need to back up, try to get to it today or tomorrow, while it’s fresh in your mind. Make it practical and easy. If something is really complicated, you probably won’t use it nor be able to restore your data. Consider helping people around you, to help them as well backup their data!

If you’re a small business owner, or IT professional, you should probably get to it today, as soon as possible. Make sure you have two sets of backups, in different locations or types (redundant data). If you use a cloud service for your files, make sure you have a backup of these files as well. Finally, run a simulation and see if you can successfully recover your data from the backed up files.

Happy backup day!

Date: 2022-03-24
Author: Gabriela Peralta, Marketing and Public Relations Coordinator

What opportunities are you seeing in the MEA region when it comes to cybersecurity?
Many countries in the Middle East are going through digital transformation, moving away from paper processes, before the pandemic began. Egypt, for example, is implementing digital signature to serve commercial companies in replacing paper invoices. Every company would have to create a Public Key Infrastructure (PKI) certified digital signature from now on to issue invoices. The government has established public PKI providers and since the pandemic, they are offering services online to avoid long lines, crowds, and spreading of the COVID-19 virus. Digital transformation already brings benefits: automation of processes and the implementation of digital strategies.

It makes sense the pandemic has accelerated digital transformation. Are other countries in the region also modernizing digitally?
Yes, the whole region is adapting and accelerating their security infrastructure to position themselves and deliver value to their citizens, businesses and markets. Governments such as Morocco and Tunisia, are growing in the country’s security infrastructure with credential management systems and certificate based authentication. End users are also moving things forward, looking for services online. The digital service may be a bit more costly, but at the end of the day, the user realizes they didn’t spend their whole day for a small need. They received a quality service, digitally, without any risk of being exposed to COVID. Above all, the user is also secure through PKI and digital infrastructure. From a security perspective, in addition to the legally binding digital signature, governments have been adopting Multi-Factor Authentication (MFA) as a fundamental requirement for its organizations. This initiative is great as it demonstrates governments are prioritizing security as much as digital availability of services.

What about the challenges the region faces?
Public Key Infrastructure (PKI) may not be as quickly adaptable as MFA. PKI is a complex solution, and for many years the region’s emerging markets have lacked the knowledge on how to set it up, and many times also the resources for implementing it. These challenges are not new when it comes to PKI in many regions worldwide, but perhaps the MEA region is facing them behind other regions. Now we are seeing business and commercial impact across an entire country adopting the use of digital identities and as a result, communities learning together about the technology. From a usability perspective, this is great news. Sometimes you have great technology, and the resources to implement it, but the users are not willing to adopt it, it can be a deciding factor against its implementation.

Which industries are we seeing take the lead when it comes to adopting IAM infrastructure?
We have some verticals that are moving at fast speeds. For example, oil and gas, government, enterprise and financial sectors. They are more aggressive and demanding when it comes to Identity Access Management. These industries carry high stakes when it comes to security breaches, but also hold resources to implement PKI. In the financial sector, for example, banks are starting to adopt online customer services, mobile browsers and applications for user access to their accounts. In Egypt, specifically, banks are providing more services digitally everyday. The innovation can create initial gaps in the existing IT infrastructure and increase risks of phishing attacks, malware, and other attacks. Financial institutions are recognizing the need for PKI now more than ever and are adopting IAM as a necessity for securing online financial transactions.

How do you see Versasec being a leader in the sector of IAM?
The mission of Versasec in the Middle East and Africa region is to educate, enable and deliver. With vSEC:CMS, our goal is to empower organizations to successfully adopt IAM.

When we talk about security levels, Versasec offers a top of the line solution. There is no other solution that will provide the same level of security. You are safe with Versasec, implementing PKI and an IAM system. When everything is digitalized, everything must be digitally secured, and that’s where Versasec comes in. The solution is for both small and large size companies and organizations, and we’re happy to be here for the region.

Conclusion
There are many variables and innovators driving the MEA region into a digital and secure transformation. Versasec has been involved worldwide walking through different stages of PKI adoption. Based on our expertise and experience, we can see the challenges as opportunities as we continue to walk with technology leaders in the Middle East and Africa region.

To learn more about certificate based authentication, our credential management system, zero trust, PKI, MFA and how Versasec can help, please reach out for a conversation by clicking here.

About Kamel & Roshdi
Thank you Kamel and Roshdi for giving us a tour of IAM and PKI adoption in the Middle East Region. Kamel Elias is a Technical Consultant in Sales at Versasec. He is based out of Cairo, Egypt with Ahmed Roshdi, Business Development Manager in Business Development at Versasec. Both lead Versasec efforts in the Middle East and Africa region with a combined 26 years of experience in the Technology industry.

Date: 2022-03-16
Author: Gabriela Peralta, Marketing & Public Relations Coordinator

Most passwords we are asked to create today require a minimum 8 characters including at least one special character and one upper and lower case character. According to the Green Table, this would take a mere 2 minutes effort with today’s technology, welcome to 2022!

History of Passwords

Passwords have been around since the time of the Romans and were introduced to computers in 1961. With growing issues of cyber attacks, passwords evolved into username-passwords, secret questions-answers, one-time-passwords, and the list goes on. Today, an average person has to keep up with around 60-70 passwords. When we think about what these passwords are safe-keeping, too much is at stake for individuals and for organizations and companies, regardless of their size and revenue.

Passwords Have Failed Us

The reality we face is passwords are no longer optimal, nor user friendly. Passwords are easy to forget, capable of being hacked (as we just learnt), and cumbersome to use. How many of us, if we are honest, will change the passwords we own, that lie in the orange or red, far from the ideal green category? As our Americas General Manager, Carolina Martinez, stated in 2019, “Convenience has made us reckless with our security”. Passwords were never meant to protect us from the sophisticated organized hacking groups that exist today. So, where do we go from here?

A Passwordless Future

In our article Go Remote, we describe how multi-factor authentication (MFA) and virtual credentials can be incorporated with PKI to facilitate companies working remotely. Who knew after this article was published, the pandemic would push the world to become remote. Tokens are part of a solution we have stood behind and the reason Versasec exists, to solve the cyber security identity issue we face today. Even if you are not an IT professional, we encourage you to become familiar with this solution and learn about our products.

Joining our fight for secure authentication is the FIDO Alliance, making waves, developing and promoting authentication standards with industry drivers by providing a full range of authentication technologies. The combination of biometric security, PKI based hardware tokens, among others, are accelerating our digital world toward a passwordless future.

Next Steps

We encourage you to watch our summer video vlog series to learn more about MFA and PKI with our CEO Joakim Thorén, and how these technologies are already solving the password issue. Follow us on our social media platforms for recent news, and product updates: LinkedIn, Twitter and Facebook. Finally, reach out for a conversation to learn more about implementing PKI at your company!

Related Blogs

• Adios Passwords!
• Let’s talk about PKI myths and cybercrime truths
• WFH, The new Phishing Pond for Cybercriminals?

Date: 2022-03-08
Author: Joakim Thorén, Founder and CEO

We value our workforce, encourage team collaboration, cultivate a culture of appreciation, feedback and open questions. Being a global company, we face the challenge of being spread out geographically. Since the pandemic, many people can recognize what it means to be kilometers (or miles) apart. From inception, we’ve implemented the best tools to keep everyone on the same heartbeat. We lead biweekly staff meetings, weekly virtual informal coffee breaks, annual ideation sessions, and daily communication on chat.

For fun, we took a quick survey and found out in numbers exactly how great the women we work with really are, not that we had any doubts. Women at Versasec speak 13 languages, and have visited 86 different countries. They are passionate about life. When not at work, they are spending quality time with their family and friends, volunteering, gardening, Nordic walking, snowboarding, mountain biking, hiking, backpacking, kickboxing, street dancing, water skiing, wakeboarding, wave surfing, kayaking, paddle boarding, scuba diving, horseback riding, balloon riding, and even getting a little carried away at karaoke.

I’m proud of the team we’ve built. They are individuals who can make decisions, are curious, eager to learn, and deliver well. Our company has achieved great things together and I’m very proud of each and every person. A special mention goes to Anna Söderholm, investment manager at our largest external shareholder, ALMI Invest. We value her strong leadership, influence and relationship with our organization.

Thank you women around the world for breaking stereotypes, aiming higher, and pursuing your dreams. You are positively impacting our society every day! Happy International Women’s Day!

Connect with us on LinkedIn, follow us on Facebook, Twitter, and check out our job openings!