Joakim Thorén, Versasec: “you need to properly increase the security level for each part of the company”

Date: 2022-05-10
Author: Cybernews Team

Previous << Version 6 3 FIDO Video Demo

Global unrest is a convenient time for cyber felons, yet a difficult one for enterprises. As the attack surface increases, the need to protect business infrastructure arises.

Companies are experiencing various cyberattacks, such as password compromise, fraud, ransomware, data breaches, and other threats. It becomes a matter of time when you’re going to experience financial loss or reputational damage.

While getting a Virtual Private Network (VPN) or other traditional cybersecurity solutions can help, they’re typically not enough as the whole organization needs to be protected.

That’s why we invited Joakim Thorén, the CEO and Founder of Versasec – a company that offers highly secure identity and access management products. Thorén shared his views about successful cybersecurity procedures for enterprises.

How did Versasec originate? What would you consider the biggest milestones throughout the years?

Versasec was founded 15 years ago in Stockholm, Sweden. Our mission from the start has been to help organizations manage their digital identities effectively.

The Versasec founders have a solid background in Public Key Infrastructure (PKI) and credential management projects before starting Versasec. PKI projects used to be large, complex, and costly. The Versasec founders saw a need for a product to enable small and mid-size organizations to achieve the same high level of security with PKI-enabled hardware devices without the cost and complexity.

The goal has always been to deliver a Credential Management Solution that is scalable. The vSEC:CMS was developed for the small to the mid-size business tier. Larger businesses noticed the simplicity of deploying credentials using vSEC:CMS and all verticals adopted our product. From small companies with ten employees to companies with hundreds of thousands. Since then, vSEC:CMS has grown to manage FIDO2 and supports the largest list of PKI authenticators.

Can you introduce us to what you do?

Versasec’s award-winning product is vSEC:CMS, a credential management software enabling companies to easily manage digital identities with a wide variety of integrations. It was built to sustain a PKI, so it integrates with key functions, such as Certificate Authorities and HSM’s. With vSEC:CMS, our customers can leverage a world-class PKI without the cost, technical expertise, or having to deploy to their entire organization. With cyber threats on the rise, companies are paying more attention to their defense strategy. Multi-factor authentication and zero trust are key topics in our industry today, raising awareness about the importance of high-level security. Not all authentication methods are created equal. OTP, username-and-password, among others, are legacy systems that do not use PKI and are under attack. And they have been broken by cybercriminals multiple times over.

PKI uses asymmetric cryptography that makes the highest level of authentication and cryptographic operations possible. Managing PKI credentials across an organization with multiple users, users with different access requirements, and integrations already in use by the company can be cumbersome and complex. A simple platform is essential to manage all these different user permissions and integrations, and that is where we come in.

What are the most common ways threat actors use in an attempt to bypass various identity verification measures?

Threat actors easily attack passwords. Multi-factor is also not immune when the technology is weak, for example, intercepting communications or Man-in-the-Middle attacks for stronger MFA. However, for a well set up and managed PKI, there are so far no effective attack vectors for the actual authentication process. Threat actors will therefore look for other weaknesses in the IT system.

How do you think the recent global events affected the cybersecurity landscape?

Times of crisis heighten criminal activity, as with cybersecurity we saw many companies being victims of cyberattacks around the globe. Decision-makers took notice and placed their organizations’ cybersecurity as a priority, starting to place higher security measures in place.

Read the entire article on Cybernews here.

Versasec Support

Versasec customers with an existing support and maintenance contract can access the Versasec Support Portal, offering extensive professional support and maintenance services. The Versasec Support Portal offers a variety of services, allowing for customers and any site visitor to communicate directly with support engineers.

Support

Company Blog

Our blog addresses the latest security trends and stories. The posts discuss how identity and access management are playing a larger role in keeping corporate data safe as well as brand reputations intact. To learn more, bookmark our blog![more]