Article posted: Jul 17, 2017
Q&A with Richard Brown, Cogito Managing Director
We're pleased to offer a third installation of our quarterly partner blog series. We recently spoke with Richard Brown, Cogito's Managing Director, and he provided valuable insights on the two-factor authentication market and discussed why Cogito's Jellyfish is gaining in popularity.
1. Where does Cogito see the strongest growth in two-factor authentication over the next two years? Please discuss in terms of regions, verticals and size of customer organizations.
Two factor authentication remains one of the most effective methods an organization can use to prevent cyber-intruders from gaining access to data. As people are become more aware of the importance of data security and privacy, we're seeing it being rolled out in consumer-facing organizations like Facebook, Google and Salesforce. As they, and organizations like them, continue to roll out online services, we will continue to witness new two-factor authentications. I think it will be a global phenomenon across regions and not be dictated by size of an organization. For example, large corporations are using it improve access to their corporate internal network, follow-me print, Wi-Fi, etc. With the advent of virtual smart cards, we're now seeing large numbers of small organizations able to leverage the benefits of strong two-factor authentication. Two factor authentication assists governments, consumers and organizations of all sizes to address the complex issues around data privacy, security and control. We are already witnessing strong growth in take-up and believe this will continue in the short- to medium- term.
2. What's the main reason that more and more organizations are choosing Jellyfish instead of other solutions?
Jellyfish has been developed to solve the problems that we see customers have with managing and protecting data. Increasingly we are seeing workers that are mobile; applications are in the 'cloud' and access to networks through a much broader range of devices. We also need to access this data in more sophisticated ways. Many organizations however, still rely heavily in what we refer to as 'legacy' systems. Often these critical systems were never designed to integrate with other systems and applications. Security tools that don't talk to one another can create huge security gaps. A lot of organizations apply the Band-Aid solution of writing adhoc custom code that partially addresses these issues, but this is costly to maintain and manage. Jellyfish has been designed to tackle all these issues through integrating disparate systems and can actually make the whole more than the sum of its parts.
3. Ideally, how would you like to see the user presence part of multifactor authentication handled? Can we replace the PIN codes with something as secure and yet cost efficient?
When it is all said and done – the best and effective security must ensure strong authentication. Verasec CMS strengthens the MFA. There has been a lot of discussion around BYOD and users enabling the smartcard as the second factor. This could offer additional benefits. For example, most smartphones have remote wipe function, so if someone loses their phone. a remote wipe can be performed to ensure no one else could use it. Within Jellyfish we integrate both the Mobile Device Management (MDM) capability and the ability to remove the credentials from the phone. Another example of BYOD is the TPM chips embedded in most modem computers. Again, these are able to be deployed as a virtual smartcard and work like a physical smartcard. Versasec and Jellyfish work with TPMs.
4. What do you believe is the biggest selling point of an IAM system built of vSEC:CMS and Cogito Jellyfish? Does ease of use and high level of security play a big role?
The vSEC:CMS provides a very secure base of strong authentication. Connecting vSEC:CMS into Cogito's Jellyfish adds further security capability, overall making it a very strong offering. Jellyfish integrates easily into vSEC:CMS because it is an innovative and cost-effective solution that allows organizations to deploy and manage secure authentication devices. Organizations can make better access control decisions and be aware of more vulnerabilities due to this integrated interface. One such use is identity brokerage. There are a number of business drivers pushing the adoption of identity brokerage, this includes the cost to manage credentials, difficulties in complying with regulations and the interoperability complexities associated with supporting multiple identity protocols. Organizations need only establish one connection that allows the authentication of third parties rather than a complex web of connections. Efficiencies are gained in that each organization only needs to integrate with the identity broker once to be able to accept many types of credentials, with rules assigned regarding what can be accessed.
5. What is your view of on-premises SW compared to Cloud Services when it comes to PKI-related enterprise and government services?
Authentication as a Service can provide security, availability and reliability and be more cost effective but it needs to be done right. Building and managing a PKI is highly complex. If you are looking to outsource it as a Service, I would encourage organizations to seek niche providers that can illustrate capability and experience. The as a service model Cogito offers allows us to deliver constant innovation to our clients as we can adopt new technologies faster, with no waiting for an upgrade cycle. It lowers the configuration and change management burden on organizations and importantly does not lock them into a vendor. If we don't do our job probably it is simple to transition to a new provider.
6. And how do you see the PKI security evolving?
We see PKI security evolving, particularly more towards an as a Service offering. We expect more organizations to look to this service in the cloud. This in turn will drive better outcomes. Demand for PKI and authentication is driven by data breaches and compromised files. Unfortunately, we hear news of more organizations getting compromised every day. In the past, it has seemed that we've always had to sacrifice usability for enhanced security. However, PKI security is evolving, and we're witnessing greater flexibility, penetration, and functionality. Authentication is becoming more seamless to end users. There are better keys, better ways of doing things and this is enhancing both the security and usability.