Article posted: Dec 11, 2017
Q&A with Jeff Ciraulo, President, Envoy Data Corporation
We're pleased to offer a fourth installation of our quarterly partner blog series. We recently spoke with Jeff Ciraulo, Envoy Data Corporation's President, and he provided valuable insights on the two-factor authentication market and discussed why cloud services will need strong two-factor identification.
1. Where does Envoy Data see the strongest growth in two-factor authentication over the next two years? Please discuss in terms of regions, verticals and size of customer organizations.
We strongly believe authentication growth will come from small and medium-sized U.S. businesses that want to deploy better security. We're already seeing an uptick in authentication from the healthcare and financial services industry. The healthcare industry is evaluating two-factor authentication to better meet HIPAA compliance, which include audits that check to make sure healthcare organizations are changing their passwords and providing appropriate password complexity every 90 days. The biggest need for strong authentication tools may come from hosted cloud providers, managed service providers and managed security service providers which provide customer relationship management (CRM) and ERP applications within their clouds. And lastly, NIST's new requirements are mandating two-factor authentication for any government contractor, which is causing a resurgence in PKI-based two-factor security applications.
2. What's the main reason that more and more organizations are choosing to deploy IAM solutions?
Mobility is a key factor, as workers are geographically dispersed and need 24/7 access to corporate data. With more applications in the cloud, companies require stricter access rules, better protection and full accountability of employees and contractors accessing corporate data. Organizations want to control access to sensitive information and have the ability to revoke credentials immediately when employees leave or are terminated. Identity and access management solutions provide good protection and flexibility for organizations to accomplish these goals.
3. Ideally, how would you like to see the user presence part of multifactor authentication handled? Can we replace the PIN codes with something as secure and yet cost efficient?
We are seeing more virtual smart card deployments and biometrics, which effectively replace pin codes while still adhering to two-factor authentication. We also believe challenger response questions are a better method than pure pin codes as the user must know the answer to the question to unlock the application or gain access. However, digital certificates are still tied to pins and having a digital certificate on a phone makes it a lot more secure. Pins tied to digital certificate are easy to implement and follow two-factor protocol.
4. What do you believe is the biggest selling point of an IAM system built with vSEC:CMS? -Does ease of use, deployment and high level of security play a big role?
vSEC:CMS is very easy to use, deploy and offers stellar security. We have worked with Versasec for 5 years and have installed almost every single CMS available in the market, and Versasec's vSEC:CMS is the easiest to deploy. We can deploy any vSEC:CMS in hours, not days. Versasec offers excellent support, and we can easily train IT managers on vSEC:CMS within a day. In addition, Versasec works with the most PKIs and different hardware tokens in the industry.
5. What is your view of On-premises SW compared to Cloud Services when it comes to PKI related enterprise and government services?
It's well documented that there's a security IT worker shortage, which is only growing. So, when you train an IT security manager on PKI, that person will likely leave after a year or two, and another security IT manager will have to get up-to-speed on the system. If organizations deploy a managed cloud solution, IT security professionals do not have to keep the CMS up-to-date. More companies are moving to managed cloud for ease of deployment, support and cost effectiveness.
6. And how do you see the PKI security evolving?
PKI is becoming a critical resource for IT managers. IT departments are beginning to use it for a lot more than doing secure email or advanced encryption. With billions of IoT devices coming to market, PKI can easily help secure devices - machine to machine, app to app or server to server. It will be important to help IT managers and CISOs understand the benefits of PKI and PKI-based security deployments.