This interview with Me4Sure co-founder John Brandli is part of our series on Emerging Technologies.
CSRA collaborates with technology companies offering next-generation solutions to help bring tomorrow’s innovation to our federal customers, today. Our Emerging Technology Days connect these companies with CSRA program managers and our customers to foster relationships and brainstorm innovative ways solve customer challenges.
Me4Sure, Inc will be at our next Emerging Tech Day. Me4Sure delivers security and enterprise solutions focusing on authentication and access control, laptop and desktop security, data storage, and SSO. With M4S’ unique multifactor authentication architecture and strong encryption, enterprises can be assured that only authorized users gain access to protected applications, sensitive and/or regulated data.
The Thinking Next blog asked Me4Sure co-founder John Brandli to elaborate on identity assurance and related challenges facing federal agencies. Here’s what he had to say:
Thinking Next (TN): What is identity assurance and what role does it play in cybersecurity?
John Brandli (Brandli): Identity assurance is the ability for an organization to determine, with a high degree of certainty, that the authorized user attempting to access corporate assets is in fact that person and not someone masquerading as that person. So, it is paramount that organizations possess the technologies and methods to properly validate and authenticate that only authorized personnel access corporate assets.
TN: Why is identity assurance a challenge in the federal government today? What types of threats are government organizations facing that make identity assurance solutions necessary?
Brandli: Many of the recently reported security breaches in the federal government, and most notably the Snowden breach, occurred because people shared their logon credentials in violation of policy. Policy enforcement alone is not strong enough to assure that the person gaining access to sensitive information is really who they assert themselves to be. Implementing biometric methods of identity assurance, effectively eliminating the need for users to know and manage their passwords, provides strong levels of protection for access to sensitive networks and data.
The challenge is one of convenience. Strong security controls carry with them some inconveniences that decision makers seem unwilling to accept, even though the consequences have shown to be extremely expensive and damaging to the country’s security.
The complaint from users is the need to carry an additional security token—yet they all have ID badges. So, a solution that fits with their normal pattern of use can address the inconvenience issue.
Another challenge is the infrastructure costs associated with stronger identity assurance methods. The best solution, the Me4Sure solution, capitalizes on reuse of existing infrastructure so there is not a requirement for rip and replace.
TN: What are the ramifications of poor identity assurance across a federal agency or other government organization?
Brandli: As we have all seen, the number one ramification of poor identity assurance for any organization is the loss or unrepairable damage to critical and confidential data at the hands of a bad actor who has penetrated an environment with ease. Also, loss of reputation and trust in the eyes of the public is an issue. Breaches that involve personally identifiable information could have wide-reaching consequences. For example; once personal data is in the wild it is vulnerable to exploitation and exposes the owner of the personal data to identity theft.
TN: How do Me4Sure’s identity assurance and authentication solutions differ from others on the market?
Brandli: Me4Sure has an innovative approach that accommodates both the device-centric and the virtual view of the world. Me4Sure takes the viewpoint that people comprise the outer most perimeter of the enterprise, not the devices they use. Our approach calls for binding a secure, intelligent endpoint device—the M4S Personal Smart Key (PSK)—uniquely to each user and to the user object in a Directory Services Environment.
Unlike other approaches on the market, the Me4Sure (M4S) solution utilizes proprietary fingerprint biometric, cryptographic, and advanced embedded software technologies to deliver a multi-featured, multi-factor and “layered defense” to validate a user’s identity, to the level of non-repudiation, independent of the computing devices that an employee may use to perform his or her work.
TN: What is biometric and cryptographic security, and why is it a good solution for identity assurance in the federal government?
Brandli: M4S uses fingerprint biometrics that we have enhanced to make it more reliable, easier to use and harder to spoof than what you find on commonly used fingerprint technology—like you see on smartphones and laptops today. Our cryptography meets NIST Suite B requirements, which is the highest standard before one gets into classified encryption methods. We incorporate a unique method for running an application to application encrypted channel for exchange of data between our endpoint device (Personal Smart Key) and the heart of our system the Authentication Gateway. This method protects the transactions, such as the credential exchange and firmware updates for many common types of attacks like man in the middle replay and key logging.
Utilizing biometric, cryptographic, and software embedded technologies, the M4S solution provides non-repudiation strength of identification, which could have prevented many of the recent breaches that have occurred in the Federal Government and Commercial sectors
TN: Me4Sure is one of the IT solution providers participating in the next CSRA Emerging Tech Day. Why is Me4Sure participating in this event, and what benefit is the company looking to receive from participating?
Brandli: We believe that CSRA’s Emerging Tech Day will expose us and our technology to thought leaders from multiple federal organizations that we would otherwise not have the ability to reach. We have successfully demonstrated the strength and flexibility of our technology on two separate projects within the Intelligence Community. Emerging Tech Day will provide us with a platform to show off our success and capabilities.
We also think that CSRA leaders will see the valuable opportunity to include Me4Sure products in pursuit of additional revenue growth from their current, future federal and commercial customer engagements.
Learn more about CSRA’s Emerging Technology Days and join us for our next event on October 25, 2017, to hear more about Me4Sure.