When we talk about access control, we usually assume that we are discussing all of its aspects, including identification, authentication and authorization. This month, we are hitting some important high points that touch each of those. First, we look at biometrics, which has long been thought of as expensive and, perhaps, a bit too flaky for mass use. Oh, there was never any doubt that if you could have a low cost, accurate, easy-to-use biometric tool you could have solid authentication. But cost and other factors limited their use to very high-security applications.
Unfortunately, in today's paranoid, compliance-driven world, almost everything is high security. So biometrics has started to look like a pretty attractive authentication option. We still have to get past the cost and apply biometrics to masses of people.
Identity and access management is the next challenge. The simple question of “who are you?” is not quite so simple in an age of mobile devices and large networks with fuzzy perimeters. We've got a really nice product for you in this area. Operating in the cloud adds a level of ease of use that is a big deal in the types of applications we see today.
Finally, authorization took a hit when mobile devices – especially in an age of bring-your-own-device (BYOD) – started to take over. While not quite ubiquitous computing, these devices pose a special challenge. The organization needs to be able to control devices that access its data, but that do not belong to the organization. This is an authorization issue, but it also has elements of identification and authentication.
The usual approach to the problem has traditionally been network access control (NAC). That has worked fine with relatively static devices on the network. But with the BYOD challenge, new wrinkles need to be added to make everything work smoothly and safely. Our Innovator this year has a good handle on the problem and is both creative and effective. The results certainly get the job done.
So, on with the show. Here are our first Innovators for 2012:
What about the process of getting a visitor's badge every time you go to visit a company? Or, if you are an employee at a large facility that requires an ID card swipe every time you go in or out? This authentication would do the trick nicely.
Some of our innovators focus on creative technology and some on innovative go-to-market strategy. EyeLock is the whole package. The solutions to problems that it believes can be solved with its sophisticated biometric technology are developed in close cooperation with customers, academics and industry. Because the basic premise of replacing the swipe card with biometrics was a bit of a big bite for the market to swallow, the company set about to bring the price way down and the accuracy way up.
The key to the success of this company's products is scalability. The EyeLock tools are not intended for one-off applications residing only in high security areas. The scanners can analyze up to 20 people per minute for an average pass-through time of a little over two seconds, more than competitive with the card-swipe systems they replace.
We liked this company both for its innovation and for its vision. Sometimes, it seems as if products such as these are solutions looking for a problem. However, EyeLock's technology shows the promise of revolutionizing how biometrics can be used – and this is no small feat, indeed.
AT A GLANCE
Flagship product: EyeSwipe-Nano TS
Innovation: In-motion and at-a-distance iris authentication technology.
Greatest strength: Creative solution to several difficult problems in biometrics.
This has been our year for very cool biometric products. While “cool” is not our primary criterion, we must admit that, at least in the biometric category, the cool factor is alive and well. We really had to do some research on this one because their claim of developing “behavioral biometrics” seemed a bit of a reach to us.
But this is a whole lot more than keystroke monitoring. This is the application of keystroke dynamics to a concept the company calls “continuous authentication.” First, the algorithms used by this Innovator take keystroke monitoring to a whole new level. Then the company applies this to a scheme of continuous monitoring using neural networks to accommodate small inconsistencies and refines a user profile. Over time – and not very much time, it turns out – the user profile is quite solid and the user can be authenticated throughout the session, rather than simply at login time.
BehavioSec needed to apply its technology to the market and that meant developing three powerful applications, each of which meets a real need. The Enterprise version is a full desktop implementation that combines all of the firm's extensive features in a single product. The Mobile version trims down the Enterprise model to address the specific needs of the mobile device market. And our favorite, the web version, allows continuous authentication over the web for such apps as online banking. This version alone could take a very big bite out of online bank fraud.
We found this to be a real poster company for innovation because BehavioSec has taken a core concept that has not been executed well and, through creative thinking and very good market understanding, built upon the concept. The result is keystroke dynamics done right and applied appropriately to very useful applications in the real world. BehavioSec has come up with an excellent technology that is not just a cool product looking for a problem to solve.
AT A GLANCE
Flagship product: BehavioWeb
Cost: Starts at $1 per user per year.
Innovation: Invented the concepts of “behavioral biometrics” and “continuous authentication.”Greatest strength: Vision and creativity.
Lighthouse Security had a history in large multi-tenant IAM deployments and sought to bring that expertise to a different market. Already expert in the use of IBM's IAM product, Lighthouse repurposed that implementation into a cloud-based service for smaller organizations. That meant that the company needed to provide an easy-to-use front-end so that organizations lacking expertise or resources for the larger more complicated deployment still could take advantage of the power of the system.
The Lighthouse Gateway is completely cloud-based and integrates nicely with a customer's existing applications. In fact, the product comes with more than 70 connectors for various applications, such as lightweight directory access protocol (LDAP), Active Directory and SAP, and additional connectors are possible as well.
It takes a lot of vision to see beyond the obvious – on-promise integration and resale of the product – and apply solid user-focused principles to delivering an entirely new concept based on tried-and-true technology. This Innovator has done exactly that. By implementing IBM technologies in which Lighthouse is expert to a totally different, but equally important, environment, the company has changed the dynamic of IAM for smaller businesses. But, because the capability is scalable, larger businesses can take advantage of it as well, allowing them to do what they are good at rather than focus on IAM. They can have the capabilities without sacrificing power or utility for cost and ease of use.
AT A GLANCE
Vendor: Lighthouse Security Group
Flagship product: Lighthouse Gateway
Cost: Starts at $2,995/month.
Innovation: Moved best-of-breed identity and access management to the cloud, making it accessible for smaller organizations.Greatest strength: Ability to match a complicated technology to market needs through adroit application of market-focused customization to a large-scale, best-of-breed product.
AT A GLANCE
Vendor: ForeScout Technologies
Flagship product: ForeScout Mobile
Cost: $2,000 for 1,000 Android/iOS devices (plus CounterACT NAC Appliance).
Innovation: Bringing traditional NAC to mobile devices. encryption applications.
Greatest strength: Long experience in the NAC market.