Scott Mohr, Chief Revenue Officer
A fundamentally new way to connect people and devices on a trusted network.
Threats from Access to Digital Domains
In today's digital world, cybercrime is big business. Cyber threats exist from multiple attack vectors. And unfortunately, attacker’s innovation is outpacing the defender’s ability to keep up.
This not only presents new challenges for cyber security experts, but creates difficulties for users who risk exposing themselves to identity theft, corporate data and intellectual property theft, as well as potential compliance issues.
Cyber security groups that layer on multi factor authentication to traditional username and password risk interfering or distracting users, stealing time and attention with additional login steps. This extra security can increase user anxiety every time they sit down to put their hands on digital devices
We need a new way to access applications and devices that enable a digital economy, that is both EASY for users and SAFER for organizations.
Why not a One Touch login?
Why can't users start their PC like they start their car? Why can't they change access to applications like changing the channel on a TV Remote? Why can't they touch to login, like they touch and pay on a phone?
The main reason this “One Touch” approach didn’t work in the past is that the networks and systems underlying applications were too trusting. Hackers could exploit perimeter weaknesses and then explore and quietly move between connected trusting systems to find valuable targets to attack. So, a perimeter defense approach relied on policies and rules, and username and password to gate access for trusted users.
As a result, to improve security within a username and password approach, the industry’s focus has been on making the login process more restrictive layering on static rules. Currently, the trend is to use second factor authentication (2FA) or multi factor authentication (MFA) to add an additional layer to authentication systems.
While MFA does improve security incrementally, these layered controls are more likely to frustrate typical users trying to just do their job, rather than to deny attackers who often have years of experience exploiting security flaws.
We Need A New Way
At Armor Scientific, we take a entirely different approach to adding known users and devices to a trusted network.
In the cyber security domain, there are two key questions:
Is this a trusted user? And…
Is this a trusted device?
Armor implements a zero-trust model for identity and access that blocks any people, devices, or transactions – unless they are added to a blockchain enabled trust domain.
So, if only trusted users and devices can access network systems, and network systems only respond to requests from trusted users and devices – THEN we can change the username/password paradigm and look at other authentication and authorization schemes, removing the layers and friction that create user frustration and anxiety.
It is not enough to have a cool new hardware device to replace username and password. Or to simply add a 2nd or 3rd factor to existing authentication schemes. You need the high assurance of user’s digital identity paired with a robust back-end trust mechanism.
The Armor Approach
What we have done is create a two-part solution.
User identity is captured in what we call a Digital Identity Token – that provides a high level of assurance of a user’s identity, without including any personally identifiable information (either as a wearable FOB or smart phone application).
An Assurance Domain is established based on a consensus authorization mechanism delivered via private blockchain distributed ledger technology.
Every person, digital device, and backend system is a cryptographically secured node represented by a block in a chain. Adding a user or device, or allowing activity on the network, requires a quick check with other nodes to make sure trust has previously been established.
This approach has some significant benefits:
It creates a one touch or no touch (proximity) login experience, making it easier for users to interact with digital and physical devices.
It makes it harder for attackers to bypass authentication controls, and can block horizontal access inside the perimeter making it easier for SecOps to identify attack attempts and respond accordingly.
It provides single console control of the entire identity governance lifecycle controlling who can access systems and limits what they can do (traditional elements of both Identity and Access Control, and Identity and Governance Administration).
It delivers the immutable audit trail that makes life easier for control, audit, and compliance professionals.
Welcome to new world of identity governance and universal access
We heard what customers needed in order to be safe. And we are now ready to deliver the first identity governance platform for universal access management.
Stop by the RSAC Early Stage Expo March 6-8th for an in person demo. And sign up for our newsletter.<Update with live link at launch> to keep up to date on how we are helping customers and changing the world of cyber security.