Q&A: A novel ‘token’ approach to do away with passwords
Security

Q&A: A novel ‘token’ approach to do away with passwords

Secure Clouldlink claims to have a novel way to do away with passwords. We speak to CEO, Mark Leonard, to find out what this might mean and pick his brains on the wider industry.

 

What is unique about your approach to cybersecurity?

The current approach to cybersecurity can be best described as adopting a fortress mentality – building high walls around an organization in the hope it will deter attempts to break in. It invariably involves the use of a password as a means to access secure and personal data. This approach is fundamentally flawed as passwords can be stolen, guessed or cracked. Moreover having a password is like leaving a post it note on the door saying you've left the key under the mat.

Secure Cloudlink’s approach removes not only the requirement to have passwords but also the human factor associated with them through our patented, non-persistent redacted tokens that never store or transmit any user data. The approach is predicated on the fact that our digital identities are the key to everything – security at work and at home.

 

Why is this important for businesses?

More than 60% of all cybercrime is as a result of stolen, guessed or hacked passwords. It follows that if you can remove this threat vector completely, you can significantly reduce and indeed remove the impact of cybercrime. By focusing on the individual rather than the organization, we protect both the individual and organization in a more robust, secure and consistent manner.

 

How will global regulatory changes impact the security landscape over the next 12 months?

Regulatory changes such as GDPR are not just forcing businesses to take security seriously, they are also driving transparency as data breaches and hacks will be made public. Such transparency can damage businesses’ reputations and seriously impact revenue.

In addition, as quantum computing becomes commercialized, quantum resistant security will become mandatory (both demonstrable and certifiable) for some businesses and public services.  

 

How big a problem is adversarial AI at the moment and how is this likely to change?

It is a growing issue but one that hasn’t reached significant proportions yet. However as hackers start to move into deep learning and other AI based technologies to gain access to our digital identities, it will become more and more of a problem. Recent academic research has already shown that theory-grounded password generation approach based on machine learning outperforms current password guessing tools.

 

What is the biggest security threat on the horizon?

Any security is only as strong as its weakest link and unfortunately there is no way to effectively counter some aspects of human nature. Given this, the over reliance and misplaced confidence in passwords remains the biggest threat to public, corporate and personal security. So long as identity credentials are stored and/or transmitted, individuals and companies alike will remain vulnerable to cyber security threats.

 

What do CISOs need to know about how to mitigate this?

While CISO’s are undoubtedly aware of the limitations and vulnerabilities associated with password-based security approach, the challenge they face is educating and informing the wider organization. The role of a CISO is hard because it is often seen as an insurance policy. Yet the reality is that CISO’s are at the vanguard of changing the mindset in order to deliver effective cyber security.

CISO's will have to continue to warn the business that a cyber breech could fundamentally damage the company so that they can garner the support and resources needed to implement technology to protect their customers' and employees’ digital identities.

 

Is there anything that is not getting talked about enough in the security space?

The same security vulnerabilities that affect front-end systems exist on vital back end systems as well. Given the sensitive and commercially important data that is held on these systems, it is staggering that Privileged Access Management is secured with the same flawed approach as for general users. Organizations are still not learning the lessons from high profile data breeches, such as the ones that targeted Uber and OneLogin.

 

Is there anything else you’d like to share?

Smart businesses and public organizations should be looking at how quantum computing is going make their existing security capabilities obsolete. Five years ago experts thought it would be years before quantum computing became a reality. They are now expecting it to be imminent. CISO's and CIO's should evaluate their current security against what is known as Mosca's Inequality.

PREVIOUS ARTICLE

«C-suite talk fav tech: Scott Bozinis, InfoTrack

NEXT ARTICLE

Millennials talk careers: Ben Vickers»
author_image
IDG Connect

IDG Connect tackles the tech stories that matter to you

Most Recent Comments

Our Case Studies

IDG Connect delivers full creative solutions to meet all your demand generatlon needs. These cover the full scope of options, from customized content and lead delivery through to fully integrated campaigns.

images

Our Marketing Research

Our in-house analyst and editorial team create a range of insights for the global marketing community. These look at IT buying preferences, the latest soclal media trends and other zeitgeist topics.

images

Poll

Should the government regulate Artificial Intelligence?