Webinar Recording
The Future of Mobile Authentication: Strong, Adaptive, Intelligent
The unstoppable march of cloud, mobile and social computing in the recent years has made a profound impact on our society. Exponential growth of corporate digital assets combined with the overwhelming proliferation of mobile devices put enormous pressure on modern businesses to become increasingly connected. To stay competitive, they must be able to adapt their business models to constantly changing customer demands, technology innovations and ever-increasing number of communications channels with their current and future customers, business partners, suppliers and, of course, their own employees.
Log in and watch the full video!
Upgrade to the Professional or Specialist Subscription Packages to access the entire KuppingerCole video library.
I have an account
Log inRegister your account to start 30 days of free trial access
RegisterSubscribe to become a client
Choose a package
Well, good morning, good afternoon. Or maybe even good evening, ladies and gentlemen, depending on where you are based currently, welcome to another keeping call webinar and the topic for today is the future of mobile authentication, strong, adaptive, intelligent. And today we are going to talk about why multifactor authentication alone is not a solution to all your security problems. The speakers today are myself Alexei I'm Analyst at and joining me today is Nicholas PRS, the co-founder and president at point sharp. Our sorry. So maybe before we begin a few words about cooking a Nicole, our company, we are an Analyst company specializing in identity and access management, GRC and information security. We are based in VIBA in Germany, but we have a global reach with Analyst ranging from United States to UK Germany, of course, up to Singapore and Australia. Our three major directions are research services where we offer you various publications and written analysis of various vendors and products, advisory services, helping you start and mostly around your IM and security related projects.
And of course, events ranging from three online events like this webinar to the real world, physical conferences and congresses. Speaking of those, the most recent one has just occurred last week. It was our largest flagship event, the European identity cloud conference, which has taken place last week in Munich, Germany. It's a PT, if you have missed it, but you can already save the date for the next year. So the EIC 2017 is waiting for you. The next major event, we are planning to run what will be our digital finance world. Our, the first time went focuses specifically on generation finance, digital banking and everything around it, especially with the focus on blockchain. And before we begin a few short guidelines, you are all muted centrally. So you don't have to worry about accidentally saying something improper. We control all those features. We will record this webinar and the podcast recording will be published in our website tomorrow. And we will also inform everyone with an email, with a link to that. We will have a Q and a session at the end, but please ask your question. As soon as you have them, you can use their questions tool on your go to webinar control panel there in the right bottom corner of your screen to type in your questions.
Their agenda is typical. First I, as an Analyst to provide a general introduction to the topic and to outline risk and challenges, model enterprises are facing now, and how strong authentication specifically fits into the big picture. Then I will hand over to Nicholas bras who will be addressing those challenges kind of more detailed and more technical hands on approach, prescribing their own unified platform for addressing those issues. And as I said, it, the end, we will have a Q and a session. So please have your questions already, as soon as you have them. And I would like to start with showing, keeping the Nicole's favorite picture. You have probably seen it. If you have attended our free webinars, it shows the, the world we are currently living in where everything think is connected 10 years ago. Nobody could even imagine that internet will lead to such a exponential explosion of various communication channels between not just people, not just employees of your company, but whereas outside partners, customers leads citizens, patients, you name it.
And of course, a lot of different devices and even smart things, connected vehicles and other types of internet connected, smart objects in a way, there are three trends that have led to this explosion with of course, are cloud technologies, which have led to the fact that most of the companies digital assets can now be found anywhere in the world, outside of the traditional security parameter that's of course, mobile technologies, meaning that this data can be accessed from anywhere at any time from different devices. And as I said, even things, and of course the social aspect, the social computer, which mean that we cannot, we can no longer hoard our data. We have to share it with increasing number of various identities and speaking of multiple identities, this is probably one of the biggest challenges, modern digital enterprises facing because to open up their services to the maximum audience, businesses have to communicate and they have to communicate with different types of identities besides the traditional enterprise ones, like your employees, your business partners at contractors, the companies now have to reach out to consumers, whether existing or potential or to the leads they have to integrate with social networks.
And I mentioned, governments have to establish a communication channel with their citizens, healthcare organizations, with their patients. And so on. Now also have a lot of device identities. Those non-human things be desktops, mobile devices or things. And we have application identities, all those well apps, applications be on premise or mobile or in the cloud applications, the services, the backend, some legacy systems running your on your on premise network or some next generation cloud based infrastructures. And finally APIs, those tiny little things that have become a glue, connecting all those services together recently. And of course all those different types of identities have different authentication standards, different requirements, or different regulations govern in them. It's been said that multifactor authentication is the ultimate answer to address all those challenges. And it's been said, I would say 10 years ago, maybe like multifactor authentication. It's not a new concept.
Just to remind you, we are talking here about a combination of several authentication factors, which basically fall into three different buckets. It's a knowledge factors like your traditional password to pin or a secret question, or it's a possession factor where you show something, you have like a smart card, an OTP token, or your mobile phone, or maybe some software software based thing like your certificate or SSH key. And of course you have the inheritance factors, which are something you are, this is your fingerprint, your voice, your face, your eye retina scan. And so on, of course, technology has went amazing length to develop all this new types of strong authentication and all experts unanimously say, yeah, technically the problem has been already solved for years. We have a lot of different variants for each possible factor. We have, you know, Bluetooth, authenticators, NFC magnet stream based smart chips, TPMS mobile ID.
So where your identities on your steam card, we have time based OTP tokens, and so on. We even have some combined solutions like hubbies, for example, anyway, technically the problem is, has been solved for years. So how came we are still using passwords? How came it this fancy and shiny multifactor authentication technology has such a low penetration even now. Well, first of all, because strong authentication has its own set of problems. Well, the biggest one of course is the lack of interoperability and the danger of vendor locking. Basically each technology, each vendor has their own solution, which is at least until very recently has been completely independent and completely incompatible with another solution. Yes, we now have the five Alliance, fast identity online, and there are specifications that they're doing a great job. They have developed industry standard for multifactor integration, but, but, but unfortunately they are yet to gain enough direction.
Or the penetration is still pretty low. Yes, we are expecting that 2016 will be the fi year, but we are still not there yet. Unfortunately, many traditional solutions like PKI infrastructure, for example, just do not scale anyone who is running smart car infrastructure since their company know that for years, many solutions, especially biometric once biometric once are easy to hijack and yet completely impossible to revoke. Like how are you going to revoke your fingerprint? It's a pretty painful process. I would say many are simply not secure enough by current standards like popular SMS based, based authentication. It has been compromised many times they are complicated and inconvenient, especially if you are moving from computers to mobile devices. When you have to juggle your mobile phone with some hardware, OTP, token and password list, it's inconvenient at least. And of course, anyone believes that password is still the cheapest solution. So any strongest ation method is expensive, what they say, because of course, if you count in all the indirect losses and indirect spendings, especially if your passports are hacked and you experience very cost data breach, then you really have to think twice. But still the popular opinion is that passwords are still the cheapest and they are good enough.
So that was kind of the strong part of our today's webinar title. So what about adaptive? As I mentioned earlier, businesses have to be connected and businesses have to be agile. Agility is probably the biggest business requirement on any modern company or anything in the company design of the company puts in place better it infrastructure or business process. Anything else it has to be flexible. It has to be agile Futureproof. And of course it has to be business friendly because it is just gonna keep up with the current business requirements, which are changing daily. It has to be dynamic. I mean, we're speaking of course, access control of course authentication. It has to be dynamic because static roles are no longer enough when you are no longer speaking about some or internal employee accessing an internal silo once month to calculate some financial information. But instead you're talking about your customers and partners and contractors and social network users accessing your critical and actual business information from anywhere around the world, from different locations and devices, your access control has to be dynamic a decision whether to let someone in or not let someone in or present an additional security challenge has to be done each time dynamically.
And of course, these decisions have to depend on context and context in this context, in this context. So say, is anything, any type of information regarding the, the results we are accessing the entity, which is same 30 wise allocation, any attributes available, all those factors can contribute to the decision.
So when we are talking about adaptive policy based access management, we are talking about two major concepts, it's context and policies, which are of course interconnected and depending on each other context, or if everything, as I just mentioned, context or information allows supporting common requirements, very popular scenarios, like for example, how to allow limited access to some sensitive information from an insecure device or from insecure location. And of course, context is driven by centralized policies and policies are, are the business friendly way to externalize security decisions from each application and centralize them in one place where even a non-technical person having the right tools can define those policies are in business for iation and basically change them anytime and incorporate as many available contact sectors into those decisions. In real time, if you would like to know more about the term of adaptive policy based access management, I would like to refer you to our website where you can just find a bunch of very interesting publications and a few recordings of our previous webinars on that topic.
So that was adaptive part. And now we come to the intelligent part, the most interesting one here we are talking more about the future of authentication because, or being just adaptive alone, isn't enough, no longer enough intelligence part comes in here in the form of first of all, risk information. You can no longer make your authentication and authorization decisions just are on the context of, you know, from the subjects and the objects in this particular access request alone, you have to take care about the, the world out there, the risks information from external and internal sources, you have to be as flexible and adaptive as possible, or you have to be able to incorporate new types of demands, regulations, business processes you have, of course, to be able to adopt the new authentication method as soon as I will become available. And you have to make the whole thing as easy and familiar for the end users to use as possible because even the best and the more secure solution will fail if users do not want to use it. So that was the theoretical part. So to say, when we are going to talk specifically about mobile access challenges, we have just to look at this particular picture, and by the way, mobile here does not mean mobile phones alone because everything and everyone now is mobile.
Anyone with a computer or a tablet or a smart meter or a cloud application can be anywhere in the world. And at any time they would need access to not your, just not your web, not your databases on premise, but to any part of your infrastructure, including some legacy systems and so on. You have a huge variety of clients have a huge variety of backends. The number of possible connectors between them is mind boggling and they have to be all authenticated depending on various contextual factors depended on different requirements and different, different technical challenges. So what are these challenges? Again, just a few to list a few of them that's of course, identity fragmentation is a mentioned earlier. You have various types of identities with wildly different business requirements and compliance regulations and just different technologies underlying them. You have application fragmentation, too many security and too many communication protocols in clients.
Yeah. I mean, everything looks easy when you are talking about cloud apps, web applications, but what if you need to authenticate your voice O IP phone or your Skype or your email client, or your specific on premise or fat legacy enterprise application, many of them are just simply not natively multifactor authentication, aware you have to implement clever workarounds to do that. Of course, you have a mobile platform for augmentation. Everyone know that there is no single device on the market. I mean, authentication device on the market, which supports, for example, all mobile phone types, thanks to apple for that mostly, but well, we have to it. And of course you have a major challenge. As soon as you start opening up your corporate networks to outside, you have to think about protecting it from threats, both external and internal. This includes DDO protection infrastructures, malicious insiders, hackers, malware, you name it all types of threats.
And of course, one major problem which many people tend to overlook is lack of channel separation. The biggest, the foundational principle of multifactor authentication is that different factors have to be delivered through different channels. Because if you, for example, want to authenticate your mobile form and your authentication device is your mobile phone. Like for example, you received your token by SMS. Very simple mobile mobile application can hijack both channels at the same time and reduce your multifactor authentication to nothing in a second. And probably the last but not the least challenge is poor user experience. As I mentioned earlier, people, especially people use the mobile devices just tend to stick to their familiar standard applications. They do not want to learn anything new. They do not want to use a separate unfamiliar app to access your sensitive data. They want nice, easy and smooth experience.
Otherwise you should expect to use productivity and raising support costs though. This is where we are now, despite of all those technological advantages, sorry, those achievements are of the recent years. Parts road is just still not that they're still not going away despite or experts or talking about the parts of the death or the passport for over decade. I don't know if you recognize this lady it's famous actress, Betty White. And she was just less than two weeks ago. She was hosting the international passport day on the 5th of May major group of American security. And it companies have run a huge campaign, basically celebrating the passport because it was sync de Mayo after all, you know, the happy holiday in Mexico and very popular in the USA. So yes, here we are. After promising death over the password for 10 years, we are now celebrating it. Maybe we actually have to switch the password day to dear demo motos, October 31st, you know, to have the appropriate atmosphere of mourning and not the celebration.
Anyway, it seems to be that passwords are not a technical challenge anymore. They're more cultural things during our EIC conference last week, we actually had a very interesting panel on that topic cannot recommend to go to our website and check out the video recording of the panel. We were talking about passwords and how to actually force companies, how to force people to switch from them. There is of course always the easy way out, make passwords expensive to use, introduce a fee for actually writing a buffer authentication. For example, that was one of the ideas, introduce password text on government level. That's a great idea. Or maybe we should consider a more difficult, but more elegant way out is actually try and design a solution, which is both strong and easier to use in the password. And this is where I would like to give my microphone to Nicholas because I hope he will be presenting to us exactly. Such type of a solution. So Nicholas, it's your turn now.
Thank you. Alexei set up my presentation here just a sec. Yes. So thanks for the introduction again, I'm Nicholas at point sharp, one of the co-founders and I will give you an introduction to point sharp in context to the topics of today, the future mobile authentication, strong, adaptive, and intelligent. And of course I hope that we have all the solutions, but I also understand and recognize that we also have future versions to come. So we are continuously building our concept to target this area as well. But to start for point chart use log in is much more than just authentication. We talk about easy secure login as the login experience covers more than just authenticating the user easy also, because it's important to keep in mind that you need to adapt to ensure an easy end user experience.
So users today, mobility been around for many years. It's been a lot of talks about, and if not before, it's really now it's a reality and it's making it quite complex for organizations to handle and to manage users. They take it for granted. They want to work anywhere with any device and access. Any application, still user experience should be easy. The organization of course require it to be secure, but they also to have it easy to manage point shop's vision is to provide a security platform that provide an easy and secure login solution that meet these requirements.
What's the challenges. Well, we acknowledge that users accessing applications today, more and more in cloud, still OnPrem from different devices. Users have many devices, but they're also doing it. Mobile from different locations. Organization are faced with a very fragmented login and it's very easy to lose control of who is accessing what and when, so why is it complex? Well, users can have different roles. They have different security requirements. They're not just the user accessing the remote network from home. They can be external users. It can be internal users. They have multiple devices, user login with many different wide range of devices, which do you allow everyone or every type of device, specific devices, only iOS devices, or you're running a bring your own device concept or managed devices, or maybe more common. A combination of both applications use log into wide range of applications as well.
That can be hosted in cloud OnPrem or hybrid solutions. The technical integration points are different and it's very easy to get stuck with multiple point solutions that adds to the fragmentation of the login experience also uses our mobile, the login from anywhere they're traveling, they're working from home. When they're traveling, resources are exposed globally, the infrastructure is exposed in a different way today than in yesterday. And should this be allowed for all applications or all applications allowed to access from everywhere? What type of restriction should apply. But to summarize reality, today is a user doesn't just log in. Once the user is online, 24 7 from multiple devices to multiple applications all the time.
So to be in control paw shop strongly believe it's all about to start with owning the user identity and be control in control of the login process. Because if you are, you are on top and you know who the user are when they log into different resources, you know, when to open the gate and when to keep it closed in the end, it's all about you want to keep the good guys in, make it easy for them, but you want to keep the bad guys out. The common concern that we see with our customers today, that they want to engage with cloud services being, for example, Microsoft office 365. We want to do it for everybody or a group of users, but they're afraid, very concerned of giving away the identities to the, their own users, to the cloud provider. They don't want to give away the user's key that unlock access to on-prem resources and how other cloud services, the mentation of point shop is with point shop. You don't need to, you can be in control, you can keep owning the user identity.
So in history, authentication was all about authenticating the user and then leave it to someone else to provide the access was quite easy work to live in being an authentication provider at an authentication service. And there was basically it, you said yes or just said no intelligent authentication is all about adapting to the combination of authentication and access to be able to adapt to the security requirements for different scenarios, to being controlled point for one solution that handle you to log to all different resources. Even if there are cloud on-prem or more app specific, I will go a little bit more in detail about because knowing the resources a user want to access, it's important to be able to comply to the security requirements, but also to understand the technical integration points and what the limitation that comes with that. So looking into cloud resources are mainly based today on Federation technologies want to provide a full integration with example, Microsoft ADFS.
The integration means that we not only support ADFS, but more important. We extend the capabilities of what can be accomplished with ADFS and the security requirements that can be applied, OnPrem access or classic remote access using SSL, VPN wifi network VPNs, or similar solution. It was easy in the history was basically only one access point VPN solution, but on-prem today organization have multiple entrances, which makes it even just for on-prem much more complex on job integrates with all major vendors today to support multiple access point with different security policies. But one area that is more, maybe the most exciting is app specific access because it's more common, especially for mobile solution. They are more oriented, not the technology on how to get access, but more focused on the application itself. The challenge of course, is there are few standards or maybe even no standards, but one of the most impair area still to secure the login for this area is usually left blank, both from other authentication vendors, as well as access vendors.
And here's the difference with the paw shop approach that we focus a lot on this area and we have built specific support for popular enterprise applications like Skype for business exchange, mobile email. We see many enterprise customers utilizing these in their environment, but the challenges around securing in are as equally as important, if not even more, but the challenges of course, they're very app specific. There are no standards you really have to adapt. And that's why you can't adapt to every single app specific solution with one solution, you need to integrate with them. And that's important part because when we know who the user is, what type of application they want to access, what type of devices they're coming from, we have some information needed to take decisions. The point drop include an advanced authentication and authorization engine. With this, it's easy to build custom policies that meet the security requirements for different scenarios.
It's easy to balance between security and ease of use for the end user. It's easy also to create scenarios that actually support the business and not aligned owner to the technology. So point shop enabled conditional access and authentication and to give example, what type of requirements can we put for conditional access and authentication in history? It was easy. Once again, uses only worked. They had their PC, they needed access to corporate network and well easy for some, they only use password those with a little bit higher requirement on security, introduce two factor, authentication this by using username and password as one factor something, you know, the second factor by using a Harvard token, something you have or own that token generat a one time password. And it's easy. No one can log in if they don't have both factors to kind of protect the login with smartphones lately last 10 years been arriving.
It's much more common of course, than much the hardware to the smartphone though. Many customers today still require hardware token either for security reasons, or they have employees with non-company phones and cannot actually use private phones in this process. That's why point chop support both hardware tokens. We support software tokens in different form factors. We support third party software and hardware tokens basically to have a wide range because different customers are different and especially larger customers really need the different methods for different user groups, but still one time password. It still works very well like password it's easy support manage scenarios, but it comes short in the mobile word, especially around mobile app access.
So what's a different when mobile authentication and classic authentication, classic authentication as mentioned works very well when you wanna log in and create a session. So you log in once and you get access to something, but it's different with mobile solutions because they're online 24 7 user can have multiple devices that continuously working with a classic second factor would work, but it is not easily used for the end user for a mobile solution. But what we can do instead is that we can actually use classic authentication and we can do it once to register information and other factors like device DNA information about the device with this, we can use multiple factors from the devices to ensure that if someone's still something we know like the password, they can still not use it because they actually need the physical device as well to achieve the same type of security as classic two factor authentication. And we can also place other means of inheriting authentication, like a certificate of access tokens on devices that provide limited access time. So we talk about multifactor authentication, where different factors add to the security and strong factors can be used at specific times to register other factors with this, we keep ease of use for the end user and they can be online 24 7 with their mobile apps. So multifactor authentication don't replace classic two factor authentication, rather it extends it into the mobile word.
And to give you some example, use case when a user want to access a web resource like web mail. Well, it's quite still easy to use log in with the user and password, and you can combine it with a one time password generated on a smartphone. You log in once and you get a couple of hours session to the web that works from your PC, works from your tablet. And it's a good use case scenario for many customers today. But if we're gonna run a mobile app for a mobile solution, like as an example, Skype for business mobile email, it would be very frustrating. If you need to log in every time the app is open or have logged out, you lose network connectivity. It's of course possible, but it's not E ease of use for the end user, even if we support this scenario.
So a better approach is to register the device DNA, using the secure process, for example, using classic authentication in a secure way to register the device, then the decision is inherited for a length of time and access from that device. In combination, we use name and password is approved. So ease of use for the end user and higher secure tape for the company. Password can also be specific for mobile apps. We talked about password Alexei mentioned password previously. One it's still valid. What we see today is a lot of customer. They don't wanna expose main credentials. They want to avoid that on mobile external devices. So you wanna replace it with something else, an app specific password or a general password, or even a pin code used for all external access. And that's of course something that point shop add as well.
So point shop provide a comprehensive platform that can work with information in the home process, how user get access to application from different devices. This enable our customer to find the good balance between ease of use for the end user and security that meet the business requirements. This creates scenarios that are more focused on business solutions rather than point solutions. With point job, you can apply secure login, and that's all good because it's an important part. But if you don't have an insight, how it's enforced, how and when you are accessing application and from what type of device, well, if you don't, you're not in control without insight. It's really hard to play the game.
The point of being the central component, taking all the authentication and access authorization decision. We sit on a lot of data. We push all of this data into this equal server to database. This enables us to provide an insight in how, when and what type of devices users log into using from or log in with, to access different applications. We can show data in real time with our point of dashboard, as well as trace individual users for advanced auditing, which is important when you need analytics, be compliant or have full auditing of each and individual producer or even more advanced analytics because we provide some, but that's not, there are other that do it even more. We provide our share to the area of big data by allowing third party solution, to get access to our database, using tools like Microsoft power BI bank, or other tools that are out in the market, focusing on doing this in the best way.
So customer want to embrace mobility and allow their users to be truly mobile. They also need to support the full life cycle of a user, the onboarding process, the active phase in the company organization, and when end of life arrive and use need to be terminated and not physical. Then of course, me, point to provide an easy to use of service Porwal that allow the end user to manage a lot of and many important steps on the onboarding process of getting started. Also daily administration, how you register devices, you change devices, download certificate or other access tokens for getting access to company resources, password management, and more. We wanna make it easy, but it's also important to be in control if you do it. Self-service we work with secure login. So we provided secure login to sub-service fill, allow the users to manage it themselves.
This makes it also easy for the organization to manage our product and the sub-service Porwal of course, very close to the end user, which is why make it very easy to brand. And you can do full custom integration using web services and other APIs with point chop. We also offer the platform so we can have one point of turning off the access when time actually comes to end of life for user the point, chop is all about software. When is we partner to Microsoft and our software is certified for window server. That basically means that our products are very easy to administrate and maintain for everybody familiar with the Microsoft environment, our software and other components run on window server can easily be hosted in cloud or OnPrem pricing range from one to four euros per per month, depending on functionality and volume pricing model is very user-centric. We are both commercial as well as technically very user-centric. It makes it very easy to grow and only pay for what you use to ensure that our product works good with customers, other products in their environment. We also partner with other vendors, example S softwares developed fully by point chop ourself. It's at our headquarter, which is in stock on Sweden. We don't outsource any development development to third party organizations today.
Paw chop, Japan, many different customers in different segments, big and small, where all of them, I would say, share the vision of finding the balance between security and ease of use for the end user. Also, one of the key reason why they choose point sharp is our focus on mobile solutions. So why point sharp? Well I'm of course not objective, but there are many benefits of choosing point chop as a platform to enable ease and secure login. But if I should highlight at least one most important part of thing, I would say that the products are from start really designed for a mobile workforce and to help our customers embracing mobility, to be a platform, to build a mobile organizations, and that's aligned in everything we do in everything we develop. And that's maybe one of the most important reasons to choose point sharp as a platform for securing your login. So with that, I wanna leave over to Alexa for questions. Thank you for the time so far.
Okay, great. Well, thanks a lot for your interesting presentation. Just let me remind everyone, please submit your question through the go to webinar question tool. And we already have the first one that probably the question for me. Can we download those slides? Sure. You can please just go to our website to the same page where you have registered with a webinar, have already added download links for the presentations. And tomorrow we'll also add a link to the video recording of today's webinar. Okay. So please let those questions coming. I have one from my myself first. So as I mentioned in my part before, so to me, mobile is a term does no longer, only mean a mobile phone or tablets. It actually spends a whole range of platforms, including laptops and other devices, which basically anyone can be using to access your data from anywhere. Does your platform could share the same approach or why only focusing on mobile devices and the classical things?
I would say mobile for us is always been about mobile users, of course, mobile devices as well, because as part of being a mobile users, but mobility is more a way of life, way of working. That's including mobile users, it's including mobile devices, it's including how you use and so on. And that that's kind of finalizing in my summary. That's one of the biggest reason where we think point chart is vendor for some customer choosing as is because of focus on mobility. We design it for mobile workforce from start.
Okay, great.
The short answer is yes.
Yeah. Great. Great. Well, the next question is what is the current market penetration for multifactor authentication? Is it growing?
I would definitely say it's growing the awareness of of course getting higher and higher. And I would say that a lot of companies start realizing that security doesn't need to be a cost it's rather, and something that enables business in being more effective because with good security and good solutions, you can actually support your employees to be more effective in the daily work. So yes, it's growing. Definitely.
And if I might add from my site, I guess the biggest problem and why it's growing so slowly I would say is because of fragmentation. Cause there are different kind of centers of pushing out that are multifactor authentication for various reasons. You have your enterprises where they're mostly thinking in terms of compliance, like those banking and finance organizations. And you have of course, very recently quite a few efforts from our consumer oriented companies. So I would can only praise Google and GitHub and other companies, which do a lot to introduce or the whole idea of multi consultation to the users. But again, they are working from a completely different aspect with completely different demands requirements. So to say, and of course we have, yeah, sorry, what I think
That's good because that's really training the end user that is not complicated the user to protecting their login. They understand why. And I think also on top of that, we can see a lot of more published, you know, articles and even populars, if you put it like that, why you really need a secure log in and just to quote or reference, one of the latest is probably the Panama scandal where, you know, a lot of tax or not paying tax were, people were exposed due to lack of protection on accessing data, email servicing practical with very low security. Everybody can, you know, take that into their own business and, you know, understand that. Well, we actually have sensitive data that if it leaks out, even if the data itself is not leaking out, that's kind of a big hurt on our brand and the brand is important.
Okay. Right. We have our next question coming and it's pretty long one, let me just read it out for you. We are challenged not only with the reverse process solution, but also the mobility client outside of mam or MDM, Skype for business native clients specifically, what are some of the security challenges you've seen rolling out this solution? And let me continue. Our businesses wanting an F five appliance in front of a reverse proxy, anyone new, an HSM? So hardware security module, I work in the financial area and our GIS DMZ teams are very concerned about the known risks though. We are also have the challenge of educating them on what reverse proxy is. So that's a long one.
Yeah. And that's a little bit technical. I'll try to answer as best as possible. I think step for business is a very good example lately, as well as some years ago where mobile email was a very good example where organization want to embrace mobility and sometimes even moving faster than they, you could deploy the security requirements. And so on and Skype for business specifically really reflects the challenge of mobile application because the access vendors, typical don't provide a solution for it because it's somewhere between access authentication and application, as well as traditional authentication vendors. Well, there's no way no standard APIs to integrate with a product like Skype for business. And that's why we have that's included in one of the effort where we protect. And I would say finance and governmental is maybe the biggest customer base for us in our solution for Skype, for business, because they have business cases of using Skype for business on especially mobile devices, but to meet the security requirements, to enable these business cases, basically a standard deployment of Skype for business, with standard access products like F five and so on, doesn't meet up to the security requirements.
And that's where we typically come into in the equation because we do secure info, Skype for business we can adopt and a mention, I think windows password is one of the challenges they're not allowed to be exposed to multi devices. So they need to replace, you need a multifactor authentication solution, but you still need ease of use for the end user. So you can't work with classic authentication. You need multifactor authentication with device DNA and so on. So, so that's really something I could spend another hour on. So, but not keeping my answer too long. It's a good example of a challenge and yes, we have a solution for it.
Okay, great. And if I may add a couple of words to that, I am pretty sure that businesses do not want an FFI application, sorry, appliance in front of reverse proxy for one simple reason, because businesses typically do not know what those things mean. Businesses think and business terminologies, they need solutions for their business problems. And the way how it's technically solved is not the task. And ideally, I mean, God forbid me from having the boss, talking to me that way, because it'll be difficult to explain
Nothing bad about yeah. And nothing bad about FFI because we see a lot of our large enterprise customer utilizing F five and F five is a really good product on the network level. They're very good and low balancing performance and so forth, but they are basically blind when it comes to an application for Skype for business. And that's why we are a bit different from other authentication vendors. We actually have a reverse proxy, but it's mainly not to be a network reverse proxy, even if it actually could act like that. It's it is more of being an authentication, reverse proxy or application aware, reverse proxy. So for many customers, we actually combine that with an F five F five doing the network part, and we are doing the application layer to provide secure again, because that's the only way to integrate with, with the mobile applications like Skype for business.
Okay. So anyway, businesses want business business solutions for their business problems. They want secure access to Skype for business. How exactly it's done. It's up to your it department to the design, or if you are not capable to do it yourself, then it's up to you to turn to Analyst like ourselves, for example, for our advisory anyway, or we have some time for more questions. So please do not hesitate asking them. I have the next question here for you. So how does your product scale in large deployments?
Basically our products is built to scale they're software based, so is quite easy to scale them up as performance. So we, we can even support a small customer, but we also support large customer with a hundred thousand plus users. And so basically they're built to scale.
Okay. So are there any limitations, practical limitations?
I dunno,
Maybe you would, I would
Say no, there are maybe challenges, but I think the larger deployment we have today and that are more technical complex is we have customers with large amount of users. They have potential, I think, five or seven physical deployments globally with redundant environment of our product. And they of course complicated technical architecture, but the products are built for supporting that and built to be flexible in the sense that customers are different and have different requirements for their infrastructure.
So can you maybe share with us, like how many users does your largest customer have?
I think the largest customers today are utilizing external users and then there are roughly a hundred, 200,000 users. If you look at customers running mobile applications like Skype for business mobile email, we are roughly somewhere around 50,000 users or, and roughly somewhere around 70 to 80,000 devices connecting that we support. That's kind of our bigger customers. Our standard customers is somewhere ranging from five to 15,000 users.
Okay. Okay, great. Next one. You seem to have an extra focus on Microsoft. Is there any special rhythm for that?
What, yes and no. We have, we have a history with Microsoft in the past, but what we have seen is that we, a lot of our customers utilizing us for securing the login in general, but there are a lot of them also using applications for Microsoft like today popular of course, office 365, but also exchange SharePoint, Skype for business. And with the lack of standards for mobile experience supporting these applications, we basically have on top of the, in general and supporting cloud and on-prem access with specific scenarios to support those very common applications that a lot of enterprise customers are using. And they're today coming from Microsoft in that sense. So that's why we have a focus on Microsoft because a lot of our customers utilize their products.
Okay. We have another question. How would you enforce strong authentication to legacy non web applications for privileged users?
Well, it really depends on what type of applications and there are of course a lot of different technical scenarios, but the, I would say we have two scenarios if you talk about non-legacy and if I understand the question, right, one
Was sorry, it was legacy non web applications.
Yeah. Non web application. So, so typical either they are utilized with old technology, given network access. So VPN access, we have some scenarios supporting FD pen to make it quite easy running those applications. What we've seen lately is that a lot of our customers are publishing them using DDI technologies. So basically publishing them for recent years using Citrix. For example, the last two years, I would say, even Microsoft has built quite good applications to publish those type of applications using standard remote desktop applications. And you can publish those. They're done a great job doing good solution for running those even on iPads. And we integrate with that. So we can support a login for that. And you publish those legacy applications as a remote desktop basically.
And I would there
Different options.
Yeah. I would say it, it's not actually limited to privileged users. You can support any type of access from any type of users that way.
Yeah. So I think we even have an example on our YouTube channel where we are just for fun, publish the calculator in windows, being an example of a legacy application that everybody has used on an iPad with two factor authentication. And it works very well and its seamless and ironic on an iPad. So, and that kind of course be any type of application
Just maybe to step in aside a little bit. So basically if you, if you, I mean the, the person who asks the original question, if you're more interested in privileged access, you should probably go and check out our after webinars on the topic because besides our strong authentication, there is a lot of other compliance and security driven functions, which typical private privileged access solution must implement. So I'm pretty sure that point shop could integrate with those as well, but it's really a topic for a absolutely different webinar. Anyway, looks like you do not have any other questions and we only have a couple of minutes of our time left. So I can only say thank you to all the attendees for having been with us today. Thank you Nicholas, for giving your very interesting and quite technical insight into the topic of stronger authentication. And I hope to see you in one hour next webinars. Thanks a lot and have a nice day.
Yeah. Thank you yourself Alexei and thank you everybody for joining.
Good bye.
And of course, events ranging from three online events like this webinar to the real world, physical conferences and congresses. Speaking of those, the most recent one has just occurred last week. It was our largest flagship event, the European identity cloud conference, which has taken place last week in Munich, Germany. It's a PT, if you have missed it, but you can already save the date for the next year. So the EIC 2017 is waiting for you. The next major event, we are planning to run what will be our digital finance world. Our, the first time went focuses specifically on generation finance, digital banking and everything around it, especially with the focus on blockchain. And before we begin a few short guidelines, you are all muted centrally. So you don't have to worry about accidentally saying something improper. We control all those features. We will record this webinar and the podcast recording will be published in our website tomorrow. And we will also inform everyone with an email, with a link to that. We will have a Q and a session at the end, but please ask your question. As soon as you have them, you can use their questions tool on your go to webinar control panel there in the right bottom corner of your screen to type in your questions.
Their agenda is typical. First I, as an Analyst to provide a general introduction to the topic and to outline risk and challenges, model enterprises are facing now, and how strong authentication specifically fits into the big picture. Then I will hand over to Nicholas bras who will be addressing those challenges kind of more detailed and more technical hands on approach, prescribing their own unified platform for addressing those issues. And as I said, it, the end, we will have a Q and a session. So please have your questions already, as soon as you have them. And I would like to start with showing, keeping the Nicole's favorite picture. You have probably seen it. If you have attended our free webinars, it shows the, the world we are currently living in where everything think is connected 10 years ago. Nobody could even imagine that internet will lead to such a exponential explosion of various communication channels between not just people, not just employees of your company, but whereas outside partners, customers leads citizens, patients, you name it.
And of course, a lot of different devices and even smart things, connected vehicles and other types of internet connected, smart objects in a way, there are three trends that have led to this explosion with of course, are cloud technologies, which have led to the fact that most of the companies digital assets can now be found anywhere in the world, outside of the traditional security parameter that's of course, mobile technologies, meaning that this data can be accessed from anywhere at any time from different devices. And as I said, even things, and of course the social aspect, the social computer, which mean that we cannot, we can no longer hoard our data. We have to share it with increasing number of various identities and speaking of multiple identities, this is probably one of the biggest challenges, modern digital enterprises facing because to open up their services to the maximum audience, businesses have to communicate and they have to communicate with different types of identities besides the traditional enterprise ones, like your employees, your business partners at contractors, the companies now have to reach out to consumers, whether existing or potential or to the leads they have to integrate with social networks.
And I mentioned, governments have to establish a communication channel with their citizens, healthcare organizations, with their patients. And so on. Now also have a lot of device identities. Those non-human things be desktops, mobile devices or things. And we have application identities, all those well apps, applications be on premise or mobile or in the cloud applications, the services, the backend, some legacy systems running your on your on premise network or some next generation cloud based infrastructures. And finally APIs, those tiny little things that have become a glue, connecting all those services together recently. And of course all those different types of identities have different authentication standards, different requirements, or different regulations govern in them. It's been said that multifactor authentication is the ultimate answer to address all those challenges. And it's been said, I would say 10 years ago, maybe like multifactor authentication. It's not a new concept.
Just to remind you, we are talking here about a combination of several authentication factors, which basically fall into three different buckets. It's a knowledge factors like your traditional password to pin or a secret question, or it's a possession factor where you show something, you have like a smart card, an OTP token, or your mobile phone, or maybe some software software based thing like your certificate or SSH key. And of course you have the inheritance factors, which are something you are, this is your fingerprint, your voice, your face, your eye retina scan. And so on, of course, technology has went amazing length to develop all this new types of strong authentication and all experts unanimously say, yeah, technically the problem has been already solved for years. We have a lot of different variants for each possible factor. We have, you know, Bluetooth, authenticators, NFC magnet stream based smart chips, TPMS mobile ID.
So where your identities on your steam card, we have time based OTP tokens, and so on. We even have some combined solutions like hubbies, for example, anyway, technically the problem is, has been solved for years. So how came we are still using passwords? How came it this fancy and shiny multifactor authentication technology has such a low penetration even now. Well, first of all, because strong authentication has its own set of problems. Well, the biggest one of course is the lack of interoperability and the danger of vendor locking. Basically each technology, each vendor has their own solution, which is at least until very recently has been completely independent and completely incompatible with another solution. Yes, we now have the five Alliance, fast identity online, and there are specifications that they're doing a great job. They have developed industry standard for multifactor integration, but, but, but unfortunately they are yet to gain enough direction.
Or the penetration is still pretty low. Yes, we are expecting that 2016 will be the fi year, but we are still not there yet. Unfortunately, many traditional solutions like PKI infrastructure, for example, just do not scale anyone who is running smart car infrastructure since their company know that for years, many solutions, especially biometric once biometric once are easy to hijack and yet completely impossible to revoke. Like how are you going to revoke your fingerprint? It's a pretty painful process. I would say many are simply not secure enough by current standards like popular SMS based, based authentication. It has been compromised many times they are complicated and inconvenient, especially if you are moving from computers to mobile devices. When you have to juggle your mobile phone with some hardware, OTP, token and password list, it's inconvenient at least. And of course, anyone believes that password is still the cheapest solution. So any strongest ation method is expensive, what they say, because of course, if you count in all the indirect losses and indirect spendings, especially if your passports are hacked and you experience very cost data breach, then you really have to think twice. But still the popular opinion is that passwords are still the cheapest and they are good enough.
So that was kind of the strong part of our today's webinar title. So what about adaptive? As I mentioned earlier, businesses have to be connected and businesses have to be agile. Agility is probably the biggest business requirement on any modern company or anything in the company design of the company puts in place better it infrastructure or business process. Anything else it has to be flexible. It has to be agile Futureproof. And of course it has to be business friendly because it is just gonna keep up with the current business requirements, which are changing daily. It has to be dynamic. I mean, we're speaking of course, access control of course authentication. It has to be dynamic because static roles are no longer enough when you are no longer speaking about some or internal employee accessing an internal silo once month to calculate some financial information. But instead you're talking about your customers and partners and contractors and social network users accessing your critical and actual business information from anywhere around the world, from different locations and devices, your access control has to be dynamic a decision whether to let someone in or not let someone in or present an additional security challenge has to be done each time dynamically.
And of course, these decisions have to depend on context and context in this context, in this context. So say, is anything, any type of information regarding the, the results we are accessing the entity, which is same 30 wise allocation, any attributes available, all those factors can contribute to the decision.
So when we are talking about adaptive policy based access management, we are talking about two major concepts, it's context and policies, which are of course interconnected and depending on each other context, or if everything, as I just mentioned, context or information allows supporting common requirements, very popular scenarios, like for example, how to allow limited access to some sensitive information from an insecure device or from insecure location. And of course, context is driven by centralized policies and policies are, are the business friendly way to externalize security decisions from each application and centralize them in one place where even a non-technical person having the right tools can define those policies are in business for iation and basically change them anytime and incorporate as many available contact sectors into those decisions. In real time, if you would like to know more about the term of adaptive policy based access management, I would like to refer you to our website where you can just find a bunch of very interesting publications and a few recordings of our previous webinars on that topic.
So that was adaptive part. And now we come to the intelligent part, the most interesting one here we are talking more about the future of authentication because, or being just adaptive alone, isn't enough, no longer enough intelligence part comes in here in the form of first of all, risk information. You can no longer make your authentication and authorization decisions just are on the context of, you know, from the subjects and the objects in this particular access request alone, you have to take care about the, the world out there, the risks information from external and internal sources, you have to be as flexible and adaptive as possible, or you have to be able to incorporate new types of demands, regulations, business processes you have, of course, to be able to adopt the new authentication method as soon as I will become available. And you have to make the whole thing as easy and familiar for the end users to use as possible because even the best and the more secure solution will fail if users do not want to use it. So that was the theoretical part. So to say, when we are going to talk specifically about mobile access challenges, we have just to look at this particular picture, and by the way, mobile here does not mean mobile phones alone because everything and everyone now is mobile.
Anyone with a computer or a tablet or a smart meter or a cloud application can be anywhere in the world. And at any time they would need access to not your, just not your web, not your databases on premise, but to any part of your infrastructure, including some legacy systems and so on. You have a huge variety of clients have a huge variety of backends. The number of possible connectors between them is mind boggling and they have to be all authenticated depending on various contextual factors depended on different requirements and different, different technical challenges. So what are these challenges? Again, just a few to list a few of them that's of course, identity fragmentation is a mentioned earlier. You have various types of identities with wildly different business requirements and compliance regulations and just different technologies underlying them. You have application fragmentation, too many security and too many communication protocols in clients.
Yeah. I mean, everything looks easy when you are talking about cloud apps, web applications, but what if you need to authenticate your voice O IP phone or your Skype or your email client, or your specific on premise or fat legacy enterprise application, many of them are just simply not natively multifactor authentication, aware you have to implement clever workarounds to do that. Of course, you have a mobile platform for augmentation. Everyone know that there is no single device on the market. I mean, authentication device on the market, which supports, for example, all mobile phone types, thanks to apple for that mostly, but well, we have to it. And of course you have a major challenge. As soon as you start opening up your corporate networks to outside, you have to think about protecting it from threats, both external and internal. This includes DDO protection infrastructures, malicious insiders, hackers, malware, you name it all types of threats.
And of course, one major problem which many people tend to overlook is lack of channel separation. The biggest, the foundational principle of multifactor authentication is that different factors have to be delivered through different channels. Because if you, for example, want to authenticate your mobile form and your authentication device is your mobile phone. Like for example, you received your token by SMS. Very simple mobile mobile application can hijack both channels at the same time and reduce your multifactor authentication to nothing in a second. And probably the last but not the least challenge is poor user experience. As I mentioned earlier, people, especially people use the mobile devices just tend to stick to their familiar standard applications. They do not want to learn anything new. They do not want to use a separate unfamiliar app to access your sensitive data. They want nice, easy and smooth experience.
Otherwise you should expect to use productivity and raising support costs though. This is where we are now, despite of all those technological advantages, sorry, those achievements are of the recent years. Parts road is just still not that they're still not going away despite or experts or talking about the parts of the death or the passport for over decade. I don't know if you recognize this lady it's famous actress, Betty White. And she was just less than two weeks ago. She was hosting the international passport day on the 5th of May major group of American security. And it companies have run a huge campaign, basically celebrating the passport because it was sync de Mayo after all, you know, the happy holiday in Mexico and very popular in the USA. So yes, here we are. After promising death over the password for 10 years, we are now celebrating it. Maybe we actually have to switch the password day to dear demo motos, October 31st, you know, to have the appropriate atmosphere of mourning and not the celebration.
Anyway, it seems to be that passwords are not a technical challenge anymore. They're more cultural things during our EIC conference last week, we actually had a very interesting panel on that topic cannot recommend to go to our website and check out the video recording of the panel. We were talking about passwords and how to actually force companies, how to force people to switch from them. There is of course always the easy way out, make passwords expensive to use, introduce a fee for actually writing a buffer authentication. For example, that was one of the ideas, introduce password text on government level. That's a great idea. Or maybe we should consider a more difficult, but more elegant way out is actually try and design a solution, which is both strong and easier to use in the password. And this is where I would like to give my microphone to Nicholas because I hope he will be presenting to us exactly. Such type of a solution. So Nicholas, it's your turn now.
Thank you. Alexei set up my presentation here just a sec. Yes. So thanks for the introduction again, I'm Nicholas at point sharp, one of the co-founders and I will give you an introduction to point sharp in context to the topics of today, the future mobile authentication, strong, adaptive, and intelligent. And of course I hope that we have all the solutions, but I also understand and recognize that we also have future versions to come. So we are continuously building our concept to target this area as well. But to start for point chart use log in is much more than just authentication. We talk about easy secure login as the login experience covers more than just authenticating the user easy also, because it's important to keep in mind that you need to adapt to ensure an easy end user experience.
So users today, mobility been around for many years. It's been a lot of talks about, and if not before, it's really now it's a reality and it's making it quite complex for organizations to handle and to manage users. They take it for granted. They want to work anywhere with any device and access. Any application, still user experience should be easy. The organization of course require it to be secure, but they also to have it easy to manage point shop's vision is to provide a security platform that provide an easy and secure login solution that meet these requirements.
What's the challenges. Well, we acknowledge that users accessing applications today, more and more in cloud, still OnPrem from different devices. Users have many devices, but they're also doing it. Mobile from different locations. Organization are faced with a very fragmented login and it's very easy to lose control of who is accessing what and when, so why is it complex? Well, users can have different roles. They have different security requirements. They're not just the user accessing the remote network from home. They can be external users. It can be internal users. They have multiple devices, user login with many different wide range of devices, which do you allow everyone or every type of device, specific devices, only iOS devices, or you're running a bring your own device concept or managed devices, or maybe more common. A combination of both applications use log into wide range of applications as well.
That can be hosted in cloud OnPrem or hybrid solutions. The technical integration points are different and it's very easy to get stuck with multiple point solutions that adds to the fragmentation of the login experience also uses our mobile, the login from anywhere they're traveling, they're working from home. When they're traveling, resources are exposed globally, the infrastructure is exposed in a different way today than in yesterday. And should this be allowed for all applications or all applications allowed to access from everywhere? What type of restriction should apply. But to summarize reality, today is a user doesn't just log in. Once the user is online, 24 7 from multiple devices to multiple applications all the time.
So to be in control paw shop strongly believe it's all about to start with owning the user identity and be control in control of the login process. Because if you are, you are on top and you know who the user are when they log into different resources, you know, when to open the gate and when to keep it closed in the end, it's all about you want to keep the good guys in, make it easy for them, but you want to keep the bad guys out. The common concern that we see with our customers today, that they want to engage with cloud services being, for example, Microsoft office 365. We want to do it for everybody or a group of users, but they're afraid, very concerned of giving away the identities to the, their own users, to the cloud provider. They don't want to give away the user's key that unlock access to on-prem resources and how other cloud services, the mentation of point shop is with point shop. You don't need to, you can be in control, you can keep owning the user identity.
So in history, authentication was all about authenticating the user and then leave it to someone else to provide the access was quite easy work to live in being an authentication provider at an authentication service. And there was basically it, you said yes or just said no intelligent authentication is all about adapting to the combination of authentication and access to be able to adapt to the security requirements for different scenarios, to being controlled point for one solution that handle you to log to all different resources. Even if there are cloud on-prem or more app specific, I will go a little bit more in detail about because knowing the resources a user want to access, it's important to be able to comply to the security requirements, but also to understand the technical integration points and what the limitation that comes with that. So looking into cloud resources are mainly based today on Federation technologies want to provide a full integration with example, Microsoft ADFS.
The integration means that we not only support ADFS, but more important. We extend the capabilities of what can be accomplished with ADFS and the security requirements that can be applied, OnPrem access or classic remote access using SSL, VPN wifi network VPNs, or similar solution. It was easy in the history was basically only one access point VPN solution, but on-prem today organization have multiple entrances, which makes it even just for on-prem much more complex on job integrates with all major vendors today to support multiple access point with different security policies. But one area that is more, maybe the most exciting is app specific access because it's more common, especially for mobile solution. They are more oriented, not the technology on how to get access, but more focused on the application itself. The challenge of course, is there are few standards or maybe even no standards, but one of the most impair area still to secure the login for this area is usually left blank, both from other authentication vendors, as well as access vendors.
And here's the difference with the paw shop approach that we focus a lot on this area and we have built specific support for popular enterprise applications like Skype for business exchange, mobile email. We see many enterprise customers utilizing these in their environment, but the challenges around securing in are as equally as important, if not even more, but the challenges of course, they're very app specific. There are no standards you really have to adapt. And that's why you can't adapt to every single app specific solution with one solution, you need to integrate with them. And that's important part because when we know who the user is, what type of application they want to access, what type of devices they're coming from, we have some information needed to take decisions. The point drop include an advanced authentication and authorization engine. With this, it's easy to build custom policies that meet the security requirements for different scenarios.
It's easy to balance between security and ease of use for the end user. It's easy also to create scenarios that actually support the business and not aligned owner to the technology. So point shop enabled conditional access and authentication and to give example, what type of requirements can we put for conditional access and authentication in history? It was easy. Once again, uses only worked. They had their PC, they needed access to corporate network and well easy for some, they only use password those with a little bit higher requirement on security, introduce two factor, authentication this by using username and password as one factor something, you know, the second factor by using a Harvard token, something you have or own that token generat a one time password. And it's easy. No one can log in if they don't have both factors to kind of protect the login with smartphones lately last 10 years been arriving.
It's much more common of course, than much the hardware to the smartphone though. Many customers today still require hardware token either for security reasons, or they have employees with non-company phones and cannot actually use private phones in this process. That's why point chop support both hardware tokens. We support software tokens in different form factors. We support third party software and hardware tokens basically to have a wide range because different customers are different and especially larger customers really need the different methods for different user groups, but still one time password. It still works very well like password it's easy support manage scenarios, but it comes short in the mobile word, especially around mobile app access.
So what's a different when mobile authentication and classic authentication, classic authentication as mentioned works very well when you wanna log in and create a session. So you log in once and you get access to something, but it's different with mobile solutions because they're online 24 7 user can have multiple devices that continuously working with a classic second factor would work, but it is not easily used for the end user for a mobile solution. But what we can do instead is that we can actually use classic authentication and we can do it once to register information and other factors like device DNA information about the device with this, we can use multiple factors from the devices to ensure that if someone's still something we know like the password, they can still not use it because they actually need the physical device as well to achieve the same type of security as classic two factor authentication. And we can also place other means of inheriting authentication, like a certificate of access tokens on devices that provide limited access time. So we talk about multifactor authentication, where different factors add to the security and strong factors can be used at specific times to register other factors with this, we keep ease of use for the end user and they can be online 24 7 with their mobile apps. So multifactor authentication don't replace classic two factor authentication, rather it extends it into the mobile word.
And to give you some example, use case when a user want to access a web resource like web mail. Well, it's quite still easy to use log in with the user and password, and you can combine it with a one time password generated on a smartphone. You log in once and you get a couple of hours session to the web that works from your PC, works from your tablet. And it's a good use case scenario for many customers today. But if we're gonna run a mobile app for a mobile solution, like as an example, Skype for business mobile email, it would be very frustrating. If you need to log in every time the app is open or have logged out, you lose network connectivity. It's of course possible, but it's not E ease of use for the end user, even if we support this scenario.
So a better approach is to register the device DNA, using the secure process, for example, using classic authentication in a secure way to register the device, then the decision is inherited for a length of time and access from that device. In combination, we use name and password is approved. So ease of use for the end user and higher secure tape for the company. Password can also be specific for mobile apps. We talked about password Alexei mentioned password previously. One it's still valid. What we see today is a lot of customer. They don't wanna expose main credentials. They want to avoid that on mobile external devices. So you wanna replace it with something else, an app specific password or a general password, or even a pin code used for all external access. And that's of course something that point shop add as well.
So point shop provide a comprehensive platform that can work with information in the home process, how user get access to application from different devices. This enable our customer to find the good balance between ease of use for the end user and security that meet the business requirements. This creates scenarios that are more focused on business solutions rather than point solutions. With point job, you can apply secure login, and that's all good because it's an important part. But if you don't have an insight, how it's enforced, how and when you are accessing application and from what type of device, well, if you don't, you're not in control without insight. It's really hard to play the game.
The point of being the central component, taking all the authentication and access authorization decision. We sit on a lot of data. We push all of this data into this equal server to database. This enables us to provide an insight in how, when and what type of devices users log into using from or log in with, to access different applications. We can show data in real time with our point of dashboard, as well as trace individual users for advanced auditing, which is important when you need analytics, be compliant or have full auditing of each and individual producer or even more advanced analytics because we provide some, but that's not, there are other that do it even more. We provide our share to the area of big data by allowing third party solution, to get access to our database, using tools like Microsoft power BI bank, or other tools that are out in the market, focusing on doing this in the best way.
So customer want to embrace mobility and allow their users to be truly mobile. They also need to support the full life cycle of a user, the onboarding process, the active phase in the company organization, and when end of life arrive and use need to be terminated and not physical. Then of course, me, point to provide an easy to use of service Porwal that allow the end user to manage a lot of and many important steps on the onboarding process of getting started. Also daily administration, how you register devices, you change devices, download certificate or other access tokens for getting access to company resources, password management, and more. We wanna make it easy, but it's also important to be in control if you do it. Self-service we work with secure login. So we provided secure login to sub-service fill, allow the users to manage it themselves.
This makes it also easy for the organization to manage our product and the sub-service Porwal of course, very close to the end user, which is why make it very easy to brand. And you can do full custom integration using web services and other APIs with point chop. We also offer the platform so we can have one point of turning off the access when time actually comes to end of life for user the point, chop is all about software. When is we partner to Microsoft and our software is certified for window server. That basically means that our products are very easy to administrate and maintain for everybody familiar with the Microsoft environment, our software and other components run on window server can easily be hosted in cloud or OnPrem pricing range from one to four euros per per month, depending on functionality and volume pricing model is very user-centric. We are both commercial as well as technically very user-centric. It makes it very easy to grow and only pay for what you use to ensure that our product works good with customers, other products in their environment. We also partner with other vendors, example S softwares developed fully by point chop ourself. It's at our headquarter, which is in stock on Sweden. We don't outsource any development development to third party organizations today.
Paw chop, Japan, many different customers in different segments, big and small, where all of them, I would say, share the vision of finding the balance between security and ease of use for the end user. Also, one of the key reason why they choose point sharp is our focus on mobile solutions. So why point sharp? Well I'm of course not objective, but there are many benefits of choosing point chop as a platform to enable ease and secure login. But if I should highlight at least one most important part of thing, I would say that the products are from start really designed for a mobile workforce and to help our customers embracing mobility, to be a platform, to build a mobile organizations, and that's aligned in everything we do in everything we develop. And that's maybe one of the most important reasons to choose point sharp as a platform for securing your login. So with that, I wanna leave over to Alexa for questions. Thank you for the time so far.
Okay, great. Well, thanks a lot for your interesting presentation. Just let me remind everyone, please submit your question through the go to webinar question tool. And we already have the first one that probably the question for me. Can we download those slides? Sure. You can please just go to our website to the same page where you have registered with a webinar, have already added download links for the presentations. And tomorrow we'll also add a link to the video recording of today's webinar. Okay. So please let those questions coming. I have one from my myself first. So as I mentioned in my part before, so to me, mobile is a term does no longer, only mean a mobile phone or tablets. It actually spends a whole range of platforms, including laptops and other devices, which basically anyone can be using to access your data from anywhere. Does your platform could share the same approach or why only focusing on mobile devices and the classical things?
I would say mobile for us is always been about mobile users, of course, mobile devices as well, because as part of being a mobile users, but mobility is more a way of life, way of working. That's including mobile users, it's including mobile devices, it's including how you use and so on. And that that's kind of finalizing in my summary. That's one of the biggest reason where we think point chart is vendor for some customer choosing as is because of focus on mobility. We design it for mobile workforce from start.
Okay, great.
The short answer is yes.
Yeah. Great. Great. Well, the next question is what is the current market penetration for multifactor authentication? Is it growing?
I would definitely say it's growing the awareness of of course getting higher and higher. And I would say that a lot of companies start realizing that security doesn't need to be a cost it's rather, and something that enables business in being more effective because with good security and good solutions, you can actually support your employees to be more effective in the daily work. So yes, it's growing. Definitely.
And if I might add from my site, I guess the biggest problem and why it's growing so slowly I would say is because of fragmentation. Cause there are different kind of centers of pushing out that are multifactor authentication for various reasons. You have your enterprises where they're mostly thinking in terms of compliance, like those banking and finance organizations. And you have of course, very recently quite a few efforts from our consumer oriented companies. So I would can only praise Google and GitHub and other companies, which do a lot to introduce or the whole idea of multi consultation to the users. But again, they are working from a completely different aspect with completely different demands requirements. So to say, and of course we have, yeah, sorry, what I think
That's good because that's really training the end user that is not complicated the user to protecting their login. They understand why. And I think also on top of that, we can see a lot of more published, you know, articles and even populars, if you put it like that, why you really need a secure log in and just to quote or reference, one of the latest is probably the Panama scandal where, you know, a lot of tax or not paying tax were, people were exposed due to lack of protection on accessing data, email servicing practical with very low security. Everybody can, you know, take that into their own business and, you know, understand that. Well, we actually have sensitive data that if it leaks out, even if the data itself is not leaking out, that's kind of a big hurt on our brand and the brand is important.
Okay. Right. We have our next question coming and it's pretty long one, let me just read it out for you. We are challenged not only with the reverse process solution, but also the mobility client outside of mam or MDM, Skype for business native clients specifically, what are some of the security challenges you've seen rolling out this solution? And let me continue. Our businesses wanting an F five appliance in front of a reverse proxy, anyone new, an HSM? So hardware security module, I work in the financial area and our GIS DMZ teams are very concerned about the known risks though. We are also have the challenge of educating them on what reverse proxy is. So that's a long one.
Yeah. And that's a little bit technical. I'll try to answer as best as possible. I think step for business is a very good example lately, as well as some years ago where mobile email was a very good example where organization want to embrace mobility and sometimes even moving faster than they, you could deploy the security requirements. And so on and Skype for business specifically really reflects the challenge of mobile application because the access vendors, typical don't provide a solution for it because it's somewhere between access authentication and application, as well as traditional authentication vendors. Well, there's no way no standard APIs to integrate with a product like Skype for business. And that's why we have that's included in one of the effort where we protect. And I would say finance and governmental is maybe the biggest customer base for us in our solution for Skype, for business, because they have business cases of using Skype for business on especially mobile devices, but to meet the security requirements, to enable these business cases, basically a standard deployment of Skype for business, with standard access products like F five and so on, doesn't meet up to the security requirements.
And that's where we typically come into in the equation because we do secure info, Skype for business we can adopt and a mention, I think windows password is one of the challenges they're not allowed to be exposed to multi devices. So they need to replace, you need a multifactor authentication solution, but you still need ease of use for the end user. So you can't work with classic authentication. You need multifactor authentication with device DNA and so on. So, so that's really something I could spend another hour on. So, but not keeping my answer too long. It's a good example of a challenge and yes, we have a solution for it.
Okay, great. And if I may add a couple of words to that, I am pretty sure that businesses do not want an FFI application, sorry, appliance in front of reverse proxy for one simple reason, because businesses typically do not know what those things mean. Businesses think and business terminologies, they need solutions for their business problems. And the way how it's technically solved is not the task. And ideally, I mean, God forbid me from having the boss, talking to me that way, because it'll be difficult to explain
Nothing bad about yeah. And nothing bad about FFI because we see a lot of our large enterprise customer utilizing F five and F five is a really good product on the network level. They're very good and low balancing performance and so forth, but they are basically blind when it comes to an application for Skype for business. And that's why we are a bit different from other authentication vendors. We actually have a reverse proxy, but it's mainly not to be a network reverse proxy, even if it actually could act like that. It's it is more of being an authentication, reverse proxy or application aware, reverse proxy. So for many customers, we actually combine that with an F five F five doing the network part, and we are doing the application layer to provide secure again, because that's the only way to integrate with, with the mobile applications like Skype for business.
Okay. So anyway, businesses want business business solutions for their business problems. They want secure access to Skype for business. How exactly it's done. It's up to your it department to the design, or if you are not capable to do it yourself, then it's up to you to turn to Analyst like ourselves, for example, for our advisory anyway, or we have some time for more questions. So please do not hesitate asking them. I have the next question here for you. So how does your product scale in large deployments?
Basically our products is built to scale they're software based, so is quite easy to scale them up as performance. So we, we can even support a small customer, but we also support large customer with a hundred thousand plus users. And so basically they're built to scale.
Okay. So are there any limitations, practical limitations?
I dunno,
Maybe you would, I would
Say no, there are maybe challenges, but I think the larger deployment we have today and that are more technical complex is we have customers with large amount of users. They have potential, I think, five or seven physical deployments globally with redundant environment of our product. And they of course complicated technical architecture, but the products are built for supporting that and built to be flexible in the sense that customers are different and have different requirements for their infrastructure.
So can you maybe share with us, like how many users does your largest customer have?
I think the largest customers today are utilizing external users and then there are roughly a hundred, 200,000 users. If you look at customers running mobile applications like Skype for business mobile email, we are roughly somewhere around 50,000 users or, and roughly somewhere around 70 to 80,000 devices connecting that we support. That's kind of our bigger customers. Our standard customers is somewhere ranging from five to 15,000 users.
Okay. Okay, great. Next one. You seem to have an extra focus on Microsoft. Is there any special rhythm for that?
What, yes and no. We have, we have a history with Microsoft in the past, but what we have seen is that we, a lot of our customers utilizing us for securing the login in general, but there are a lot of them also using applications for Microsoft like today popular of course, office 365, but also exchange SharePoint, Skype for business. And with the lack of standards for mobile experience supporting these applications, we basically have on top of the, in general and supporting cloud and on-prem access with specific scenarios to support those very common applications that a lot of enterprise customers are using. And they're today coming from Microsoft in that sense. So that's why we have a focus on Microsoft because a lot of our customers utilize their products.
Okay. We have another question. How would you enforce strong authentication to legacy non web applications for privileged users?
Well, it really depends on what type of applications and there are of course a lot of different technical scenarios, but the, I would say we have two scenarios if you talk about non-legacy and if I understand the question, right, one
Was sorry, it was legacy non web applications.
Yeah. Non web application. So, so typical either they are utilized with old technology, given network access. So VPN access, we have some scenarios supporting FD pen to make it quite easy running those applications. What we've seen lately is that a lot of our customers are publishing them using DDI technologies. So basically publishing them for recent years using Citrix. For example, the last two years, I would say, even Microsoft has built quite good applications to publish those type of applications using standard remote desktop applications. And you can publish those. They're done a great job doing good solution for running those even on iPads. And we integrate with that. So we can support a login for that. And you publish those legacy applications as a remote desktop basically.
And I would there
Different options.
Yeah. I would say it, it's not actually limited to privileged users. You can support any type of access from any type of users that way.
Yeah. So I think we even have an example on our YouTube channel where we are just for fun, publish the calculator in windows, being an example of a legacy application that everybody has used on an iPad with two factor authentication. And it works very well and its seamless and ironic on an iPad. So, and that kind of course be any type of application
Just maybe to step in aside a little bit. So basically if you, if you, I mean the, the person who asks the original question, if you're more interested in privileged access, you should probably go and check out our after webinars on the topic because besides our strong authentication, there is a lot of other compliance and security driven functions, which typical private privileged access solution must implement. So I'm pretty sure that point shop could integrate with those as well, but it's really a topic for a absolutely different webinar. Anyway, looks like you do not have any other questions and we only have a couple of minutes of our time left. So I can only say thank you to all the attendees for having been with us today. Thank you Nicholas, for giving your very interesting and quite technical insight into the topic of stronger authentication. And I hope to see you in one hour next webinars. Thanks a lot and have a nice day.
Yeah. Thank you yourself Alexei and thank you everybody for joining.
Good bye.
Stay Connected
Related Videos
How can we help you