Made with FlowPaper - Flipbook Maker
< Previousfrom doing something because of risk, and so on. All these bad customer experiences happen because security is not done right. We have to change that.” Founded by Boodaei and Rakesh Loonkar in 2014, Transmit Security was built to provide an omni-channel identity platform that simplifies, accelerates, and reduces the cost of customer identity- related projects. As serial innovators and entrepreneurs, Boodaei and Loonkar recognized that one of the main challenges faced by companies, especially those in highly regulated industries, was the need to integrate and orchestrate identity journeys across a variety of authentication, know your customer (KYC), and fraud reduction systems. Companies with whom they worked had projects for things such as multifactor authentication, fraud prevention, compliance (e.g., the European Payment Services Directive 2, or PSD2), account opening, and more. What they all had in common was the need to work across these many systems, along with web, mobile, and call center channels. The platform they built significantly shortens time-to-market for customers. It allows product teams to manage more technologies more easily and significantly reduces integration and maintenance costs of identity-related projects. Transmit Security offers an extremely advanced orchestration technology that abstracts the entire identity ecosystem from the applications, and therefore, significantly simplifies one of the most complex IT problems there is. “This is a security challenge, but it’s also a challenge for product teams. The product teams must make these technologies work with their customer-facing systems,” said Boodaei. “Our modern identity platform provides a comprehensive portfolio of APIs that addresses the use cases that enterprises have for both security and user experience. It allows security teams to provide the secure identity features that the product teams need. It’s really a win- win for both teams, especially since we don’t compromise between either security or customer experience.” Since introducing their CIAM platform, Transmit Security has helped customers such as HSBC, Citibank, Goldman Sachs, Santander, TIAA, Many of our teams, including our security researchers, have military intelligence backgrounds and the experience to understand our customers’ digital adversariesMassMutual, UBS, SunLife Financial, and many other large, security- conscious companies build seamless and secure identity journeys. In fact, Transmit Security is the only IAM vendor that was both born for CIAM and has the depth of experience needed to deliver successful solutions to the most demanding customers. “We learned how to solve complex security problems for large, security-conscious companies at the companies we built before, like Imperva for me and then Trusteer [now part of IBM] for both Rakesh and me and others on our teams,” said Boodaei. “Now we’re doing the same for companies who need strong security but maybe don’t have the time or money for the complexity of those past CIAM deployments. Those customers need an end-to-end platform that doesn’t require as much integration but still provides capabilities such as fraud detection, embedded orchestration, and identity verification.” End to End CIAM from an Integrated Cloud Platform Today, security and digital product teams are plagued by too many identity products from user management to authentication to online fraud detection (OFD) to identity verification to consent and privacy management (CPM) and more. This is very expensive and results in a complex technology stack with many dependencies. Identity architectures that were built years ago face scaling challenges in terms of capacity, latency, and once again cost. Moreover, the threats to their customer and business partner accounts have skyrocketed, especially since the pandemic began and businesses accelerated their digital services. At this juncture, Transmit Security is on a mission to consolidate CIAM use cases by providing an end-to-end platform. “We were pioneers in identity orchestration. We created the technology that integrates and manages identity journeys from account registration all the way through authentication, step ups, fraud detection, risk scoring and so on. For our customers’ product teams, they get APIs and the orchestration logic is configurable,” says Boodaei. “But customers sometimes need to solve a specific use case, like implementing passwordless authentication. We made this simple, too. Orchestration is still essential in these use cases, because there are many user scenarios with FIDO passwordless authentication. What if the user lost their device? What if they’re calling into the call center? We created a service which our customers love and is based on APIs, is scalable and can handle surges, and makes it very easy to implement passwordless that just works for every scenario.” The team also added user management, authorization, social logins and other authentication options, and account takeover prevention, all with simple APIs, endless scalability, and built-in security visibility and controls needed by today’s enterprises. Transmit Security’s customers can consume the APIs they need for their use cases, while identity and security teams have control over the security policies that are enforced. This is the most modern, comprehensive identity stack for enterprises. “We are expanding our portfolio of APIs now via our cloud- native CIAM platform. This will enable digital product teams to build secure identity journeys with less friction than ever, but with complete control over branding and the digital experience,” explains Boodaei. The platform makes it easier to consume services, build and test what a business needs, and dynamically scale to handle both planned and unplanned spikes in demand that are normal in customer-facing use cases. While explaining the value proposition of the company, Boodaei recalls an instance when the team assisted a High Street bank in London to improve account security and get to market faster. “The bank was facing significant regulator fines from the Financial Conduct Authority (FCA) for not being compliant with the PSD2 SCA (Secure Customer Authentication),” says Boodaei. “The bank leveraged our platform to enhance its digital infrastructure while complying with PSD2 requirements in just four months. They told us they thought it would take 18 months to do this.” The bank was able to provide strong authentication across not only several websites and mobile apps, but also their interactive voice response (IVR) and call center channels. With Transmit Security, the bank retired its existing access management platform to achieve an annual savings of approximately £2 million. Innovation Born from Deep Security Expertise The company rolled out its cloud-native platform first to address passwordless authentication projects. Passwordless authentication using FIDO2 represented the first of many capabilities available from the platform. It quickly showed the power of the platform and has been adopted by companies ranging from a large global bank to a car dealership chain in the US to an online tax preparer in Australia. Other capabilities include user administration and authorization, additional authentication options such as social logins and MFA, advanced fraud and risk detection, and more. The platform’s capabilities are available via developer-friendly APIs and SDKs, so that product teams can build the unique, branded experiences they need for their customers and business partners. Since its inception, Transmit Security has been empowering digital leaders and product teams to build secure identity journeys for their customers, business partners, gig workers, and other external users. This is very different from identity vendors who started out focused on workforce use cases. The company has been profitable and cash-flow positive from its earliest days and has been able to invest heavily into R&D. Indeed, R&D and customer support were almost its exclusive focus areas up until recently. Unlike many tech companies, Transmit Security’s innovation is entirely developed internally. “We possess some of the most talented cybersecurity and cloud platform developers in the world. Many of our teams, including our security researchers, have military intelligence backgrounds and the experience to understand our customers’ digital adversaries, from organized crime to state actors. Security is in our DNA, and it pervades everything we build and operate,” says Boodaei. “But we also have CX and UX experts and people that understand the developer mindset.” Furthermore, the company already has a strong foothold in most major markets: North America, Europe, the Middle East, Latin America, and Asia Pacific (including Japan). “We will continue to grow in those markets, both through employee growth and by adding to our partner ecosystem. The expansion of our cloud-native CIAM platform is where our roadmap is now focused,” he concludes. “When you’re committed to solving such a difficult challenge, the possibilities seem endless.” 13 Authomize continuously monitors the organization’s identities, access privileges, assets, and activities, to secure all apps and cloud services. They seamlessly connect to organization’s apps and cloud services, collects all relevant information to graph's data-lake to help organization’s security teams achieve Zero Trust. W hile businesses are already into the digital era, it is critical to know who is accessing what data. Providing as well as controlling access has become a key part of cybersecurity as well as compliance requirements today. Organizational priorities, user expectations, and the growing number of risks require identity and access management architectures to be more flexible and powerful. Some of the advanced access management solutions are built from cybersecurity strategies and processes designed to offer elevated access and permissions while controlling unauthorized access. Though most solutions are highly dependent on passwords, the new trends point that these solutions are moving toward an identity-centric approach. This not only makes it easier to deploy but also seamless to manage. Furthermore, the role of AI-integrated solutions is also becoming part of advanced Identity and Access Management Solutions. At this juncture, the current identity and access management industry is quite noisy, filled with numerous solutions. To help businesses find the right solution provider that fits their exact requirements, our team of researchers, CEOs, CTOs, and technology veterans have listed below some of the most cutting-edge IAM solution Providers. The companies listed below are innovative in their offerings and are creating a difference in the industry. Endera increases societal trust between individuals, consumer households, and businesses through a first-of- its-kind privacy focused information-sharing platform. Endera’s patented technologies and best-in-class privacy, identity, and trust evaluation processes deliver credible measures to make important and informed decisions. Dotan Bar Noy Co-Founder & CEO Management Location Website authomize.com Alpharetta, GA Raj Ananthanpillai Founder & CEO Management Location Website endera.com McLean, VA SOLUTION PROVIDERS 2022 TOP IAM Intellisoft offers Identity Management Solutions for Airports, Federal Government, and other organizations challenged with strict compliance regulations. Formed in 2003, Intellisoft assists it's customers by innovating quickly and responding to ever- changing threats that exist in these environments. Ekata, a Mastercard company, empowers businesses to enable frictionless experiences and combat fraud worldwide. Their identity verification solutions are powered by the Ekata Identity Engine, which combines sophisticated data science and machine learning to help businesses make quick and accurate risk decisions about their customers. Magic is a plug and play SDK that supports a variety of passwordless login methods, including email magic links, WebAuthn, and social login - Facebook, Google, Twitter, LinkedIn, Discord and more. With enterprise-grade security and reliability — global availability, 99% uptime, SOC 2, 3rd party testing, SLAs certified compliant with the latest standards — Magic gives companies peace of mind as their apps scale, all with just a few lines of code. Patriot One can make a difference with its growing PATSCAN Platform of threat detection solutions. The PATSCAN Multi- Sensor Covert Threat Detection Platform is the next generation of software and sensor component technology to covertly deploy as a layered multi-sensor platform to detect and combat active threats before they occur. David Peeples Founder & President Management Location Website intellisoft.com Mauldin, South Carolina Rob Eleveld CEO Management Location Website ekata.com Seattle, WA Sean Li CEO Management Location Website magic.link San Francisco, CA Peter Evans Director & CEO Management Location Website patriot1tech.com Toronto , ON SOLUTION PROVIDERS 2022 TOP IAM Smile Identity provides the best Africa-focused solutions for real time Digital KYC, Identity Verification, User Onboarding, Document Verification, Liveness Checks, Face Verification, Anti-fraud, Know your Business (KYB), and Identity Data Deduplication across Africa. They are building the tools and software that make it easier for millions of Africans to prove and verify their identity online. Verif-y, isreinventing digital identity and credential verification. They enable users to own and manage their digitally verified identity and decide who can view their information. In addition, they enable third party verifiers to improve compliance and save time and money by leveraging their secure digital platform to receive approved and accurate identity information instantaneously. The security solutions developed by Xiting and certified by SAP provide innovative tools to fully support organizations in their security projects by automating costly and time-consuming tasks, improving compliance, and significantly reducing the risk of errors – both in the cloud and on-premises. Transmit Security, the identity experience company, is at the forefront of creating frictionless identity experiences for both customers and workforce across all channels. The company’s user-centric solutions includes the industry’s first app-less biometric authenticator that ensure an effortless and truly passwordless experience - effectively reducing all forms of identity attrition and saving enterprises substantial costs. Mark Straub CEO Management Location Website smileidentity.com Victoria Island, Lagos Mickey Boodaei Co-Founder & CEO Management Location Website transmitsecurity.com Boston, MA Ed zabar Founder & CEO Management Location Website Verif-y.com Philadelphia, Pennsylvania Patrick Bockel CEO Management Location Website xiting.com Tampa, FL SOLUTION PROVIDERS 2022 TOP IAM SOLUTION PROVIDERS 2022 TOP IAM Automatically Eliminate Authorization Chaos T he statistical risk that a percentage of the organization's identities will be compromised climbs as the number of identities grows. Authomize assists companies in implementing the defense in depth necessary to reduce the chance of a breach by limiting access to the bare minimum required and continually monitoring for security policy violations that might put the assets at danger. Authomize was formed by a group of seasoned and innovative entrepreneurs that recognized the issues that IT and Security teams confront in today's complex environment in organizing and safeguarding authorizations. Authomize is the first platform for automating authorization security management. They help businesses reduce IAM risk by offering comprehensive visibility and centralized, granular control over their identity and asset access controls across all of their cloud environments (laaS, Saas, Data). Authomize produces a complete map of all identities, accounts, assets, access policies, authorizations, user behaviors, and the links between them, starting with a one-click SaaS setup. This allows for continuous security policy monitoring and automatic violation remedies to maintain business continuity and compliance. Based on a comprehensive understanding of not just which identities AUTHOMIZE have access to which assets but also how that access is utilized down to the most granular level, machine learning algorithms deliver human-readable, actionable prescriptive advice for how to enhance the security posture. For quick implementation, Authomize features a one-click integration. They provide out-of- the-box connectors for all major platforms (AWS, Azure, GCP, O365, Salesforce, GitHub, and many others), as well as an Open API framework for connecting custom and old programs. Authomize enables organizations to achieve full observability over all of their asset inventory to know which ones are externally exposed. Take control of your external authorizations, enforce security policies, and reduce your threat surface with data-driven threat modeling. Authomize has also made social impact a major component of its partner ecosystem, donating 1% of its revenue from working with partners to local charitable groups. Employees at Authomize will pick at least three groups to help each year as part of the initiative. In addition, for each partner that joins Authomize Together, the firm plants 25 trees. "We built Authomize Together to provide the tools and knowledge necessary for partners to bring value and solve customer problems while building a profitable and innovative authorization security business alongside our expertise," says Authomize CEO, Dotan Bar Noy. "We are enabling our partners to differentiate their practice while incentivizing and supporting hyper growth." To safeguard all apps and cloud services, Authomize continually monitors the businesses' identities, access privileges, assets, and actions. Authomizw connect effortlessly to enterprises' applications and cloud services, collecting all necessary data and storing it in Graph's data-lake to assist security teams in achieving Zero Trust. Authomize enables businesses to establish a real Zero Trust architecture to reduce the risks associated with compromised identities. Control access to the most precious assets and keep an eye out for possible threats. Authomize enables enterprises to conform to security and compliance regulations by providing extensive observability, actionable insights, and remedial automation. Authomize was founded by a group of seasoned and visionary entrepreneurs who identified the challenges IT and Security Dotan Bar Noy, CEOteams face in managing and securing authorizations in today’s complex environment. Authomize goal is to allow organizations to manage and secure today’s complex environment without compromising on productivity or security. The purpose of Authomize is to enable businesses to manage and safeguard today's complex environment without sacrificing productivity or security. Authomize protects millions of identities and tens of millions of assets across a variety of organizations, sectors, and areas throughout the world. With this momentum, Authomize will continue to expand its worldwide reach to assist clients in reducing security risk and operational load in today's virtualized and dispersed systems. Authomize provides continuous protection and maintains adherence to security and compliance requirements, lowering IT effort and rapidly eliminating security concerns. "As the complexity and scale of managing and securing permissions in the cloud continue to grow, there is an obvious need for an AI-powered permission management solution," concludes Noy. "Authomize addresses the growing need for a unified solution that covers a wider range of identity and authorization use cases." Our platform offers a complete set of capabilities from the PAM, IGA, CIEM, and CSPM segments, which helps teams mitigate a broader range of security risks from a single solution. We built Authomize together to provide the tools and knowledge necessary for partners to bring value and solve customer problems while building a profitable and innovative authorization security business alongside our expertise18 CORPORATE IDENTITY CRISIS BREEDS CYBER RISK By Kip Boyle, Founder & vCISO, Cyber Risk Opportunities C an an organization have an identity crisis? It can. And in fact, this happens a lot. There are many examples, and some of them are really amazing. One of the biggest examples of an identity crisis happened at Kodak, the camera and film company. In 1975, a Kodak engineer in the company’s research and development labs actually invented the digital camera as we know it today. Kodak even patented it. But the digital camera wasn’t commercialized until 15 years later. The first digital camera to actually go on sale in the US was the Logitech Fotoman in 1990. So why isn’t Kodak dominating the digital photography market? Kodak was founded in 1892 and they spent almost a hundred years in the film business. First they started with dry plate photography. This is the technology that Ansel Adams used to make his iconic black-and-white images of the American West. Later, Kodak switched to far more efficient film. In 1996, its peak year, Kodak had over 66% of the global market for film. The Kodak brand was the fifth most valuable in the world. Their revenues reached nearly $16 billion and the company’s market value was over $31 billion. Ever hear of a “Kodak Moment”? But by 2012 they filed for bankruptcy. Why? The company leaders saw themselves as a film company. They just could not shake this identity. “We are the film people.” And really what they were was the snapshot picture company of the world. Because, as we’ve since learned, people wanted to take snapshots. For consumers, it was never about the film, but Kodak got so hyper focused on the film that they just couldn't let go of it. Organizations definitely can have an identity crisis. But what does this have to do with cyber-crime or cyber risk management? Almost every organization today is, in fact, a technology company as well as something else. Fishing, farming, banking, healthcare, oil distribution, and mortgage brokering are just a few examples. And that's because they can't serve their customers either partially or at all without their computers. They have computerized everything and they can't do anything without them. And what's shocking is that most of their senior decision makers persist in denying it. They will not true up to the fact that they are technology companies that happen to know a lot about making consumer beverage cups or growing crops or whatever they sell. But most commerce in the modern world cannot be done profitably without computers.And because of this identity crisis, organizations can't see themselves the way cyber criminals do. Cyber criminals see an organization that cannot perform its primary function without computers, and that is what makes them a prime target for things like ransomware attacks. On January 12, 2022, the Wall Street Journal, , published a relevant story. In December 2021, a 200-location hotel chain in Europe called Nordic Choice suffered a ransomware attack. They shut down and disconnect all their computers from the Internet, and then they went into a business continuity mode. The staff shifted over to pens and paper. And because the door locks to the guest rooms were computer controlled, they couldn't create digital key cards. And even if they could, they wouldn't work because the computers controlling the doors were down. The staff had to escort guests to their room and let them in. Now, I don't know how in the world that was tenable over time because I would imagine guests could lock themselves out very easily and routinely. In the article, it talked about how the hotel management was really frustrated with this because the pandemic lockdowns were finally lifting. And they've been suffering as a business for months and months, and were probably just glad to still be in business. And here it was, five, six weeks after the cyber-attack, and all of these computers that provided door locks, music, and all types of guest services either weren't working or they were unreliable. Based on forensic analysis, the attack was most likely the result of a phishing email. It's a super common way to get hit. And it came from a tour operator. So how much was the ransom and did they pay it? The gang that attacked, Conti, demanded $5 million. Two or three years ago, ransoms were often in the $10,000 to $50,000 range. But Conti is really good at extortion because it's not just about getting your data unencrypted. They will also threaten to release the data that they have on the open Internet as a way of convincing you that you really do need to pay them. But the hotel said, "Nope," and Conti published the personal data of their employees, including their bank accounts and their government issued identification numbers. And Nordic Choice stood firm. And instead of giving in, they actually called their employees together and said, “Okay. Your personal data has been compromised. Now, what we want to do is train you to protect yourself from identity theft. We're sorry this happened. And oh, by the way, we're also going to do a GDPR notification to the Norwegian Data Protection Regulator, because that's the law of our land.” Nordic Choice then began training its employees to prevent this kind of ransomware from happening again. And the article had a quote from the vice president of technology of Nordic Choice who said, “Most people just can't keep up.” And then the VP continued, “It's just not what they know. We're hoteliers. We're not tech experts.” This, I think, is the definition of an identity crisis. And it's causing organizations to assume way more cyber risk than they need to. “We're hoteliers and we're not tech experts” were both true statements at the time. But the problem is those statements also make them vulnerable to more cyber-attacks. Companies might not consider themselves to be a tech company, but that doesn't mean they aren't one. And it doesn't mean that the criminals will say, "Oh, they're just hotel people. They're not worth attacking." Today, you can't profitably operate a hotel, or pack and ship apples, without the technology that is deeply embedded in your operations. Which makes you a big, juicy target for cyber criminals. Here’s one more example that comes directly from my work. Recently, I was talking to a chief financial officer about their top cyber risks. This is what my company does: We help our customers figure out their top cyber risks, we make them a prioritized mitigation plan, and we make them an implementation roadmap. So I was going through all this with the CFO who had hired us. And I could see the CFO was following the conversation. And then at some point, the CFO had this look on their face, and it was weird. And I stopped talking and I just waited a moment because it felt to me like the CFO wanted to say something, but they were just struggling for words. And then finally they looked at me and they said, "I can't believe I'm having this conversation." And that caused me to be really confused. I wasn't sure what I was about to hear.Next >