When cybersecurity guru Mike Engle likens identities on the internet to gold, he means it.
What’s often proven — most recently when, in March, marketing firm MailChimp disclosed that cybercriminals found a treasure chest in the form of access to hundreds of customer accounts in the finance world — is that there’s a sturdy value in online user data.
And, just like there’s money in building high-security vaults for gold, there’s big business in being the best at protecting identities for corporations today.
Except Engle, co-founder and chief security officer of 1Kosmos, has a Somerset startup that’s doing something different from competitors. … He wouldn’t put a code on those locked vaults.
“What we want to do is remove as much of the human element from the picture as we can, which means getting rid of usernames and passwords,” he said. “We want to take away something you know, like a password, and replace it with a combination of two things: Something you have, like a smartphone, and something you are, like (face-scanning) biometrics.”
There are thousands of cybersecurity vendors competing in the broad area of identity, but Engle believes his company stands out for its password-less approach.
With the company’s solution, getting access to a system, mobile app or even certain webpages can mean scanning QR codes with a phone, before having your phone verify that your face matches the same one from your driver’s license, while also verifying that your device actually belongs to you.
It might seem like a long chain of authenticating someone’s identity online, but it affords virtually no opportunities for cybercriminals to intercept data for companies in some sensitive industries, such as banking, financial services and telecommunications.
Engle would argue that eliminating the password-driven credentials streamlines the identity-verification process, especially given that its corporate partners, such as Verizon, enable their technology inside their own apps.
“One of our top focuses has to be simplifying the user experience, because companies want to work securely with users or potential customers without upsetting them and sending them to another website,” Engle said.
This Somerset business entered the crowded cybersecurity field at the right time. It launched in 2018, just two years before the pandemic led to an uptick in fraudster activity. Companies also had new identity-verification needs, internally.
“When everyone had to sit in homes and do things remotely, and every company was scrambling to authenticate those remote employees to get access to their system and use their resources, we were well-positioned,” Engle said. “It was great timing for us.”
Another recent trend that’s working in favor of the local company’s success is a new approach to cybersecurity and how companies deal with people accessing their systems — a result of the companies reevaluating how some high-profile security failures, such as the historically large Target data breach, might have been prevented.
“One of the things we’ve seen is a lot of interest within the last 12 to 18 months in something called zero trust,” Engle said. “It’s basically the view that, if you have not verified a person’s request to access a system every step of the way, it’s a point of vulnerability.”
Before, when users were allowed past corporate firewalls, they were granted nearly complete freedom, Engle said. Companies now want to know what that user is doing backstage at all times, and grant them the least required access to their system needed to perform their specified task.
One of the main themes in that trend is also regularly verifying that user’s identity. That’s where, again, the leaders of 1Kosmos hope their solution comes in.
Engle believes strongly in the Somerset company’s elevator pitch — and that the potential market share it might find with its niche isn’t fool’s gold.
“There’s a need here that’s recognized,” he said.