Inside MicroStrategy’s biometric mobile identity platform Usher
Identity authorization continues to be a prevalent security issue that shows no signs of going away.
The use of traditional passwords is a flawed authentication system, especially when considering that even the strongest passwords can be bypassed by experienced hackers.
For the last three years, business intelligence firm MicroStrategy has invested approximately $100 million in research and development and 1,000 hours of engineering time to develop an end-to-end enterprise security platform that provides a stronger, multi-authentication option to passwords.
“We can’t read the news or watch TV these days without seeing the next greatest hack that has occurred. It never ceases to amaze me that following Edward Snowden’s breach and WikiLeaks and every other breach that happens that there hasn’t been a wakeup call for everyone to do something about it,” MicroStrategy president Jonathan Klein said in a phone interview with BiometricUpdate.com. “We thought we could approach the problem in a unique way, in that we feel that cybersecurity is an issue related to understanding data and understanding mobility and understanding security.”
The end product is Usher, a cloud-based, biometric mobile identity and authentication solution for enterprises that uses the MicroStrategy Analytics Platform to deliver intelligence insights related to all identity activities.
By replacing traditional passwords with biometric mobile identity and multi-factor authentication, Usher offers digital badges, geo-fenced and time-fenced access restrictions, and Touch ID access on mobile devices to streamline the entire security process.
“It takes all your forms of identity, whether it’s your username and password, or your driver’s license credentials, or your metal key that you fit into a door, or a door reader card,” said Klein. “We’ve rematerialized all those forms of access and put them into a secure ID key residing on your smartphone.”
Usher is a multi-factor authentication solution which leverages three key factors: the knowledge factor (“something you know”), which pertains to the passcode-protected app and/or device; the inherence factor (“something you are”), through its integration with Touch ID; and the possession factor (“something you have”), meaning the phone itself, which uses a unique cryptographic certificate to communicate with the Usher server.
Usher provides a range of features and capabilities, including digital keys that can access leading PACS systems; a single badge to enable users to log into enterprise, cloud, and SAML 2.0-based applications; the ability to validate user identities in-person or over the phone with numeric Usher codes, Bluetooth peer discovery, and fractal-based sight codes; and the ability to access workstations by low energy Bluetooth or by scanning a QR code.
Additionally, Usher offers a near real-time, 360-degree view into identity activities to spot any anomalies and abnormal usage patterns in an effort to improve enterprise risk management and reduce fraud.
MicroStrategy also gives any organization the ability to integrate Usher security capabilities into their own mobile applications, web applications and enterprise software packages.
Using the Usher Software Development Kit, organizations can implement a range of security capabilities into their applications, such as step-up authentication to restrict private information from unauthorized access or approval workflows that require biometric validation.
Enterprise customers are able to secure their assets and critical data through the standard Usher interfaces or within any of their applications.
MicroStrategy has already partnered in advance with some key organizations, all of which have deployed Usher to secure their day-to-day operations, including Georgetown University and online retailer SenHeng.
Georgetown University deployed Usher, integrating the solution with the Shibboleth single sign-on system. Now, students are able to securely sign in to any Georgetown website by scanning a QR code with their mobile phone, eliminating the need for passwords.
The end result is a more secure and efficient method for students and administrators to log into university websites and mobile apps than the traditional user name and password.
The university is also working with the Usher product team to design a solution to address its costly password reset problem. Once it is completed, the university anticipates a significantly reduced number of help desk requests for locked user accounts which translates into a considerable cost savings.
As an existing customer of MicroStrategy’s analytics and mobile technologies, SenHeng decided to deploy Usher for its access business processes and applications across the enterprise.
Using Usher, SenHeng was able to replace its existing keycards and passwords with mobile identity badges to identify both SenHeng Electric’s customers and SenHeng mobile service’s customers.
“Our business at SenHeng is to create a unique customer experience with our products and services and that is our key differentiator in the market,” said KH Lim, founder of SenHeng Electric Sdn Bhd. “Based on our successful deployment of MicroStrategy’s analytics and mobile technologies as cloud-based analytics solutions, it made sense for us to select MicroStrategy Usher as an enterprise security offering for today’s security-critical environment.”
With Usher being officially launched today, MicroStategy anticipates that the biometric identity and authentication tool will see significant interest from both its existing and prospective customers.
“Usher can make your system 10 to 100 times more secure,” said an enthusiastic Klein, “It’s a pretty revolutionary solution.”