Working, shopping and banking from home forces scalable authentication rethink, Nok Nok CEO says
With people working, shopping and banking from home more than ever before, the need for businesses and individuals to use biometrics or other technologies to have confidence in who is at the other end of each transaction has taken on a greater focus. Giving people access to networks, applications and services in a variety of different ways, based on the needs of a given interaction, has been the focus of Nok Nok Labs through numerous implementations, the company’s President and CEO Phil Dunkelberger told Biometric Update in an interview, which are keeping companies including 8 of the top 12 telcos in the world working securely and efficiently with strong device-based authentication.
The transition to remote access is made easier in some markets, however, by more widespread adoption of technologies like the FIDO protocol, Dunkelberger says, particularly in Asia.
“Japan has already made the leap,” he states. “Why did they make the leap early? Because they’re used to using devices in their daily lives. They’re using the phone, using their biometrics.”
Many organizations have continued to rely on legacy authentication systems, and rather than hardening their systems for secure remote access, they have mostly been forced to scramble to keep workers and customers connected. As that happens, the limitations of the technology currently in place is in many cases becoming painfully clear.
“We’re seeing a dramatic increase in people starting to say ‘Wow, these legacy systems don’t work in this new environment,’” notes Dunkelberger.
The emergence from lockdown will involve numerous companies that have made do with patchwork access control and user authentication systems reevaluating their options. Stakeholders within organizations concentrating on usability, risk, regulatory compliance and cost will all have concerns, and will want to make changes to make sure the scramble to maintain operations is not repeated.
“We’ve got to really give a shout out to all the IT guys,” Dunkelberger observes. “They’re doing the most they can with the least amount to keep it working.”
While thing will return at least somewhat back to the previous norm, Dunkelberger expects behaviors will change. Some organizations will be radically altered, many will incorporate remote work as a larger part of their new normal, which brings other considerations.
“I also think it’s going to be a completely different risk assessment about remote access, and what systems you have,” he says.
Not only that, when engineers and others are used to being in a building with sub-second or pico-second response, or have different file size concerns, security at scale cannot impact the round-trip of packets on the network, Dunkelberger points out.
“If you haven’t thought that through now, your business is going to get crimped immediately.”
For now, businesses are forced to make due, but a period of investment is coming. Dunkelberger notes that Nok Nok holds patents around high-speed FIDO implementations and a lot of Nok Nok’s largest implementations are consumer-facing, so speed and scale are not necessarily going to be barriers to a more secure and reliable version of remote interaction. Two of the company’s biggest accounts have more than 50 million active users per day.
“Unfortunately, a lot of people think FIDO’s just for employees,” Dunkelberger says. “We actually started the design of FIDO for machine-to-machine authentication. So that’s network-level stuff.”
Ultimately, he argues, networks are changing to the point where there are not really enterprise people, consumer people, devops people, and partner people anymore, but rather “just people and devices looking for service on and off the corporate networks.”
That means scale will have to be rethought.
“The future of strong authentication, when you’re using biometrics and you’re using FIDO’s key based system and policies and federation on the back end, integration with your scoring engines and all of those things that we’ve deployed to do, you’re going to have to have a really scalable server architecture.”
It also means flexible technology like the FIDO Alliance “Golden Server” that Nok Nok offers, which supports all plug-ins, UAF, WebAuthN CCAP, and all back-end modalities will have advantages for many organizations. Everything tested and approved for the FIDO protocol works with the server automatically.
Dunkelberger illustrates the application flexibility of the technology with an example of a Nok Nok call center client, which uses a FIDO implementation to control its physical access, logical access, time and attendance tracking, staff canteen payment, and report-generating systems.
That kind of scale and flexibility will be important, because the increase in volume and range of applications and interactions is not going to go back to what it was before. In the long run, Dunkelberger says, that trend will collide with another, related one: “The internet of things is going to mesh with the internet of users.”
As investments made in making workforces remote are now sunk cost, Dunkelberger is optimistic that maybe as we head towards that point, people will learn from their novel experience, and think about FIDO for more than account log-ins.
Read more from this interview series
Biometrics are enabling trust for access control and fraud prevention during the pandemic and resulting social change, and the industry impact could be major and lasting.