Monthly Archives: May 2016

Ezmcom-DataWide

Ezmcom expands in Kingdom of Saudi Arabia with partnership of Data-Wide

Ezmcom-DataWide
Ezmcom-DataWide Partnership Announcement

Ezmcom Inc (EZMCOM) announces a new partnership today: Data Wide (DW), an IT and Information Security firm, has joined the Ezmcom Partner Program. DW will now offer Ezmcom’s complete suite of Multifactor Authentication (MFA/2FA), Risk based adaptive authentication (RBAA), 3D Secure Authentication, Innovative Display Credit and Debit Cards, PKI Digital Signatures and Digital Document Verification solutions and associated services to its clients.

As a partner of Ezmcom, DW will expand its service offering and commitment to excellence in service and support through Ezmcom. DW and its clients will get both the best of breed technology and the best in network solutions—continuing to ensure that their customers get the proper solutions that fit their business needs.

“Partnering with Ezmcom brings our clients the solutions, resources and expertise they need to navigate today’s complex information security landscape through well balanced user convenience”, said Mohammed Omer Farooq, Director for DataWide. “Ezmcom has been innovating its product and service suites to meet market demands and is dedicated to the customer experience; this shared philosophy makes our partnership a natural fit”.

 

Deepak Panigrahy, Vice President of Ezmcom commented, “We are very excited to welcome DataWide, the Kingdom of Saudi Arabia’s leading Information Security provider, as our partner in KSA and we believe we would bring more happiness to the customers in Kingdom of Saudi Arabia together and help security become the business enabler with our products the customers need and desire, the networks and associated access they require and the service experience they deserve.”

 

To learn more about Ezmcom’s Partner Program contact us at sales@ezmcom.com

To learn more about Data Wide, contact the team at info@data-wide.com

About Ezmcom Inc

EZMCOM is a security access provider for innovative and easy-to- use technology that can be deployed to protect users, data, and applications from credential theft, account takeover and breaches. EZMCOM is working with companies worldwide to change the way we authenticate and authorize – across mobile devices, servers, workstations within enterprise and cloud services. With over 60 million end users protected, EZMCOM’s multilayer multi-factor identity protection solution protects online identities, self learns, tunes itself, and converts existing username and passwords into very strong credentials. All of this is done seamlessly, in real time, transparent to end-user. The solution comprises of a multi-layer defense-in-depth stack of Entity User Behavior Authentication (EUBA), Risk based Fusion Biometrics (Face+Voice), Risk Based Adaptive Authentication, Risk Based 3D Secure Authentication (verified by VISA, MasterCard, JCB and AMEX) and a comprehensive suite of strong authentication form factors comprising of Software & Hardware based OTP, eSignature Tokens, Software & Hardware PKI Tokens, Out-of-Band OTP Tokens over Text message | E-mail | Voice | Mobile Push notifications.

The Product is “Common Criteria” Certified and meets all regulations and compliance across the world.

About DataWide

Data Wide is a renowned Information technology company slanted towards delivering restructured IT & Information Security solutions and services to the diversified industry of the Kingdom of Saudi Arabia. Because of Data Wide’s cutting edge services in the field of IT and Information Security; it has covered the entire financial sector of Saudi Arabia securing and maintaining the most sensitive and confidential financial network of trillions of Dollars.

DataWide and Ezmcom would be showcasing their solutions at 3rd Cyber Security Forum 2016 at Riyadh, Kingdom of Saudi Arabia on May 22-23. For details about the conference, visit the conference details at here.

World Password Day

World Password Day 2016: Security vs User Convenience?

World Password Day
World Password Day

5th May, 2016 is marked as the “World Password Day“. While, the addressing the concerns to password protection is critical, I find it amusing how age-old techniques and expert suggestions have never matured. It, further, surprises me how same repeatable things are projected to protect Passwords.

Lets first look at what are common suggestions we look into while trying to build a security around our Passwords:

  • Use combination of space, special characters, numbers, CAPITAL letters etc
  • Password Length should be minimum x characters long
  • Use a different password for each account
  • Use a password manager
  • Use Multifactor authentication

There are TWO BIG PROBLEMs to the above, which is more than enough to disrupt the adoption of security around logins:

User Convenience: Security has always been perceived as the bottleneck or hindrance to adoption of a technology or growth of product adoptions.

Sharing of Passwords: The most common practice – whether we are holidaying or we on the road, we share our passwords so that our colleague at office or a friend can do some of our tasks on our behalf.

So, let me address each one of the above suggestions enumerated earlier in the light of the user convenience:

  • Combination of space, special characters, numbers, CAPITAL letters etc is the most vital which I feel though important, rarely get followed unless enforced by the login features. When such a strict policy is enforced, end users get irritated when not guided properly and tend to leave the registration process without looking back ever.
  • Length of the password, though important, end users tend to use the minimum length that is necessary. If the websites do not enforce the functionality, the user cll into the same trap as choice of password with combination of characters.
  • This is a killer because we have so many accounts in todays’ world right from office to personal, from banks to emails that it is just humanly not possible to remember them.
  • Password manager, though efficient, tends to tie your memory to this tool, thereby, making end user handicapped of not being able to use the account from anywhere other than the device where the password manager.
  • Finally, multi factor authentication: through good but the most prominent usage of form factor such as PIN or SMS or Email OTP suffers from “Man in the Mobile (MITMo)” Attack. We have demonstrated one such vulnerability live on a trillion dollar bank at 11th Middle East Retail Internet Banking Expo 2016 last month in Dubai. SIM cloning is rampant, thereby, making such popular mechanisms just to be so-called “security without any true security”.

The emergence of Social Logins is the result of above challenges and most importantly, user convenience but now what if social login is compromised.

So, whats the solution. First, firms whether startups or large firms have to start looking into security a multi-layered approach putting user convenience first and balancing it with security, so that “SECURITY is considered a BUSINESS ENABLER” and the approach should be:

  • Layer 1 Entity User Behaviour Authentication (EUBA): Cognitive Fingerprinting using behavioural traits of the users is, fast becoming one of the most loved product. EUBA helps in understanding the behaviour of how you type your password without knowing the password itself. Based on machine learning and neural networks, EUBA can self adapts and self adjusts to the user logins in real-time. Completely transparent and non-intrusive, EUBA can help understand user login behaviours based on their pas history of logins. Traits such as how fast you type, how hard you press your keys, are you chopstick typing user or are you a left-handed or right-handed user can be captured on a real-time basis and can be used for knowing the user behaviours behind the logins. One might see the power of EUBA when a candidate submits his assignments at Coursera where the candidate is identified as the genuine user just by the way he types.
  • Layer 2 Risk based Adaptive Authentication (RBAA): Yet another non-intrusive layer, RBAA can help understand the past history of logins of users with characteristics such as device preferences, software preferences, geolocation, velocity and many more and help firms decide dynamically the user environments and the reactionary action on the anomalies found on real-time basis.
  • Layer 3: Contextual based True Identification for all channel authentication: PUSH based Out-of-band Authentication in combination with Biometrics authentication such as Fingerprint, Face, Voice or PINs should be the final layer of authentication as the action on the anatomies found from the above two layers. Contexts (end users exactly know what, who, when and from where the login is happening) based Multi-factor authentication is the key and not just plain OTPs in the form of SMS, Email or Hardware Tokens.

PASSWORDS are inevitable but what organisations should do is follow a multi-layered user convenient yet secure mechanism to mitigate risks around authentications while discouraging bad practices such as sharing of passwords and improving user experience such as no more worry about the “real password” as such.

So, lets come together to make PASSWORDS really safe yet user friendly. Let SECURITY become a BUSINESS ENABLER.