A startup with a strong pedigree is trying to address the problem that businesses have keeping up with the ever-increasing options for authentication.
Transmit Security is shipping a server platform that off-loads the authentication chores that would otherwise reside within applications, making it simpler to roll out authentication in the first place and to upgrade it later without ever touching the applications themselves.
Transmit Security Platform (SP) connects to applications via APIs to enable biometrics – eyes, voice, fingerprint, face – push notifications, one-time passwords, and even third-party authentication platforms, says Rakesh Loonkar, the president of the company and one of its founders.
That makes it easier to change the methods of authentication over time because the changes don’t require altering the apps either.
Authentication policies can be dynamic, too, so if a connection is being made from an insecure machine or location, those factors can trigger more stringent authentication. These dynamic decisions can be informed by input to Transmit SP from threat feeds and risk-detection systems. The matrices for this dynamic risk-assessment are written within Transmit SP by customers.
In the past when the only form of authentication was username and password, this was less of a concern. Now new methods are cropping up all the time and businesses want to take advantage of them, says Al Pascal, a research director at Javelin Strategy & Research.
But with new channels for accessing applications – mobile, online, phone – and new identification factors, the task is much more complex, he says. There’s no way to know which technology will come out on top, so the best strategy is to stay flexible and try to keep costs down.
Customers of Trusteer told Loonkar they needed a less rigid way to integrate authentication into applications that didn’t require touching the apps themselves, Loonkar says, and that was the genesis of the idea for Transmit Security. Transmit Security’s co-founder and CEO Mickey Boodaei was a founder of the application- and data-security firm Imperva, and with Loonkar was a founder of Trusteer, which made security software for online banking. IBM bought it in 2013.
The claim Loonkar makes is that within hours the platform can be configured to support the authentication logic customers want and push that to applications as opposed to the six to 18 months it would take to program the logic directly into each application.
He cites two major use cases. The first is mobile-centric omni-channel authentication, which lets users connecting from mobile devices be transferred from an online banking app, for example, to a live customer-service rep without reauthenticating. The second is to incorporate biometrics as a password replacement without incurring the cost of writing code for it into every application.
Sign up for CIO Asia eNewsletters.