AJ Naddell, Imageware: with the elimination of centralized identity repositories, data breaches can become a thing of the past
As the digitalization of the world accelerates, so does the need for strong security defenses. Because of that, passwords are likely to soon become just a memory, replaced by biometric identification.
When hearing the word “biometrics”, many people grow wary: how safe is it to provide the information that feels so personal? Who needs it and what can it be used for? For them, moving towards biometric identification is a worrying development. But it shouldn’t be.
AJ Naddell, a Senior Vice President at Imageware, talked to us about why implementing biometric identification and storing biometrics in the cloud is the best move for your personal security, and shared the practices of Imageware that had brought them to success.
Imageware has an Award-Winning, Multi-Patented Biometric Engine. What makes it stand out?
Always ahead of the curve, in early 2000, Imageware embarked on an epic endeavor to create the first multi-modal biometric search engine. Not satisfied with just providing a means to search more than one biometric, we listened to our customers, frustrated with proprietary systems by other vendors, and created the only vendor-neutral biometric search platform that works with virtually any vendors’ hardware and algorithms. Even allowing our customers to use an algorithm from one vendor with a hardware device from another, to give them exactly the features they wanted, regardless of who manufactures them. Not long after releasing the Biometric Engine, Imageware was awarded a contract from the Mexican government for SIRLI, an acronym for System for the Identification of Remains and Localization of Individuals. This program provided the government with a multi-biometric identification and identity management solution. Imageware supplied the Biometric Engine and investigative platforms, incorporating face, fingerprint, signature, and DNA biometric capabilities. The solution was the first to incorporate four biometrics into a single integrated platform.
By early 2019, Imageware’s Biometric Engine provided the broadest set of identity validation and biometric authentication capabilities in the industry. Built upon highly patented biometric capabilities, this digital identity platform is a seamlessly integrated suite of products that provides the broadest set of biometric authentication factors combined with the most robust identity proofing capabilities. Our customers have standardized on the Biometric Engine because of its unique ability to fuse multiple biometrics, providing flexible and efficient business processes for individual identification by their physical traits, including face, fingerprint, iris, and DNA, thereby increasing security and risk mitigation through highly reliable verification of personal identities, and the related granting of access to only trusted personnel.
You recently partnered with Safe-t Data to create the first-ever Zero Trust Biometric solution. What key benefits does this technology have?
The joint solution addresses access challenges with a simple and secure Zero Trust Network Access (ZTNA) solution by granting both managed and unmanaged users fast and seamless access to the resources they need, and ONLY the resources they need. The result is a verify-first, access-second Zero Trust approach across all applications (on-premises or in the cloud) for enhanced security, greater understanding, and fewer frustrated users. Safe-T ZoneZero controls access to the corporate services, utilizing Imageware Authenticate for biometric multi-factor authentication. Incorporating biometric technology into ZTNA makes identity authentication faster and more accurate than other methods. Because individuals cannot lose or forget their biometrics, it’s also far more convenient resulting in lower IT help desk costs for password resets or lost tokens and greater productivity by users who don’t need to call the help desk for support.
You often mention that spoofed images and deep fakes are becoming more and more prevalent. What threats do they pose? Have there recently been any major cases related to spoofed images and deepfakes?
A recent study suggests exponential growth of deepfakes in the wild (i.e. found anywhere online) — with more than 145,000 examples identified in 2020, indicating a nine-fold year-on-year growth. Tools to create deepfakes are certainly getting more accessible. Threats imposed by deepfakes include system security when deepfakes can spoof biometric authentication systems for facial recognition. For example, it is easy for deepfake synthesis systems to handle anti-spoofing systems that use smiling, blinking, or face movement to try to prevent such spoofing. However, Imageware uses a passive anti-spoofing system that has been certified by an accredited third party to meet the ISO 30107 Level 1 and 2 requirements for presentation attack detection. No matter how good the fake face videos appear, Imageware's system is designed to detect aspects of videos vs. real live video captures by our system.
Which gaps did the pandemic reveal in your field?
Almost overnight businesses transitioned their workforce into remote working environments, potentially exposing sensitive business systems and data. According to a recent Gartner survey, nearly 50% of all organizations reported 81% or more of their employees working remotely during the coronavirus pandemic. Of these employees, 41% might continue to work remotely after the pandemic ends. Remote work introduces new challenges to data security.
Remote staff are difficult to monitor and enforce policies on. Everything from the hardware and software they use to other individuals in the home accessing their wireless router, vulnerabilities exist in ways that office workers don’t present. Working with remote employees brings upon the risk of lost, stolen, or compromised devices and documents containing sensitive data. Malware can also easily break into networks through personal USB drives, and data breaches can result in millions of losses. The global pandemic shined a huge spotlight on cyber security. According to the FBI, cybercrime has spiked to nearly 400% since the beginning of the COVID-19 pandemic and 80% of those breaches are related to passwords. The annual cost is 1% of global GDP—that’s absolutely staggering.
Did you add any new services as a result of the pandemic?
We developed Imageware Authenticate, our cloud-hosted MFA solution, nearly ten years ago to provide an affordable solution to agencies and businesses without the resources to invest in the expensive backend of an on-premises solution. With a sudden, jarring exodus of employees to remote locations, we knew our product was perfectly positioned to help companies secure access to their most valuable asset: their data. We made some updates and rebranded it from GoVerifyID to Imageware Authenticate to more accurately reflect what that solution does. We also partnered with Safe-T for the first biometrically enabled ZTNA solution. Both companies recognized an immediate need for ultra-secure identity authentication and network protection without introducing unnecessary friction into the user experience.
Give a few cyber-hygiene recommendations for Internet users: how to ensure your identity isn’t being used by someone else?
By storing biometrics in the cloud instead of the device, an organization can be sure they’re authenticating the individual and not just authenticating the device. This approach also can completely eliminate passwords, which are easily hackable. For individuals, this means their identities cannot be stolen. You cannot lose or forget your biometric identity, and no one can hack your biometrics. In the very near future, internet users will be able to further lockdown their private data with biometrically enabled self-sovereign identity (SSI), a blockchain digital wallet solution that is locked with their biometrics. They will be able to choose who to give their data to, and what data they will share. With the elimination of centralized identity repositories, data breaches can become a thing of the past.
What safety practices can businesses implement to avoid threats before it is too late?
Quite a few, actually. Everything from implementing ZTNA to biometric proofing and identifying individuals who will interact with a company’s assets. With global ransomware costs predicted to reach $20 billion this year, it’s more important than ever to focus on cybersecurity. No industry or individual is safe. With nearly 465,000 unfilled cyber jobs across the U.S. alone, businesses need a fresh approach to protecting their data and systems. And the time to implement these measures is before a cyberattack occurs. Once criminals are in your system, it’s too late. One of the quickest and easiest ways to secure your systems is with biometric multi-factor authentication (MFA). Most 2FA can be hacked, and hardware tokens can be lost or stolen. Biometrics can’t be forgotten or changed maliciously, can’t be stolen or guessed via social media information, and hackers can’t just crack them the way they can with passwords. With prices starting at just $1 per user per month, the ROI is immediate and significant.
How do you think biometrics engines will evolve in the future?
As touched on above, one of the exciting new things we’re working on is self-sovereign identity and introducing biometrics to digital wallets and the blockchain using the Biometric Engine. Part of what makes this so unique is the way our solution will process the templates to ensure complete anonymity, protecting user identities from being stolen or reverse engineered. We believe that as people become better informed, they will come to accept and even prefer having their biometrics stored in the cloud and used for authentication purposes. Federal governments and other leading organizations understand the security limitations posed by other methods. This will lead to the popularity of cloud-based biometric engines being used with government and commercial systems, including in conjunction with blockchain and self-sovereign identity solutions.
Please share, what's next for Imageware?
Our most recent product launch is our new Law Enforcement 2.0 platform, which released on September 30, features a brand new, modern UI/UX that allows law enforcement and public safety officers to more quickly and intuitively book and identify subjects, saving them time in the field as well as in training. Over the next six months we are building out our biometrically enabled SSI solution. With SSI, individuals own and control their blockchain-verified digital credentials without the need for a centralized identity provider. Up until now, our identities have been centrally managed, but centralized identity can be risky and is out of the owner’s control. Imageware brings biometric certainty to the SSI market. We are entering the Blockchain Based Identity market as the only biometrically-enabled blockchain-based SSI solution provider. We’re also working on Imageware Credential 2.0, which is an overhaul of our EPI product suite that will completely modernize the PIV card enrollment and creation solution.