Beyond the Device with 3Eye Technologies

3Eye Technologies and their channel partners explore everything in the world of mobile tech - topics range from product deep dives with industry experts, to leadership and business strategy discussions, to how to go to market effectively in a world that is relying more and more on mobile communication.

All Episodes

Beyond the Device with 3Eye Technologies

Beyond The Device: Identity Management with BIO-Key

June 01, 2022 • 3Eye Technologies • Season 3 • Episode 3

Protecting the valuable data that organizations generate, gather, and store from unauthorized access is crucial. Data breaches of any magnitude can have an enormous impact on your company's bottom line and stakeholder confidence. Businesses can improve the security of their data by implementing identity management solutions.

In a recent podcast, we interviewed biometric identification and access control experts from BIO-key. With Kimberly Biddings, BIO-key International's VP of Product, and Scott Mahnken, BIO-key International's VP of Channel Marketing, we discussed the importance of identity protection and management for businesses. Here are some crucial points.

What Is Identity Management?

Identity management offers a layer of security to your company by identifying, verifying, and authorizing individuals and then granting them access to your data systems. It's about making sure that only the individuals with authorization, and only at a level that allows them to execute their tasks successfully, can gain access.

This is more crucial than ever since as enterprises shift to the cloud, they require more passwords. For instance, a new set of credentials can be needed with each new application — these open businesses up to a greater risk of unauthorized access to sensitive data.

With BIO-key's identity management systems, users no longer have to provide their password for every program they use due to a single secure login. "The main differentiator for us is that we have identity-bound biometrics, which identifies the person. It is a biometric that's bound to your identity, stored centrally, extremely secure," says Biddings.

The Bottomline

Cyberattacks are a persistent and imminent danger. As a result, businesses need to implement cybersecurity safeguards to prevent unauthorized access to their systems. Using identity management solutions from BIO-key provides a necessary layer of defense to protect businesses and their people.

Reid Estreicher:

And in 3, 2, 1, we are live. And by live, I mean we're prerecording this in case we make any mistakes, so we can edit it down for you later. Thank you guys so much for joining us for another episode of Beyond the Device. I'm joined with a fantastic team today from Bio-Key, talking to you guys about identity, why it's so important. We all have one, right? We should probably secure it and be aware of what's happening to it. But before we get into what Bio-Key is and why it's important, I work with Scott, I work with Kim, but you guys might not know who they are. So let's do a round of intros and then we'll jump right into this. Kim, starting with you, can you give us an intro of who you are and what you do at Bio-Key?

Kimberly Biddings:

Sure. Yeah. So Kimberly Biddings, or Kim as we'll go by on this podcast. So I've been with Bio-Key about two years now, head up all of our marketing efforts, a lot of our go to market strategy among a bunch of other tasks to say the least, and have been in cyber for well over a decade now and specifically in identity and access management. But love talking cyber and excited to be here today.

Reid Estreicher:

Awesome. Thank you very much. And then Scott, Mr. Scott. Over to you, sir. What do you do at Bio-Key and who are you?

Scott Mahnken:

Reid, thank you. I'm over here in Bio-Key's corporate office on the Jersey shore. I'm Bio-Key's VP of channel marketing and sales. So I'm trying to build relationships with partners and then ultimately engage with customers. One of the things I've seen in the 11 years I've been with Bio-Key are changes. I've been through the data breach era. I've been through the fishing era and I'm currently going through the ransomware era. So we're excited to talk with you today.

Reid Estreicher:

Absolutely. And those are all still happening in a weird way, but they're not as prolific as they once were, which actually brings us to why Bio-Key is so incredibly important. So let's start with that, because I know we can talk about what it is and how you guys solve problems, and we'll get there at some point. But I want to talk about why Bio-Key is important. So Kim, over to you. Why is Bio-Key important? And more importantly, and I'll use the word important abusively throughout this entire piece, but more importantly, why is Bio-Key important right now?

Kimberly Biddings:

Yeah. So we really are at a historic point, I would say. If you look across identity and over the decades, we've gone from passwords to using phone based things to now getting to a situation where everything's under attack. And trust me, I don't love the fear mongering. That's what we call it in cyber. But we really are at a point that cybersecurity is top of mind. It's top of mind, even down to the last Uber I took, I was getting asked about colonial pipeline. So it's just everywhere at this point. And so really specifically what we focus on and what's been a huge question and driver for customers is multi-factor authentication. How do you prove you are who you say you are.

Kimberly Biddings:

And why now essentially is that we've standardized on things that we know and have. So most of the time you're hearing about multi-factor and some of these controls, and it's basically passwords or using a phone or device. And what we've seen, especially over even the past couple weeks is that these are failing. They're just completely failing us.

Reid Estreicher:

Yeah.

Kimberly Biddings:

So good stat there is last four years running. Verizon breach report has said that credentials are the top cause of breaches. Even one of the most common factors, which is a push token to a mobile phone just allowed re-enrollment by Russian state hackers and allowed them to get into an organization and then take a vulnerability and exploit that. And so these things just aren't keeping us safe. On top of that. They can't be used everywhere. Not everybody has a smartphone, right? I think we forget this because-

Reid Estreicher:

True.

Kimberly Biddings:

We all live in a great privileged situation where smartphones are everywhere. And that's not the case in a lot of industries. It's not the case with a lot of people. And then I think the last compelling reason too, is it's just expensive. A lot of the barrier when I talk to companies, "Why aren't you improving this? Why are you not putting in multi-factor? It prevents ransomware." And they're like, "We can't afford it. The cost of a hardware token is astronomical." Now, people have to pay for phone plans if you use a phone based method. So it's gotten out of control in terms of where we are at. And we're really at this inflection point or evolution point where we have to change the way we're doing this.

Reid Estreicher:

Yeah, absolutely. The tipping point from Marcus, or Malcolm Gladwell.

Kimberly Biddings:

That's a great point. Yeah.

Reid Estreicher:

Exactly. Not Marcus Gladwell, Malcolm Gladwell. Yeah. So how do you address this? There's four key pillars that Bio-Key has. Do you want to start there? Is that a good place to attack this from?

Kimberly Biddings:

Yeah. I think I'd start one step higher than that, Reid honestly, which is why us? What's our stance then if we're in this space? And so at Bio-Key, we really believe that the person is the constant insecurity that if you think about the one thing that you're trying to identify, you're trying to give access to, it is us. It's the person themselves. And so customers really pick us and say, "Why Bio-Key?" Because we have the technology that our solutions actually verify the person, not their device, not a password. And they're easy to use and they can be used absolutely anywhere. And so we call that our identity bound biometrics. And so we'll talk more about that coming out, but we make those really easy to adopt. Biometrics aren't this space age technology they used to be. And they're very applicable to a lot of use cases. And we'll talk about those.

Kimberly Biddings:

In terms of the four pillars, that is how we think about why do customers or why would a partner's customer want to even look at a solution like ours? And they really, they haven't fundamentally changed, I'd say over even the past 10 years, but the way that you address them has. First one, pretty basic, reduced cyber risk. Most people want to stop attacks. They want to prevent fishing. They want to prevent hackers from getting data breach. Actually, the number one thing they want to prevent by the way is their logo in the news. They don't want to be in the...

Reid Estreicher:

Right.

Kimberly Biddings:

They don't want the press release that labels them as the hack. And so MFA, multifactor authentication and our identity bound biometrics, killer combination for that to prevent attack. We have people also coming to us for usability. So I don't know about you, but we all have way too many passwords to manage and we forget them the time.

Reid Estreicher:

Ah, yes. Yes.

Kimberly Biddings:

Yeah. Yeah. And then we write them down. We could do a whole session on bad password behavior. But people come to us because we provide single sign on, which is that one login and then essentially easy access, no password prompt to your apps. And then self-service password reset. So a reset right now runs a company about a $70 to reset a password over the phone. And so we eliminate that by up to like 95%.

Reid Estreicher:

Oh wow. That's great. That's a good.

Kimberly Biddings:

Yeah. So that's a huge, measurable cost savings, which is hard to do in cyber.

Reid Estreicher:

Yeah.

Kimberly Biddings:

Reduce overhead, my favorite is I call it a patchwork quilt of solutions because what happens is you go and you're like, "Oh, that phone base push token is the best method for us." And they go buy that one vendor that does it. And then they're like, "Oh no, I hit another solution, another scenario and it doesn't work there." So they go buy another vendor's solution for hardware tokens. So we have a lot of customers come to us with three, four, five different vendors to solve the same problem. And we can just consolidate that right down into a single platform.

Kimberly Biddings:

And then the last thing actually is a really key thing. And I know, Scott, you've been getting tons of traction with our partners even on this is the cyber insurance, right?

Reid Estreicher:

Yeah.

Kimberly Biddings:

Used to be regulatory. Used to be regulatory demanded. The FFIEC if you're in finance or HIPAA if you're in healthcare. Those are still prevalent and enforcing, but cyber insurers are the cost. And they're saying about 200 to 300% increase in premium if you don't put the right controls in place. And again-

Reid Estreicher:

It's a big jump.

Kimberly Biddings:

It's huge. It's huge.

Reid Estreicher:

It's a huge jump on something that's already pretty expensive.

Kimberly Biddings:

Something that's... Right. So that's the big thing is they A, will say, "We'll increase your premiums," or just stop ensuring you. And B, it's my favorite term someone said is an unfunded requirement. In other words it's a requirement, but you're not going to go help me pay for multi-factor.

Reid Estreicher:

Yeah.

Kimberly Biddings:

And so a lot of people come to us for the multi-factor, but also because we're extremely affordable compared to the competition. So those are those four pillars I would highlight or frame it for.

Reid Estreicher:

Okay. And then over at Scott, I think I want to get you in here as well to talk about some use cases specifically of where all those four pillars fit in.

Scott Mahnken:

Absolutely, Reid. Now I want to support with what Kim just said. I was on a call earlier today with a transportation organization out of the Midwest, 105 users. And exactly that, the reason they called was because of the cyber insurance requirements, the cyber insurance mandates that are out there. And I'm going to say that 90% of the inquiries that I'm getting from partners are coming based on that driver. I've been in technology for a long time. I've never seen such a trend before.

Scott Mahnken:

So what we're doing is we're turning out to our partners and our customers and saying, "Look, we want to address an organic need. We're not here to sell you something. You have something you have to face. You have a compelling need. Let's give you a flexible tool to address that." So-

Reid Estreicher:

Right.

Scott Mahnken:

Let's talk about a few of the ways customers are taking our products and addressing those issues head on.

Reid Estreicher:

Okay.

Scott Mahnken:

So banking, let me ask you if you've seen this, have you ever been to the bank where the teller comes running from the window, from the drive through into the lobby to do your transaction. So they're jockeying back and forth to try to optimize their workflow. Does that ever happen to you?

Reid Estreicher:

I do all my banking electronically.

Scott Mahnken:

Okay.

Reid Estreicher:

And stage left. Sorry. I [crosstalk 00:10:31] an actual-

Kimberly Biddings:

Reid's like, "I haven't been to a branch in years."

Reid Estreicher:

I haven't been to a bank in probably a decade, man. I'm sorry. I'm the worst person to ask that question to.

Kimberly Biddings:

Okay. Reid, they still exist.

Reid Estreicher:

They still exist. I know.

Kimberly Biddings:

They still exist. Yeah.

Reid Estreicher:

Everything is done electronically. I'm the worst person you could have asked that question to. But I'm assuming that you're trying to get outside from behind just being stuck at the counter. And that's, from a personal perspective, you're trying to at least like make a contact with another human being.

Scott Mahnken:

Well, there's two scenarios. The reason, and I'm older than you, but the reason I go to banks is they give out those lollipops. So that's certainly one driver.

Reid Estreicher:

They're still doing that? I'm going. Now I'm going to start going to banks.

Kimberly Biddings:

Now he's going.

Reid Estreicher:

Now I'm going. Now I'm going.

Scott Mahnken:

Not the banks that I go to, because I take them all. But all kidding aside guys, what happens in a bank is what we have is a shared workstation environment. So Reid is the teller at the window. But when Scott in the lobby has to go on his lunch break, Reid's bouncing back and forth. So you and I are working on the same devices. And sometimes banks and other organizations have actually said, "Look, on this device, use this password. On that device, use that password for all users," and that's insanity. So what we've done is help them bridge that gap-

Reid Estreicher:

That too.

Scott Mahnken:

Using our fingerprint authentication. It allows you to bounce around workstation to workstation and authenticate in the strongest fashion. And then the last thing in the banking is that manager. So you, the teller have a $10,000 transaction. Great. The manager doesn't now have to come over and type in a password, because think about a rogue teller just standing there and watching that password go in, what they could do with that. We take it down to a biometric, which can't be duplicated and also optimizes not only the speed of the transaction, which is good for the user, but it's great for the customer. You don't want to be standing around too long, especially someone like yourself that I can barely get into the bank at all.

Scott Mahnken:

Another-

Reid Estreicher:

Again, guilty.

Scott Mahnken:

Yeah. There you go.

Reid Estreicher:

I'm very guilty of that.

Scott Mahnken:

Another great use case is in manufacturing. So many manufacturers are just extending out the password and making it more and more complex. But a manufacturing environment is by nature a workflow environment. So a more complex password is actually anti workflow. What we do is we come along there and again, offer many different options for authentication. And at ICU medical, again, they're using our biometric because what they do is they make life cycle medical devices. And those medical devices are going from station to station throughout the production environment in the warehouse. So what they want to know is who is that person that connected the hose? Who is the person that put on the plastic top? Who did the packaging? So through not only our easy method for authentication that we're delivering, we're also delivering some great tracking and reporting.

Scott Mahnken:

Finally, two more use cases I think are worthy of mention, county governments. I think there was a six week period where we closed five county government projects. And again, it goes back to that driver of cyber insurance. They all came to us for that one singular reason. And a lot of them were scrambling because they were given a deadline, a timeline, if you will. And like many of us, they put things off and now, they're in a do or die time and getting it to high action.

Scott Mahnken:

And lastly, the enterprise. Think about the challenges of the director of IT in an enterprise environment. Think about the diversity of users. Think about the diversity of the need for security. Higher levels here, less of a level there. Think about the need for convenience and workflow. All these different stages and diverse requirements require flexibility. So in the enterprise world, they're turning to Bio-Key because they have to address remote employees. We do that quite well with our palm authentication. They have to address new employees that are forgetting passwords. We address that with our self-service password reset application. And because of the size of the organization, they probably have a lot of apps and files and websites their users are visiting. We turn it into single sign on. So those are really some use cases, I think that crystallize where we bring value.

Reid Estreicher:

Yeah. And I mean, this is such a, it's frustrating because we have these conversations a lot in the cybersecurity and identity space and with other guests on the podcast. And it doesn't seem like a very difficult thing to solve. It's just that there are mechanisms in place that people either aren't aware of or they haven't taken advantage of. And that's a really unfortunate thing, because I think a lot of this can probably be mitigated. So to Kim's point earlier, you don't have your logo in the paper or on the news. That's not something anybody wants. I wanted to talk a little bit about competitive advantages and maybe some of the unfair competitive advantages that you guys have over the rest of the market and how it applies to some of those use cases. So Kim, over to you. Holistically, how are you guys looking at this whole picture?

Kimberly Biddings:

Yeah, no. And Reid, honestly, to comment on what you just said, I think is really important too that it blows my mind sometimes. I'm like, "Why is this just not in place?" There was a recent hack just a few weeks ago or depending on when someone watches this, right?

Reid Estreicher:

Right.

Kimberly Biddings:

But someone downloaded an Excel sheet and called it Dom admin passwords as the file name. I know. And I'm like-

Reid Estreicher:

Why? Why would you do that?

Kimberly Biddings:

"Should I give up and go to Fiji?" I don't understand. And it's perplexed me for a while, but I think there was a time when this was insurance. This was, and again the fear mongering, not if, but when. And people just thought, I'm too small. It won't happen. But it's not negligence or just procrastination or something. It also comes down to budget and the fact that all the way up to the business side, people are like, "Hmm." In healthcare, this seems to happen. "Hmm. Do we give the heart surgeon his brand new surgery robot to make us more revenue, which is a technology investment, which comes off IT budget? Or do we invest in multifactor authentication to possibly prevent a hack that may happen?" And you can see why-

Reid Estreicher:

Yeah.

Kimberly Biddings:

It's just not a tangible benefit or it's hard for them to actually explain. And that's why I said, "Why now?" Because finally, this is a point that it is not if, but when. And we have reached a point where they're more affordable and you have to put it on every single account. It's just brass tacks.

Reid Estreicher:

Yeah.

Kimberly Biddings:

We've gotten to that point. So that's my little soapbox. I get real crazy when I can't figure out why not?

Reid Estreicher:

No, it's a good point to make. And look, you touched on something I think a lot of companies, our business model in this country and a lot of places globally is growth.

Kimberly Biddings:

Yeah. Correct.

Reid Estreicher:

That's the focus. And it's quarter over quarter growth, especially for publicly traded companies. So it's like, am I going to spend money on something that could happen? Or am I going to take the hit when it does and said spend money on something that's going to create some profit and some shareholder value.

Kimberly Biddings:

Right.

Reid Estreicher:

So I get it. I mean, it's such an easy case to make where it's like, "Well, we want these short term gains now." But again, I think this is a repositioning of the mind of how to look at business strategically because you keep getting waxed from a security perspective, you ain't going to be around very long. So it's like-

Kimberly Biddings:

Yeah. You're going to lose. So you lose credibility, you lose trust in the brand. And so it's just one of those things that you have to start weighing it. COVID, by the way did no favors because in comes pandemic, in comes, "Oh my gosh, we have to go digital if we didn't already. Go buy 65 cloud applications for every area of our business, so we can continue business operations." And now if you want to know why ransomware went up 300% in just the US, that's essentially hackers were like, "This is Christmas."

Reid Estreicher:

Yeah. Yeah.

Kimberly Biddings:

They set them up so fast. One of the recommendations I'll put out to anyone listening is run a tabletop exercise of a ransomware event and get your CEO, your COO, CFO to be part of it, because when they have to sit in the chair and be the one that actually simulates, "Okay, you just had ransomware. Mr. CEO, are you ready to call the head of the FBI? Are you ready to report to your state governor that you've experienced ransomware? Are you going to report to health and human services and put it on the wall of shame in healthcare? How are you going to do the PR announcement and video when your company goes live in the morning to explain to customers why they should still trust you?" And they invest in cyber-

Reid Estreicher:

Yeah.

Kimberly Biddings:

Immediately. It's one of the best. It's a scare tactic, but unfortunately it's a wake up call, I guess. I mean, it works though tremendously well.

Reid Estreicher:

Well, we've talked about this with some of our other vendor partners in mobile threat defense specifically on mobile devices, and why I think to all the points you just made people aren't having these conversations. And it is because if somebody gets smoked, they're not going to come out and be like, "Well, look at it." It's always swept under the rug. And it's like, "Oh, here's a press release. Here's how we're going to handle this. Look, everything's fine. Don't worry about it." But in actuality, if somebody went through, like the solar one's breach for example, it would be great to have a leadership team come out from that and be like, "Here's where we made mistakes. Don't do this. And by the way, because these mistakes were made, look at all of the stuff that we had to do," to your point, "working with the FBI, letters to the governor."

Reid Estreicher:

And this is way, way bigger, because it's federal government. So there's a whole other piece of the puzzle here that we're probably not privy to. And maybe some of that the public shouldn't be privy to. I don't know. But I think the aftermath of these things, people just aren't aware of them. And that's one of the biggest problems, I think in messaging as to why this is important. I think there might be in the back of the head, it's like, "Well, if it happens, we'll just deal with it and sweep it," versus the incredible amount of work and effort and time, the destruction of value to the organization. That stuff isn't is missed in the longer conversation, because again, if anybody gets whacked, they don't, "Hey, I got..." They just sweep it under the rug and they're not talking about it.

Kimberly Biddings:

Yeah. And the last example I'll give you, and then I'll go back to your competitive question. So I was in healthcare, I am. And I actually did another podcast and it was on patient mortality rate impact due to cyber attack. So now we're talking human lives. And actually, you know what's fascinating? It wasn't the attack that actually increased mortality rate. It was the security controls that they overreacted and put into place that then kept clinicians from treating patients in a timely manner. And so it's like, there's human impact. And that's why colonial pipeline was massive because everyday citizens went, "Wait a minute, I can't get gas because of a cyber attack?" And it was the first. Or, "Don't mess with our hamburgers," with the JBS plant.

So it is incredible on how people handle it. We just had a major competitor in our space that they're having that problem. And it happens to a lot of companies. And they knew about it in January. They never communicated anything. And now it came out and essentially customers are like, "Listen, you need to tell us whether we're impacted or not." So it was really impactful. But going back to, I guess like I said, I can rant about cyber all day.

Reid Estreicher:

There's public information. You can find it. It's just having to source it and find all the information sometimes is difficult. But yes, to go back to the competitive advantages and looking at the picture holistically, I think that would be a great place to segue back to.

Kimberly Biddings:

Yeah. And so actually, I'll point to, there's a wire.com article that just came out recently. And it talks about the sinister nature breaking through MFA. And it's one of my favorite articles lately, because it basically says in some fashion that, "We're not saying that all MFA methods are bad, because something's better than nothing." And I was like, "Yeah, but we have a better way."

Reid Estreicher:

Yeah.

Kimberly Biddings:

And we fully believe that because again, the main differentiator for us is that we have identity bound biometrics, which identifies the person. It is a biometric that's bound to your identity, stored centrally, extremely secure. We don't have enough time to go over all the patents. We have everything in place. But it identifies you. So in the case that Scott, you were talking about manufacturing, I know that Scott completed the action with the plastic cap. There's no doubt because it's his biometric. So they can't be shared. They can't be handed over. You can't have a hacker. My favorite now is hackers are paying people $20,000 a week to hand over credentials.

Reid Estreicher:

Man.

Kimberly Biddings:

Can't hand it over. Can't be forgotten. Can't be stolen, forged. All of those factors that's why the other ways are falling victim. The other thing is it's available everywhere. So it's not tied to a device. So as we said, any machine, you walk up to that has it enabled. It allows the authentication to happen, it's extremely affordable, and then just a great alternative and part of a way to complete your MFA strategy.

Kimberly Biddings:

The other reasons we stand out, single unified platform. Like we said, all of this is in one award-winning platform we call Portal Guard, gives you that identity bound biometrics, all the basic traditional MFA options. Even our own hardware tokens we do sell for, again, one size doesn't fit all you'll need different methods.

Reid Estreicher:

Sure.

Kimberly Biddings:

With single sign-on, with self-service package... Oh my goodness. Self-service password reset all in one platform. The other thing, amazing customer service. You can tell we're passionate about this, we're experts in this space. Our customers get one-to-one customer service, customer success manager. It's not like you're ticket number 1052, like some of these big players and you're never going to hear from them.

Reid Estreicher:

Right.

Kimberly Biddings:

We help security policy questions down to SSO configs, really hands on. And then the last thing is, which is great. We're really affordable. We're about 50 to 60% less than the major competitors and again, have that unique offering of the identity bound.

Reid Estreicher:

That's awesome. And Scott, to get you back in here too, just about how this applies to the partner. And can you just talk a little bit about where this fits in as far as the value added service to the customers?

Scott Mahnken:

Yeah, absolutely. I think whether it's the customer or even the partner, Reid, education. It really starts with education. And that's where we end up building trust. There is there's a lot of misnomers out there and gaps in understanding, and that's where our mannerism of educating our partners, educating our customers. And we say this, we don't sell anything at Bio-Key. We tell smart people, smart things and they make smart decisions. So that's really how we position things. Thank you. Trust, I would say is number two, when you look at what's going on and what's taking place out there, you used the term before, it's not if, but when. For me, the tipping point was when I started to hear that not internally amongst us that are in this side of security, but when I started to hear from customers, the directors of IT are started to recognize it's not if, but when.

Scott Mahnken:

So that's a real beauty. So we're addressing that void. Our competitive advantage is they're inevitably going to have some issue, small or big. We're going to fill that void. So to sum it up for our partners, what we're doing is we're enhancing their cybersecurity portfolio. Security's front of mind, the number one hot topic. So if you are an MSP, a VAR out there, let's make sure that you're in that battle.

Scott Mahnken:

Second thing we're doing is we're allowing our partners to fill the gaps. Our competitors, the traditional IAM MFA providers, Kim hit upon it. They don't have the IBB. They don't have the identity bound biometrics. They also don't do this, and this is really centric to Bio-Key. We have dedicated resources. We do not rely upon the toll free 800 number of customer service and account management. Everything is dedicated. Your customer will always have the same account manager. Your customer will always have the same tech support engineer. Your customer will always have the same customer success manager.

Scott Mahnken:

So it's that competitive advantage versus throwing someone into a pool of maybe going offsite, heavens knows where in the world to try to get their problem solved. And ultimately, what we do is for our partners, they become a trusted advisor for MFA. And that's a critical role for them to play. But then lastly, the net deliverable is this. We're giving the customer a tailorable platform, totally customizable. It's easy to manage. And it gives what I call UX squared. UX squared means it's good for you and I and the end user, but it's great for admin too, because it's easy to manage. And that's what we do. We tie it all together into the end. It's a marriage of security and convenience, unlike none other.

Reid Estreicher:

Yeah. I think, so just to strike one thing you said that struck a nerve with me rather was the support. This is so crucial. And this is a thing that's like, again, because of quarterly profits we talked about earlier, people, sometimes companies... Excuse me, not people. The people behind them make the decision to try to run extremely lean. And there's a difference between-

Kimberly Biddings:

Yeah.

Reid Estreicher:

Running lean and being anemic. And you still have to have support for your customer community. You still have to have support, especially in the space of identity if there's a problem. My God, are you calling a 1800 number? That's not going to solve this.

Kimberly Biddings:

Right.

Reid Estreicher:

That's a terrible business model. So the fact that you guys have actual people dedicated to this is a game changing move. But comparatively to where we've seen, I think a lot of companies in the identity space try to squeeze as much value, quote, unquote, value out of maybe their employee base and their partner community by limiting the amount of resources that they have. And again, there's a difference between lean and anemic. And a lot of companies, I feel like have slid into the anemia front, unfortunately. So that's really fantastic. And actually the partner support, the customer support dovetails really nicely in the customer journey, which I also wanted to talk about with you guys. So Kim, over to you. Where does the customer journey start for you?

Kimberly Biddings:

Yeah. So if you're sitting there, whether you work with customers or you are an organization, I really start with identify if you have these needs or pain points. It's what sales 101 teaches us, but also, it's just a good skill in life to think, okay, what's the problem I'm trying to solve first and understand that. And so we do have numerous questions people can ask themselves to figure that out. But it is important to start thinking about those categories of reducing risk, improving usability, lowering cost. And so some questions could be things like, do you need to implement multifactor to meet your cyber insurance requirement? Do your users have too many passwords to remember and who do they call or what do they do when they forget it? If you've ever done the math on the password resets, that would be a great eye opener, potentially a budget getter for a lot of people.

Kimberly Biddings:

Same thing, how the main thing too is how are you securing access both with remote and on premises employees, or even your customers? And I think going back to that theme of what the issue is today, how much do you really know? My favorite is, I listened to a presentation and it was somebody pitching actually touch ID. And so that's another form of biometric that is device based and only identifies the device. It's a complete fallacy that essentially it's actually proving the person is who they are. And so he's like, "Yeah, it's great. I'm in Mexico with my laptop. I use my touch ID. And so it was easy for me to verify I'm there on my laptop and accessing things." I'm like, "No, you just verified that your laptop is in Mexico. Your laptop is in Mexico is the only thing that the relying party knows."

Kimberly Biddings:

So it's time, I can't stress it enough. Even if it's not identity bound biometrics, we need to start thinking about how do we actually trust and identify people again, not devices and passwords and things that we know or have. So that's where you get through it. Yeah. It's that evolution. What'd you say? The tipping point. And that's what it's been, it's an evolution. Password started, then it was phone based. If anybody remembers the day of phone factor, that company that came out with phone based methods and we thought it was amazing at RSA. Later on, they've been acquired, et cetera. We're now to the point that these are just falling victim. So start asking yourself some of those hard questions.

Kimberly Biddings:

And then from the customer journey, I think Scott hit upon it enough, super consultative. If you aren't sure, ask me privately on LinkedIn. As you can tell, I'll answer just about any question. And then we have tons of educational materials, webinars, white papers that you can go check out too.

Reid Estreicher:

Okay. And then once somebody does actually become a customer, I know we talked a little bit about that, but can you just outline that for us?

Kimberly Biddings:

Yeah. So we have assigned CSM. It's not somebody that changes every week. I love that about CSMs. With big companies, you get a Joe one day and Mary the next. So yeah, we have dedicated CSM. There's a full onboarding kickoff. Goal planning, make sure that you're on board with what you're trying to achieve and that we're meeting your security goals, not configuring yourselves to us. It's about 30 to 90 days, depending on how many single sign on applications. Honestly, that's usually the time sync is connecting all your apps, but handholding all the way. Everybody that's supporting you has done this for multiple years or has seen these situations. And most of our IT support, if not all of them actually get their hands on the product, know it intimately. And some were even originally developers and now moved into it support. So you're in great hands. And that continues for the lifetime of our customers. We have really awesome customer stories also on our website you can check out.

Reid Estreicher:

Awesome. Thank you very much. And then Scott, during a previous conversation, you had mentioned direct assist. Can you talk a little bit about what that is?

Scott Mahnken:

Absolutely. It's a phrase we coined, recognizing that any MSP, any agent or VAR selling our technology, we don't expect them to become an expert. I think you hit upon it earlier in our conversation that there is a gap in knowledge out there and that's natural. Someone's only going to get so close to our products. In that regard, we're going to assign similar to the way we do with customers. What direct support does, it assigns you, the agent, the MSP, the VAR, a dedicated resource, a dedicated account manager for your customer facing issues and a dedicated tech support engineer for your technical issues. What's nice about that is right away, again, it approves your knowledge within the space and it also gives you an immediate go-to person.

Scott Mahnken:

So if you engage with your customer and they happen to ask you that technical question that puts you in a position of not being able to respond, you just bring them into your direct support team or your direct assist team. And they're going to make sure that issue, that question is addressed and addressed properly. It's that confidence that we're trying to share in order to bridge and build those relationships.

Reid Estreicher:

Awesome. Yeah. So again, I guess we're coming to the end of the podcast here, but I just wanted to go back and touch on some of the stuff that you guys talked about. Whether it's vertical use cases, strengths, if there are any other closing comments you want to add in there. But if it's a bank, if it's a US court, county elections, manufacturing, healthcare, whatever, there's some really, really easy solves for securing your identity so that this is not a problem. And there's a really great team here that can help with that. So, Kim, I'll turn it over to you first and then Scott, and then we'll get out of your hair.

Kimberly Biddings:

Yeah. So if I didn't make it clear, please start thinking about what we're using to do this thing, identity, what we're identifying. I think of another issue that people are having is there are vendors out there very heavily VC backed vendors even that are coming out. My favorite lately is, "We have the strongest authentication on the planet." And I'm like, "Great. All it identifies is a device." So it's important. Don't get into the hype of MFA. I think it's really important we start as security professionals thinking about what we're trying to accomplish and whether or not some of these very common trendy things to do are the right choices. It's a good time, as we say, to go against the grain in terms of the wave of adoption and where things are going.

Kimberly Biddings:

The last thing I'll say is again, please evaluate your MFA strategy, your cyber security posture. Best thing to do is to go to our website and check out our content, but also just contact us. Request a 10 minute, we do cybersecurity maturity assessment. It takes about 10 minutes. And go through basic questions about your policy, your team, your governance, everything around that. And it's very insightful, gives you a good way to benchmark your program and where you need to go next.

Reid Estreicher:

And that's just right on your website, right?

Kimberly Biddings:

Yep. We can give the direct link if someone doesn't want to search for it.

Reid Estreicher:

Yeah. I was going to say, we can put it in the description under YouTube-

Kimberly Biddings:

Yeah.

Reid Estreicher:

And in Spotify and Apple Podcasts as well, so that way people can find it easily.

Kimberly Biddings:

Yep. And our blog too, every two weeks we put out very long articles, either vertical specific. I wrote one of course on the Russia, Ukraine conflict and cyber impact. So great timely information if someone's looking just to stay on top of the polls too.

Reid Estreicher:

Okay. Awesome. And Scott, over to you, sir, closing comments.

Scott Mahnken:

Reid, I appreciate it and I appreciate everybody's time today. I want to invite anyone who's listening to come to one of our educational discovery calls, about 20 to 30 minutes. We learn about your environment. We try to marry you with some solutions. Again, it's not a sales environment. We basically demonstrate capabilities. And then you be the judge. We're real comfortable in that type of environment. So put that out there to everyone that's listening. I'm sure you'll have some contact information listed within the bottom of the podcast, but we're grateful to talk to the audience and bring them this awareness.

Reid Estreicher:

Awesome. Thank you guys so much for making time to do this. It's such an incredibly important topic. And again, one where we really need to focus on moving forward in 2022 and beyond. Cybersecurity's just never going to be. And neither is securing the identity ever going to be something where it's like, "Well, that's solved. Done. We don't have to worry about it anymore."

Reid Estreicher:

So I sincerely appreciate you guys making time to talk about this. And thank you guys for watching or listening, depending on the medium that you guys chose. If you like the video, click like and subscribe, leave us a comment in the comment section. We do read them if you want to leave us a comment on what other videos you'd like to see or other content you'd like to be made. Please leave us comment, we'll do just that. Thank you guys for watching and check us out for another episode of Beyond the Device.