Beyond the Device with 3Eye Technologies

3Eye Technologies and their channel partners explore everything in the world of mobile tech - topics range from product deep dives with industry experts, to leadership and business strategy discussions, to how to go to market effectively in a world that is relying more and more on mobile communication.

All Episodes

Beyond the Device with 3Eye Technologies

Beyond the Device: Hypergate

December 14, 2022 • 3Eye Technologies • Season 3 • Episode 37

Single Sign On is a powerful tool that has tangible benefits in the workplace. With SSO, users no longer need to manually log into each individual resource they access as part of their job - saving them time and energy while also providing an extra layer of security by protecting accounts from being exposed through phishing scams or compromised passwords. Hypergate takes these safeguards one step further with its comprehensive software solution for implementing single sign on across multiple platforms quickly and securely.

Kris Putrins, Regional Sales Director at Hypergate joins from Switzerland to share how Hypergate Authenticator leverages Kerebos and your existing infrastructure and enables your employees to access company resources on their Android Enterprise and iOS smartphones like they are used to with a computer.

Reid Estreicher:

And three, two, one, we are live, and by live I mean we're pre-recording this, so we can edit it down should we make any mistakes. But of course we're not going to do that because we're joined today with the fantastic Hypergate and the one and only Kris Putrins joining us, not in this country, but actually just outside of Zurich in the wonderful city of Zug. Did I say that right?

Kris Putrins:

You did correctly, yes.

Reid Estreicher:

Okay. All right. Occasionally I get something right, and we found out one of the things. And we're going to talk about SSO, MFA, really the secret sauce of Hypergate, why you need to know it, what they're doing in the market and how they're changing things, because SSO can be sometimes very complicated to deploy. It can be very expensive, but they've got a kind of secret sauce here you guys should be aware of. So without further ado, we're going to get into it. But before we start, I know Kris, I work with him on a regular, but you guys watching and listening might not. So Kris, over to you first for an introduction. Tell us a little bit about yourself, a little bit about Hypergate, and we'll jump right into it.

Kris Putrins:

Sure thing. First of all, thanks Reid for having me here. It's a real pleasure to be here. About myself... So as we've already said, my name is Kris Putrins. Here at Hyper Gate, I'm responsible for our product expansion in the United States. And more about the company itself... Also, as already mentioned at the beginning of the podcast, we are based outside of the US. So we are a Swiss company. The HQ of the company, also all of the sales force, support, technical development and engineering, all of that happens here.

We started the business itself a little bit more than 10 years ago already, and we have various products in our portfolio, various technologies that we are leveraging for our clients. And I'm sure we'll have the chance to get more in depth on each of them later on in the podcast. But probably the first thing that we'll start with is the original flagship product of Hypergate, which is the Hypergate Authenticator. Really excited to tell you guys how it's made, for what it's made, and how we are enabling seamless single sign on for our corporate customers. Also, how we are helping them access their corporate resources in a safe manner. And again, security is our main mantra. That's our main ideology.

Reid Estreicher:

And I mean, it's kind of a big deal. We're almost in 2023. We're getting there, we're just running the corner, and cybersecurity, security in general, is just not going to be a thing of the past ever. We just have to be on top of it. So this has been something we've been hammering on within Beyond the Device for a while. This is great that we are finally able to move forward with you guys and hopefully get these solutions out into the US market here and beyond. You talked about Authenticator, this is a pretty great thing that you guys were able to do, because I think typical Kerberos... And maybe we should actually start there, for those people who don't know what enabling Kerberos means. What is Kerberos? It's a cybersecurity protocol. Can you elaborate on that a little bit for the folks listening? And there's probably some people on the line that know what it is, but just to level set so it's like "hey, I don't know what that is."

Kris Putrins:

Exactly. So high level overview is one of the, I would say mainstream and most well established security protocols on how devices do communication and signage and exchange of certificates. And the software that we've built is doing exactly that. So it's leveraging the Kerberos protocol while communicating with your active directory to get the keys from the KDC and then in the end, give your mobile phone a chance to have single sign on just like we are all used to having on our enterprise laptops or computers in the workspace.

And a silly side note here is a lot of people think that "hey, single sign on, how big of a deal is it in the end? It's just you putting in your password, logging in and that's that." The thing there is, is that it really does add up. First of all, if you have to access a lot of corporate resources and you have to log on each time, that adds up. Also on a separate note, which is kind of our second biggest point why the software was made, is the security. What you want to do is you want to avoid your password being lost or your password being phished from your device so that people can then access your resources without you knowing it. And yeah, this is exactly what Hypergate does and provides.

Reid Estreicher:

Yeah, so I think this is... One of the things that you talked about... So again, access is set up in minutes, not months. I wanted to talk about that a little bit because there's an issue about infrastructure change, and I think anytime that people start going down this route, it's like "oh God, how much is this going to cost me additionally?" Which is, I think, one of the reasons why it's like "yeah, I know this is annoying, but whatever. Oh, let's just keep doing it." And I've been in multiple organizations, and just in my daily life where you've got to log in 700 freaking times. Now there's a new thing with Chrome, every time I open that I have to re-authenticate in, which is unfortunately needed because of the world that we're in now. But it's also with work, and I'm actually going to be talking to our CEO, we're going to be rolling this out internally because we also want to have this. The constant signing in and signing in and signing in is very, very annoying.

We use NetSuite as our ERP, we're on Microsoft Suite as well. So to be able to just simplify a lot of this from mobile device perspective is really wonderful. But I wanted to go back to the infrastructure change because that's always a sticking point. It seems like anytime you want to go down this route, there is the talk of rip and replace or "oh God, now I need additional servers, and how much are those going to cost? And oh, by the way, if you haven't heard, after COVID there's a bit of a shipping issue and there's a lead time problem and we want to roll this out now." And it's like you can't because you're going to need stuff and you're not going to have it for another 10 months.

So I just wanted to talk about that as well, that there's a seamless way to get something like this in place without breaking banks and without smashing your head against the wall because you're so frustrated with shipping and lead times and what's actually available in the market. So can we just talk a little bit about the infrastructure piece and the intelligent design that you guys had put together to make this a little bit more seamless?

Kris Putrins:

Sure. Yeah, exactly. As you just now mentioned, the question of what type of infrastructure change will be needed or what type of additional services will be needed? That does come up very often. And the way that we've built up the software is, essentially we only need you to have, or the end customer to have, a managed mobile device. And again, we are UEM agnostic. We do see a lot of people using Microsoft Intune, there's a lot of people still using MobileIron/Ivanti, VMware, SOTI, you name it. Now the thing that happens afterwards, if the device is managed, all that happens in the chain is the UEM software pushes Hypergate application onto the managed mobile device and that's it. That's really all there is to it. And then it does the rest with communicating to your active directory to get the keys from there.

So there are no additional infrastructure changes needed, no backend changes needed. And yeah, I think this is... One of the things that a lot of companies ask us is "if we do want to test the solution or if we want to see how it works, how lengthy is the proof of concept timeline going to be? Are we talking six months? Are we talking a year and a half? What type of resources will be needed not only internal but also hey, who is going to provide all the backend infrastructure?" et cetera. So our answer to that is "none of that will be needed." So pretty much what you need is [inaudible 00:08:46].

Reid Estreicher:

That's a pretty great answer.

Kris Putrins:

That's a pretty great answer, indeed.

Reid Estreicher:

That's a great answer.

Kris Putrins:

So what you need is your current setup. If you are already managing your devices by one of the major UEMs, that's it. Once you get the Hypergate license, it's going to push the software, the application itself to manage mobile devices and to essentially test and see how the software works. It does take only a couple of minutes to see. Essentially the end goal there is, as we mentioned already in the beginning, to have single sign on experience for all your work related apps, browser, et cetera. And this is exactly what the customer gets in the end.

Reid Estreicher:

And then there's also some stuff that you've talked about with me offline about password reset, geofencing, the hybrid database that you guys have. This is interesting too, you guys are on PREM, which is unique because a lot of places have migrated outside. Can you talk a little bit about... Not outside, excuse me, to the Cloud where they're doing everything Cloud only. But you have a really unique solution in that you've got a bit of a hybrid model there. Can you talk a little bit about that and then maybe we can go through those lists of the password reset, geofencing, SSO insert and MFA? I want to make sure we talk about that too because you guys are pretty integral, and then we get into file manager and stuff.

Kris Putrins:

So firstly, about the reason why our software was meant and made to work really well with on-premise active directory setup. So the initial idea behind the product was we have to make it as secure as possible. And coming from Switzerland, security here is the number one issue and the number one priority for a lot of our corporate customers. Now that was back in the day, and so over the last let's say five years, and even more aggressively over the last three or maybe two years, the migration to the Cloud is happening all over the globe. It's not only US and Europe, it's happening everywhere. And the benefit of Hypergate is that we do support multiple different setups. So the initial one that we started with was a fully on-premise active directory. Now we also do support a hybrid setup, meaning you have part of your AD for example using Azure Active directory, part is still on premise.

Now the reason again behind it is really the security aspect of it all. For sure, if the company wants to keep everything and have everything in the Cloud, that's their decision. But from our experience and what we are seeing in the marketplace is that a lot of companies still keep the hybrid setups, and also a hybrid setup could be considered when you are in the process of migrating to the Cloud. And again, from our experience over the last 10 years, a lot of companies and a lot of people imagine that the migration happens seamlessly and swiftly, and it almost never does. So the process can take years to migrate fully to the Cloud and that's still the position where Hypergate is of great benefit for those companies.

Reid Estreicher:

Oh, just real quick, I forgot to bring this up earlier. You mentioned the UEMs, the major ones. And what if a company... Because it's not just the Big Five, right? There's some other smaller MDM, UEM providers out there. So if somebody's using something like Scalefusion or SyncDog, they have something that isn't technically integrated, is there an opportunity to do integrations with your tech team? Is that an opportunity or is it like "hey this is really where we shine and this is where we want to stick"?

Kris Putrins:

No. The words that were mentioned, which is that we are UEM agnostic, to really hold value for us. And so it's not only the big ones that I did mention in the beginning, but also the smaller ones, can be regional ones. We've done work with UEMs that are made for, and in specific countries as well. That's never an issue, that never has held us back and nor has it the customer. It maybe then takes a little bit longer time for us to do the initial testing procedures. But always, I mean, we do offer to have the setup call together with the end customer. So we go through the process together with them and of course before we would do that call, we would immediately start preparing the procedures to then integrate the software together with their specific MDM. So yeah, that's not a hurdle at all.

Reid Estreicher:

Okay, great. And then I did want to talk about the password reset piece of this because you can't be calling an IT help desk every two seconds. And then also the geofencing part portion of this I think is a unique feature to discuss.

Kris Putrins:

So the password reset, that function came out of a really large need for one of our first customers. Now, the problem that they were tackling was once you have the workforce that is using managed mobile devices up in the thousands of people, upwards of 10,000 people, every time that they have to reset their password or maybe sometimes they forget their password, it can become a large problem and it grows exponentially. So for example, a lot of companies have either 30, 60 or 90 day password reset policies and of course they have to happen in accordance with the active directory rules, meaning you can't put in your first name, you can't reuse the previous password, et cetera.

Reid Estreicher:

You can't do password 123, just four zeros in a row, all that stuff. No, you can't do it anymore.

Kris Putrins:

You can't do it anymore. Exactly. And the problem there that the customers faced was a lot of the times when the end user had to reset their password, they needed to get the help desk involved. Now, every ticket does cost something, especially if you are outsourcing that service to another company. And so that money you might think "hey, every three months there might be a problem. It only costs us, I don't know, let's say $30, $40, $50 per ticket." Now if you do that for 10,000 people, that money really adds up fast. And not only is the money aspect in there, but it's also the actual resources of the help desk. You don't really want your support engineers to just keep helping your internal workforce to reset their passwords. That's for sure not a high priority.

Reid Estreicher:

Yeah, that's not a value added activity. That's a waste of time.

Kris Putrins:

Exactly. And so what Hypergate does is, through the Authenticator app, once the time comes for the end user or the actual user of the mobile device to reset their password, they do get a notification that the time is up and they have to reset it straight on the mobile phone through the Hypergate app. Not only can that be done, but also we do it in accordance with the active directory rules. So for example, if John Smith gets a notification that he needs to reset his password and he puts in the password as JohnSmith1, in accordance with the active directory rules, he might get a prompt message that says "by accordance with our internal policy, you need to have at least... It can't be your first name, your last name. It needs to be three numbers, some capital letters and some standard letters."

And so he gets it straight on his mobile device. If he does everything in accordance with the active directory rules, the password is reset, Hypergate Authenticator communicates that to the internal active directory, and it's done. The person is back online, support never gets involved into that process, and people not only save time, resources, but also financial resources.

Reid Estreicher:

Okay. And again, it's like, you just can't have... Especially when you start doing it at scale... My God, you can't have people reaching out to a help desk to do something as simple as a password reset or even just to follow what the active directory rules are. And you talked about geofencing as well. There's kind of a unique use case. This pops up a lot in conversations around "can you geofence for security?" You guys have this set up. So can you talk a little bit about how you're executing that? Because I think, again, it's a unique thing that's asked for quite a bit.

Kris Putrins:

So there is an add-on product on the Hypergate Authenticator line. So what we call it is Smart Security. Now essentially what it does is, it takes information from the mobile device, and that can be any combination of sensors. So that can be location, time and date, movement. So again, like GPS information. It can be network information, et cetera. Now everything pretty much that your phone collects, that can be leveraged. And what then the software does is it takes those context data and it can ask you for additional information to then authenticate or connect. So for example, we've had various different use cases, and one of them involves not only geofencing, but also time and date based access. So for example, imagine you have two different company premises. You know have your manufacturing base A and manufacturing base B.

Now you need access when you are within the company premises. So what we do is we geofence those two spots where you can then gain access easily as you would normally in the office. If you are outside of the geofence, your phone for connection purposes might require you to do multi-factor authentication to prove that it's really you, for added security. Now, on top of that, because again, we can leverage most of the sensor data that is based in your phone, you can then have a task that the phone needs to be connected to the internal network. So it can't be using mobile network. Again, if it is using mobile network, it asks you for multi-factor authentication. And again, one of the bigger use cases is time and date based.

So for example, if an engineer or if a salesperson needs to access their corporate resources at 3:00 PM on a Tuesday, that's completely fine. They can still use the single sign on, they log in, everything happens as it should. Now the tricky part is, do they need to access the corporate resources on a Sunday at 7:00 PM or on midnight on Tuesday? In some cases, yes. But again, it's heightened risk. So for the device to prove that the user is the actual user, we then request the person to use multi-factor authentication to still get the access. That's pretty much what Smart Security does.

Reid Estreicher:

And that's... Again, it's like you look at most data breaches, we see this all the time with SIM products... System information management, not sim card... But where a lot of times if there's a data breach, it happens on Friday night at 10:00 PM, and then everyone's gone, nobody catches it until Monday morning, and then it becomes a police action where you're literally going back and you literally have to walk everything back. Logs, figure out where the breach happens. So again, just having a modicum of control on these devices. This isn't rocket science, and we talk about this all the time, but it's like, we really are getting into a place as we become more connected... I mean, things like the Metaverse that are going to probably exist or maybe crash and burn and won't exist, I don't know, we'll see what happens with that stock.

But things that are happening, and as we get more connected to the digital world, and this doesn't seem like it's stopping, there has to be a mechanism to make sure that if you're accessing data, it's the right person accessing the data and it's at for the right time and it's not at a goofy location. If you were working for, I don't know, American Airlines or something and you went to go access your information in the United Airlines headquarter, I feel like that would probably raise some red flags, something to that effect. That's a terrible example, but you know what I mean.

I did also want to talk about file manager and then speaking of airlines, I wanted to get into the verticals that you guys... And we've talked about a bunch of use case examples as well so we can probably bypass that. But I did want to talk about the file manager piece real quick, the solution, and then we can talk about some verticals where you guys are successful and then we can do some wrap up and closing comments. So file manager next. Did I leave anything off the MFA before we move on?

Kris Putrins:

One additional thing that I wanted to mention, and this is very specifically for US based companies and customers. Now, the time-based access really comes into play there, especially because most of the attacks on phishing and on corporate, or trying to steal corporate resources, come outside of the United States. So you have to imagine that if it comes outside of the United States, the time difference can be, let's say 6, 8, 9 hours. So those are the times when the corporate resources get access in weird times. You would think "hey, it's only 6:00 PM in New York." Well, but halfway around the world... Or let's say halfway around the world it's 6:00 PM, and in the United States or on the east coast it's only 1:00 AM or it's 11:00 PM. And that's when those resources get accessed.

So that already kind of phrases a question mark or a red flag for us. And so hey, if the person can still provide multifactor authentication and pass all the security checks, sure, someone might need to access the data at 11:00 PM. But again, it's the added security layer to really help you catch when those attacks do happen.

Reid Estreicher:

Okay. All right. So regarding the file manager portion of this, can you talk a little bit about how you guys are providing access to... I think you hit a little bit of it earlier, but just I wanted to make sure that we cover that as a separate segment, the file manager portion of this.

Kris Putrins:

Exactly. So that's one of the additional products that we've built and that we have in our portfolio. Now the Hypergate files, what it does is it accesses your corporate resources, it helps you share files, download files, and essentially it acts as a replacement for any existing file manager software that you are currently using. Now, the best thing there is you do get to access all of the files in their native format and in their native apps. So no additional weird software needs to be downloaded and used. And of course you can then download those files, you can edit them, you can then share them through email with your colleagues. And essentially what Hypergate files does, it connects with your SMB and NetApp file shares, and then gives you the access to all those files in a secure manner, again, on your mobile phone.

Reid Estreicher:

Making sure that the person trying to access that is the right person and not having any issues.

Kris Putrins:

Exactly.

Reid Estreicher:

So it's yet another layer of security to get into. Okay, and then what verticals have you guys really seen success with? Because... And this is the reason I wanted to talk about this, you are based overseas, you're not a new company as you so stated at the top of this, you're over 10 years old. It's not like you're a startup and you're just "we're going to give this a shot and hope it works." You guys are doing some pretty big things. It's just I think you're newer to the US market, so as anything that's new to the US market, there's always a little trepidation, but I think it would be for all the wrong reasons. So I just wanted to make sure that people are aware of the other verticals that you're playing in.

You're doing some really big things with some very important, I think government and financial organizations as well. So can you just go through some of the verticals and maybe... I don't know if we can mention anybody by name legally that you're working with, probably not. But maybe if you just want to talk about from a high level of the institution, that would be I think great for the audience listening.

Kris Putrins:

Oh, sure thing. Yeah, as you mentioned, we are based outside of the US, so we're based overseas, but we do have an existing customer base also within North America. The typical customers that we work with and that are using Hypergate applications do include the financial industry. Obviously we started here in Switzerland with the biggest financial institutions here, but we've also done business, and there's multiple Fortune 500 companies based in the US that are using Hypergate applications. The other aspect is, of course, government and governmental organizations. So those come all the way from federal government based here in Europe and elsewhere, also all the way down to local municipality level governments, law enforcement agencies, military contractors, military companies or companies that provide military services, et cetera. And again, the main aspect that we are tackling with the Hypergate solutions is, if a company or an entity is interested in security or if they are working with secure data, they do need this additional layer of security.

Some companies really can't afford to risk their people losing their passwords. There's still so many players globally interested in phishing attacks for that specific company that they need to have as many layers as possible. But again, because the companies tend to be large, or... Usually starting from the smallest I guess would be a couple hundred people working for the company all the way up to over a hundred thousand people working for a company. The backend changes are a thing that really scares those people and they don't want to change their current infrastructure. They've put in a lot of resources in there. And as we did mention at the beginning of the podcast, the question of "do we need to make any changes to our existing backend and to our existing infrastructure?" is a key point for them. And when you get the answer that "hey, Hypergate is an add-on and it well integrates with your current setup," that makes things much more easier and way less complicated.

Reid Estreicher:

Yeah, absolutely. So again, so finance, government, think three letter agencies, fed gov, municipalities, think airline manufacturing.

Kris Putrins:

Yes.

Reid Estreicher:

I think of like mining EONG, energy, oil, natural gas, anybody that has secure files.

Kris Putrins:

Energy and gas, yes, that's one of the big ones. And it's-

Reid Estreicher:

Utilities.

Kris Putrins:

Utilities as well. So those are the ones that are picking up steam right now over the last, I would say year, maybe half a year. In addition to that, we've seen great interest from health care providers, so that being state hospitals, city hospitals, et cetera, where they also have, or they are working with sensitive customer data or sensitive patient data. And of course a similar industry to the financial one is the legal industry. So all of the large lawyer companies are also using Hypergate applications.

Reid Estreicher:

Yeah. Also, I would imagine anybody doing anything with mortgages, that's a lot of-

Kris Putrins:

Yes.

Reid Estreicher:

We have a huge problem in this country with title theft, like a really big problem. And I know that we can't talk about it yet, but we're going to do another follow up with Hypergate for how they can solve those problems. There's a little teaser for you. And then we'll also talk about the self onboarder tool as well from that other episode. But I think, you know, you look at financial documents. I mean, again, there's so many things that just are, at a moment's notice, very vulnerable. It's so crazy, too... I don't think people really realize it, but it's like "man, the one wrong move and you could access a ton of data." And still to this day I get stuff all the time in the mail of a company I forgot I even had an account with seven years ago that got smoked, and now my personal information's running around somewhere on the internet. That's awesome.

So it's a real problem. It's a real problem and it's easy to fix, it's easy to solve. And if you don't know how to solve it, please reach out to us. You can leave us a comment in the comment section, you can hit us up at sales@3eyetech.com. Whatever the case may be, we're here to help you guys wherever we possibly can. And actually that'll bring us to the end of the episode. Do you have any closing comments? Any quick wrap up for the folks listening or watching?

Kris Putrins:

Yeah, I guess the only thing that I would add is if people do have questions or they really want to see how complex or not complex the setup is, please be sure to reach out. We're always available to help you set up the solution, help you test it. We can do it together with your engineers and then once you see it working, you probably won't be looking back. So yeah, that's probably in conclusion.

Reid Estreicher:

Yeah, that'd be great. Yeah, if you guys want to get a demo up, please do reach out to us. We'd love to show you this stuff. It's not complicated and it fixes a lot of problems as we just went through many of them. Kris, thank you so much for joining us for another episode of Being on the Device. And thank you guys so much for watching and tuning in. Regardless if you were just listening or if you were watching, whatever medium you chose, please do leave us a comment in the comment section. We do read them. It helps us gauge what kind of content we should have on here and answer questions for you guys along the way. If you have any questions, do reach out to us at sales@3eyetech.com, it's sales, the number three, eyetech.com. Thank you guys so much for tuning in. Be sure to check out the next episode to Being on the Device. We'll see you guys on the internet. Bye.

Kris Putrins:

Thank you everyone.