Founders Ep.6 - SoloInsight - Digital Identity from HIRE to RETIRE Artwork

The Inside Track - An HID Podcast

Board Certified Physical Security Professional and HID Mobile Evangelist, Phil Coppola, provides you with a comprehensive look at all things related to the Physical Security Industry, with a tilt toward Mobile Access technology.

All Episodes

The Inside Track - An HID Podcast

Founders Ep.6 - SoloInsight - Digital Identity from HIRE to RETIRE

April 17, 2026 • Phil Coppola, PSP

0:00 | 24:46

What does it really mean to manage identity in a modern enterprise—and why is access control no longer just about doors?

In this episode, I sit down with Carter Kennedy and Farhan Massoud of Soloinsight to unpack the evolution of physical identity and access management through their CloudGate platform. We explore how organizations are moving beyond fragmented systems toward fully orchestrated identity workflows that connect physical and digital environments.

From mobile credentials and zero trust strategies to AI-driven risk detection and identity “cleansing,” this conversation dives into how automation is transforming security operations at scale. We also tackle the growing convergence of IT and physical security—and why insider threat, compliance, and user experience are now driving forces behind access control decisions.

If you’re still thinking about access control as a card and a reader, this episode will challenge that mindset. Because the future isn’t just about opening doors—it’s about understanding identity across the entire journey, from onboarding to offboarding and everything in between.

SPEAKER_00 0:00

Today's episode is brought to you by HID Mobile Access, the most secure and convenient way to open doors with the device you already use every day. With HID, organizations get flexible, future-ready solutions that easily integrate into workplace and tenant experience apps, creating a seamless journey from street to suite. If you're ready to modernize your access control experience, try it for yourself. Sign up for a free trial at HIDglobal.com slash solutions and click on mobile access.

SPEAKER_02 0:35

Founded in 2013, Solo Insights Cloud Gate platform was built to unify physical and digital identity workflows across the enterprise. CloudGate manages mobile access, visitor management, contractor onboarding, smart parking and emergency mustering, and much more. Joining us today are their CEO, Carter Kennedy, and their founder and president, Farhan Massoud. Together, they'll break down what it means to orchestrate identity at scale, how automation transforms daily operations, and why physical identity and access management is becoming foundational in the modern access control ecosystem. So, as promised, I am joined by Carter Kennedy and Farhan Masud from Solo Insight, and we're going to talk all about the CloudGate platform and your journey to how you get to this spot and get interviewed by the mobile evangelist. Join as always is my uh illustrious counterpart here, Troy John Stun with a T. Thank you. So as I start these uh sessions, what I'd like to do is I've I've obviously done a lot of research on your company, and obviously we've worked together in the past, but I wanted to distill who Solo Insight is into one paragraph. So I'm just going to read this to you and to the audience, and you tell me if this is directionally correct or if we're missing anything. So Solo Insight, founded in 2013, is a provider of security workflow automation and physical identity and access management solutions through its CloudGate platform. CloudGate supports physical and digital identity management, mobile access, visitor management, contractor onboarding, space reservations, smart parking, intercom capabilities, and emergency mustering. That's a lot. The platform integrates with over 150 access control systems, including Linnel Genitech, obviously you're a partner of HIDs, and you enable identity and access workflows to be centrally orchestrated across large enterprises and portfolios. That's a lot. Is that right?

SPEAKER_01 2:35

That's right.

SPEAKER_02 2:35

Wow. So I would say this is probably the most robust platforms that I've that I've seen in terms of like pure capability. Before we get to this point and talk about the product itself, how do you get here? You don't just develop a platform like this overnight. So what's what's the origin story?

SPEAKER_01 2:57

So I think the origin actually goes back to my work in Dubai. So this is pre-9-11. Okay. And uh Dubai uh airport was actually one of the first ones that actually came up with the global entry programs. And I was the one leading it. So we we actually built that whole process for all the travelers that are coming into the country. And there is a national identity program that was actually triggered with it. And we were actually processing not only visitors, we were processing expatriates, we were processing nationals, and you know, changing the policies around different countries, the you know, changing uh scenarios around security and compliance. It's like knowing exactly which uh you know rules and regulations apply to which national of which country. So we actually saw that uh you know change come in the airports and uh post-9-11, you know, we actually saw that need should actually be transferred to normal buildings. And that's actually became the genesis of our uh you know idea when I met Carter. We actually shared uh the same uh passion. And we decided to bring in uh you know the compliance automation and workflow automation around all security, safety, privacy uh combined together into one identity platform.

SPEAKER_02 4:19

Wow. I mean, talk about a high-stakes environment, right? And to be born almost in the fire really is uh is quite impressive. Uh Carter, how do you get involved in the company or like where did you guys meet?

SPEAKER_03 4:33

Yeah, so I'm uh I'm a serial entrepreneur. I um after college, I worked for an investment banking firm and then developed my own options model, sort of a derivative of the Black Shoals model. I could share with you the technology around it, but it it described the way that I thought of outsized statistically uh unlikely events and how that I wanted to capture that risk within the context of the model. So traded uh a variety of different products, equities, options, built out my own commodity trading advisory, managed money from Goldman, built algorithms, so all about all around numbers and data. And prior to meeting Farr and I had built out a company called AirTai Compliance for the Needs of RIs and hedge funds after Dodd Frank. So putting together, putting together workflows around new compliance rules and regulations. When we met, it was obvious that you know compliance complexity and contractors were something that we could we could tackle. Um I, you know, worked with Caterpillar in the past, and I understood that all these rules and regulations needed to be automated and you needed to make people aware of these circumstances. And so when I left my company, we decided to form our partnership and take on that universal truth, which is your identity. You have that from your birth to your death and all eternity. And how does that interact with the physical landscape and the digital landscape? And how do you take that universal identity throughout that entire workflow and that entire uh hire to retire piece of your business?

SPEAKER_02 5:57

That's a first. So I've heard street to sweet. I've not I've never heard hire to fire.

SPEAKER_03 6:01

Trevor Burrus, Jr.: Hire to retire. Hire to retire.

SPEAKER_02 6:04

Well, hire to fire, I know all too well. Hire to retire.

SPEAKER_04 6:08

Wow. That's that's a good one. Trevor Burrus, Jr.: But it's an important, it's the first phase of the journey, right?

SPEAKER_03 6:13

It is, and I think that's why we're what kind of what we're seeing here from a digital transformation perspective. That's why mobile credentials, we're hopping ahead, but mobile credentials are that trigger which starts the digital transformation journey into temporary access for visitors, contractors, vendors, and patients, into permanent access for employees and tenants and others, connecting into the network for audits. So it's it there's a perfect setup for what we're doing as a company holistically, end-to-end from a security perspective.

SPEAKER_02 6:41

I think that is so correct. Um it comes as no surprise to anybody watching this that I think that mobile credentials is like the future. But what we mean by that is what uh it enables somewhere else. And when we talk about like identity and what it the value that it brings to solutions like yours is not possible unless we start thinking about identity digitally. If we're continuing to use plastic cards as this identif identification method, well, there's there's a limit to what that thing can do. The limit to putting that identity on a phone is is sort of limitless, right? It yes, today I'm using NFC or or BLE to communicate with a reader, but what else can it do now, now that I've digitally transformed that that identity? So I think that's directionally, that is 100% correct. And it's the paradigm shift that that we're sort of experiencing right now. So can you talk a bit about like the product itself? What does it actually do? Because it's it sounds like it does a lot. Like it's almost like a Swiss Army knife. It does a little bit of everything. But where are you seeing success in what vertical markets?

SPEAKER_01 7:56

So I would actually say that, you know, uh continuing to your last question, um, you know, putting identity on the phone is actually bringing the real identity assurance. Ah right. So, you know, you can actually have a physical card handed over to someone else, uh, but you can have, you know, you would never want to give your phone to someone. No.

SPEAKER_02 8:18

Not unlocked. Not unlocked.

SPEAKER_01 8:21

So um, you know, it's it's it's actually a headway towards biometrics. So, you know, uh, as we see that uh, you know, eventually the biometrics will pick up as well, but uh, you know, mobile plus biometric, that is the TRA mode that is available on the phone itself, is sufficient enough to uh you know give the identity assurance that the big corporates require, especially entering the critical areas. Uh, you know. Um so currently, uh what Solar Insight has a physical identity and access management platform, and it's purely based on workflow uh automation. And uh it's it's a no-code tool so that you don't have to go and uh you know rewrite different requirements, different clients, different processes. So you can, you know, it's very flexible to uh you know meet all those requirements. And we actually take on, as Carter said, you know, complete journey from onboarding, transfers, um, and uh offboarding of people. And not only just that, uh we linked that with their digital identity. So if you have Active Directory, you have Okta, you have uh any of these uh you know SSO tools that you use. And we wanted to bring the same IAM functionality that was available to digital security, to physical credentials and physical security itself. So that's that's where the physical identity and access management born.

SPEAKER_02 9:48

So I feel like physical identity and access management, also known as a PAM or PAIM, sort of gets a bad rap because it it sort of gets weakly associated with a PSIM, which for many years in the video surveillance world, which a lot of security systems integrators had the uh fortunate or unfortunate experience of having to work with, was this big clunky thing that was trying to stick square pegs and round holes and get a bunch of stuff that was never designed to work together to work together. And then we have companies like yours that are doing it actually quite successfully in the access control space. So, what would you say to a systems integrator that's looking at a platform like yours? Is this something that they need to be afraid of, that it's gonna break, that it's brittle like an old PCM, or is uh should they be thinking about your platform differently?

SPEAKER_01 10:35

They're thinking it differently. I think uh, you know, it's total software driven. Um, you know, it's a there there are actually layers actually that interact with hardware, but uh, you know, it's purely software driven, it has self-healing capabilities, it has artificial intelligence that's constantly looking at the connectivity and making sure uh the latency is covered and uh you know any any areas of errors that that that could be removed. Uh but I think uh it's it's actually a way for uh them to you know assure their customers that the their identity programs actually will go very well and they will be utilized. So right now there's a bunch of manual work that uh you know companies end up doing that actually, and you know, that's error-prone, uh, you can actually make mistakes. So you need to bring automation to it, and that is only possible through physical identity and access management solutions. I understand that PSM has actually some bad name, and uh but we actually looked at uh you know identity governance and workflow automation. That's the area that we are expanding it.

SPEAKER_02 11:39

Understood. And from a systems integrator perspective, what should they be looking at in terms of partnering with a solo insight for the CloudGate platform? Like is this something that you guys just sell direct to an end user or is the channel part of your strategy?

SPEAKER_01 11:55

Channel is part of our strategy. And uh, you know, we actually already work with uh the major uh integrators in the market, and uh we're constantly signing more of those. Carter can actually put more light on that.

SPEAKER_03 12:06

Yeah, it's interesting. So uh we know that people buy from people they trust and like. So this is a very hands-on business and developing these relationships. I was we were out with one of our partners the other night, and he said, you know, Carter, you've only been in this business for a very short amount of time. I said, I've been here more than 10 years, and he goes, that's nothing in this industry. You're a baby. Right. I'm just but I think that you know one of the things that the integrators have done a great job of, and as they they be become more future-looking, they're trying to figure out not how I sell a burglar alarm or a kiosk or a piece of hardware and have to go back after five or eight years and resell that, but how do I provide workflows that can actually substantially and materially add ROI with no rip and replace, become very sticky to these customers, and how do I get a piece of that software business? Uh and then the other piece of the of the puzzle, which I think is very interesting, is a trend that we're seeing in the market. You know, the CISO is now having the CSO report to him. Uh we're seeing it, you know, the many of the challenges from a network perspective have been solved for Trojan Horse, man in the middle, force attack. But the what hasn't been solved from an attack vector perspective is that insider threat. So who comes into a building? So we have a a major bank client. Um they had had an issue where the driver's licenses were misread, and they found people walking around looking for a computer to steal, or they're trying to get into a data room. You can't stop that from an attack vector unless you have the security from a physical perspective. So the trend that we're seeing is that cyber is saying, wait, we're not complete. In order for us to have a complete uh security stack, we need to add the physical component.

SPEAKER_04 13:46

That's interesting.

SPEAKER_03 13:47

So we're there, we're gonna get dragged up into that to complete that whole stack.

SPEAKER_04 13:52

So from your perspective, it's the IT perspective leading it, but now it's it's a hundred percent essential that both security or physical security and IT work together now. Trevor Burrus, Jr.

SPEAKER_03 14:00

Exactly. And a different budget we're tapping.

SPEAKER_04 14:03

Yeah.

SPEAKER_03 14:03

So this is coming from the C-suite, it's not coming from the CSO. Yeah.

SPEAKER_01 14:07

And the digital transformation would not happen without uh including the physical.

SPEAKER_02 14:11

Yes, of course. Yeah, it's funny. I was chatting with a life sciences customer, and they had made the jump to wallet, and their their stance was TRA only. In other words, so TRA, for those who don't know, is uh it mimics the uh the Apple Pay, Google Pay experience that you have at like a cash register. I go to pay for something, I present my phone, I have to unlock my phone and select my card. With TRA, you don't have to select your card, but you at least have to unlock your phone before the credential will transmit. And I I push back, I'm like, well, isn't that a little inconvenient, right? The whole point of mobile can be this convergence of convenience and security. And to his credit, he goes, we want zero trust in our environment. And so how can I trust a piece of plastic or how can I trust a phone that somebody could just take off of somebody's desk and start pen testing? So in a zero trust environment, yeah, I'm making I'm adding a little bit more friction, but that friction prevents the insider threat. So I I think that it is a hundred percent correct. But, you know, again, legacy folks, the the the non-babies in the room who have been here for 20 years, and we've done this over and over again, it's like the the initial gut reaction is, oh, we have to make it as easy as possible for everybody. Well, no, a little friction is good sometimes.

SPEAKER_04 15:33

Yeah, I think it is. I mean, to that point, you mentioned zero trust. We hear this more and more, right? And solo insight is probably best positioned to address these sorts of questions. What requirements are in users, like you do with a lot of high-end end users, what are they asking for from a feature set, from a compliance set? What are they asking for?

SPEAKER_01 15:50

So, you know, it's like um there are there are major compliance requirements, especially in the regulatory industries. Um they have uh you know, SOC compliance, SOX compliance. Um they they have to go through GDPR. There's a lot of processes that actually come in the way of identity. And identity is PII. And if you go into healthcare, that is uh, you know, you had green HIPAA, you know, compliance. Um these are very regulated environments, and they actually have certain um workflow requirements and uh certain uh approval processes to be in place before somebody's given access to certain areas. And they are defined by policies. It's all policy driven, it's all you know uh it's it's it's actually uh contextually aware kind of environment that where we have to make decisions one person, the same door would behave differently than another. So this is how we actually control a typical pack solution, it would actually treat everyone equal. Whereas when the physical identity and access management comes, where we enforce policies, you know, do you have the uh you know the permission to even go in? Right. Or not.

SPEAKER_02 17:05

Right.

SPEAKER_01 17:05

And the zero trust means that you do not have permission by default for anybody.

SPEAKER_04 17:10

Yeah.

SPEAKER_01 17:11

So it is given on ad hoc basis, right there and then. And then the system decides if it if he fits in within the policy right away, given access right away. If they needed approval, the approval request sent to their managers. And they wait. And once their approval is given, they can access. So this is the the you know the grassroot of uh you know zero trust.

SPEAKER_04 17:35

Can you balance that with a seamless experience? You know, you talked about the friction and the need for that additional security, but how do you balance that with the experience?

SPEAKER_01 17:44

So, you know, one thing is pre-approvals, right? So we actually see that, okay, you're headed to a facility, you have actually sent a pre-request, you know, you're already set before you even get in the building, even though the whole compliance process has been run in the background. So, you know, the pre-process is one of those, and then you know, having everything uh digitally uh available to you. So, you know, it's like not only that you've uh you know uh move towards the mobile credential, but the experience could be uh a text message followed by it, you know, which which actually requires approval or not approval, uh, would actually give awareness to people. So typically today, if you actually see you go in a reader, you swipe your card, you don't know why you're denied. But now we can actually provide you with the information that why was you why were you denied and how would you get access if you need to.

SPEAKER_04 18:30

Wow, so that automatic feedback. Absolutely. Okay.

SPEAKER_03 18:33

So maybe maybe let me see the question I want for foreign to answer, but philosophically, what's taking what's taking place with the technology that we're bringing to different enterprise challenges is uh from a risk analysis and risk perspective, companies want to have a proactive and not forensic approach to all of risk. So they want to be able to look at anomalous behavior and take action before something terrible occurs. And so Farn uh can share a little bit about some of the AI things that we were we're building to kind of manage and monitor that digital century, that AI century that sits on top and watches anomalous behavior and pulls things and gives you the alarm before something bad happens.

SPEAKER_01 19:17

Yeah, I think uh, you know, it's it's very important to uh the system to behave as they are contextually aware with the current situation, um, the identity, uh, to the extent they know that, you know, this person has just recently been hired. Uh he's on the wrong floor, it's the wrong time. You know, he should not be here at all. So we stop his access. Rather, then you find it later on in the annual audit that somebody accessed it and we don't know what he took.

SPEAKER_02 19:48

Right. Yeah, that that's so interesting because to uh you made a comment earlier of like access control treats everybody the same. And I was like, hmm, is that true? And then you just said that, and I'm like, yeah, he's right. Because yeah, I may have had access denied, or maybe I did get access granted, but why were you here at you know, seven o'clock in the morning? You never come here at seven o'clock in the morning.

SPEAKER_04 20:07

It's just a binary reaction within context. Yeah. So what you're talking about is almost like adding a human element, right? You you're providing context, you're not analyzing it and going, well, that that's logical or illogical to your point. An early starter, maybe they are lost, as opposed to the employee that's been there for two years that is now wandering the corridors at midnight.

SPEAKER_01 20:26

And the intelligence should be to the level if the system knows it's a CEO and he has access, even though he does not have access. Right. So he should be uh able to override.

SPEAKER_02 20:37

Right? Right.

SPEAKER_01 20:38

So it's like it's not only the you know the negative side of it, it's the positive side of it as well. Trevor Burrus, Jr.

SPEAKER_02 20:42

Yeah. It's funny. I uh the one of the best examples I could think of something like this where AI was not used in this case of uh this is going back a few years. I was still working for Genitech at the time and I was talking to a higher uh uh K through 12 customer, and I said to them, How often do you check your access control logs, like to look for access denied events? And they're like, oh, never. Nobody ever gets access denied. I'm like, okay. Run a report right now. And of course, many access denied events came up. A lot of it was just people using their gym card by accident or or whatever. But a number of them, because they had uh credentialed all the students, a number of them were students getting access denied at five o'clock in the morning, six o'clock in the morning. And they ended up doing an investigation and trying to find out like why were these kids trying to get in? Well, because mom or dad left the house at five o'clock in the morning and they had to go somewhere, and ostensibly they turned this child away from the facility. And so now they had to have a whole policy conversation. So it's not always necessarily people doing the wrong thing. Maybe there's if we had some context around what they're trying to do, we can fit that in, right? If you're here at 7 o'clock in the morning and you get access denied because you're out of schedule, well, shoot, maybe I do want you in here because you're you're eager to work. Um Yeah. So like the con I think AI for that is fantastic.

SPEAKER_01 21:57

For example, you're 15 minutes early, you know? Right. The system would deny it because they said that you have to come back exactly 15 minutes later. But the system should be able to judge that, you know, okay, he's just 15 minutes early, we can actually you know let him in. Yeah, give him a little grace. Give him a little grace. Once they come in and work. And one one other area that you may not have heard this term. Uh, have you heard about identity cleansing?

SPEAKER_02 22:18

No.

SPEAKER_01 22:19

Okay. So this is this is a special service that Solo Inside offers to his clients. And very interestingly, when we actually onboard a customer and we do this identity cleansing process, we we know exactly how many identities are still valid in the system and the people have left years ago.

SPEAKER_02 22:39

So this is such a huge problem in a lot of commercial buildings here in New York City and in many places where they still exist in the database. The card was never gotten never took back. You know, they left, and maybe they're probably not gonna do anything bad, but probably is not a security policy.

SPEAKER_01 22:56

At least it would look bad in audit.

SPEAKER_02 22:57

Yes. Yeah, exactly. Exactly. Well, gentlemen, we are we're right at time. I greatly appreciate this conversation. I it's actually been quite thought-provoking, and and the idea of cleansing is uh is something that I haven't thought of before. If somebody wants to learn more about uh Solo Insight and the Cloud Gate platform, where are they going?

SPEAKER_01 23:16

They go to soloinsight.com.

SPEAKER_02 23:18

Soloinsight.com. And um just real quick from uh from a go-to-market strategy perspective, do we work with systems integrators, distributors? How do you guys go to market?

SPEAKER_03 23:29

Channel integrators, specifiers, vendors, direct everybody. So they're it's usually it's driven a lot of it's driven by the customer. Yeah. I mean, because many of these relationships with large enterprise customers or or hospitals or even um you know, commercial real estate portfolios, they already have a partner, and the partner serves a certain certain provides a certain service. So we're happy to work with them going forward and be put become part of that bigger family. Absolutely. But if somebody wants to go direct, um, as long as we're not, you know, there's as long as you're going we're doing it in a straightforward manner, we'll go direct with them as well. So whatever the customer wants.

SPEAKER_02 24:03

Lots of options. Yeah, fantastic. Gentlemen, thank you for your time, and we'll see you on the next one.

SPEAKER_00 24:10