A robust credentialing solution promising cost savings for enterprises and improved privacy for users was announced Monday by Israeli identity verification and management company AU10TIX.

The firm said it is working with Microsoft on Reusable ID, a technology that uses verifiable credentials to enable enterprises to simplify and speed up ongoing ID verification, reducing customer onboarding costs. reduce costs, automate workflows, and enhance the security of sensitive data.

Furthermore, it enables users to store their information locally in a tamper-proof digital wallet that gives them control over what information is passed on to third parties.

AU10TIX explained that verifiable credentials are reusable, immutable digital credentials that authenticate the identity of an individual or entity and allow the secure sharing of personal documents and biometric credentials.

The verifiable credential architecture also gives users the self-sovereignty to share the right information on demand for tasks such as opening accounts, applying to college, and paying taxes.

“The creation of immutable digital credentials is important because it enables secure and tamper-proof identity verification,” said Mark Brady, AU10TIX’s vice president for emerging products.

“Digital credentials can be easily changed or forged, which poses a significant risk to identity verification processes,” he told TechNewsWorld.

“Immutable digital credentials ensure that an individual’s identity is accurately and securely verified,” he continued, “which is especially important in sectors such as financial services, healthcare, and government.”

up-leveling verification

Karen Walsh, principal at Allegro Solutions, a cybersecurity consulting company in West Hartford, Conn., explained that digital credentials go beyond a simple username and password by linking a person’s physical self to their digital representation.

“A digital credential can link personal documents, such as a Social Security card or passport, and biometrics, such as Face ID or fingerprints,” he told TechNewsWorld.

“However, reusable IDs will give companies a way to incorporate HR documents with these biometrics, ultimately up-leveling verification,” she said.

“With Unique Authentication, you are ensuring that a user is who they say they are, but trust them to identify themselves honestly,” he continued. “With Reusable ID, Microsoft is going to be able to verify the initial ‘who they say they are’ with government documents.”

Microsoft senior product manager Deepak Marda explained in a statement that the reusable IDs will be used in his company’s third-party onboarding flows to prevent fraudulent activity and ensure regulatory compliance at critical stages of user identity verification. Bar verification can be streamlined.

“Decentralized ID verification is a critical imperative in the digital world, and the AU10TIX solution will increase security while reducing friction in the online ID verification process,” he said.

unfulfilled promise?

Roger Grimes, a defense evangelist at KnowBe4, a security awareness training provider in Clearwater, Fla., noted that decentralized ID is an attempt to turn tangible control of a digital ID over to the user who uses it.

“The real challenge with digital IDs is whether they can actually be decentralized or what percentage of them can actually be decentralized,” he told TechNewsWorld.

Like the promise of crypto and decentralized finance, he continued, true decentralization never happened. “For a myriad of reasons,” he said, “it turns out that most purportedly decentralized DeFi had more centralized control than the traditional things they were replacing.”

“True decentralization of anything is hard, and IDs are no different,” he said. “Most people don’t want the hassle of maintaining and securing their ID. They just want to use them and make them work.

He stressed that digital ID standards proposed by the World Wide Web Consortium could lead to true decentralized IDs, but he questioned whether the standards would have any staying power.

“Will they be adopted by any meaningful percentage of users, or will they only be used by a very small percentage of privacy enthusiasts and nobody else?” He asked.

“We don’t know yet,” he said, “but if history is any lesson, the promise of digital IDs is bigger than the number of people who will use them. I hope I’m wrong.”

age old damage

Brady notes that in the past cost has been a barrier to the widespread adoption of secure verification methods such as using tokens. “Additionally, there may be resistance from users who are not familiar with the use of hardware tokens and prefer the convenience of traditional forms of identity verification,” he said.

David McNealy, CTO of Delinia, a global privileged access management provider, pointed out that digital credentials have existed for years in the form of PKI certificates and FIDO authentication mechanisms.

“However, we need a better way for users to create and verify their identity, as well as enable better ways for users to control the information they submit during the account creation process,” he added. told TechNewsWorld.

“There are many advantages, but there are also some chronic disadvantages that will accompany us as we move toward digital identity,” said James E. Lee, chief operating officer of the Identity Theft Resource Center, a nonprofit organization devoted to digital identity management. To reduce the risk and reduce the impact of identity compromise and crime in San Diego, California.

“Digital identities are more secure and more privacy-focused, but there is no such thing as immutable identity credentials,” he told TechNewsWorld. “There’s always a way around it.”

enhancing cyber security

Lee praised the AU10TIX/Microsoft venture. “It’s a step in the direction we’ve been looking at for some time with FIDO, with passkeys instead of passwords,” he said.

“If you move to a secure transaction based identity using tokens,” he continued, “it is going to be a more secure process and result in more reliable results than handing over driver’s licenses. “

“One of the things we’re seeing is a tremendous increase in driver’s license data targeted in cyberattacks,” he said. “We are seeing data breaches being committed specifically to obtain driver’s license information. This will not happen with digital credentials.

Brady said better credential management can enhance cyber security by reducing the risk of identity theft and fraud.

“By using more secure and tamper-proof digital credentials, organizations can ensure that only authorized users can access their sensitive data and systems,” he said. “This reduces the likelihood of security breaches and helps protect against cyber threats.”

“Improved credential management also simplifies identity verification processes, making it easier for organizations to manage access to their resources and reduce the risk of unauthorized access,” he said.

According to Forrester Research, the global rising tide of cyber threats from nation-states should be a red flag for private sector security leaders across all industries to prepare for more frequent and brazen attacks in the future.

To help companies prepare for the changing nation-state attack landscape, Forrester unveiled a new model on March 2 that will defend itself and prepare for an expected attack to comply with regulations.

Ellie Mellon, Forrester senior analyst and lead author of the report, pointed out that 40% of cyber operations reported by country target the private sector. State-sponsored attacks have increased by nearly 100% between 2019 and 2022, and their nature has changed – with more being carried out for data destruction, denial of service and financial theft than in previous years.

The Forester model is built on three stages.

First, understand how nation-states attack organizations. A good starting point is the nation-state escalation ladder available in the model.

“It’s a wise approach,” said Erich Krone, security awareness advocate at KnowBe4, a security awareness training provider in Clearwater, Fla.

“Ultimately, for the victim, does it really matter which actor is responsible for the attack that steals money or sensitive information?” He asked.

Crone told TechNewsWorld, “Focusing on how these attacks are being carried out, especially as cybercrime groups mature, is more important for most organizations than worrying about the source. “

“Being aware that you may be a target is important, however, and planning should be a part of the threat model,” he added.

threat modeling

Second, build threat models based on organization-specific nation-state threats.

“Threat models for geopolitical actors are the living context of who, what, where, when, why and how nation-state attackers target your organization,” the report said. “They help predict future attacker activity, close visibility and detection intervals, plan for future market moves, and provide a solid context for executive discussions.”

“Proper threat modeling is absolutely critical when talking about nation-state actors,” said Alexis Dorais-Jonkas, senior manager of threat research at Proofpoint, an enterprise security company in Sunnyvale, California.

“An organization that wants to enhance its defense must determine that hundreds of state-sponsored actors are targeting them. Then it must prioritize measures to counter those threats,” Dorais-Jonkas told TechNewsWorld.

The third step is to get involved in influencing the narrative around cyber security. To do this, security leaders need to know what the security requirements of the government jurisdiction for their business are; managing its relationship with the government through means such as information sharing; be prepared for geopolitical events ahead of time; and influence legislative proposals before they become rules.

Report joining forces with others in the industry to gain some power in the legislative process and inform board members of what is being done about threats to the nation-state before asking about the situation Also recommend doing.

need a strong foundation

“I think the Forrester approach is headed in a good direction,” said James Lively, an endpoint security research specialist at Tanium, an endpoint management provider in Kirkland, Wash.

However, he added that for the model to be effective, it must be built on top of an already strong foundation. “If your company is facing challenges maintaining compliance or patch efficacy schedules, most models are already ineffective,” Lively told TechNewsWorld.

Morgan Dembowski, a cyber threat intelligence analyst with IronNet, a network security company in McLean, Va., called Forrester’s model a “smart approach” to tackling the nation-state problem.

“It’s important to take a strategic and informed approach when defending against country-state attacks,” Demboski told TechNewsWorld.

He further added, “Cyber ​​activity and strategic objectives of nation-state threat actors continue to demonstrate the interconnection between the geopolitical and cyber threat landscape, requiring governmental actions and policies to assess their potential impacts in the cyber domain.” highlights the importance of tracking international relations.”

“It is important to prepare for organization-specific activity because the threats faced by different businesses are multidimensional and differ between sectors and regions,” he added.

the attacks don’t go away

Robert Hughes, chief information security officer at RSA, a cybersecurity company in Bedford, Mass., said the Forrester model appears to be very prudent advice.

“It comes down to knowing the risk level of your business,” Hughes told TechNewsWorld. “While on some level this is like trying to protect your home from a missile attack, a solid framework to start thinking through is the questions and discussion points you need to consider as a business to consider your risks. should be aware of and begin to address them using a multi-pronged strategy.”

“The nation-state attacks are not stopping,” he continued. “They are increasing in volume and capacity, and we should expect to see more of this over the next few years.”

While Forrester’s approach is good, it’s nothing new, said Mike Parkin, a senior technical engineer at Vulkan Cyber, a provider of SaaS for enterprise cyber risk remediation in Tel Aviv, Israel.

“It’s a very similar idea the cybersecurity community and businesses, in general, have been pursuing over the years, with added awareness of state-level threat actors,” Parkin told TechNewsWorld.

“It reinforces those ideas, though, and that’s a good thing,” he said.

unnecessary distraction

While agreeing that organizations need to protect themselves from all attacks and aware of how and to whom reports of attacks should be submitted, the scope of threats to the nation-state can be enormous, said Todd Carroll, senior vice president of cyber operations at SiebelAngel, a threat intelligence company in Paris.

“You’ll be going around in circles trying to think of every nation-state and organized team and method of attack,” Carroll told TechNewsWorld. “China alone has dozens of state-sponsored teams attacking verticals in various ways and for various reasons.”

“You don’t have time to figure out ‘why,’ but you need to spend your limited resources on protecting access, knowing your attack surface, and tracking your critical data,” he said.

Claude Mandy, chief evangelist for data security at Symmetry Systems in San Francisco, a provider of hybrid cloud data security solutions, however, was skeptical of the Forrester model.

Mandy told TechNewsWorld, “In an industry struggling to deal with less sophisticated attackers and basic attacks, a nation-state-specific threat model can be perceived as an unnecessary distraction for organizations most vulnerable to threats.” Would benefit from getting the basics down first.”

“Rather than investing in cyber security controls to attempt to thwart a sophisticated attacker like a nation-state, we prefer to encourage organizations to prioritize their cyber security on what matters most to them – their data – rather than starting with the threats and trying to guess the attackers,” he said.

Microsoft has announced a hands-on preview for commercial customers of its new Teams premium product designed to make meetings more personal, intelligent and secure.

The premium product includes many attractive features, such as:

  • Using artificial intelligence to provide live translation and intelligent recaps of meetings with autogenerated chapters and suggested action items and insights;
  • Advanced security with the use of watermarks, end-to-end encryption, and sensitivity labels to prevent copy and pasting of chat sessions;
  • Tools for creating and managing high-quality webinars;
  • Virtual Appointment Dashboard to control the end-to-end virtual appointment experience; And
  • Ability to expand company image in meetings by branding background.

“This is an opportunity for Microsoft to open up monetization opportunities beyond Microsoft 365,” said Ross Rubin, principal analyst at Reticle Research, a consumer technology advisory firm in New York City.

“You’ll get basic-level functionality, but more functionality at the higher price levels,” Rubin told TechNewsWorld.

Race for AI Solutions

The AI ​​feature does many things not done in meetings, such as providing outlines, notes and translations for their audience, said Rob Enderle, president and principal analyst at the Enderle Group, an advisory services firm in Bend, Ore.

“I expect this AI component to be the defining difference between platforms in the future,” he told TechNewsworld. “Powerful conferencing solutions are racing to see who can provide the most powerful AI-based solution.”

Intelligent Recap holds a lot of promise for helping organizations get the most out of meetings, said JP Gounder, vice president and principal analyst at national market research company Forrester Research.

“Too often, follow-ups and action items are forgotten after the meeting,” Gounder told TechNewsWorld. “Those who missed the meeting struggle to find the value of the meeting.”

“Intelligent Recap promises to automate the process of extracting follow-ups, action items, and meeting content,” he continued. “It will take some time to learn from real-world meetings, but it promises to increase the value of meetings and connect them to business actions.”

more efficient meetings

In some ways, the new tools in Teams Premium make virtual meetings more efficient than in-person meetings, said Michael Inouye, a principal analyst at ABI Research, a global technology intelligence firm.

“By more efficient, I mean making access to information from previous meetings and follow-up more streamlined and easier,” Inoue told TechNewsWorld.

He clarified that in a face-to-face meeting, any work on the whiteboard may not be included in the meeting notes. Similarly, note-taking is often not shared among participants or may be specialized to an individual’s note-taking style.

“Creating chapters and tagging recorded meetings makes searching through the archives much more efficient,” he continued. “Instead of trying to remember the date of a particular meeting by checking your notes, you can search for a topic or other information of interest.”

“These tools can benefit in-person meetings as well, because those conversations can be recorded and processed in the same way, so it’s not exclusive to virtual,” he added.

Features Too Good for Paywall

New security features in Teams Premium have also drawn praise. Forrester analyst Will McCann-White said, “The security enhancements like copy/paste controls and E2E encryption for groups are all excellent.”

However, he questioned the limitation of features to a premium offering. “It’s strange that these are divided outside of the standard Teams platform,” he told TechNewsWorld.

McKeon-White was also commended for joining the Teams Premium webinar. “There is a great need for offering webinars from a competition point of view and this will help organizations further strengthen an offering,” he added.

While praising the product’s translation feature, he also lamented its limitations. “Live translation is going to be transformative for how organizations communicate,” he predicted. “It’s a shame to see this change inside the paywall.”

One feature of Teams Premium that is getting mixed reviews is its branding feature.

Mark N., president and principal analyst at SmartTech Research in San Jose, Calif. “I think the branding-focused features are interesting and potentially different than what Zoom and Cisco’s solutions are offering,” Vena said.

“It appears that Microsoft is moving toward a more personalized experience with the premium version of Teams, which I think will be useful,” Vena told TechNewsWorld.

“The ability to create more customized experiences will be valued by some users, and I think the ability to add your brand will be valued by users who create video podcasts or conduct webinars,” he said.

ahead of time

While an interesting idea, the brand extension feature could be problematic, stressed Enderle. “Using a tool like this to push a brand requires marketing to have a direct say in the outcome, which isn’t the case here,” he added.

“It would be like providing a medical device without medical oversight,” he explained. “I don’t think you can do a brand feature without deeply involving marketing in the resulting process. That’s not the case here.

Inouye said that branding is usually not prioritized in virtual types of communication and collaboration. “Going forward, if virtual C&C becomes more widespread or more generally, I can see it becoming more valuable,” he added.

“It may be a little ahead of its time,” he continued. “No harm done, but it won’t be a significant selling point.”

Inoue said Teams Premium should help position Microsoft in the communications and collaboration market. However, he added, “it’s hard to say whether this will change the competitive landscape in a meaningful way, at least not yet.”

“Companies have reduced virtual events, which means a company may see less value from a more integrated solution,” he explained. “For a handful of events going with a third party can be as good an option as a more integrated solution.”

word of caution

Vena argued that Microsoft is playing catch-up in the video conferencing space as Zoom became the market leader during the pandemic, focusing on ease of use.

“But Zoom continues to face protests over security concerns, and Microsoft has a perceived advantage when it comes to protecting privacy,” he said. “This new solution should move the ball forward in increasing its appeal to Teams, especially with enterprise and SMB users.”

McCown-White said all of the enhancements are logical and add value to the Teams platform. “My biggest issue with Microsoft’s approach is they compartmentalized behind a paywall,” he said.

“Any time AI/ML features are divested outside of a platform, it provides an opening for competitors,” he said.

There’s a lot to like in this rollout, as Microsoft continues to evolve its AI to deliver more valuable features, noted Wayne Kurtzman, vice president of collaboration and communities research at IDC, a global market research company.

However, he cautioned: “Microsoft will need to add more benefits to maintain the premium value, as some of their competitors are likely to include some of these features in their core product. Regardless, feature innovation is likely to maintain a high velocity.