So often we’re told about how to protect ourselves online with a fear-based narrative. However, without taking content security lightly, OneLogin’s CEO and President, Brad Brooks shares his 25 years of experience in a way that feels manageable for organizations to protect themselves while finding future-safe solutions.
M.R. Rangaswami: You’re predicting the death of the password. Can you elaborate on what you mean and what this means for enterprises around the world?
Brad Brooks: Well, weak passwords are your biggest risk, period. You read about breaches every day. And an alarmingly high amount of them are due to bad password practices. 80% per the 2019 Verizon Data Breach Investigations Report.
CISOs everywhere are coming around to the fact that they need the latest tools to protect from the newest threat vectors like deep fake attacks powered by AI/ML and breach replay attacks.
The reality is, there are dozens of potential ways to validate a user’s identity beyond a text-based password. There’s a massive opportunity for solution providers to exercise more creativity in authentication methodology to strike a balance between security and usability that has historically eluded IT & security leaders.
That’s why I’m so pleased with how we’re enabling enterprises to move beyond passwords with next-gen authentication methodologies that do not depend on text-based passwords. The next-gen is going to be SmartFactor Authentication, which delivers a context-aware authentication methodology based on user behavior to move beyond text-based passwords.
For example, if you log in from San Jose at 9 am, and then again from Russia at 11 am. If that log in occurs in separate systems, there’s no way of identifying that as anomalous. Because we see all login behavior, we can not only make that correlation but enforce policies accordingly; like requiring an additional factor to authenticate.
We just launched Shield by OneLogin -beta tested and proven- that will change the way work is done in this threat landscape and securing business applications like never before. Stay tuned for more!
M.R.: Given your visibility and vision into the Identity as a Service (IDaaS) space, including the incredible proliferation of business applications and APIs, what do our readers need to know that they don’t know yet?
Brad: If you think about it, how many personal applications did you have just five years ago? Probably a handful. Today? It’s likely more like hundreds. The same thing is happening in the business application space. The modern workforce is not only more mobile, inviting more mobile security attacks, but it’s dynamic, meaning we’re mixing automation, like bots, with people.
In a recent study we did, we found that 94% of enterprise CIOs believe the future workforce will combine humans and bots. This is making for unprecedented levels of complexity and challenging the working norms of what employees and their CISOs have had to deal with until this point.
Plenty has been written about the future of work – namely, the changes across the primary domains of business: the workforce, the workplace, and the technology that fuels it all.
We know AI/ML will continue to change the way we work, and the workforce will be comprised of a human base that is augmented with “bots” and digital resources. We know they will be a substantial uptick in the number of remote workers in the next 3-5 years. We know there will be more and more applications, users, devices, etc.
But, what many have been missing, is that each one of these domains of business (workforce, workplace, and technology) doesn’t exist in a vacuum – they all impact each other and act as force multipliers to dramatically change the future of business.
The fundamental question leaders in the technology community – CIOs, CISOs, executives, and investors – need to be asking themselves is–what are the biggest implications of this massive shift?
Because what we’re seeing is it’s the connections between all of these nodes or “ingredients” – users -humans and bots, corporate HQ, in satellite offices, remote, devices, apps – cloud or on-prem in our commercial ecosystem that becomes critical. It’s critical to facilitate the management of those connections – establishing them, and doing so quickly, at the pace of the business and it’s critical to secure those connections.
M.R.: Finally, you have OneLogin’s annual customer events – Connect UK and SF – coming up. What are you most excited about?
Brad: I’m excited because these are the biggest and best Connect events we’ve ever done, both in the program and attendees.
The theme is Connect: Together. It spotlights our culture of collaboration and customer focus. We chose this because in this increasingly tech-driven world that we live in – especially here in Silicon Valley – it’s easy to reduce everything to data and overly depend on digital collaboration tools. While those tools are incredibly valuable, we believe in the human element of business.
Many of our customers have dozens and dozens of IT & security vendors. CIOs and CISOs are increasingly looking to consolidate the number of vendors they are working – a trend that will only intensify if the macro-economic climate trends downward. Technology leaders will continue to prioritize working with vendors that one, treat the business relationship like a true partnership and two, offer a broad set of solutions rather than niche point solutions.
So, it’s increasingly important to connect personally and face to face, and we’re excited to do that at these events.
M.R. Rangaswami is the Co-Founder of Sand Hill Group