04.30.24-Startup-Ecosystem-Conference-Startups-Gradient
Startup Exchange Video | Duration: 4:57
April 30, 2024
-
Interactive transcript
CHRIS WHITE: Hey, there. I'm Chris White, COO of Gradient, MIT class of '08, Courses 18 and 15. And I am here to talk about the future of secure identity.
There's a dirty little secret in cybersecurity. And the dirty little secret is not that Microsoft and Okta, who are organizations that sell secure identity technology, got owned by threat actors. It's not a secret that Microsoft gets owned about every six months through their core identity security technology. It's that the way they're getting hacked is no different in the way that others have gotten hacked going back decades.
The root cause of all these things is insecure digital credentials. So what do I mean by that? Well, one of the ways we protect credentials today is passwords. That's a mess. Those get lost and stolen and hacked more often than anything I can think of right now.
But there's multi-factor authentication, except that's not working anymore. So Microsoft tracks about tens of thousands of organizations that are their customers, who have multi-factor authentication running globally. And they're still getting hacked. And, again, Microsoft got hacked not just running multi-factor authentication, but running advanced multi-factor authentication. That is, resisting attacks like adversary in the middle. So tokens, credential tokens, are still vulnerable.
So let's talk about those advanced multi-factor authentications, FIDO2, passkeys that are going to kill passwords. Users don't like them. They're intrusive. They're annoying to use. They're annoying to manage in an organization. And they don't solve the fundamental problem.
After you do authentication of any kind, I don't care if you're using biometrics or something else, you get a access token back from that application. The access token is a string of characters. That's called a password. It looks exactly the same on your device as it does on an attacker's device. If it is stolen, that person, who stole it from you, now owns your identity. That has to stop.
What we need is a completely new approach to digital credentials. We need getting them to be easy for users. We need users to do less, not to jump through six different hoops to get into their applications. We need the ownership of a solution to be easy for the organization to manage and deploy. And we need to eliminate this root cause of insecure credentials, that can be easily stolen off of devices. That needs to stop.
So what we've done is created a paradigm shift. Instead of a static one-time process, where you go through a ceremony to prove you are who you say you are, and then you get back a glorified password, just to be stolen off your device, we created a system where we validate the integrity of every device before we issue a credential to make sure that it won't be stolen off the device. And then we anchor the credential down to the device. So if somebody tries to remove it from that device, it breaks and no longer gives access.
But the most important thing that we do is we refresh this every 10 minutes. Every 10 minutes, we make sure that device is still in a secure state, it can handle having a credential, it is trustworthy. And every 10 minutes, we give it a brand new credential, so that it can't be stolen.
And if you do this right-- let's see if this works-- oh, no, it didn't work. That's all right. If you do this right, logging in becomes completely seamless.
You click Log In, and you get in, no passwords, no multi-factor authentication, no pulling out your device. and waiting 30 seconds for a new code to refresh. You just get in.
So let's talk about a customer. So we have multiple customers. One of our largest is a globally renowned technology institute. They have tens of thousands of users. They have incredibly sophisticated compliance requirements because of the federal money they take for their research.
And they have incredibly high threat. They are under attack from nation states, who want to steal research. They are under attack from advanced cyber criminals, who want all the money that they have access to.
And their users hate passwords. Their users hate multi-factor authentication. So what we've been able to do, leveraging our technology, is create a completely frictionless experience to gain access. You just get into the applications you need to do your work every day, without ever having to worry about a password, without ever having to answer another MFA prompt.
So what we have is one very simple ask. And that is, try us out. We have multiple customers already paying. We are GA. We have multiple proof of concepts going on. But we are always seeking additional design partners to try something different. A better access experience, with no security vulnerabilities, that can address the vast majority of all cyber attacks right now.
Come give us a try. That's it.
-
Interactive transcript
CHRIS WHITE: Hey, there. I'm Chris White, COO of Gradient, MIT class of '08, Courses 18 and 15. And I am here to talk about the future of secure identity.
There's a dirty little secret in cybersecurity. And the dirty little secret is not that Microsoft and Okta, who are organizations that sell secure identity technology, got owned by threat actors. It's not a secret that Microsoft gets owned about every six months through their core identity security technology. It's that the way they're getting hacked is no different in the way that others have gotten hacked going back decades.
The root cause of all these things is insecure digital credentials. So what do I mean by that? Well, one of the ways we protect credentials today is passwords. That's a mess. Those get lost and stolen and hacked more often than anything I can think of right now.
But there's multi-factor authentication, except that's not working anymore. So Microsoft tracks about tens of thousands of organizations that are their customers, who have multi-factor authentication running globally. And they're still getting hacked. And, again, Microsoft got hacked not just running multi-factor authentication, but running advanced multi-factor authentication. That is, resisting attacks like adversary in the middle. So tokens, credential tokens, are still vulnerable.
So let's talk about those advanced multi-factor authentications, FIDO2, passkeys that are going to kill passwords. Users don't like them. They're intrusive. They're annoying to use. They're annoying to manage in an organization. And they don't solve the fundamental problem.
After you do authentication of any kind, I don't care if you're using biometrics or something else, you get a access token back from that application. The access token is a string of characters. That's called a password. It looks exactly the same on your device as it does on an attacker's device. If it is stolen, that person, who stole it from you, now owns your identity. That has to stop.
What we need is a completely new approach to digital credentials. We need getting them to be easy for users. We need users to do less, not to jump through six different hoops to get into their applications. We need the ownership of a solution to be easy for the organization to manage and deploy. And we need to eliminate this root cause of insecure credentials, that can be easily stolen off of devices. That needs to stop.
So what we've done is created a paradigm shift. Instead of a static one-time process, where you go through a ceremony to prove you are who you say you are, and then you get back a glorified password, just to be stolen off your device, we created a system where we validate the integrity of every device before we issue a credential to make sure that it won't be stolen off the device. And then we anchor the credential down to the device. So if somebody tries to remove it from that device, it breaks and no longer gives access.
But the most important thing that we do is we refresh this every 10 minutes. Every 10 minutes, we make sure that device is still in a secure state, it can handle having a credential, it is trustworthy. And every 10 minutes, we give it a brand new credential, so that it can't be stolen.
And if you do this right-- let's see if this works-- oh, no, it didn't work. That's all right. If you do this right, logging in becomes completely seamless.
You click Log In, and you get in, no passwords, no multi-factor authentication, no pulling out your device. and waiting 30 seconds for a new code to refresh. You just get in.
So let's talk about a customer. So we have multiple customers. One of our largest is a globally renowned technology institute. They have tens of thousands of users. They have incredibly sophisticated compliance requirements because of the federal money they take for their research.
And they have incredibly high threat. They are under attack from nation states, who want to steal research. They are under attack from advanced cyber criminals, who want all the money that they have access to.
And their users hate passwords. Their users hate multi-factor authentication. So what we've been able to do, leveraging our technology, is create a completely frictionless experience to gain access. You just get into the applications you need to do your work every day, without ever having to worry about a password, without ever having to answer another MFA prompt.
So what we have is one very simple ask. And that is, try us out. We have multiple customers already paying. We are GA. We have multiple proof of concepts going on. But we are always seeking additional design partners to try something different. A better access experience, with no security vulnerabilities, that can address the vast majority of all cyber attacks right now.
Come give us a try. That's it.
