During time spent as CISO at Exostar, Jeff Nigriny was tasked with securing connectivity and collaboration amongst more than 100,000 suppliers and a collection of the world’s leading aerospace and defense companies.
Through time spent on that initiative, Jeff identified a need to provide a reusable, trusted identity that organisations could use as a reference of trust.
The US Department of Defense’s CAC programme stood out as a solid blueprint to use within the enterprise environment via a commercial bridge, leading to Jeff founding CertiPath.
“The main thing for us has always been to focus on strong forms of identity.”
For CertiPath, the company’s focus is all about using strong digital identities to help organisations overcome challenges, whether that is to reduce fraud, facilitate a transaction, or with CertiPath’s Trust Bridge product, extend the use of digital identities.
Today Jeff is President of CertiPath and he has kindly spent some time speaking to us for our first Intercede Partner Spotlight feature.
An average day in the life of CertiPath President
From examining and identifying where CertiPath can improve, to staying on top of multiple ongoing customer installations whilst balancing the more strategic work that comes with being President of CertiPath, no two days are the same for Jeff.
What do you see changing within strong authentication?
Clearly everyone working from home has changed things. The conversation on the need for strong authentication has been brought front and center. If I am a CISO right now I would not be looking at strong authentication in isolation but also questioning how can I use this to limit my risk in other areas such as phishing and spear phishing. If strong authentication for VPN log-ons can also be leveraged so more security is in place when people click on links, then I am starting to tick off my top three priorities and not just one in isolation.
Are you seeing trends in strong authentication deployment?
Username and password, FIDO and PIV were well known but what I am seeing now is people looking to attempt to implement a mix of all of the above. The concern is that there are a number of initiatives where technologies are being implemented by organisations that don’t know the technology well enough to provide such a complex solution and the best people are particularly busy right now.
We work with a number of large customers who have dedicated people in their security teams, be it for logical or physical access. As an example, the technical knowledge on how to place machine credentials on a server is not widespread. It is important that investment is made to not only choose the right technology mix for your organisation but to plan for the skills that it will take to implement and maintain it. This is applicable whether it’s from an enterprise architecture, compliance, or end-user perspective.
Tell us about CertiPath’s partnership with Intercede
We see MyID as the single best platform for provisioning high assurance credentials from, period. I think the enhancements made from version 10 on have given the software the most intuitive interface and Intercede absolutely has some of the smartest engineering people we have worked with. The support team are excellent to work with and, importantly, Intercede has, like CertiPath, placed an emphasis on delivering a product that has the engineering discipline upfront to ensure the product is configurable enough to meet the demands of the customers we serve without having to be extensively customised, ensuring the software is not overly complex to adopt. COTS software cannot require coding for every customer request, MyID is superb at offering configuration in lieu of customization.
What do the next 12 months look like for CertiPath?
In today’s climate we are all looking to maintain the solid footing that we have built, and we are fortunate that we are in a space that is seeing an increased demand, and that we have, in fact, been in a position to make two new hires over recent months.
Going forward we will continue enhancing our TrustVisitor product for an improved physical access experience. Improving security and improving speed does not typically go together but we pioneered the concept of prompting visitors, prior to visiting a facility, to self-serve their “lobby experience.”That means asking what form of credential the individual will be using as a proof of ID so we can vet their credential prior to them arriving in the lobby. Could be a driver’s license or a passport but it could also be an agency PIV card, a PIV-I or a DoD CAC. The workflow can then authorise that individual access to the building 15 minutes prior to their meeting and deprovision access once the meeting ends or once the individual leaves. We are presently improving our wellness screening so that visitors are asked to confirm they are not experiencing Covid-19 symptoms just before their visit or in the lobby the day of. If a visitor is symptomatic (e.g., temperature is elevated), then an organisation has the opportunity to step in and stop that risk of someone visiting their offices before exposing lobby staff to an epidemiological risk.
We are also pleased to be part of Intercede’s Connect Partner Programme. Our main interest as a MyID reseller is two-fold. In the government space we are looking to use the technology to enable customers to provision trusted identities to individuals as they visit government facilities without a valid credential, be it CAC or PIV. We have customers who very much want a product that provisions a credential on site and MyID will help us provide a solution to do that.
Outside of government, we are seeing a need for strong authentication for industries such as aerospace and defence, energy, healthcare and finance who want multi-factor authentication in both logical and physical access environments. The CISOs in these organisations want a proven solution that they know will be fit for purpose. MyID is proven technology that we have been implementing for 7 years now. With increased demand for remote working and a need to ensure employees are able to securely log on both in the office and at home, we are seeing an increased push for multi-factor authentication solutions and we don’t envisage that changing over the next 12 months.
If you could pass on one piece of strong authentication wisdom to CISOs what would that be?
The value of any strong authentication outweighs waiting for the perfect solution. All too often IT leaders hold back from improving their authentication solution because they are waiting for the technology to improve or be easier to work with … and the bad guys love to see that. It’s better to make a positive step now with a philosophy of working with vendors to continue improving and enhancing their product rather than settling for the risk of the status quo.
To find out more about CertiPath’s products and services visit https://certipath.com/
To find out more about Intercede’s Connect Partner Programme go to intercede.com/connect