Peter O’Neill (FB): This has been quite a year for biometrics, with the Apple launch and the growth of mobility. Can I get your thoughts on the market in general?
Thomas Grissen, CEO, Daon: Ten years ago, I would have had the head of a governmental agency ask me, “what should I be thinking about as it relates to ‘identity’?” We would always discuss the basics related to accuracy, privacy, security and convenience. Due to the very nature of their mission, we would consult on changing concepts of operations, new threats and population inclusion through a variety of biometric modalities, etc.
Over the years, Daon created “Best Practice Guides” to help our customers get the most out of their systems and to ensure our identity platforms would be able to serve nations for well over a decade through a future proof design so they did not become obsolete.
The same thing is happening now in the enterprise space as large corporations running business systems serving these markets are wrestling with similar challenges. As NIST said, “Spoofed websites, stolen passwords and compromised accounts are all symptoms of inadequate authentication methods.” We see these issues in the paper every day. Biometrics is going to happen and become a “must have” technology in the enterprise just as it did across government.
Nearly every large enterprise with whom I have met has named biometrics as one of their “top 4” new technology agenda items. This comes as no surprise since Gartner has forecasted that by the end of 2016, over 30 percent of users accessing high value web apps from their mobile device will use biometric authentication.
The technology leadership teams of commercial enterprises are very sophisticated. In discussion with every bank, I am asked about the four key requirements for any platform; (1) Do you provide a means to address transactions of varied risk, (2) Do you have “in-band” and “out of band” capabilities, (3) Do you support a full range of biometric modalities (e.g., face, voice, fingerprint, etc.), and (4) Can you dynamically invoke these at an assurance level based on the transaction risk expressed by my systems?
The magnitude of the business opportunity is significant and will dwarf what we would consider the historical biometrics market. It is not that the historical government and regulated industry market are not of great importance, it is just the scale of transactions are so much larger in the commercial sector.
Also, many large enterprises have had lean R&D budgets to maximize EPS. They then turn to proven companies with deep expertise in biometrics, such as Daon, to get these platforms in place now.
FB: The various consortia that are maturing in the authentication industry make for an interesting landscape. When it comes to a company like Daon, how do you see FIDO and NSTIC playing together?
Daon: Both programs recognize that we need to introduce a new trust model for the internet to reach its full potential. Both showcase innovative technologies and advance concepts such as identity authorities and relying parties.
Daon was an awardee of the original NSTIC grants and we are obviously committed to the program. The NSTIC mission is on target and the program enjoys good leadership. Also, government agencies are preparing to be part of NSTIC which would be a big catalyst for broader adoption.
We also are looking seriously at joining FIDO. I like what Jeremy Grant at NSTIC and Michael Barrett of FIDO are doing. Although the timelines and structure of these two initiatives may differ, I don’t see them as mutually exclusive – the resulting FIDO elements may very well become elements of the NSTIC Identity Ecosystem. As a company, our technology would fit into both, with our efforts in one being directly relevant to the other.
Further advancements in biometric authentication, such as Apple’s 5S launch, dramatically reinforced the message we are all working on telling. It all comes down to establishing trust between two people, and with the iPhone 5s one of the biggest features is the fingerprint sensor. Even though it currently only provides authentication to a couple things, many people won’t want to go back once they’ve had a chance to enjoy it.
FB: That’s a great point. Thanks to Apple, the interest in biometrics has gone through the roof with mainstream print and broadcasting media. What are some of the challenges this increased media profile has you facing now?
Daon: Investor expectations! The majority of Daon’s resources are focused on engineering, biometric science and R&D. So when we make no marketing effort and find ourselves and our technology on the Today Show with Matt Lauer it raises the bar. Our involvement was tied back to Purdue University, which is regarded as one of the most progressive biometric research institutions in the country. The Today Show tracked them down and wanted to see what they were doing. This led to a demonstration of mobile security technology using Daon’s biometrics for authentication.
This is unusual for us. It may surprise you; but, it is very unlikely that Daon technology has not already had a positive impact on your reader’s lives, especially those living in the US. We are under contract to provide similar technology to some of the nation’s largest banks and consumer security companies. Nearly 100% of our customers prohibit us from disclosing our work due to security reasons, so we have done little to hype how we have helped our customers. Our historically conservative media profile has resulted in less direct media attention and typically our customers have taken the lead role discussing projects Daon is involved in. We would provide expertise to our customers to help answer media questions, but they would manage the media. This has made the increased media attention easier to manage.
Of great importance is education about the capabilities of the technologies and what “use cases” or operational concepts perform well. We’ve architect the platform so that the right technologies match the right business problem.
Companies with less experience than those that have been in the industry for a long time may struggle with that and I think that very few enterprise customers have a core competency in biometrics. So, I believe that they will be looking for partners that have a solid historical understanding of the technologies as opposed to some people who have perhaps grabbed an algorithm and tried to develop something quick with it. The customer is coming up against a big learning curve and they need a quality partner with them. My hope is that the companies who really helped develop this industry will lead the way rather than having early adopters encountering problems that taint the industry as a whole.
FB: Daon has a long history of government identification programs – do you feel this is helping you in the commercial markets?
Daon: Yes! With nations, if our mission critical technology fails to perform, either the free movement of people comes to a halt or national security is compromised. In a similar manner, commercial enterprise must always be operational for the exchange of goods and services.
These are not trivial challenges and our work on leading standards with NSTIC and our history on major programs across the world have made a huge difference in our credibility and certainty of performance. Just this month, we were part of a major event in Japan.
Cathy Tilton, Daon’s VP of Standards for the past 8 years, is the head of the U.S. delegation to the ISO subcommittee on biometrics and has an exceptional understanding of biometric technologies. She also provides a wealth of practical experience in integrating biometrics into a variety of systems, in both government and commercial applications. This experience matters as she leads our NSTIC and TrustX cloud offering.
Daon is not just starting out exploring biometrics – we have been doing this for many years for some of the most demanding systems in the world. Our flagship DaonEngine, which is used in most of our large government solutions and which incorporates our years of experience in doing so, forms the basis of our commercial IdentityX platform.
I believe biometrics will be one of the “next big things”. We have all enjoyed the eye opening experiences of the internet. We all went online to browse websites and found Netscape. Then we found the wonderful advancements in search and benefited from Google. Next we placed our digital lifestyle on the internet through great companies such as Facebook. What is missing is an effective means of establishing online trust. Daon technology, through IdentityX, helps address this daunting problem.
FB: Many large governments rely on Daon solutions. What are the needs you are satisfying with these larger scale deployments?
Daon: We provide an identity platform that allows our customers to manage transactions of consequence. These transactions relate to identity events that first occurred in homeland security, and then expanded into DoD and other civil use cases targeting fraud, waste and abuse as well as improved citizen services.
Across all industries, the definition of “Identity” is expanding to include more authentication methods being brought together. I think this trend lends itself to a Daon platform approach.
FB: You recently announced a partnership with Optimal Payments to offer the market ‘homeland security’ grade identity services embedded right into payments. This is a very hot area. Please elaborate on this news for us.
Daon: This is one of many partnerships we entered into in 2013 that is very interesting. Optimal’s specialty is payments related. We have signed similar agreements with some of the world’s largest financial institutions, foremost consumer security companies and other leading companies in our more traditional markets, such as Cross Match Technologies. A question that is being rightly asked is “What additional services could be offered online IF we had more confidence in the identity of the person on the other end?” The ability to conduct more business and service more customers online is what Optimal and other financial institutions are looking for and they want to get first mover advantage.
Daon is all about platform software. We allow any business system to call on our platform for a risk based authentication and then deliver the level of assurance necessary. The IdentityX Platform allows an organization to mix-and-match entirely different security systems to meet the needs of their applications.
FB: How is Doan positioned to take advantage of the opportunities in today’s marketplace?
Daon: Our plans have taken us across the world, working on some of the most mission critical security systems spanning cultures and industries. This hard earned experience and knowledge is being applied to the demands of online transactions. The power of the same software platform that is protecting nations has been harnessed to serve an enterprise and a consumer through the elegance of mobile devices.
Probably due to our heritage, our focus is less about the hype and more about serious people dedicated to the mission of solving serious problems. When you consider it, how many banks, health care companies or even west coast tech companies have a core competency in biometrics? How will they perform and how will they determine which biometrics work best in different situations? The list is very short. Even Apple made an acquisition in this space to establish its capabilities. I see more biometric companies being acquired by infrastructure companies in the coming months.
There is an incredible receptivity to learning about the technologies right now, though I don’t know if that yet translates into quick buying decisions. Still, I think companies starting to get interested in moving into this space will definitely need persistence and determination because there is such a rigorous due diligence that occurs by the big organizations before they actually roll-out to their customers. And as they hit the “go” button, as one large banking CEO once said to me, it’s awfully hard to stop it – so they have to make sure they have it right.
If I have witnessed anything from being incredibly focused on these industries over the past few years, I know large enterprise is risk averse, they go through extensive due diligence and they don’t buy from companies that lack qualifications. Those are powerful differentiators for Daon.