Vlog: Making the Most of Your Windows Hello Investment

Michael Cichon:
Well, hello everybody. This is Michael Cichon, chief Marketing Officer at 1Kosmos. I’m here today with our VP of solutions, Vik Subramanian.

Vik, welcome to the vlog. It’s good to have you.

Vikram Subramanian:
Hey, great being here too. Michael, it’s always a pleasure to speak with you.

Michael Cichon:
Are you out of Chicago today?

Vikram Subramanian:
Yes, I am. I am.

Michael Cichon:
Oh, you’re wearing the very dapper 1Kosmos vest. Surprised it’s not the summer inferno a high humidity in Chicago right now.

Vikram Subramanian:
We’ve been having the tornadoes come and attack us these days. So better safe than sorry.

Michael Cichon:
I remember those. Well, listen, I really appreciate you taking time. I know you’re super busy lately. I want to talk about Microsoft today and where 1Kosmos fits in. So on the marketing side, we’re seeing a lot of organizations interested in passwordless, but they have … Microsoft is their backbone and they’re either experimenting with or implementing Windows. Hello for business, but you’re knee-deep in this stuff. In your own words, what are you seeing with the companies that you’re working with on the Microsoft side?

Vikram Subramanian:
Absolutely. So let me actually begin with telling the audience what I do for a living a little bit. So me and the team, I actually have a team of mad scientists who put solutions together, solve problems, and make sure that our platform is a great fit for the organization. Now we working with a lot of organizations that have really invested in Microsoft and rightfully so they’re investing in Azure or Entra ID and moving forward and going through that journey. Now what we’re seeing is that a lot of organizations are starting to adopt the cloud in a large way, and they are taking their on-premise infrastructure, even their domain controllers and moving it to the cloud and adopting Azure. They’re becoming an Azure-only shop. They’re starting to take their devices, put it on Azure, and they’re starting to experiment with Windows Hello for Business.

Michael Cichon:
That’s super interesting. I just read a research paper yesterday which plotted I think an eight-time increase in interest around identity access management in just the past year or so, and that speculation was that had something to do with companies moving to a hybrid or virtual … part of their infrastructure being virtual.

Vikram Subramanian:
Yeah, I mean, it’s extremely interesting that a lot of companies going to the cloud, especially, I think everyone’s talking about the pandemic making everyone remote. Still people are coming back into the office, but they want the ability to work from anywhere, access resources, from anywhere, and the cloud allows them to do that. And I think the solutions that they’re looking at, especially going to the cloud, they want a single platform where they get everything. Microsoft or Windows Hello is kind of fitting the bill for the most part.

Michael Cichon:
So these organizations have Microsoft, and there’s been this kind of full-throated market attack on passwords and eliminating SMS. So for organizations with Microsoft, where does 1Kosmos fit in?

Vikram Subramanian:
Absolutely right. So let’s actually talk about what Windows Hello does do and doesn’t do where Block ID or the 1Kosmos solution would fit in. Windows Hello for Business is really a means for authenticating into your Microsoft assets, emphasis on Microsoft assets using biometrics. So a lot of solutions today or a lot of hardware today comes with biometric-based authentications such as your infrared cameras or fingerprint readers. Your laptops could have it.

Now, of course, this is applicable for Windows 10, Windows 11 systems, some of the latest pieces of software that not all organizations have are adopted just yet. Secondly, what it also requires is that your machines be joined to the Azure or to the cloud, and that takes more than a snap of a finger to deploy. So when you’re talking about an organization adopting Windows Hello, or really rolling out Windows Hello for Business, it is a large program that they need to embark on in order to enable their employees to utilize biometrics.

I mean, we still haven’t spoken about the human aspect about it saying, Hey, I don’t want my biometrics stored on your devices and all of those things that they are having to deal with with respect to humans having oppositions to it. These just technology constraints that organizations have to deal with.

The other thing is that Windows Hello for Business again on cold boot and on in certain situations it requires that a pin or a password to unlock the safe that is there on the device. So users still have to remember a password and which they can tend to forget very easily if they’re using biometrics on a daily basis. But the process to reset the password is still legacy. You’re still answering KBAs or it’s a completely separate process outside of this entire thing that needs to be managed.

And lastly, really, the biometrics are stored locally on one device. I mean in this day and age of hoteling where I’m going from one device to another device to another device, I should not be asked to go ahead and register by my biometrics across all of them. And also, there’s limitation on the number of users that can be enrolling their biometrics on one device. So there are some limitations that organizations do have to deal with, but it’s a very powerful solution. So this is where, like I mentioned again … so from a Microsoft asset standpoint, Windows Hello for Business can definitely be utilized. Organizations still need to start in … keep investing in Azure, integrate their applications into Azure, utilize conditional access. There’s a ton of features that Azure offers you. But think about it, you’ve got laptops in your organization that have Windows Hello for Business or Windows Hello enabled. Users are starting to use it. Great. You know what, they can be managed by Azure. You’ve got your applications that are federated, they can managed by Azure. You’ve got your devices, you can roll out MDM, managed by Azure.

Great, but what about the rest of your organization? You’ve got other flavors of Windows in there. You’ve got Mac, you’ve got the network devices, you’ve got your Linux devices, you’ve got legacy applications that don’t conform to standards. Then you’ve got users who simply want the flexibility or want their identity in their own hands. And the privacy-preserving method of being able to log in using passwordless. This is where 1Kosmos comes in.

So we have the capability of extending the Azure functionality and really working with your investment in Azure and extending that capability across your organization. We have the credential provider for Windows, which works really well, enables organizations to log in using device biometrics or I think Michael, you’ve spoken about Live ID. So Live ID is very powerful to utilize across your servers and very critical systems that are remote where again, Windows Hello would not work. Then we have the ability to deploy our passwordless technology onto Macs. So now you’re controlling the assets on the ground. Then get into your data centers. We’ve got network devices, VMware devices, you’ve got your virtualization layer, all of those things can be integrated with us. We support legacy protocols like Radius, LDAP, all of those things which will really make those systems passwordless-enabled.

And lastly, from a privacy standpoint, we put the power of identity in the hands of the user. It’s always in the hands. It’s protected using their biometrics. It’s stored on their device, which means that they have the confidence that they are authenticating onto their device, giving them access to an asset that’s provided to them by the organization.

Michael Cichon:
Okay. Wow. Well, that’s super interesting. So it’s sometimes convenient, maybe as some marketers just to talk about passwordless is this little thing that exists in a vacuum and how if you don’t have passwords, they can’t be stolen. Great flare for the obvious there, but what you’re mentioning here, all the edge cases, logging onto your Mac, for example, in a mixed environment, logging into the VPN. IT people have their … need to access domain controllers, maybe even what users might have different, I guess, security profiles. I mean, if you’re logging into a mission-critical system that’s got very careful permission access on it versus you’re logging to do something benign, I guess managing that scenario.

Another topic that’s gotten a lot of attention and maybe too much is zero trust. There’s so many claims about zero trust. Let’s start at the basic. What is zero trust when it comes to authentication?

Vikram Subramanian:
Absolutely. So zero trust in terms of authentication would fall under the identity pillar. So there are seven pillars. We would be in the identity pillar where … I mean it forms it … We’d love to say that we’re the center of the universe of the zero trust universe. Why? Because you know what, the authentication is what determines are you who you say you are. It is the layer that really identifies the user. So authentication forms a very critical part of the zero trust strategy for an organization. Now, this is where it gets interesting. So when we are thinking about authentication till now, and even organizations that are deploying MFA and advanced MFA think they have the silver bullet, but think about it.

Really, what is the question you’re trying to answer? Anytime that a user is coming knocking on your door and wants to authenticate, you’re really asking the question, who are you? And then you want to validate, are you really telling me the right thing about who you are? So how are you doing that? The organizations today utilize a combination of username and password. They accept Fido keys and then they’ve got solutions all out there. Evaluate 50 other things about you, meaning, hey, where are you coming from, what is the browser version, hey, what’s behind you at the wall, let me evaluate 10 or a hundred different things about you, and then maybe have some more assurance that you are who you say you are.

Now, 1Kosmos BlockID is changing that. I mean, in the physical world, really, the way that I would read to you, Michael, I mean he is like, I know I can see you. I would greet you. I’d shake your hand and say, Hey, show me your ID and probably I’ll look at your picture and then do it that way. I know that you’re Michael. So we’ve just digitized that process. So we’re taking the identity, helping a user enroll that identity, hold it within their wallet, the point of authentication, they’re able to prove it, really provide a piece of that identity that’s enough for the authentication. And now the system has a great deal of confidence that it is Vikram who’s authenticating, and now the authentication has a high degree of assurance, which means the other systems or the other pillars in zero trust at least can knock off one checkbox going, yes, I know who’s coming into my organization, now determine what they can do or cannot do.

Michael Cichon:
Okay. So my iPhone knows who I am. I look at my iPhone, it knows who I am. I put my finger on a fingerprint reader, it knows me, right?

Vikram Subramanian:
Hey, I mean it knows you, but it doesn’t tell me that it is actually Michael who’s authenticating. That’s the difference. But it knows that it’s a human. Yes, that’s all it tell the system. But that’s where a Live ID solution comes into play. We can truly say it is Michael who’s coming in, it is Vikram who’s trying to authenticate and only then allow you to get in. This is where the Live ID comes into play. Sometimes it helps introduce a little friction in authentication. Customer experience. Well, with a little friction introduces confidence.

Michael Cichon:
Right. So Live ID is actually the technology that we have that kind of defeats spoofing, if you will, and asks a person to make facial movements or gestures. So it’s a live or a real biometric if you will.

Vikram Subramanian:
Well, but you know, got to remember, we’re the only solution in the market that puts a smile to people’s faces when they’re authenticating it. We get people to smile, imagine, hey, which employees smiles when they want to come in and log into their laptop? We do that.

Michael Cichon:
Well, there’s some truth to that– it’s creating an environment of trust versus an environment of distrust. So I totally agree with you there. Listen, I don’t know if we’ve missed anything but taking 50 minutes of your time, it’s been really formative. I appreciate you stepping away from your day-to-day to do this for me.

Thank you very much, and you have a great day. We’ll have you back sometime soon.

Vikram Subramanian:
All right. Thanks, Michael.

FIDO2 Authentication with 1Kosmos

Read More