Having spent 25 years working in the technology space, Rob Otto is well placed to advise companies where they’re going wrong from a cybersecurity perspective.
Hailing from South Africa, Otto has traditionally found himself drawn to roles with a more regional focus and relocated to the UK back in 2007.
These days he is CTO for the EMEA region at Ping Identity, a specialist in identity and access management with the goal of making online experiences both seamless and secure for end users.
“EMEA, for me, is such a simple acronym, yet it encompasses a truly vast portion of the globe and counts people as diverse as those from Greenland and Madagascar among its population of more than two billion.
“I cannot think of a more fascinating area to explore the intersection of digital identity with the real world.”
Ping Identity: A leader in identity and access management
Businesses around the world are using Ping Identity’s products to strengthen security for their customers or employees without compromising their experience.
That includes things like risk profiling, adaptive learning, threat protection, passwordless entry and multi-factor authentication (MFA).
“A big emphasis is ensuring these added layers of security don’t make the experience frustrating,” says Otto. “In other words, making the security piece invisible, while minimising risk.”
The tech leader reveals there are three primary ways Ping Identity is helping clients to protect users and their digital interactions.
- Simplified digital journeys for registration, login, account recovery and multi-channel experiences
- Drag and drop integrations with deployment flexibility across multiple clouds
- Innovative identity services to put customers ahead of the competition
“These solutions are all cloud-based and help buyers simplify their security orchestration and roll out more advanced verification methods,” Otto continues.
“The result? Business leaders can be sure that nobody outside their organisation is accessing their documents and individuals are able to take back control over their data.
“Ultimately, our range of solutions is about keeping people with bad intentions out, and that starts with knowing who should be let in.”
Businesses in constant battle to protect customers’ information
Increased risk of cyber attacks means protecting customers’ sensitive information is undoubtedly one of the biggest challenges facing modern-day businesses.
However, data protection at scale is an issue companies have been battling for generations.
“If we go back to the good old ‘CIA’ framework of data protection, it’s often the ‘A’ (availability) that can make it harder to ensure the other two letters are fulfilled (confidentiality and integrity),” explains Otto.
“I say this because, as businesses grow, they come under increasing pressure to expand digital access and services for their customers and provide high-quality, low-latency access to the right data at the right time. This tends to drastically increase the attack surface and risk of exposure to the wrong people.
“It’s an old adage that security cannot be an afterthought when designing systems, but far too often businesses end up trying to retrofit access security across a sprawling landscape of data. Unless they have a modern, flexible set of tools available to help, it can be a daunting task – similar to playing Whac-a-Mole on hard mode.”
Otto adds: “Human nature rails against inconvenience and tends to find ways around onerous processes, increasing the importance of customer experience improvements that are in lockstep with better security.”
The future of identity protection
Otto’s assertion is that the future of identity protection is decentralised, giving control of identity data back to the user.
This allows the verification of IDs, documents and identity claims, and lets users issue and share digital credentials with organisations to quickly and effortlessly prove who they are.
As for passwords, they will surely soon be a thing of the past or at least no longer used in isolation.
“Passwords are outdated and typically the weakest link in protecting digital resources,” says Otto. “Not only are they hard to remember, they’re often reused and need to be changed frequently to remain effective. Unfortunately, for many IT departments, password support and maintenance are a significant resource drain.”
“Replacing passwords with more secure authentication factors like biometrics, digital tokens, device identifiers or a combination of the above makes it much harder for attackers to break through.”
Perhaps most importantly, however, passwordless authentication improves the user experience, which is surely the holy grail for most organisations.
“It's much easier for users to provide a fingerprint or speak into a microphone than it is to remember the increasingly complicated passwords that platforms are beginning to require,” Otto goes on. “The best part is that much of the authentication process is done behind the scenes, so users aren’t laden with messy processes or long delays.”
Establishing MFA ‘essential’
According to Otto, MFA has fast become “essential” amid the current threat landscape.
Weak and default passwords, or those stolen through phishing and other attack methods, are still being used to execute successful fraud attacks and data breaches.
“Confirming the identities of your employees, partners and customers through MFA is what safeguards your company against attackers,” says Otto.
“The more varied identifiers are, the better. One needs to ask themselves, ‘How would a criminal gain access to these different pieces of evidence?’ That’s why it’s crucial that different authentication factors come from different categories.”
These categories can broadly be defined as:
- Knowledge-based: Passwords or PINs that people remember
- Possession-based: Authentication apps unique to user-owned devices
- Inherence-based: Fingerprints, retinas and other unique physical features
“A hacker might be able to steal somebody’s password from behind a desk, but getting their hands on a victim’s registered device requires them to physically take it,” adds Otto.
“The same goes for a user’s biometric information – at which point we’re talking about a far grimmer offence than cyber crime.”
Cybersecurity awareness must improve
October is Cybersecurity Awareness Month, a dedicated period which sees public and private sector organisations work together to enhance their knowledge and capabilities in this space.
Otto says: “Many people know to a degree that cybersecurity is important, but how they define the term tends to be very broad. Raising awareness of the different elements that make up security and highlighting people’s misconceptions can go a long way towards changing their attitudes and enacting personal and organisational change.”
In truth, most cyber leaders would say an educated and security-conscious workforce is the best first line of defence a business can hope for.
It’s one thing having a host of systems and security measures in place but, if workers are sloppy in the way they share data or manage their credentials, they become the weak links that bad actors can exploit.
“Everyone has a responsibility to ensure their organisation remains safe, and a big part of that is making people know they have an important role to play,” Otto concludes.
“Security is often treated like the IT department’s core responsibility, when, in reality, everyone can contribute by monitoring and flagging possible threats, but they need to know what to look out for.
“You can have technology in place but, at the end of the day, human error is a significant contributing factor to security breaches. Making things as easy and aligned to human behaviour as possible is how we can start to move the needle.”
You may also be interested in the Business Chief US & Canada website.
BizClik is a global provider of B2B digital media platforms that cover executive communities for CEOs, CFOs and CMOs, as well as leaders in Sustainability, Procurement & Supply Chain, Technology & AI, Cyber, FinTech & InsurTech. We also cover industries including Manufacturing, Mining, Energy, EV, Construction, Healthcare and Food & Drink.
BizClik, based in London, Dubai and New York, offers services such as content creation, advertising and sponsorship solutions, webinars and events.