Gia Filice, Global Director for Marketing at BehavioSec interviews Dave McCulley, Director of Sales Engineering at BehavioSec discuss the importance of user experience in disruptive transformation. Dave is uniquely qualified for this topic having worked with all of BehavioSec's current and potential customers during the recent pandemic events. Dave will cover common cyber-security concerns, how customers are future-proofing their identity posture, how to address aging authentication solutions, and the future for all of us in a changing world.
This episode is part of the ongoing BehavioSec ID Forum Podcast Series.
BehavioSec, a pioneer in Behavioral Biometrics, uses continuous authentication to create a unique digital customer profile that is over 99% accurate. This unique profile transparently validates a user's identity with zero friction, and updates dynamically to gradual changes over time, so the customer's unique profile automatically updates and remains perpetually accurate.
Organizations that partner with BehavioSec's solution enable a heightened customer experience by:
BehavioSec ID Forum Podcast with Dave McCulley
Intro [00:00:01] BehavioSec. ID Forum.
Gia Filice [00:00:05] So good morning, everybody. My name is Gia Filice and I am the global director of marketing at BehavioSec. Today I have with me Mr. Dave McCulley. Good morning, Dave.
Dave McCulley [00:00:17] Good morning, Gia.
Gia Filice [00:00:18] Dave is the director of Sales Engineering at BehavioSec. Today, the topic of our of our chat is the importance of user experience in disruptive transformation. I think, Dave, you are uniquely qualified to talk about this because you talk to so many of our current and potential customers at BehavioSec. What are some of the common, cyber concerns that customers face. How have they evolved and heightened since moving to this current state of such disruptive transformation?
[00:01:06] Well, Gia, that's a good start to the day. BehavioSec dealing with behavioral biometrics, our primary goal really is to deal with a T.O., or we call it count take over issues. So we want to validate that the user behind the keys or the touch screen on the mobile device is the user that is the user of record, and there's not some automation going on or some criminal activity behind those keys. So that is the primary goal of of what we try to do now. Since the pandemic, we have seen a lot of employees shift from that workspace to that home space. When you have 100 percent of your employees go remote, it creates other kinds of challenges. Everybody's coming in from from a different location, so it's very hard to track if you don't know, from an IP perspective, where they're coming from. They are consistently coming from the same space. Are they using the right credentials? Is someone else compromising those credentials? These are challenges that get much more complex when that workforce moves remotely. So that's one of the big things we've seen. We've shifted from dealing with what we would call that SIAM or customers logging in and using online e-commerce or online banking to dealing with the internal employees. So we've seen we've definitely seen a shift there and we are also seeing a lot of unique opportunities with what I would say is non traditional, where customer service and contractors and other folks still need to help these organizations and they are also not able to be on site. So it's tougher to manage those types of credentials and validate those individuals when contractors and third parties are involved in providing services for an organization.
Gia Filice [00:03:14] Interesting. Okay. So I guess another question is there's a theory among the business community that the pandemic has created uncertainty and disruption. No surprise. So my question to you is, what are you seeing with customers with respect to moving forward to trying to future proof their identity posture?
Dave McCulley [00:03:40] I think the key thing we're actually seeing during this little pandemic stint that we're in right now is that a lot of projects that may have had budgets sour, you know, out there a few quarters or projects that were just moving slower because of other priorities. There's been a shift. So now the pandemic has caused a more immediate need for these types of projects. Now those projects have accelerated cycles and there's a lot more focus and money and people trying to solve these problems in a quicker capacity because now they're all basically working remotely. They're no longer in the office. So I think that that's key. We've seen a couple of other unique, maybe not traditional, projects come on the radar due to the pandemic, that is for sure.
Gia Filice [00:04:33] Interesting. So how important do you think the user experience is to customers? And I guess there is a second part to that question. How are customers balancing the opposing requirements of keeping personal identity and assets protected while preserving that illusive positive user or customer experience?
[00:05:00] Yeah, great question. This was definitely a pre pandemic struggle and it's a struggle that still continues. In some or in a lot of scenarios, I guess it's even more of a struggle just because of the shift in workforce. Companies do want their internal and external customers to have a really good experience. Friction is the challenge there. So you want to have basically a frictionless experience, but still comply with strong policies and data protection policies like PII and other things. So that's one of the key things that is a challenge there. Security will always have that component of friction and how much friction will customers tolerate versus saying,"I've had enough and I'm going to go somewhere else to have this experience." Because you provide too much pain for me is always that challenge between the security team and in the customer satisfaction teams. You always see those those debates say, I think pandemic era where we're definitely seeing that that that security posture is is kind of maybe winning out. So we're going to start to introduce some friction and you're kind of going to have to deal with it. So that's kind of one of the things we're seeing, too, as well.
[00:06:24] We try to use our tech at BehavioSec to really reduce the friction and maintain that high security posture. That's one of the strengths of what we do, is we try to do that to support that customer initiative. The other thing is we have a really unique signal that can help reduce that friction. So when when the users log in, we can look at behavioral scores and if those scores are an acceptable threshold, we'll just basically tell the customer to bypass those step ups because they're no longer required. And that is a big component.
[00:07:05] We've actually implemented it internally here at BehavioSec as well. So we we use it every day ourselves. If you type and your behavior's good, you're right inn the system, no step up is required. And, Gia, I'm sure you've seen this as well and it works quite nice. So this is the goal. If we can do this more and more for our customers, as as well as our customers can use it for their customers, then we can create good experiences both for the IAM and SIAM spaces. So this is key to solving this challenge.
Gia Filice [00:07:38] Interesting. So I wanted to tease something out with you that I heard you outline just a moment ago. I know that BehavioSec'straditional segment is banking and Fintech. But you mentioned an internal use case. And you mentioned some other customers that might be kind of out of the box for BehavioSec. Would you care to highlight on maybe some of those places that customers are taking this unique signal, as you say, that we might not have gone on our own if we weren't in this this disruptive transformation period?
Dave McCulley [00:08:20] So I think some of the things we're starting to see that maybe we haven't expected is how we deal with authentication. I think we're starting to see customers trust the behavioral components maybe a little bit more than they have in the past. We don't use it as validation or a credential. We use it as a confirmation that there is a human and it's the right human being behind the keys.
[00:08:51] So we've actually seen some partners and some customers pushed the passwordless authentication model and used this signal as a method to OK thatwe liked the behavior so maybe we don't need to type in the password right now because we're good with what we saw in the username and we can use it as a as an intermediary kind of tool to validate that that user is that user. Maybe we don't need the password it at this point in time. Or if we see a failure, then let's just go to that step up. If we get a good response on that challenge and we know that users is the user of record. So we're starting to see that. We're also seeing a lot of customers outsource this functionality. They outsource trying to find a way to validate that user. Is that the user of record? So we actually validate that quite nicely. Does that make sense to you?
Gia Filice [00:09:48] Yeah, that's fine. That's great, Dave. And I know I put you on the spot a little bit, but thank you for that. And I guess it's this again, begs the question and you did touch on it earlier. BehavioSec is where identity and as you mentioned, access meet. Most customers have an authentication solution, multifactor, zero trust, whatever we want to label it. But a lot of those are a bit long in the tooth or aged and they really no longer protect the customer the way they initially were deployed to do. How do you recommend customers go about addressing this aging authentication problem?
Dave McCulley [00:10:44] This is definitely a challenge we see. Some organizations you have an aging platform that may be home grown and doesn't give you the ability to modernize these modules quickly. We have several partners in this space that do have identity access management platforms. They're really good at modularising these components on how you authenticate, when you step up, what step up vendors do you use, what signals are you looking at, and how to step up. We plug in there quite nicely. That's really one of the advantages of working with a modernized platform because one step up vendor you use today, there may be a better one tomorrow and you can easily plug these in and out. Then we use our signal to work with them on when to use that step up and when not to. That's part of that friction reduction that that we've been focusing on a little bit. Our signal, it has a really strong A.I. and machine learning component behind it. It allows those customers to maintain a strong customer profile and you can implement as strong of a policy as you want. We allow you to adjust those signals when they come in and when you want to step up and not step up. But again, if you have an older legacy platform, a tougher integration point. If you're on one of the more modernized platforms, very easy to take those types of signals that we provide and modularly include them or and include them as needed.
Gia Filice [00:12:32] Great answer. Thank you, Dave. I think my my last question is a little bit of a crystal ball question and it's, as we settle down to our whatever our new normal is going to be, where do ou think things are going to sit for customers three to six months from now or even a year. I know that's a long time. But what's your perspective on that?
Dave McCulley [00:13:00] Great question, Gia.
Dave McCulley [00:13:02] You know, with the pandemic, we've had lots of unknowns and these last four or five months have definitely been a technical challenge for a lot of organizations for sure. The challenges, we don't know what the next four to five months or the next year or even going to look like. We don't know how fast we're going to come back. We don't know how fast we're going to be able to contain this particular pandemic. So I think we just need to be prepared and be dynamic, be able to think about how our environments are going to look like in four or five months and maybe even a year or more. Employees may not come back in certain environments as fast as we'd like and in other environments they may come back quicker. So I think being prepared and being dynamic for that is going to be key. I think we've spent the last four to five months finding those short term gaps and how to fill them. Well, what are those long term gaps going to be? What are they going to look like? And what is an organization's appetite for risk when so many employees and customers and contractors are are having a heavy online presence or having a heavy remote presence? What are those demands and those gaps going to be, that's that's still to be determined. But I just think we need to be a little bit patient and we need to be dynamic in how we how we go through this. As I mentioned earlier, I think budgets are going to shift. There may have been a slot, a long term strategy and goals and how things were going to be two to three to five years out and now you're going to see a lot of budget shifting and adjusting when you have a pandemic like this.
Dave McCulley [00:14:52] I think the term disruptive transformation, which we we've used a lot and it's been this common buzz word, has really been put to the test with this pandemic because Covid19 has definitely been disruptive and we're transforming as fast as we can to accommodate for it. I think we're going to continue to see that in the next six months to a year. So digital transformation, I guess, is going to give us a whole new kick start, which is exciting to see and hear at BehavioSec. I think because of how we operate and where we sit, we can really be helpful in that transformation. If it's a struggle for an organization to validate that their users and their contractors and their customers are who they say they are and you're not concerned or you are concerned, I should say that a criminal element may be taking advantage of this scenario, as is typically done then we can know and we can be there to help you and support you along the way.
Gia Filice [00:15:52] Well, that's great. Well, thank you, Dave, so much. That was my last question for for this round. But I'd love to come back and maybe revisit some of these topics with you. And maybe it's a late summer, because I think, you know, this is the heart of where we are right now for online trust and especially identity and access. So I really appreciate your time. And for you being with us today, I think are our listeners out there. We appreciate you. And I guess everybody have a good day. And again, Dave. Thank you. Thank you so much.
Dave McCulley [00:16:29] Thank you. Gia it's my pleasure.
Outro [00:16:32] BehavioSec, ID Forum.