As the prevalence and sophistication of cyber threats increases, so does the importance of meeting the threat. Recognising this brutal reality in our increasingly connected world, 2018 saw Deloitte introduce a new Fast 50 category: the cyber security award.
Open to companies with a focus on developing cyber security solutions, and aimed at those who devote a significant portion of income to research and development, the award is intended to acknowledge the innovative and cutting-edge solutions being developed by Irish companies, and the inaugural winner was SensiPass.
SensiPass provides strong multi-factor authentication solutions, with a focus on serving companies in markets driven by a regulatory demand to improve security and compliance.
“We’ve got quite a few patents and our approach to user authorisation is unique,” said SensiPass founder and chief executive Michael Hill. “It’s very disruptive and solves all kinds of problems.”
The company is export-focused, with a particularly keen eye on the United States market. Hill, originally from America himself, decided Ireland was the right location for SensiPass, explaining why with a wry joke.
“I usually tell people that I came here for the weather – I’m originally from Milwaukee – but the main reason is because of an availability of funding. There wasn’t that availability back then in the Midwest, though that has changed now.”
In addition, as a tech centre Ireland was a sensible choice for SensiPass.
“A lot of the companies we supply to have a presence here. It’s supply and demand,” Hill said.
Aimed at industry, healthcare and government, particularly critical infrastructure and high-exposure areas, SensiPass aims to make authentication work.
This is no small task, because as almost everyone agrees, passwords are fundamentally broken. SensiPass addresses this with new techniques and technologies that bring the security of multi-factor authentication without either the back doors or the onerousness it is typically known for. One upshot, though, is that SensiPass’s proposition is sometimes misunderstood.
“We’ve run the gamut from being called a fintech company to biometrics, but that’s not what we do at all,” said Hill. “There are three ways by which we prove our identity: biometrics, secrets or tokens. People say ‘We’re killing the password’, but there’s usually a password, or even a four-digit phone PIN, in the mix somewhere. It’s stored on a 39-cent chip on the phone. This is not secure.
“The other thing is that the industry is only ever using two of the potential three factors that are possible in authentication. You don’t hear about three factor authentication.”
Hill intends to change this, but to do so in a way that is not only secure, but one that can actually be used by people. In other words, without sacrificing security – in fact, increasing it – SensiPass takes user experience into account.
“We’ve innovated in a place nobody else has: the knowledge factor, the password and PIN code. We turned it from a static alphanumeric string of characters into a secret interaction, which is something we do as humans. We’re interacting with the biometrics and that creates a signature that’s never the same,” said Hill.
SensiPass leverages other people’s biometrics and has added its own voice recognition technology, but this alone is not the key to what it does. The key is to rely on humanising factors rather than mere memory.
“It’s not just face recognition, it can be voice recording or it can be interaction with an AR [artificial reality] object,” said Hill.
For SensiPass, winning the inaugural Fast 50 cyber security award is about more than just recognition of the company’s growth, though. It also means SensiPass’s technology is being taken very seriously indeed.
“Deloitte is the leader in cyber security consulting, so for them to recognise us as the top company in the sector is great validation,” said Hill.
The timing could scarcely be better: the company is now opening an office in Washington DC to work with departments of the US government.
“They seem to have quite a passion for what we’re doing. Definitely it’s gong to help as we open our office in DC,” said Hill.
Ultimately, what SensiPass recognises – and what it hopes to demonstrate – is that authentication done right can provide the level of security that is demanded in a world where critical infrastructure is increasingly connected.
“We’re much more secure. That’s why were getting attention from the aviation industry, US federal agencies and so on. People can understand what happens if the wrong guy getting into a water system or shuts down a power station,” said Hill.