Altron partners with SecZetta to mitigate risk through identity proofing
In today’s security conscious world, it is more necessary than ever to ensure the identities of third-party entrants to your network – identity proofing is the answer.
In business today, being able to securely identify the people to whom the company grants access to the corporate network – be they employees, consumers or one of the many third-party players like contractors and suppliers – is absolutely critical. Security ranks among the top concerns for management in the digital era, which is why it is important to understand exactly who an individual is, and whether they are who they claim to be, when doing business with them.
Altron Security understands the depth and breadth of identity and the important role it plays in security. By partnering with SecZetta, the company is now able to solve the challenge of third-party access as well.
When it comes to third parties, most of these enter the network remotely, which means you have to have trust when dealing with them, indicates Jeremy Rohrs, SVP, global channel and alliances and corporate development at SecZetta.
“Such third-party entrants could be contractors, vendors, partners, agents, franchisees, volunteers, freelancers and even non-human entities such as service accounts or applications. With so many varied types of potential third-party entrants, it becomes imperative to ensure they are who they say they are.
“With the strong focus on security today, many organisations are scrambling to understand their risk exposure to third-party players, and to mitigate this. In my opinion, this kind of risk mitigation is only achievable through a solution known as identity proofing,” he says.
Identity proofing actually grew from a function that is completely separate from IT security, Rohrs notes, explaining that it was originally developed in the financial services sector as a means to reduce financial risk relating to loans and lending.
The way identity proofing works, explains Cassie Christensen, Director of Product Advisory at SecZetta, is by leveraging government identity documents – it recognises official documents like driver's licences, national identity cards, passports and more from nearly 200 countries – along with a selfie taken by the user, to prove their identity.
“Basically, they take a photo of their ID document, and send this along with a selfie video, and the solution uses this to determine and prove their identity. We call this short video ‘passive liveness’, and the little bit of movement enables the solution to firstly ensure that this is a genuine image of the user – as opposed to a picture of a picture – and then compare it to their identity document to ensure they are one and the same,” she says.
“We are aware that there is a lot of additional data accessible in this type of comparison, as there is a lot of information on a passport or identity document, so by default, the system does not store this, as it also meets privacy regulations.”
Richard Bird, Chief Product Officer at SecZetta, notes that a solution like this is critical for any company adopting a zero trust approach to security. After all, he suggests, it only takes a single unknown identity in the system to invalidate such a strategy.
“I think that if you asked most companies, even those that have already adopted zero trust, they would say they are not entirely confident that they are as secure as they should be. This is because they have not embraced the idea that identity is a core asset and a vital part of their corporate inventory. Without such a focus, they could easily end up with huge swathes of third-party players using their supposedly zero trust network, even though the business does not have all the information associated with such identities that is actually truly necessary to implement a zero trust environment.”
This, he adds, is where SecZetta is ideal, as it enables the company to confirm all third-party identities, while ensuring they only have access to the data they need to perform their role. “If you truly want a zero trust environment, then the key lies in solving the third-party identity challenge.
“One of the main reasons for our partnership with Altron Security is the fact that the depth and breadth of security knowledge they bring to the table enables them to craft the policies needed to ensure the best security. To enable a security-savvy workforce, you need a system driven by policies and workflows, and which can reduce human intervention and error. Between SecZetta’s security tools and Altron’s experience with process and implementation, we are able to deliver to the requirements of the security conscious organisation, and to help them to significantly reduce their overall risk profile,” adds Bird.
Where identity proofing adds another important layer of security is in third-party life cycle management, which sits at the core of the SecZetta solution set, suggests Reghardt Van der Rijst, Altron Security Practice Lead: Workforce Identity.
“Altron Security has, over the years, developed third-party identity life cycle solutions in conjunction with multiple customers, as a way to bridge the non-employee and non-customer life cycle management gap. Ongoing support, maintenance and enhancement of these custom developed solutions comes with obvious challenges.
“This is another reason why we are excited to introduce SecZetta – because we know there are many customers in our market with this challenge. SecZetta will satisfy these use cases with its configuration-first solution base – to ensure the right third parties have access to the right resources at the right times,” concludes Reghardt.