InfoSec Europe 2023: AuthN by IDEE on Tour!

We know you know we went to the show! We talked about infoSec non-stop for about a month on the run up to the event - we were so excited. And with good reason. It was our first big UK show and we were lucky enough to attend thanks to our sponsors and friends at the (DSIT) Department of Science Innovation and Technology. 

It was a whirlwind and as you can imagine we have been pretty busy on the other side of it all, but now that the dust is beginning to settle, we wanted to write this round-up, so we could share our experience with you, including:

·      InfoSec Reloaded – Our presentations.
·      Show Highlights – Peak shenanigans.
·      Take-Aways & Trends – What we learnt from collecting over 200 quality leads!

InfoSec Re-loaded

So, let’s get started with the presentations. We were incredibly flattered that both our talks were massively oversubscribed with standing room only. We’re not pointing this out only to blow our own trumpets, but it is encouraging to see that MFA is now beginning to attract the attention it deserves and there is some great traction taking place in industry. 

InfoSec did not record the talks at the show, but we have re-recorded them for you, so you don’t have to miss out. And if you were there, here’s your chance to re-cap or share it with all your friends! 

ALEX CHRISTOPHE – HOW TO BECOME PHISH-PROOF…  IN JUST 15 MINS!

You know, 90% of all breaches start with phishing. You also know that app-based MFA cannot do anything about that. So, what is the answer? 

More devices? Nope. 

In this talk we discover how AuthN by IDEE easily solves this issue and more, in a session that is so simple, we can show you in just 15 mins (which is also as long as it takes to deploy)! 

‍

AL LAKHANI – MFA:  THE GOOD, THE BAD & THE UGLY 

1st generation MFA (push, QR, OTP) is good at only one thing, protecting against brute force attacks. The UX is just plain ugly. And the deployment experience is so bad, that no business will voluntarily deploy MFA. 

The only businesses that do deploy MFA are usually large enterprises with massive IT budgets. But 99% of UK businesses are SMEs. Who is going to protect them against phishing and ransomware attacks? 

This session was a live case study and demonstration where we demonstrated how to deploy un-phishable MFA in less than 15 minutes - MFA that protects against all credential phishing and password-based attacks, including AiTM attacks.

InfoSec Show Highlights

We met so many cool people, but some of our highlights include Natasza from G2, who stopped by to gift us our much-coveted G2 High Performer badge in real life! Thanks, G2 – you rock! 

We met with the guys from XplicitTrust, our partners at TD Synnex, lots of customers, colleagues, and friends. It was great to see that the stand was also well received! 

Take-Aways & Trends

So, what did we learn and what is hot, and what’s not? 

Main Drivers for MFA Demand

We are not surprised to hear that there is growing awareness surrounding the need for MFA. What seems to be driving the most significant demand is cyber insurance, regulatory compliance (e.g. NIS2) or Cyber Essentials certification (in the UK). For many, this means deploying MFA is a bit of a box-ticking exercise. For this reason, it first needs to be feasible, convenient, and fast. We found that the level of security offered by different solutions is often a secondary consideration, after convenience or ease of deployment. 

What we hear time and again, is that organisations do not have an appetite for solutions that require a second device to authenticate. This is because it is expensive, and it leads to poor user experience. Furthermore, in many cases, the logistics involved in managing multiple devices, keys or fobs is simply not viable. Organizations are looking for solutions that can eliminate these issues. Specifically, technology that allows for existing devices to become the authenticator(s). Along the way, organisations should also strive for better security than achieved by 1^st generation MFA (apps/authenticators/fobs). 

Is MFA Misunderstood? 

We think multifactor authentication is misunderstood. Organisations are yet to realise exactly what can be achieved with the MFA solutions that are available today. Today’s technology enables better security, cost savings, and reduced complexity. The technology has come a long way since 1^st-generation authenticators (apps/authenticators/fobs). The industry needs to do a lot more education in a world where 8/10 organisations still think they cannot deploy MFA.  

Why Should We Trust Cloud Providers? 

One thing we know about the European markets, is that traditionally they have been less hasty to put their trust into the big cloud providers. Hyperscalers such as AWS, Google, and Microsoft are all US-led companies. Recent high-profile complaints have emerged from Europe regarding the impact of The Cloud ACT that allows US authorities to demand personal data even when they are in the EU. 

The fact is, these suppliers are third party providers, and much like any other “contractor” they are not part of your organisation. A move to the cloud is, at a very basic level an out-sourcing arrangement. And would you really trust any one of your other 3^rd party contractors with your most valuable assets, data, and/or IP? Does it in fact, defeat a zero-trust posture? 

We predict that more companies will seek technologies that are zero trust and zero knowledge and zero PII, including from the hyperscalers.

Wrapping Up a Great Show

All in all, we had a great time at InfoSec Europe and learnt a great deal. We may well return for next years’ show – see you there! 

‍