By Sramana Mitra and guest author Siddharth Garg
Sramana Mitra: If you look more closely that problem [of proving you are who you say you are], yes, I think that is a problem that is unsolved and open. But it is also a very big problem, and architecturally how do you see that evolving? Because, on the one hand we have major players who are trying to be the identity that people use to log into various [services]. They have become the single sign-on for identity solutions for the various services out there, Facebook being one of them. So, when you say it is an open problem, what parts of the problem domain are you trying because, it is not a good idea for a startup to go in and say, I am going to become the single sign-on for the entire cloud. That is not a reasonable position to take.
Chris Burchett: True. I mean, as I said, one of the challenges for online banking in particular, is that it is very easy for me to masquerade as the bank site, and if the user is not aware or not attentive, it is easy to trick him or her into entering my password. Alternative authentication methods, be they tied to a token of some kind or through a new approach to algorithmic authentication, that would be able to show the bank that I am who I say I am in a way that an attacker who is in the middle can’t decide for [me]. If you just narrow down to the authentication step itself, that might be something from a security perspective that has not been solved very well.
SM: You are suggesting that we look at that particular problem of stopping phishing attacks?
CB: Right now the prevention is through the browsers and things like that. They keep list of sites that are [legitimate], so that is kind of the antivirus approach. But it is ultimately flawed because you can’t check against every possible combination of what might be bad. It just becomes a bad, unattainable, unscalable approach. If you can solve it in other way by being in the middle, making the attacker in the middle irrelevant somehow, that would be better.
The other thing is that, some of the things that are in the cloud today, it is actually not there in a way that is always readily accessible to me so that I can write to it as I am write to a local drive. So, if I could have the capability to mount any cloud storage or a local drive, I think that is an interesting problem to solve. There are people that have started in that space but I think that is an interesting problem.
SM: What else?
CB: We haven’t really talked about the mobile side as much. But I think from a mobile perspective, the solution for identity and authentication has to be suitable to mobile, and mobile may make some of those things easier. For example, can you use the mobile phone to call back to confirm identities or to text back and confirm that this behavior is really you; so maybe a way to use the mobile phone in two-factor authentication. And when you get into mobile banking or mobile payment systems, it may be really appropriate. I think mobile payments is a very interesting area that will be solved and needs to be solved.
SM: Yes, and there are right now a lot of activities in that domain. It is conceivable at least, within the decade we are going to see credit cards disappear and the mobile phone becoming the credit card.
CB: Exactly! So, that is an exciting space to watch. Certainly too in terms of the cloud, the way that social media becomes a part of the enterprise is a very interesting thing to watch and to think about what parts of the business enterprise haven’t yet been revolutionized by social media and could be. You know, from the way sales acquisition happens to the way support happens. Who knows, some of the financial aspects even, or auditing, [may be next]. There are probably a lot of ways we haven’t thought about how to tap into the social media metaphor in business applications.
SM: And are you saying this is an opportunity for entrepreneurs to look into?
CB: Absolutely. I don’t know if it is necessarily security related, I guess I am getting a little far afield from security.
SM: That’s fine. So, you are saying that the application of social media into various functions of business is an area of opportunity, right?
SM: Right now we work with a lot of companies that are going after applying social media and the dynamics of the social media in business.
SM: OK. Any other thoughts?
CB: Well, you could probably start to look at each industry. But there seems to be a lot of interest in healthcare in the cloud and figuring out how to do collaboration; secure collaboration is an interesting area.
SM: Collaboration among whom?
CB: Well, it could be between patients and doctors, it could be between hospitals, and it could be between research hospitals and pharmaceutical company. I think that secure collaboration in general, and not even restricted to healthcare, is an interesting area. How do we lower healthcare costs but still enable the exciting piece of research and change that happens in health care? That is something we look at as a nation and as a world. That is an interesting set of requirements that the cloud may be set up to solve. But the right systems, the right technology have to emerge to enable people to solve that problem. So, that seems to me like a good, rich space for entrepreneurs to be thinking about.
SM: Yes, I agree with that. That has come up in some of my other interviews. I interviewed Dr. Marcos Athanasoulis, the CIO of Harvard Medical School, and he talked a lot about how difficult it is to collaborate across because they have these data repositories that need to go through and run large simulations, ideally in the cloud. And that entire infrastructure does not exist today.
SM: Very good! So, that was a nice brainstorming session and I have found it interesting to learn about your company as well. Let’s keep in touch and see how this goes.
CB: You bet! Thank you very much for you time.
SM: Thank you, Chris.