As a cutting-edge technology closely associated with machine learning, big data, and artificial intelligence, biometrics might not seem like an area that would be slow to adopt innovations in IT infrastructure. To hear Aware’s CTO, Mohamed Lazzouni, his company’s acquisition of Fortress Identity was largely driven by the need to provide its biometric authentication capabilities with a flexible cloud infrastructure as the industry adapts to changing new services and business models.
Lazzouni tells Biometric update in an interview, Aware seeks to evolve beyond the traditional biometrics industry way of doing things; which is not cloud native.
The change is profound for both biometric providers and their customers, he explains, and includes not only technology but business concerns as well.
“If you’re used to doing it one way, buy software, manage software, install software, etc. at the market,” Lazzouni observes.
Therefore, part of Aware’s strategic plan is to reduce market adoption risks with a targeted solution in one area, which will accelerate adoption.
This drove the search criteria that resulted in the acquisition of Fortress Identity, which Lazzouni says has so far delivered “everything we expected.”
Changing approaches to infrastructure
There are two forces currently slowing adoption, Lazzouni says.
Organizations facing significant compliance burdens, from financial services to law enforcement, are reluctant to try anything new that could result in a breakdown with their regulatory regime.
The second is the business change mentioned above, which often has to be done by deviating from the experience and investments to date in training and skills development, a range of stakeholders, CISO to data governance and security professionals.
“All of a sudden, you now have to interact with a vendor who is offering you something that requires you to transact in our cloud,” Lazzouni describes. “Now that data is starting to migrate from your system to somebody else’s system where you now have to have some control over their mechanism of doing things, their governance of the process and so on. This creates natural anxiety and friction.
Biometrics vendors must choose between traditional and more innovative, cloud-native approaches to reassure potential customers about cloud security, Lazzouni says. The latter involves concepts such as zero trust, zero knowledge and distributed nodes, which he says Aware uses to demonstrate that it can meet its compliance and security commitments.
“There’s no reason for you to add security to your IT closet,” he asserts, “you can use it through the cloud if we guarantee that we know how to do it and we do it.” do well.”
This approach is already gaining converts, he says.
“We went from markets to intrigued people. Those who are intrigued turn to early adopters.
Yet, he warns, “the burden of proof is on us.”
Securing the cloud
Architecture and education are key to convincing companies that can benefit from moving to cloud-based biometrics implementations, Lazzouni says. There is always some reluctance from customers to make changes which may involve risk, but “you can solve the problem via the architecture and technical toolkits”.
Stateless APIs are one of the primary technical tools Aware uses to deliver secure cloud services.
“The data only persists for as long as it takes to complete the transaction, and then it’s immediately deleted afterwards,” he explains. “So the data is in no way subject to PII governance rules and things of that nature.”
The first to move tend to be those with the most pressing and well-defined problem. In this case, they are financial services companies and fintechs. They have to rely on people using their own non-standard devices, which “brings with it a whole host of interesting challenges”.
Their customers are extremely varied in terms of comfort with these devices, and the solutions must adapt to their situation.
“You need to oversimplify it to make the experience as pleasant as possible for people,” says Lazzouni.
However, companies are ultimately happy to offload the burden of removing friction from the process.
“When the fintech industry realized they could hire the products and services of companies like Aware, or the combination of Aware and Fortress ID to tackle these issues and do well,” explains Lazzouni, “then you can now see the match and the speed of adoption.
Aware’s platform is designed to be “deployment-agnostic,” according to Lazzouni. “We are launching a toggle switch; it goes one way or the other, but what’s inside, the bottom is the same.
Similarly, the company’s entire portfolio is promoted equally, and Lazzouni believes that all types of deployment have their place to meet the needs of different customers.
However, the cloud retains particular importance.
“This particular segment, this area of the cloud, we see emerging as the connective tissue of the entire portfolio, whether it’s for biometric search engines, or biometric orchestration, or biometric B2C applications, or whatever. Either,” says Lazzouni. .
“To that end, it has become central to our growth, our future, and the push we are making in the market,” he adds.
It’s part, he says, of the continued maturation of the industry. Just a few years ago, biometrics was an afterthought; “Somewhere at the end of your database or in a field in some form you have something that says ‘if you need biometrics add it here’. So you see the field and it go. Those days are over.
Now he sees the demand for portfolio of integrated services that the customer can consume on demand, and compares the industry adoption curve to graphics services seven to ten years ago.
With this growth, however, comes an obligation for biometrics providers to industry, citizens and stakeholders to deliver on their commitments, improve safety and security “so they can trust us with their biometric data,” warns Lazzouni. They must also be privacy-friendly, while helping with innovative business models “that make these solutions acceptable, affordable, and create value for stakeholders.”
With Fortress Identity in the fold, Lazzouni says Aware does just that.
authentication | Conscious | biometrics | cloud computing | cloud services | cybersecurity | data protection | Identity Fortress | confidentiality | Research and development