Marcus Richards
We have an Identity Assurance solution that is intrinsically secure with a powerful Insider threat deterrent and offers immediate compromise detection & its recovery.
Tell us about yourself?
My first job was a Lecturer in Mathematics at Manchester University. I lost interest in the teaching side and decided to pursue a different career in the IT industry. After several posts in large US Hardware corporations, I left to help my brother who had started an electronics company, this evolved into a software house doing small bespoke projects. It was during one of these projects for physical access control for the port of Dover that I became obsessed with remote data access security.
If you could go back in time a year or two, what piece of advice would you give yourself?
Do not assume if you a better approach and a superior technology that prospects will automatically seek you out; you have to do the reaching out and convincing.
What problem does your business solve?
You need to know who is trying to access your data crown jewels, but data breaches continue to proliferate.
There is evidence that at least a third of serious data breaches are aided by internal collusion. The bigger the organisation the more likely to have a disaffected employee or subcontractor driven by the persistent human frailties of Ideology, Revenge and Greed.
However, the current methods of User Authentication are vulnerable and so provide convenient excuses and added confidence for disaffected Insiders to deny their or their collaborators illegitimate access.
There are different reasons why the main techniques are inadequate and vulnerable.
For example, many methods rely on keeping fixed secrets like the embedded key in SecurID token or the private key in Public/Private Key like FIDO2; if discovered or more likely disclosed, the security is bust.
Techniques based on noticing exceptions to the usual User behaviour have generated a perverse effect –senior executives with the most privileges want the most flexibility, so they become the obvious targets for hacking. There is continuing conflict between convenience and risk because the method is non-deterministic.
Cloud based Identity Providers use vulnerable methods like SMS and Email login codes but also demand the surrender of User identifiable information like Email, Mobile Number but their small print denies all liability in case of breaches.
Recently there are lots of fashionable claims about “Passwordless Authentication”. Having to send your mobile to headquarters to inject the private key is cumbersome so most do self-provisioning via an email – a hackers’ gift that keeps on giving.
There is no inherent protection against Insider disclosure of the private key. On request, we can show the deficiencies in any of the current methods in greater forensic detail.
What is the inspiration behind your business?
The inspiration for our CASQUE Technology is the simple idea that if there is no fixed secret there is nothing for a Hacker to target or for a complicit Insider to disclose; so it is possible to have an inherently secure Authentication offering.
What is your magic sauce?
Our solution, it uses an innovative Challenge Response protocol. It requires the User to have a special highly secure chip (EAL6 rated) with our code in it to respond to the Challenge message. This chip is made into a contactless Smartcard.
We generate random on the fly and use it to replace keys in the secure chip. There is nothing fixed for a hacker to target or for an Insider to disclose.
All access attempts are logged, if the User has possession of the Smartcard no one else can get in. We remove excuses for corrupt insiders to deny access which makes a powerful deterrent. We have made 4 inventions, one of them has granted US and EU patents – the three others remain secret.
The product easily meets the criteria for the highest assurance level as specified by US National Institute of Standards and Technology without the need for additional methods.
We have worked hard to have mutually tested integrations that work “out-of-the-box” with the main Network Gateways so you can easily add CASQUE to existing deployments. We have 3 years of faultless working with projects for the UK Ministry of Defence.
Our latest development uses the industry standard, federated Identity Protocol called “Open ID Connect”. CASQUE allows the Customer to own and control access to their IT resources wherever they are located. There is no requirement for the Customer to yield User identifiable Information to any third party.
The CASQUE Smartcard can also separately have a Payment App on the same Smartcard. CASQUE fulfils EU’s PSD2 requirement for Strong Customer Authentication so full banking capabilities can happen on a User’s mobile without resort to using Main Banks’ Authentication – true Open Banking.
What is the plan for the next 5 years? What do you want to achieve?
The Identity Assurance market is growing and CASQUE has unique benefits to be the natural choice for being the High-grade Identity as a Service Platform. Stand-out benefits include the capability to immediately detect clone compromise and then recover and the fact that there is no susceptibility to Quantum Computing and so is future proofed.
It is increasingly clear that the key to reduce Cyber risk to the Enterprise is to control access to privileged accounts but using vulnerable authentication techniques to protect this access is stupid. CASQUE is the natural choice to police the Priest Class.
We predict that Organisations will find it more attractive to use third party Managed Service Providers (MSPs) to provide their Identity Assurance. This is possible through the widespread adoption of Open ID Connect protocol which defers authentication to an independent Identity Provider.
Our Economic Moat is built on these attributes: Intrinsically Secure, provides comprehensive Insider Threat Deterrent, Protected IP, Immediate Compromise detection and recovery. The natural choice as the Engine for the growing Identity Assurance as a Service Market.
We look to persuade MSPs to add CASQUE to their portfolio by offering Identity as a Platform and to share the fun and rewards of our exciting ambition.
What is the biggest challenge you’ve faced so far?
Our initial quest for a better approach to Identity Assurance was met with universal scepticism so we have had to self-fund all the development of CASQUE. It is now a ready to use product suite and our challenge is to persuade partners to see the significant benefits and exploit the opportunities.
How do people get involved/buy into your vision?
We want to show Enterprises who are concerned about their privileged accounts being compromised that we have an Identity Assurance solution that is Intrinsically Secure with a powerful Insider threat deterrent, and offers immediate compromise detection & its recovery.
