Jason Pendergist, Chairman of the BoardA security breach is a catastrophic event that can destroy the reputation and market value of even the largest organization. CIOs who want to survive and avoid this preventable catastrophe need to address many simultaneous security risks. For instance, in the legal industry, CIOs who are entrusted with client sensitive information may focus on deploying physical security systems in offices, locks on files, and restricting access to certain rooms. In the virtual data space, access rights are often overlooked or are insufficient to the challenge of external threats. Adding to the complexity of data access security is the challenge bring your own device (BYOD) creates. Digital natives demand seamless multi-channel experiences, further multiplying the challenge for CIOs to safeguard sensitive digital information.
Such was the case of a CIO, at one of the largest US court systems, who found herself in a tough spot trying to satisfy the wishes of an increasingly mobile workforce who needed access to data resources—anytime, anywhere and through any device. The organization recognized that providing secure and seamless access to resources on-demand was critical to increasing the court system’s throughput and productivity. Despite using a leading one-time password (OTP) platform, the system was not satisfied with the high replacement costs and loss of security when an employee lost or misplaced their hardware tokens. With an aim of improving their security posture, reducing overall costs, and simplifying the user experience, the organization sought a fully integrated authentication solution that would support the court system’s move to BYOD while eliminating their existing, expensive hardware tokens. Their search ended with DirectRM, a company which enables its client’s security through a full range of digital security solutions.
DirectRM had created the world’s first easy-to-use and highly secure Invisible Cloud Token. The DirectRM Invisible Cloud Token utilizes a proprietary technology providing clients with a token-less solution by transforming the users’ browsers into a virtual token. Employees working for the court system are now able to access resources from anywhere and using any device without having to compromise on security. Support and training costs were significantly reduced by the user-friendly design of the DirectRM platform and through the elimination of hardware tokens. The Invisible Cloud Tokens from DirectRM are compatible with multiple mobile platforms and can be used on multiple browsers simultaneously. The court system was able to embrace their BYOD policy knowing that a comprehensive security solution was protecting their networks and confidential data.
Success stories like the court system highlight DirectRM’s commitment to solving the most pressing computer security concerns: authentication and identity theft. The company primarily serves finance, education, healthcare, legal and government markets.
Driven by a mission to revolutionize the identity verification segment, DirectRM offers a complete security suite based upon the Direct Authenticator platform. Direct Authenticator enables an industry exclusive adaptive single sign-on with identity federation to seamlessly orchestrate and distribute enterprise identities between mobile devices and cloud services. As Jason Pendergist, Chairman of the Board at DirectRM, describes it, “We provide best-in-class identity security protection and access management and our Direct Authenticator is possibly the only fully integrated suite of security products available in the identity and access management world. By creating Direct Authenticator, we have saved our clients the need to assemble a diverse collection of individual products from many vendors to solve this mission-critical problem for enterprises.”
DirectRM’s Direct Authenticator, based on their uniquely powerful 6A security architecture, helps organizations upgrade network security and mobile payment applications with fingerprint, biometrics, facial recognition, and OTP authentication methods. To begin with, Direct Authenticator meticulously registers the clients’ existing identities protected by a powerful firewall. The first of the 6A’s is a full security assessment of any device attempting to access the client’s network. No device is allowed access to the secure network if Direct Authenticator identifies a security flaw on the device. Once a threat is identified, Direct Authenticator leverages over 2,800 scripts to cleanse the device within just 10 seconds.
We provide best-in-class identity security protection and access management and our Direct Authenticator is possibly the only fully integrated suite of security products available in the identity and access management world
“Unlike our competitors who allow ransomware onto the network, then try to contain the ransomware, we are the only company that denies ransomware an entry into a network, as hackers are becoming more sophisticated and will figure out a way to break containment,” says Pendergist. “We also enable client’s on-premise authentication through a proprietary VPN and allow access to cloud and SaaS services to meet their specific application security needs and requirements.”
DirectRM delivers its Direct Authenticator services in two ways: on-premise based security and cloud based security. The on-premise security implementation includes a firewall, remote workforce identity federation, virtual private network, remote desktop, a service portal, and single sign-on. Enabling a perimeter-less single sign-on, DirectRM’s military-grade security for cloud utilizes cutting-edge capabilities for authenticating-once while allowing access to multiple independent systems across the network. The company provides free soft tokens downloadable from Google Play or Apple App Store, and invisible cloud tokens to revamp employee and consumer identity authentication over an enterprise network. “We provide the QR code, a scanner, and the related seed records with every download of our tokens for uninterrupted access of online resources,” adds Joseph Baggio, the founder and CTO of DirectRM. The company’s QR is one of the eight unique methods of 2FA that works with the Direct Authenticator core engine platform.
From a password management standpoint, DirectRM’s Invisible Cloud Token allows users to log in from any device and receive an OTP via text message or an email for the first time. Once the user is authenticated, the company adds seed records at the start of a browser session, which is valid up to 90 days. This allows the user to log in through the portal and access the resources for the next 90 days with just the active directory credentials and one-factor authentication method. As Baggio explains, “When a user ends the session and closes the browser, we eradicate all traces and footprints of that session so that hackers cannot procure any critical user information. The user can simply have the Invisible Cloud Token re-authenticated after 90 days on the same or a different browser.” Baggio goes on to mention that DirectRM’s authentication solution adapts to the login method and the password management system the companies utilize. “If a company with single sign-on allows employees to change their password every 90 days, we integrate with their active directory and dynamically adapt accordingly.” DirectRM has also developed an all-in-one enrollment server that automatically links unlimited numbers of users to Direct Authenticator and Active Directory in a single click. This tool allows for almost instant installation of new users reducing implementation costs, hassle and timeframes versus the competition.
Finally, DirectRM is all set to unveil its new hardware token— the All-in-One Card. The All-in-One Card is a credit card sized device with an e-paper-display screen, pin pad, and even a cell phone. This eight-function card acts as a hardware token generating OTPs, as a credit card wallet meaning you can store all your credit cards on one PIN protected card, and is a secure hardware based wallet for cryptocurrencies. From generating OTPs or QR codes and cashing in crypto coins to instant ATM access and seamless mobile payments, the All-in-One Card will be a real game-changer for data security across finance, healthcare, legal, and education sectors.