Managed.IT - issue56

MANAGED.IT 27 SECURITY Shanghai that they could steal victims’ fingerprints from drinking glasses in about 20 minutes. SMS-based two factor, which has a huge foothold, can also be easily defeated by ‘sim fraud’, where a criminal fools a service provider into letting him/her take over someone’s number. This is so common even my Neighbourhood Watch group has been warning about it. MIT: How can organisations implement Shayype and what are the costs involved? JB: We realised we needed a way of making Shayype easily available to SMEs and other types of business, so we made use of a terrific Identity and access Management (IaM) package called Keycloak, created by Red Hat (now part of IBM). Similar packages are available, but Keycloak is very robust and adaptable and has built-in adapters for working with virtually every conceivable platform, such as Microsoft 365 and Active Directory, so that any competent IT firm armed with the Shayype ‘application protocol interface’ (API) can create an impenetrable ‘wrapper’ around existing or legacy systems. The advantages of such a system are huge, because it permits ‘remote authentication’, where the process of authenticating users is done completely offsite, which raises security enormously. Entire workforces can be given an OTP facility, as can customers, contractors, suppliers etc. Added to that, Shayype Keycloak will enable single sign-on, allowing users to link seamlessly into every application they’re required to use, without having to put in individual passwords, which can create yet more security problems, before logging out at the end of the day. Administrators can easily manage access privileges, so if for instance an employee needs to look at something after hours from home, they may be allowed to do so, but only with limited access. Companies that want to install Shayype on an existing platform will be able to do so using an SDK (software developer’s kit) which we‘re in the process of writing. However, we believe use of the Shayype Keycloak version will bring significant advantages, such as automatic updates and easier central management, so that’s what we recommend. The cost? We’re talking to a handful of potential first adopters and IT installers, and part of those discussions are about how much it will cost to use Shayype. Since, for the most part, it will be working in the cloud, we need to run a few pilots to see what the real running costs are before we develop a full pricing structure. However, we aim to offer Shayype as cheaply as possible – hopefully in the region of less than £1 per user/year. MIT : What feedback have you had from early trials – and what lessons have you learnt? JC: It’s early days and we’re still only talking to potential first adopters, but even so the feedback has been incredibly positive. We did a programme of user trials at the outset, and one person was so amazed at how easy it was to log in with Shayype, he said ‘Is that it?’. A graphical system like Shayype will always win over horrendous ‘strong’ passwords, which we know people struggle to recall and use. Because of the problems people www.managedITmag.co.uk have with deliberately complex passwords, they will inevitably end up writing them down, which defeats the object of a mentally held secret! Password ‘wallets’ aren’t really an answer either, since each individual password is just that – a password. MIT : What are you planning to do to take Shayype and Cloud-pin Ltd to the next level? JC: We have three potential routes forward. First, from an SME perspective, we aim to create a network of sector-specific IT company partners that are able to re-sell and install Shayype Keycloak. Alongside this, we want to offer a solution for individuals using Gmail and Google apps. We believe that having the equivalent of two factor authentication but without requiring any extra devices, even a phone, will be amazing. We’re aiming to launch a crowdfunding campaign for this project, so watch this space. Thirdly, we see a future for Shayype in areas like blockchain and IoT. MIT : Does the channel have a role to play in driving take-up of the technology? JC: Certainly. Shayype has the potential to increase security in almost any scenario you can think of. We’re just starting to talk to those in the channel and are pleased to see interest rising fast, because it’s clear that Shayype is the first secure ‘knowledge-based’ factor, and the first real advance in authentication in years. www.shayype.com Shayype Keycloak will enable single sign- on, allowing users to link seamlessly into every application they’re required to use, without having to put in individual passwords