GRD Tech: Cybersecurity

With spring just around the corner we jumped into the pool with a new blog section. At GRD Tech, our colleagues will talk to about the most disruptive technologies and trends of the moment, besides telling us first-hand about the technologies we are developing and the problems they solve.

In this first publication, our colleagues Juan González (JG), director of Security & Privacy department; Daniel Ramos (DR), International Business Development Manager; and Pablo Dago (PD), engineer-researcher, explain us about cybersecurity and security technologies. Just over a week ago, this dream team came back from San Francisco after attending the RSA Conference 2019, the largest ICT security professional meeting in the world. Our team showed Black ICE HSM by Gradiant (a tool for the efficient management of financial HSMs), our biometric systems for identity verification on digital onboarding and authentication processes and Valida by Gradiant, for detecting manipulations in digital documents (identity documents, passports, payrolls, invoices, etc.) provided by users in Know Your Customer (KYC) processes. This technology, which allows companies to offer an extra level of security in online processes, was first presented at the Consumer Electronics Show (CES) and a month later at the 4 Years From Now (4YFN) platform of the Mobile World Congress (MWC) in Barcelona.

How was the experience to participate in the RSA Conference for the third year in a row?

JG: Very positive. Every year we gained experience and make our presence more professional too. The first year, in 2017, we went as visitors and attended some meetings; in 2018, we took part hand in hand with ICEX; and this year we’ve consolidated our presence with our own booth, within the Spanish Pavilion.

DR: we’ve had very good days. Beyond participating for the first time with our own space, we’ve been building networks we’ve made the previous years and in other international events -such as the CES or the MWC-, as well as making new ones. In short, it is important to go to these events because it’s where all the relevant actors in the world of privacy and cybersecurity meet, so there is an important visibility factor.

PS: I totally agree, the RSA Conference is a very specialized event and every year brings together more than 40,000 people. It is the great event for security technologies, one of core strategy goals for Gradiant. We had to be there.

How have Gradiant solutions been received in San Francisco?

JG: Very good. BlackICE HSM by Gradiant has attracted the attention of HSMs (Hardware Security Module) vendors. These devices have stablished as a standard for banking companies, ensuring digital financial transactions of customers. Our solution provides a secure tamper resistant environment, facilitating the development of flexible architectures that allow a more efficient use of HSMs, as well as not requiring very specific personnel for their implementation. BlackICE HSM makes quicker and safer to adapt to more dynamic scenarios, essential for the implementation of new fintech services.

DR: In this transition to financial services digitalization, new mechanisms are also needed for user authentication to guarantee security and prevent spoofing attacks. In this regard, our biometric systems for face, voice and signature recognition are an effective solution, which are adapted to PSD2, the European Commission’s new directive for payment services. This standard establishes as necessary a ‘strong authentication’ to be made, meaning that the authentication system must use at least two of the three following factors: something the person knows (a pin, a password…); something the person has (token, card of coordinates) and something the person is: biometrics.

PS: Besides, Valida by Gradiant, our fully automatic forensic analysis tool that detects manipulations in multimedia documents (jpeg or pdf files) to prevent online fraud, has stood out RSA attendees, especially those who are responsible for fraud and information security.

What cybersecurity trends have you seen at RSA?

JG: There’s always a recurrent topic in this conference that has direct relation with one of the goals of Gradiant’s Security and Privacy department: Security Analytics. How to put Artificial Intelligence and statistical modelling technologies in cybersecurity field to solve large amount of data management that security analysts must review.

DR: The IoT paradigm, user authentication systems and HSMs were other highly interesting issues. In addition, Telefónica showcased Stella FileTracker, a secure solution that allows to know where information is, no matter if documents are on-premises, servers, email or in the cloud; developed at the TEGRA cybersecurity centre, powered by Gradiant and ElevenPaths.

Will Gradiant be at the RSA Conference 2020?

All: Hopefully!

JG: We’ll work for it. Besides, in 2020, we would like Gradiant to promote the participation of Galician security technology firms in international events like this.

DR: Gradiant is currently in the process of becoming international, we’re harvesting the fruits of all the work we’ve been doing in the last five years, such as collaborations with Telefonica, Microsoft or Samsung. One of our main goals is to attract that know-how and expertise we’ve collected abroad to help companies within our context, so that large corporations invest in Galicia. All this effort serves to improve the competitiveness of Galician SMEs. We like to see ourselves as those who are opening up the technology path, this is our essence, looking for the most disruptive innovation to bring it to Galicia and generate new business opportunities in industrial ecosystem. To continue on this path and bet on regional industry, we have a close collaboration with both, companies to understand their needs; and public administrations, who wish to consolidate a sustainable and quality technology model.