Dietrich Wecker, Vice President
Many organizations hesitate to make the "buy" decision for a higher level of authentication security until they get hacked. Decision makers may see the need for two-factor authentication but will also be discouraged from using it because it's not going to make them more money or win them customers. Well, the benefits far outweigh the perceived expenses. As when disaster strikes, things can be devastating. On the bright side, many industry regulations now require two-factor authentication—following the government's lead—which has positively impacted the industry. However, organizations that don't need to adhere to these requirements may still drag their feet.
That’s where Sphinx encourages the adoption of multi-factor authentication by making it as easy as possible to add it to an organization's existing infrastructure. “This is also how we segued into working with building access cards which was a token that was already in use in so many organizations,” says Dietrich Wecker, the Vice President of Sphinx. With the Sphinx Logon software, the company combines multi-factor authentication with password management.
Built using smart card security protocols, the Sphinx Logon softwareenforces the ideals of high security and isolation of attack surfaces. “We got our start when the smart card industry was in its infancy, building software in partnership with a couple of the largest, most demanding players in the smart card industry,” states Wecker. “Today, it's more crucial than ever to have a way to securely authenticate users, not just their devices which can be stolen or impersonated.” With the Sphinx Logon software, data is stored and transferred using multiple layers of encryption. Furthermore, the solution transfers logon data to the target location transparently under the hood; data entry cannot be observedand thus, reproduced. In a nutshell, Sphinx offers authentication, SSO, and logon management in one package.
Installing and using Sphinx is where "simplicity" comes in.Since Sphinx requires no changes to the network infrastructure, it's as easy as installing the client logon software and the admin server software. “We work out-of-the-box with most smart cards and RFID cards and readers, so employees can self-enroll with the card they already have to get started.Then they get to present their cards and enter their PIN to logon to windows, websites, and applications,” mentions Wecker. Further, as most Sphinx admins control all employee passwords, the employees never know them and can never give them away. The admin software is feature-rich, reflecting almost 20 years of continuous adaptation to customer needs.
We work out-of-the-box with most smart cards and RFID cards and readers, so employees can self-enroll with the card they already have to get started
Sphinx’s success over the years has come from listening to customers and giving them what they need. “This sounds basic, but we learned early on that a lot of fancy features don't matter if they're not the features the customers really need,” explains Wecker. “Our whole feature palette comes standard with Sphinx Enterprise, making it suitable for allverticals out-of-the-box.” For example, when a mortgage companyin the Western US needed to secure employee logon to networks and applications from the office, client locations, and home, they used Sphinx's managed entries feature, such that employees can just authenticate with their card and PIN to access needed information. The company's on-premise server was contained in a secure space, and Sphinx's strong cryptographic authentication enabled cardholders to access the server from anywhere over the internet via VPN.
Such has been the prowess that Sphinx has garnered by assisting many clients. Another aspect that the company’s customers appreciate is that there is only one license fee in going up and running with Sphinx's solution, based on the number of cardholders. There are no hidden fees for additional modules or capabilities and no weeks-long fees for installation consulting and implementation. Since Sphinx also works out-of-the-box with government-issued PIV cards, more and more government agencies have been approaching them lately; many also want to authenticate users in offline environments. The PIV card has the full security of certificate-based RSA encryption, and PIV cardholders can even continue to use their current PIN, making Sphinx adoption seamless. “First and foremost, we are a security company, and we aim to make security more manageable,” concludes Wecker.