As authentication options blossom, startup tries to simplify deployment, maintain flexibility

A startup with a strong pedigree is trying to address the problem that businesses have keeping up with the ever-increasing options for authentication.

Transmit Security is shipping a server platform that off-loads the authentication chores that would otherwise reside within applications, making it simpler to roll out authentication in the first place and to upgrade it later without ever touching the applications themselves.

Rakesh Loonkar

Transmit Security Platform (SP) connects to applications via APIs to enable biometrics – eyes, voice, fingerprint, face – push notifications, one-time passwords, and even third-party authentication platforms, says Rakesh Loonkar, the president of the company and one of its founders.

That makes it easier to change the methods of authentication over time because the changes don’t require altering the apps either.

Authentication policies can be dynamic, too, so if a connection is being made from an insecure machine or location, those factors can trigger more stringent authentication. These dynamic decisions can be informed by input to Transmit SP from threat feeds and risk-detection systems. The matrices for this dynamic risk-assessment are written within Transmit SP by customers.

In the past when the only form of authentication was username and password, this was less of a concern. Now new methods are cropping up all the time and businesses want to take advantage of them, says Al Pascal, a research director at Javelin Strategy & Research.

But with new channels for accessing applications – mobile, online, phone – and new identification factors, the task is much more complex, he says. There’s no way to know which technology will come out on top, so the best strategy is to stay flexible and try to keep costs down.

Customers of Trusteer told Loonkar they needed a less rigid way to integrate authentication into applications that didn’t require touching the apps themselves, Loonkar says, and that was the genesis of the idea for Transmit Security. Transmit Security’s co-founder and CEO Mickey Boodaei was a founder of the application- and data-security firm Imperva, and with Loonkar was a founder of Trusteer, which made security software for online banking. IBM bought it in 2013.

The claim Loonkar makes is that within hours the platform can be configured to support the authentication logic customers want and push that to applications as opposed to the six to 18 months it would take to program the logic directly into each application.

He cites two major use cases. The first is mobile-centric omni-channel authentication, which lets users connecting from mobile devices be transferred from an online banking app, for example, to a live customer-service rep without reauthenticating. The second is to incorporate biometrics as a password replacement without incurring the cost of writing code for it into every application.

Rizwan Khalfan, chief digital officer at TD Bank Financial Group, is a customer. He says existing authentication schemes are siloed, so for one division IT would have to support touch authentication for mobile devices, passwords for online and a card for face-to-face transactions. Each platform had to be purchased, monitored and maintained separately and the group has tens of these platforms, he says.

Khalfan says he was looking for something that acted as an authentication service or hub that supported various authentication methods and allow for authentication to persist if a customer moves from one channel (online) to another (live phone chat).

He says authentication point solutions are expensive to maintain and require individual investments across all channels. The hope is that when Transmit SP is deployed, it will provide future-proofing so that new authentication methods can be supported on the platform without requiring an additional capital investment.

Transmit Security is announcing a $40 million private investment by its founders that should take the company to profitability. “We believe in ourselves,” Loonkar says.

The company was founded in 2014 and has sales and marketing offices in Boston and research and development in Tel Aviv. It has 30 employees now and the headcount should double within the next year.

Pricing is confidential, Loonkar says, but it’s based on the size of the applications being supported. Transmit SP can be deployed on premises, in private or public clouds, or in a hybrid arrangement.

Transmit Security competes with authentication vendors and service providers including Centrify, Duo Securty, IBM, Nexus, Okta, Ping Identity, RSA, Safenet (Gemalto), SecureAuth and many others.