Thomas Neudenberger, Chief Operating Officer of realtime North America Inc, has over 25 years’ experience in the software industry. He became a biometric pioneer 15 years ago, focusing on granular biometric protection. He is a published writer and speaker on compliance and fraud prevention topics.
Q: Mr. Neudenberger, you are Chief Operating Officer of realtime North America Inc. Can you briefly introduce realtime and the companies background?
realtime started as an SAP consulting firm in Germany in 1986 with a focus on the consumer goods industry but rapidly expanded to the pharmaceutical, chemical, automotive, health, public institutions and agencies, banks, insurance companies and aerospace & defense. The company’s service and product spectrum ranges from IT strategy consulting and process management to conceptualization and implementation of IT systems. We also develop independent security and compliance solutions for customers who have implemented SAP environments. The bioLock Identity Management and Access Control solution provides extensive biometric security capabilities and seamlessly integrates with SAP solutions. biolock could allow DoD and other military agencies the ability to set granular security checkpoints within their SAP System.
Q: Why do you believe that this technology could tremendously increase security for the DoD and Military?
Password and Common Access Card (CAC) based logon has proven to be a weak authentication that can easily be circumvented: Edward Snowden used a coworker’s password to log into a secure system and download a massive amount of sensitive information. Even if the logon would have been protected with a biometric login or a CAC a user like Snowden could still step up to an unsecured terminal and download sensitive information. Instead of relying on the original user profile authorizations, which can be shared or circumvented. The bioLock control center would allow the DoD to set up unlimited security checkpoints that would require authentication with a CAC and or biometrics solution each time the transaction was triggered by a user. bioLock can prove a security checkpoint that would be triggered when the export transaction was executed by the user. Our solution would then require a CAC and or biometric verification to finalize the download. Our solutions could even request two biometric verification dual controls for highly sensitive activities and information. The Snowden incident and many other breaches could be prevented in with DoD agencies using our proven solutions.
Q: What are some ways that realtime thinks ahead to provide for the military future force?
We are applying the same concept the military has used for many years when it comes to physical security – set up multiple checkpoints throughout a military installation or in a sensitive geographical area and check ID of the people that pass through the checkpoints. Further, check available databases to see if certain individuals are specifically whitelisted or blacklisted. The bioLock control and monitoring software add this powerful functionality and many more controlling options to the SAP system. While the main value adds are the control options, the identification possibilities for the checkpoints are very flexible – from re-entering the password, scanning the CAC, or providing a fingerprint scan – the options are endless. Recently we added the option of a palm vein scan as an authentication method. But the software is set up, and realtime is open to adding additional authentication methods as technologies evolve, so the system will always be up to date.
Q: Which branch of the DoD is more suited to your technology and why?
All branches that are already running SAP or planning to implement SAP should be looking at the technology and learn how the technology can help them in their specific areas to protect critical data, prevent fraud, establish clear accountability and stop hackers and collusion.
Q: What challenges do you see in supporting DoD in the future?
bioLock will transform and bring you up to current standards and should be considered in your future digital road map. bioLock is fully supportive of SAP’s new S4 HANA infrastructure, many new web-based and mobile applications emerge, and it will be a continued challenge to secure mobile applications the correct way. Here, bioLock will start helping the first day, as whitelisted functions cannot be executed from insecure mobile devices as the additional requested security credentials cannot be provided.
Q: Can you describe, where the technology has helped a government entity?
The technology was installed at a National Social Security Administration in Africa. Originally is was meant to control and whitelist the administrative clerks that administer the benefits to the beneficiaries to prevent fraud and collusion. While this helped to reduce internal fraud, it still didn’t prevent beneficiaries from filing claims on behalf of other people. Now, every beneficiary is provided with a smart card (similar to a CAC) and has to present the card to the clerk when receiving benefits. While the card automatically accesses the beneficiary record, the clerk cannot access the record until the beneficiary confirms their identity inside SAP with their biometric credentials. It is ensured that only the rightful beneficiary will receive benefits – and only once and not four times in for different towns. Another government agency had HR data illegally accessed by an unauthorized person. The person downloaded sensitive medical information and shared them in the company resulting in a lawsuit. bioLock was implemented to protect access to those sensitive HR data and only allow explicitly whitelisted users access. Another application would be to protect the Material Description field in SAP to comply with ITAR.
Q: How complicated is the installation and what is bioLock’s availability?
bioLock is easily installed in the SAP system via SAP transports. The installation of the client devices is simple and can be done via remote installation. The configuration of the security settings is straightforward and can be done in phases without interrupting any business process. For the end user, it offers a great user experience as absolutely NO training is required. The user will simply provide the requested authentication credentials as required via screen pop up when a check point is triggered. While it is hard to indicate an ROI for a government entity, in the commercial world, based on general accepted fraud statistics, the ROI is in most cases less than a year. The technology is available via realtime partners in selected countries or globally via Fujitsu.
Q: Is there anything else you’d like our community to know?
Yes – I would like to reiterate a very straightforward and long accepted concept that should be applied to IT: When you pick up your ticket at the airport, they check ID. You go through security they check ID. You visit any government facility they check ID before you get a visitor badge and you are allowed in the building. Now, where do we check ID in IT? NEVER! While a CAC logon is a good start, it is still not a valid ID check and does not protect sensitive information on the function level, which becomes more and more of an issue, especially, when it comes to mandatory regulations, such as ITAR. Our main message is that DoD needs to check ID in their SAP systems. But not only when users access the system (Logon) but every time they execute a sensitive, potentially ITAR violating functions, the system needs to check ID again.
for more questions or information about bioLock and its value proposition: biolock