Discover how ethical limits define what constitutes good and bad behaviour in AI-driven identity verification and authentication.
Can you provide a brief overview of your background and your current role as the Co-founder and CEO at BeyondID?
I have over 20 years of building and leading enterprise software and services companies. As CEO, I’m committed to building a world class organization with the mission of helping our customers build secure, agile, and future-proof business. I pride in partnering with customers to strategize and deploy cutting edge technology that delivers top business results.
Prior to co-founding BeyondID, I worked at Oracle, Sun Microsystems, SeeBeyond and most recently Okta, which went public in 2017. At Okta, I was responsible for delighting customers and for building world class services and customer success organizations.
How did your experiences at Oracle, Sun Microsystems, SeeBeyond, and Okta contribute to your understanding of identity, cybersecurity, and technology?
Throughout my career spanning over a decade, I worked at Sun Microsystems, Oracle, and SeeBeyond, supporting numerous enterprise customers. These customers utilized a client/server architecture that included mainframes, mid-range systems, and desktops to support their workforce and customers. The industry then transitioned to Web 1.0, where browsers served as an app with connected web pages. This eventually led to the adoption of Service Oriented Architecture, which laid the foundation for Web 2.0, allowing for app-to-app integration using APIs and cloud-based services for every application, including the Okta-supported digital identities. Today, we continue evolving toward Web 3.0, where data-to-data integration is made possible using modern cloud, cybersecurity, and AI frameworks. This is my journey that lasted over decade long career at Sun Microsystems, Oracle, and SeeBeyond that supported 1000’s of enterprise customers who used client/server architecture that included mainframe, mid-range, and desktops to support their workforce and customers, transitioning to Web 1.0 with browser serving as app with connected web pages; then transitioning to Service Oriented Architecture that provided the foundation for Web 2.0 – app to app integration using API and cloud app for every service including Digital Identities supported by Okta. And today, the journey continues to evolve to Web 3.0 where data-to-data integration uses modern cloud, cybersecurity, and AI frameworks.
The misuse of AI and deep fakes is becoming a serious concern in the realm of identity and security. Could you share your thoughts on how bad actors are leveraging these technologies to compromise trust and security?
The use of AI-powered deepfakes to create convincing images, audio, and videos for embarrassing or blackmailing individuals or elected officials is a growing concern. This technology can be used for extortion and to obtain sensitive information that can be used in harmful ways against individuals and businesses. Such actions can erode trust and harm society, as individuals may question the authenticity of genuine content, primarily if it depicts inappropriate or criminal behavior, by claiming it is a deepfake. Malicious actors can also use AI to mimic legitimate content and communications better, making it harder for email spam filters and end users to identify fraudulent messages and increasing phishing attacks. Automated AI attacks can also identify a business’s system vulnerabilities and exploit them for their own gain.
In the context of a zero-trust framework, could you explain the concept of verifying and authenticating every service request? How does this approach contribute to overall security?
The Zero Trust philosophy is founded on the belief that nobody can be fully trusted, and so it is essential to always authenticate any service request to ensure its authenticity. This can only be achieved through the authentication, authorization, and end-to-end encryption of every request made by either a human or a machine. By verifying each request, it is possible to eliminate unnecessary access privileges and apply the appropriate access policies at any given time, thereby reducing any potential difficulties for service requestors while providing the required service.
Multi-Factor Authentication (MFA) is a well-known security method. How can MFA be integrated with AI and identity systems to strengthen security measures?
Implementing MFA (multi-factor authentication) is crucial for securing sensitive information and services. However, it needs to be supported by a robust access and entitlement policy, real-time threat intelligence, and modern identity systems. By utilizing AI-powered identity systems, MFA allows legitimate users to easily access what they need while keeping bad actors at bay. Without these comprehensive policies and modern identity services, MFA with more straightforward configurations such as two-factor authentication via text, voice, or email can be easily mimicked by malicious actors, resulting in unauthorized access to sensitive data.
Determining appropriate policies involves ethical considerations. Could you discuss the role of ethical boundaries in defining good versus bad rules for AI-driven identity verification and authentication?
When using AI-powered identity verification and authentication, it’s essential to prioritize privacy and confidentiality. Various state and regional regulations like GDPR and CCPA have been established to ensure individuals’ consent and protect their personal information. These frameworks serve as a crucial foundation for respecting ethical and legal boundaries.
Could you provide an overview of BeyondID’s mission and how it aligns with addressing the challenges of identity, cybersecurity, and cloud services?
Our mission is to help companies become secure, agile and future proof. We use those words very deliberately.
By secure, we mean that we want to be a force for good in the world. There are a lot of negative forces at play today with cybercrime and false information. The technology that is supposed to make people happier and more productive, can harm society and the economy. We want to help businesses put the safeguards into place so people can trust again, can trust them with their data.
By agile, we mean helping businesses use cloud as a platform for growth. This next wave of the cloud is fundamentally changing the way people build and scale a business. It’s a foundation for invention and innovation, and it lets businesses move faster than they ever could before. If we started BeyondID 10 years ago, we couldn’t move half as fast as we can today.
By future-proof, we mean helping businesses adopt an architecture that will help them become more resilient as things change and evolve. Because they will! If a business is building on top of the right technology, running services in the cloud, they can ride the wave of innovation happening at that foundational layer without being distracted from their core competency – serving their customers.
How does BeyondID approach helping its customers acquire, deploy, and manage identity, cybersecurity, and cloud services to achieve these goals?
Enterprises face a number of challenges in their digital transformation journey, including the security of their cloud environment, connecting their legacy systems with cloud applications, and managing implementation and technical support, all while controlling costs. BeyondID helps businesses across industries overcome these challenges so they can increase revenue, reduce costs and improve their customers’ experience.
Our global team is dedicated to the success of our customers, making every one of our customers a Raving Fan of BeyondID. Even though our team operates from many different locations, we are united in that purpose, and it motivates us every day. Our focus on customer success is at the core of our business and helps drive our objectives, both as individuals and as an organization.
Throughout your career, you’ve held executive positions at major technology companies. How have these experiences shaped your perspective on the intersection of technology, security, and identity?
I’ve had the good fortune to work inside some of the best technology companies in the world, from building services organizations at early integration and identity pioneers like SeeBeyond and Okta, to managing large enterprise software and services teams at Sun Microsystem and Oracle. That experience showed me that, even with the best technology, getting everything to work together inside a large enterprise can be very messy and few organizations have the skills and resources to do it well. This is especially true in security and identity, where the complexity is high but so are the risks.
When I joined Okta in 2012 to build its customer success and services organization, the company had less than 50 employees and less than 100 customers. The idea of using a cloud service to manage identity was a new concept, and I spent 5 years traveling around the globe helping some of Okta’s biggest customers see the impact it could have on their business.
We were incredibly successful, and Okta soon had more than 3600 customers! But I missed being an entrepreneur and felt it was my time to give back to the world that has given me so much. I have worked for some incredible brands over the years, and I wanted to build my own and put the knowledge I had gained into action.
So, my co-founders and I started BeyondID, a cloud systems integrator and managed service provider for identity and cybersecurity, to help enterprises operate in a different way. Cloud is all about speed and agility, yet most of the big SIs are still optimized for the on-prem world with giant deals that take months or years to finish. We want to free customers from the tyranny of this old GSI model.
In conclusion, what would be your key advice or message to organizations and individuals looking to strengthen their security measures and ensure trust in an AI-driven world?
Consider adopting Zero Trust services as the fundamental principle for planning, strategizing, and implementing security measures in your organization. The Cybersecurity Infrastructure Security Agency (CISA) has recently released a Zero Trust Maturity Model that provides valuable guidance on implementing Zero Trust Security. Identity-First Zero Trust Security is the most effective approach to Zero Trust because it focuses on using identity as the main factor in granting access to human and machine services. As the world becomes more AI-driven, we anticipate that the Zero Trust maturity model will continue to evolve to address the ever-changing landscape of threats to the safety and security of our society.
Co-founder and Chief Executive Officer at BeyondID
Arun Shrestha has over 20 years of building and leading enterprise software and services companies. As CEO, Arun is committed to building a world class organization with its mission to help our customers build secure, agile and future-proof business. Arun prides in partnering with customers to strategize and deploy cutting edge technology that delivers top business results. Prior to co-founding BeyondID, Arun held executive positions at Oracle, Sun Microsystems, SeeBeyond and most recently Okta, which went public in 2017. At Okta, Arun was responsible for delighting customers and for building world class services and customer success organizations. At Oracle and Sun Microsystems, Arun led global services and support organizations for systems and software including Java, SOA, Identity Management platforms. Arun brings years of delivering modern IT solutions related to Identity, API and Cloud to global customers across Americas, EMEA and APAC regions. Arun earned his BS in Computer Engineering and Computer Science from Graceland University, Iowa.