How this Hyderabad-based cybersecurity startup became a Microsoft vendor with password-less tech
Ensurity Technologies has developed ThinC-Auth, a biometric device used for one-touch access to unlock digital resources both on cloud and on-premises.
Ensurity technologies was born out of a belief that security is best when it is proactively built in, rather than bolted on.
The Hyderabad-based startup was founded by Chakradhar Reddy Kommera and Rajkumar Kotha in July 2017. The 62-membered team started off by building secure WAN communication appliances and progressed to digital identity and data security solutions based on biometrics and tokenisation (encryption).
Having done diligent research and development around biometrics and tokenisation, the founders initially focused on identity and access management. But when they took another biometric-based secure computing solution to Microsoft, they were introduced to a whole new password-less future where core technologies came together to play a key role.
That’s how ThinC-Auth, the biometric device solution and the main product offering, was born.
According to the founders, out of the five global companies, Ensurity is the only Indian startup partnering for the global alliance of top security for Microsoft Intelligent Security Association.
How does the technology work?
Ensurity’s solution is integrated into the Azure active directory, which is Microsoft’s cloud service for identity and access management. Users accessing enterprise systems (employees and vendors) can simply register their fingerprints on the ThinC-Auth device and connect the device to their PCs, operating systems, cloud applications, or email services.
Chakradhar says: “The device handles both biometrics and tokenising securely using FIDO2 protocol for password-less access. The team has US patented cryptographic technology that complements the product to complete a strong lineup for digital identity solutions”.
Password-less login represents a shift in how customers will securely log in to their Windows 10 devices and authenticate to Microsoft Azure Active Directory-based applications and services,” says Alex Simons, Corporate VP of Program Management at Microsoft Corp.
The FIDO2 tokenisation is used to register the device to various applications. Once registered, whenever the user needs access, they simply have to authenticate to the device, which will unlock the application.
With no need for passwords or PINs, the solution works with majority of email services, cloud systems, and even in hybrid environments. The device can be used to access applications even on mobile devices for not just enterprises but also for retail users.
The story behind
Chakradhar Reddy Kommera (CEO) is a computer science engineer, with an MBA from IIM Kolkata, and has two-and-a-half-decades of experience in technology and finance. The other co-founder, Rajkumar Kotha, is a civil engineer.
Ensurity has been working with Microsoft over the last couple of years to integrate its ThinC brand of FIDO/FIDO2 certified biometric USB authenticators for password-less access with Microsoft Azure Active Directory, which are now available.
In July 2019, Microsoft announced that Ensurity is one of the initial vendors to support its password-less program. After this, the startup started getting benefitted from Microsoft’s extended ecosystem and its channel partners, further converting into clients.
"We have discovered to our surprise that a lot of clients are already keen for FIDO2 protocol and password-less authentication to improve security and convenience, even before our product was announced. That indicates the latent demand is very strong”.
The team has been building its technology stack in anticipation of a world where digital identity and access would revolve around biometrics and tokenisation. In 2016, Ensurity understood the market was starting to be ready for this trend, thanks to its interactions with key players in the ecosystem, including the likes of Microsoft.
The meeting with Microsoft in 2016 spurred the team to get into active development mode.
Business model and competition
The startup makes money through three avenues - by selling identity and access management server solution (on-premise or ID-a-a-S) through subscriptions, ThinC-Auth biometric device solutions, cloud identity, and key-management solutions.
Chakradhar says,
"In pure device-based ThinC-Auth space, Yubico and Feitian are our competition. We believe our competition is strong in hardware, but not so much in cybersecurity and cryptology. Ensurity has the ability to deploy ThinC Auth on hybrid and complex environments and add additional security layers where needed."
Ensurity has raised more than $2 million in angel funding, which is being used for research and development (R&D), product development, certification, and integration.
Chakradhar says, "As the product is based on the latest protocol and technology, there were several iterations involved, which took time and cost overruns. But that also meant we have grown with the technology, which makes our product build stronger and our understanding of the evolution richer”.
Ensurity’s historical revenues are reported to stand at $5 million, and the startup is looking to clock in revenues to the tune of $2.2 million in FY20.
Market landscape
Looking at the increasing demand for such products, cybersecurity startups are gaining importance in India. However, most of them have been founded only as early as 2011. In sharp contrast, the US is home to close to 63 percent of the world’s privately-owned cybersecurity companies. Of these, only six California based cybersecurity companies raised over $200 million in funding in a year.
Some of the top cybersecurity startups in India include Lucideus Tech, Block Armour, HaltDos, WeSecureApp, and ZeroNorth.
Research firm Gartner estimated worldwide spending on information security products and services in 2018 was at $114 billion, an increase of 12.4 percent from 2017. In 2019, the market is forecast to grow 8.7 percent to $124 billion. This pace of this growth is expected to outstrip general IT spending increases. TechSci Research says Indian cybersecurity market is forecast to grow at a CAGR of over 19 percent during 2018-2023.
Since the startup is in the early stages of the market explosion, it had some initial hiccups while getting the customers to understand the product, the technology, and the use-cases. However, the founders were pleasantly surprised looking at the latent demand for the product, without having to market at all.
"We have always had a strong R&D pipeline, which helped us to build globally competitive, pioneering cyber security solutions,” Chakradhar says.
(Edited by Megha Reddy)