Mission Critical Mobility (S1:E38)

October 20, 2022

Steve Dunlap, President of the Thursby brand at Identiv, joins us to discuss the differences between BYOD and BYOAD, how to streamline mission-critical processes, and the secure mobility of the new Sub Rosa PDF app. Sub Rosa PDF gives U.S. armed forces, federal agencies, and commercial customers the ability to digitally sign documents on any iOS device from any location.

Full Transcript

Speaker 1 (00:01):

You're listening to Humans in Tech, our podcast explores today's most transformative technology and the trends of tomorrow. Bringing together the brightest minds in and outside of our industry, we unpack what's new in physical access, identity verification, cyber security, and IoT ecosystems. We reach beyond the physical world, discuss our digital transformation as a species and dive into the emerging digital experience. Join us on our journey as we discover just how connected the future will be and how we will fit into that picture. Your host is Leigh Dow, VP of Global Marketing at Identiv.

Leigh Dow (00:43):

Thanks for tuning in. Today, we're joined by Steve Dunlap, president of the Thursby brand here at Identiv. Thursby software and hardware solutions support, bring your own device and two factor authentication while also providing strong security for US, federal government, armed forces, enterprise and personal mobility. Steve, thank you for being here for this Humans in Tech podcast session. We're talking about the newly launched Thursby Sub Rosa PDF app.

Steve Dunlap (01:09):

Well, thank you, Leigh. It's a pleasure to be here.

Leigh Dow (01:12):

I understand the new Sub Rosa PDF app allows people to sign PDFs anytime, anywhere. How are users currently being authenticated and what changes might there be in the future to this method?

Steve Dunlap (01:24):

Well, that's an interesting question because we find ourselves in kind of at a point in time for that space. It's transitioning to a much more digital, much more secure way, right now to answer your question is it's anything from a soldier, an airman or anyone else that has a piece of paper that says, "Hey, I need to be able to check something out."

They physically sign that piece of paper, that piece of paper is scanned and put into an Excel spreadsheet. That's a little bit antiquated and certainly not secure, so what's going on right now is, there is certainly a move, given everything else going on for a secure way to do it, a digital way to do it and a mobile way to do it. And that's what the PDF signing application at Thursby allows the users to do.

Leigh Dow (02:24):

Great. What is Bring Your Own Device and BYOAD? And what's the difference between the two?

Steve Dunlap (02:30):

Yeah. That's also, quite honestly, one of the events that are being discussed and banned about, throughout... Really DOD and US government space. Some time ago, it was recognized that, hey, we've got some younger people in our community and they've lived with their mobile phones for all of their life.

And what we need to be able to do is, to be able to leverage that. Well, there's leveraging the capability of the mobile device, but you cannot lose security. So when you say BYOD, that literally stands for Bring Your Own Device. And device in this case means, your mobile device. So there's a school of thought that says, hey, let them use their own mobiles to be able to access their sites that they need to get to. So myPay, for example, make sure you're getting paid. DTS for Defense Travel System, make sure you're able to do that via your mobile. That's all well and fine, but again, there's concerns from the management perspective at DOD and other government agencies that say, "Wait a minute, we got to make sure this is secure, it's within a container."

And container is a key word because when I say BYOAD, that's Bring Your Own Approved Device. And the approved device is really one that has a device manager. Well, that's called an MDM, Mobile Device Manager, and what that does is say, "I'm going to put this on you, Mr. Soldier, Miss Airman's phone." To say, these are the applications that we say, "Yay, barely, these are good for you to use." Now, the question and some of the consternation about that is, individuals who have bought their own phones say, "Wait a minute, I don't want you to put your applications on my phone." And then of course, from the management perspective, is that, "Well, wait a minute. I don't want you to access some of our sites without it." So there's a lot of back and forth ongoing between those two acronyms, if you will. And that's been ongoing for at least, the past five years. So it's interesting time, but I think that it allows us the opportunity from Thursby's perspective to provide a solution for either way they go, which is what we do.

Leigh Dow (05:24):

That's a great overview of the difference between the two and obviously, people who work for the US Federal Government, Armed Forces, Enterprise entities, certainly have a need for additional security.

Steve Dunlap (05:39):

Yes. No question, I mean, security in and of itself should be first and foremost. And I say that, given the geopolitical climate that we're in right now and have been for a long time, but it's become much more so to the forefront in the past few months, as you can, well imagine. I mean, open communications is an absolute red flag and it's prone to being able to be intercepted, you've seen and heard stories of incidents where open communications have allowed people to target those comms. And that's caused incidents, not to get too specific, but yeah, that's a great concern.

Leigh Dow (06:38):

So, explain how the Sub Rosa PDF helps to streamline the mission critical and everyday processes.

Steve Dunlap (06:44):

Oh, well, thanks for asking because we're very excited about it. What we try to do is look at the current state and we need to make sure that we can be able to provide the various and following thing. Which is, one, let's make sure that it has utility, let's make sure that it's secure and let's make sure that it's convenient. And what we're able to do on a mobile device, be it a BYOD or a BYOAD, is to allow the users to be able to securely sign PDF documents. And that those documents show that the user is authenticated, they're authenticated with either what's known as their CAC card or their PIV card, or in some cases, derived credentials to say, "Yep, this is the person who signed it."

And the next tier up, the management who has to sign that particular PDF, because again, think of it in terms of, "Hey, you know what? I need to check out a new rifle." So they go to the supply, they have the rifle and that person, the custodian of that rifle has to have a document that says, "I have provided this asset to this individual. This individual is who they say they are." And therefore, they feel confident and secure in the fact that they can hand that asset to that individual. The Sub Rosa PDF signing provides a secure mobile way to do those checkouts that they have never had before. So, whereas when people say PDF, it's almost commonplace to go, "Oh, I've got Adobe. That's a PDF viewer, I can see that." Yes it is. And you can also wet sign, what the phrase is, you can literally write your name with a thumbprint, but that doesn't do anything to authenticate you as a user. What we do is, authenticate that user with their CAC card, in the case of DOD.

So when they affix the signature, it looks and says, "Hey, put in your pin number to establish that you are who you say you are on this card." That allows that signature then to be affixed to that PDF document, and then, that is saved into the phone. And then, it is sent forward for further signatures. In the case and example I used, the custodian hands the rifle, to the user, after he has signed the PDF document. In some cases it's called, a hand receipt. And then they can see that person has been verified as a user, his credentials are good. And therefore, I can then release that asset to that person, that can't be done with Adobe, what they lack and what everyone, there is no solution that has this authentication method for signing PDF documents, and that's why we're so excited about it.

Leigh Dow (10:18):

So, it really builds that, it has that authentication and gives you that trust factor that it is authenticated.

Steve Dunlap (10:26):

Oh, absolutely. And that also then can be sent via email from your mobile, securely, to the next person, if indeed it needs to be cosigned if you will, in some cases by someone else. So, that chain of custody remains and that chain of security remains, so those are two aspects of this particular application that really, I think are going to provide a great deal of value, utility and convenience.

Leigh Dow (11:02):

So I think that chain of custody and chain of security part is super important to really identify and then also, really make sure that people understand those two pieces of it, because those are obviously two of the most important pieces to the person who's using it.

Steve Dunlap (11:19):

Oh yeah. I mean, there's no doubt, again, it's just becoming more and more top of mind and it has to be, not that it ever was not, but it's just imperative that we provide that security chain, no matter the platform, hardwired, mobile platform, any type of networks, security's got to be first and foremost and from a mobile perspective, it's an absolute. And that's why we are very proud and pleased to be able to have this offering available now to all of the users who have CACs, who use PIVs. And again, I don't want this to be just a DOD type conversation for a solution because other entities, system integrators, who deal with the government and are subject to the NIST standards that require the use of confidential information-

Leigh Dow (12:23):

Or even IP protection, right?

Steve Dunlap (12:25):

Yeah. Oh, absolutely. All of that is critical, and always, the point of some vulnerability was on the mobile side. And if you don't have that, it's a cause of concern, but we've solved that.

Leigh Dow (12:41):

Well, I was thinking about, most of the people who are in these types of roles, they already have a heightened sense of security, but I also think it's easy to forget that a lot of the other applications that we use on a day to day basis to sign documents electronically, do not have that level of security. So, something like this, definitely fills that void.

Steve Dunlap (13:06):

No, yeah. I mean Leigh, this is absolutely critical, I'm not doing it because I'm president of the company that has produced this application. I'm doing it as a person who has, my son in the Air Force, and I know some of the things that he's doing and people have a much more heightened sense of awareness and situational awareness that just absolutely demands, that all of their devices, especially the mobile devices, are secure.

Leigh Dow (13:41):

So, is there an application that is in high demand from a mobile access perspective?

Steve Dunlap (13:46):

Well, I mean, what I am hearing Leigh, and we have released this application, oh gosh, it's been available just for a few weeks now. And this tends to be the touchstone, is to allow that validation, verification and signature on a secure mobile phone, that seems to be in highest demand at this point. Yeah, there's lots of things, yes your email, but again, the... O-365 version and suite of products that has an email client associated with it. So, what we're trying to do is fill in the gap of applications that they do not have, that they need to have.

Leigh Dow (14:38):

Exactly. Can you give us some examples of how today's global fast paced news environment can benefit from the use of Sub Rosa PDF?

Steve Dunlap (14:49):

Yeah, to some degree I can Leigh, some of it I cannot due to security issues, but I will tell you that-

Leigh Dow (14:58):

Hypothetical, perhaps.

Steve Dunlap (14:59):

Yeah, hypothetically, if you are communicating over the air with a non-secured device or trying to translate data in a non-secure way, that's being intercepted. And what that does, that interception not only is just the bits and bites of the data, but it's the bits and bites of determining your location. So, if you have a combatant who understands that you've got open comms and knows your data, and therefore, then can figure out your location, you can imagine what the end result of that is. And that's been born out in news articles and all sorts of different headlines, won't get into the specifics, but yeah, it's detrimental or in the case of... It's advantageous, depending upon what side of it you're talking about.

Leigh Dow (15:59):

Well, as always, I really appreciate you for joining us today, but also appreciate your contribution to keeping our nation safe and secure.

Steve Dunlap (16:07):

Well, I appreciate Leigh, the opportunity to speak with someone and everyone out there listening. We're very proud of it, and we're really hopeful that we can provide some benefit, again, just to anyone out there who has concerns about their secure mobility.

Leigh Dow (16:28):

For sure. Well, thank you so much for taking the time to participate and for our audience, if you like this podcast, please like and subscribe.

Speaker 1 (16:35):

Eliminate the risk of data breaches, phishing, password theft, and replay attacks with hardened multifactor authentication, cybersecurity. Passwordless logins are simple and secure with uTrust FIDO2 NFC Plus Security Keys. Insert the device, tap the button, and get secure access. It really is that easy, learn more at identiv.com.

Do you need to sign documents using your CAC, PIV or a Purebred certificate? The new Sub Rosa PDF app is brought to you by Thursby, the makers of FIPS 140-2 validated, and this approved Sub Rosa for two factor authentication and secure web browser access. Sub Rosa PDF gives US Arm services, federal agencies, and commercial customers, the ability to digitally sign documents on any iOS device from any location. By using secure CAC and PIV based certificates, documents are securely and officially signed, giving you the ability to do critical approvals and sign forms anywhere, anytime. It's available now, with a 30 day free trial, learn more at identiv.com.

Physical security, identity verification, the IoT. The hyper connectivity of our lives will only grow more pervasive, as technology becomes more automated and experiences more augmented, it's up to us to preserve our humanity and use new tools and trends for good. The only question is, are we up for the challenge?