WinMagic Releases Open Letter to IT Security Thought Leaders

Embracing New Approaches to Defend Against Cyberattacks, Minimizing User Burden.

MISSISSAUGA, Ontario, April 30, 2024 (GLOBE NEWSWIRE) -- Addressed to IT security thought leaders looking to defend against cyberattacks while maintaining a good user experience, WinMagic Corp releases an Open Letter with its vision for authentication that transforms the aspiration of Zero Trust security into reality.

To combat the escalating risks posed by cyberattacks, Whitehouse Memorandum M-22-09 was issued in January 2022. It sets forth a Federal Zero Trust architecture strategy:

“The foundational tenet of the Zero Trust Model is that no actor, system, network, or service operating outside or within the security perimeter is trusted. Instead, we must verify anything and everything attempting to establish access. It is a dramatic paradigm shift in philosophy of how we secure our infrastructure, networks, and data, transitioning from verifying once at the perimeter to continual verification of each user, device, application, and transaction.”

Ref: M-22-09 – “Moving the U.S. Government Toward Zero Trust Cybersecurity Principles”

We would like to contribute to the industry with some new ways of thinking which we believe will result in stronger and simpler solutions. We propose the following.

  1. Authentication Reinvented: User can securely access online services frictionlessly. When the user logs into the device, we establish the identity "user + device." Leveraging the cryptographic capabilities of the device, the system can verify the "user + device" with virtually unbreakable accuracy. By binding identities to devices, we lay the foundation for the industry's modern identity fabric.
  2. Secure Access Redefined: Often overlooked and vulnerable to cyberattacks, authentication must extend to protecting data, transactions, and sessions. We propose encryption over authentication, which can often obviate the need for verification. This approach simplifies federated authentication and enhances protection at the transport layer (TLS) to safeguard all transactions.
  3. Continuous Monitoring: Amidst increasingly sophisticated attacks, continuous verification and monitoring of users and devices are imperative. This approach seamlessly integrates with existing industry solutions. With the capability to manage, control, and monitor endpoints and users in real-time, existing endpoint access solutions serve as a robust foundation for online access solutions. This concept represents the pinnacle of secure access: hackers cannot gain access no matter what, as the solution only grants access to the managed endpoint and user, not the requesting endpoint. This approach is actually not novel at all in the banking industry. The IdP has a "secure channel" to the endpoint, akin to a bank directing customers to call the number on the back of their credit card rather than responding to untrusted, unknown calls.

Cryptography is the best technology to establish trust in the digital realm. Our focus is on applying cryptography more effectively and widely, laying a strong foundation that supports and simplifies other security measures.

"Cryptography serves as the cornerstone of trust in the digital realm.” Thi Nguyen-Huu, Founder and CEO of WinMagic, continues: “Our proposed solutions not only fortify authentication and secure access but also simplify cybersecurity for end-users. I view the endpoint as being the best companion for the online user, and applied cryptography as the key to its security."

WinMagic’s contributions to the industry will help in the areas of security related to the endpoint. The Open Letter includes technical details. We invite you to collaborate with us on this transformative journey toward a more secure digital future, without user’s burden!

About WinMagic Corp.
With over 25 years of continuous innovation, WinMagic delivers feature-rich endpoint encryption and game-changing passwordless authentication solutions.

WinMagic’s MagicEndpoint uses MFA, including phone and token, to authorize endpoint access for OS and pre-boot login. Users are then granted secure access to applications and services without requiring any user action. The endpoint transparently performs top-of-the-line, public-key-based authentication with unbreakable and unshared built-in crypto chips. MagicEndpoint uniquely offers “always verify” security while delivering the best possible user experience.

WinMagic Media Relations

Follow Us on Twitter: @WinMagic
Join us on LinkedIn: WinMagic
Subscribe to our YouTube Channel: WinMagic
Like Us on Facebook: WinMagic Data Security