GUEST POST: The Software-Driven Shift in the Security Industry

The following article is a guest post written by John Wojewidka, Director of Business Development, FaceTec.

GUEST POST: The Software-Driven Shift in the Security Industry

In 2011 Marc Andreessen wrote an article entitled, “Why Software is Eating the World.” Five years later he published a follow-on, “Software is Now Programming the World”. While Andreessen’s original article made some bold predictions, the second article largely backed them up. The undeniable fact today is that software’s influence on our lives is universal and the resultant shift from hardware is increasingly evident. Yes, hardware always paves the way for software’s success, but as hardware continues down its road to becoming more of a commodity, software’s role must only become more dominant.

Today’s software isn’t like CD-installed desktop word processor or spreadsheet. It’s the glue that holds every network together, bridging gaps between hardware devices and providing the common ground needed to share data. We hear a lot about about artificial intelligence (AI), deep learning, machine learning (ML), neural networks, natural language processing and big data analytics as our software does more and more “thinking”. While not conscious (yet!), intelligent software is performing tasks once the exclusive domain of humans (self-driving cars, for example), and in many cases the software is better than we ever were. It is, now, not what security solutions will be doing, it is where they will be doing it. The coming security revolution will be in intelligent software, but not on servers. It will be distributed onto every user’s device.

From our perspective, the ability to use intelligent software at the device level will impact the security industry in significant ways.

“Not even advanced, proprietary infrared face-depth sensors can possibly meet market needs in the next five years because not enough people will own them to make a dent in the billions of phones already in use.”

Four years ago at FaceTec, we developed software for two specific pieces of next-gen hardware, a wearable mobile device and an on-premises retail customer survey platform. We built corresponding recognition applications that could accurately identify faces at distance, but also estimate age, gender, mood, and more. But the expensive hardware proved less popular than predicted, and we learned the lesson all successful software companies already know: to be effective, software not only has to work, but it has to work on the endless flow of new hardware devices in a massively fragmented landscape.

To meet users where they were at the time, a move to universality – the ability to run on the broadest range of popular devices – was necessary, but naturally precipitated data acquisition limitations. Special hardware to measure biometric data could not be mandatory; only hardware that is “universal” to all smart devices could even be considered. Not even advanced, proprietary infrared face-depth sensors can possibly meet market needs in the next five years because not enough people will own them to make a dent in the billions of phones already in use. The only sensor we can truly depend on being available in smart devices is the front-facing camera.

So, to meet our new goal of software universality, we created a suite of ML tools and fed them terabytes of sorted and tagged images. Iterating on a few hunches along the way, we gave the “machine” some initial direction and then let it go. Now that machine makes powerful decisions with the data gleaned from authentication sessions – finding the signal in the noise, so to speak. And in the end, the AI illuminates the path forward, not the other way around.

 “If hardware is deployed before firmware has been finished the full potential can be realized later, but this requires even more forward planning and increases cost.”

Now that our AI platform is built, to increase performance we simply feed in increasingly better data, dial in decision thresholds, and continue to build on our robust suite of learners. Making changes can take a few hours or a few days, but it’s never months or years. Conversely, specialized hardware’s needs must be addressed from the very beginning, and requires a complex supply chain working for many months to execute on their manufacturing and operational requirements.

And if for some reason hardware doesn’t perform as expected in the wild, the result can be an official downgrade, from, for example, a security feature down to a convenience feature, or worse. Certainly, firmware can be upgraded, but a fingerprint sensor will never have more resolution than it does on day one. If hardware is deployed before firmware has been finished the full potential can be realized later, but this requires even more forward planning and increases cost. Once delivered to its market, most hardware’s functional status remains persistent, while new innovations in software application are only ever an update away.

The continued growth in mobile and the reliance on passwords is resulting in more breaches year over year, and with no end in sight. Much of the inertia that protects the security industry status-quo, and its current revenue streams, promotes damage control and mitigation, rather than putting more momentum behind finding more innovative ways of, say, securing the attack surface. Specialized hardware can never ultimately solve the entire security problem, but by using intelligent software to decentralize the “shared secret” repositories that every organization currently maintains and tries to defend, we can finally gain the upper hand in mobile security. At FaceTec, we look forward to providing more insight and innovation into the intelligent software that will make a difference in mobile security in the years to come.