Anti-password firm on mission to rid channel of 'Voldemort syndrome'
Secure Cloudlink claims rivals are storing passwords, making customers less secure
A UK vendor is looking to rid the channel of "Voldemort syndrome" - a term it uses to describe the process of rival vendors storing customers' passwords.
Secure Cloudlink is a cloud services broker which specialises in single sign-on, multi-factor authentication and biometric recognition. It claims its offerings work without replicating, transmitting or storing corporate passwords.
The firm, which was set up last year but has operated in stealth mode until now, is launching in the channel, looking for no more than two partners in each of the EMEA geographies it is targeting first. The vendor has won customers through its own salesforce so far, but said it worked with customers direct only "to pay for the electricity bill" and because it has only just launched its partner campaign.
The firm's vice president for sales and marketing Gideon Williams told CRN that its channel commitment will be unrivalled.
"Our strategy, unlike VMware, EMC, Cisco and F5, who want a 'have your cake and eat it' channel strategy - which is saying 'I want loads of partners but actually I am going to keep all the best accounts for myself' - is 100 per cent channel focused," he said. "I've built channel partner models before and it is not rocket science. Normally people screw them up by being a bit greedy. We're going to keep it really simple and really small."
The company's "no password" mantra is not unique to Secure Cloudlink, with other vendors keen to embrace alternative sign-on methods, such as biometrics.
For example, as part of Windows 10, Microsoft launched Windows Hello, which allows users to log in with just their face or fingerprint.
"I've built channel partner models before and it is not rocket science. Normally people screw them up by being a bit greedy."
When asked how the firm will compete with rival offerings, many of which are integrated into a much wider product, Williams said: "We might say something controversial now, like we are a security company."
CEO Brian Keats added: "The trick with us is we don't ever store your passwords. We allow users access to all the applications without the need to create internal domains.
"Microsoft are storing those passwords and those are stored all over your devices. We call it Voldemort syndrome, like in Harry Potter. You're spraying these passwords all over the place. You're taking Azure and replicating them into Azure.
"You think you're secure, but you're not. Yes you can log into the device, but that device needs a password. You've got thousands of passwords on that device. You're just spraying your identity out on the web and the hackers will get it. People seem to be oblivious to it, but the password is there."
Quocirca analyst Bob Tarzey said although the industry is moving on from passwords, they will not disappear overnight.
"Some of the advice around passwords is not good," he said. "The best advice is to make sure you have a different password that no one else knows for your most treasured resources. The idea to change it all the time is not useful. With the Ashley Madison break in the US, what's the interest in uncovering infidelity? It's that they use the same credentials to find a way to access [other sites]. They take the lists, which are not encrypted, and run the username and password pairs."
In a statement, Microsoft said:
"The assertion is incorrect. The biometric data used to support Windows Hello is stored on the local device only and encrypted. It doesn't roam and is never sent to external devices or servers. This separation helps to stop potential attackers by providing no single collection point that an attacker could potentially compromise to steal biometric data."