Joseph Dhanapal is CEO of SecureAuth, a provider of workforce and customer identity and access management (CIAM/IAM) solutions. With over 20 years of experience, Joseph has built a reputation for driving growth and transformation in technology-focused companies, from Fortune 500 firms to private equity-backed enterprises. Under his leadership, his company introduced SecureAuth SessionGuardian, the first continuous facial authentication in IAM technology, which helps prevent unauthorized access to sensitive information throughout the entire user session.
As CEO of an identity security company, what are you hearing from the CEOs and CTOs you speak with about their highest priority challenges? How do they see these problems impacting their organizations and security risks?
Business leaders are caught between two priorities — making it easy for customers to access services and protecting their organizations from cyber threats. Every day, even well-secured institutions face breaches, highlighting the challenge of balancing security with user convenience. Some companies accept a certain level of fraud as part of doing business because they fear losing customers if security measures are too strict.
The 2024 ISC2 Cybersecurity Workforce Study, “Global Cybersecurity Workforce Prepares for an AI-Driven World,” found that 60% of organizations don’t believe they have enough cybersecurity talent, and 58% see this as a major risk. Another survey ranked cybersecurity as the top geopolitical concern, above issues like global conflicts and trade wars. This reflects just how critical cybersecurity has become for business leaders.
Considering your successful tenure at Ping Identity and now at SecureAuth, what have been the most crucial factors in driving technological innovation and market growth to solve the challenges you’re seeing today?
Innovation begins with a deep understanding of customer challenges — both known and unknown. While customers can often articulate problems, they rarely define the breakthrough solutions needed to solve them. As Henry Ford famously said, “If I had asked people what they wanted, they would have said a faster horse.”
True innovation often comes from combining unexpected elements to create a game-changing solution. But technology alone isn’t enough — it must be accompanied by education. Customers need to see, understand and experience the value of the solution to fully embrace it.
In cybersecurity, more protection often means more friction. The key isn’t eliminating friction entirely but applying it intelligently — minimizing obstacles for legitimate users while making it nearly impossible for bad actors to succeed.
What future trends do you foresee in digital identity security, and how should organizations prepare to meet these evolving challenges?
AI-driven cyberattacks are making it easier for hackers to bypass traditional security systems. Organizations must adapt by using smarter security measures, such as continuous facial authentication, which ensures that the person using a system remains the authorized user throughout the session.
Another key tool is a risk engine, which detects unusual behavior. For example, if a user logs in from an unexpected location or at an odd time, the system can prompt additional security checks or even lock the session. Businesses that move beyond one-time logins to dynamic, risk-based security will be better prepared for the evolving cybersecurity landscape.
How can AI improve identity and access management?
AI helps security teams spot unusual activity that might indicate fraud. But AI security tools must constantly evolve, just like the threats they’re fighting.
For example, early systems detected hacking attempts by noticing repetitive logins from the same location or device. Now, hackers use AI to make attacks seem more random, requiring businesses to adopt smarter security strategies. AI-powered security can identify suspicious behavior — such as too many failed logins — and take action, like locking accounts temporarily or requiring extra verification.
How has SecureAuth’s recent strategic acquisitions enhanced your security offerings to clients?
SecureAuth has expanded its security offerings by adding tools that improve protection without creating unnecessary friction for users.
One example is our AI-powered risk engine, which analyzes over 23 factors to detect suspicious activity. Another is SecureAuth SessionGuardian, a continuous facial authentication technology that ensures only the authorized user stays logged in for an entire session, preventing unauthorized access to sensitive data.
How has the shift to a remote-first work model elevated the role of IAM (identity and access management) in safeguarding both organizations and their workforce?
Remote work has made identity security more critical than ever. Employees logging in from different locations face risks like visual hacking, where sensitive data is exposed to someone looking over their shoulder (i.e., a “shoulder surfer”). This is especially concerning in industries like law, finance, and customer service, where workers handle confidential information.
Another growing issue is overemployment fraud, where someone other than the person originally hired is doing the job. This is a major risk in outsourced call centers and remote workforces.
IAM solutions like SecureAuth SessionGuardian solve these challenges by continuously verifying the user’s identity through facial authentication. This prevents unauthorized users from gaining access, whether through stolen credentials, visual hacking or job misrepresentation.
What is visual hacking, and how can organizations protect themselves?
Visual hacking occurs when unauthorized individuals gain access to sensitive information simply by looking at an employee’s screen. This is a growing concern in shared or public spaces where confidential data can be exposed, whether in an office, a coffee shop, or a co-working environment.
Organizations can mitigate this risk with continuous facial authentication technology, such as SecureAuth SessionGuardian. Using a government issued document (such as a driver’s license, passport, etc.), this solution ensures that only the verified user can access and view sensitive information. If an unauthorized person appears in view — whether peering over a shoulder or attempting to take a photo — the session locks immediately, and the organization is alerted.
Additionally, businesses should implement best practices such as using privacy screens, positioning monitors strategically, and enforcing security policies that limit exposure to sensitive data in public settings.
How does SecureAuth SessionGuardian address identity security challenges for remote workers?
The shift to remote work has made it harder for companies to verify that the person accessing a system is who they claim to be — and that they remain the authorized user throughout the session. Our technology addresses this by going beyond one-time authentication and ensuring continuous verification.
- Identity Proofing – The system verifies users at login by matching them to an official ID (like a passport or driver’s license), ensuring only the right person gains access.
- Continuous Facial Authentication – Unlike traditional logins, which only verify a user once, we continuously confirm the same verified user remains present throughout the session. If another face appears or unauthorized activity is detected, access is blocked immediately.
- Protection Against Shoulder Surfing – This prevents sensitive data from being exposed to unauthorized viewers in shared or public spaces, offering peace of mind for remote and hybrid workforces.
By using the most advanced technology, businesses can confidently embrace remote work without compromising security.
How does SecureAuth SessionGuardian’s continuous facial authentication align with your company’s philosophy of “better identity”?
SecureAuth’s “Better Identity” approach is all about balancing security with ease of use — protecting sensitive data without adding unnecessary steps for users.
Our technology enhances this vision by tying together three key elements:
- Physical identity (government-issued ID)
- Digital identity (user credentials)
- Live identity (continuous facial authentication)
This means that users don’t need to constantly verify themselves. The system automatically recognizes their face, making security effortless while preventing unauthorized access. The result? Stronger security with minimal friction — exactly what “Better Identity” is all about.
How has identity security evolved, and what lessons should businesses learn?
The security landscape has changed dramatically, moving from basic passwords to advanced continuous authentication. Here’s how the industry has evolved:
- Single Sign-On (SSO) – Reduced the need for multiple passwords by allowing users to log in once and access multiple applications.
- Federation for Cross-Domain Authentication – Enabled secure access across different platforms with a trusted identity provider.
- Multi-Factor Authentication (MFA) – Added extra layers of security, such as one-time passcodes, to prevent unauthorized logins.
- Risk-Based Authentication – Improved security by analyzing user behavior, location, and device to detect suspicious activity.
- Continuous Facial Authentication – Ensures that only the authorized user stays logged in, preventing unauthorized access throughout the session.
The key takeaway? Cybersecurity is always evolving. Businesses must stay ahead of bad actors by adopting adaptive, AI-driven security solutions that anticipate threats before they happen. By investing in seamlessly integrated continuous identity verification/authentication, companies can protect their data without disrupting user experience.
