This interview is part of our new Blockchain In Cybersecurity series, where we interview the world's leading thought leaders on the front lines of the intersections between blockchain and cybersecurity.
In this interview we speak with Joel Leetzow, President and CEO of Oaro, to understand how his company can secure keys for blockchain, and what the future of the industry holds.
1. What’s the story behind Oaro? Why and how did you begin?
JL: Oaro (formerly Nodalblock) was founded in Madrid, Spain in 2017. The inspiration to start the company happened while the founders were developing software for the legal industry. They realized that there was no user-friendly way to carry out business transactions leveraging the inherent security of blockchain technology. The founders built a web platform that allowed anyone to create a digital ID, sign contracts and share data securely over an enterprise-grade, managed blockchain.
In early 2018, the company received seed investment from a Canadian VC firm and expanded to North America. Today, Oaro is recognized top vendor in the global blockchain industry, working with multinational corporate clients in the insurance, banking, healthcare, sports and aviation industries. Some of our clients include GlaxoSmithKline, the Saint John Airport, and the Royal Spanish Football Federation.
2. Please describe your use case and how Oaro uses blockchain:
JL: One of the major challenges in cybersecurity today is that over 80% of data breaches that can be attributed to poor credential management, in other words the way usernames and passwords are used to authenticate employees and customers. The problem we see is that shared secrets, for example passwords, are no longer enough to protect businesses and their customers from cyber criminals.
Oaro’s flagship product is called Oaro Identity, facial recognition authentication on any device, anytime, that puts user privacy first. The user enrolls with a quick video selfie, allowing Oaro to create a unique, encrypted Digital Identity on blockchain. Once enrolled, the user authenticates with facial recognition from any camera phone, desktop or laptop, never needing to remember a password or download a special app. When a user logs in, our system scans their face and generates an encrypted code, which is checked against their Digital ID in our blockchain in real time. If it’s a match, the user is granted access.
What is unique about our approach is that Oaro does not store an end user’s personal biometric data. This helps our clients comply with new legislation like GDPR, while also addressing common objections about facial recognition infringing and privacy.
3. Could you share a customer/user that benefits from what you offer? What has your service done for them?
JL: Oaro worked with one of Europe’s largest insurers to replace membership cards and paper-based onboarding processes with our Digital ID. With Oaro Identity, our focus in on enhancing the customer experience and while improving data security. The end customer benefits from a fully digital onboarding process whereby they scan their government issued ID, check the personal data extracted from the ID, and take a video selfie to verify their identity. From that point on they can sign legally binding documents with their Digital ID and have the option to login to their account from any camera-enabled device with using facial recognition.
In terms of the benefits for businesses, the solution reduces the time and administrative costs of onboarding, while increasing participation in the digital channel. It also has significant intangible value in reducing legal risks, fraud reduction, resource optimizations and opens possibilities for new products and services to be developed.
4. What other blockchain use cases in cybersecurity are you excited about?
JL: On September 18th, we unveiled Oaro Identity for airport security at the Global Aviation Security Symposium, hosted by the UN agency ICAO. Together with our client, the Saint John Airport, we developed the first biometric Digital ID for employee security screening at a North American airport.
Blockchain plays an important part in the airport access control use case in two ways. First, an immutable record is generated every time someone enters the secured area. Second, the Digital ID of each authorized employee or contractor is stored on Oaro’s private Blockchain, which makes it more difficult for a cyber criminal or terrorist to add, remove, or modify identities in the system.
To give a real-life example of why these features matter, security researchers from the firm VPNMentor announced in August they had gained administrator-level access to one of the world’s largest biometric security databases. Not only were they able to see the unencrypted biometric profiles of millions of users, they could create new user profiles, alter the biometrics associated with existing user profiles, and hide their tracks by tampering with access logs. Storing user profiles and access logs on a blockchain makes attacks like this much more difficult to pull off.
5. Where will Oaro be in 5 years?
JL: I am confident that the Oaro brand will become synonymous with the truth. Although our products will mature and new ones will be released, our never-ending goal at Oaro will be to make the world a safer and more secure place for all of us.
Corporate life expectancies have been falling for 50 years, and at current rates we will see 75% of the S&P 500 replaced in under a decade. Our public and private sector clients bring Oaro into their business because we have solutions that enable them to enhance their digital capabilities, allowing them to win in the new economy.