Simplify Security with EverKey (EP 867)

Hello friends, Uncle Marv here with another episode of the IT Business Podcast, the show for IT professionals and managed service providers, where we help you run your business better, smarter and faster. Today we are continuing on with our Pitch It Vendor Profiles as part of the 2025 IT Nation Accelerator Program and we are moving, moving, moving. I know that the contestants are about halfway through their boot camp.

By the time that you hear this, it will be getting close to the end, so they will be perfecting their pitches and getting ready for the road to IT Nation Connect in November. Today I have with me EverKey, a new company to our space. They are a cyber security company that specializes in universal smart key technology that streamlines authentication and access control.

And we're going to get really, really into that. And I have with me to talk about that, Ahmad Al-Hidiq. Ahmad, how are you? I'm good.

How are you? Good. I didn't mess up the name too bad, did I? That's all right. All good.

Okay. All right. So you got, you're a part of EverKey and not a new company, but just new to us.

Correct? Correct. Yes. Just a little bit of background on EverKey.

We've been around for around 10 years. We actually have a really fun, you know, starting story. Chris, the founder, pitched this idea in an entrepreneurship class in university.

And the professor loved it so much that he offered to invest. It turned into a company. We started out as a hardware business, selling security keys to consumers.

Eight years, we've done eight years of, we shipped 50,000 units and worked with a lot of amazing organizations. But around two years ago, we realized the real scale, real growth lies within businesses. That's when I joined the company to help take us to that direction.

So we've shifted to software only and focused on business, B2B focus. All right. This doesn't sound like the start of a movie, does it? Pitching a product in a class, the professor invests in it, and then they take off and conquer the world.

And then next thing you know, AI grabs a hold of it and who knows where we go, right? Well, to be honest, every other week, I make a joke that they should turn our company into a show similar to like Silicon Valley or something. Just because of the amount of stuff we go through and see and the changes that we've been through. And it's just been an exciting adventure, man.

We've learned a lot, specifically those two years, the last two years that I've been involved. But I've heard stories from before that it could definitely be a movie. Okay.

All right. So let's get a quick understanding of the exact way your product works. So the universal, you know, smart key and the proximity-based authentication, literally somebody has with them something that as they walk up to their computer, authenticates them with this near field technology.

Is that sound about right? That is correct. So when you walk up to your computer, you automatically unlock that computer. When you log into a website, you're automatically logged into that website, enterprise applications, et cetera.

So initially, from a B2C focus, we offered these two products, the device unlock and the password manager. And with most password managers, most products, there's still some sort of friction. And what we noticed as we transitioned to businesses, that the tougher it is to use the product, the more secure it is.

That's the user experience everyone's used to. And we just wanted to get rid of that. We wanted a seamless user experience.

Today, more than ever, we need to be vigilant. We need to be more secure. We need to take care of our passwords.

We need to take care of our systems, et cetera. And it's just become really harder and harder for users to access those systems, employees in the end. So we wanted to make something, build something that is a lot easier through our proximity authentication solution.

And the way we've kind of built it out over the past couple of years is that we just provide the employee with a tool that allows them to automatically log in. But from the backend side of things, we've done all the integrations necessary to help you. If you're synced to your Active Directory or your Entra or Okta system, we link with that and then log you in successfully into your laptop.

Because of the proximity, you don't need to open an app and approve your request. You just log in. And same with your SSO or any other enterprise application.

So we're trying to make it as seamless as possible without kind of sacrificing any of the security. Okay. So I understand this as a device.

Is it kind of like a YubiKey device? It is a smart card. Because my thoughts are, if anybody has that and they walk up, how does the technology know that, you know, it's me and not you walking up to my computer? Great question. So initially we were a hardware device, but now we provide both software and hardware. So, by software, it's a mobile app.

What you do is the first time you use every key, you pair it with your desktop, every key app. They create this handshake. We generate the key pair.

We store it in your vault, in your secure enclave on your desktop. And then using Bluetooth, when I approach my laptop, we're able to detect how close or far you are and then allow you to log in. If your phone is not with you, someone trying to...someone steals your phone, you can add additional security features like approving via biometrics on your phone or using geofencing.

So if someone steals your laptop and phone and goes to a cafe, they can log in and other things. And we're also testing certain AI solutions to see how we can detect if it's really Marv that's trying to log in, even if he's fit all the criteria. So that is something that's coming in the future, all with the effort of making it as seamless as possible.

But we also do keep the hardware. We don't sell it exclusively, but we've got clients that have certain use cases. One example is a large pharmaceutical company that we've been working with.

Here's a fun story for you. On the manufacturing floor, they use shared workstations, they wear masks, gloves, goggles, and due to regulatory reasons, in healthcare and pharmaceuticals, there's strict regulatory requirements. Every 30 minutes, I believe, they have to fill out a form.

Within that form, they have to fill in their username and password 10 times, and their password is 16 digits alphanumeric. So my joke to them was, I prefer to go to prison than to work at your floor, because every 30 minutes I have to enter this password 10 times is just bananas. That sounds like super overkill.

Exactly. But they have to do that. And we found out that most of them follow these similar requirements.

And phones aren't allowed. So in that scenario, and with Bluetooth, that won't work because you've got shared workstations, you've got a lot of employees walking back and forth. So we offer them an NFC solution with a smart chip, a smart card.

You walk up to your machine, you tap, it authenticates you, it opens up for a certain period of time, and then you can use hotkeys or certain tapping gestures where you tap once, you paste a username and a password, tap twice, you do something else, or you tap, press number two, you do certain things. So we've built these hotkeys into it to just make their life a lot easier. So we have, we can integrate with standard PKI security keys.

So even if you don't want to use our software, we can integrate with existing hardware. And we offer also hardware solutions as well, because every business is really different when it comes to their specific use cases. All right.

So this sounds like a product that would really be great for big old enterprise type companies. You're talking about coming into the MSP space where we deal with a lot of smaller type customers. Some of them need security, some don't.

So how would an MSP resell this opportunity to our clients? So the stories that I shared are more from an enterprise perspective, but SMBs require, use us as well. Okay. And there are multiple ways.

Number one, they all use, well, not all, but a lot of small businesses use either password managers, whether enterprise level or Google password manager or whatever free tool that they have. They are all forced into using 2FA of some sort or MFA in general. And they also still use sticky notes and Post-its and stuff like that.

So a lot of these small businesses require management when it comes to access control, and they are being sold different types of products that don't talk to one another. And if they do have some sort of identity management solution, whether it's Active Directory, Entra, Okta, et cetera, they want to make it easier for their staff, because this is not a large organization with an IT department and documentation. This is probably a small team, whether it's 10 or 50 or 200 employees.

And the solution that works best is the one that requires zero or very little support. And that's what we kind of help MSPs with. We have a product that solves multiple problems.

It makes their employees really happy because it's really easy to use. It's proximity based. They don't have to rely on codes.

Everyone hates MFA. If you ask anyone what's the worst part of their day, even if it takes 30 seconds here, a minute there, to access websites, open an app, get a code, or to get a text, they hate it. And if we can make that user experience a lot easier, then the MSPs' clients are happier.

They can sell and generate more revenue because it's one product that can solve multiple solutions. It's something that's forward-looking because everyone's going to be forced to use some sort of MFA password management solution because all enterprise applications are forcing that on them. And so this makes the MSPs' relationship with their customers better.

They can sell at better margins, and they can kind of help them cross-sell into other applications. Right. Now, you talked about making it easier for the end users.

The first thought that came to mind after that is, how does that make it easier for us? And the question really is, do you integrate with any of the products that we have so that we wouldn't have to open up another dashboard if we're working with somebody on a problem and their phone doesn't work and they lose it or something like that? But how is it with the workflow for the MSP in terms of integration and stuff like that? Yeah. So this is one of the main priorities for us to accomplish this year. What we are looking to do, the way we're going to deal with this, with MSPs, is the same way we dealt with our product with customers.

We are building a new product. We don't want to build it out of vacuum or from research. We want a few early adopters, learn from them how to use the system, what is the best workflow for them, and then customize it for them.

So since we're new to the MSP game, we are working with a few of those early MSP adopters and trying to learn from them. We are already integrating into systems, but I'm talking about the flow and what kind of integrations do we need? What kind of reports do we need? What is the best way to access and manage your customers through every key? So all that is happening right now, and we're hoping before end of the year, all of it will be done. Okay.

We're talking about getting to the world of passwordless integration and stuff. Is there a myth that is kind of out there or is there a misconception that we need to have when it comes to helping not just ourselves, but our clients understand passwordless, in terms of, well, it's an app on my phone, I have to still put in a pin to the phone, I've still got to do this or that. I'm just throwing darts here, obviously, so is there something you can help me with there? So the way I look at passwordless is in two ways.

Number one is as a technology, it's not about the passkey technology, it's about what we could do with it, and we've done wonders with it, with every key. And number two, it's still something that needs to be managed, like in the same way a password is managed, a passkey needs to be managed. And from a consumer or a general use standpoint, you're trying to log in to Gmail, you can authenticate passwordless via a passkey with your phone by scanning a QR code, but you're now linking your phone to that Gmail.

It is not an enterprise level. So what needs to happen is a solution that can work on any type of device, not just in an Apple ecosystem or in a Google ecosystem, but that can work across all ecosystems, across any device you use, that can be centrally managed, that can be centrally managed by the company itself or by the MSP. So there are different areas that need to happen.

So it is, in our eyes, a better, more secure solution, and there's obviously for obvious reasons and there's huge push for it, but it still needs to be managed. And there are still limitations when it comes to the user experience. But as a technology, for us, it's been game changing.

It allowed us to do certain things that prior to it; we weren't able to crack. Right. A question I just thought of here is I recently had to help an end user transfer everything from their old phone to their new phone, and we had to do a couple of things with reactivating some of their integrations and stuff.

Most of the MFA stuff worked just fine. The app just transferred over. How easy is it for EverKey if somebody has to get a new phone or they lose their phone? Do we have to be involved in making that transition? You know, thinking is the, you know, is it tied to the app or tied to the device? So if you use your phone, all you have to do is get a new phone.

You can remotely freeze that phone and cut the links to it, get rid of it. It's not a problem. You can do that easily from the dashboard.

All you have to do is you get a new phone, you sign in, and then sync that phone with your lock, with your device, and then you're good to go. So it's very easy to set up. And the beauty of it is you can have multiple devices and multiple, so multiple lock, which is your laptops, and multiple keys, which is your phones.

And they can all sync, a key can sync to multiple devices, and a device can have multiple keys sync to it as well. So it makes usage, if you've got a computer at home, computer in the office, you've got an iPad and a tablet and a physical device, they can all work across the board. Interesting.

Very nice. You talked about the fact of being able to open up other apps as well. So it's not just like unlocking the desktop or anything.

You can actually have that take over all your other password manager. Did I hear that correctly? So you can replace all your password managers with EverKey because we're a password manager, obviously, but any website you want to log into, the password manager will take over and log you in. Any enterprise application that requires a security key, instead of using a YubiKey, you can use EverKey through a proximity-based digital solution.

And we can also integrate with physical devices to unlock them. If they've got an SDK, we can unlock it, we can integrate with it and also use EverKey to unlock it. An example would be Adore, for example.

And that is another interesting opportunity for a lot of businesses that have some sort of access management solution. One of the biggest problems or challenges they have is they probably use a varied number of different locks across the building, and you are able to synchronize all these locks and use OneKey, which is the EverKey app, using NFC to unlock those doors, for example. So the technology can be applied in multiple different ways, but that is something we can do.

We've done POCs for it, but we don't actively pursue because the main focus for us is software applications, specifically SSOs, identity management systems, unlocking your device. For example, if your policy is to change your password every 30 days or every 60 days, instead of adding an exclamation mark to your dog's name every 60 days and just continuing business as usual, we can change that password on your behalf, store it in EverKey, and continue to automatically log you in. So it's all about that user experience.

Okay. I just had another question pop up. We're going to go over the time that I allotted for this, but here it goes.

Could this be something where I, as a solution provider, I have a bunch of servers locally at each of my clients. Could I set up my EverKey for each of those servers so that I can go into my client offices and have it unlock servers for me that is tied to either myself and or a tech? Is that an application that it would be used for or could be used for? That is a very interesting application, yeah. That could be.

All right. Sounds like a use case that I could help you with. Yeah.

Yeah. That's very interesting. Something we've never thought of.

All right. All right. Well, Abad, let me do this.

I usually like to give a few minutes at the end of the show to allow you to practice hopefully your first pitch in this pitch program. So I'm going to shut my mouth and let you go for about two to three minutes. So hit us with your pitch.

I just have to hit you with a disclaimer that Mike's the person, my colleague, he's the one that is going to be pitching, he's the one practicing it. But I'm going to pitch EverKey from my perspective. What we do is EverKey delivers a proximity-based, frictionless, and touchless solution access platform.

And what that means is we offer passwordless authorization and MFA to businesses. We seamlessly integrate with identity platforms and other security systems to make that secure access effortless. We empower IT leaders to adopt secure and employee-friendly and zero-trust strategies.

Our main focus is the employee. We want to make their life easier; their user experience a lot easier. And yeah, and that's EverKey.

Okay. Ahmad El-Hadik with EverKey, thank you very much. And I wish you luck in your journey.

And hope to see you on stage in Orlando at IT Nation Connect. Thank you very much. Thank you for having me.

All right, folks. That's it. We'll be back with another vendor profile for the PitchIT program soon.

We'll see you then. Holla!