Password-free security solutions startup 1Kosmos doubles down on Indian market

For cybersecurity startup 1Kosmos, India will be a key frontier for its targeted multi-fold growth over the next few years. As internet penetration in the country surges alongside a growing awareness of cyber threats, the Somerset, New Jersey based startup, which already counts edtech Byju’s and digital payments operator NPCI among its clients, is building up to a major push to expand its presence here. 

The startup, co-founder Hemen Vimadalal told TechCircle, is already in conversations with 100-odd prospective enterprise clients in this market. These include brands across sectors, some of the largest financial institutions, and government agencies.  

“Just the way India has one of the strongest defenses in the world today on land, air, and water, we want to be the defence for India on the internet,” Vimadalal, also the startup’s CEO, said. 

Globally, the startup claims to have 50 customers including enterprises such as, Jefferies Group, Verizon and Hitachi. 

Vimadalal, a serial entrepreneur, founded 1Kosmos in 2016 with Rohan Pinto and Mike Engle. The startup offers enterprises cybersecurity solutions for digital identity proofing and password-less authentication. In simple terms, it enables people to identify themselves on digital channels in a manner that is more secure than using IDs and passwords. 

Currently, the startup facilitates a million authentications daily across markets and Vimadalal wants to grow that three-fold every year for the next few years.

India, he believes, will be a big part of that growth momentum. The country, Mumbai to be precise, is already home to the startup’s development (R&D) center. 

Over the next 18 months, the startup will focus on two areas in its key markets -- product development and sales and marketing. On the product front, it aims to enhance and add liveness testing to the products and make its distributed ledger platform more accessible to the public. The marketing push will be a major first, as it has only been testing the waters so far by taking feedback from experts and partners, and building all of that into the platform. 

Much of the scale up will be financed by the $15 million Series A round that the startup raised last month. 

Echoing Vimadalal’s optimism for the Indian market, Alberto Yepez, founding partner of ForgePoint Capital, which led the Series A round, said, “Typically, a new region takes anywhere between 15 to 18 months to get some traction. However, in India we have seen a very encouraging response. We already have a growing customer base in less than a year as our clients recognize the need to not just protect users but also verify their identity providing secure access to enterprise users or customers. This has reinforced our belief in the potential opportunity in the Asian markets led by India.” 

“With the (Series A) fundraise, we’re really building upon our front office,” Vimadalal said. “What we are trying to do is build this complete brand up to raise the awareness around what we are doing is extremely important in the cybersecurity space,” he added. 

1Kosmos spent two years in initial product development at an investment of nearly Rs 60 crore to come up with three key products -- BlockID Verify, BlockID Workforce, and BlockID Customer. 

Block ID Verify uses government-issued ID proofs and biometrics such as fingerprint and live ID – liveness test with a smile, blink, left/right motion -- to validate the identity of a person logging in with multiple sources of truth such as the passport-issuing authority or the bank. It is used for rapid know your customer (KYC) verification, among other use cases. 

The Workforce and Customer products are more specific variants of the authentication solution. The former uses the same technique of verification to authenticate employees into single sign-on apps or corporate systems on the cloud or on-premise, while the latter leverages it to allow end consumers securely login or transact to access services/products offered by corporations. 

1Kosmos offers these solutions as APIs bundled with the BlockID app to enable enterprises to integrate the services with their apps, custom web applications, or authorisation systems, and allow employees or consumers to easily authenticate themselves using the app. 

The company charges customers a recurring monthly fee. The standard pricing begins at $3 per user per month, it said, without offering additional details. 

The solutions can be integrated in about 60 minutes and customers can see results in less than 30 days, Vimadalal said. If a client wants to customise the solution, they can use the SDK of Block ID’s mobile app to white label the product or integrate its features. 

The three solutions together drive close to a million authentications a day for 1Kosmos.  

Vimadalal said the startup has seen 300% growth in terms of revenue and 500% growth in terms of customers since the launch of its products. He did not disclose more specific details.

“As the IAM (identity access management) market is siloed with identity proofing, user authentication and fraud detection solutions that do not talk to one another, 1Kosmos is the only company to bridge the gap by offering those three elements with a single mobile-based application, BlockID,” Alberto Yepez, founding partner at venture capital firm ForgePoint Capital said. ForgePoint was part of the startup’s Series funding round.  

Like Vimadalal, Yepez is also extremely bullish on 1Kosmos’ prospects in the Indian market. “India became a natural choice for 1Kosmos with its development centre located in Mumbai, the country having favorable demographic, lastly and most importantly, they have been able to implement one of the most sophisticated biometric ID programmes in the world,” he said. 

But, how do you know that 1Kosmos isn’t creating a honeypot of employee/customer identities, biometrics, and personal information? 

The startup claims to use something called a distributed ledger technology, which helps the startup to store customer information in a secure and decentralised format. This ensures that all the information of all the users does not stay at a single place as is the case with traditional, centralised architecture, Vimadalal said.   

Distributed ledger also comes with a layer of privacy built around Ethereum to execute smart contracts. 

Access to this database is controlled by the users who get a private key to manage their information. They could use it to delete all their personal information (credit cards, bank accounts, government IDs) from the ledger, leaving only the information owned by the organisation such as log information. 

“At the highest level, it’s like no one can enter your house because you have a private key,” Vimadalal said.