Internet pioneers pursue partners, tout simplified identity and access management platform for users and admins alike
The password is dead, and we mean it this time. That’s the word from New York start-up Beyond Identity, which comes out of the gate with an eponymous passwordless identity management platform that it claims requires no changes to security infrastructure, removes log-in friction for end users, and provides users with a more secure — and less clumsy — alternative to password managers.
The Lowdown: Beyond Identity hits the market flush with $30 million in Series A funding from co-leads Koch Disruptive Technologies (KDT) and New Enterprise Associates (NEA). The company owes some of its swagger to its founders, Silicon Valley veterans Jim Clark, founder of Netscape and Silicon Graphics, and Thomas “TJ” Jermoluk of broadband pioneer @Home Network fame.
Beyond Identity is also looking to make the channel a significant part of its go-to-market strategy and is looking for infosec-focused solution providers with identity and access management (IAM) chops to join its partner ranks.
The Details: The cloud-native Beyond Identity platform consists of two parts: The Beyond Identity application works with iOS, iPadOS, macOS, Windows, and Android clients and serves as a a personal certificate authority (CA) on each device, handling authentication challenges and managing certificate signing and end-user, self-service issues like migration and recovery. The Beyond Identity Cloud service, meanwhile, delivers the authentication challenges to the device and implements standard identity management flows and standards (e.g., OpenID Connect, OAuth 2.0, SAML), with support for industry frameworks such as FIDO2 and WebAuthn.
The result is an identity and access platform that boasts:
● Simplified log-in with no passwords for users to create, remember, or change
● No central storage of passwords, practically eliminating the risk of bulk credential breaches or credential-stuffing attacks
● Granular security posture audit records per device
● Quick onboarding for employees, customers, and contractors
● User self-service features including device recovery and migration
● Configuration-based integration with SSO, and delegation support via partnerships with Ping Identity, Okta, and ForgeRock
The platform comes in two flavors. Beyond Identity for Workforces integrates with single sign-on (SSO) solutions as a delegate identity provider, while Beyond Identity for Customers provides API-based services or an SDK for integration with customer-facing apps.
The Buzz: “Certificate chains are appropriately referred to as a Chain of Trust,” said Jermoluk, CEO and co-founder of Beyond Identity. “When this technology was created at Netscape during the beginning of the World Wide Web, it was conceived as a mechanism for websites to securely communicate, but the tools didn’t yet exist to extend the chain all the way to the end user.
“Beyond Identity includes the user in the same chain of certificates bound together with the secure encrypted transport [transport layer security] used by millions of websites in secure communications today – finally solving the issue the Netscape team was unable to address back then,” Jermoluk added. “By allowing passwords at the user level, our industry inadvertently created an incredible mess with billions of insecure passwords and hacking targets everywhere, resulting in liabilities and user unhappiness. Rather than ‘Band-Aid’ passwords with [multifactor authentication] or password managers, simply eliminate them altogether.”
“Channel partners are an extremely important piece of Beyond Identity’s go-to-market strategy,” said Kurt Johnson, vice president of strategy and business development at Beyond Identity. “We are actively recruiting security-minded solution providers with strong customer relationships who advise these customers about innovative security solutions. Those partners who possess an understanding of identity management and work with access management vendors such as Ping Identity, Okta, and ForgeRock are an especially strong fit.
“Beyond Identity enables these partners to extend the value of their customers’ access management implementations with a tightly integrated solution that eliminates passwords and provides an effortless log-in experience for users, while protecting their customers’ enterprise investment in identity and access management (IAM) systems, and drastically improves security for all,” Johnson added.