Tony Shadrake, Vice President of EMEA for Beyond Identity, explains how passwordless multi- factor authentication is poised to fundamentally change the way the world logs on Passwordless multi-factor authentication provider Beyond Identity has announced a strategic partnership with Atlas Identity, a leading identity specialist, to resell and provide managed services for Beyond Identity in the UK.
The partnership is part of the Beyond Identity’s EMEA expansion plans, which Tony Shadrake explains was one of the big things that attracted him to the role of Vice President of EMEA when he started working for the company in March.
“I have been in cyber security for 20 years, here and in the US, primarily with start-up organisations like Beyond Identity, helping them to get established and build up indirect and direct sales channels. Most recently, I spent about 10 years at Carbon Black – I was first man on the ground in 2010 and built out their EMEA team before they went into a successful IPO and then acquisition by VMWare a couple of years ago. And I was at Webroot, when they were building up their enterprise business from their consumer business, building up the channel for them. So, I have plenty of experience in cyber and the channel,” he explains.
“Beyond Identity was founded by a couple of industry legends in the US – Jim Clark and Thomas Jermoluk (TJ). Jim Clark founded Netscape in the early ‘90s and Silicon Graphics and TJ has been involved in 8 or 9 start-ups. These guys have plenty of experience building out start-ups to success, and both came out of retirement to work on Beyond Identity.”
Shadrake says that Beyond Identity invested early and heavily in EMEA, after raising Series A and Series B funding totalling $105 million from Silicon Valley venture capital firm New Enterprise Associates (NEA) and Koch Disruptive Technologies (KDT).
“There are 12 or 13 of us based in the UK and the Nordics and we also have a five-strong engineering team in Slovakia. We have deliberately gone out with a two-tier distribution model. We signed Distology in January or February to give us coverage in the UK; in the summer,
we signed Ignition to cover the Nordics and Benelux; and in Israel we signed a distributor called Unicloud, which built out the Okta business there.”
Beyond Identity has a couple of relationships with partners in South Africa and Germany and is also soon to expand into the Middle East, but its main focus for now is the UK, Nordics and Israel.
“I have been really pleased with the investment that has gone into the European team. This is TJ and Jim Clark’s thing. This is what they generally do; they take the investment early and set things up so we are ready with a team and a channel and revenue channels for when the market really starts to move.”
And Shadrake is confident that the market for passwordless identity management is poised for massive growth.
“Gartner thinks 60% of large enterprises and 90% of mid- to small- sized companies will have some kind of passwordless initiative under way next year. The TAM for passwordless in general, from an enterprise perspective, is predicted to be $450 billion by 2030,” he adds.
Founded two years ago to provide simpler passwordless authentication and a means for organisations continuously to authenticate all users trying to access all corporate resources, Beyond Identity is well placed to profit from this demand.
Its technology makes use of features of modern computing devices such as increased processing power, biometrics and Trusted Platform Modules (TPMs) to bind a user’s personal identity to their computer or their phone using public/private key cryptography and X.509 certificates with no certificate management.
Instead of having to send a password to a server, the user’s phone or PC identifies the user through private keys securely stored in its TPM or secure enclave and validates them to the whole internet, effectively making the user his or her own personal certification authority.
This passwordless approach is the foundation of Beyond Identity’s expanding SaaS platform, which now has three core solutions addressing different customer requirements:
- Secure your Workforce for enterprises, which ensures that only authorised
- users and devices have access to cloud resources;
- Secure Customers (launched in September), which enables any company to eliminate the threat of customer account takeovers and offer consumers a frictionless authentication experience without passwords, second devices or separate application downloads for native mobile and web applications; and
- Secure DevOps (also launched in September), which closes a critical vulnerability by securing the software supply chain against insider threats and malicious attacks.
The market that arguably has the most immediate potential for Beyond Identity is customer identity and access management (CIAM), which the company is addressing with its new Secure Customers solution. This includes SDKs that enable a seller of products or services to provide secure customer authentication with a frictionless user experience across both native (iOS and Android) applications and web applications, without the consumer having to do anything.
To illustrate the benefits, Shadrake cites the example of online banking. “If you try to log into your bank account today you may get sent a PIN code. We are eliminating that step. There is no PIN, no password, you go to your application, put in your username and Beyond Identity will authenticate you into that application. It reduces steps, it reduces friction, it makes it easier for consumers, for you and I, to access these applications and do those transactions.”
The other new product that excites Shadrake is Beyond Identity’s Secure DevOps Solution, which he believes has appeal across a broad spectrum of businesses and solves a massive security headache for enterprises.
“The Secure DevOps Solution ensures that when developers are putting source code on GitHub, GitLab, GitBucket, any source code repository, we tie that source code to that individual user in that corporate device. If you think about agile software development cycles now, it is
all in the cloud. So, what happens if you have engineers and developers submitting source code into these repositories from any device? How do you know there is no malware within the source code itself? This is a product we all believe internally will be a really good channel and revenue stream for the company.”
It is still relatively early days for the company’s Workforce Solution too. However, according to Shadrake, it is starting to gain traction in certain verticals, notably gaming, biotech, fintech and high- tech software companies.
“These companies are generally well funded, cloud-first – we are a 100% SaaS solution. On the Workforce side, we also depend on the customer having a web single sign-on solution, be it an Okta, a Ping Identity or a ForgeRock, because the way our Workforce Solution works is that when you go into your single sign-on dashboard and want to access an application or a resource with Beyond Identity, you put your username in and Okta delegates to Beyond Identity, so we become a delegated identity provider (IdP). From there, we authenticate you, so you don’t have to put in a password; you go straight into the resource or application you have requested.”
He adds: “We are very much looking for channel partners that carry a complementary technology like Okta, like Ping, like ForgeRock. Do they have an Okta customer base?; Do they have an identity practice?; Are they used to taking emerging technologies to market? We have a very clear focus on targeting those types of channel partner.”
On this basis, the recruitment of Atlas Identity looks like a perfect fit, as Beyond Identity continues its policy of focusing on a small set of partners – no more than a dozen – that it can really work with to educate the market about the applications and benefits of its technology.
Education, education, education
This is something Shadrake believes the market really needs.
“It is amazing when you look at ransomware over the last 18 months and how cyber criminals have really taken advantage of home-working. Even though there are so many ransomware attacks and 60% plus of those are due to stolen credentials and even though we all hate passwords, we are still comfortable with the current way of doing things. We are comfortable getting that text from the bank or multi-factor authentication products that prompt us for a PIN or a password. The biggest issue Beyond Identity has at the moment is that comfort factor.
“We need the analysts to get more involved in highlighting the security challenges of passwords. I don’t think they’ve got involved enough in this market yet. Gartner has just started talking about identity-first security. If you think about the last 18 months, when the pandemic has pushed everybody to remote working, all of a sudden organisations have had to adapt to that new reality. I think the result of that technical and cultural shift is that identity-first security now represents the way we are all going to work and function, regardless of whether we are remote or in the office.
“Identity is going to be a key tenet of Zero Trust as well. I know Zero Trust is this broad area, but if you look at organisations that are building out Zero Trust frameworks and models, identity is definitely a key tenet and I think it will become even more prominent over the next 6 to 12 months. Certainly, if we just look at eliminating passwords, there is an immediate cost benefit for organisations. The amount of password resets that are done today is horrific. That, combined with reducing user friction are benefits. And we know that we improve the overall security posture of an organisation as soon as they put us in. Our customers tell us that.
“So, at the moment, comfort is the biggest challenge and that is normal whenever you are trying to introduce a new disruptive technology that is a little different. But I think we will get past that because people are starting to understand the security threat posed by ransomware and passwords.”