Beyond Identity Achieves SOC 2 Type 2 Certification

Attestation Reaffirms Passwordless MFA Pioneer’s Founding Vision of Engineering an Extremely Secure, Highly Available, Cloud-Native Authentication Platform

NEW YORK, September 22, 2021 – Passwordless MFA provider Beyond Identity today announced the successful completion of its System and Organization Controls (SOC) 2 Type 2 certification. The attestation report, prepared by Moore Colson CPAs and Advisors, provides validation that Beyond Identity’s security and operational controls align with the Trust Services Criteria established by the American Institute of Certified Public Accountants (AICPA). The rigorous technical audit, completed in record time, reinforces Beyond Identity’s ongoing commitment to delivering an authentication platform that is designed, architected, and built with the highest levels of security and availability to protect customer data.

“Since our inception, we have engineered security principles into every aspect of the business – from our cloud-native authentication platform, to our security operations,” said Bob Burke, Vice President of Security and Infrastructure at Beyond Identity. “And SOC 2 Type 2 certification provides high assurance to our customers that we have met the access control requirements to rapidly achieve operational excellence – a designation not typically attained by early-stage companies.”

Burke continued: “With high-profile security incidents involving SolarWinds and Kaseya still occupying the psyche of many businesses, organizations are demanding vendors deliver greater value earlier on in their lifecycle to ease the security and compliance burden on the supply chain. This reality accelerated our pursuit of SOC 2 Type 2 compliance and will continue to help inform the direction, development, and optimization of our advanced authentication platform.”

Beyond Identity replaces legacy MFA with strong passwordless authentication by employing proven asymmetric encryption to cryptographically bind the user’s identity to the device, enabling trust within organizations that a login attempt is occurring from an authorized user and device. The company’s passwordless MFA platform also continuously assesses the security posture of each device, establishing “device trust” – a cornerstone to a zero-trust security architecture – and ensuring the device meets security and compliance requirements before approving the authentication request.

Importantly, the Beyond Identity platform natively collects user behavior and device security posture attributes during each login transaction and is integrated with endpoint security tools like MDM and EDR, adding enhanced context to each authentication decision. Unlike current technologies like VPN and CASB, which use certificates that can be easily copied to a new device, Beyond Identity stores a private key in a TPM where it cannot be accessed or moved. With these capabilities, organizations gain unprecedented, zero-trust authentication insight that empowers them to enforce real-time, risk-based access decisions.

To learn more about Beyond Identity, please visit

About Beyond Identity
Beyond Identity provides the most secure authentication platform in the world. Breaking down barriers between cybersecurity, identity, and device management, Beyond Identity fundamentally changes the way the world logs in – eliminating passwords and providing users with a frictionless, multi-factor login experience. Beyond passwordless, the company provides the zero-trust access needed to secure hybrid work environments, where tightly controlling which users and which devices are accessing critical cloud resources has become essential. The advanced platform collects dozens of user and device risk signals during each login – enabling customers to enforce continuous, risk-based access control. The innovative architecture replaces passwords with the proven asymmetric cryptography that underpins TLS and protects trillions of dollars in transactions daily. Customers turn to Beyond Identity to stop cyberattacks, protect their most critical data, and meet compliance requirements.

The company was founded by Jim Clark and TJ Jermoluk, who helped ignite the commercial internet with Netscape and @Home Network. The dynamic duo assembled an all-star team and created the world’s most advanced passwordless identity platform, at a time when digital transformation is impacting every business and cyberattacks have become a top risk. The company has raised $105 million from premier investors Koch Disruptive Technologies (KDT) and New Enterprise Associates (NEA). Beyond Identity is headquartered in New York City with offices in Boston, Dallas, Miami, and London. Visit for more information.

All product and company names herein may be trademarks of their respective owners.

Claire Mutty
CHEN PR for Beyond Identity

By clicking “Accept All Cookies”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.