Beyond Identity Cloud Establishes a New Chain of Trust™ for Online Identity
NEW YORK – April 14, 2020 – With trust in Internet security at an all-time low, two of the World Wide Web’s earliest innovators have come back to re-establish trust in authentication chains by finally eliminating passwords as the weakest link. Founded by Silicon Valley veterans Jim Clark and Tom (TJ) Jermoluk, Beyond Identity launched today to deliver a cloud-native platform that offers an effortless login experience for users, protects enterprise investment in identity and access management (IAM) systems, and drastically improves security for all.
In a separate release today, the company also announced the team and $30 million in funding from marquee investors in the release Silicon Valley Icons Jim Clark and Tom Jermoluk Launch “Beyond Identity.”
Two and a half decades ago, Jim and TJ helped usher the World Wide Web into the business and consumer world – Jim with the Netscape browser and SSL, and TJ with broadband pioneer @Home Network. Fast-forward to today, credential compromise is up by more than 70 percent year-over-year according to Proofpoint. And Internet giant Akamai, in just a two-month period, saw 8.3 billion malicious login attempts tied to credential stuffing across its customer base, with one botnet generating 300,000 login attempts per hour.
“The lifeblood of any business flows through the multitude of global connections with employees, partners, and customers, each of whom also offers a ‘soft target’ for attackers based on the levels of credential compromise,” said Jarrod Benson, CISO of Koch Industries. “When we met with Jim, TJ, and the Beyond Identity team, we were impressed at their approach; it was elegant in its simplicity and immediately understandable in its inherent strength. Partnering with Koch Disruptive Technologies, LLC, which invested in Beyond Identity, we’ve brought Koch’s knowledge and capabilities to help grow the technology while benefiting from their know-how as we seek to enhance our own systems.”
Moving “Beyond” Passwords
Today, businesses struggle with balancing the need for expedient access to applications and information, against the friction caused by authenticating users and authorizing that access. Direct-to-consumer businesses like banks and online shopping that serve hundreds of millions of customers, as well as corporate ecosystems that require anytime/anywhere/any device workforce access to hundreds of disparate cloud systems and applications, are reeling from the difficulties of protecting and managing billions of user IDs and passwords. Exacerbating the issue, user frustration with the ever-increasing friction of password “Band-Aids,” such as frequent forced changes, longer/stronger passwords, and multi-factor authentication (MFA), drive them away or into unsafe behaviors.
The Beyond Identity Cloud, unlike other authentication solutions or even general security solutions, not only requires no additional compromises in usability or security, it increases both usability and security simultaneously. The highly scalable, cloud-native platform comprises the Beyond Identity app (iOS, iPadOS, macOS, Windows, Android), and the Beyond Identity cloud services. Beyond Identity for Workforces integrates with single sign-on (SSO) solutions as a delegate identity provider, while Beyond Identity for Customers provides API-based services or an SDK for integration with customer-facing apps.
Leveraging proven TLS and X.509-based asymmetric-key cryptography at its foundation, the Beyond Identity app is effectively a personal certificate authority (CA) on each device, protected by the secure enclave. Private keys are stored within the secure enclave and never leave the device, while the app handles authentication challenges – which come from the cloud services either directly or delegated through SSO integration. The app also executes certificate signing functions and provides user self-service-based migrations and recovery.
SSO integration is a straightforward configuration process, and application or site-specific enablement is done by incorporating the company’s personal CA into an endpoint application using the SDK/API. The Beyond Identity Cloud implements standard identity management flows and standards (e.g., OpenID Connect (OIDC), OAuth 2.0, SAML), and supports industry frameworks such as FIDO2 and WebAuthn. As a result, the Beyond Identity Cloud empowers enterprises with:
- Effortless login experience: No passwords for users to create, remember, or change.
- Fundamentally secure: No central storage of passwords to eliminate the possibility of bulk credential breaches or credential-stuffing attacks.
- Streamlined audits and simplified compliance: Offers granular device and device security posture audit records, and a completely machine-verifiable audit trail.
- Expedited onboarding for employees, customers, and contractors: Requires no IT or help desk support.
- User self-service: Empowers users with simple device recovery and migration, and reduces IT overhead.
- Rapid time to value: Configuration-based integration with SSO, and seamless delegation support via partnerships with Ping Identity, Okta, and ForgeRock.
“Certificate chains are appropriately referred to as a Chain of Trust,” noted Jermoluk, Co-Founder and CEO of Beyond Identity. “When this technology was created at Netscape during the beginning of the World Wide Web, it was conceived as a mechanism for websites to securely communicate, but the tools didn’t yet exist to extend the chain all the way to the end user. Beyond Identity includes the user in the same chain of certificates bound together with the secure encrypted transport (TLS) used by millions of websites in secure communications today – finally solving the issue the Netscape team was unable to address back then. By allowing passwords at the user-level, our industry inadvertently created an incredible mess with billions of insecure passwords and hacking targets everywhere, resulting in liabilities and user unhappiness. Rather than ‘Band-Aid’ passwords with MFA or password managers, simply eliminate them altogether!”
About Beyond Identity
Headquartered in New York City, Beyond Identity was founded by industry legends Jim Clark and Tom Jermoluk to eliminate passwords and radically change the way the world logs in, without requiring organizations to radically change their technology stack or processes. Funded by leading investors, including Koch Disruptive Technologies (KDT) and New Enterprise Associates (NEA), Beyond Identity’s mission is to empower the next generation of secure digital business by replacing passwords with fundamentally secure X.509-based certificates. This patents-pending approach creates an extended Chain of Trust™ that includes user and device identity and a real-time snapshot of the device’s security posture for adaptive risk-based authentication and authorization. Beyond Identity’s cloud-native solution enables customers to increase business velocity, implement new business models, reduce operating costs, and achieve complete passwordless identity management. Visit www.beyondidentity.com for more information.
All product and company names herein may be trademarks of their respective owners.