$30 Million Round led by KDT and NEA to Fund Groundbreaking Innovation that Eliminates Passwords and Replaces them with a Chain of Trust™
NEW YORK – April 14, 2020 – With the foundations of online identity hopelessly compromised, two of the World Wide Web’s earliest innovators have come back to fix one of security’s most longstanding and intractable issues – passwords. Having founded and led iconic companies including Netscape, Silicon Graphics and @Home Network, Jim Clark and Tom (TJ) Jermoluk today publicly launched Beyond Identity and announced $30 million in Series A funding from co-leads Koch Disruptive Technologies, LLC (KDT) and New Enterprise Associates (NEA). The company is delivering, for the first time, a fundamentally secure solution (based on industry-standard certificate chains) for passwordless identity management that requires no changes to security infrastructures, completely removes login friction for end users, and provides consumers with a much more secure alternative to password managers.
In a separate release today, the company announced the availability of its groundbreaking cloud-native passwordless identity management platform in the release Beyond Identity Delivers the End of Passwords.
Founded in 2017, KDT is a corporate venture capital arm of Koch Industries, one of the largest privately held companies in America with more than $110 billion in annual revenues. Founded in 1977, NEA remains one of the world’s largest and most active venture capital firms with more than $23 billion in committed capital. Both companies are also early customers of Beyond Identity.
The Verizon 2019 Data Breach Investigations Report found that 80 percent of hacking-related breaches still involve compromised and weak credentials. Multiple analyst firms tracking the market to defend against these attacks size the identity and access management (IAM) market in excess of $20 billion, and growing furiously. Behind those numbers, however, are a range of markets for compensating controls that backstop the collapse of identity foundations – from password managers to multi-factor authentication (MFA) – that endeavor to reduce the massive and unstable attack surface represented by fundamentally flawed password-based authentication. Unfortunately, these additional layers don’t solve the core issue, but instead add complexity, and require extra steps for end users. The result is reduced employee productivity and revenue as consumers just give up when adding new accounts or abandon online transactions.
“Innovation should disrupt markets, not businesses. Disruptive innovation needs to advance security without introducing friction or complexity,” said Forest Baskett, General Partner at NEA. “Netscape ‘accidentally’ created markets in access and authentication for aspects of identity that weren’t addressed at the time. By going back to fundamentals and extending the Chain of Trust, Jim, TJ, and team have created a truly disruptive innovation that advances both security and usability equally.”
From Unlocking the Web to Locking Down Identity
With a partnership that began in the halls of 3D graphics and visual effects pioneer Silicon Graphics, and continued at the dawn of the World Wide Web when Jim gave rise to Netscape and TJ launched broadband pioneer @Home Network, the two have collectively and individually been integral in some of the technology industry’s defining moments. Clark is most well known for founding Netscape with Marc Andreessen and delivering what would be the market-leading Netscape Navigator browser and SSL, the precursor to Transport Layer Security (TLS, the lock in the browser). He also founded Healtheon, which merged with WebMD, and he was the original investor and chairman of digital photo sharing and storage website Shutterfly. A Bell Labs Engineer, TJ served as the CEO of At Home Corporation (or by more familiar names @Home Network and Excite@Home), where he was responsible for the massive growth and cable partnerships that created the world’s largest broadband footprint of its time. He also served as Silicon Graphics President and COO, in its early days, and personally designed and led teams that created many of Silicon Graphics’ breakthrough products.
The successful and innovative history and continued collaboration in the present day between the two helped them revisit inherent identity weaknesses that existed from the early days of the Web, and drove them to go back to the core foundation to “reboot” primary authentication. The resulting effort – Beyond Identity – introduces the elegantly simple concept of the personal certificate authority and self-signed certificates. The solution leverages existing secure communications infrastructure and crypto standards to extend the trust boundary beyond server-to-server communications to include users and their devices. By doing so, it completely removes the need for “shared secret” password-based authentication approaches, and dependence on friction-laden compensating controls.
The cloud-native platform provides a secure method of authenticating users and devices without passwords, by using the same secure and scalable approach – X.509 certificates and TLS protocol – that is already universally deployed and underpins billions of dollars in online transactions annually. The solution creates a Chain of Trust™ that includes user and device identity and a real-time snapshot of a device’s security posture, all in an immutable package that is signed by a provably secure certificate. Initially targeted at businesses with an acute need to dramatically improve workforce and customer authentication and eliminate the risk of central password databases, Beyond Identity will also target individual consumers who hate passwords, struggle with password vault usability and security, and don’t trust the “login with” solutions offered by companies who monetize user data.
“For too long we’ve pushed the burden of trust to centralized aggregation points – from enterprise directories to cloud services to website servers – each with varying levels of trustworthiness and a massively broad set of security postures and platforms,” said Clark, Co-Founder and Chairman of Beyond Identity. “While rational, it created more centralized risk and attractive targets, which attackers feasted on. New devices with biometrics and secure enclaves have given us a much stronger level of security that allows us to establish trust in, and with, each user. By decentralizing to the perimeter, it supports the principles of Zero Trust and destroys attacker economics.”
Beyond Identity’s board of directors will expand from Clark (Chairman) and TJ (CEO) to include:
- Forest Baskett (General Partner at NEA) – Prior to joining NEA, Baskett was Senior Vice President of R&D and Chief Technology Officer at Silicon Graphics. Before that, he founded and directed the Western Research Laboratory of Digital Equipment Corporation.
- Byron Knight (Managing Director at KDT) – Prior to joining KDT, Knight was Vice President of eCommerce at Georgia-Pacific. He started his career at TechDiscovery (acquired by Harvey Nash).
- Hilarie Koplow-McAdams – Koplow-McAdams served as President at New Relic as well as at Salesforce. She started her career at Oracle Corporation, where she held a variety of roles over the course of 18 years, including Senior Vice President of Oracle Direct. Koplow-McAdams currently serves on the board of directors of BloomReach, DataRobot, HackerOne, Knotch, and Zendesk Corporation, among others.
About Beyond Identity
Headquartered in New York City, Beyond Identity was founded by industry legends Jim Clark and Tom Jermoluk to eliminate passwords and radically change the way the world logs in, without requiring organizations to radically change their technology stack or processes. Funded by leading investors, including Koch Disruptive Technologies (KDT) and New Enterprise Associates (NEA), Beyond Identity’s mission is to empower the next generation of secure digital business by replacing passwords with fundamentally secure X.509-based certificates. This patents-pending approach creates an extended Chain of Trust™ that includes user and device identity and a real-time snapshot of the device’s security posture for adaptive risk-based authentication and authorization. Beyond Identity’s cloud-native solution enables customers to increase business velocity, implement new business models, reduce operating costs, and achieve complete passwordless identity management. Visit www.beyondidentity.com for more information.
All product and company names herein may be trademarks of their respective owners.