Marcos Christodonte II, CISO at Unqork, explains why they chose Beyond Identity to provide strong and secure authentication for its workforce. 

Transcription

Fully eliminating those passwords was really key for us, and that was a big plus for our employees. At the same time, I would say they want more.

Unqork is a no-code enterprise-grade application development SaaS platform that allows customers to build really high complex applications at scale, all without writing a single line of code. For me, I've been in, you know, cyber security quite a while. 

And for the longest time, we've always focused on two-factor authentication or multi-factor authentication. And it's a great foundational control. It's something that we have to do. It's a must-do. But from my perspective, it's no longer enough. You know, while we place a lot of confidence in multi-factor, I've experienced a number of incidents in the past where, you know, a user would accept, for example, an unprompted push notification that went to their mobile device as their second means of authentication. 

And so for me, I wanted to look at a solution that allowed me to not just rely on traditional MFA or two-factor authentication, but to provide a much more flexible policy in a much stronger authentication chain. So, as I look at those challenges, really for me, I wanted to make sure that I was looking at a solution that offered a passwordless experience, both for our users, to make sure that I'm providing a much better user experience, but also to address the risk that users will inevitably reuse their passwords, oftentimes, the same passwords that they use with their personal accounts. 

But also their passwords will end up becoming compromised in some manner and often end up in publicly available password databases. And so that was one of the big keys for me, was to ensure that I have a passwordless solution, but also one that provided device trust, device authentication, and also allow me to have a flexible policy whereby I can enforce control or access decisions based upon the posture of that particular device. 

So, Beyond Identity help with that a number of ways. One, I would say, just looking at the security, the way in which they approach the solution. So, using asymmetric encryption, where the private key is not stored in a location that is accessible, it's essentially stored in a trusted platform module, or TPM, or secure enclave, depending upon the device. 

So, second being passwordless, so not requiring our users to log in at all using a password, which is very key for us. So, in addition to providing a passwordless experience for our users, improving upon their user experience, it also provided a lot of security for us as well. Just as an example, we actually had some penetration testers come in, and they attempted to phish our user base. And as you would expect, or as you would imagine, we actually had a couple of users that clicked on a link to a portal that mimicked our identity provider's portal. 

Now, if we were allowing our users to provide passwords, then they would've likely given up a password which would've led to an account takeover, which is a situation we do not want, and I have experienced in the past. So, Beyond Identity essentially blocked that penetration tester from accessing those users' accounts at all because that penetration tester did not have access to that root of trust that is established by Beyond Identity. 

So, that was a big benefit for us for that particular event and for any other event that might be real in the industry. When you look at everything that I just mentioned, when you've got a device, you know, authentication solution, and you've got device trust and you've got continuous authentication and it's passwordless, so you're providing security value. From a security perspective, you're implementing all those different checks. 

But also business value in that you're providing a much more seamless and better user experience for your employees. Now, you're getting to a point where you've got a much more robust solution. And so when you look at that in comparison to just relying on traditional multi-factor authentication, it's night and day. And Beyond Identity does all of that.