Jarrod Benson, CISO of Koch Industries, on securing the cloud and passwordless identity management

Jarrod Benson, the CISO of Koch Industries, discusses the four key architectural tenants of securing the cloud and the importance of Passwordless Identity Management.

Koch Industries made a decision years ago to modernize our application footprint, move to the cloud. We've tied back to four key architectural tenants to help us make our decisions and their:

  1. Cloud is the data center
  2. Any device is a work device
  3. Internet is the network
  4. Identity's the perimeter

Cloud is the data center 

Businesses move infrastructure out of their traditional data centers or server rooms and leverage the cloud. This allows for scale, disaster recovery, more features, and better services. 

Any device is a work device

Our workforce should be able to work anywhere at any time, moving to allow people, employees, contractors to leverage your services externally from any device is a key tenant. 

The internet is the network

Businesses are moving away from running complex route switched networks and moving to more of an internet cafe model where users or employees are actually separate from your data center or your cloud and using zero-trust technologies in order to access systems and services. 

Identity is the perimeter

As companies move to the cloud there's one key tie back to who you are and what you access and it's your identity so moving away from the brick and mortar firewall protects everything model and moving to one that's identity centric allows businesses to really track and understand what people are accessing. 

How passwordless authentication plays a role

Passwordless authentication is really important for a couple reasons. One it really eliminates user friction, so when you access your applications you don't have to enter a password anymore. It allows you quick and seamless access. 

Two, passwords are a huge security problem in the industry. 90 plus percent of attacks are caused because people steal passwords and use those to do bad things. So the bad guys out there will be unable to execute phishing attacks to steal intellectual property, or social engineering users in order to get wire transfers and other other nefarious activities so that's a good thing. That's why we want to move to eliminate passwords. 

You know what really stood out to me on Beyond Identity was their strong technical team and their built-for-purpose architecture. Born in the cloud, built in the cloud, and set up in a way to really be frictionless for end users to get higher security and eliminate passwords. 

They have great integrations with Okta and Ping Identity, which are two major providers of identity services for small, medium, and large businesses to leverage. I see Beyond Identity changing the identity and security landscape by truly eliminating passwords by enabling businesses large and small to adopt a security posture that's frictionless for users, that allows for quick adoption, and a better security footprint.