Securing Your Workforce With Zero Trust Authentication

Identity and Security teams are working around the clock to protect their extended workforce—employees, contractors, representatives, suppliers and partners—and ensure they are easily connected to their IT resources in our work from anywhere world. Our Vice President of Product Strategy, Husnain Baijwa, walks through Beyond Identity’s Zero Trust Authentication paradigm that ensures confidence in user and device identity on a real-time, continuous basis, complementing security investments in EDR, ZTNA and more while delivering a passwordless experience that drives productivity.


Hi, my name is Husnain Bajwa. I run global sales engineering at Beyond Identity and today, I'm going to talk to you about Secure Workforce. When we think about Secure Workforce, we essentially think about the eras of maturing cloud as well as mature cloud transition. 

And within this, organizations are essentially building solutions that support four different kinds of devices. Corporate managed PCs, corporate managed phones, the emergence of BYOD phones since the iPhone in 2010, and we also see BYOD PCs as well. 

These solutions have traditionally been integrated to directory platforms that use a password along with a username as the key for authentication. These products, when integrated with all of the corporate applications, become SSO products or Single Sign-On. 

Single Sign-on begins to introduce additional lateral movement risk associated to the credential and therefore we've seen an emergence of second device MFA. Organizations have looked at this architecture and had to revisit their own corporate policies. 

Today, more and more businesses are evolving to a practice of managed devices for employees. But these approaches are not suitable for contractors, a growing portion of the workforce. Connecting these solutions to the SSO and MFA creates additional problems. 

Passwords, MFA, and unmanaged devices with poor patching policy are the three largest problems that enterprises and organizations face today. 

This is where Beyond Identity steps in. Our modern cloud-first, cloud-native architecture takes in context signals from the user, couples it with public keys, and finally enriches our decisions with a strong zero-trust policy. 

Organizations can configure policies that address the unique needs of both their unmanaged contractor user base as well as their employee user base. These zero trust policies are defined by users, devices, apps, locations, and time. We're able to incorporate these policies and create unique solutions that are targeted to the specific needs of the connecting device, and we're able to effectively mitigate this patch challenge as well as all of the benefits of moving to a public key rather than using a password or MFA. 

This elimination of credential-based attacks allows us to eliminate 80% of all threats. This also allows us to provide zero friction solutions for both the admin in the form of a cloud-delivered subscription product as well as the end user by eliminating the second device and bringing everything back to the single device using a strong root of trust and a secure enclave. 

We also provide continuous verification of the user. So traditional policies have relied on two weeks, three months, one month-type of policies in terms of granularity of access. 

What we're seeing more and more is that people need to be able to authorize and deauthorize users on a near real-time and continuous basis. Serving the needs of continuous zero friction multi-factor authentication requires a modern cloud-native architecture not derivative of any existing solutions. 

We believe that this provides the strong foundation to begin your journey to zero trust. While many people talk about defense, in-depth strategies that begin with react solutions, the prevent surface is the only one that's going to give you the 80% reduction of overall threat. 

It's going to give it to you at a low cost, and it will complement all of your existing investment in zero-trust adjacent technologies like EDRs, EPPs, SIMs, and existing SSOs. Thanks.