Zero Trust Authentication Defined

Our CTO Jasson Casey walks through how Beyond Identity delivers advanced authentication—passwordless, phishing resistant multi-factor authentication built for the zero trust world—to serve your extended workforce, your developers, and your customers.


Hello. I'm Jasson Casey. I'm the CTO here at Beyond Identity. If you're anything like most companies, most of the security incidents that your security team has to deal with are password related. 

In fact, according to Verizon's DBIR, database of incident response, 80% to 85% of incidents reported either start with an initial access or involve during lateral movement, a critical juncture of the kill chain, valid credentials, i.e. a bad actor is using a valid password to do a bad thing. We feel that's a statement, that identity and access products are not providing security results. 

At Beyond Identity, we focus on building access and identity products that are built from security fundamentals with sound principles and simultaneously are also providing a better user experience for both customers, workers, and developers of the full-access ecosystem. 

So, let's start with your problem. So, your problems start with, first, your customers. Your customers have to access your product. When your customers access your product, if it's anything like today, they're using maybe just a password or a password and some sort of second factor. That second factor may be a magic link, or it may be a cell phone push to a text number. 

You're probably concerned with things like ATO. What if a customer's account gets taken over? How do they get back in? You're probably concerned with things like bot accounts. How do I understand the difference between real people versus botnets that are driving customers? You're probably also concerned with things like abandonment. 

When a customer goes to check out, do they have to enter their password to check out? Do they remember their password? If they're going to go through that reset process, are they likely to abandon that purchase? So, these are real problems, both on the security side and the business side, that impact your business that you have to solve. 

On the workforce, you have to let your workforce access applications that get business done. Your workforce includes contractors, most likely, and employees. It turns out, if they're accessing your customers' data, you have to worry about compliance, regardless of whether you own their devices. 

Your employees are bringing in their own devices that you actually have to handle. Again, your job is to try and get business done in the most secure way possible. How do you actually do that? And then finally, on the technology side, you have developers. Those developers are building products that go in and touch your customers in the deepest way possible. How do you actually know that what you are delivering to your customer is not tainted? 

It is, in fact, actually built by the right people in the right and secure environments. So, we have three products that address these three problems: Secure Workforce, Secure DevOps, and Secure Customers

And what they all have in common is they all use the same SaaS-based cloud platform to provide authentication, authorization, and audit in all three of these use cases in a way that is simple and easy on your customers, easy on your workforce, easy on your developers, but secure across all three platforms. 

We let you, through our policy engine, really define the difference in risk, right? Because risk in your workforce versus risk of your customers and risk in your development environment are different. And so we let you actually define how your organization needs to operate in those environments, helping you solve real problems across the board in each of these three segments. 

Here at Beyond Identity, we're trying to bring a security approach to what is traditionally an identity problem, giving you a multi-factor authentication solution that truly is easy on your customers, workforce, and developers, while solving real security problems and letting you manage risk in a way that actually befits your organization.