Original Article

New York, March 15, 2023 - Beyond Identity, the leading provider of passwordless, phishing-resistant MFA, today announced the formal release of ‘Zero Trust Authentication’ (ZTA) as a subcategory of zero trust technology, together with the launch of the Worldwide Zero Trust Leadership series of events that will run throughout 2023. Bringing together industry-leading security technologies and integrators, Beyond Identity, Palo Alto Networks, CrowdStrike, Optiv, World Wide Technology, Guidepoint Security, BeyondTrust, Ping Identity and Climb Channel Solutions will enable organizations to move towards secure authentication designed to advance the zero trust strategies of global 5000 companies.

Zero Trust Authentication has been developed in response to the failure of traditional authentication methods – a problem exacerbated by the increasing number of cyberattacks. Adopting Zero Trust Authentication will allow organizations to overcome the limitations of passwords and legacy multi-factor authentication (MFA) and implement more robust security strategies. To achieve this, the Zero Trust Authentication approach includes components such as Beyond Identity's risk scoring and continuous authentication capabilities, which significantly enhances the level of protection offer…

The Cyber Hut Comment: Zero Trust is everywhere - or should be. As a concept not a product, it has become the leading approach for CISO’s and security leaders to analyse risk, deploy controls and allow organisations to share more to different people, across a range of different locations and assets. The emphasis on a perimeter-less model sees a bigger focus on identity (of people and devices) which in turn requires a solid set of capabilities for authentication, authorization and contextual analysis - all being done continuously of course.

So what is this new zero trust authentication initiative? Beyond Identity are a passwordless authentication provider - looking to deliver a cryptography based approach for consumers and employees. This initiative sees them join forces with the likes of Beyond Trust, Ping Identity, Crowd Strike and Palo Alto networks.

What does this tell us? Well first ZT can not be solved by a single technology. The partnership model for this new initiative contains an array of non-competing technologies - all looking to provide a broad coverage of controls implementation and technologies across the data and asset access landscape.

The second aspect, is that ZT is possible. It is not just a myth or a whiteboard exercise. Organisations can (and must) be designing for a modern agile and threat-aware security architecture and strong passwordless authentication must be a part of that.

Other interesting key words mentioned here - are risk and continual. Risk is clearly dynamic, volatile and treated in many different ways. But to analyse risk (especially within the login and access control events) requires more data signals. Device, location, history, transaction and so on. The second aspect, is how to handle both continuous authentication and authorization - essentially removing state during evaluation.

The initiative lists 7 key points for ZT Authentication including passwordless, phishing resistant, device validation, risk aware and continual.