There has been a lot of activity in the identity and access management (IAM) and authentication sector recently. No organization wants to end up in the headlines for a data breach, especially for one that it could have avoided. The key to this is to have the right security posture in place, and this needs to be done proactively without waiting for an attack to happen. This is where authentication and IAM plays a key role in securing applications in the cloud. We witnessed a lot of activity in the space with news of funding, integrated offerings, and product launches announced last month. Let’s take a look at them all.
How hot is IAM?: Auth0 raises $120M Series F funding
Auth0 has had a great run as a modern alternative to solutions like Microsoft Active Directory. In July, Auth0 raised $120 million funding in a Series F round as it looks to expand its footprint. Auth0 is an authentication platform that protects cloud applications from malicious users. Being able to spot real users and fake users quickly is critical to running applications securely in the cloud.
Auth0 secures application access with features like universal login, single sign-on, and multifactor authentication. These are now table stakes for any organization that builds and runs applications in the cloud.
Auth0 aims to simplify authentication by allowing developers to add a simple Auth0 script to their application’s code that then takes care of all logins and integrations with applications in the cloud.
Enterprise application integration has now moved from being internal-only to being mostly external and API-based. This calls for mature authentication between applications. Any loose end will be exploited, and we see those stories in the news every month.
The lines between corporate and consumer applications are blurring. Enterprise customers now demand a consumer-like experience from their enterprise apps too. They’re used to hailing an Uber and having it arrive in two minutes. They want the same ease of use when they file expenses, or edit a CRM entry in Salesforce, or reply to an issue within ServiceNow. They don’t want to keep logging in and out of applications just to ensure safety. They want a seamless experience that gets out of their way and enables them to do the tasks they came to the app to do.
For this to become a reality, it takes authentication services like Auth0 to have a deep awareness about who is a genuine user and who is suspicious. Simply put, great authentication makes an organization’s users and customers feel at home and familiar, while still enforcing a strong security posture towards unknown users.
Okta squarely in sight
This Auth0 funding undoubtedly has Okta in view. Okta is the frontrunner in the space and is one of the success stories to emerge from the tech sector in recent years. Having had an IPO in 2017, Okta (NASDAQ: OKTA) stock, which began at a lowly $23.51, is now trading at over $200. That’s an extremely healthy growth rate and is a seal of approval for over the entire industry. With revenue of over $600 million and healthy stock performance, Okta, despite being a competitor, lends credence to Auth0. Organizations can no longer be content with barebones identity and access management services by cloud vendors. They need to adopt specialist IAM and authentication tools like Okta and Auto0 to be truly secure.
Ping Identity and One Identity join forces
There is more activity in the space with smaller players Ping Identity and One Identity integrating their solutions for a more wholesome offering. The companies put this integration into a formula that reads something like “IAM = access management + identity governance and administration.” In this case, Ping takes care of access management and One Identity handles IGA.
Ping Identity handles SSO, MFA, and application access. It acts as the control plane for application access that can be managed from any device. It handles the endpoints while One Identity handles user access.
The point of such integrations is to manage authentication as a lifecycle. For all applications, users need to be added and removed, integrations need to be created and retired, they also need to be managed and improved over time. This brings in a barrage of requests that IT teams need to manage. From HR teams requesting setup for a new employee, to developers asking for integration with a new tool, and sales teams needing a custom integration between Salesforce and ServiceNow, to marketing teams needing integration between Facebook and their marketing automation platform - It’s all in a day’s work for IT. It’s easy for IAM best practices to be swept under the carpet in the midst of all this hustle and bustle. It becomes very likely for a bad actor to enter the system unnoticed and gain access to confidential information. This is the backdrop against which today’s authentication solutions are emerging to counter new challenges in a new cloud-native world.
While a lot is said about security, what is often unsaid is the impact authentication and IAM has on the pace of operations. Whether building a brand-new app or running a decade-old monolith, IAM and authentication needs to be set up correctly for the app to go live. Further, it needs to be maintained and kept secure during the entire lifecycle of the application. For this to happen, development teams and IT teams need to use a robust IAM and authentication tool that can simplify the complex process of logins and integrations between apps. With this in place, IT teams are more confident in their ability to give access to users and can drive better internal customer experience. For development teams, as they have readymade self-serve integrations between applications and a streamlined system for logins, they can focus on building core features of applications faster. All this adds up to make organizations more competitive in a world where time to market is a key differentiator between the winners and the losers.
Cyral secures the data layer
While we discussed many of the authentication vendors in this post, we wind down with a mention of another vendor solving a very related problem: data security. And that’s where Cyral comes in.
The company has just released its new Zero Trust platform for the data layer. Taking a policy-based approach to data security, Cyral offers advanced protection from data breaches. While the authentication tools above secure application endpoints, Cyral offers security for data endpoints.
Cyral integrates with auth platforms like Okta and Auth0 to bolster the security already provided by those offerings. In fact, organizations that have already invested in a tool like Okta would readily consider adopting Cyral as a logical extension.
It isn’t surprising that we’re seeing so much activity in the security and IAM space right now. With the sudden shift to work from home and forced digital transformation, organizations are grappling with security issues of every kind. This presents a huge opportunity for security vendors to position themselves as the remedy to these challenges and to ease organizations’ transition to a completely remote workplace.
Identity and access management vendors: Right place, right time
The time is ripe for building cloud-native applications, and for vendors who offer IAM and authentication solutions. The challenges to authentication have never been more complex, and yet the opportunity has never been so big. Whether it’s innovating their way to the top on their own, or partnering with similar organizations, these players are out to make application access secure by design.
Featured image: Pixabay