I got an opportunity to attend the RSA Conference 2014 Asia Pacific at Singapore. As a part of the IBM Security team I exhibited some of our products. The exhibition hall was filled with business partners, competitors, industry experts and large enterprise customers. There were themes like Security Intelligence, BYOD, intrusion prevention, etc. I was curious about access management and spent time discussing and understanding products from other exhibitors while sipping beer and eating delicious snacks. Market researches have been bullish on the Identity and Access Management market over the last few years. After the conference I got the feeling that the market researchers seemed to have got it right. Two areas that excited me were IDaaS and Strong Authentication.
There were various IDaaS ( Identity as a Service ) offerings. Despite the IDaaS market being nascent and profits in this space being low it seemed to be an area where everyone is investing. Large players who traditionally built enterprise software were busy showcasing their IDaaS solutions. It was a bit confusing as some vendors differentiated between IDaaS and SaaS. At a high level, IDaaS has two pieces :
Strong authentication was another area with numerous solutions. It seemed as though smaller vendors were investing more and building solutions which can be easily integrated. Some of the interesting vendors were Fujisoft, LiveEnsure, Microsec, StrongAuth. Fujisoft showcased a finger vein authentication mechanism. The solution requires an additional device that scans the user's finger vein. Although the additional device for authentication might seem like a burden, the accuracy of the system is worth the disadvantage. LiveEnsure had a strong authentication solution using QR codes without requiring any passwords. It seemed that their software collects usage patterns and can detect fraud if the second factor device, the phone in this case, is stolen and is being used by a malicious user. It can be easily deployed by just entering a snippet in a web page. Microsec's PassByMe was similar to Toopher authentication mechanism except that they use PKI instead of pass code phrase. StrongAuth had products in the Crypto space. They showcased a second factor authentication mechanisms based on FIDO alliance.
Only time will tell whether these business ideas will make money. But, for an enterprise customer it is good news. The costs are coming down, at least for IDaaS, and authentication getting stronger and easier. A combination of IDaaS and Strong Authentication is an area worth exploring for the enterprise customer.
There were various IDaaS ( Identity as a Service ) offerings. Despite the IDaaS market being nascent and profits in this space being low it seemed to be an area where everyone is investing. Large players who traditionally built enterprise software were busy showcasing their IDaaS solutions. It was a bit confusing as some vendors differentiated between IDaaS and SaaS. At a high level, IDaaS has two pieces :
- Identity Management. Identity Management includes integrating with on premise enterprise registries, importing the registries to IDaaS, integrating through adapters that synchronize the data between different registries, etc.
- Integration with SaaS (Software as a Service ) vendors like Google, Workday, Salesforce, Office365, etc. SaaS includes Single Sign On (SSO) and federation of accounts.
Strong authentication was another area with numerous solutions. It seemed as though smaller vendors were investing more and building solutions which can be easily integrated. Some of the interesting vendors were Fujisoft, LiveEnsure, Microsec, StrongAuth. Fujisoft showcased a finger vein authentication mechanism. The solution requires an additional device that scans the user's finger vein. Although the additional device for authentication might seem like a burden, the accuracy of the system is worth the disadvantage. LiveEnsure had a strong authentication solution using QR codes without requiring any passwords. It seemed that their software collects usage patterns and can detect fraud if the second factor device, the phone in this case, is stolen and is being used by a malicious user. It can be easily deployed by just entering a snippet in a web page. Microsec's PassByMe was similar to Toopher authentication mechanism except that they use PKI instead of pass code phrase. StrongAuth had products in the Crypto space. They showcased a second factor authentication mechanisms based on FIDO alliance.
Only time will tell whether these business ideas will make money. But, for an enterprise customer it is good news. The costs are coming down, at least for IDaaS, and authentication getting stronger and easier. A combination of IDaaS and Strong Authentication is an area worth exploring for the enterprise customer.
