Beyond Identity Completes SOC 2 Type 2 Certification

Beyond Identity has completed its official System and Organization Controls (SOC) 2 type 2 certification. The passwordless multi-factor authentication (MFA) services provider noted that – according to the attestation report prepared by Moore Colson CPAs and Advisors – its security and operational controls “align with the Trust Services Criteria established by the American Institute of Certified Public Accountants (AICPA).”

This “rigorous” technical audit is re reflective of Beyond Identity’s commitment to delivering an authentication platform that is designed, architected and built using high security and availability to protect customer data.

“Since our inception, we have engineered security principles into every aspect of the business – from our cloud-native authentication platform, to our security operations,” said Bob Burke, the VP of Security and Infrastructure for Beyond Identity. “And SOC 2 Type 2 certification provides high assurance to our customers that we have met the access control requirements to rapidly achieve operational excellence – a designation not typically attained by early-stage companies.”

“With high-profile security incidents involving SolarWinds and Kaseya still occupying the psyche of many businesses,” Burke continued, “organizations are demanding vendors deliver greater value earlier on in their lifecycle to ease the security and compliance burden on the supply chain. This reality accelerated our pursuit of SOC 2 Type 2 compliance and will continue to help inform the direction, development, and optimization of our advanced authentication platform.”

Beyond Identity replaces legacy MFA practices with strong passwordless authentication, employing proven asymmetric encryption to cryptographically bind the user’s identity to the device, thus enabling trust within organizations that a login attempt is occurring from an authorized user and device. The company’s passwordless MFA platform also continuously assesses the security posture of devices to establish “device trust” and determine that the device meets security and compliance requirements before approving the authentication request.

The Beyond Identity platform natively collects user behavior and device security posture attributes during each login transaction, and is integrated with endpoint security tools like MDM and EDR, adding enhanced context to each authentication decision. Unlike current technologies such as VPN and CASB, which use certificates that can be easily copied to a new device, Beyond Identity stores a private key in a TPM where it cannot be accessed or moved. With these capabilities, organizations gain unprecedented, zero-trust authentication insight that empowers them to enforce real-time, risk-based access decisions.

Additional information is available