Beyond Identity Achieves SOC 2 Type 2 Certification
September 2021 by Marc Jacob
Passwordless MFA provider Beyond Identity announced the successful completion of its System and Organization Controls (SOC) 2 Type 2 certification. The attestation report, prepared by Moore Colson CPAs and Advisors, provides validation that Beyond Identity’s security and operational controls align with the Trust Services Criteria established by the American Institute of Certified Public Accountants (AICPA). The rigorous technical audit, completed in record time, reinforces Beyond Identity’s ongoing commitment to delivering an authentication platform that is designed, architected, and built with the highest levels of security and availability to protect customer data.
Beyond Identity replaces legacy MFA with strong passwordless authentication by employing proven asymmetric encryption to cryptographically bind the user’s identity to the device, enabling trust within organizations that a login attempt is occurring from an authorized user and device. The company’s passwordless MFA platform also continuously assesses the security posture of each device, establishing “device trust” – a cornerstone to a zero-trust security architecture – and ensuring the device meets security and compliance requirements before approving the authentication request.
Importantly, the Beyond Identity platform natively collects user behavior and device security posture attributes during each login transaction and is integrated with endpoint security tools like MDM and EDR, adding enhanced context to each authentication decision. Unlike current technologies like VPN and CASB, which use certificates that can be easily copied to a new device, Beyond Identity stores a private key in a TPM where it cannot be accessed or moved. With these capabilities, organizations gain unprecedented, zero-trust authentication insight that empowers them to enforce real-time, risk-based access decisions.