In a previous post I talked about our strategic investment in Symplified. Here I am again talking about another strategic investment we just made in SecureAuth, an Irvine-based company in California. I really like what SecureAuth is doing with their products. Not only have they developed a great product that enables SSO (single sign-on) to web and cloud properties via SAML but they’ve also solved a big security problem while doing so. The SecureAuth Identity Enforcement Program (IEP) works with X.509 v3 certificates to prevent existing and new identity attacks by authenticating both the user and the server being accessed.
Why did I underline the word both? The fact of the matter is that SecureAuth’s IEP authenticates both side of the conversation: the end-user and the server the end-user is communicating with. What does this mean? It means that the Secure IEP can prevent someone from pretending to be the server that the end-user is supposed to be talking to – also known as a “man-in-the-middle” attack. The SecureAuth IEP effectively prevents man-in-the-middle and phishing attacks.
Instead of forcing organizations to implement APIs or modify applications, SecureAuth leverages the SecureAuth IEP hosted web services that include telephony and SMS one-time-registration password options and certificate servers so an organization doesn’t have to purchase and deploy additional infrastructure components. Unlike traditional approaches to 2-Factor authentication, SecureAuth has created a unique set of high-availability certificate authorities behind a protected set of web services that can securely create and distribute X.509 v3 credentials without requiring an organization to invest more in their infrastructure. This approach enables an organization to scale 2-Factor authentication for any application or number of users.
Not only does SecureAuth solve the cloud-based SSO problem to applications like SalesForce.com, Google, Postini, Microsoft SharePoint but it also enables a seamless level of security and encryption above and beyond what many other solutions offer today. To me, it is a winning combination!
Here’s some more information on SecureAuth:
Quest Software Makes Strategic Investment in SecureAuth Corporation
SecureAuth Closes Record Year in 2010 - Provider of Identity Enforcement for the Cloud and On-Premise Applications Grows Sales by 300 Percent, Secures Financing for Expansion, and Adds Marque Customers and Partners
P.S. And a warm shout-out to Garrett Grajek (CTO, his blog here), Tom Stewart, Craig Lund, Stephen Moore and Jeff Lo - the guys behind the curtain at SecureAuth!