Axiad, a leading provider of organization-wide passwordless orchestration, today released Certificate-Based Authentication (CBA) for IAM, its newest offering in the Axiad Cloud authentication product line. CBA is an improved and phishing-resistant form of MFA integral to the White House’s recent Zero Trust mandate. Axiad’s CBA for IAM allows security teams to easily extend the capabilities of existing IAM systems and bolster their overall cybersecurity posture.
IAM ecosystems can be complex. In fact, a recent Axiad survey even revealed that 70% of security executives use three or more IAM systems across their organisation, with more than half using four or more. Since replacing disparate systems rarely makes sense, and most organisations don’t have the necessary systems to create a custom approach that span all systems, security teams are under immense and enduring pressure to manage risk arising from visibility and functionality gap. To make matters worse, most IAM systems don’t support certificate capabilities, and most IT teams simply don’t have the tools to manage credential roll out and maintenance across a diverse end-user base.
CBA for IAM leverages the Axiad Cloud to extend the built-in functionality of a company’s existing IAM system(s) to provide passwordless, phishing-resistant MFA for every user. What’s more, CBA for IAM can overlay multiple IAM systems, uses cases, and operating systems – including Microsoft Windows, Apple OS, and Linux – meaning that it allows for more consistent and systematic authentication. This naturally delivers additional protection by eliminating inconsistencies that can be exploited by bad actors.
“As the number of identity-related attack vectors continues to rise, organizations can no longer rely on fragmented and independent authentication processes for each individually supported IT service,” noted Steve Brasen, Research Director at Enterprise Management Associates. “Instead, businesses must look at the problem holistically and apply an appropriate level of phishing-resistant security in a methodical, consistent manner across the whole of the organization in a way that does not diminish workforce productivity. If cyber attackers are no longer thinking in silos, then neither should security professionals.”
CBA for IAM doesn’t just bolster security, it delivers operational and end-user benefits critical for organisations looking to manage their bottom line and avoid business disruption. The Credential Dashboard uniquely provides streamlined workflows to roll out and manage credentials across their lifecycle, while its self-service capabilities enable end users to provision and reset credentials without IT involvement.
“Enhancing your security with phishing-resistant, multi-factor authentication for every user is a must have in today’s environment, but if you do so at the expense of your administrators or end users, any success will be fleeting as costs will mount and users will work around the practices you’ve implemented,” said Yves Audebert, Chairman, President & Co-CEO of Axiad. “Axiad’s CBA for IAM helps organizations find a balance by augmenting the native authentication capabilities of an organization’s IAM systems, while also helping streamline core processes for administrators and making the enhanced authentication process friction free for end users.”
CBA is a major contender for MFA crown. It’s one of the most secure, phishing-resistant forms of MFA and has been increasingly deployed in enterprises and the public sector. Typically, enterprise employees and the majority of federal agency and defence employees/contractors use a strong token such as a smart card or hardware devices for authentication. CBA streamlines this process, authenticating users with a variety of tokens while improving overall protection.
Axiad recently joined with Microsoft to announce support for Azure AD certificate-based authentication (CBA), a part of Microsoft Entra. last month as part of their movement towards CBA. With integrated support for Azure AD CBA, Axiad allows Azure customers to implement phishing-resistant MFA, ensuring a seamless migration from legacy infrastructure to the cloud. Axiad’s Credential Dashboard also provides visibility into Azure AD and Window Hello for Business credential issuance, status, and issues across the entire user base. Holistically, these capabilities streamline administrator’s work while reducing friction for end users.
In January 2022, a memo from the U.S Office of Management and Budget outlined a requirement to implement phishing-resistant MFA. The directive requires agencies to achieve specific zero trust security goals by the end of FY 2024, including the use of phishing-resistance MFA to protect personnel from sophisticated online attacks.
Axiad’s CBA for IAM is a turnkey SaaS offering that supports a wide range of smart cards and hardware devices (such as YubiKey) without requiring a Trusted Platform Module (TPM). This combination of packaging and flexibility overcomes the organizational barriers to adoption described previously. For more information about this solution, visit Axiad’s product page.
Axiad delivers organization-wide passwordless orchestration to secure people, machines, and interactions for enterprise and public sector organizations that must optimize their cybersecurity posture while navigating underlying IT complexity. The company’s flagship product, Axiad Cloud, is a comprehensive, secure and integrated authentication platform that allows customers to move to a passwordless future without the friction and risk of fragmented solutions. Axiad supports the widest range of credentials in the industry including FIDO, mobile MFA, Windows Hello for Business, YubiKeys, smart cards, TPM and biometrics, and is trusted by public sector organizations and Fortune 500 companies across aerospace & defense, financial services, insurance, healthcare, oil & energy and more.