Rethinking Identity and Access Management

We founded Groove.id to help people and organizations be more secure and confident online.

The rapid rise in adoption of cloud computing represents a once-in-a-career technology shift. Organizations of every size and in every industry are adopting cloud and mobile technologies to improve business results through increased productivity, faster time to market and reduced costs. The results are compelling and every corner of the tech industry is impacted.

In particular, there’s been an explosion in software applications that engage customers, automate processes and generally make our lives more efficient. The 2016 Future of Cloud Computing survey from North Bridge Venture Partners and Wikibon found that nearly 7 in 10 companies are using SaaS.

While cloud helps connect us and speeds innovation and commerce, it brings challenges to the world of security. The shift to cloud and mobile technologies has led to the erosion of the traditional network perimeter. Data now travels and resides across networks that span internal and external resources and reasoning about how to secure it all is a complex problem to solve. Security & IT teams can no longer rely on a hardened network perimeter to be the primary control point.

Enter Identity and Access Management

We’ve spent years working on software solutions to help customers manage and secure their growing cloud environments. As we considered what the typical IT environment looks like in 2017, we concluded that multiple layers of expensive network security technology will soon be a thing of the past. There’s simply nowhere to put a magic box where it can see all of the traffic.

In our view, the best security control for the cloud, and SaaS in particular, is strong identity and access management. Ensuring that the right people have the right access to the right resources is critical and foundational to successful cloud adoption. Equally important is keeping the bad guys out in a world where the attack surface is broad and increasingly outsourced to service providers.

What can we improve about identity and access management for the cloud?

This led us to look at the existing identity and access management solutions and we were struck by a few things. First, the segment is full of point products that only solve part of the equation. There are products for directory, access management, single sign on, multi factor authentication, privileged access management and more. Pulling together a strong identity solution usually requires integrating multiple products into what is already a complex hybrid system environment. Complexity on top of complexity doesn’t seem like a winning play.

Next, nearly all of the existing solutions rely on the humble password as the primary factor in making authentication decisions. Use of the password as a security mechanism is nearly 60 years old. Over time, as an industry we’ve adopted policies with password complexity & rotation requirements and added clunky implementations of multi factor authentication in an effort to improve security. The problem is, all of this has a negative impact on end user experience and truthfully, it’s not working all that well for security either. The 2017 Data Breach Incident Report from Verizon found that 81% of hacking-related breaches leveraged stolen and/or weak passwords.

Cloud computing is disrupting every layer of the technology stack and identity and access management is not immune. We must evolve and innovate in the ways we authenticate users and grant access to our systems. Successfully doing so will make an important positive impact to productivity & security in a cloud-first world.

Security should be empowering

We believe being secure online is a right, not a privilege. We believe you deserve a great user experience. We believe a great user experience and great security must co-exist. Layers of legacy security tools have been deployed that undoubtedly help protect our networks and data. The problem is, the same tools that keep us secure get in way of doing our jobs. Identity management solutions need to make the secure path the easy path for users.

Simple is better

The best products and solutions bring simplicity to our lives. Have you ever used a product that seemed magical? It’s often due to the utter simplicity we experience in getting a task or job done. Unfortunately, that’s not usually our experience with identity management today. We don’t think it should take years, a small army of engineers and a massive budget to complete an identity project. Users shouldn’t have to struggle with remembering unique, complex passwords to do their jobs. We’re planning to abstract all of that away and create a little magic with Groove.id.

Join us on the journey

We hope that you’ll follow us on the journey. Launching a new venture and making it successful requires listening and learning at every step of the way. We’re eager to engage with people working on the front lines of identity management. Sign up for our newsletter or better yet, drop us a line and share your thoughts on what’s needed in the identity space. We are excited to see what we can build together.