Latest news with #PingIdentity
Cision Canada
4 days ago
- Business
- Cision Canada
KeyData Cyber Acquires BeyondID to Create a Powerhouse in Identity Security
TORONTO and SAN FRANCISCO, August 12, 2025 /CNW/ - KeyData Cyber, a leading North American provider of end-to-end identity and access management (IAM) services, today announced its acquisition of BeyondID, a leading AI-powered, Managed Identity Solutions Provider (MISP) with deep expertise in the Okta platform and identity-first zero trust solutions. This strategic acquisition brings together two identity leaders to form a pure-play powerhouse in total identity security. The combined team brings unmatched depth and breadth across IAM, CIAM, PAM and IGA, with more than 200 identity experts and a proven track record for delivering complex programs for mid-market and enterprise customers across the private and public sectors. BeyondID complements and expands KeyData Cyber's expertise across advisory, implementation, and managed services, with support for every major identity platform including BeyondTrust, CyberArk, Microsoft, Okta, PingIdentity, SailPoint and Saviynt. The acquisition will establish BeyondID as a KeyData Cyber company, accelerating KeyData's growth strategy, expanding its delivery capacity and depth of resources globally. "Together, we are building a powerhouse in identity security," said Dustin Hoff, CEO of KeyData Cyber. "By joining forces with BeyondID, we are gaining expanded geographic reach, wider technology expertise, and Identity Command Center, an AI-powered technology platform to streamline service delivery and provide our clients with the best experience in the industry." "This is a pivotal moment for BeyondID and our clients. By joining forces with KeyData Cyber, we are combining deep identity expertise with AI-driven innovation to deliver a more complete, end-to-end security experience," said Arun Shrestha, CEO of BeyondID. "Together, we'll help organizations navigate complexity with confidence, transforming identity from a technical necessity into a strategic advantage." BeyondID's strong U.S. presence and expanded nearshore and offshore capabilities will add to KeyData Cyber ' s growing global footprint, enabling teams to meet client needs faster and with greater local alignment across a broader set of identity security services. Clients will benefit from deeper expertise across highly regulated sectors, and gain access to BeyondID's Identity Command Center, an AI-powered platform that orchestrates and automates identity-first, zero-trust solutions – from strategy blueprints to implementations to solution management. The combination of BeyondID and KeyData Cyber establishes one of the largest pure-play identity security firms in North America delivering the full-spectrum of identity security services, from Zero Trust and governance to privileged access and customer IAM under one roof. About KeyData Cyber KeyData Cyber is a leading North American cybersecurity firm specializing in Identity and Access Management (IAM). With 20 years of experience, we have managed more than 50 million identities and completed over 1,000 successful deployments. Our veteran team of certified consultants, architects, and engineers delivers comprehensive IAM solutions with unmatched expertise in highly regulated sectors. As trusted IAM partners, we help clients future-proof their organizations against evolving identity threats by delivering secure, scalable, and compliant programs tailored to business needs. About BeyondID BeyondID is a leading AI-powered, Managed Identity Solutions Provider (MISP). By delivering secure solutions and services that help manage digital identities, BeyondID enables organizations to control access to applications, data, networks, and devices while facilitating continuous regulatory compliance and ensuring seamless user experiences. With operations across 5 countries, and backing by Tercera, an investor specializing in AI and tech services, BeyondID has become a trusted partner to thousands of customers globally. More information about BeyondID can be found at
Forbes
5 days ago
- Business
- Forbes
How To Secure No-Code Applications In Regulated Industries
Yair Finzi is cofounder & CEO of Nokod Security and was cofounder & CEO of SecuredTouch (now Ping Identity) and a product leader at Meta. No-code development platforms are rapidly gaining traction across highly regulated industries such as financial services, pharmaceuticals, healthcare, manufacturing and government. There's good reason for this: These solutions empower citizen developers to quickly build and modify custom applications without the need for extensive coding expertise. Some healthcare organizations, for example, rely on no-code platforms to develop patient management systems that streamline patient intake, appointment scheduling, billing and electronic health record (EHR) management. Likewise, financial services firms leverage no-code platforms for loan and claims management applications, significantly speeding up processes like application tracking, approval workflows, disbursements and insurance claims processing. Even compliance-related tasks benefit from no-code automation, including workflows for licensing, permitting, regulatory reporting and audit documentation. While this increased agility and flexibility allows organizations to rapidly respond to new business opportunities, it also introduces potential security and regulatory compliance risks. The very features that make no-code platforms appealing—ease of use and accessibility—also introduce notable security trade-offs. Because no-code applications frequently operate beyond the oversight of traditional application security (AppSec) programs, the likelihood of overlooked vulnerabilities increases, particularly in sectors governed by stringent regulations like PCI DSS, HIPAA, GDPR and various federal guidelines. Unique No-Code Security Issues No-code applications introduce several new risks not typically addressed by existing security frameworks. Often created by business users outside formal IT oversight, no-code applications that manage sensitive data commonly do not undergo necessary security reviews. Data connectors over-sharing compounds this visibility gap. Citizen-developed applications that connect broadly to critical systems, like payment gateways, patient records or customer databases, inadvertently allow access that far exceeds necessary limits. Traditional software development teams have rigorous protocols for securely managing API keys and tokens. Conversely, in no-code applications, credentials are often hard-coded into workflows, making them difficult to monitor and easier targets for exploitation if compromised. Third-party connectors amplify these vulnerabilities. No-code applications often rely on prebuilt integrations with external services—such as payment processors or document management systems—that may introduce insecure configurations or outdated libraries. No-Code Compliance Challenges Proper governance of these no-code integrations is essential in regulated environments to ensure comprehensive vendor management, but compliance becomes a moving target within no-code environments. Data classification and handling are common issues. Many no-code apps lack clearly defined data management policies, potentially exposing personally identifiable information (PII), protected health information (PHI) and financial data to unauthorized access, improper storage locations or insecure third-party transfers. Auditability presents another substantial challenge. Compliance regulations such as SOX, HIPAA and PCI DSS mandate detailed audit trails for sensitive data applications. Yet, no-code platforms typically fall short on providing the necessary forensic-level tracking capabilities, leaving security teams struggling with basic visibility questions such as identifying application creators, connected systems and recent updates. Security Best Practices For No-Code Applications To address these risks, security teams need to extend their existing application security and governance programs to cover no-code applications. The goal isn't to slow down innovation, but to embed sensible guardrails that allow no-code development to thrive without exposing the organization to unnecessary risk. Here are some best practices to help security teams manage no-code application risks in regulated industries: • Establish a formal discovery and governance process for no-code development. Continuously identify, catalog and perform a risk assessment on all no-code applications across the organization. Since enforcing strict policies on citizen developers can be challenging, focus on automated discovery and visibility to surface potential risks, misconfigurations and unapproved third-party integrations before they reach production. • Continuously monitor the security posture of no-code applications. Use tools or processes to gain real-time visibility into no-code assets, configurations and data flows. Set automated alerts for excessive permissions, unauthorized external integrations and sensitive data access outside approved workflows. • Adapt application security processes to address the unique nature of no-code applications. Traditional AppSec programs are built around source code visibility and secure coding practices, but no-code platforms operate differently—vulnerabilities often stem from misconfigurations and flawed logic, not insecure code. Security teams should focus on reviewing high-risk workflows, data flows and integration points, applying configuration-based risk assessments and logic reviews to no-code applications. Securing no-code applications in regulated industries requires more than retrofitting traditional AppSec practices. By building oversight into no-code development workflows, security can enable faster, safer innovation, helping the business automate processes, improve agility and meet regulatory requirements without introducing unnecessary risk. Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?
Techday NZ
06-08-2025
- Business
- Techday NZ
Ping Identity named leader in three 2025 KuppingerCole reports
Ping Identity has been recognised as a Leader in three 2025 KuppingerCole Leadership Compass reports, including Access Management, Identity Fabrics, and Policy Based Access Management. Recognition in multiple categories The 2025 KuppingerCole Leadership Compass reports assessed Ping Identity's capabilities in providing solutions for diverse enterprise identity needs. The reports highlighted the company's strengths in orchestration capabilities, its engagement with decentralised identity, and its support for both modern and legacy technology environments. The Ping Identity Platform was assessed for its ongoing platform convergence and expanding portfolio that serves business-to-business (B2B), business-to-employee (B2E), and business-to-consumer (B2C) use cases. The reports noted the company's support for a variety of authentication standards and its provision of out-of-the-box connectors that enable integration with third-party services. In its review, KuppingerCole acknowledged Ping Identity's dynamic internal fraud detection capabilities, which involve evaluating user behaviour, IP and device reputation, and location. This approach, according to the report, goes beyond using traditional lists of compromised credentials from external sources. "Enterprises seeking to enhance their identity security while simplifying the user experience within diverse operational environments will find Ping Identity's solutions particularly beneficial," said Alejandro Leal, Senior Analyst at KuppingerCole. Innovation in identity fabrics KuppingerCole placed Ping Identity at the forefront of its innovation category in the Identity Fabrics report. The assessment was based on Ping Identity's active involvement in developing standards and its acquisitions in areas such as policy-based access controls, decentralised identity, and identity orchestration. "A standout feature of Ping Identity is its DaVinci orchestration capabilities, which offer unparalleled flexibility and control in configuring user journeys," said Martin Kuppinger, Founder and Principal Analyst of KuppingerCole research. "Ping Identity caters to large enterprises and organisations requiring secure identity management solutions across complex environments [and] proves valuable for those needing sophisticated identity solutions and orchestration capabilities." The report noted that these advancements position Ping Identity to meet the evolving security and operational requirements encountered by large organisations managing digital identities in varied and challenging settings. Policy based access management In the 2025 Policy Based Access Management report, Ping Identity's hybrid and on-premises offerings received particular mention for their suitability to large, regulated enterprises with data residency requirements. "Their hybrid and on-premises solutions are particularly suited for large and regulated enterprises that require on-site data residency," said Nitish Deshpande, Research Analyst at KuppingerCole. The report said that Ping Identity's solutions support the compliance needs of organisations operating under strict regulatory frameworks, ensuring data remains within specific jurisdictions as required by law or internal policy. Industry impacts The KuppingerCole reports collectively recognised Ping Identity's ability to support orchestration in access management, leverage developments in decentralised identity, and ensure compatibility with a variety of IT environments. The recognition across three separate leadership categories highlighted Ping Identity's engagement with industry trends and enterprise requirements for flexibility, scalability, and regulatory compliance. The ongoing acknowledgement by KuppingerCole emphasises Ping Identity's continued development in the field of enterprise identity management, positioning it as a provider supporting both established and emerging digital identity security needs.
Forbes
28-07-2025
- Forbes
Debunking Three Misconceptions For Those Scared To Go Passwordless
Peter Barker, Chief Product Officer - Ping Identity. Humans have typically been the weakest link in cybersecurity, meaning traditional passwords aren't just ineffective; they're a vulnerability waiting to be exploited. Whether it's repurposing weak passwords across multiple accounts or writing credentials down on paper and leaving them somewhere too accessible (i.e., the classic Post-it note on a desk), passwords have worked against security for far too long. Luckily, as an industry, we've remained bullish when educating end users about the dangers of traditional passwords. As a result, we're seeing greater adoption of best practices like multifactor authentication (MFA), creating more complex passwords and the use of password managers, but as cybercriminals continue to become more sophisticated, even these measures may not be enough. As organizations face increasing cyber threats and user fatigue with passwords, passwordless authentication is gaining traction. Passwordless authentication relies on verifying user identities without requiring a password or hard-to-remember security questions. Instead, it uses biometrics, certificates, one-time passwords and/or hardware tokens to ensure you are who you say you are, keeping cybercriminals out of accounts and sensitive information. Debunking Three Passwordless Misconceptions But as with any shift in technology, questions remain about timing, complexity, cost and readiness. Because of this, some organizations are understandably hesitant to adopt passwordless authentication. However, I believe many of these concerns can be mitigated by debunking some of the most common misconceptions once and for all. It's easy to assume that passwordless is a future technology—something to plan for later. But in practice, adoption is already underway. Microsoft, Apple and a growing number of enterprises have rolled out passkeys or other passwordless methods across ecosystems used by millions. Before Microsoft's shift, Google paved the path to passwordless, implementing passkeys to work across iPhones, Macs and Windows computers as well as Google's Android devices. From banking apps to gaming consoles, passwordless is no longer the exception—it's becoming the default in many places. Still, just because big tech has adopted it doesn't mean every organization is ready. The key is to assess where passwordless could add the most value today, and finding the right starting point matters more than trying to match the pace of early adopters. Passwordless authentication adoption can be overwhelming at first. But it doesn't have to be an 'all or nothing' experience. Organizations should move forward with a gradual approach at a pace that feels most comfortable for their business needs. While passwordless can simplify the login experience for end users, it's true that it can introduce new complexities on the back end, especially for organizations with legacy systems, federated identity models or compliance constraints. That said, traditional password systems come with their own complexity. Users often juggle dozens—sometimes hundreds—of credentials, leading to frequent resets, weak reuse and support burdens. In many cases, the day-to-day experience of passwordless (using Touch ID, a face scan or a magic link) is more intuitive than managing traditional logins. The real question is where the complexity lies: in the user's hands or in your infrastructure. Understanding that trade-off is essential when planning any passwordless initiative. Upfront implementation of passwordless systems can require investment, especially if it involves overhauling identity providers or retraining IT staff. But the long-term cost equation tells a different story. Analyst reports estimate that a third of help-desk calls are related to passwords. Each reset can cost upward of $70, which adds up quickly. The average large enterprise allocates over $1 million annually to password-related support costs. For customer-facing platforms, the stakes are even higher: A forgotten password can derail a purchase, hurt conversion rates or drive churn. To help overcome potential cost obstacles, it's important to understand your organization's specific cost-benefit analysis based on your current needs, long-term plans and IT infrastructure. Consider both hard and soft costs in the process. For instance, how much productivity time will employees gain with a simple, secure sign-on? Closing Thoughts Passwordless authentication isn't a cure-all, but it is a compelling piece of a broader cybersecurity and user-experience puzzle. Success depends less on hype and more on intentional implementation. For organizations exploring this path, the best question to ask may not be 'Is it time to go passwordless?' but 'Where can we start experimenting today?' Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?
Business Wire
30-06-2025
- Business
- Business Wire
Syniverse Integrates with Ping Identity for a More Flexible and Trusted Customer Experience
TAMPA, Fla., & DENVER--(BUSINESS WIRE)-- Syniverse, the world's most connected company®, and Ping Identity, a leader in securing digital identities for the world's largest enterprises, have entered a strategic relationship designed to optimize the delivery of SMS and voice communications for PingOne customers. This collaboration will enhance the reliability and efficiency of a wide range of notification services, including multi-factor authentication (MFA) and other critical alerts delivered via SMS and voice channels. "Global authentication doesn't work without reliable delivery — and that's where Syniverse stands apart," said Nathan Robbins, Vice President of Go to Market Strategy and Alliances of Syniverse. "Users expect to verify their identity immediately, and SMS and voice calls remain the fastest and most familiar ways to do that. Our native integration with PingOne lets customers configure SMS and voice delivery without building custom connections or workarounds." This API-level integration enables Ping's customers to preserve their existing authentication workflows while switching to Syniverse. There's no need for custom development or lengthy implementation as credentials are configured directly in the PingOne interface, allowing teams to move quickly without interrupting the user experience. The transition to Syniverse also opens the door to use cases beyond OTP delivery. Syniverse offers advanced messaging features like scheduling, branded links, and translation — available over short or long codes — all backed by high-touch support from messaging and compliance experts. These capabilities allow Ping's customers to strengthen their security posture and communication strategy while avoiding the hidden costs that come with poor deliverability or compliance missteps. "Ping Identity is committed to providing our customers with flexible and secure authentication options," said Shannon Lightfoot, Director of Technology Alliances at Ping Identity. "Our partnership with Syniverse is a key part of this strategy, enabling PingOne customers to seamlessly transition to a BYO model for SMS and voice while benefiting from Syniverse's global reach, reliability, and advanced messaging capabilities. This gives our joint customers greater control over their authentication experience, allowing them to enhance branding, optimize delivery for different regions, and gain direct access to messaging analytics and logs, all while maintaining the high security standards they expect from Ping Identity." Syniverse serves six of the top 10 banks in the United States, as well as three of the four major credit card issuers, with messaging solutions designed to help businesses connect with customers securely and efficiently across various channels. Its Messaging Trust service adds an extra layer of protection to authentication traffic by helping filter out spam, fraud, and other unwanted messages before they reach users. To learn more about switching to Syniverse for SMS and voice authentication on PingOne, click here. For more information on Syniverse, visit About Syniverse Syniverse is the world's most connected company. We seamlessly connect the world's networks, devices, and people so the world can unlock the full power of communications. Our secure, global technology powers the world's leading carriers, top Forbes Global 2000 companies, and billions of people, devices, and transactions every day. Our engagement platform delivers better, smarter experiences that strengthen relationships between businesses, customers, and employees. For over 30 years, we have accelerated important advances in communications technology. Today we are an essential driver of the world's adoption of intelligent connectivity, from 5G and CPaaS to IoT and beyond. Find out more at About Ping Identity Ping delivers unforgettable user experiences and uncompromising security. We make crafting digital experiences simple for any type of user—partners, customers, employees, and beyond. We are anti-lock-in. That means integration with existing ecosystems, clouds, and on-prem technologies is simple. Out-of-the-box templates let businesses leverage our identity expertise to give their users frictionless experiences. Whether they're building a foundation of modern digital identity, or out-innovating their competitors with cutting-edge services like digital credentials, AI-driven fraud prevention and governance, Ping is the one-stop shop for game-changing digital identity.
