The 20 Coolest Identity Access Management And Data Protection Companies Of 2021: The Security 100
From passwordless authentication and removing excess cloud permissions to securing shared credentials and automating responses to customer security questionnaires, here’s a look at what the 20 coolest identity management and data protection companies are doing.
Defending Data And Identities
The global data protection market is being driven by the growing volume of data being generated across various industries such as financial services, manufacturing, retail, IT and telecommunications. Companies are therefore looking for new technologies to monitor, manage and protect this growing volume of data, which in turn is expected to positively influence the market over the next half-decade.
Growing concerns around cybersecurity and critical data loss coupled with the need for protection from malware and ransomware are further expected to fuel market growth. Moreover, increasing spending by governments and others on security combined with growing concerns over highly valuable data being breached is expected to create lucrative opportunities in the market over the next several years.
The global data protection market is expected to grow at a formidable rate of around 10 percent until 2025, according to Research and Markets. From passwordless authentication and removing excess cloud permissions to securing shared credentials and automating responses to security questionnaires, here’s a look at what the 20 coolest identity management and data protection companies are doing.
[RELATED: The 2021 Security 100]
Auth0 launched Bot Detection in August to reduce the effectiveness of credential stuffing attacks by correlating numerous data sources to identify and mitigate bot-driven attacks before login. The company debuted Adaptive Multi-factor Authentication in December, which only appears when a login is deemed risky as determined by abnormal behavior from known devices, impossible travel and/or IP reputation.
A new Team Passwords feature debuted in BeyondTrust Password Safe in November so that companies can secure shared credentials used in development, test, QA, marketing and finance. A month later, BeyondTrust launched new capabilities in DevOps Secrets Safe so that companies can mitigate risk associated with persistent privileged accounts in automatic workflows and unsecured cloud infrastructure secrets.
BigID in May rolled out an enterprise Privacy Portal to help organizations manage consumer data subject rights and privacy preferences for privacy regulations like CCPA and GDPR in an automated fashion. In June, the company launched an App Development Framework, allowing customers and partners to add custom functionality to act on discovered data for use cases in data privacy, security and governance.
BioCatch bought AimBrain to better detect fraud, including behavioral biometrics, anomaly detection and other biometric modalities, and support use cases in the digital identity life cycle, including step-up user authentication. The company uses behavioral profiles to analyze more than 1 billion digital sessions per month for potential fraud and other types of cybercrime, protecting online users and their assets.
Code42 in May rolled out risk indicators, which filter out nonthreatening activities to flag high-risk events like mismatched files types and extensions, unsanctioned file activity and suspicious off-hours workforce activities. Four months later, Code42 Incydr debuted to protect organizations‘ intellectual property, source code and trade secrets by mitigating exposure to data exfiltration and insider threats.
Founder, Chairman, CEO
CyberArk in May purchased single sign-on and multifactor authentication provider Idaptive to extend its ability to manage and protect identities with various levels of privilege across hybrid and multi-cloud ecosystems. The company in November debuted Cloud Entitlements Manager, which enforces least privilege by identifying and removing excessive cloud permissions that can leave companies vulnerable.
Druva acquired sfApex in November to deliver SaaS data protection and management for Salesforce with backup and data recovery as well as automated migrations and improved tools for developers. That same month, the company rolled out new cyber-resiliency capabilities to identify, respond and recover from malicious attacks with agility and confidence via better visibility, automation and orchestration.
Forcepoint Dynamic Edge Protection debuted in April to provide advanced web, network and application Security as a Service, eliminating gaps and redundancies to stop attackers. The company added Cloud Security Gateway and Private Access offerings in July to more fully address critical work-from-home security challenges across network security, threat protection, secure access and data protection.
The ForgeRock Identity Platform was updated in June with cloud enhancements that minimize downtime, modernize DevOps practices, provide secure digital experiences and accelerate digital transformation. Customers will have new cloud and AI capabilities that simplify identity journeys so people can get what they want faster while still protecting their security and an individual‘s privacy.
ID Agent, a Kaseya company
EVP, GM, Cybersecurity
ID Agent in April added Passly to its Digital Risk Protection platform to offer MSPs single sign-on, multi-factor authentication and password management in one flexible, integrated offering. Four months later, ID Agent Dark Web ID added Prospecting Enhancements, allowing MSPs to pull in company data—such as the number of employees, business type and estimated revenue—to amplify customer prospecting.
Jumio in September acquired Beam’s anti-money-laundering screening and transaction monitoring services to further strengthen the company’s position in the anti-financial-crime marketplace. Then in October, Jumio Video Verification debuted for financial institutions to safely on-board remote customers online while ensuring compliance through an audit trail and preservation of all recorded interviews.
Microsoft in July invested in compromise prevention technologies like security defaults, attack blocking and password protection, and security mechanisms like end-user notifications and in-line interrupts. The company in September rolled out Project OneFuzz, a fuzz testing framework for Azure that increases the security and reliability of native code by finding and removing costly, exploitable security flaws.
Okta in June debuted a joint offering with Palo Alto Networks that provides a consistent, responsive and secure experience from any location for all applications, regardless of the device. Four months later, the company launched Okta Devices SDK, which allows developers to enable passwordless authentication through branded push notifications with biometric capabilities, minimizing friction for end users.
OneTrust DataDiscovery launched in April to help customers discover and classify data across structured and unstructured data types and automatically fulfill privacy rights requests and achieve compliance. Nine months later, OneTrust Vendorpedia Questionnaire Response Automation debuted to help clients automatically answer incoming security, privacy and due diligence questionnaires from their customers.
Oracle Cloud Guard and Oracle Maximum Security Zones debuted in September to monitor activities and configurations to identify threats and automatically activate security policy enforcement of best practices. Cybereason in December named the Oracle Cloud as its preferred platform due to the Oracle Cloud Infrastructure’s security-centric architecture and ability to create dedicated cloud service regions.
Ping Identity PingOne Risk Management was released in October and evaluates user context and multiple signals to understand the level of risk posed by a user attempting to access a resource. The next month, Ping Identity acquired Symphonic Software to combine Ping’s zero trust identity-defined security with Symphonic’s technology for confirming external authorization into an integrated offering.
Jason du Preez
Privitar in May notched a native integration with the Google Cloud Platform to enable customers to protect and extract the maximum value from the sensitive data they collect, manage and use. The latest version of the Privitar Data Privacy Platform debuted in December with new “Right to be Forgotten” functionality and enhanced features designed to strengthen customers’ ability to safely use sensitive data.
SailPoint has strengthened its Predictive Identity Platform with an Access Modeling service that speeds the creation of roles across businesses, utilizing artificial intelligence to identify similar groupings of users and access to suggest potential roles. The company’s new Cloud Access Management service provides better visibility into which users, human and nonhuman, have access to multi-cloud IaaS environments.
Thales in July debuted its first integrated Network Operations Center and Security Operations Center to monitor customers’ IT and OT infrastructure and provide premium services for IT asset management. Then in November, Thales added criminal investigations to the range of cyberservices and solutions it provides after being granted a license to conduct digital fraud investigations in the Netherlands.
Co-Founder, Chairman, President, CEO
Varonis updated its data security platform to give customers more visibility into how users are connecting to corporate networks, accessing data, and using collaboration platforms like Office 365 and Microsoft Teams. The company also carried out its first-ever acquisition in October, scooping up Polyrize to map and analyze relationships between users and data across a number of cloud applications and services.