What's Driving Authentication-as-a-Service?
A Q&A With Confident Technologies' CTO, Roman Yudkin
In light of the recent article in Dark Reading "Authentication-as-a-Service Gains Steam", we thought
we'd ask Confident Technologies' Roman Yudkin to expand a little on his opinion about
what's driving the growth behind authentication-as-a-service and what challenges remain.
Q: What are the major factors driving growth in the
authentication-as-a-service (AaaS) sector?
A: While hosted authentication solutions may seem like
something that would be adopted by small to midsize businesses,
we’re actually seeing an increasing number of large enterprises
are beginning to adopt authentication-as-a-service (AaaS),
particularly large enterprises that have consumer-facing websites
and services. Authentication processes directly influence
consumer’s perception of trust, especially in areas like online
banking and retail – the authentication process is often the aspect of security that is most
visible to users.
The growth of AaaS is being driven by the larger trend that is the fast growing adoption of
strong authentication solutions (including two-factor and federated authentication solutions
among others). Consumers are conducting more sensitive online transactions now than ever
before – from online banking to managing retirement funds and stock portfolios online, to
shopping, to simply having more sensitive, personal information accessible in their email and
social networking accounts. This has, of course, led to an increasing number of online threats.
At the same time, there are a growing number of regulations around strong authentication that
businesses must comply with. For these reasons, more companies are realizing that they need
stronger authentication methods than a simple username/password scheme built in-house and
they’re turning toward hosted solutions to solve the challenges. They realize that they need to
improve their security and authentication practices, but they may not have the expertise in
house to create or manage a strong authentication or two-factor authentication system
A hosted authentication solution can bring to businesses the following benefits:
Improved reliability and scalability
Reduced online fraud
Ability to meet regulatory requirements (FFIEC, HIPAA)
No need for the in-house expertise or large monetary investment needed to build a two-factor
authentication system and associated infrastructure from scratch
No need for dedicated personnel to manage the authentication solution or stay ahead of the
latest emerging threats
An AaaS provider has the benefit of being able to see aggregated data across numerous
enterprises and identify large-scale attacks or security threats that are occurring across
multiple sites, and use this knowledge to help protect their other customers from such threats.
While of course there are strong drivers for secure authentication solutions in the financial
services market, we’re seeing authentication-as-a-service grow in many sectors including
healthcare and online retail.
Q: What are the major challenges still facing the market?
A: One of the major challenges facing the maturation of the market centers around costs and
whether or not businesses place enough value on authentication to allocate the money for a
hosted solution. There are many long-engrained, bad habits around authentication and some
businesses and IT professionals still believe that a simple username/password scheme is good
enough because that is the way authentication has always been done. Many businesses even
allocate an assigned budget to cover the costs of online fraud rather than spending the money
to invest in new technologies or to pay for a hosted authentication service that would increase
security and reduce fraud.
Some businesses, especially those that have consumer-facing websites or services fear that a
stronger authentication system (such as a two-factor authentication solution) would introduce
too much “friction” or inconvenience to the user. So, they stick with the traditional
username/password scheme because that’s what consumers are familiar with, even though it’s
To drive growth and the maturation of the market, businesses need to place a higher value and
importance on the authentication process and need to not be afraid to require users to be
engaged in their own security. I think we’re seeing more recognition of that today after major
online password breaches like the one at Sony. Businesses are seeing that the fallout of such a
breach has a lasting negative impact on the business and the brand. A hosted authentication
service can help provide the necessary balance of strong authentication and ease-of-use more
than a solution built in-house may be able to.