Wednesday, 1 February 2012

Time for a new Magic Quadrant

You have all heard of the Magic Quadrant.  An industry benchmark by which the, mostly, established players like to measure themselves against each other.    To quote Wikipedia (that repository of all Internet wisdom ;-))

the Magic Quadrant aims to provide a qualitative analysis into a market and its direction, maturity and participants, thus possibly enabling a company to be a stronger competitor for that market.”  

The axes of the ‘Quadrant’ are ‘ability to execute’ and ‘completeness of vision’ and the methodology used to apply the ranking remains a closely guarded secret (or mystery depending on how you look at it.)  

The MQ applies to many niches in the tech sector.  I want to consider the  User Authentication MQ.  Notably because the space is getting much media attention these days.   Hackers ! 

Wikipedia says that the aim of the analysis it is to  “ ..enable a company to be a stronger competitor for that market “ .   So you would look at all the players and see ‘ which player you should aspire to be most like.’ 

However there is a small problem in the realm of User Authentication.   The companies highlighted in this category represent a very diverse spectrum of enabling technologies all aimed at authenticating users.   They range from the industry behemoths like RSA and Vasco to smaller, newer and exciting players like Phone Factor.   

So lets understand exactly what it is that these companies do.  They protect their staff, their data, their customers and business partners from the unwanted attentions of hackers who are constantly trying to gain access to their systems and their data.   So presumably in order to get into the Magic Quadrant you have to be top of your game?   These guys represent the elite of the Authentication industry.  

The solutions that they sell (in an industry now worth about $2bn) all fall nicely into one of the following three broad categories: 

Device recognition –Java Script browser scraping and literal device info recognition 
Certificates, Cookies, Soft Tokens – downloaded to the device and re-referenced
OTP, Images/Challenges – dongles, PIN generators, SMS OOB 

Considering the industry is replete with all manner of technical wizardry why is it that our headlines continue to read like a hackers dream ( and a CIO’s nightmare).  Only last week Zappos was hacked.  

What it means is that these solutions are not working.  Yet these companies manage to continue convincing their customers that with ‘their’ solution they are safe!  

I wonder what CNN moment it will take before businesses and Governments realize that they have been led a merry dance.  Another SONY? Epsilon?  Or possibly some large critical national infrastructure failing under an attack leading to a disaster like a train or airplane crash or power grid failure.   God forbid.  

Lets hope sense prevails before we get there.  Get Live Ensure.  Many are starting to drink the Kool Aid and are seeing the light.  Join them. 

Maybe it is time for a new MQ.? 


No comments:

Post a Comment