Fotolia

Ping acquires blockchain identity startup ShoCard

Ping accelerated its push into the personal identity management market with the acquisition of ShoCard, which uses a blockchain-based platform to manage consumer identities.

Ping Identity has acquired ShoCard, a startup that uses blockchain technology for consumer identity management.

Ping, which announced the completed acquisition Wednesday, said the addition of ShoCard will further the identity and access management (IAM) vendor's push into what it calls "personal identity," where consumers are given great control over how much personal data they share when they access different services. ShoCard, which was founded in 2015, created a blockchain-based platform where consumers' digital identities are stored on a distributed ledger.

The proposed acquisition was first announced in March during the company's fourth-quarter 2019 earnings call. Financial terms of the deal were not disclosed, but according to Ping's first-quarter statements, the vendor paid $4.7 million for ShoCard.

In the announcement, Ping CEO Andre Durand said ShoCard's platform will strengthen his company's presence in the growing personal identity market.

"Personal identity is the next wave of the identity security evolution, representing a boon for business and consumers alike. Under this model, businesses can avoid storing sensitive data and the risks that come along with it, while customers can avoid sharing unnecessary personal information with service providers, ultimately creating a more trusted online experience," Durand said.

ShoCard founder Armin Ebrahimi, who is now head of distributed identity at Ping, told SearchSecurity that while blockchain-based platforms like ShoCard can be used for enterprise identity management, the opportunity for consumer or personal identity management is much larger. "You're talking about billions of people worldwide that have digital identities," he said. "Distributed identity is especially valuable for regulated industries that have a lot of personal data from customers."

Ebrahimi also said bringing ShoCard's technology to Ping's Intelligent Identity Platform was an ideal fit for both companies. "It's hard to trust a startup with something like identity," he said. "Ping has a great customer base that trusts them, and that benefits us."

Ping has long touted the potential of distributed ledgers in IAM. In 2016, the vendor invested in Swirlds (now Hedera), a startup that created a distributed ledger called "hashgraph" that is similar to blockchain. Ping incorporated hashgraph in its Distributed Session Management product.

PingOne Services

Along with the ShoCard acquisition, the vendor unveiled Wednesday a new suite of cloud IAM services called PingOne Services. The suite launched with two offerings: PingOne MFA, a multifactor authentication service, and PingOne Risk Management, a threat detection service that focuses on user behavior and login activity.

Ping Chief Product Officer Candace Worley said demand for stronger IAM has surged during the COVID-19 pandemic as more enterprise employees have been forced to work remotely. "I think we benefited from some good timing," Worley said. "The product team was working on these projects prior to the pandemic, and it was good foresight on their part to see the value in these services."

PingOne MFA can be used in web or mobile applications and allows organizations to brand the service as their own, implement custom authentication policies and choose between SMS, email and mobile push notifications for authentication methods.

PingOne Risk Management uses machine learning-powered user and entity behavior analytics (UEBA) to detect risk signals and potential threats, such as suspicious login activity. The cloud service also performs reputation checks for IP addresses and detects activity associated with anonymous networks protected by VPNs, Tor and other methods.

Worley said PingOne Risk Management leverages other third-party data and threat intelligence, but the primary machine learning technology was built from the ground up by Ping. The cloud service was designed to give enterprise customers context around detected risks so that administrators can understand why user access may have been blocked.

"There's a black box nature to some of these things," she said. "The ability for this service to say why something was blocked and explain it in detail is really important for customers."

Dig Deeper on Security operations and management