Acquiring PhoneFactor gives Microsoft a strong but narrowly focused set of authentication technologies. This may not be the best fit for either company's customers, and may present an opportunity for PhoneFactor competitors.
On 4 October 2012, Microsoft announced that it has acquired PhoneFactor, a provider of phone-as-a-token authentication technology based in Overland Park, Kansas. Microsoft plans to maintain PhoneFactor as a stand-alone offering in the near term, but has not formally announced long-term plans for the company. The two companies have outlined plans for future integration with Windows Azure Active Directory, Microsoft's cloud identity service.
PhoneFactor — chosen as a Gartner Cool Vendor for 2009 — is a well-regarded, highly capable tight-focus authentication provider with offerings based on out-of-band (OOB) authentication. Gartner believes that a wide-focus vendor able to support a broad range of authentication methods on an open, extensible architecture would be a better choice for an identity and access management (IAM) infrastructure vendor such as Microsoft. (CA's October 2011 purchase of Arcot Systems is one example of such an acquisition.) Microsoft has acknowledged that it must continue to work with partners to offer authentication methods to meet the full range of customer needs. However, the PhoneFactor offering might be extended to support a broader range of authentication technologies in the medium term.
Microsoft may also focus on supporting consumer offerings such as the Xbox game system, for which it has already implemented OOB authentication via SMS and email. PhoneFactor adds voice telephony modes, which are widely preferred in North America.
It is not yet certain whether this acquisition represents a positive development for PhoneFactor's current and prospective customers. Microsoft's track record in integrating authentication and other IAM offerings from other providers (for example, Alacris, acquired in September 2005) is not encouraging. While Microsoft will continue to sell PhoneFactor's existing service as a stand-alone offering, and reseller agreements remain intact, PhoneFactor customers will be concerned about longer-term changes. A shift to Microsoft's licensing model might curtail the free limited-service offering that has been such a good sales gambit for PhoneFactor. Until Microsoft publishes a clear integration road map, the acquisition's value to Microsoft customers, as well as to existing and prospective PhoneFactor customers, is open to question. These and other concerns may create short-term opportunities for PhoneFactor competitors, including smaller North American rivals, but particularly some well-established European vendors seeking to expand into the North American market.
Current PhoneFactor customers:
Demand contractual commitments for continuity of service and maintenance of current service levels. Seek penalty clauses, targeting approximately 10%-15% of annual contract value.
Develop contingency plans for transitioning to another provider, if necessary.
Prospective PhoneFactor customers:
Continue to evaluate alternative OOB authentication providers, as well as OOB authentication offerings from wide-focus vendors and virtual private network vendors that bundle SMS-based OOB authentication with their gateway products.
Some documents may not be available as part of your current Gartner subscription.
"Good Authentication Choices: Evaluating Phone-as-a-Token Authentication Methods" — Phone-as-a-token authentication shows promise, but the uptake of mobile computing presents challenges. By Ant Allan
"Magic Quadrant for User Authentication" — User authentication is dominated by three well-established wide-focus providers, but new entrants are making significant inroads into the market. By Ant Allan