PhoneFactor a Puzzling Authentication Choice for Microsoft

G00245538

Analyst(s):

  Free preview of Gartner research

Summary

Acquiring PhoneFactor gives Microsoft a strong but narrowly focused set of authentication technologies. This may not be the best fit for either company's customers, and may present an opportunity for PhoneFactor competitors.

News Analysis

Event

On 4 October 2012, Microsoft announced that it has acquired PhoneFactor, a provider of phone-as-a-token authentication technology based in Overland Park, Kansas. Microsoft plans to maintain PhoneFactor as a stand-alone offering in the near term, but has not formally announced long-term plans for the company. The two companies have outlined plans for future integration with Windows Azure Active Directory, Microsoft's cloud identity service.

Analysis

PhoneFactor — chosen as a Gartner Cool Vendor for 2009 — is a well-regarded, highly capable tight-focus authentication provider with offerings based on out-of-band (OOB) authentication. Gartner believes that a wide-focus vendor able to support a broad range of authentication methods on an open, extensible architecture would be a better choice for an identity and access management (IAM) infrastructure vendor such as Microsoft. (CA's October 2011 purchase of Arcot Systems is one example of such an acquisition.) Microsoft has acknowledged that it must continue to work with partners to offer authentication methods to meet the full range of customer needs. However, the PhoneFactor offering might be extended to support a broader range of authentication technologies in the medium term.

Microsoft may also focus on supporting consumer offerings such as the Xbox game system, for which it has already implemented OOB authentication via SMS and email. PhoneFactor adds voice telephony modes, which are widely preferred in North America.

It is not yet certain whether this acquisition represents a positive development for PhoneFactor's current and prospective customers. Microsoft's track record in integrating authentication and other IAM offerings from other providers (for example, Alacris, acquired in September 2005) is not encouraging. While Microsoft will continue to sell PhoneFactor's existing service as a stand-alone offering, and reseller agreements remain intact, PhoneFactor customers will be concerned about longer-term changes. A shift to Microsoft's licensing model might curtail the free limited-service offering that has been such a good sales gambit for PhoneFactor. Until Microsoft publishes a clear integration road map, the acquisition's value to Microsoft customers, as well as to existing and prospective PhoneFactor customers, is open to question. These and other concerns may create short-term opportunities for PhoneFactor competitors, including smaller North American rivals, but particularly some well-established European vendors seeking to expand into the North American market.

Recommendations

Current PhoneFactor customers:

  • Demand contractual commitments for continuity of service and maintenance of current service levels. Seek penalty clauses, targeting approximately 10%-15% of annual contract value.

  • Develop contingency plans for transitioning to another provider, if necessary.

Prospective PhoneFactor customers:

  • Continue to evaluate alternative OOB authentication providers, as well as OOB authentication offerings from wide-focus vendors and virtual private network vendors that bundle SMS-based OOB authentication with their gateway products.

Recommended Reading

Some documents may not be available as part of your current Gartner subscription.

© 2012 Gartner, Inc. and/or its Affiliates. All Rights Reserved. Reproduction and distribution of this publication in any form without prior written permission is forbidden. The information contained herein has been obtained from sources believed to be reliable. Gartner disclaims all warranties as to the accuracy, completeness or adequacy of such information. Although Gartners research may discuss legal issues related to the information technology business, Gartner does not provide legal advice or services and its research should not be construed or used as such. Gartner shall have no liability for errors, omissions or inadequacies in the information contained herein or for interpretations thereof. The opinions expressed herein are subject to change without notice.

Not a Gartner Client?

Want more research like this?
Learn the benefits of becoming a Gartner client.

Contact us online

  Webinars

More  

Why Gartner

Gartner delivers the technology-related insight you need to make the right decisions, every day.

Find out more