Digital Arts to enter the IDaaS market in August 2023
Utilizing strong multifactor authentication including location-based authentication and third-party authentication to ensure secure ID management

Information security solutions provider Digital Arts, Inc. (headquarters: Chiyoda-ku, Tokyo, Japan; CEO: Toshio Dogu; hereinafter referred to as “Digital Arts”; Code 2326) is pleased to announce its entry into the IDentity as a Service (IDaaS) market, a cloud-based ID management service, and the August 2023 launch of "StartIn," an IDaaS product that enables authentication and ID management for the safe and secure use of cloud services.

More organizations use cloud services; security risks increase as more IDs and passwords are managed

In recent years, work environments have changed drastically and the use of cloud services, which can be accessed from anywhere, is on the rise. Normally, to use cloud services, users log in using an ID and password. However, as the number of cloud services used and the number of users increase, the number of IDs and passwords to manage increases, leading to the increased security risk.

With the increased use of cloud services, IDaaS has began to gain attention as a way to manage information needed for authentication, such as user IDs and passwords. IDaaS stands for "Identity as a Service." It provides ID and password management, single sign-on, access control and other services required for businesses via cloud computing. The IDaaS market is expected to grow significantly at a compound annual growth rate (CAGR) of 17.9% between 2021 and 2027 and reach a market value of 21 billion yen (13.2 billion yen more than in 2021) *1. IDaaS reduces the burden of managing IDs and passwords when users are added or removed and the security risks associated with reusing old passwords.

In addition, as cloud services can be accessed from anywhere as long as the ID and password are known, including outside of the office, they are at risk of hacks if IDs and passwords are stolen through phishing or other means. As a result, IDaaS with multifactor authentication, which requires a security code from an additional factor other than the ID and password, is increasingly being introduced.

Digital Arts' StartIn ensures a world where you can comfortably "Start" your work with a secure "Login"

Until now, Digital Arts has provided web, email and file security products such as i-FILTER, m-FILTER, and FinalCode. We have entered the IDaaS market to achieve safety and security in the authentication part of logging in to cloud services, and will launch our IDaaS product "StartIn" in August 2023. The name "StartIn" comes from the fact that work "Starts" with a "Login."

In addition to ID management and single sign-on, StartIn provides secure multifactor authentication, including location-based authentication and third-party authentication for stronger authentication, and periodic authentication for easier management of employees.

Location-based authentication, third-party authentication, and periodic authentication improve the strength of authentication and enable safe and secure ID management for cloud services

Location-based authentication is a feature used at login that approves a login attempt only when an employee is in a pre-determined area, such as Japan, a specific prefecture, certain coordinates or in the radius of said areas. This feature can be used to block login attempts not only from overseas but also from locations other than the office or place of residence, thus strengthening authentication.

Third-party authentication is a feature that approves a login attempt only when approved by a "third party," such as a superior who has been set to give approval. When using cloud services that require supervisor's approval for reasons such as handling confidential information, the approval can be given right on StartIn. The number of approvals required for authentication can also be set to multiple people. Recently, numerous man-in-the-middle attacks*2 and fatigue attacks*3, both of which are attacks on multifactor authentication, have been reported. Third-party authentication can provide security against such attacks.

Periodic authentication periodically checks the location of employees and prompts them to reauthenticate with an app at regular intervals. Authentication strength can be increased by monitoring employee location and disconnecting them from cloud services when they are not in use.

In addition to the usual authentication methods such as one-time password authentication, push authentication, and client certificate authentication, a combination of these three authentication methods unique to Digital Arts, location-based authentication, third-party authentication and periodic authentication, can be used to provide stronger authentication. This enables safe and secure ID management for cloud services by providing information on who, when, where, and what kind of cloud services are being used.



*1 Source: Fuji Chimera Research Institute, Inc. "2022 Network Security Business Survey: Market Edition," IDaaS Market Size Trends
*2 Man-in-the-middle attack: An attack that interrupts the middle of communication between two parties through hacking to eavesdrop on or alter communication. In a man-in-the-middle attack that attempts to break the multifactor authentication, there is a fake website between the user and the legitimate website. The ID and password entered on the fake website are sent to the legitimate website, where the security code is delivered to the user. The security code is then entered again into the fake website, allowing the attacker to steal the account information.
*3 Fatigue attack: An attack wherein an attacker repeatedly generates multifactor authentication requests in an attempt to cause the user to mistakenly approve the request.