2017 predictions: identity and security
TRANSCRIPT
![Page 1: 2017 Predictions: Identity and Security](https://reader036.vdocuments.us/reader036/viewer/2022070512/589a19fc1a28ab2a678b56f9/html5/thumbnails/1.jpg)
What to Expect in 2017 - Predictions for Identity and
Security
![Page 2: 2017 Predictions: Identity and Security](https://reader036.vdocuments.us/reader036/viewer/2022070512/589a19fc1a28ab2a678b56f9/html5/thumbnails/2.jpg)
2Copyright SecureAuth Corporation 2016
Today’s Speakers
ANDRAS CSERVP and Principal Analyst Forrester Research
STEPHEN COXChief Security ArchitectSecureAuth
![Page 3: 2017 Predictions: Identity and Security](https://reader036.vdocuments.us/reader036/viewer/2022070512/589a19fc1a28ab2a678b56f9/html5/thumbnails/3.jpg)
3Copyright SecureAuth Corporation 2016
+ All attendee audio lines are muted + Submit questions via Q&A panel at any time+ Questions will be answered during Q&A at the end of the presentation
+ Slides and recording will be sent later this week+ Contact us at [email protected]
Webinar Housekeeping
![Page 4: 2017 Predictions: Identity and Security](https://reader036.vdocuments.us/reader036/viewer/2022070512/589a19fc1a28ab2a678b56f9/html5/thumbnails/4.jpg)
4Copyright SecureAuth Corporation 2016
![Page 5: 2017 Predictions: Identity and Security](https://reader036.vdocuments.us/reader036/viewer/2022070512/589a19fc1a28ab2a678b56f9/html5/thumbnails/5.jpg)
5Copyright SecureAuth Corporation 2016© 2016 Forrester Research, Inc. Reproduction Prohibited 5
We work with business and technology leaders to develop customer-obsessed strategies that drive growth.
![Page 6: 2017 Predictions: Identity and Security](https://reader036.vdocuments.us/reader036/viewer/2022070512/589a19fc1a28ab2a678b56f9/html5/thumbnails/6.jpg)
6Copyright SecureAuth Corporation 2016
Top Trends Shaping IAM in 2017
Andras Cser, VP Principal Analyst
January 18, 2017
![Page 7: 2017 Predictions: Identity and Security](https://reader036.vdocuments.us/reader036/viewer/2022070512/589a19fc1a28ab2a678b56f9/html5/thumbnails/7.jpg)
7Copyright SecureAuth Corporation 20167© 2016 Forrester Research, Inc. Reproduction Prohibited
› You don’t want to be on CNN headline news› Security has shifted from a Director/VP/CISO/CIO IT
problem to a CEO problem›Data protection is a key concern›Mobile and IoT present new challenges› BYOD/user owned devices are here to stay
Assess the impact of cyberattacks
![Page 8: 2017 Predictions: Identity and Security](https://reader036.vdocuments.us/reader036/viewer/2022070512/589a19fc1a28ab2a678b56f9/html5/thumbnails/8.jpg)
8Copyright SecureAuth Corporation 20168© 2016 Forrester Research, Inc. Reproduction Prohibited
› Perimeter is long gone (Can you give a laptop with VPN to every contractor and employee???)› Identity has emerged as the new perimeter›Holistic approaches for joiner, mover, leaver, attestation
and self service processes›Unified treatment of Application, Data, Endpoint, and
Network access controls
Shift identity to the center of your threat detection ecosystem
![Page 9: 2017 Predictions: Identity and Security](https://reader036.vdocuments.us/reader036/viewer/2022070512/589a19fc1a28ab2a678b56f9/html5/thumbnails/9.jpg)
9Copyright SecureAuth Corporation 20169© 2016 Forrester Research, Inc. Reproduction Prohibited
› IAM is essential for business›General IAM future requirements› B2E IAM requirements› B2B IAM requirements› B2C IAM requirements› IAM for IoT› Forrester’s predictions
Agenda
![Page 10: 2017 Predictions: Identity and Security](https://reader036.vdocuments.us/reader036/viewer/2022070512/589a19fc1a28ab2a678b56f9/html5/thumbnails/10.jpg)
10Copyright SecureAuth Corporation 201610
Digital transformation drives IAM
![Page 11: 2017 Predictions: Identity and Security](https://reader036.vdocuments.us/reader036/viewer/2022070512/589a19fc1a28ab2a678b56f9/html5/thumbnails/11.jpg)
11Copyright SecureAuth Corporation 201611© 2016 Forrester Research, Inc. Reproduction Prohibited
›Digital customer experience vs Security strength› IAM must support profile and preference management› IAM must protect privacy› IAM must aid in helping protect sensitive data›Mobile/any device support› IAM must support BI
IAM is essential for today’s business and digital transformation
![Page 12: 2017 Predictions: Identity and Security](https://reader036.vdocuments.us/reader036/viewer/2022070512/589a19fc1a28ab2a678b56f9/html5/thumbnails/12.jpg)
12Copyright SecureAuth Corporation 201612© 2016 Forrester Research, Inc. Reproduction Prohibited
›Consumer like user interface everywhere› API security and availability of IAM services as an API› Behavioral profiling built in›Multimodal and multi target IAM (SaaS and on-prem IAM
policy servers to support cloud and on-prem workloads› IAM becoming lightweight (microservices)› Privacy and security must be built in
General IAM future requirements
![Page 13: 2017 Predictions: Identity and Security](https://reader036.vdocuments.us/reader036/viewer/2022070512/589a19fc1a28ab2a678b56f9/html5/thumbnails/13.jpg)
13Copyright SecureAuth Corporation 201613© 2016 Forrester Research, Inc. Reproduction Prohibited
›Cloud migration: It’s not longer a question of ‘if’ but more like ‘how’ and ‘when’›What data do you have?›How sensitive is your data?›Where is your data?›How do you detect anomalies in accessing data
› Users› Devices› Apps
Get a grip on cloud apps and cloud platforms
![Page 14: 2017 Predictions: Identity and Security](https://reader036.vdocuments.us/reader036/viewer/2022070512/589a19fc1a28ab2a678b56f9/html5/thumbnails/14.jpg)
14Copyright SecureAuth Corporation 201614© 2016 Forrester Research, Inc. Reproduction Prohibited
› Encapsulate data with identity to protect it›Context, relationship and activity based provisioning,
access management› Federation built in between on-prem and cloud user
stores› Adaptive authorization to reduce recertification burden›Recertification, role management and governance are
the ultimate preemptive strike against data breaches
B2E IAM requirements
![Page 15: 2017 Predictions: Identity and Security](https://reader036.vdocuments.us/reader036/viewer/2022070512/589a19fc1a28ab2a678b56f9/html5/thumbnails/15.jpg)
15Copyright SecureAuth Corporation 201615© 2016 Forrester Research, Inc. Reproduction Prohibited
›Native organization and relationship management is a must› IDaaS will gain adoption for access and IMG› PIM as a service to support IT administration
outsourcers and IaaS providers›Custom and dynamic trust networks
B2B (Business to partners) IAM requirements
![Page 16: 2017 Predictions: Identity and Security](https://reader036.vdocuments.us/reader036/viewer/2022070512/589a19fc1a28ab2a678b56f9/html5/thumbnails/16.jpg)
16Copyright SecureAuth Corporation 201616© 2016 Forrester Research, Inc. Reproduction Prohibited
›Organization and relationship management› Profile management plus self services, not just security›MFA as a service, move to push notification from SMS
messages›Continuous authentication based on behavioral
biometrics›Wearables for MFA
B2C IAM requirements
![Page 17: 2017 Predictions: Identity and Security](https://reader036.vdocuments.us/reader036/viewer/2022070512/589a19fc1a28ab2a678b56f9/html5/thumbnails/17.jpg)
17Copyright SecureAuth Corporation 201617© 2016 Forrester Research, Inc. Reproduction Prohibited
›Massive scale›Devices are the new kid on the block
• Lifecycle, authentication, biometrics, API› IAM systems have to handle people, apps, systems and
devices›Manage consent in IoT environments explicitly – this is
to protect data and privacy› Authorization v2.0
IAM for IoT requirements
![Page 18: 2017 Predictions: Identity and Security](https://reader036.vdocuments.us/reader036/viewer/2022070512/589a19fc1a28ab2a678b56f9/html5/thumbnails/18.jpg)
18Copyright SecureAuth Corporation 201618© 2016 Forrester Research, Inc. Reproduction Prohibited
› Today’s environments are 10x-100x bigger than what we had even 4-5 years ago› 11 billion mobile devices› 50-100 billion IoT connected devices (Forrester est.) –
hard to patch, easy to attack›Using IoT devices to perpetrate DDoS attacks has
already been demonstrated in the Dyn DNS breach
Assess scale
![Page 19: 2017 Predictions: Identity and Security](https://reader036.vdocuments.us/reader036/viewer/2022070512/589a19fc1a28ab2a678b56f9/html5/thumbnails/19.jpg)
19Copyright SecureAuth Corporation 201619© 2016 Forrester Research, Inc. Reproduction Prohibited
› IAM suites becoming much more loosely coupled than today› IDaaS will do provisioning, governance and attestation, not
just SSO› B2C will spawn a new class of customer management
services› Fraud management and IAM / access control integration is
key› Behavioral profiling is to expand to certification and access
request management
Forrester’s predictions
![Page 20: 2017 Predictions: Identity and Security](https://reader036.vdocuments.us/reader036/viewer/2022070512/589a19fc1a28ab2a678b56f9/html5/thumbnails/20.jpg)
20Copyright SecureAuth Corporation 2016© 2016 Forrester Research, Inc. Reproduction Prohibited
Move from Signatures and Rules to Behavioral Profiles
![Page 22: 2017 Predictions: Identity and Security](https://reader036.vdocuments.us/reader036/viewer/2022070512/589a19fc1a28ab2a678b56f9/html5/thumbnails/22.jpg)
SecureAuth 2017 Predictions Stephen Cox, Chief Security Architect
![Page 23: 2017 Predictions: Identity and Security](https://reader036.vdocuments.us/reader036/viewer/2022070512/589a19fc1a28ab2a678b56f9/html5/thumbnails/23.jpg)
23Copyright SecureAuth Corporation 2016
Consolidation Amongst Security Vendors
+ Too many security products– Too many alerts, too much to digest– Not enough budget
+ Products need to address multiple challenges– Provide actionable alerts, not just data– Help protect, detect and respond
+ Example: Analytics as a Feature– Behavior analytics: product or feature?– UEBA may disappear as a standalone
market segment
![Page 24: 2017 Predictions: Identity and Security](https://reader036.vdocuments.us/reader036/viewer/2022070512/589a19fc1a28ab2a678b56f9/html5/thumbnails/24.jpg)
24Copyright SecureAuth Corporation 2016
Identity Becomes a Pillar of Security
+ Everest sized mountain of data cultivated from breach analysis
– Screaming for wider adoption of risk based authentication techniques
+ Stolen credentials are too easy to get– Obtained on dark web, used to quietly log
in to an organization + Solving the visibility problem
– Identity currently a blind spot for many organizations
– Adaptive Authentication helps protect, detect and respond against breaches
![Page 25: 2017 Predictions: Identity and Security](https://reader036.vdocuments.us/reader036/viewer/2022070512/589a19fc1a28ab2a678b56f9/html5/thumbnails/25.jpg)
25Copyright SecureAuth Corporation 2016
the password has become a "kind of a nightmare”
Prof. Fernando J. Corbato
![Page 26: 2017 Predictions: Identity and Security](https://reader036.vdocuments.us/reader036/viewer/2022070512/589a19fc1a28ab2a678b56f9/html5/thumbnails/26.jpg)
26Copyright SecureAuth Corporation 2016
dThe End of the Password
d
+ Passwords are a completely broken technology+ Not just buzz - it is happening, and fast!+ We have the technology to do this today
![Page 27: 2017 Predictions: Identity and Security](https://reader036.vdocuments.us/reader036/viewer/2022070512/589a19fc1a28ab2a678b56f9/html5/thumbnails/27.jpg)
27Copyright SecureAuth Corporation 2016
Fallout from the Yahoo Breach
+ What it means to the end of the password+ The impacts in the security community+ Large credential databases a gold mine to
aggressive threat actor groups
![Page 28: 2017 Predictions: Identity and Security](https://reader036.vdocuments.us/reader036/viewer/2022070512/589a19fc1a28ab2a678b56f9/html5/thumbnails/28.jpg)
28Copyright SecureAuth Corporation 2016
Another (Re)Emerging Threat - DDoS
+ DDoS is back! – Poorly protected IoT devices are
to blame– The Rise of Thingbots - David
Hobbs (Radware)+ Doesn’t mean fewer attacks
leveraging stolen credentials– DDoS a tactic, not a goal
+ Still relates to identity!– The “default password” issue– Poorly protected web properties
![Page 29: 2017 Predictions: Identity and Security](https://reader036.vdocuments.us/reader036/viewer/2022070512/589a19fc1a28ab2a678b56f9/html5/thumbnails/29.jpg)
29Copyright SecureAuth Corporation 2016
+ Can achieve MFA without a password – Something you have, something you are– Analyze risk - identity is a pillar of security
+ Leverage the push-to-accept approach+ Increase security without impacting user
experience!– Good for verticals with difficult and demanding
stakeholders
It’s Time To Go Passwordless
![Page 30: 2017 Predictions: Identity and Security](https://reader036.vdocuments.us/reader036/viewer/2022070512/589a19fc1a28ab2a678b56f9/html5/thumbnails/30.jpg)
Q & A
![Page 31: 2017 Predictions: Identity and Security](https://reader036.vdocuments.us/reader036/viewer/2022070512/589a19fc1a28ab2a678b56f9/html5/thumbnails/31.jpg)
Visit www.secureauth.com
The intellectual content within this document is the property of SecureAuth and must not be shared without prior consent.