hello, dishwasher! the looming identity crisis on the internet of things
Post on 25-Jun-2015
933 Views
Preview:
DESCRIPTION
TRANSCRIPT
ca Securecenter
Hello, Dishwasher! The Looming Identity Crisis on the Internet of Things
K. Scott Morrison
SCX12S #CAWorld
CA TechnologiesSVP & Distinguished Engineer
Hello, Dishwasher.
© 2014 CA. ALL RIGHTS RESERVED.3 © 2014 CA. ALL RIGHTS RESERVED.
Hello, Scott
SVP & Distinguished Engineer
Scott.Morrison@ca.com
@KScottMorrison
slideshare.net/CAinc
linkedin.com/KScottMorrison
ca.com
K. Scott Morrison
You Know Who I Am…
© 2014 CA. ALL RIGHTS RESERVED.5 © 2014 CA. ALL RIGHTS RESERVED.
But Who Is The Dishwasher?
© 2014 CA. ALL RIGHTS RESERVED.
Where Do I Put My Password?
© 2014 CA. ALL RIGHTS RESERVED.
Identity Is Approaching Critical Mass
Average Number Of Online IDs 26
Ave Number of Facebook Friends 336To
day Internet Users 2.4B
“People Have Identity”
Things20
20
Phones, Tablets and Laptops 7.3B
“Things Have Identity”
26.0BInternet users Internet World Stats Q1 2012: http://www.internetworldstats.com/stats.htm Internet accounts Experian July 2012: http://www.bbc.com/news/technology-18866347Facebook Pew Research: http://www.pewresearch.org/fact-tank/2014/02/03/6-new-facts-about-facebook/
© 2014 CA. ALL RIGHTS RESERVED.8 © 2014 CA. ALL RIGHTS RESERVED.
Abstract
Scott MorrisonCA Technologies
Distinguished Engineer
In this session, you will learn:
How IoT will affect our everyday lives, extending from our home, to our car and into our workspace.
Why things need identity—and what form this identity should take.
The 5 top security risks in the Internet of Things.
How you can manage and mitigate these risks.
What we can learn from classic IAM, and what we must do differently.
© 2014 CA. ALL RIGHTS RESERVED.
ChangeAgent
© 2014 CA. ALL RIGHTS RESERVED.
API
pplicationrogrammingnterface
© 2014 CA. ALL RIGHTS RESERVED.
© 2014 CA. ALL RIGHTS RESERVED.
While we are talking…
7
Approximate number of global web pages
© 2014 CA. ALL RIGHTS RESERVED.12 © 2014 CA. ALL RIGHTS RESERVED.
For Example:
GET http://services.layer7.com/staff/Scott
© 2014 CA. ALL RIGHTS RESERVED.13 © 2014 CA. ALL RIGHTS RESERVED.
For Example:
{"firstName": ”Scott ","lastName" : ”Morrison",”title" : “CTO”,"address" :{
"streetAddress": ”405-1100 Melville","city" : ”Vancouver",”prov" : ”BC","postalCode" : ”V6E 4A6"
},"phoneNumber":[
{"type" : ”office","number": ”605 681-9377"
},{"type" : ”home","number": ”604 555-4567"
}]
}
http://services.layer7.com/staff/Scott
© 2014 CA. ALL RIGHTS RESERVED.
Did you check the weather today?
© 2014 CA. ALL RIGHTS RESERVED.
API
© 2014 CA. ALL RIGHTS RESERVED.
17 © 2014 CA. ALL RIGHTS RESERVED.
The Apps On Your Phone Are A Glimpse Into the Future Of Enterprise IT
© 2014 CA. ALL RIGHTS RESERVED.
© 2014 CA. ALL RIGHTS RESERVED.
Mobile is empowering to the individual.
19 © 2014 CA. ALL RIGHTS RESERVED.
Mobile is also about relationships.
© 2014 CA. ALL RIGHTS RESERVED.
Mobile identity remains hard.
© 2014 CA. ALL RIGHTS RESERVED.
© 2014 CA. ALL RIGHTS RESERVED.22 © 2014 CA. ALL RIGHTS RESERVED.
User
AppsDevices
Mobile taught us the importance of contextual identity.
© 2014 CA. ALL RIGHTS RESERVED.23 © 2014 CA. ALL RIGHTS RESERVED.
Mobility defines our relationship to things.
© 2014 CA. ALL RIGHTS RESERVED.24 © 2014 CA. ALL RIGHTS RESERVED.
And mobile is the controller of the things.
© 2014 CA. ALL RIGHTS RESERVED.25 © 2014 CA. ALL RIGHTS RESERVED.
Cloud
The emerging IoT architecture leverages APIs.
Things
APIs
Mobile control tier
Lots of brands on this page. OK with that?
IoT Provider
Gateway
© 2014 CA. ALL RIGHTS RESERVED.26 © 2014 CA. ALL RIGHTS RESERVED.
Identity in IoT follows mobility.
© 2014 CA. ALL RIGHTS RESERVED.27 © 2014 CA. ALL RIGHTS RESERVED.
Demonstration: How OAuth Works
© 2014 CA. ALL RIGHTS RESERVED.
© 2014 CA. ALL RIGHTS RESERVED.
Tokens are well
suited for machines
© 2014 CA. ALL RIGHTS RESERVED.
© 2014 CA. ALL RIGHTS RESERVED.29 © 2014 CA. ALL RIGHTS RESERVED.
Bootstrap trust by embedding tokens…..
0AD4C23A00B…
© 2014 CA. ALL RIGHTS RESERVED.30 © 2014 CA. ALL RIGHTS RESERVED.
And let OAuth and OpenID connect take over.
API
Authorization Server
© 2014 CA. ALL RIGHTS RESERVED.31 © 2014 CA. ALL RIGHTS RESERVED.
How does classical IAM fit in all of this?
Highly centralized and hierarchal
Centralized, legacy LDAP directory
Internally focused identity life cycle
SAML-style federation
Login-centric reporting
© 2014 CA. ALL RIGHTS RESERVED.32 © 2014 CA. ALL RIGHTS RESERVED.
Classical IAM misses what OAuth was really about.
The Old Enterprise The New Hybrid Enterprise
This is the secret to scale and agile federation
© 2014 CA. ALL RIGHTS RESERVED.
Centralized identity management has reached its limit for growth.
IoT identity is:
Decentralized Peer-to-peer Empowered identity owners
© 2014 CA. ALL RIGHTS RESERVED.
© 2014 CA. ALL RIGHTS RESERVED.34 © 2014 CA. ALL RIGHTS RESERVED.
What is it we are missing?
Change in roles
Shift in responsibility
The need to be agile
Responding to modern risk profiles
© 2014 CA. ALL RIGHTS RESERVED.35 © 2014 CA. ALL RIGHTS RESERVED.
What must IoT identity look like?
Token Centric– OAUth, OpenID Connect
Automatic, scalable rules of engagement– Unlicensed Mobile Access
Rich identity context
Continuous authentication– Anytime step up, plus reactionary clients
© 2014 CA. ALL RIGHTS RESERVED.36 © 2014 CA. ALL RIGHTS RESERVED.
What must IoT identity look like? (cont.)
Cloud-scale identity persistence– Hadoop and NOSQL Databases
Federated risk management– Broad visibility and situational awareness
Modern, big-data driven reporting
© 2014 CA. ALL RIGHTS RESERVED.37 © 2014 CA. ALL RIGHTS RESERVED.
Want To See IoT Identity For Real?
DEMO STATION SPECIFIC DEMO
IoT Micro CA API Gateway on Raspberry PI
IoTAutomatic door unlock using beacon, phone,
and corporate identity
InnovationDevice to device, app to app single sign on and
application context transfer using CA Mobile
Access Gateway
IoTStreaming video from drone running through
CA API Gateway
© 2014 CA. ALL RIGHTS RESERVED.38 © 2014 CA. ALL RIGHTS RESERVED.
For More Information
To learn more about Security,
please visit:
http://bit.ly/10WHYDm
Insert appropriate screenshot and text overlayfrom following “More Info Graphics” slide here;
ensure it links to correct pageSecurity
© 2014 CA. ALL RIGHTS RESERVED.39 © 2014 CA. ALL RIGHTS RESERVED.
For Informational Purposes Only
© 2014 CA. All rights reserved. All trademarks referenced herein belong to their respective companies.
This presentation provided at CA World 2014 is intended for information purposes only and does not form any type of warranty. Some of the specific slides with customer references relate to customer's specific use and experience of CA products and solutions so actual results may vary.
Terms of this Presentation
top related