cis 2015 security without borders: taming the cloud and mobile frontier - andre durand
TRANSCRIPT
WELCOME IDENTERATI
INTRODUCING SIERRA
BORDER SECURITY V1.0
“WE DIDN’T FOCUS ON HOW YOU COULD WRECK THE SYSTEM INTENTIONALLY” Vinton G. Cerf
$100 BILLION
Estimated loss in US per annum due to cybercrime THE INTERNET “THEY THOUGHT THEY WERE BUILDING A CLASSROOM AND IT TURNS OUT THEY BUILT A BANK.” Abbate
SECURITY WASN’T EVEN A GOAL
UNFORTUNATE TRUTH ATTACKS
SECURITY
Ubiquitous Internet New Vulnerabilities
Market for Identity Success & Profits
30 Million Bots Insider Recruitment
Organization
WHAT IF OUR PERIMETER NO LONGER DEFINES
OUR PERIMETER?
THE PERIMETER IS EXPANDING
2007 2008 2009 2010 2011 2012 2013 2014 2015 Timeline
Software-as-a-Service
ENTERPRISE (apps, users, network)
THE PERIMETER IS EXPANDING
2007 2008 2009 2010 2011 2012 2013 2014 2015 Timeline
Software-as-a-Service
ENTERPRISE (apps, users, network)
Smart Mobile Devices
Infrastructure-as-a-Service
2007 2008 2009 2010 2011 2012 2013 2014 2015 Timeline
Software-as-a-Service
ENTERPRISE (apps, users, network)
Smart Mobile Devices
THE PERIMETER IS EXPANDING
“DON’T EVER TAKE DOWN YOUR FENCE UNTIL YOU KNOW THE REASON IT WAS PUT UP.”
G.K. Chesterton
internet
enterprise
computer
device
app
api Iot
MANY BORDERS ONE BORDERLESS IDENTITY SYSTEM
WE’RE BUILDING A HAMSTER TRAIL SECURE TUNNELS TO TRANSMIT AUTHENTICATED USERS
REDEFINING SECURITY with IDENTITY CORE
SECURITY
IDENTITY DEFINED SECURITY
IDENTITY
WE’RE ON A JOURNEY
TO FULL IDENTITY VISIBILITY
ANONYMOUS BY DEFAULT
IDENTIFIED BY DEFAULT FUTURE
PAY EXTRA FOR ANONAMOUS
TRANSACTIONS
BEWARE OUR ASSUMPTIONS
ONLY GOOD ACTORS COULD ACCESS THE NETWORK
ASSUMPTION #1
1970
THE PERIMETER IS SECURE
ASSUMPTION #2 1970–TODAY
IDENTITY IS MORE SECURE
ASSUMPTION #3
2015
WHAT WOULD WE DO IF PERIMETER ALREADY BREACHED
WHAT IF THE RIGHT IDENTITY BECOMES A BAD ACTOR?
WHAT IF…
IDENTITY IS TOO WEAK & TOO DISCONNECTED TO PROTECT US AT SCALE?
MOVING FORWARD
EVOLVE FROM SINGLE-FACTOR
AUTHENTICATION
TO CONTINUOUS AND CONTEXTUAL MULTI-FACTOR
STANDARDS-BASED INTERACTIONS EVERYWHERE INCLUDING FIRST/LAST MILE INTEGRATION
micro trust trust a little > trust a little more
login > trust a lot > trust a little more
trust a little less and so on… TIME OUT / LOGOUT LOGIN > TRUST A LOT >
BIG TRUST
NEED A NEW SYSTEM FOR IDENTITY PROOFING
& RESOLUTION
move beyond STATIC ACCESS CONTROL
LEVERAGE
BIG-DATA & INTELLIGENCE TO ENABLE DYNAMIC ACCESS CONTROL
KUDO’S
OPENID CONNECT
THANK YOU
REGISTER EARLY!
INTRODUCING ALEX SIMONS