1© Copyright 2014 EMC Corporation. All rights reserved.

The Trends and the Customer Challenges in Identity and Access Management

Traxion: John van WestenengRSA: Corné van Rooij

4© Copyright 2014 EMC Corporation. All rights reserved.

Mainframe, Mini ComputerTerminals

LAN/Internet Client/ServerPC

Mobile Cloud Big Data SocialMobile Devices

MILLIONS OF USERS

THOUSANDSOF APPS

HUNDREDS OF MILLIONS OF USERS

TENS OF THOUSANDSOF APPS

BILLIONSOF USERS

MILLIONSOF APPS

Source: IDC

TRILLIONS OF DEVICES

5© Copyright 2014 EMC Corporation. All rights reserved.

Trends create Market Disruptors

Infrastructure Transformation

Mobile Cloud

Less control over access device and back-end

infrastructure

Threat LandscapeTransformation

APTs

SophisticatedFraud

Fundamentallydifferent tactics, more formidable than ever

BusinessTransformation

More hyper-extended, more digital

ExtendedWorkforce

NetworkedValueChains

BigData

6© Copyright 2014 EMC Corporation. All rights reserved.

Identity related threats?

6

7© Copyright 2014 EMC Corporation. All rights reserved.

Everyone will get there!

You can’t stop time progressing

8© Copyright 2014 EMC Corporation. All rights reserved.

Trend: Mobile

Websites will be out, Apps will be in

From 1-2 “desktops” to a set of devices

Even more identities; personal & business

Business apps, internal use only

BYOD and BYOI

Federated networks with cloudsspecifically for mobile use.

9© Copyright 2014 EMC Corporation. All rights reserved.

Trend: Cloud

As “clients” became web and Internet became fast, Cloud based IT will continue growing fast.

Cost saving, Time-to-Market and Knowledge are the driving factors.

Security and specifically data protection, privacy, SSO and identity management are key forgetting over the flippingpoint (dominant adoption).

10© Copyright 2014 EMC Corporation. All rights reserved.

Trend: Social Media

First started for personal use.

Now spinning off more and more for businessand commercial use.

Many, many (too many) ID’s.

Interconnected, federated.

Private/Business difficulties.

Threat landscape for ID theft.

11© Copyright 2014 EMC Corporation. All rights reserved.

Trend: Big Data

Data is exploding.

Data can be turned intoInformation adding context.

Information is Value.

The right information = gold…

Attach it to an ID and you havebusiness…… and a potential privacy issue.

Buying behaviour40 x

Daddy

Brochure

12© Copyright 2014 EMC Corporation. All rights reserved.

What is there to stay and what will leaveReshuffle spending! You can’t invest in new and maintain old.

• RBAC

• Central ID directory

•Enterprise-SSO

• HW/SW Token Auth.

• Internal only IDM systems

• Business driven AC

• Federation

•WebSSO

• Identity Broker

• Risk based or context based Access Control

13© Copyright 2014 EMC Corporation. All rights reserved.

Trends create Market DisruptorsSome take aways

Infrastructure Transformation

Mobile Cloud

Standardization

Hybrid, responsive applications

Threat LandscapeTransformation

APTs

SophisticatedFraud

Context based access control

BusinessTransformation

Containerization

ExtendedWorkforce

NetworkedValueChains

BigData

PrivacyIdentity broker

14© Copyright 2014 EMC Corporation. All rights reserved.

Standardization

From standard solutions/services to standard components andfunctions building custom, high quality solutions

15© Copyright 2014 EMC Corporation. All rights reserved.

Hybrid, responsive applications

(Mobile) application development platform

Identity & authentication

Vulnerability control

Security policies

API security

16© Copyright 2014 EMC Corporation. All rights reserved.

Containerization

• A balancing act between the enterprise and the user.

• Enables a secure any device strategy

• Any device, any platform

• From encrypted folders toapp wrappers to dualpersona OS modes.

17© Copyright 2014 EMC Corporation. All rights reserved.

Context based authentication• Use knowledge, i.e.

context, to reduce risksand increase usability

• Use the context factor tostrengten yourauthentication factors, or even replace it with anauthentication factor.

• Intelligence and big data technologies are helping tounderstand user behaviorand context.

18© Copyright 2014 EMC Corporation. All rights reserved.

Enterprise Auth

Get an identity broker

From enterprise identity to consumer identity to social identity

Ensure you can connect multiple Identity Providers

Be able to translate tokens from SAML to OAUTH to OpenID Connect to …

And propagate user data before delivering it to the application

Identity Broker“trust provider”

Social Auth

Enterprise Apps

Mobile Apps

Social Apps

Cloud Web Apps

Customer Auth

Information providers

19© Copyright 2014 EMC Corporation. All rights reserved.

Attribute based access control• Static versus dynamic authorization

• User attributes instead of roles

• Identity and Information

lifecycle management• Characteristics: Authentication

level, device id, organizational

unit, roles(?), function, tasks, …

• Design your authorization

model based on attributesSource: blog.empowerid.com

20© Copyright 2014 EMC Corporation. All rights reserved.

AUDIENCE QUESTIONS

How many companies in the room face or foresee a privacy challenge with the use of Big Data for their business?

Who think age is a privacy related attribute?

Who think shopping information is a privacy related attribute?

21© Copyright 2014 EMC Corporation. All rights reserved.

Keep the user centralSecurity by design

Visibility and transparencyIntegrated in the design

22© Copyright 2014 EMC Corporation. All rights reserved.

How it comes together?Mobile

Cloud

Big Data

Social Media

Hybrid, responsive applications

Context based authentication

Attribute based access controlStandardization

Identity brokerContainerization

PRIVACY

Privacy by Design

23© Copyright 2014 EMC Corporation. All rights reserved.

24© Copyright 2014 EMC Corporation. All rights reserved.

25© Copyright 2014 EMC Corporation. All rights reserved.

Partners in Information Security