Modern IAM Trends and Themes by Eve Maler, Forrester

1,312 views
1,065 views

Published on

Keynote presented by Eve Maler, Principal Analyst, Forrester, Co-creator XML, Principal SAML Development Team

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,312
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
48
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Modern IAM Trends and Themes by Eve Maler, Forrester

  1. 1. Making Leaders Successful Every Day
  2. 2. Trends, Transients, Tropes, and Transparents Eve Maler, Principal Analyst, Security & Risk ForgeRock Open Identity Stack Summit October 15, 2013
  3. 3. Transparents Trends •  What are they? •  What is the evidence? •  What should you do about them? Closer to truthiness Closer to essential truth What are the T4 all about? Tropes Transients Less well noticed © 2012 Forrester Research, Inc. Reproduction Prohibited Well noticed 3
  4. 4. Trend: webdevification of IT IN THE FUTURE, EVERY ENTERPRISE WILL OPEN AN API CHANNEL TO ITS DIGITAL PLATFORM Source: John Musser (formerly) of ProgrammableWeb.com © 2012 Forrester Research, Inc. Reproduction Prohibited 4
  5. 5. Confront the changes in your power relationship ACCESS CONTROL IS ABOUT PROTECTION AND MONETIZATION friction Y value X © 2012 Forrester Research, Inc. Reproduction Prohibited 5
  6. 6. A lot of identities float around an API ecosystem Source: April 5, 2013 Forrester report “API Management For Security Pros” © 2012 Forrester Research, Inc. Reproduction Prohibited 6
  7. 7. Open Web APIs are, fortunately, friendly to the Zero Trust model of security Initially treat all access requesters as untrusted. Require opt-in access. Apply identity federation through APIs. © 2012 Forrester Research, Inc. Reproduction Prohibited Source: November 15, 2012, Forrester report “No More Chewy Centers: Introducing The Zero Trust Model Of Information Security” 7
  8. 8. Trend: IAM x cloud ZERO TRUST CALLS FOR DISTRIBUTED SINGLE SOURCES OF TRUTH Prefer these choices when crossing domains Provision just in time through SSO Synchronize accounts periodically Bind to a user store and replay credentials © 2012 Forrester Research, Inc. Reproduction Prohibited Issue and manage a disconnected account 8
  9. 9. Identity plays only an infrastructural role in most cloud platforms DISRUPTION IS COMING FROM THE CLOUD IDENTITY SERVICES DARK HORSES cloud identity product with an actual SKU IAM functions user base and attributes cloud services © 2012 Forrester Research, Inc. Reproduction Prohibited 9
  10. 10. Transient: XACML XACML 3 IS STUCK AT MODERATE SUCCESS AND IS HEADING FOR DECLINE Adoption has government/compliance drivers, few accelerators, and many inhibitors It’s critical to open up the market for long-tail policy evaluation engines Webdevified and mobile-friendly scenarios demand different patterns of outsourced authorization © 2012 Forrester Research, Inc. Reproduction Prohibited
  11. 11. Authz grain needs to get…finer-grained field-level entitlements XACML etc. policy input scopegrained authz roles groups attributes WAM domain URL path sets of API calls field resource accessed © 2012 Forrester Research, Inc. Reproduction Prohibited 11
  12. 12. Plan for a new “Venn” of access control AN “XACML LITE” WOULD HAVE A POTENTIALLY VALUABLE ROLE TO PLAY © 2012 Forrester Research, Inc. Reproduction Prohibited 12
  13. 13. Trope: “Passwords are dead” OH, YEAH? correct hors e battery sta © 2012 Forrester Research, Inc. Reproduction Prohibited ple
  14. 14. We struggle to maximize authentication quality PARTICULARLY IN CONSUMER-FACING SERVICES Source: June 12, 20113 “Introducing The Customer Authentication Assessment Framework” Forrester report © 2012 Forrester Research, Inc. Reproduction Prohibited 14
  15. 15. Authentication schemes have different characteristics * ? *S2 is an affordance of passwords for “consensual impersonation” Source: June 12, 20113 “Introducing The Customer Authentication Assessment Framework” Forrester report, based on “The Quest to Replace Passwords: A Framework for Comparative Evaluation of Web Authentication Schemes” © 2012 Forrester Research, Inc. Reproduction Prohibited 15
  16. 16. Think in terms of “responsive design” for authentication LEVERAGE STRENGTHS AND MITIGATE RISKS – ONCE YOU KNOW THEM Know Do User identification based on something they… Have Are © 2012 Forrester Research, Inc. Reproduction Prohibited 16
  17. 17. Transparent: time-to-live strategies EXPIRATION HAS OUTSIZED VALUE VS. EXPLICIT REVOCATION OF ACCESS IN ZERO-TRUST ENVIRONMENTS © 2012 Forrester Research, Inc. Reproduction Prohibited
  18. 18. Closer to essential truth Summary of the T4 Transparent: Trends: Time-to-live strategies Webdevification of IT Cloud x IAM Trope: “Passwords are dead” Transient: Closer to truthiness XACML Less well noticed © 2012 Forrester Research, Inc. Reproduction Prohibited Well noticed 18
  19. 19. Thank you Eve Maler +1 617.613.8820 emaler@forrester.com @xmlgrrl

×