Your SlideShare is downloading. ×
0
Identity Is the New Currency
Identity Is the New Currency
Identity Is the New Currency
Identity Is the New Currency
Identity Is the New Currency
Identity Is the New Currency
Identity Is the New Currency
Identity Is the New Currency
Identity Is the New Currency
Identity Is the New Currency
Identity Is the New Currency
Identity Is the New Currency
Identity Is the New Currency
Identity Is the New Currency
Identity Is the New Currency
Identity Is the New Currency
Identity Is the New Currency
Identity Is the New Currency
Identity Is the New Currency
Identity Is the New Currency
Identity Is the New Currency
Identity Is the New Currency
Identity Is the New Currency
Identity Is the New Currency
Identity Is the New Currency
Identity Is the New Currency
Identity Is the New Currency
Identity Is the New Currency
Identity Is the New Currency
Identity Is the New Currency
Identity Is the New Currency
Identity Is the New Currency
Identity Is the New Currency
Identity Is the New Currency
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Identity Is the New Currency

116

Published on

Video and slides synchronized, mp3 and slide download available at URL http://bit.ly/1nYkEL4. …

Video and slides synchronized, mp3 and slide download available at URL http://bit.ly/1nYkEL4.

Paul Simmonds discusses the importance of identity and attribute information that will define how access to the functionality and how data is governed by applications in the near future. Filmed at qconlondon.com.

Paul Simmonds is the CEO of the Global Identity Foundation, as well as a consulting CISO and previously was the Global CISO for AstraZeneca, Global CISO for ICI, Head of Information Security with a high security web provider and Global Information Security Manager at Motorola. He's been awarded both "Chief Security Officer of the Year" and "Best Security Implementation" at the SC Magazine Awards.

Published in: Technology, Business
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
116
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
0
Comments
0
Likes
1
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Copyright, The Global Identity Foundation 2014 Identity is the new Currency Paul Simmonds CEO The Global Identity Foundation uk.linkedin.com/in/psimmonds/ www.globalidentityfoundation.org info@globalidentityfoundation.org
  • 2. InfoQ.com: News & Community Site • 750,000 unique visitors/month • Published in 4 languages (English, Chinese, Japanese and Brazilian Portuguese) • Post content from our QCon conferences • News 15-20 / week • Articles 3-4 / week • Presentations (videos) 12-15 / week • Interviews 2-3 / week • Books 1 / month Watch the video with slide synchronization on InfoQ.com! http://www.infoq.com/presentations /identity-currency
  • 3. Presented at QCon London www.qconlondon.com Purpose of QCon - to empower software development by facilitating the spread of knowledge and innovation Strategy - practitioner-driven conference designed for YOU: influencers of change and innovation in your teams - speakers and topics driving the evolution and innovation - connecting and catalyzing the influencers and innovators Highlights - attended by more than 12,000 delegates since 2007 - held in 9 cities worldwide
  • 4. Copyright, The Global Identity Foundation 2014 Agenda Background to the problem(s) • Externalisation of Data • The Identity problem(s) Design requirements • Entitlement • Entities • Trusted Attributes Examples Personas and future states Challenges Summary Q&A
  • 5. Copyright, The Global Identity Foundation 2014 Data is being externalised Internal De-perimeterised External Collaboration (Secured) Cloud Old Data Then Data Now Data Near Future Data Future? Data The security of the network becomes increasingly irrelevant, and the security and integrity of the data becomes everything. Cloud: Computing performed within the Internet De-perimeterisation: The breakdown of the corporate border as a security control
  • 6. Copyright, The Global Identity Foundation 2014 Question? Given a choice; ★ When faced with a request for user-name and other information ★ How many people abandon the transaction? 66%2013 Mobile Consumer Insights, Jumio, Inc
  • 7. Copyright, The Global Identity Foundation 2014 Question? How many people shop with an existing supplier ★ Even when it’s more expensive ★ Rather than create a new account elsewhere? 39%Ukash research, Sept 2013
  • 8. Copyright, The Global Identity Foundation 2014 Jericho Forum Commandment #8 Authentication, authorisation and accountability must interoperate / exchange outside of your locus / area of control – People/systems must be able to manage permissions of resources and rights of users they don't control – Multiple loci (areas) of control must be supported Identity, Management and Federation
  • 9. Copyright, The Global Identity Foundation 2014 “IAM” Vicious Cycle My Access Control System only links to my Identity system Thus all people requiring access must be in my Identity system Thus all my systems must talk to my Access Management system I have a single “IAM” System
  • 10. Copyright, The Global Identity Foundation 2014 Passwords are dead
  • 11. Copyright, The Global Identity Foundation 2014 Identity must be separated from Access Management ● An Identity solution must provide identity to multiple, disparate, Entitlement and Access Management solutions ● Access Management must consume identity and entitlement from multiple sources. 1
  • 12. Copyright, The Global Identity Foundation 2014 The big lie of computer security is that security improves by imposing complex passwords on users. In real life, people write down anything they can't remember. Security is increased by designing for the way humans actually behave Jakob Nielsen
  • 13. Copyright, The Global Identity Foundation 2014 Entitlement Making a risk-based decision ★ About access to data and/or systems ★ Based on the trusted identity and attributes ★ Of all the entities and components in the transaction chain
  • 14. Copyright, The Global Identity Foundation 2014 Identity Source #1 Identity Source #2 Attribute Source #1 Attribute Source #3 Access Management NetworkAccess SystemAccess ApplicationAccess ProcessAccess DataAccess Authorization Entitlement Rules Entitlement Process Source: Cloud Security Alliance: Guidance v3.0 Entitlement
  • 15. Copyright, The Global Identity Foundation 2014 Entitlement Source: Cloud Security Alliance: Guidance v3.0
  • 16. Copyright, The Global Identity Foundation 2014 Identity is not just about people ● Identity needs to encompass all objects that need to identify themselves ● This includes; ● People ● Devices ● Code ● Organisations ● Agents. 2
  • 17. Copyright, The Global Identity Foundation 2014
  • 18. Copyright, The Global Identity Foundation 2014 HR Example - The old state
  • 19. Copyright, The Global Identity Foundation 2014 HR Example - The new state
  • 20. Copyright, The Global Identity Foundation 2014 HR Example - The cloud state
  • 21. Copyright, The Global Identity Foundation 2014 The new DMZ (Externalised Applications)
  • 22. Copyright, The Global Identity Foundation 2014 • No differentiation between “internal” and “external” • Data is the new perimeter • Solution based on designing for an entitlement based solution • Internal = External = Private Cloud = Public Cloud Architecture Summary
  • 23. Copyright, The Global Identity Foundation 2014 Federation of existing IAM system will not scale ● Technically difficult ● n-factorial problem ● Transitive trusts problem ● A “trusted assertion” based solutions will allow both scalability and flexibility. 3
  • 24. Copyright, The Global Identity Foundation 2014 How do we fix this? Architect it to operate as people operate Design for Personas Assert the binding between device and entity Immutable Binding
  • 25. Copyright, The Global Identity Foundation 2014 Identity Commandments • Entity-centric ID • Core Identity must be secret & protected • Primacy • Persona-based • Immutably linked entity • Attributes from authoritative sources
  • 26. Copyright, The Global Identity Foundation 2014 #3 Assume context at your peril • Security solutions designed for one environment may not be transferable to work in another Solution: • Understand (as much about) the context in which the transaction is taking place. • Understand the operating context of the entity Commandments
  • 27. Copyright, The Global Identity Foundation 2014 Operating with Personas
  • 28. Copyright, The Global Identity Foundation 2014 Core Identity (Core Identifier) Immutable binding of Core Identifier to an EntityGovernment Identifier Post Office Identifier Address Persona with Identifier Bank Identifier Credit Card Persona with Identifier Assertions: Purchase: 62in OLED 4k TV @ $60,000 Assert: This is my Amazon account Assert: This is my delivery address Assert: This is my HSBC Visa payment reference High Value Transaction (high risk transaction) eCommerce Persona with Identifier Merchant Identifier Multiple (tied) Assertions
  • 29. Copyright, The Global Identity Foundation 2014 Strong identity is key to trust and collaboration on the Internet ● The lack of Strong Identity is hindering adoption ● People operate with personas ● A strong, anonymous, core identity is key ● People must own their own core identity ● People must be able to control their identity ● Escalating individual personas to a pseudo-core will fail. 4
  • 30. Copyright, The Global Identity Foundation 2014 The Challenges (Now) • Hundreds of personal passwords to manage • Tens of corporate passwords to manage • Lack of authoritative sources for attributes • The rise of the self asserted ID (Weak BYOiD) • Single device, multiple users (£3700 Apple bill) • Passwords beyond their “sell-by” date • Managing people / users / access for entities you don’t employ • Managing devices you don’t own (or have access to) • Inability to consume someone else's (strong) identity
  • 31. Copyright, The Global Identity Foundation 2014 The Challenges (Near Future) • Internet of Things • Authoritative sources of attributes • BYOiD • Better trust required in the eco-system • Cars, Phones, Houses & Work utilising personas • Access to government e-Services (inc. anon. voting) • Agents, with access to our lives • Urgent need to extend identity to all entities • Need to make better risk-based decisions
  • 32. Copyright, The Global Identity Foundation 2014 In Summary Application and services that give granular and flexible access, irrespective of location, will win the business! ★ Thus, Data is the new perimeter; ★ And, Entitlement is how you control access to it; ★ And, Identity is what you use to drive entitlement. ★ Thus Identity is the new currency!
  • 33. Copyright, The Global Identity Foundation 2014 www.globalidentityfoundation.org ► Primacy ► Global Solution ► Open Standard ► Open Implementation ► Works Universally Join us on “Global Identity Foundation”
  • 34. Watch the video with slide synchronization on InfoQ.com! http://www.infoq.com/presentations/identity- currency

×