Your SlideShare is downloading. ×
Identity Beyond Employees: How Customer Experience Impacts Your IAM Practices
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Introducing the official SlideShare app

Stunning, full-screen experience for iPhone and Android

Text the download link to your phone

Standard text messaging rates apply

Identity Beyond Employees: How Customer Experience Impacts Your IAM Practices

464
views

Published on

Customer identity and access management (CIAM) is a high-priority imperative in the age of the customer. If your customers can’t register or log in for service, and can’t conduct transactions in an …

Customer identity and access management (CIAM) is a high-priority imperative in the age of the customer. If your customers can’t register or log in for service, and can’t conduct transactions in an easily usable manner, it really doesn’t much matter how your website, mobile app, or phone channel is architected; they may move on to your competition.Learn how customer experience influences IAM and security and what actions you can take to meet both sets of goals.

Published in: Technology

0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
464
On Slideshare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
50
Comments
0
Likes
2
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide
  • Abstract: Customer identity and access management (CIAM) is a high-priority imperative in the age of the customer. If your customers can’t register or log in for service, and can’t conduct transactions in an easily usable manner, it really doesn’t much matter how your website, mobile app, or phone channel is architected; they may move on to your competition. In this webinar, learn how customer experience influences IAM and security and what actions you can take to meet both sets of goals.
  • Image source: Flickr (http://www.flickr.com/) | CC BY 2.0 | https://www.flickr.com/photos/ladydragonflyherworld/8437959241
  • Image source: Reuters (http://www.reuters.com/article/2014/05/22/us-ebay-password-idUSBREA4K0B420140522)
  • Image source: http://correcthorsebatterystaple.net/
  • Image sources: openclipart.org, PowerPoint clip art
  • Image source: Telegraph Media (http://www.telegraph.co.uk/)
  • Image source: Telegraph Media (http://www.telegraph.co.uk/)
  • Image source: Telegraph Media (http://www.telegraph.co.uk/)
  • Ryan Air. Was making people go through captcha to go to the booking process.


    Source: RyanAir
  • Ryan Air. Was making people go through captcha to go to the booking process.


    Source: RyanAir
  • Ryan Air. Was making people go through captcha to go to the booking process.


    Source: RyanAir
  • Image source: Flickr (http://www.flickr.com/) | CC BY 2.0 | https://www.flickr.com/photos/boston_public_library/8902392223
  • Image source: http://panth77.deviantart.com/art/Odd-Couple-poster-test-97491102
  • Integral to public/private clouds
    Device computing is connecting everything
    Protecting from unauthorized access is no longer enough
    Enabling services across desktop, mobile, and APIs is essential



    Identity is an integral part of public and private cloud services.

    In recent years we have seen the emergence of a new reality in people and device computing, everything is connected. From power grids to smartphones, everything is connected to the internet and as a result everything is exposed to security breach.

    But effective identity and access management is not just about protecting things from unauthorized access, and that is what we are here to talk about today.

    Identity and access management is about enabling services for legitimate purpose, and bringing together a portfolio of services to support business outcomes like customer retention, cross selling of services, and customer satisfaction.






    As the collision of cloud-mobile-social-api economy grows to it’s inevitable conclusion, we are facing a massive explosion of internet endpoints, and a desperate future problem of securing and coordinating them.

    How does this begin to play out from a security perspective and how can an identity layer enable a simpler, more secure, and more fluid experience that matches the way your customers engage with you today? One of the main challenges we face in connecting with customers (as well as partners and applications) today is lack of portable, automated, discoverable and scalable identity management.

    Today we’ll talk at a high level about how a next-generation identity and access management layer encompassing the identity of:
    people and things
    passive analytics
    active feedback
    and automated connections to partners, customers, and apps underlies


  • We’re still in a bespoke era
    Endpoints are known, services highly structured
    Social logins and “profile free” access is the new norm


    Today we are at the “craftsman” stage of identity. Carefully constructed connections allow a small number of endpoints and users to be secured.

    Identity today is still in the craftsman stage where carefully constructed connections against known endpoints are secured around known uses.

    This is evolving quickly and in no small part to the proliferation of social networks and as a result the experience that your customers expect is shifting. Creating and managing a profile has given way to using a social login that provides the basics for establishing service. Your customers expect you to deliver increasingly personalized services to them based on who they are, their customer history, and inferred preferences.

    Think about your own behavior interacting with ecommerce sites, your bank, subscription services, and much more. We expect more from merchants, banks, our insurance company… we expect more without wanting to give more.
  • And it’s only going to get more demanding
    Recent Experian study stated the #1 reason for negative brand perceptions is bad customer experience, #3 is data breach

    Today we think of many customer access points – most fairly straightforward, albeit potentially out of the brands sphere of control -- a web portal, a mobile app, a partner site or application, a social channel or coupon site. These already pose a challenge in terms of “knowing” the customer from an identity perspective. But consider the environment consumers will live in over the next 5-10 years – an explosion of connected devices and endpoints – and the impact those will have on how customers interact with your brand.
  • Identity is the new security perimeter
    Services are dynamically provisioned according to user attributes
    Authentication is continuous and highly intelligent

    The future is exponential growth of users: not just customers, but partners, and the extended workforce – all connecting to an ever-expanding universe of endpoints (applications, services, devices)

    What’s pretty daunting to think about is that just at the point where customer expectations are rising, the challenges presented by mobility, device proliferation, and diversity of application services means that this is not an incremental layering of new security technology.

    Legacy approaches to security make the firewall the security perimeter, we propose that the identity itself, whether employees, your business partners or your customers, is the new security perimeter.

    Legacy solutions are ill-suited for new challenges
    Architectural limitations that arise from managing sessions and tokens in a world where:

    Access isn’t just about web apps any more
    Applications aren’t just inside the firewall anymore
    Customers’ identities don’t live in a central location
    Customer access points can’t be controlled

    The next generation of identity solutions solve for the security and control needed in today’s cloud-connected and mobile world
    Addresses all identity types (employees, customers, and partners) across all channels (web, mobile, and API)
    Encompasses every company resource (internal, private, or public cloud), from any device (desktop, tablet or mobile), in any location (inside or outside the network)
    Differs from legacy IAM solutions in that it is built from the ground up to break from siloed architectures
    Federated by default, built on open standards, and offers the widest array of deployment options (100% cloud, 100% data center, or hybrid environments)
    Replacing legacy stacks for enterprises shifting emphasis towards cloud and mobile platforms, while delivering mission critical security cloud-only start-ups cannot provide.


  • The reason we are here today is because consumers are changing
    The way they buy is more complex
    Their relationship with your brand hinges on how well you meet their increased expectations
    And how easy you make it for them


    Your customers’ digital world is exploding. The number of connected devices they touch in a given day continues to drastically increase. Not long ago, a generation of interconnected devices emerged – each with their own IP address. Now these devices not only have discrete IP addresses, they will all need their own identity, and enterprises will need to understand how those identities relate to their customer’s identities.

    What began as simple single sign on, has grown rapidly over the past decade, at a rate that continues to accelerate with mass consumer adoption of mobile, and the API economy. While we used to just be concerned with how a customer moved through the web experience, we now have to extend that to a fluid experience across channels, and what that means in terms of an authentication experience. Customers should be able to maintain states as they shift and do different things across those different channels.
  • And then came Oauth, targeted not at organizations implementing it to support their apps but instead at developers building identity protocols into their application offerings.


    Modern Identity Landscape
    Targeted at Application developers
    Learned from previous attempts



  • We have built on the success of OAuth with OpenID Connect, with critical capabilities for identity provider discovery and application registration.
    SCIM is crucial as a mechanism for API-based provisioning to any app that supports SCIM.

    Two pillars of scalable modern identity: SCIM and OIDC

    OIDC is crucial for modern identity
    IdP discovery – important as number of IdPS increase in the modern identity era.
    Applicaton registration. Provides a mechanism ern idetntiy.
    Scale: to enable applications (be they on mobile devices or web applications) to act on behalf of the user to do things.
    Finally delivers SSO via ID token for native devices (pivot to OAuth).

    SCIM
    Authorization and SSO isn’t possible without a provisioning event. aaS vendors have service level agreements that preclude the use of the enterprise identity store. The current insanity vis-à-vis proprietary provisioning won’t scale. SCIM is modern (REST-based) and is our last best hope at scalable provisioning because it delivers a standards-based approach.

  • And all of this extends to APIs

    OpenID Connect
    Authentication API (also enables SSO)
    Developer calls GetUserInfo API Endpoint
    Replace Login.jsp and the Password DB
    Federated Domain, Single Domains, whatever

    SCIM
    User Management API
    Create, Read, Update, Delete
    Developer exposes API to Add, Change & Delete user accounts

  • Where this leads us is to an API-centric approach for user authentication across apps, mobile, and custom applications, and standards-based provisioning of services.

    OpenID Connect
    Authentication API (also enables SSO)
    Developer calls GetUserInfo API Endpoint
    Replace Login.jsp and the Password DB
    Federated Domain, Single Domains, whatever

    SCIM
    User Management API
    Create, Read, Update, Delete
    Developer exposes API to Add, Change & Delete user accounts

  • Two pillars of scalable modern identity: SCIM and OIDC

    Not Identity Enabled API’s

    SCIM
    Authorization and SSO isn’t possible without a provisioning event. aaS vendors have service level agreements that preclude the use of the enterprise identity store. The current insanity vis-à-vis proprietary provisioning won’t scale. SCIM is modern (REST-based) and is our last best hope at scalable provisioning because it delivers a standards-based approach.

    OIDC is crucial for mod
    IdP discovery – important as number of IdpS increase in the modern identity era.
    Client registration. Provides a mechanism ern idetntiy. Scale:
    to enable applications (be they on mobile devices or web applications) to act on behalf of the user to do things.
    Finally delivers SSO via ID token for native devices (pivot to OAuth).

    This is all to say that the idea of an open platform that allows for new and emerging identity standards and protocols becomes paramount.

  • Passwords are the problem, we see a future with no passwords

    IT administration has to be automated, with as much self-service as possible
  • Our partner today, Forrester Research, has done extensive work in this area

    Identity isn’t just about securing your assets and managing risk, it’s about money

    In a composite example of a large insurance company with more than 8,000 employees, 19k agents, and 75k licensed agents serving 50 million policy holders we calculate incremental revenue of $45m from just reducing one contributor to customer churn.



    Enterprise federated identity isn’t just about easing the customer burden, or even reducing risk and improving security – it is both of those, but perhaps more significantly, it has a direct impact on revenue generation. In a recent Total Economic Impact study conducted by Forrester Research, results showed significant revenue potential for consumer-facing implementations.

    The composite organization used for this economic impact included both a Fortune 500 insurance company providing supplemental insurance in the US and select international markets. Its users include more than 8,000 employees, more than 19,000 sales agents, and more than 75,000 licensed sales agents. It also provides access for subsets of its 50 million policyholders worldwide as well as a a multinational banking and financial services organization with more than 55 million customers worldwide and 260,000 employees.






  • Founded: 2002
    Offices: Denver, Boston, Vancouver, London, Tokyo, Salt Lake, San Francisco
    Employees: 350+
  • The time of building purpose-built identity silos is over. The next generation identity platform delivers a layer unifying disparate identity architectures of legacy systems, and allows the enterprise to emerge into the future.

    I’ll leave you with a few insights into what you can/should begin thinking about today. [points listed above]


  • Transcript

    • 1. Identity Beyond Employees: How Customer Experience Impacts Your IAM Practices Eve Maler, Principal Analyst May 28, 2014
    • 2. Customer experience is not monolithic
    • 3. © 2014 Forrester Research, Inc. Reproduction Prohibited 3 Users are escaping captivity Benefit in sharing credentials Degree of freedom to walk away from relationship Baseline Greater benefit Large benefit None (captive) Some at cost A lot
    • 4. © 2014 Forrester Research, Inc. Reproduction Prohibited 4 Users are escaping captivity Benefit in sharing credentials Degree of freedom to walk away from relationship Baseline Greater benefit Large benefit None (captive) Some at cost A lot Regular employee Contractor Privileged employee Employee of partner
    • 5. © 2014 Forrester Research, Inc. Reproduction Prohibited 5 Users are escaping captivity Benefit in sharing credentials Degree of freedom to walk away from relationship Baseline Greater benefit Large benefit None (captive) Some at cost A lot Regular employee Contractor Nonpaying affiliate Paying affiliate Privileged employee Employee of partner
    • 6. © 2014 Forrester Research, Inc. Reproduction Prohibited 6 Users are escaping captivity Benefit in sharing credentials Degree of freedom to walk away from relationship Baseline Greater benefit Large benefit None (captive) Some at cost A lot Regular employee Contractor Nonpaying affiliate Paying affiliate Bank customer Privileged employee Payout beneficiary Employee of partner
    • 7. © 2014 Forrester Research, Inc. Reproduction Prohibited 7 Users are escaping captivity Benefit in sharing credentials Degree of freedom to walk away from relationship Baseline Greater benefit Large benefit None (captive) Some at cost A lot Regular employee Contractor Nonpaying affiliate Paying affiliate Bank customer Privileged employee Social network user Retail customer Payout beneficiary Employee of partner
    • 8. © 2014 Forrester Research, Inc. Reproduction Prohibited 8 Users are escaping captivity Benefit in sharing credentials Degree of freedom to walk away from relationship Baseline Greater benefit Large benefit None (captive) Some at cost A lot Regular employee Contractor Nonpaying affiliate Paying affiliate Bank customer Privileged employee Social network user Retail customer Service- paying customer Payout beneficiary Employee of partner
    • 9. © 2014 Forrester Research, Inc. Reproduction Prohibited 9 But the Internet has become a bad neighborhood
    • 10. © 2014 Forrester Research, Inc. Reproduction Prohibited 10 We see the disproportionate targeting of credentials in the data Source: December 30, 2013, “Market Overview: Employee And Customer Authentication Solutions In 2013, Part 1 Of 2” Forrester report
    • 11. © 2014 Forrester Research, Inc. Reproduction Prohibited 11 What do customers experience when security goes bad? › A few: major consequences such as identity theft
    • 12. © 2014 Forrester Research, Inc. Reproduction Prohibited 12 What do customers experience when security goes bad? › A few: major consequences such as identity theft › Many: loss of trust in the brand
    • 13. © 2014 Forrester Research, Inc. Reproduction Prohibited 13 What do customers experience when security goes bad? › A few: major consequences such as identity theft › Many: loss of trust in the brand › Everyone: an involuntary password reset flow
    • 14. © 2014 Forrester Research, Inc. Reproduction Prohibited 14 What do customers experience on a good day? › Onerous account registration forms › Those @%@#$ password policies… › …that are both hard to choose and hard to remember… › …and usually aren’t even secure › Those @%@#$ security questions
    • 15. © 2014 Forrester Research, Inc. Reproduction Prohibited 15 When user self-service fails…you pay › In CSR costs › In user experience friction
    • 16. © 2013 Forrester Research, Inc. Reproduction Prohibited Source: Google - The New Multi-screen World: Understanding Cross-platform Consumer Behavior, August 2012 People cross devices to accomplish a single goal
    • 17. © 2014 Forrester Research, Inc. Reproduction Prohibited 17 “Mobile first” means IT security has less room to maneuver than ever › Business owners want in- app registration and login.
    • 18. © 2014 Forrester Research, Inc. Reproduction Prohibited 18 “Mobile first” means IT security has less room to maneuver than ever › Business owners want in- app registration and login. › Individuals demand user experiences with a clear purpose.
    • 19. © 2014 Forrester Research, Inc. Reproduction Prohibited 19 “Mobile first” means IT security has less room to maneuver than ever › Business owners want in- app registration and login. › Individuals demand user experiences with a clear purpose. › Security task flows on mobile devices feel different.
    • 20. Responsive design for CIAM enables security and experience
    • 21. © 2012 Forrester Research, Inc. Reproduction Prohibited Typical external users and IAM needs in a franchise-type business 21 External Managed Unmanaged Sole Group • Retail customer • Requires self-registration • Can be inactivated • All partners • Must follow per-country regulations • May need high assurance • Multi-employee partner • Complex record structure • Needs delegated administration and entitlement management • Sole proprietor partner • Simple record structure
    • 22. © 2012 Forrester Research, Inc. Reproduction Prohibited • Optional• Optional• Optional Possible segmentation of identity sources 22 Unified IAM framework RP interface IdP interface • Other partners IdP interface • Retail customers RP interface IdP interface IdP interface RP interface • Managed by cloud broker • Social IdPs • Employees • Some partners • Natively managed
    • 23. © 2014 Forrester Research, Inc. Reproduction Prohibited 23 Ways CIAM is unique › CX can have a direct impact on the top line › Multiple customer-facing properties › Complete lack of mobile device security controls › Scale and volume, along several dimensions
    • 24. © 2014 Forrester Research, Inc. Reproduction Prohibited 24 Source: May 22, 2014 “Introducing Forrester's Customer IAM Security Maturity Assessment Model” Forrester report What engagement channels are you providing? …and what is the importance of each?
    • 25. © 2014 Forrester Research, Inc. Reproduction Prohibited 25 Source: May 22, 2014 “Introducing Forrester's Customer IAM Security Maturity Assessment Model” Forrester report What life cycle elements now become relevant? …and what authentication role does each channel serve at each moment?
    • 26. © 2014 Forrester Research, Inc. Reproduction Prohibited 26 Security best practices that are usability-friendly: leveraging context User identification based on something they . . . Know. Have. Are. Do.
    • 27. © 2014 Forrester Research, Inc. Reproduction Prohibited 27 Usability Deployability Security Memorywise- Effortless Accessible Resilient-to-Physical-Observation Scalable-for- Users Negligible-Cost-per- User Resilient-to-Targeted-Impersonation Nothing-to-Carry Server-Compatible Resilient-to-Throttled-Guessing Physically- Effortless Nothing-to-Provision- to-User Resilient-to-Unthrottled-Guessing Easy-to-Learn Mature Resilient-to-Internal-Observation Efficient-to-Use Multiple-Purposes Resilient-to-Leaks-from-Other-Verifiers Infrequent-Errors Available-Offline Resilient-to-Phishing Easy-Recovery- from-Loss Resilient-to-Theft No-Trusted-Third-Party Requiring-Explicit-Consent Unlinkable Risk-based techniques improve “UDS”
    • 28. © 2014 Forrester Research, Inc. Reproduction Prohibited 28 Usability Deployability Security Memorywise- Effortless Accessible Resilient-to-Physical-Observation Scalable-for- Users Negligible-Cost-per- User Resilient-to-Targeted-Impersonation Nothing-to-Carry Server-Compatible Resilient-to-Throttled-Guessing Physically- Effortless Nothing-to-Provision- to-User Resilient-to-Unthrottled-Guessing Easy-to-Learn Mature Resilient-to-Internal-Observation Efficient-to-Use Multiple-Purposes Resilient-to-Leaks-from-Other-Verifiers Infrequent-Errors Available-Offline Resilient-to-Phishing Easy-Recovery- from-Loss Resilient-to-Theft No-Trusted-Third-Party Requiring-Explicit-Consent Unlinkable Risk-based techniques improve “UDS”
    • 29. © 2014 Forrester Research, Inc. Reproduction Prohibited 29 Security best practices that are usability-friendly: leveraging mobile As a secondary channel ›True OOB authentication ›Contextual fairy dust with device identification and reputation
    • 30. © 2014 Forrester Research, Inc. Reproduction Prohibited 30 Security best practices that are usability-friendly: leveraging mobile As a secondary channel ›True OOB authentication ›Contextual fairy dust with device identification and reputation As a primary channel ›In-app integration for seamless authentication ›Contextual fairy dust to strengthen the singular channel
    • 31. © 2014 Forrester Research, Inc. Reproduction Prohibited 31 31 Usability best practices that cost nothing to remember: clarity and context sensitivity
    • 32. © 2014 Forrester Research, Inc. Reproduction Prohibited 32
    • 33. © 2014 Forrester Research, Inc. Reproduction Prohibited 33
    • 34. © 2014 Forrester Research, Inc. Reproduction Prohibited 34
    • 35. © 2014 Forrester Research, Inc. Reproduction Prohibited 35 35 Usability best practices that cost nothing to remember: feedback
    • 36. Sew together experiences that maximize success
    • 37. © 2013 Forrester Research, Inc. Reproduction Prohibited People use multiple touchpoints at once Source: Google - The New Multi-screen World: Understanding Cross-platform Consumer Behavior, August 2012
    • 38. © 2014 Forrester Research, Inc. Reproduction Prohibited 38 So, prepare for channel-jumping › Unify back-end records so that the user experiences no latency in “what you know” about him
    • 39. © 2014 Forrester Research, Inc. Reproduction Prohibited 39 So, prepare for channel-jumping › Unify back-end records so that the user experiences no latency in “what you know” about him › Leverage contextual cues to enable a channel to be “in-band” for primary tasks and “out-of-band” for authentication tasks
    • 40. © 2014 Forrester Research, Inc. Reproduction Prohibited 40 So, prepare for channel-jumping › Unify back-end records so that the user experiences no latency in “what you know” about him › Leverage contextual cues to enable a channel to be “in-band” for primary tasks and “out-of-band” for authentication tasks › Match session length to the entirety of the risk: the nature of the transaction, channel, user…
    • 41. © 2014 Forrester Research, Inc. Reproduction Prohibited 41 IT and the business are expected to work hand in hand
    • 42. © 2014 Forrester Research, Inc. Reproduction Prohibited 42 So, negotiate! › Hammer out agreement on formal levels of risk › Map tasks and channels to them › Seek the highest security maturity scores for the most important tasks and channels
    • 43. © 2014 Forrester Research, Inc. Reproduction Prohibited 43 Source: May 22, 2014 “Forrester's Customer IAM Security Maturity Assessment Model” Forrester tool So, negotiate! › Hammer out agreement on formal levels of risk › Map tasks and channels to them › Seek the highest security maturity scores for the most important tasks and channels Deregister device We allow users to deregister a device explicitly. Yes We authenticate users before allowing this task to proceed. Yes We keep track of devices that have been associated with a user. Yes We notify the customer in an email or SMS text message if a device has been deregistered. No A customer can have only a limited number (e.g., 10) of registered devices across all channels. No
    • 44. Thank you Eve Maler +1 425.345.6756 emaler@forrester.com @xmlgrrl
    • 45. THE IDENTITY INDUSTRY IS EXPLODING
    • 46. TODAY
    • 47. NEW PARADIGM IN SECURITY  Single-point access to applications within the firewall – Proprietary – On-premise – Web only – Single domain Legacy Security Model  Cloud, Social, Mobile & Data drive a new approach – Open standards – Hybrid, datacenter and cloud – Web, API and mobile – Federated by default Next-Gen Identity Model 76% of Network Intrusions Exploited Weak or Stolen Passwords (1) Traditional Identity Management not Working (1) Verizon Data Breach Investigations Report 2013
    • 48. THE CONNECTED CUSTOMER Single Channel Multichannel Multiple Identities Omnichannel Customers experience a single type of touch-point Customers see multiple touch- points acting independently. Customers see multiple touch- points as part of the same brand. Customers experience a brand, not a channel within a brand. Confidential — do not distribute Copyright © 2014 Ping Identity Corp. All rights reserved. 49
    • 49. EMERGING IDENTITY LAYER Simplify access Manage identities Single customer view Connect apps Scale and grow
    • 50. OPEN ACCESS
    • 51. IDENTITY WEAKNESSES EXPLOITED ~110M accounts jeopardized ~5M usernames & phone numbers stolen ~7M passwords stolen ~250K passwords stolen ~38M usernames & passwords stolen ~318K accounts hacked ~50M usernames & passwords stolen ~50M user accounts compromised  2013 was the most historic year for cyber attacks  Several prominent brands experienced high profile data breaches  Hundreds of millions of usernames, passwords and accounts were jeopardized  Stolen social media credentials fetch more than credit card numbers on cybercrime black markets
    • 52.  Secures Access to Any App, on Any Device from Any Location  Enterprise Grade  Flexible Hybrid Deployment  Committed to Open Standards  Web, Mobile, and API  Committed to Open Standards  Web, Mobile, and API  Simple to Advanced Use-Case Support in a Single Platform CENTRALIZE CONTROL Ping Identity – Ushering in the New Era of Identity
    • 53. SINGLE CUSTOMER VIEW
    • 54. TODAY’S IDENTITY PROTOCOL LANDSCAPE SAML LDAP X.509
    • 55. MODERN IDENTITY PROTOCOL STACK OAuth 2.0
    • 56. MODERN IDENTITY PROTOCOL STACK OpenID Connect SCIM OAuth 2.0
    • 57. Security for APIs APIs FOR IDENTITY OpenID Connect SCIM
    • 58. Security for APIs User Authentication API User Management API APIs FOR IDENTITY
    • 59. Security for APIs User Authentication API User Management API APIs FOR IDENTITY (Not identity-enabled APIs)
    • 60. FUNDAMENTAL TENETS TO SCALE • No more passwords • Automate as much as possible – Eliminate IT Administrative overhead – Application registration is dynamic • Ease of use – Effortless self service – Developer-friendly – IT-friendly – User-friendly
    • 61. IMPACT EXPERIENCEAND REVENUE Confidential — do not distribute Copyright © 2014 Ping Identity Corp. All rights reserved. 62 For a more detailed analysis on the Total Economic Impact of Ping solutions, please join us for a webinar on September 26 at 11am ET. https://www.pingidentity.com/about-us/event-detail.cfm?customel_datapageid_1455=71219 $12M $21M $45M Incremental revenue from faster time-to- market following M&A activity Incremental revenue from reduced application dropout rates Incremental revenue from white-labeled apps
    • 62. Copyright © 2014 Ping Identity Corp. All rights reserved. 63  Half of the Fortune 100  4 of the 6 Largest US Banks  8 of the 10 Largest Biopharmas  3 of the 5 Largest Healthcare Plans CUSTOMER SUMMARY GLOBAL LEADERS & INNOVATORS 1,000+ global customers 98% customer satisfaction 93% customer retention SI, TECH & SAAS PARTNERS  Offices: Denver, Boston, Vancouver, London, San Francisco, Halifax, Tel Aviv, Tokyo  Employees: 350  Founded: 2002 COMPANY BACKGROUND STANDARDS BODY PARTICIPATION THE IDENTITY SECURITY COMPANY
    • 63. WHAT IS ACTIONABLE? • Apps and devices need a modern identity protocol stack – Starts with OAuth 2.0, OpenID Connect and SCIM • No more passwords – Federated access by default • Ease of use means automate everything – Or enable self-service as a backup
    • 64. Thank You Confidential — do not distribute Copyright © 2014 Ping Identity Corp. All rights reserved. 65 Eve Maler +1 425.345.6756 emaler@forrester.com @xmlgrrl Jeff Nolan +1 650.430.3947 jnolan@pingidentity.com @jeffnolan