Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

CIS13: Don't Panic! How to Apply Identity Concepts to the Business

463 views

Published on

Pamela Dingle, Technical Director, Ping Identity
Applying concepts of identity and access to real world business situations is really just a case of knowing where one's towel is. Once you have a working, accurate identity lifecycle, and the tools to leverage that lifecycle across business domains, the last thing to do is to apply those tools to the problems at hand. Pamela Dingle will walk you through real world use cases and discuss how everything works together, so that your organization can do its very best to figure out the right questions to ask for success (of course we already know the answer is 42).

Published in: Technology, Business
  • Be the first to comment

  • Be the first to like this

CIS13: Don't Panic! How to Apply Identity Concepts to the Business

  1. 1. Copyright ©2013 Ping Identity Corporation. All rights reserved.1 The How to Apply Identity Concepts to the Business P. Dingle Ping Identity, CIS 2013
  2. 2. Copyright ©2013 Ping Identity Corporation. All rights reserved.2 •  f Hammers are Fun – but what’s the Construction Project?
  3. 3. Copyright ©2013 Ping Identity Corporation. All rights reserved.3 Risks must be identified and mitigated The NAILS of Business: RISK and ENABLEMENT http://www.flickr.com/photos/nicolopaternoster/3933549608 When risk is understood and measured, it does not have to hold you back http://www.flickr.com/photos/boogieswithfish/5173834794/
  4. 4. Copyright ©2013 Ping Identity Corporation. All rights reserved.4 •  How does the business run today? –  Where are the inefficiencies –  Where is the danger •  How can the risk be mitigated? •  What can success enable? •  What are common solution architectures? •  How do you know when you’re done? DIY: Explaining & Measuring Identity & Access Risk http://www.flickr.com/photos/hadesigns/3223831119
  5. 5. Copyright ©2013 Ping Identity Corporation. All rights reserved.5 •  Every application is written to run as an island –  User Account Store –  Login Page –  Password Recovery Mechanism –  Administration Console Basic Challenges: Application Isolation http://www.flickr.com/photos/sussetuss77/8582289800
  6. 6. Copyright ©2013 Ping Identity Corporation. All rights reserved.6 •  Management Inefficiency becomes Security Risk –  1000 Applications require 1000 Administrators to get the memo about Fred changing roles •  How long does it take to change Fred’s access? •  How many applications are missed or never know? •  Data Divergence –  How many admins update Janice’s surname when she gets married? •  How many help desk calls does she have to make? •  What if the data that is obsolete is her job role? •  What happens if the corporate username standard is first-intial-last- name? •  Disgruntled Employees are a serious risk –  When Fred gets fired, can you protect your assets? •  Cloud assets are at greatest risk •  Inefficient administrative process can cost millions Risks of Application Silos
  7. 7. Copyright ©2013 Ping Identity Corporation. All rights reserved.7 •  Every application has a different security regime –  Separately emulating policies around passwords, data retention, roles, minimal disclosure in a thousand applications is a non-starter •  Lifetime Employee Problem –  How many incorrect permissions does an employee have if he’s perfomed multiple jobs at the company? •  How can you expect staff to consistently adhere to policy if you can’t consistently apply it? Basic Challenges: Inconsistent Policy & Interaction http://www.flickr.com/photos/kaiban/4351734363
  8. 8. Copyright ©2013 Ping Identity Corporation. All rights reserved.8 •  Users who can bypass policy could: –  Be phished –  Practice poor security hygiene –  Breach separation of duty rules –  Access unapproved applications –  Get really ticked off because they never understand how to comply •  Businesses who can’t judge policy: –  Can’t see what is happening –  Must blindly trust that execution matches expectation –  Cannot prove anything Risk: Inadvertent Breach of Security Policies
  9. 9. Copyright ©2013 Ping Identity Corporation. All rights reserved.9 •  Shadow IT –  The cost boundary for software has been compromised –  Monthly subscriptions can fly under the wire –  IT may never know that applications are in use •  Orphaned Accounts –  Admin gets fired –  Group stops using tool •  Password Abuse –  Cloud app hacked –  Corporate creds stolen Challenges: Cloud Applications http://www.flickr.com/photos/pinksherbet/179279964
  10. 10. Copyright ©2013 Ping Identity Corporation. All rights reserved.10 •  Loss of Visibility –  IT no longer knows what apps are in use •  Loss of Control –  User may start in the cloud and end in the cloud –  Relationship is between cloud application and user –  Business doesn’t control policy, session, or logs Risks: Cloud Applications
  11. 11. Copyright ©2013 Ping Identity Corporation. All rights reserved.11 •  Hardware you might not own or control •  Personal data and Private data colocated •  Much easier object to steal or lose •  Difficulty in typing credentials on tiny keyboards •  Huge expanding set of connections –  Multiple applications on thousands of devices •  APIs may represent all new application silow Challenges: Mobile http://www.flickr.com/photos/32245753@N07/3333572689 •  Developers may want to do their own thing •  You can’t get web working and forget about services
  12. 12. Copyright ©2013 Ping Identity Corporation. All rights reserved.12 •  Industry best practice in Enterprise has been to build a set of services to abstract the management of identities and coarse grained access away from applications –  Central infrastructure, managed by IT –  One (or very few) single source(s) of truth for User Presence in the organization –  One place to set and enforce policies •  Result: INTERCONNECTIVITY –  Apps need to trust infrastructure –  Vendors/developers need to help An Answer: 42 Identity/Access Management http://www.flickr.com/photos/23881436@N05/2853260749
  13. 13. Copyright ©2013 Ping Identity Corporation. All rights reserved.13 •  [meta]Directories •  Provisioning Solutions –  Automation of account lifecycle •  Web Access Management Solutions •  Federation Solutions •  SIEM, multifactor •  Workflow Common Solutions to Identity and Access Risk?
  14. 14. Copyright ©2013 Ping Identity Corporation. All rights reserved.14 The Question: Integration Answer: Standards!
  15. 15. Copyright ©2013 Ping Identity Corporation. All rights reserved.15 •  Backend Synchronization –  Push identity data directly into databases –  Great inside the Enterprise, impossible in the clouds •  Proprietary Protection schemes •  Standards-based interaction –  Use standardized interfaces to pass data in auditable ways •  APIs •  Protocols Options for Identity Architects
  16. 16. Copyright ©2013 Ping Identity Corporation. All rights reserved.16 •  Sometimes it’s better to link constellations of apps instead of directly connect to apps –  Often you find groups of apps that already have SSO enabled Good Business: Interfederation not Refederation
  17. 17. Copyright ©2013 Ping Identity Corporation. All rights reserved.17 •  Users know what to expect –  Consistent ceremony •  Lifecycle can be explained by your superiors •  App access on Day One •  Zero day de-provisioning •  Lifetime employees lose access when they change jobs •  Execs comfortable attesting •  The D can by BYO’d Signs of Success --- AKA proving ROI http://www.flickr.com/photos/geckoam/2723280142
  18. 18. Copyright ©2013 Ping Identity Corporation. All rights reserved.18 •  Pamela Dingle: @pamelarosiedee –  http://eternallyoptimistic.com •  Nishant Kaushik: @NishantK –  http://blog.talkingidentity.com •  Dale Olds: @daleolds –  http://virtualsoul.org Thank You!

×