Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Deploying Strong
Authentication to a Global
Enterprise: A Comedy in
Three Acts
Laura E. Hunter
@adfskitteh
Cards Against I...
Act One: The Perpetual Pilot
Cards Against Identity
Microsoft IT’s Azure MFA
Deployment was in Pilot for
______ months…
Cards Against Identity
Cards Against Identity
Cards Against Identity Cards Against Identity
Cards Against Identity Cards Against Identity
Cards Against Identity
Cards Against Identity Cards Against Identity
1 month Cards Against Identity1 month Cards Against I...
Cards Against Identity
Cards Against Identity Cards Against Identity
1 month 2 months1 month 2 months
Cards Against Identity
6 months Cards Against Identity
1 month 2 months1 month 2 months
Cards Against Identity
6 months 12 months
1 month 2 months
12 months
Cards Against Identity
Why so long?
Cards Against Identity
“Sharp Edges” in the User
Experience
Cards Against Identity
Lack of Top-Down
Organizational Messaging
Cards Against Identity
A year-long pilot was still
worthwhile, because it
allowed IT to ___________
and ___________.
Cards Against Identity
Learn How To Operate a New
Service Offering
Cards Against Identity
Plan for Scale
Cards Against Identity
Act Two: The Inciting Event
Cards Against Identity
Cards Against Identity
What did Laura get for
Christmas this year?
Cards Against Identity
Cards Against Identity Cards Against Identity
Cards Against Identity Cards Against Identity
Cards Against Identity
Cards Against Identity Cards Against Identity
1 month Cards Against IdentityA pony Cards Against Id...
Cards Against Identity
Cards Against Identity Cards Against Identity
1 month 2 monthsA pony New shoes
Cards Against Identity
Back2back Seahawks
Super Bowl victories
Cards Against Identity
1 month 2 monthsA pony New shoes
Cards Against Identity
Back2back Seahawks
Super Bowl victories
A 9:30am Christmas-
morning conference 

call with her CISO...
A 9:30am Christmas-morning
conference call with her
CISO
Cards Against Identity
“Hey IT…you can roll out
strong auth to all Microsoft
users by the end of the
month, right?”
Cards Against Identity
Cards Against Identity
Cards Against Identity Cards Against Identity
Cards Against Identity Cards Against Identity
Cards Against Identity
Cards Against Identity Cards Against Identity
1 month Cards Against Identity“Is there a hole in the...
Cards Against Identity
Cards Against Identity Cards Against Identity
1 month 2 months“Is there a hole in the
ground that I...
Cards Against Identity
“Absolutely, boss. We
can get that done.”
Cards Against Identity
1 month 2 months“Is there a hole i...
Cards Against Identity
“Absolutely, boss. We
can get that done.”
“Sorry, can we chat
later? I’m watching
Winter Soldier.”
...
“Absolutely, boss. We can
get that done.”
Cards Against Identity
So how did it go, Laura?
Cards Against Identity
Executive sponsorship…
Cards Against Identity
…including acceptance of
some rough edges…
Cards Against Identity
…led to a largely successful
deployment of strong auth to
Microsoft employees.
Cards Against Identity
Act Three: The New Normal
Cards Against Identity
What Constitutes a
Legitimate Exception to
Strong Auth Policy?
Cards Against Identity
Cards Against Identity
Cards Against Identity Cards Against Identity
Cards Against Identity Cards Against Identity
Cards Against Identity
Cards Against Identity Cards Against Identity
1 month Cards Against Identity“I’m sitting on my sofa...
Cards Against Identity
Cards Against Identity Cards Against Identity
1 month 2 months“I’m sitting on my sofa
with my iPad....
Cards Against Identity
“I do customer demos.” Cards Against Identity
1 month 2 months“I’m sitting on my sofa
with my iPad....
Cards Against Identity
“I do customer demos.” “NEIN! NEIN! NEIN!

ZERE VIL’ BE NO
EXCEPTIONS!”
“I’m sitting on my sofa
wit...
After a Strong Auth Rollout,
What Will IT Get Blamed For?
Cards Against Identity
Cards Against Identity
Cards Against Identity Cards Against Identity
Cards Against Identity Cards Against Identity
Cards Against Identity
Cards Against Identity Cards Against Identity
1 month Cards Against Identity“I can’t get on wireles...
Cards Against Identity
Cards Against Identity Cards Against Identity
1 month 2 months“I can’t get on wireless,
is it becau...
Cards Against Identity
“The MDM PIN policy
changed, is this because
of 2FA?”
Cards Against Identity
1 month 2 months“I can...
Cards Against Identity
“The MDM PIN policy
changed, is this because
of 2FA?”
“<%insert name of app
%> wouldn’t launch this...
“The MDM PIN policy
changed, is this because of
2FA?”
Cards Against Identity
Postlude: The Road Ahead
Cards Against Identity
THANK YOU!
Laura E. Hunter
@adfskitteh
Cards Against Identity Template design:
stuart@stuartgil.es
Upcoming SlideShare
Loading in …5
×

CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in Three Acts - Laura Hunter

557 views

Published on

Does anybody remember seeing a big red button with the word “PANICK!” written on it? I know it was around here somewhere. Also, there’s all these cats running pell-mell around the place, can someone give me a hand in herding them?

In this real-world case study, come and learn how a Fortune 100 with a diverse and extremely mobile work-force was able to turn up strong authentication protections for our critical cloud resources, and how the IT department lived to tell the tale. You’ll hear about the technical implementation of strong authentication enforcement, and how we made key design decisions in the ongoing balancing act between security and user experience, and how we managed up-and-down the chain from executive stakeholders to the boots-on-the-ground who were being asked to join us on this new security adventure.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in Three Acts - Laura Hunter

  1. 1. Deploying Strong Authentication to a Global Enterprise: A Comedy in Three Acts Laura E. Hunter @adfskitteh Cards Against Identity
  2. 2. Act One: The Perpetual Pilot Cards Against Identity
  3. 3. Microsoft IT’s Azure MFA Deployment was in Pilot for ______ months… Cards Against Identity
  4. 4. Cards Against Identity Cards Against Identity Cards Against Identity Cards Against Identity Cards Against Identity
  5. 5. Cards Against Identity Cards Against Identity Cards Against Identity 1 month Cards Against Identity1 month Cards Against Identity
  6. 6. Cards Against Identity Cards Against Identity Cards Against Identity 1 month 2 months1 month 2 months
  7. 7. Cards Against Identity 6 months Cards Against Identity 1 month 2 months1 month 2 months
  8. 8. Cards Against Identity 6 months 12 months 1 month 2 months
  9. 9. 12 months Cards Against Identity
  10. 10. Why so long? Cards Against Identity
  11. 11. “Sharp Edges” in the User Experience Cards Against Identity
  12. 12. Lack of Top-Down Organizational Messaging Cards Against Identity
  13. 13. A year-long pilot was still worthwhile, because it allowed IT to ___________ and ___________. Cards Against Identity
  14. 14. Learn How To Operate a New Service Offering Cards Against Identity
  15. 15. Plan for Scale Cards Against Identity
  16. 16. Act Two: The Inciting Event Cards Against Identity
  17. 17. Cards Against Identity What did Laura get for Christmas this year?
  18. 18. Cards Against Identity Cards Against Identity Cards Against Identity Cards Against Identity Cards Against Identity
  19. 19. Cards Against Identity Cards Against Identity Cards Against Identity 1 month Cards Against IdentityA pony Cards Against Identity
  20. 20. Cards Against Identity Cards Against Identity Cards Against Identity 1 month 2 monthsA pony New shoes
  21. 21. Cards Against Identity Back2back Seahawks Super Bowl victories Cards Against Identity 1 month 2 monthsA pony New shoes
  22. 22. Cards Against Identity Back2back Seahawks Super Bowl victories A 9:30am Christmas- morning conference 
 call with her CISO A pony New shoes
  23. 23. A 9:30am Christmas-morning conference call with her CISO Cards Against Identity
  24. 24. “Hey IT…you can roll out strong auth to all Microsoft users by the end of the month, right?” Cards Against Identity
  25. 25. Cards Against Identity Cards Against Identity Cards Against Identity Cards Against Identity Cards Against Identity
  26. 26. Cards Against Identity Cards Against Identity Cards Against Identity 1 month Cards Against Identity“Is there a hole in the ground that I can disappear into right now?” Cards Against Identity
  27. 27. Cards Against Identity Cards Against Identity Cards Against Identity 1 month 2 months“Is there a hole in the ground that I can disappear into right now?” “Are you directly out of your everloving mind?”
  28. 28. Cards Against Identity “Absolutely, boss. We can get that done.” Cards Against Identity 1 month 2 months“Is there a hole in the ground that I can disappear into right now?” “Are you directly out of your everloving mind?”
  29. 29. Cards Against Identity “Absolutely, boss. We can get that done.” “Sorry, can we chat later? I’m watching Winter Soldier.” “Is there a hole in the ground that I can disappear into right now?” “Are you directly out of your everloving mind?”
  30. 30. “Absolutely, boss. We can get that done.” Cards Against Identity
  31. 31. So how did it go, Laura? Cards Against Identity
  32. 32. Executive sponsorship… Cards Against Identity
  33. 33. …including acceptance of some rough edges… Cards Against Identity
  34. 34. …led to a largely successful deployment of strong auth to Microsoft employees. Cards Against Identity
  35. 35. Act Three: The New Normal Cards Against Identity
  36. 36. What Constitutes a Legitimate Exception to Strong Auth Policy? Cards Against Identity
  37. 37. Cards Against Identity Cards Against Identity Cards Against Identity Cards Against Identity Cards Against Identity
  38. 38. Cards Against Identity Cards Against Identity Cards Against Identity 1 month Cards Against Identity“I’m sitting on my sofa with my iPad. My laptop is on my kitchen table and I don’t feel like getting up to go get it.” Cards Against Identity
  39. 39. Cards Against Identity Cards Against Identity Cards Against Identity 1 month 2 months“I’m sitting on my sofa with my iPad. My laptop is on my kitchen table and I don’t feel like getting up to go get it.” Retail employees working the sales floor.
  40. 40. Cards Against Identity “I do customer demos.” Cards Against Identity 1 month 2 months“I’m sitting on my sofa with my iPad. My laptop is on my kitchen table and I don’t feel like getting up to go get it.” Retail employees working the sales floor.
  41. 41. Cards Against Identity “I do customer demos.” “NEIN! NEIN! NEIN!
 ZERE VIL’ BE NO EXCEPTIONS!” “I’m sitting on my sofa with my iPad. My laptop is on my kitchen table and I don’t feel like getting up to go get it.” Retail employees working the sales floor.
  42. 42. After a Strong Auth Rollout, What Will IT Get Blamed For? Cards Against Identity
  43. 43. Cards Against Identity Cards Against Identity Cards Against Identity Cards Against Identity Cards Against Identity
  44. 44. Cards Against Identity Cards Against Identity Cards Against Identity 1 month Cards Against Identity“I can’t get on wireless, is it because of 2FA?” Cards Against Identity
  45. 45. Cards Against Identity Cards Against Identity Cards Against Identity 1 month 2 months“I can’t get on wireless, is it because of 2FA?” “I can’t renew my smart card, is this because of 2FA?”
  46. 46. Cards Against Identity “The MDM PIN policy changed, is this because of 2FA?” Cards Against Identity 1 month 2 months“I can’t get on wireless, is it because of 2FA?” “I can’t renew my smart card, is this because of 2FA?”
  47. 47. Cards Against Identity “The MDM PIN policy changed, is this because of 2FA?” “<%insert name of app %> wouldn’t launch this morning, is it because of 2FA?” “I can’t get on wireless, is it because of 2FA?” “I can’t renew my smart card, is this because of 2FA?”
  48. 48. “The MDM PIN policy changed, is this because of 2FA?” Cards Against Identity
  49. 49. Postlude: The Road Ahead Cards Against Identity
  50. 50. THANK YOU! Laura E. Hunter @adfskitteh Cards Against Identity Template design: stuart@stuartgil.es

×