CIS13: Identity Trends and Transients

652 views

Published on

Eve Maler, Principal Analyst Serving Security and Risk Professionals, Forrester
What are the bona fide trends in the shifting identity and access landscape? Which are mere shiny objects, destined to fade quickly and leave their fans in IT disappointed.

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
652
On SlideShare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
29
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

CIS13: Identity Trends and Transients

  1. 1. Making Leaders Successful Every Day
  2. 2. Trends, Transients, Tropes, and Transparents Eve Maler, Principal Analyst, Security & Risk Cloud Identity Summit July 10, 2013
  3. 3. © 2012 Forrester Research, Inc. Reproduction Prohibited What are the T4 all about? 3 Less well noticed Well noticed Transparents Transients Trends Tropes ClosertotruthinessClosertoessentialtruth •  What are they? •  What is the evidence? •  What should you do about them?
  4. 4. © 2012 Forrester Research, Inc. Reproduction Prohibited Trend: webdevification of IT 4 Source: John Musser (formerly) of ProgrammableWeb.com IN THE FUTURE, EVERY ENTERPRISE WILL OPEN AN API CHANNEL TO ITS DIGITAL PLATFORM
  5. 5. © 2012 Forrester Research, Inc. Reproduction Prohibited Confront the changes in your power relationship 5 value X friction Y ACCESS CONTROL IS ABOUT PROTECTION AND MONETIZATION
  6. 6. © 2012 Forrester Research, Inc. Reproduction Prohibited 6 Source: April 5, 2013 Forrester report “API Management For Security Pros” A lot of identities float around an API ecosystem
  7. 7. © 2012 Forrester Research, Inc. Reproduction Prohibited Open Web APIs are, fortunately, friendly to the Zero Trust security model 7 Initially treat all access requesters as untrusted. Require opt-in access. Apply identity federation through APIs. Source: November 15, 2012, Forrester report “No More Chewy Centers: Introducing The Zero Trust Model Of Information Security”
  8. 8. © 2012 Forrester Research, Inc. Reproduction Prohibited Trend: IAM x cloud 8 ZERO TRUST CALLS FOR DISTRIBUTED SINGLE SOURCES OF TRUTH Federate at run time Bind to authn repository Synch accounts Issue an unrelated account
  9. 9. © 2012 Forrester Research, Inc. Reproduction Prohibited Identity plays only an infrastructural role in most cloud platforms 9 cloud services IAM functions user base and attributes cloud identity product with an actual SKU KEEP AN EYE OUT FOR DISRUPTION COMING FROM THE “CISDH” PLAYERS
  10. 10. © 2012 Forrester Research, Inc. Reproduction Prohibited Transient: XACML Adoption has government/compliance drivers, few accelerators, and many inhibitors It’s critical to open up the market for long-tail policy evaluation engines Webdevified scenarios demand different patterns of outsourced authorization XACML 3 IS STUCK AT MODERATE SUCCESS AND IS HEADING FOR DECLINE
  11. 11. © 2012 Forrester Research, Inc. Reproduction Prohibited Authz grain needs to get…finer-grained 11 policy input resource accessed roles groups attributes entitlements domain URL path sets of API calls field XACML etc. scope- grained authz WAM
  12. 12. © 2012 Forrester Research, Inc. Reproduction Prohibited Plan for a new “Venn” of access control 12 AN “XACML LITE” WOULD HAVE A POTENTIALLY VALUABLE ROLE TO PLAY
  13. 13. © 2012 Forrester Research, Inc. Reproduction Prohibited Trope: “Passwords are dead” OH, YEAH? correct horse battery staple
  14. 14. © 2012 Forrester Research, Inc. Reproduction Prohibited We struggle to maximize authentication quality 14 Source: June 12, 20113 “Introducing The Customer Authentication Assessment Framework” Forrester report PARTICULARLY IN CONSUMER-FACING SERVICES
  15. 15. © 2012 Forrester Research, Inc. Reproduction Prohibited Authentication schemes have different characteristics 15 Source: June 12, 20113 “Introducing The Customer Authentication Assessment Framework” Forrester report, based on “The Quest to Replace Passwords: A Framework for Comparative Evaluation of Web Authentication Schemes” ✘ ✔ ?✔ ✘ ✔ ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✔ ✔ ✔ ✔ * *S2 is an affordance of passwords for “consensual impersonation”
  16. 16. © 2012 Forrester Research, Inc. Reproduction Prohibited Think in terms of “responsive design” for authentication 16 LEVERAGE STRENGTHS AND MITIGATE RISKS – ONCE YOU KNOW THEM User identification based on something they… Know Have Are Do
  17. 17. © 2012 Forrester Research, Inc. Reproduction Prohibited Transparent: time-to-live strategies EXPIRATION HAS OUTSIZED VALUE VS. EXPLICIT REVOCATION OF ACCESS IN ZERO-TRUST ENVIRONMENTS
  18. 18. © 2012 Forrester Research, Inc. Reproduction Prohibited Summary of the T4 18 Less well noticed Well noticed Transparent: Time-to-live strategies Transient: XACML Trends: Webdevification of IT Cloud x IAM Trope: “Passwords are dead” ClosertotruthinessClosertoessentialtruth
  19. 19. Thank you Eve Maler +1 617.613.8820 emaler@forrester.com @xmlgrrl

×