Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

2019 | Five Things CISOs Must Know About Identity | Identiverse | Day 1, June 25

85 views

Published on

Cloud identity is a quickly moving field, and attackers find new and better ways to compromise critical accounts every day. If your company is considering a switch or an expansion into cloud identity, make sure you have the essential knowledge required to keep up. This session will cover considerations for cloud-based 2FA, differences in governance between accounts for privileged and normal users, zero-trust architectures, managed access policies, and more.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

2019 | Five Things CISOs Must Know About Identity | Identiverse | Day 1, June 25

  1. 1. @SarahKSquire | @AWSIdentity Five Things CISOs Must Know about Identity Sarah Squire Principal Product Manager, AWS Identity
  2. 2. @SarahKSquire | @AWSIdentity Sarah Squire ● Principal Product Manager at AWS Identity
  3. 3. @SarahKSquire | @AWSIdentity Sarah Squire ● Principal Product Manager at AWS Identity ● Degrees in Physics and Information Management
  4. 4. @SarahKSquire | @AWSIdentity Sarah Squire ● Principal Product Manager at AWS Identity ● Degrees in Physics and Information Management ● Co-author of NIST Digital Identity Guidelines
  5. 5. @SarahKSquire | @AWSIdentity Sarah Squire ● Principal Product Manager at AWS Identity ● Degrees in Physics and Information Management ● Co-author of NIST Digital Identity Guidelines ● Consultant to: ○ Department of Health and Human Services ○ Yubico ○ Mozilla Company ○ Province of British Columbia ○ Sovrin Foundation ○ Shape Security
  6. 6. @SarahKSquire | @AWSIdentity Sarah Squire ● Principal Product Manager at AWS Identity ● Degrees in Physics and Information Management ● Co-author of NIST Digital Identity Guidelines ● Consultant to: ○ Department of Health and Human Services ○ Yubico ○ Mozilla Company ○ Province of British Columbia ○ Sovrin Foundation ○ Shape Security ● Board Member at OpenID Foundation
  7. 7. @SarahKSquire | @AWSIdentity Sarah Squire ● Principal Product Manager at AWS Identity ● Degrees in Physics and Information Management ● Co-author of NIST Digital Identity Guidelines ● Consultant to: ○ Department of Health and Human Services ○ Yubico ○ Mozilla Company ○ Province of British Columbia ○ Sovrin Foundation ○ Shape Security ● Board Member at OpenID Foundation ● Co-founder of IDPro
  8. 8. @SarahKSquire | @AWSIdentity Sarah Squire ● Principal Product Manager at AWS Identity ● Degrees in Physics and Information Management ● Co-author of NIST Digital Identity Guidelines ● Consultant to: ○ Department of Health and Human Services ○ Yubico ○ Mozilla Company ○ Province of British Columbia ○ Sovrin Foundation ○ Shape Security ● Board Member at OpenID Foundation ● Co-founder of IDPro ● 2017, 2018, and 2019 Top 100 Influencers in Identity
  9. 9. @SarahKSquire | @AWSIdentity Sarah Squire ● Principal Product Manager at AWS Identity ● Degrees in Physics and Information Management ● Co-author of NIST Digital Identity Guidelines ● Consultant to: ○ Department of Health and Human Services ○ Yubico ○ Mozilla Company ○ Province of British Columbia ○ Sovrin Foundation ○ Shape Security ● Board Member at OpenID Foundation ● Co-founder of IDPro ● 2017, 2018, and 2019 Top 100 Influencers in Identity ● 2019 Best Cybersecurity Female Speakers
  10. 10. @SarahKSquire | @AWSIdentity Today’s Agenda Secret Questions Something You Know Something You Have Something You Are Account Recovery _________ Q&A
  11. 11. @SarahKSquire | @AWSIdentity Secret Questions (or KBA)
  12. 12. @SarahKSquire | @AWSIdentity Secret Questions
  13. 13. @SarahKSquire | @AWSIdentity Something You Know
  14. 14. @SarahKSquire | @AWSIdentity Password Policy Guidance DO DO NOT
  15. 15. @SarahKSquire | @AWSIdentity Password Policy Guidance DO DO NOT
  16. 16. @SarahKSquire | @AWSIdentity Password Policy Guidance DO DO NOT Allow special characters and spaces
  17. 17. @SarahKSquire | @AWSIdentity Password Policy Guidance DO DO NOT Allow special characters and spaces Allow ridiculously long passwords
  18. 18. @SarahKSquire | @AWSIdentity Password Policy Guidance DO DO NOT Allow special characters and spaces Allow ridiculously long passwords Compare to a breach corpus
  19. 19. @SarahKSquire | @AWSIdentity Password Policy Guidance DO DO NOT Allow special characters and spaces Require special characters Allow ridiculously long passwords Compare to a breach corpus
  20. 20. @SarahKSquire | @AWSIdentity Password Policy Guidance DO DO NOT Allow special characters and spaces Require special characters Allow ridiculously long passwords Force password rotation Compare to a breach corpus
  21. 21. @SarahKSquire | @AWSIdentity Something You Have
  22. 22. @SarahKSquire | @AWSIdentity Something You Have Solution Example Security (1-10) Deployability (1-10)
  23. 23. @SarahKSquire | @AWSIdentity Something You Have Solution Example Security (1-10) Deployability (1-10) OTP via SMS
  24. 24. @SarahKSquire | @AWSIdentity Something You Have Solution Example Security (1-10) Deployability (1-10) OTP via SMS 1
  25. 25. @SarahKSquire | @AWSIdentity Something You Have Solution Example Security (1-10) Deployability (1-10) OTP via SMS 1 10
  26. 26. @SarahKSquire | @AWSIdentity Something You Have Solution Example Security (1-10) Deployability (1-10) OTP via SMS 1 10 OTP via App
  27. 27. @SarahKSquire | @AWSIdentity Something You Have Solution Example Security (1-10) Deployability (1-10) OTP via SMS 1 10 OTP via App 5
  28. 28. @SarahKSquire | @AWSIdentity Something You Have Solution Example Security (1-10) Deployability (1-10) OTP via SMS 1 10 OTP via App 5 5
  29. 29. @SarahKSquire | @AWSIdentity Something You Have Solution Example Security (1-10) Deployability (1-10) OTP via SMS 1 10 OTP via App 5 5 Typed OTP via Hardware
  30. 30. @SarahKSquire | @AWSIdentity Something You Have Solution Example Security (1-10) Deployability (1-10) OTP via SMS 1 10 OTP via App 5 5 Typed OTP via Hardware 6
  31. 31. @SarahKSquire | @AWSIdentity Something You Have Solution Example Security (1-10) Deployability (1-10) OTP via SMS 1 10 OTP via App 5 5 Typed OTP via Hardware 6 1
  32. 32. @SarahKSquire | @AWSIdentity Something You Have Solution Example Security (1-10) Deployability (1-10) OTP via SMS 1 10 OTP via App 5 5 Typed OTP via Hardware 6 1 Tapped OTP via Hardware
  33. 33. @SarahKSquire | @AWSIdentity Something You Have Solution Example Security (1-10) Deployability (1-10) OTP via SMS 1 10 OTP via App 5 5 Typed OTP via Hardware 6 1 Tapped OTP via Hardware 7
  34. 34. @SarahKSquire | @AWSIdentity Something You Have Solution Example Security (1-10) Deployability (1-10) OTP via SMS 1 10 OTP via App 5 5 Typed OTP via Hardware 6 1 Tapped OTP via Hardware 7 1
  35. 35. @SarahKSquire | @AWSIdentity Something You Have Solution Example Security (1-10) Deployability (1-10) OTP via SMS 1 10 OTP via App 5 5 Typed OTP via Hardware 6 1 Tapped OTP via Hardware 7 1 FIDO via Hardware
  36. 36. @SarahKSquire | @AWSIdentity Something You Have Solution Example Security (1-10) Deployability (1-10) OTP via SMS 1 10 OTP via App 5 5 Typed OTP via Hardware 6 1 Tapped OTP via Hardware 7 1 FIDO via Hardware 8
  37. 37. @SarahKSquire | @AWSIdentity Something You Have Solution Example Security (1-10) Deployability (1-10) OTP via SMS 1 10 OTP via App 5 5 Typed OTP via Hardware 6 1 Tapped OTP via Hardware 7 1 FIDO via Hardware 8 1
  38. 38. @SarahKSquire | @AWSIdentity Something(s) You Have Photo Credit: Jon McClintock
  39. 39. @SarahKSquire | @AWSIdentity Something You Are
  40. 40. @SarahKSquire | @AWSIdentity Something You Are
  41. 41. @SarahKSquire | @AWSIdentity Something You Are
  42. 42. @SarahKSquire | @AWSIdentity Something You Are
  43. 43. @SarahKSquire | @AWSIdentity Something You Are
  44. 44. @SarahKSquire | @AWSIdentity Account Recovery
  45. 45. @SarahKSquire | @AWSIdentity ● Authentication factors are NOT recovery mechanisms Account Recovery
  46. 46. @SarahKSquire | @AWSIdentity ● Authentication factors are NOT recovery mechanisms ● Recovery mechanisms CANNOT be weaker than authentication factors Account Recovery
  47. 47. @SarahKSquire | @AWSIdentity
  48. 48. @SarahKSquire | @AWSIdentity “Account recovery isn’t just for your customers”
  49. 49. @SarahKSquire | @AWSIdentity Things You Should Catch at Identiverse ● Wednesday Morning Keynote IDPro announcements ● Wednesday Lunch IDPro Plenary Session ● Wednesday 5pm Women in Identity Panel in AWS Hospitality Suite ● Wednesday Night IDPro happy hour https://bit.ly/2ZxbhLl
  50. 50. @SarahKSquire | @AWSIdentity Q&A
  51. 51. @SarahKSquire | @AWSIdentity Thank You

×