A Changing Paradigm: What Happens When You Put Identity at the Center of Security?
While identity has not been considered a foundation of most security architectures, it is emerging as the key to reducing the risk of a breach. The Identity Defined Security Alliance is working to help organizations succeed in the battle to stay secure through providing community developed and practitioner approved best practices and identity-centric security controls and use cases. Join Richard Bird, IDSA Executive Advisory Board member, to learn more about how the IDSA is shaping the future of security by leveraging identity, the framework that has been developed and how organizations are using it to create roadmaps and integrate existing technology investments to become more secure.
AWS Community Day CPH - Three problems of Terraform
March Boston Cloud Security Alliance Meetup
1.
2. MARKET DRIVERS:
BREACHES ARE ACCELERATING
More breaches YoY
>45%
42
30
12
8
6
1,579
US breaches in
2017
Medial/
Healthcare
Business
Government/
Military
Education
Bank/
Credit/
Financial
(despite spending growth)
Source: Optiv
3. Evolution of Identity and Its Impact
Employees
Perimeter
Employees and
Partners
Consumers
Perimeter-less
Federation
Cloud / SaaS
Things
Perimeter-less
Federation
Cloud / SaaS
Mobility
Relationships
Attributes
Context
Stateless
IT
EFFICIENCY
IT
COMPLIANCE
SECURITY
API
AI
API
BUSINESS AGILITY
UX
Perimeter
Federation
Source: Optiv
4. Foundation for A New Approach
• Identity IS a critical cybersecurity
security technology
• Cybersecurity technologies must
fundamentally work together if they are
to achieve meaningful effectiveness
• Every business transaction, attack
surface or target involves a credential
and a service or piece of data
• Integration of security investments must
create greater value for an organization
than they do on their own
Benefits
• Enables organizations to dissect each
problem with a more holistic, end-to-
end approach
• Steers the focus away from single point
defense mechanisms to include a
broader set of identity and security
components
• Challenges the balance between
detective vs a more dynamic, real-time,
preventive approach
• Leverages the identity context allowing
more effective decisions in real-time or
near real-time
6. Become an independent
source of education and
information on identity-
centric security
strategies.
The IDSA is a nonprofit
organization originally
established in 2015 by
Ping Identity and Optiv
as founding solution
provider.
7. We are an industry community helping to reduce enterprise risk through
identity-defined security…
1. Develop best practices and practical guidance
2. Foster vendor collaboration
3. Community validation of technology integrations
4. Practice, discuss and evolve as a community
Identity Defined Security Alliance
10. Once user roles and entitlements
are defined, high profile users
should require a level of
assurance of authentication to
match the value of the protected
asset.
IAM Best PracticePutting Identity-Centric Security to Work – IAM Best Practice
11. Profile-Based Authentication
Integrate Components:
• Access Management + Identity
Administration
What Happens:
• Understand who is asking for access
• Trigger authentication steps, based on
the user profile
Value to Organization:
• Control access to corporate assets
• Reduce friction in the authn process
when risk is low
Putting Identity-Centric Security to Work – Security Controls
12. Risk-Based PAM Authentication
Integrate Components:
• Privileged Access Management + CASB
or Fraud & Risk
What Happens:
• Understand the level of risk associated
with the user
• Trigger authentication steps, based on
risk score
Value to Organization:
• Control privileged account access
Putting Identity-Centric Security to Work – Security Controls
13. Step-up Authentication for a Privileged Access Management App
Combine Security Controls:
• Profile-based Authentication
• Risk-based Privileged Access Management
• SIEM
What Happens:
• Understand who is asking for access and
authenticate based on the user profile
• Trigger secondary authentication step, if needed
• Transaction logged in SIEM
Value to Organization:
• Reduce insider threat
• Control privileged account access
• Secure critical infrastructure
Putting Identity-Centric Security to Work – Use Cases
15. Learn from Your Peers
Adobe Finds ZEN Using Identity-Centric Security
“Working with the IDSA is a great opportunity to help
drive innovation across the tech industry with
vendors and solution providers alike. Adobe benefits
through exposure to vendors, use cases and
community best practices that help elevate and
strengthen our identity and security teams.”
— Den Jones, Director of Enterprise Security, Adobe
The total number of breaches was down 23%. Here are the highlights of the 2018 report from the Identity Theft Resource center: https://www.idtheftcenter.org/2018-end-of-year-data-breach-report/
Identity Theft Resource Center® and CyberScout® Annual End-of-Year Data Breach Report Reveals 126% Increase in Exposed Consumer Data, 1.68 Billion Email-Related Credentials
While the number of breach incidents is less than 2017, the Identity Theft Resource Center saw a 126 percent increase in the number of records that contained sensitive personally identifiable information.
The exploitation of usernames and passwords by nefarious actors continues to be a ripe target due to the increase in credential cracking activities – not to mention the amount of data that can be gleaned by accessing accounts that reuse the same credentials.
Reporting parties aren’t always the target. Many of those reporting incidents were compromised through third-party vendors.
This new approach is grounded in 3 foundational concepts:
All aspects of cyber security must fundamentally work together if they are to achieve meaningful effectiveness
Every business transaction, attack surface or target involves a credential and a service or piece of data
The integration of security investments must create greater value for an organization than they do on their own
It’s these foundational concepts that have led to a new way of thinking about security, threading identity through end-to- end cyber security investments . This new approach:
Enables organizations to dissect each problem with a more holistic, end-to-end approach
Steers the focus away from single point defense mechanisms to include a broader set of identity and security components
Challenges the balance between detective vs a more dynamic, real-time, preventive approach
Leverages the identity context allowing more effective decisions in real-time or near real-time
This intersection of identity and security is why we exist. We believe that organizations can reduce their risk by l
We believe that leveraging identity context throughout a security infrastructure makes you more secure.
It’s not a new concept – identity organizations have been talking about the role of IAM (and identity) in a security strategy for a few years. As a community, we’ve taken the next step and are collaborated with security companies to start driving that message at a higher level and as a community, as well as provide organizations with resources to be successful – with IAM as a foundation and extending it to security infrastructures.
Nirvana for an identity centric approach to security is to have every one of these components implemented
How we are doing it…
Develop best practices and practical guidance – community developed, but practitioner approved. We published the IDSA framework whitepaper last fall and the details of the framework can be found on our website.
Foster vendor collaboration - vendors come together organically, but also a place for practitioners to go to advocate for collaboration amongst the vendors and provide some guidelines for how vendors integrate – what are best practices for the vendors, that give enterprises a sense of security/confidence.
Community validation of technology integrations – working toward providing an online community that can share vendor integration experiences, best practices, scoring, on-line Q&A.
Practice, discuss and evolve as a community – work together to continue to share best practices/expertise, provide case studies – see the adobe ZEN story (webcast) on our website.
Who we are….
We are 18 vendors across IAM AND Cybersecurity. If not listed, encourage your vendor partners to engage.
While we have 4 customers who are members of the customer advisory board.
These vendors and CAB members are essentially kick starting the IDSA, but ultimately we want to want to become end user driven – our success is measured by the number of organizations who have been successful implementing an identity centric approach to security.
The IDSA Framework is a direct result of the efforts of the IDSA members over the last 6 months.
It provides use cases for complex scenarios, security controls that are discrete integrations between identity + security components and best practices. The best practices are not required to implement identity-centric security but will certainly make it more effective. They just a collection of good hygiene tips that span people, process and technology.
I encourage you to read the whitepaper, review the framework details and let us know your thoughts. Most importantly, it’s content available to you to use for roadmaps, implementation guidance and detailed conversations with your vendors.
IAM Best Practices, not required, but set a good foundation and make identity-centric security more effective.
Learn from your peers through organizations that are implementing identity-centric security to solve business problems and enable strategic security initiatives, like zero-trust.
As with most organizations that are implementing digital transformation initiatives, Adobe faced the struggle to find the balance between a pleasant user experience and stringent security requirements. With the increased complexity of user authentication, blending usernames and passwords with second factor authentication, the user experience can suffer. In many cases users needed to re-authenticate many times a day depending on the applications or devices they use. Adobe has achieved the perfect balance through a Zero-trust Enterprise Network (ZEN) approach that leverages identity-centric security principles.
Our goal is to provide the tools and education to help IT professionals succeed in leveraging their existing identity and security investments to become more secure through an identity centric approach to security.
You can get involved by joining our on-line community first and foremost. If you are attending RSA, please join us for a meetup on Tuesday afternnon.