SlideShare a Scribd company logo

Catalyst 2015: Patrick Harding

Download as PPTX, PDF
Ping Identity
Ping Identity

"A New Approach to Securing the Enterprise with Identity Defined Security" by Ping Identity CTO Patrick Harding.

Technology
1 of 36
A NEW APPROACH TO SECURING THE ENTERPRISE IDENTITY DEFINED SECURITY Patrick Harding Chief Technology Officer @patrickharding
Agenda 1. Changing Trends in Identity Architecture 2. Top 3 4 Security Design Rules 3. Apple Watch Demo 4. What Can be Accomplished Today 5. Recommendations Copyright © 2015 Ping Identity Corp. All rights reserved. 3
CHANGING TRENDS IN IDENTITY ARCHITECTURE Spoiler: It’s Cloud! And Mobile! Copyright © 2015 Ping Identity Corp. All rights reserved. 4
MAJOR TRENDS SHAPING THE MARKET 5.2B Global mobile users 11.5B Mobile-ready devices 4.6B Smartphones
MAJOR TRENDS SHAPING THE MARKET 5.2B Global mobile users 11.5B Mobile-ready devices 4.6B Smartphones 738 # of cloud services used by an average enterprise` 82% of enterprises have a hybrid cloud strategy
MAJOR TRENDS SHAPING THE MARKET 5.2B Global mobile users 11.5B Mobile-ready devices 4.6B Smartphones 738 # of cloud services used by an average enterprise` 82% of enterprises have a hybrid cloud strategy 30XIncrease within the decade Connected devices in 2020 26B
MAJOR TRENDS SHAPING THE MARKET 5.2B Global mobile users 11.5B Mobile-ready devices 4.6B Smartphones 738 # of cloud services used by an average enterprise` 82% of enterprises have a hybrid cloud strategy 30XIncrease within the decade Connected devices in 2020 26B
BREACH, BREACH, BREACH … Web App Attacks • Phish customer ≥ get credentials ≥ abuse web application ≥ empty bank/bitcoin account.” • Over 95% of these incidents involve harvesting credentials from customer devices, then logging into web applications with them” Source: 2015 Verizon Data Breach Investigations R
Provisioning WAM You Federation LDAP Your Partners “Internal” Web Apps Partner Domain Web Apps SAML The Golden Years of Leveraged AuthN Copyright © 2015 Ping Identity Corp. All rights reserved. 10 • Users in Directories – Security Policies: • Expiry, Lockout, History • Applications in Web Browser – Level 1: common repository – Level 2: Internal apps secured via WAM – Level 3: External apps secured via SAML
What Those Architectures Do Well Confidential — do not distribute • Common Authentication Ceremony – User manages one password, uses it in a trusted place • Secure introduction of users between domains • Security for “Passive” web contexts – Where the user manipulates a browser • Central policy definition/enforcementCopyright © 2015 Ping Identity Corp. All rights reserved. 11
What Those Architectures Do Poorly • Address security risk of “active” software at run-time – Clients collecting & storing passwords for replay – Passwords transmitted on every API fetch – Every API validating passwords • Address pain for developers – API keys & certificates poorly protected in scripts – Adding XML parsers & signature validation in mobile apps is problematic • Scale to millions of partners Copyright © 2015 Ping Identity Corp. All rights reserved. 12
One Trend to Bind them All Copyright © 2015 Ping Identity Corp. All rights reserved. 13 • Cloud pushed the industry towards externalized interfaces for everything, not just identity, and REST beat out SOAP • Mobile forced us to accept asymmetrical trust relationships, because instead of BIG software on websites we now also have small software on devices • Standards evolved to deliver: OAuth 2.0. Not user identity, but software (client) identity
TOP 4 SECURITY DESIGN RULES Bonus! 6 Architectural Principles Copyright © 2015 Ping Identity Corp. All rights reserved. 14
ARCHITECTURAL PRINCIPLES INTERNET SCALE FEDERATED ARCHITECTURE ALL IDENTITIES BUILT ON STANDAR DS WEB, MOBILE & API FLEXIBLE DEPLOYME NT 6 PRINCIPLES THAT MEET MODERN SECURITY COMPLEXITIES AND SCALE TO ADDRESS FU
Top 4 Security Rules • Attackers will compromise access. Identity Tools to combat include: 1. Compartmentalization 2. Ephemerality 3. Automation 4. Accountability • Things happen fast, change often, are always watched, and identity of all actors are explicitly part of all interactions. If theft does occur, bad guys get as little as possible for no time at all, and the path of compromise can be traced Copyright © 2015 Ping Identity Corp. All rights reserved. 16
Security Rules drive the Architecture Copyright © 2015 Ping Identity Corp. All rights reserved. 17 Identity Platform DynamicAccessControl User Context Automation Resources Bounded Credentials Client Primary Credentials Primary Credentials
The Identity Platform • Abstracts Authentication Services from resources • Automates & controls clients • Issues and authorizes tokens • Recognizes context • Coordinates ecosystemCopyright © 2015 Ping Identity Corp. All rights reserved. 18 Identity Platform
Modern “Honeycomb” Identity Architecture Copyright © 2015 Ping Identity Corp. All rights reserved. 19 Your Data Your Identity InfrastructureOther Web, Mobile &API Other Data Your Mobile & API Other Identity Infrastructure All Kinds of B2B Clients All Kinds of Users Other Authentication Service Your Apps
Honeycomb Architecture • Pick the cells that fit your business use case – Mobile, IoT – Consumer/Enterprise SSO – Enterprise Service Bus • Cells may exist in separate internet contexts • Interaction between cells is standardized Copyright © 2015 Ping Identity Corp. All rights reserved. 20
Automation & Accountability Copyright © 2015 Ping Identity Corp. All rights reserved. 21 Identity Platform DynamicAccessControl User Context Automation Resources Bounded Credentials Client Primary Credentials Primary Credentials
• OAuth 2.0 (RFC 6749/50) – Authorization framework for software clients – Enables clients to present scoped authorization tokens to REST APIs • OpenID Connect (built on OAuth 2.0) – Clients and Identity Platform request & assert identifiers, attributes with integrity & confidentiality • SAML – Gold standard for Web SSO – SOAP-based Standards at Work Copyright © 2015 Ping Identity Corp. All rights reserved. 22 • SCIM – Standardized REST API for Creation, synchronization of user accounts/attributes • FIDO – Standardization of authenticators – Password-less and 2nd factor • Account Chooser – User discovery specification – Migration from IDP discovery to User discovery
Primary Credentials • Supply enough primary credentials, and the assumption is that the real “subject” is present. – Impersonation through compromise of primary credentials is greatest risk in industry today. See: Credential Farming • Goal: protect primary credentials in every way possible • Examples: passwords, API keys, MFA authenticator interactions, certificates, FIDO Copyright © 2015 Ping Identity Corp. All rights reserved. 23
Bounded Credentials • Ephemeral tokens representing not just the “subject” but subject and context. – Access Tokens: access to limited scope on behalf of subject executed by specific client valid for limited time – JWTs: introduction of subject to specific audience, valid for short period of time – ID Tokens: introduction of subject to specific audience from known issuer based on specific authentication interaction Copyright © 2015 Ping Identity Corp. All rights reserved. 24
APPLE WATCH DEMO Identity architecture demos are boring… unless they are cunningly disguised as Apple Watch Demos. Copyright © 2015 Ping Identity Corp. All rights reserved. 25
Copyright © 2015 Ping Identity Corp. All rights reserved. 26
What you just saw • Single trusted authentication ceremony • Low friction 2nd factor authentication • Transformation of primary credentials into bounded credentials • Protection of both web and native resources Copyright © 2015 Ping Identity Corp. All rights reserved. 27
WHAT CAN BE ACCOMPLISHED TODAY World Peace! Ok well let’s not go crazy… Copyright © 2015 Ping Identity Corp. All rights reserved. 28
Federated Access Management Copyright © 2015 Ping Identity Corp. All rights reserved. 29 Contextual Authentication Federated Sign-on Access Security • Contextual Authentication – Active and passive challenges and contexts, designed to mitigate risks • Federated Sign-on – Distribution of tokens and assertions that represent users in a compartmentalized, ephemeral, automated, accountable way – Application of policy at time of access request • Access Security – Validation of tokens and assertions – Enforcement of policy & intelligence beyond token validity at time of resource use
Copyright © 2015 Ping Identity Corp. All rights reserved. 30 User Administration Orchestration Federated Provisioning Federated Access Management (FAM) Federated Identity Management (FIM) Governance Intelligence (risk/fraud/analytics) Continuous Authentication™ Contextual Authentication Federated Sign-on Access Security Identity Defined Security
RECOMMENDATIONS Call your mother… Copyright © 2015 Ping Identity Corp. All rights reserved. 31
Create a Long Term Plan • New identity architectures must handle all identities, all channels, all interaction methods – at scale – OAuth 2.0 delivers scoped authorization as foundation for identity – clients and user identity is tracked – The Identity Platform becomes a central element of a set of honeycomb cells that interoperate with each other via standards • Limitation/mitigation of exposure starts with compartmentalization of primary credentials, bounded credentials are • Interaction between authentication services, identity platform, and access security at the resources will become more intelligent in the future Copyright © 2015 Ping Identity Corp. All rights reserved. 32
Address Immediate Risk • Credential Farming – If an employee reuses the same email and password at http://iloveipa.com and for your corporate VPN, and an attacker compromises http://iloveipa.com, can they walk right in your front door? – Now is the time to explore second factor auth. Be creative. Don’t expect the first thing to work. But at all costs, disrupt those password reuse attacks.Copyright © 2015 Ping Identity Corp. All rights reserved. 33
Read the Verizon Data Breach Report • 95% of breaches start with a compromised credential – http://www.verizonenterprise.com/DBIR/ • If you can’t detect them coming in, then detect them going out, egress monitoring can be your friend. • Long term planning is for analytics to find trends of sessions, usage patterns, anomaliesCopyright © 2015 Ping Identity Corp. All rights reserved. 34
Intelligence is the Future • Think about what your inputs could be into an intelligence engine • Think about what your social contract is with your users, and how you can signal that you are watching, but also how they can signal that they want privacy Copyright © 2015 Ping Identity Corp. All rights reserved. 35
Thank You! Confidential — do not distribute Copyright © 2015 Ping Identity Corp. All rights reserved. 36

Recommended

Identity-Defined Privacay & Security for Internet of Things
Identity-Defined Privacay & Security for Internet of ThingsIdentity-Defined Privacay & Security for Internet of Things
Identity-Defined Privacay & Security for Internet of ThingsPing Identity
 
Managing Identity without Boundaries
Managing Identity without BoundariesManaging Identity without Boundaries
Managing Identity without BoundariesPing Identity
 
You Can't Spell Enterprise Security without MFA
You Can't Spell Enterprise Security without MFA You Can't Spell Enterprise Security without MFA
You Can't Spell Enterprise Security without MFA Ping Identity
 
9.35am robert humphrey
9.35am robert humphrey9.35am robert humphrey
9.35am robert humphreyArgyle Executive Forum
 
Connecting The Real World With The Virtual World
Connecting The Real World With The Virtual WorldConnecting The Real World With The Virtual World
Connecting The Real World With The Virtual WorldPing Identity
 
Webinar: Deep Diving Into the KuppingerCole IDaaS Leadership Compass
Webinar: Deep Diving Into the KuppingerCole IDaaS Leadership Compass Webinar: Deep Diving Into the KuppingerCole IDaaS Leadership Compass
Webinar: Deep Diving Into the KuppingerCole IDaaS Leadership Compass Ping Identity
 
Gartner IAM London 2017 Session - Security, Standards & User Experience: The ...
Gartner IAM London 2017 Session - Security, Standards & User Experience: The ...Gartner IAM London 2017 Session - Security, Standards & User Experience: The ...
Gartner IAM London 2017 Session - Security, Standards & User Experience: The ...Ping Identity
 
GDPR & Customer IAM: The Real Winners Won’t Stop At Compliance
GDPR & Customer IAM: The Real Winners Won’t Stop At ComplianceGDPR & Customer IAM: The Real Winners Won’t Stop At Compliance
GDPR & Customer IAM: The Real Winners Won’t Stop At CompliancePing Identity
 

Recommended

Identity-Defined Privacay & Security for Internet of Things
Identity-Defined Privacay & Security for Internet of ThingsIdentity-Defined Privacay & Security for Internet of Things
Identity-Defined Privacay & Security for Internet of ThingsPing Identity
 
Managing Identity without Boundaries
Managing Identity without BoundariesManaging Identity without Boundaries
Managing Identity without BoundariesPing Identity
 
You Can't Spell Enterprise Security without MFA
You Can't Spell Enterprise Security without MFA You Can't Spell Enterprise Security without MFA
You Can't Spell Enterprise Security without MFA Ping Identity
 
9.35am robert humphrey
9.35am robert humphrey9.35am robert humphrey
9.35am robert humphreyArgyle Executive Forum
 
Connecting The Real World With The Virtual World
Connecting The Real World With The Virtual WorldConnecting The Real World With The Virtual World
Connecting The Real World With The Virtual WorldPing Identity
 
Webinar: Deep Diving Into the KuppingerCole IDaaS Leadership Compass
Webinar: Deep Diving Into the KuppingerCole IDaaS Leadership Compass Webinar: Deep Diving Into the KuppingerCole IDaaS Leadership Compass
Webinar: Deep Diving Into the KuppingerCole IDaaS Leadership Compass Ping Identity
 
Gartner IAM London 2017 Session - Security, Standards & User Experience: The ...
Gartner IAM London 2017 Session - Security, Standards & User Experience: The ...Gartner IAM London 2017 Session - Security, Standards & User Experience: The ...
Gartner IAM London 2017 Session - Security, Standards & User Experience: The ...Ping Identity
 
GDPR & Customer IAM: The Real Winners Won’t Stop At Compliance
GDPR & Customer IAM: The Real Winners Won’t Stop At ComplianceGDPR & Customer IAM: The Real Winners Won’t Stop At Compliance
GDPR & Customer IAM: The Real Winners Won’t Stop At CompliancePing Identity
 
Standard Based API Security, Access Control and AI Based Attack - API Days Pa...
Standard Based API Security, Access Control and AI Based Attack - API Days Pa...Standard Based API Security, Access Control and AI Based Attack - API Days Pa...
Standard Based API Security, Access Control and AI Based Attack - API Days Pa...Ping Identity
 
Identity Beyond Employees: How Customer Experience Impacts Your IAM Practices
Identity Beyond Employees: How Customer Experience Impacts Your IAM PracticesIdentity Beyond Employees: How Customer Experience Impacts Your IAM Practices
Identity Beyond Employees: How Customer Experience Impacts Your IAM PracticesPing Identity
 
Webinar: Three Steps to Transform Your Mobile App into a Security Factor
Webinar: Three Steps to Transform Your Mobile App into a Security FactorWebinar: Three Steps to Transform Your Mobile App into a Security Factor
Webinar: Three Steps to Transform Your Mobile App into a Security FactorPing Identity
 
Clear and Present Danger
Clear and Present DangerClear and Present Danger
Clear and Present DangerPing Identity
 
Hitchhikers Guide to the Identiverse - How Federated Business will Rule the W...
Hitchhikers Guide to the Identiverse - How Federated Business will Rule the W...Hitchhikers Guide to the Identiverse - How Federated Business will Rule the W...
Hitchhikers Guide to the Identiverse - How Federated Business will Rule the W...Ping Identity
 
Hybrid IAM: Fuelling Agility in the Cloud Transformation Journey | Gartner IA...
Hybrid IAM: Fuelling Agility in the Cloud Transformation Journey | Gartner IA...Hybrid IAM: Fuelling Agility in the Cloud Transformation Journey | Gartner IA...
Hybrid IAM: Fuelling Agility in the Cloud Transformation Journey | Gartner IA...Ping Identity
 
Criteria for Effective Modern IAM Strategies (Gartner IAM 2018)
Criteria for Effective Modern IAM Strategies (Gartner IAM 2018)Criteria for Effective Modern IAM Strategies (Gartner IAM 2018)
Criteria for Effective Modern IAM Strategies (Gartner IAM 2018)Ping Identity
 
The Case For Next Generation IAM
The Case For Next Generation IAM The Case For Next Generation IAM
The Case For Next Generation IAM Patrick Harding
 
IDENTITY IN THE WORLD OF IOT
IDENTITY IN THE WORLD OF IOTIDENTITY IN THE WORLD OF IOT
IDENTITY IN THE WORLD OF IOTForgeRock
 
Identity's Role in a Zero Trust Strategy
Identity's Role in a Zero Trust StrategyIdentity's Role in a Zero Trust Strategy
Identity's Role in a Zero Trust StrategyOkta-Inc
 
Okta Digital Enterprise Report
Okta Digital Enterprise ReportOkta Digital Enterprise Report
Okta Digital Enterprise ReportOkta-Inc
 
Con8896 securely enabling mobile access for business transformation - final
Con8896 securely enabling mobile access for business transformation - finalCon8896 securely enabling mobile access for business transformation - final
Con8896 securely enabling mobile access for business transformation - finalOracleIDM
 
SWM_WP_MaturityModel_July15
SWM_WP_MaturityModel_July15SWM_WP_MaturityModel_July15
SWM_WP_MaturityModel_July15Mike Lemons
 
Onboarding in the IoT
Onboarding in the IoTOnboarding in the IoT
Onboarding in the IoTPaul Madsen
 
CIS 2013 Ping Identity Chalktalk
CIS 2013 Ping Identity ChalktalkCIS 2013 Ping Identity Chalktalk
CIS 2013 Ping Identity ChalktalkCraig Wu
 
Managing Mobile Business Insecurities
Managing Mobile Business InsecuritiesManaging Mobile Business Insecurities
Managing Mobile Business InsecuritiesPing Identity
 
Security On The Edge - A New Way To Think About Securing the Internet of Things
Security On The Edge - A New Way To Think About Securing the Internet of ThingsSecurity On The Edge - A New Way To Think About Securing the Internet of Things
Security On The Edge - A New Way To Think About Securing the Internet of ThingsForgeRock
 
API World 2019 Presentation on Securing sensitive data through APIs and AI pa...
API World 2019 Presentation on Securing sensitive data through APIs and AI pa...API World 2019 Presentation on Securing sensitive data through APIs and AI pa...
API World 2019 Presentation on Securing sensitive data through APIs and AI pa...dsapps
 
Multi-Factor Authentication - "Moving Towards the Enterprise"
Multi-Factor Authentication - "Moving Towards the Enterprise" Multi-Factor Authentication - "Moving Towards the Enterprise"
Multi-Factor Authentication - "Moving Towards the Enterprise" mycroftinc
 
T-Systems. Automating ForgeRock Full Stack Deployments to a Magenta Cloud.
T-Systems. Automating ForgeRock Full Stack Deployments to a Magenta Cloud.T-Systems. Automating ForgeRock Full Stack Deployments to a Magenta Cloud.
T-Systems. Automating ForgeRock Full Stack Deployments to a Magenta Cloud.ForgeRock
 
APIdays London 2019 - Why the Financial Industry Needs Intelligent API Securi...
APIdays London 2019 - Why the Financial Industry Needs Intelligent API Securi...APIdays London 2019 - Why the Financial Industry Needs Intelligent API Securi...
APIdays London 2019 - Why the Financial Industry Needs Intelligent API Securi...apidays
 
Smart Identity for the Hybrid Multicloud World
Smart Identity for the Hybrid Multicloud WorldSmart Identity for the Hybrid Multicloud World
Smart Identity for the Hybrid Multicloud WorldKatherine Cola
 

More Related Content

What's hot

Standard Based API Security, Access Control and AI Based Attack - API Days Pa...
Standard Based API Security, Access Control and AI Based Attack - API Days Pa...Standard Based API Security, Access Control and AI Based Attack - API Days Pa...
Standard Based API Security, Access Control and AI Based Attack - API Days Pa...Ping Identity
 
Identity Beyond Employees: How Customer Experience Impacts Your IAM Practices
Identity Beyond Employees: How Customer Experience Impacts Your IAM PracticesIdentity Beyond Employees: How Customer Experience Impacts Your IAM Practices
Identity Beyond Employees: How Customer Experience Impacts Your IAM PracticesPing Identity
 
Webinar: Three Steps to Transform Your Mobile App into a Security Factor
Webinar: Three Steps to Transform Your Mobile App into a Security FactorWebinar: Three Steps to Transform Your Mobile App into a Security Factor
Webinar: Three Steps to Transform Your Mobile App into a Security FactorPing Identity
 
Clear and Present Danger
Clear and Present DangerClear and Present Danger
Clear and Present DangerPing Identity
 
Hitchhikers Guide to the Identiverse - How Federated Business will Rule the W...
Hitchhikers Guide to the Identiverse - How Federated Business will Rule the W...Hitchhikers Guide to the Identiverse - How Federated Business will Rule the W...
Hitchhikers Guide to the Identiverse - How Federated Business will Rule the W...Ping Identity
 
Hybrid IAM: Fuelling Agility in the Cloud Transformation Journey | Gartner IA...
Hybrid IAM: Fuelling Agility in the Cloud Transformation Journey | Gartner IA...Hybrid IAM: Fuelling Agility in the Cloud Transformation Journey | Gartner IA...
Hybrid IAM: Fuelling Agility in the Cloud Transformation Journey | Gartner IA...Ping Identity
 
Criteria for Effective Modern IAM Strategies (Gartner IAM 2018)
Criteria for Effective Modern IAM Strategies (Gartner IAM 2018)Criteria for Effective Modern IAM Strategies (Gartner IAM 2018)
Criteria for Effective Modern IAM Strategies (Gartner IAM 2018)Ping Identity
 
The Case For Next Generation IAM
The Case For Next Generation IAM The Case For Next Generation IAM
The Case For Next Generation IAM Patrick Harding
 
IDENTITY IN THE WORLD OF IOT
IDENTITY IN THE WORLD OF IOTIDENTITY IN THE WORLD OF IOT
IDENTITY IN THE WORLD OF IOTForgeRock
 
Identity's Role in a Zero Trust Strategy
Identity's Role in a Zero Trust StrategyIdentity's Role in a Zero Trust Strategy
Identity's Role in a Zero Trust StrategyOkta-Inc
 
Okta Digital Enterprise Report
Okta Digital Enterprise ReportOkta Digital Enterprise Report
Okta Digital Enterprise ReportOkta-Inc
 
Con8896 securely enabling mobile access for business transformation - final
Con8896 securely enabling mobile access for business transformation - finalCon8896 securely enabling mobile access for business transformation - final
Con8896 securely enabling mobile access for business transformation - finalOracleIDM
 
SWM_WP_MaturityModel_July15
SWM_WP_MaturityModel_July15SWM_WP_MaturityModel_July15
SWM_WP_MaturityModel_July15Mike Lemons
 
Onboarding in the IoT
Onboarding in the IoTOnboarding in the IoT
Onboarding in the IoTPaul Madsen
 
CIS 2013 Ping Identity Chalktalk
CIS 2013 Ping Identity ChalktalkCIS 2013 Ping Identity Chalktalk
CIS 2013 Ping Identity ChalktalkCraig Wu
 
Managing Mobile Business Insecurities
Managing Mobile Business InsecuritiesManaging Mobile Business Insecurities
Managing Mobile Business InsecuritiesPing Identity
 
Security On The Edge - A New Way To Think About Securing the Internet of Things
Security On The Edge - A New Way To Think About Securing the Internet of ThingsSecurity On The Edge - A New Way To Think About Securing the Internet of Things
Security On The Edge - A New Way To Think About Securing the Internet of ThingsForgeRock
 
API World 2019 Presentation on Securing sensitive data through APIs and AI pa...
API World 2019 Presentation on Securing sensitive data through APIs and AI pa...API World 2019 Presentation on Securing sensitive data through APIs and AI pa...
API World 2019 Presentation on Securing sensitive data through APIs and AI pa...dsapps
 
Multi-Factor Authentication - "Moving Towards the Enterprise"
Multi-Factor Authentication - "Moving Towards the Enterprise" Multi-Factor Authentication - "Moving Towards the Enterprise"
Multi-Factor Authentication - "Moving Towards the Enterprise" mycroftinc
 
T-Systems. Automating ForgeRock Full Stack Deployments to a Magenta Cloud.
T-Systems. Automating ForgeRock Full Stack Deployments to a Magenta Cloud.T-Systems. Automating ForgeRock Full Stack Deployments to a Magenta Cloud.
T-Systems. Automating ForgeRock Full Stack Deployments to a Magenta Cloud.ForgeRock
 

What's hot (20)

Standard Based API Security, Access Control and AI Based Attack - API Days Pa...
Standard Based API Security, Access Control and AI Based Attack - API Days Pa...Standard Based API Security, Access Control and AI Based Attack - API Days Pa...
Standard Based API Security, Access Control and AI Based Attack - API Days Pa...
 
Identity Beyond Employees: How Customer Experience Impacts Your IAM Practices
Identity Beyond Employees: How Customer Experience Impacts Your IAM PracticesIdentity Beyond Employees: How Customer Experience Impacts Your IAM Practices
Identity Beyond Employees: How Customer Experience Impacts Your IAM Practices
 
Webinar: Three Steps to Transform Your Mobile App into a Security Factor
Webinar: Three Steps to Transform Your Mobile App into a Security FactorWebinar: Three Steps to Transform Your Mobile App into a Security Factor
Webinar: Three Steps to Transform Your Mobile App into a Security Factor
 
Clear and Present Danger
Clear and Present DangerClear and Present Danger
Clear and Present Danger
 
Hitchhikers Guide to the Identiverse - How Federated Business will Rule the W...
Hitchhikers Guide to the Identiverse - How Federated Business will Rule the W...Hitchhikers Guide to the Identiverse - How Federated Business will Rule the W...
Hitchhikers Guide to the Identiverse - How Federated Business will Rule the W...
 
Hybrid IAM: Fuelling Agility in the Cloud Transformation Journey | Gartner IA...
Hybrid IAM: Fuelling Agility in the Cloud Transformation Journey | Gartner IA...Hybrid IAM: Fuelling Agility in the Cloud Transformation Journey | Gartner IA...
Hybrid IAM: Fuelling Agility in the Cloud Transformation Journey | Gartner IA...
 
Criteria for Effective Modern IAM Strategies (Gartner IAM 2018)
Criteria for Effective Modern IAM Strategies (Gartner IAM 2018)Criteria for Effective Modern IAM Strategies (Gartner IAM 2018)
Criteria for Effective Modern IAM Strategies (Gartner IAM 2018)
 
The Case For Next Generation IAM
The Case For Next Generation IAM The Case For Next Generation IAM
The Case For Next Generation IAM
 
IDENTITY IN THE WORLD OF IOT
IDENTITY IN THE WORLD OF IOTIDENTITY IN THE WORLD OF IOT
IDENTITY IN THE WORLD OF IOT
 
Identity's Role in a Zero Trust Strategy
Identity's Role in a Zero Trust StrategyIdentity's Role in a Zero Trust Strategy
Identity's Role in a Zero Trust Strategy
 
Okta Digital Enterprise Report
Okta Digital Enterprise ReportOkta Digital Enterprise Report
Okta Digital Enterprise Report
 
Con8896 securely enabling mobile access for business transformation - final
Con8896 securely enabling mobile access for business transformation - finalCon8896 securely enabling mobile access for business transformation - final
Con8896 securely enabling mobile access for business transformation - final
 
SWM_WP_MaturityModel_July15
SWM_WP_MaturityModel_July15SWM_WP_MaturityModel_July15
SWM_WP_MaturityModel_July15
 
Onboarding in the IoT
Onboarding in the IoTOnboarding in the IoT
Onboarding in the IoT
 
CIS 2013 Ping Identity Chalktalk
CIS 2013 Ping Identity ChalktalkCIS 2013 Ping Identity Chalktalk
CIS 2013 Ping Identity Chalktalk
 
Managing Mobile Business Insecurities
Managing Mobile Business InsecuritiesManaging Mobile Business Insecurities
Managing Mobile Business Insecurities
 
Security On The Edge - A New Way To Think About Securing the Internet of Things
Security On The Edge - A New Way To Think About Securing the Internet of ThingsSecurity On The Edge - A New Way To Think About Securing the Internet of Things
Security On The Edge - A New Way To Think About Securing the Internet of Things
 
API World 2019 Presentation on Securing sensitive data through APIs and AI pa...
API World 2019 Presentation on Securing sensitive data through APIs and AI pa...API World 2019 Presentation on Securing sensitive data through APIs and AI pa...
API World 2019 Presentation on Securing sensitive data through APIs and AI pa...
 
Multi-Factor Authentication - "Moving Towards the Enterprise"
Multi-Factor Authentication - "Moving Towards the Enterprise" Multi-Factor Authentication - "Moving Towards the Enterprise"
Multi-Factor Authentication - "Moving Towards the Enterprise"
 
T-Systems. Automating ForgeRock Full Stack Deployments to a Magenta Cloud.
T-Systems. Automating ForgeRock Full Stack Deployments to a Magenta Cloud.T-Systems. Automating ForgeRock Full Stack Deployments to a Magenta Cloud.
T-Systems. Automating ForgeRock Full Stack Deployments to a Magenta Cloud.
 

Similar to Catalyst 2015: Patrick Harding

APIdays London 2019 - Why the Financial Industry Needs Intelligent API Securi...
APIdays London 2019 - Why the Financial Industry Needs Intelligent API Securi...APIdays London 2019 - Why the Financial Industry Needs Intelligent API Securi...
APIdays London 2019 - Why the Financial Industry Needs Intelligent API Securi...apidays
 
Smart Identity for the Hybrid Multicloud World
Smart Identity for the Hybrid Multicloud WorldSmart Identity for the Hybrid Multicloud World
Smart Identity for the Hybrid Multicloud WorldKatherine Cola
 
Deploying FIDO Authentication - Business Considerations
Deploying FIDO Authentication - Business ConsiderationsDeploying FIDO Authentication - Business Considerations
Deploying FIDO Authentication - Business ConsiderationsFIDO Alliance
 
Why Network and Endpoint Security Isn’t Enough
Why Network and Endpoint Security Isn’t EnoughWhy Network and Endpoint Security Isn’t Enough
Why Network and Endpoint Security Isn’t EnoughImperva
 
Ping Identity: Corporate Overview Financial Services
Ping Identity: Corporate Overview Financial ServicesPing Identity: Corporate Overview Financial Services
Ping Identity: Corporate Overview Financial ServicesBenjamin Canner
 
Embracing secure, scalable BYOD with Sencha and Centrify
Embracing secure, scalable BYOD with Sencha and CentrifyEmbracing secure, scalable BYOD with Sencha and Centrify
Embracing secure, scalable BYOD with Sencha and CentrifySumana Mehta
 
Mobilize your workforce with secure identity services
Mobilize your workforce with secure identity servicesMobilize your workforce with secure identity services
Mobilize your workforce with secure identity servicesSumana Mehta
 
[2021 Somos Summit] - Rethinking Identity Access Management and The Rise of t...
[2021 Somos Summit] - Rethinking Identity Access Management and The Rise of t...[2021 Somos Summit] - Rethinking Identity Access Management and The Rise of t...
[2021 Somos Summit] - Rethinking Identity Access Management and The Rise of t...WSO2
 
[EIC 2021] The Rise of the Developer in IAM
[EIC 2021] The Rise of the Developer in IAM[EIC 2021] The Rise of the Developer in IAM
[EIC 2021] The Rise of the Developer in IAMWSO2
 
Be Aware Webinar – Office 365 Seguro? Sym, Cloud!
Be Aware Webinar – Office 365 Seguro? Sym, Cloud!Be Aware Webinar – Office 365 Seguro? Sym, Cloud!
Be Aware Webinar – Office 365 Seguro? Sym, Cloud!Symantec Brasil
 
Secure Identity: The Future is Now
Secure Identity: The Future is NowSecure Identity: The Future is Now
Secure Identity: The Future is NowLane Billings
 
The Value of User and Data Centricity Beyond IoT Devices: Stein Myrseth and G...
The Value of User and Data Centricity Beyond IoT Devices: Stein Myrseth and G...The Value of User and Data Centricity Beyond IoT Devices: Stein Myrseth and G...
The Value of User and Data Centricity Beyond IoT Devices: Stein Myrseth and G...ForgeRock
 
The 5 Crazy Mistakes IoT Administrators Make with System Credentials
The 5 Crazy Mistakes IoT Administrators Make with System CredentialsThe 5 Crazy Mistakes IoT Administrators Make with System Credentials
The 5 Crazy Mistakes IoT Administrators Make with System CredentialsBeyondTrust
 
DIRECTORY CIS 2015 - Eric Fazendin
DIRECTORY CIS 2015 - Eric FazendinDIRECTORY CIS 2015 - Eric Fazendin
DIRECTORY CIS 2015 - Eric FazendinCloudIDSummit
 
CIS 2015 Multi-factor for All, the Easy Way - Ran Ne'man
CIS 2015 Multi-factor for All, the Easy Way - Ran Ne'manCIS 2015 Multi-factor for All, the Easy Way - Ran Ne'man
CIS 2015 Multi-factor for All, the Easy Way - Ran Ne'manCloudIDSummit
 
The Platform Big Picture
The Platform Big PictureThe Platform Big Picture
The Platform Big PictureForgeRock
 
2015 Identity Summit - CTO Innovation Center
2015 Identity Summit - CTO Innovation Center2015 Identity Summit - CTO Innovation Center
2015 Identity Summit - CTO Innovation CenterForgeRock
 
[WSO2 Integration Summit San Francisco 2019] Protecting API Infrastructures —...
[WSO2 Integration Summit San Francisco 2019] Protecting API Infrastructures —...[WSO2 Integration Summit San Francisco 2019] Protecting API Infrastructures —...
[WSO2 Integration Summit San Francisco 2019] Protecting API Infrastructures —...WSO2
 
Proven Practices for Office 365 Deployment, Security and Management
Proven Practices for Office 365 Deployment, Security and ManagementProven Practices for Office 365 Deployment, Security and Management
Proven Practices for Office 365 Deployment, Security and ManagementPerficient, Inc.
 

Similar to Catalyst 2015: Patrick Harding (20)

APIdays London 2019 - Why the Financial Industry Needs Intelligent API Securi...
APIdays London 2019 - Why the Financial Industry Needs Intelligent API Securi...APIdays London 2019 - Why the Financial Industry Needs Intelligent API Securi...
APIdays London 2019 - Why the Financial Industry Needs Intelligent API Securi...
 
Smart Identity for the Hybrid Multicloud World
Smart Identity for the Hybrid Multicloud WorldSmart Identity for the Hybrid Multicloud World
Smart Identity for the Hybrid Multicloud World
 
Deploying FIDO Authentication - Business Considerations
Deploying FIDO Authentication - Business ConsiderationsDeploying FIDO Authentication - Business Considerations
Deploying FIDO Authentication - Business Considerations
 
Why Network and Endpoint Security Isn’t Enough
Why Network and Endpoint Security Isn’t EnoughWhy Network and Endpoint Security Isn’t Enough
Why Network and Endpoint Security Isn’t Enough
 
Ping Identity: Corporate Overview Financial Services
Ping Identity: Corporate Overview Financial ServicesPing Identity: Corporate Overview Financial Services
Ping Identity: Corporate Overview Financial Services
 
Embracing secure, scalable BYOD with Sencha and Centrify
Embracing secure, scalable BYOD with Sencha and CentrifyEmbracing secure, scalable BYOD with Sencha and Centrify
Embracing secure, scalable BYOD with Sencha and Centrify
 
Mobilize your workforce with secure identity services
Mobilize your workforce with secure identity servicesMobilize your workforce with secure identity services
Mobilize your workforce with secure identity services
 
[2021 Somos Summit] - Rethinking Identity Access Management and The Rise of t...
[2021 Somos Summit] - Rethinking Identity Access Management and The Rise of t...[2021 Somos Summit] - Rethinking Identity Access Management and The Rise of t...
[2021 Somos Summit] - Rethinking Identity Access Management and The Rise of t...
 
[EIC 2021] The Rise of the Developer in IAM
[EIC 2021] The Rise of the Developer in IAM[EIC 2021] The Rise of the Developer in IAM
[EIC 2021] The Rise of the Developer in IAM
 
Be Aware Webinar – Office 365 Seguro? Sym, Cloud!
Be Aware Webinar – Office 365 Seguro? Sym, Cloud!Be Aware Webinar – Office 365 Seguro? Sym, Cloud!
Be Aware Webinar – Office 365 Seguro? Sym, Cloud!
 
Secure Identity: The Future is Now
Secure Identity: The Future is NowSecure Identity: The Future is Now
Secure Identity: The Future is Now
 
The Value of User and Data Centricity Beyond IoT Devices: Stein Myrseth and G...
The Value of User and Data Centricity Beyond IoT Devices: Stein Myrseth and G...The Value of User and Data Centricity Beyond IoT Devices: Stein Myrseth and G...
The Value of User and Data Centricity Beyond IoT Devices: Stein Myrseth and G...
 
Compliance & Identity access management
Compliance & Identity access management Compliance & Identity access management
Compliance & Identity access management
 
The 5 Crazy Mistakes IoT Administrators Make with System Credentials
The 5 Crazy Mistakes IoT Administrators Make with System CredentialsThe 5 Crazy Mistakes IoT Administrators Make with System Credentials
The 5 Crazy Mistakes IoT Administrators Make with System Credentials
 
DIRECTORY CIS 2015 - Eric Fazendin
DIRECTORY CIS 2015 - Eric FazendinDIRECTORY CIS 2015 - Eric Fazendin
DIRECTORY CIS 2015 - Eric Fazendin
 
CIS 2015 Multi-factor for All, the Easy Way - Ran Ne'man
CIS 2015 Multi-factor for All, the Easy Way - Ran Ne'manCIS 2015 Multi-factor for All, the Easy Way - Ran Ne'man
CIS 2015 Multi-factor for All, the Easy Way - Ran Ne'man
 
The Platform Big Picture
The Platform Big PictureThe Platform Big Picture
The Platform Big Picture
 
2015 Identity Summit - CTO Innovation Center
2015 Identity Summit - CTO Innovation Center2015 Identity Summit - CTO Innovation Center
2015 Identity Summit - CTO Innovation Center
 
[WSO2 Integration Summit San Francisco 2019] Protecting API Infrastructures —...
[WSO2 Integration Summit San Francisco 2019] Protecting API Infrastructures —...[WSO2 Integration Summit San Francisco 2019] Protecting API Infrastructures —...
[WSO2 Integration Summit San Francisco 2019] Protecting API Infrastructures —...
 
Proven Practices for Office 365 Deployment, Security and Management
Proven Practices for Office 365 Deployment, Security and ManagementProven Practices for Office 365 Deployment, Security and Management
Proven Practices for Office 365 Deployment, Security and Management
 

More from Ping Identity

Healthcare Patient Experiences Matter
Healthcare Patient Experiences MatterHealthcare Patient Experiences Matter
Healthcare Patient Experiences MatterPing Identity
 
Optimize Your Zero Trust Infrastructure
Optimize Your Zero Trust InfrastructureOptimize Your Zero Trust Infrastructure
Optimize Your Zero Trust InfrastructurePing Identity
 
Ping’s Technology Partner Program
Ping’s Technology Partner ProgramPing’s Technology Partner Program
Ping’s Technology Partner ProgramPing Identity
 
Remote Work Fuels Zero Trust Growth
Remote Work Fuels Zero Trust GrowthRemote Work Fuels Zero Trust Growth
Remote Work Fuels Zero Trust GrowthPing Identity
 
Identity Verification: Who’s Really There?
Identity Verification: Who’s Really There? Identity Verification: Who’s Really There?
Identity Verification: Who’s Really There? Ping Identity
 
Extraordinary Financial Customer Experiences
Extraordinary Financial Customer ExperiencesExtraordinary Financial Customer Experiences
Extraordinary Financial Customer ExperiencesPing Identity
 
Extraordinary Retail Customer Experiences
Extraordinary Retail Customer ExperiencesExtraordinary Retail Customer Experiences
Extraordinary Retail Customer ExperiencesPing Identity
 
Security Practices: The Generational Gap | Infographic
Security Practices: The Generational Gap | InfographicSecurity Practices: The Generational Gap | Infographic
Security Practices: The Generational Gap | InfographicPing Identity
 
Security Concerns Around the World | Infographic
Security Concerns Around the World | InfographicSecurity Concerns Around the World | Infographic
Security Concerns Around the World | InfographicPing Identity
 
LES ATTITUDES DES CONSOMMATEURS À L’ÈRE DES CYBERATTAQUES
LES ATTITUDES DES CONSOMMATEURS À L’ÈRE DES CYBERATTAQUESLES ATTITUDES DES CONSOMMATEURS À L’ÈRE DES CYBERATTAQUES
LES ATTITUDES DES CONSOMMATEURS À L’ÈRE DES CYBERATTAQUESPing Identity
 
WIE TICKEN VERBRAUCHER IM ZEITALTER DER DATENSCHUTZVERLETZUNGEN?
WIE TICKEN VERBRAUCHER IM ZEITALTER DER DATENSCHUTZVERLETZUNGEN?WIE TICKEN VERBRAUCHER IM ZEITALTER DER DATENSCHUTZVERLETZUNGEN?
WIE TICKEN VERBRAUCHER IM ZEITALTER DER DATENSCHUTZVERLETZUNGEN?Ping Identity
 
Consumer Attitudes in a Post-breach Era: The Geographical Gap
Consumer Attitudes in a Post-breach Era: The Geographical GapConsumer Attitudes in a Post-breach Era: The Geographical Gap
Consumer Attitudes in a Post-breach Era: The Geographical GapPing Identity
 
ATTITUDES DES CONSOMMATEURS A L’ERE DES PIRATAGES LE CONFLIT DE GENERATIONS
ATTITUDES DES CONSOMMATEURS A L’ERE DES PIRATAGES LE CONFLIT DE GENERATIONSATTITUDES DES CONSOMMATEURS A L’ERE DES PIRATAGES LE CONFLIT DE GENERATIONS
ATTITUDES DES CONSOMMATEURS A L’ERE DES PIRATAGES LE CONFLIT DE GENERATIONSPing Identity
 
2018 Survey: Consumer Attitudes in a Post-Breach Era - The Generational Gap
2018 Survey: Consumer Attitudes in a Post-Breach Era - The Generational Gap2018 Survey: Consumer Attitudes in a Post-Breach Era - The Generational Gap
2018 Survey: Consumer Attitudes in a Post-Breach Era - The Generational GapPing Identity
 
WIE TICKEN VERBRAUCHER IM ZEITALTER DER DATENSCHUTZVERLETZUNGEN? ALLES EINE F...
WIE TICKEN VERBRAUCHER IM ZEITALTER DER DATENSCHUTZVERLETZUNGEN? ALLES EINE F...WIE TICKEN VERBRAUCHER IM ZEITALTER DER DATENSCHUTZVERLETZUNGEN? ALLES EINE F...
WIE TICKEN VERBRAUCHER IM ZEITALTER DER DATENSCHUTZVERLETZUNGEN? ALLES EINE F...Ping Identity
 
API Security Needs AI Now More Than Ever
API Security Needs AI Now More Than EverAPI Security Needs AI Now More Than Ever
API Security Needs AI Now More Than EverPing Identity
 
Fishing for a CIAM Platform? 11 Question to Ask Before You Buy
Fishing for a CIAM Platform? 11 Question to Ask Before You BuyFishing for a CIAM Platform? 11 Question to Ask Before You Buy
Fishing for a CIAM Platform? 11 Question to Ask Before You BuyPing Identity
 
Digital Transformation and the Role of IAM
Digital Transformation and the Role of IAMDigital Transformation and the Role of IAM
Digital Transformation and the Role of IAMPing Identity
 
How Aligned Are IT, Employees and Security Practices in Today's Mobile World?
How Aligned Are IT, Employees and Security Practices in Today's Mobile World?How Aligned Are IT, Employees and Security Practices in Today's Mobile World?
How Aligned Are IT, Employees and Security Practices in Today's Mobile World?Ping Identity
 

More from Ping Identity (19)

Healthcare Patient Experiences Matter
Healthcare Patient Experiences MatterHealthcare Patient Experiences Matter
Healthcare Patient Experiences Matter
 
Optimize Your Zero Trust Infrastructure
Optimize Your Zero Trust InfrastructureOptimize Your Zero Trust Infrastructure
Optimize Your Zero Trust Infrastructure
 
Ping’s Technology Partner Program
Ping’s Technology Partner ProgramPing’s Technology Partner Program
Ping’s Technology Partner Program
 
Remote Work Fuels Zero Trust Growth
Remote Work Fuels Zero Trust GrowthRemote Work Fuels Zero Trust Growth
Remote Work Fuels Zero Trust Growth
 
Identity Verification: Who’s Really There?
Identity Verification: Who’s Really There? Identity Verification: Who’s Really There?
Identity Verification: Who’s Really There?
 
Extraordinary Financial Customer Experiences
Extraordinary Financial Customer ExperiencesExtraordinary Financial Customer Experiences
Extraordinary Financial Customer Experiences
 
Extraordinary Retail Customer Experiences
Extraordinary Retail Customer ExperiencesExtraordinary Retail Customer Experiences
Extraordinary Retail Customer Experiences
 
Security Practices: The Generational Gap | Infographic
Security Practices: The Generational Gap | InfographicSecurity Practices: The Generational Gap | Infographic
Security Practices: The Generational Gap | Infographic
 
Security Concerns Around the World | Infographic
Security Concerns Around the World | InfographicSecurity Concerns Around the World | Infographic
Security Concerns Around the World | Infographic
 
LES ATTITUDES DES CONSOMMATEURS À L’ÈRE DES CYBERATTAQUES
LES ATTITUDES DES CONSOMMATEURS À L’ÈRE DES CYBERATTAQUESLES ATTITUDES DES CONSOMMATEURS À L’ÈRE DES CYBERATTAQUES
LES ATTITUDES DES CONSOMMATEURS À L’ÈRE DES CYBERATTAQUES
 
WIE TICKEN VERBRAUCHER IM ZEITALTER DER DATENSCHUTZVERLETZUNGEN?
WIE TICKEN VERBRAUCHER IM ZEITALTER DER DATENSCHUTZVERLETZUNGEN?WIE TICKEN VERBRAUCHER IM ZEITALTER DER DATENSCHUTZVERLETZUNGEN?
WIE TICKEN VERBRAUCHER IM ZEITALTER DER DATENSCHUTZVERLETZUNGEN?
 
Consumer Attitudes in a Post-breach Era: The Geographical Gap
Consumer Attitudes in a Post-breach Era: The Geographical GapConsumer Attitudes in a Post-breach Era: The Geographical Gap
Consumer Attitudes in a Post-breach Era: The Geographical Gap
 
ATTITUDES DES CONSOMMATEURS A L’ERE DES PIRATAGES LE CONFLIT DE GENERATIONS
ATTITUDES DES CONSOMMATEURS A L’ERE DES PIRATAGES LE CONFLIT DE GENERATIONSATTITUDES DES CONSOMMATEURS A L’ERE DES PIRATAGES LE CONFLIT DE GENERATIONS
ATTITUDES DES CONSOMMATEURS A L’ERE DES PIRATAGES LE CONFLIT DE GENERATIONS
 
2018 Survey: Consumer Attitudes in a Post-Breach Era - The Generational Gap
2018 Survey: Consumer Attitudes in a Post-Breach Era - The Generational Gap2018 Survey: Consumer Attitudes in a Post-Breach Era - The Generational Gap
2018 Survey: Consumer Attitudes in a Post-Breach Era - The Generational Gap
 
WIE TICKEN VERBRAUCHER IM ZEITALTER DER DATENSCHUTZVERLETZUNGEN? ALLES EINE F...
WIE TICKEN VERBRAUCHER IM ZEITALTER DER DATENSCHUTZVERLETZUNGEN? ALLES EINE F...WIE TICKEN VERBRAUCHER IM ZEITALTER DER DATENSCHUTZVERLETZUNGEN? ALLES EINE F...
WIE TICKEN VERBRAUCHER IM ZEITALTER DER DATENSCHUTZVERLETZUNGEN? ALLES EINE F...
 
API Security Needs AI Now More Than Ever
API Security Needs AI Now More Than EverAPI Security Needs AI Now More Than Ever
API Security Needs AI Now More Than Ever
 
Fishing for a CIAM Platform? 11 Question to Ask Before You Buy
Fishing for a CIAM Platform? 11 Question to Ask Before You BuyFishing for a CIAM Platform? 11 Question to Ask Before You Buy
Fishing for a CIAM Platform? 11 Question to Ask Before You Buy
 
Digital Transformation and the Role of IAM
Digital Transformation and the Role of IAMDigital Transformation and the Role of IAM
Digital Transformation and the Role of IAM
 
How Aligned Are IT, Employees and Security Practices in Today's Mobile World?
How Aligned Are IT, Employees and Security Practices in Today's Mobile World?How Aligned Are IT, Employees and Security Practices in Today's Mobile World?
How Aligned Are IT, Employees and Security Practices in Today's Mobile World?
 

Recently uploaded

Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?XfilesPro
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetHyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetEnjoy Anytime
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 

Recently uploaded (20)

Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
The transition to renewables in India.pdf
The transition to renewables in India.pdfThe transition to renewables in India.pdf
The transition to renewables in India.pdf
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetHyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 

Catalyst 2015: Patrick Harding

  • 1.
  • 2. A NEW APPROACH TO SECURING THE ENTERPRISE IDENTITY DEFINED SECURITY Patrick Harding Chief Technology Officer @patrickharding
  • 3. Agenda 1. Changing Trends in Identity Architecture 2. Top 3 4 Security Design Rules 3. Apple Watch Demo 4. What Can be Accomplished Today 5. Recommendations Copyright © 2015 Ping Identity Corp. All rights reserved. 3
  • 4. CHANGING TRENDS IN IDENTITY ARCHITECTURE Spoiler: It’s Cloud! And Mobile! Copyright © 2015 Ping Identity Corp. All rights reserved. 4
  • 5. MAJOR TRENDS SHAPING THE MARKET 5.2B Global mobile users 11.5B Mobile-ready devices 4.6B Smartphones
  • 6. MAJOR TRENDS SHAPING THE MARKET 5.2B Global mobile users 11.5B Mobile-ready devices 4.6B Smartphones 738 # of cloud services used by an average enterprise` 82% of enterprises have a hybrid cloud strategy
  • 7. MAJOR TRENDS SHAPING THE MARKET 5.2B Global mobile users 11.5B Mobile-ready devices 4.6B Smartphones 738 # of cloud services used by an average enterprise` 82% of enterprises have a hybrid cloud strategy 30XIncrease within the decade Connected devices in 2020 26B
  • 8. MAJOR TRENDS SHAPING THE MARKET 5.2B Global mobile users 11.5B Mobile-ready devices 4.6B Smartphones 738 # of cloud services used by an average enterprise` 82% of enterprises have a hybrid cloud strategy 30XIncrease within the decade Connected devices in 2020 26B
  • 9. BREACH, BREACH, BREACH … Web App Attacks • Phish customer ≥ get credentials ≥ abuse web application ≥ empty bank/bitcoin account.” • Over 95% of these incidents involve harvesting credentials from customer devices, then logging into web applications with them” Source: 2015 Verizon Data Breach Investigations R
  • 10. Provisioning WAM You Federation LDAP Your Partners “Internal” Web Apps Partner Domain Web Apps SAML The Golden Years of Leveraged AuthN Copyright © 2015 Ping Identity Corp. All rights reserved. 10 • Users in Directories – Security Policies: • Expiry, Lockout, History • Applications in Web Browser – Level 1: common repository – Level 2: Internal apps secured via WAM – Level 3: External apps secured via SAML
  • 11. What Those Architectures Do Well Confidential — do not distribute • Common Authentication Ceremony – User manages one password, uses it in a trusted place • Secure introduction of users between domains • Security for “Passive” web contexts – Where the user manipulates a browser • Central policy definition/enforcementCopyright © 2015 Ping Identity Corp. All rights reserved. 11
  • 12. What Those Architectures Do Poorly • Address security risk of “active” software at run-time – Clients collecting & storing passwords for replay – Passwords transmitted on every API fetch – Every API validating passwords • Address pain for developers – API keys & certificates poorly protected in scripts – Adding XML parsers & signature validation in mobile apps is problematic • Scale to millions of partners Copyright © 2015 Ping Identity Corp. All rights reserved. 12
  • 13. One Trend to Bind them All Copyright © 2015 Ping Identity Corp. All rights reserved. 13 • Cloud pushed the industry towards externalized interfaces for everything, not just identity, and REST beat out SOAP • Mobile forced us to accept asymmetrical trust relationships, because instead of BIG software on websites we now also have small software on devices • Standards evolved to deliver: OAuth 2.0. Not user identity, but software (client) identity
  • 14. TOP 4 SECURITY DESIGN RULES Bonus! 6 Architectural Principles Copyright © 2015 Ping Identity Corp. All rights reserved. 14
  • 15. ARCHITECTURAL PRINCIPLES INTERNET SCALE FEDERATED ARCHITECTURE ALL IDENTITIES BUILT ON STANDAR DS WEB, MOBILE & API FLEXIBLE DEPLOYME NT 6 PRINCIPLES THAT MEET MODERN SECURITY COMPLEXITIES AND SCALE TO ADDRESS FU
  • 16. Top 4 Security Rules • Attackers will compromise access. Identity Tools to combat include: 1. Compartmentalization 2. Ephemerality 3. Automation 4. Accountability • Things happen fast, change often, are always watched, and identity of all actors are explicitly part of all interactions. If theft does occur, bad guys get as little as possible for no time at all, and the path of compromise can be traced Copyright © 2015 Ping Identity Corp. All rights reserved. 16
  • 17. Security Rules drive the Architecture Copyright © 2015 Ping Identity Corp. All rights reserved. 17 Identity Platform DynamicAccessControl User Context Automation Resources Bounded Credentials Client Primary Credentials Primary Credentials
  • 18. The Identity Platform • Abstracts Authentication Services from resources • Automates & controls clients • Issues and authorizes tokens • Recognizes context • Coordinates ecosystemCopyright © 2015 Ping Identity Corp. All rights reserved. 18 Identity Platform
  • 19. Modern “Honeycomb” Identity Architecture Copyright © 2015 Ping Identity Corp. All rights reserved. 19 Your Data Your Identity InfrastructureOther Web, Mobile &API Other Data Your Mobile & API Other Identity Infrastructure All Kinds of B2B Clients All Kinds of Users Other Authentication Service Your Apps
  • 20. Honeycomb Architecture • Pick the cells that fit your business use case – Mobile, IoT – Consumer/Enterprise SSO – Enterprise Service Bus • Cells may exist in separate internet contexts • Interaction between cells is standardized Copyright © 2015 Ping Identity Corp. All rights reserved. 20
  • 21. Automation & Accountability Copyright © 2015 Ping Identity Corp. All rights reserved. 21 Identity Platform DynamicAccessControl User Context Automation Resources Bounded Credentials Client Primary Credentials Primary Credentials
  • 22. • OAuth 2.0 (RFC 6749/50) – Authorization framework for software clients – Enables clients to present scoped authorization tokens to REST APIs • OpenID Connect (built on OAuth 2.0) – Clients and Identity Platform request & assert identifiers, attributes with integrity & confidentiality • SAML – Gold standard for Web SSO – SOAP-based Standards at Work Copyright © 2015 Ping Identity Corp. All rights reserved. 22 • SCIM – Standardized REST API for Creation, synchronization of user accounts/attributes • FIDO – Standardization of authenticators – Password-less and 2nd factor • Account Chooser – User discovery specification – Migration from IDP discovery to User discovery
  • 23. Primary Credentials • Supply enough primary credentials, and the assumption is that the real “subject” is present. – Impersonation through compromise of primary credentials is greatest risk in industry today. See: Credential Farming • Goal: protect primary credentials in every way possible • Examples: passwords, API keys, MFA authenticator interactions, certificates, FIDO Copyright © 2015 Ping Identity Corp. All rights reserved. 23
  • 24. Bounded Credentials • Ephemeral tokens representing not just the “subject” but subject and context. – Access Tokens: access to limited scope on behalf of subject executed by specific client valid for limited time – JWTs: introduction of subject to specific audience, valid for short period of time – ID Tokens: introduction of subject to specific audience from known issuer based on specific authentication interaction Copyright © 2015 Ping Identity Corp. All rights reserved. 24
  • 25. APPLE WATCH DEMO Identity architecture demos are boring… unless they are cunningly disguised as Apple Watch Demos. Copyright © 2015 Ping Identity Corp. All rights reserved. 25
  • 26. Copyright © 2015 Ping Identity Corp. All rights reserved. 26
  • 27. What you just saw • Single trusted authentication ceremony • Low friction 2nd factor authentication • Transformation of primary credentials into bounded credentials • Protection of both web and native resources Copyright © 2015 Ping Identity Corp. All rights reserved. 27
  • 28. WHAT CAN BE ACCOMPLISHED TODAY World Peace! Ok well let’s not go crazy… Copyright © 2015 Ping Identity Corp. All rights reserved. 28
  • 29. Federated Access Management Copyright © 2015 Ping Identity Corp. All rights reserved. 29 Contextual Authentication Federated Sign-on Access Security • Contextual Authentication – Active and passive challenges and contexts, designed to mitigate risks • Federated Sign-on – Distribution of tokens and assertions that represent users in a compartmentalized, ephemeral, automated, accountable way – Application of policy at time of access request • Access Security – Validation of tokens and assertions – Enforcement of policy & intelligence beyond token validity at time of resource use
  • 30. Copyright © 2015 Ping Identity Corp. All rights reserved. 30 User Administration Orchestration Federated Provisioning Federated Access Management (FAM) Federated Identity Management (FIM) Governance Intelligence (risk/fraud/analytics) Continuous Authentication™ Contextual Authentication Federated Sign-on Access Security Identity Defined Security
  • 31. RECOMMENDATIONS Call your mother… Copyright © 2015 Ping Identity Corp. All rights reserved. 31
  • 32. Create a Long Term Plan • New identity architectures must handle all identities, all channels, all interaction methods – at scale – OAuth 2.0 delivers scoped authorization as foundation for identity – clients and user identity is tracked – The Identity Platform becomes a central element of a set of honeycomb cells that interoperate with each other via standards • Limitation/mitigation of exposure starts with compartmentalization of primary credentials, bounded credentials are • Interaction between authentication services, identity platform, and access security at the resources will become more intelligent in the future Copyright © 2015 Ping Identity Corp. All rights reserved. 32
  • 33. Address Immediate Risk • Credential Farming – If an employee reuses the same email and password at http://iloveipa.com and for your corporate VPN, and an attacker compromises http://iloveipa.com, can they walk right in your front door? – Now is the time to explore second factor auth. Be creative. Don’t expect the first thing to work. But at all costs, disrupt those password reuse attacks.Copyright © 2015 Ping Identity Corp. All rights reserved. 33
  • 34. Read the Verizon Data Breach Report • 95% of breaches start with a compromised credential – http://www.verizonenterprise.com/DBIR/ • If you can’t detect them coming in, then detect them going out, egress monitoring can be your friend. • Long term planning is for analytics to find trends of sessions, usage patterns, anomaliesCopyright © 2015 Ping Identity Corp. All rights reserved. 34
  • 35. Intelligence is the Future • Think about what your inputs could be into an intelligence engine • Think about what your social contract is with your users, and how you can signal that you are watching, but also how they can signal that they want privacy Copyright © 2015 Ping Identity Corp. All rights reserved. 35
  • 36. Thank You! Confidential — do not distribute Copyright © 2015 Ping Identity Corp. All rights reserved. 36

Editor's Notes

  1. Gartn
  2. Authentication Federation Access Security Fraud and Risk User Management Identity Orchestration Federated Provisioning