What to Expect in 2016: Top 5 Predictions for Security and Access Control
•
1 like•1,564 views
SecureAuth and special guest Forrester Research discuss the trends and strategies that will help you boost security and protect your organization from access threats. In this session, you will hear from Forrester's Andras Cser as he shares the top 5 information security and access control trends to watch for in 2016 and how they will impact your organization. Additionally, Keith Graham, CTO from SecureAuth, will present effective strategies to stay ahead of these trends and protect against advanced cyber attacks with adaptive authentication.
Recommended
Recommended
More Related Content
What's hot
What's hot (20)
Viewers also liked
Viewers also liked (10)
Similar to What to Expect in 2016: Top 5 Predictions for Security and Access Control
Similar to What to Expect in 2016: Top 5 Predictions for Security and Access Control (20)
More from SecureAuth
More from SecureAuth (18)
Recently uploaded
Recently uploaded (20)
What to Expect in 2016: Top 5 Predictions for Security and Access Control
- 1. What to Expect in 2016: Top 5 Predictions for Security and Access Control December 16, 2015 Presented by SecureAuth, with special guest Forrester Research
- 2. 2 Today’s Speakers Keith Graham Chief Technology Officer & SVP Products SecureAuth Embracing the Future with Next Generation Adaptive Authentication Andras Cser VP, Principal Analyst Forrester Research, Security & Risk Top 5 IAM Predictions for 2016
- 3. 3 + All attendee audio lines are muted + Submit questions via Q&A panel at any time + Questions will be answered during Q&A at the end of the presentation + Slides and recording will be sent later this week + Contact us at webinars@secureauth.com Webinar Housekeeping
- 5. IAM Predictions for 2016 Andras Cser Vice President, Principal Analyst December 16, 2015
- 6. © 2015 Forrester Research, Inc. Reproduction Prohibited 6
- 7. © 2015 Forrester Research, Inc. Reproduction Prohibited 7 › IAM budgets are bound to increase 2016 at least 5%. › CX is a must, and vendors must productize it. › You must dump in-house developed IAM solutions › UBA continues where Identity intelligence left off. › User stores start shifting from on-premises into the cloud. In 2016, for IAM Forrester predicts. . .
- 8. © 2015 Forrester Research, Inc. Reproduction Prohibited 8 ›Flows from the Security Budget increase ›Mobile adoption ›Cloud adoption ›2FA mandated ›Threat prevention ›PIM ›IoT IAM budgets to increase by at least 5%
- 9. © 2015 Forrester Research, Inc. Reproduction Prohibited 9
- 10. © 2015 Forrester Research, Inc. Reproduction Prohibited 10 Anonymize OR find different slide, Comcast is a customer
- 11. © 2015 Forrester Research, Inc. Reproduction Prohibited 11 Authentication is a difficult balance Operational efficiency Asset security Customer satisfaction
- 12. © 2015 Forrester Research, Inc. Reproduction Prohibited 12 CX is a must and vendors must productize it CIAM 1. Process mapping 2. SSO 3. Federation 4. API support 5. Scale, performance 8. Collaboration 7. Biometrics 6. RBA
- 13. © 2015 Forrester Research, Inc. Reproduction Prohibited 13 Benefits of IAM Security Efficiency/cost cutting Compliance/audit Agility
- 14. © 2015 Forrester Research, Inc. Reproduction Prohibited 14 › They don’t scale. › The are labor intensive to customize and modify. › They cost about 2x-3x in 5 years than a COTS solution. › They don’t respond to new threats well. You must dump in-house developed IAM solutions
- 15. © 2015 Forrester Research, Inc. Reproduction Prohibited 15 › Creating rules and explicit policies is • Costly • Unreliable • In accurate • It does not protect you against new and emerging threats • Uses no community / shared / consortium data › UBA offers building a behavioral baseline automatically based on machine learning and identifying anomalous behaviors UBA continues where ID intelligence left off
- 17. © 2015 Forrester Research, Inc. Reproduction Prohibited 17 B2B relationships enable the firm
- 18. © 2015 Forrester Research, Inc. Reproduction Prohibited 18 › IDaaS made some progress › On-prem applications are diminishing › CRM, HR, ERP, etc. are all moving to the cloud, why not IAM and user stores? › Federation and B2B need cloud user stores › Privacy concerns mounting › Data protection is critical User stores start shifting from on- premises to the cloud
- 19. © 2015 Forrester Research, Inc. Reproduction Prohibited 19 › IAM budgets are bound to increase 2016 at least 5%. › CX is a must, and vendors must productize it. › You must dump in-house developed IAM solutions › UBA continues where Identity intelligence left off. › User stores start shifting from on-premises into the cloud. Summary In 2016, for IAM Forrester predicts. . .
- 20. Thank you forrester.com Andras Cser +1 617.613.6365 acser@forrester.com
- 21. Embracing the Future with Adaptive Authentication Keith Graham, CTO and SVP Products SecureAuth
- 22. 22 + Security budgets are increasing + The password is not dead...yet + Customer/user experience matters + Behavioral Biometrics will take center-stage + Organizations must embrace next generation adaptive authentication A Look Ahead
- 24. 24 Adaptive Authentication techniques Device Recognition Identity Store Lookup Geo-Velocity Behavioral Biometrics IP Reputation Geo-Location When layered together, they are powerful
- 25. 25 + First time authentication: register the endpoint device + Subsequent authentications: validate the endpoint device + Device recognition can include: Device Recognition - Web browser configuration - Device IP address - Language - Screen resolution - Installed fonts - Browser cookies settings - Browser plugin - Time zone
- 26. 26 IP Reputation
- 27. 27 + Compare and filter based on information in the store + Can be based on any attribute of the user Identity Store Lookup
- 28. 28 + Compare the users current country location against a good/bad country list. Geo-Location Norway
- 29. 29 + Compare current location and login history to determine whether an improbable travel event has occurred Geo-Velocity
- 30. 30 + Analyze behavior that can be used to verify a person + Gather & store characteristics about the way the user interacts with a device such as: – Keystroke dynamics – Mouse movements – Touch interactions Behavioral Biometrics PRESS FLIGHT SEQUENCE MOUSE GYROSCOPE ACCELEROMETERSURFACE
- 31. 31 + Implement techniques in layers + Balances strong security and great user experience + Take dynamic action based on the result – Step up, Step down, Allow, Deny, Redirect + Get out the way of your users! The Power of Adaptive Authentication
- 32. Q&A
Editor's Notes
- http://www.traceoneview.com/wp-content/uploads/2015/03/crystal-ball.jpg
- http://ezust-ajandekbolt.hu/custom/tacsik/image/cache/w900h760wt1/product/Valenti/ezust%20bosegszaru-1.jpg?lastmod=1424434395.1409049939
- http://www.propertymanager.com/wp-content/uploads/2012/05/img_padlockMoney_540x360.jpg http://www.smiley-faces.org/wallpaper/smiley-face-wallpaper-014.jpg
- Image source: Flickr (http://www.flickr.com/) | CC BY 2.0 | https://www.flickr.com/photos/dnamichaud/554406521/
- Money http:http://www.flickr.com/photos/59937401@N07/5929474535/ Waiting http://2.bp.blogspot.com/-iOrHDh7w1_8/TaDXQ8cAqII/AAAAAAAAAxc/3bJTwAOD-5E/s1600/waiting.gif Businessman heaves massive boulder: http://www.istockphoto.com/stock-photo-15880093-businessman-heaves-massive-boulder-into-the-sky.php?st=f990c41 Thief httphttp://office.microsoft.com/en-us/images/results.aspx?qu=robbers&ex=1#ai:MC900034567| Hammering computer http://office.microsoft.com/en-us/images/results.aspx?qu=computer+hammer&ex=1#ai:MC900078782|
- http://www.wpclipart.com/signs_symbol/ecology/recycle/litter/trashcan_dont_pollute.png
- Source: Flickr (http://farm6.staticflickr.com/5527/11820105646_8abbb1742a_o.jpg)
- Our outlook for 2016 is completely in line with what you just heard from Andras. We are seeing similar trends in the market around increasing the budgets, the prevalence of passwords, the importance of customer experience. We will go into more detail on on the emergence of behavioral biometrics and next-generation adaptive authentication as a strategy that will keep you ahead of these trends. Let’s take a closer look. -------------------------------------------- Security budgets are increasing*: We agree with the Forrester prediction on increasing budgets. A study commissioned just last month by SecureAuth shows: 95% of cyber security professionals say their company will increase its security spending in the next year. 62% of cyber security professionals say that managing the consequences of a data breach would cost their company more than protecting against a breach. The Password is not dead...yet. Although steps in research and innovation are being taken to move us away from our love of the password, it’s still very firmly here to stay throughout 2016. We'll talk about using passwords layered with adaptive authentication techniques can make a powerful and effective combination. BehavioBiometrics will take center-stage: In line with the prediction put forth by Andras, the ability to analyze keystroke dynamics, mouse movements, and touch based interaction with devices will become a technical viable, and valuable way to verify the true ownership of credentials; but also a way of determining a legitimate user who is an inside attacker, vs an external bad actor who has compromised legitimate credentials. More on this later. Customer/User Experience Matters: In the study I mentioned earlier, 87% of cybersecurity professionals admit that their company is frequently forced to choose between user experience and greater security. We believe organizations do not have to choose and that's where next generation adaptive authentication comes in. Adaptive Authentication: Adaptive Auth is the key to balancing strong security and great user experience, taking dynamic action based on the result of a combination of risk factors. Let’s take a closer look.
- Or device fingerprint. Not to be mistaken with a biometric fingerprint Device fingerprinting is typically a two-stage process on first time authentication we register an endpoint, and on subsequent authentications we validate an endpoint against the stored device fingerprint The actual device fingerprint, uses and relies on certain characteristics about that endpoint. Such as; web browser configuration language installed fonts browser plugins device IP address screen resolution browser cookies settings Time zone
- We can take IP reputation data, e.g. IP addresses that are on black lists and deny the authentication based upon that. For example, if the IP address of the machine from which the user is trying to authentication is part of a Tor network, a known bonnet, or an IP known to be associated with known bad actors.
- The ability to use geo-location and login history to determine whether an improbable travel event has occurred:
- Analyzing some measurable behavior that can be used to identify a person. Leading up to the auth, gathering certain characteristics about the way that the user is interacting with the device, such as; Keystroke dynamics Mouse movements Gesture, and touch Motion patterns