Staying out of the headlines should be a top priority for you and your organization. It may sound counter-intuitive, but all too many recent headlines have been about organizations that have failed to protect their corporate assets and interests. Ask Sony or Target about their experience on the front page. So what prevents your company from being next?
Pamela Dingle from Ping Identity's CTO Office recently presented a webinar on this topic. In her presentation Pam outlined the current Identity and Access Management (IAM) landscape, as well as examined the future of Next Generation Identity and its place in the age of security breaches.
IAM best practices and architecture are evolving quickly, and most organizations have not kept pace. At Ping Identity we believe that IAM best practices and technology may be one of your best defenses for keeping out of the security breach news.
Today, most organizations have several common IAM components in place that work to reduce the risk of breach. Common components in today's architecture include:
Identity Repository - Most commonly used is Active Directory
Authentication Services - Used to determine if the user has the right credentials, can be extended beyond user id and password to include other factors
Federation Services - Access management and user provisioning services that enable authenticated users access to trusted Internal or 3rd party SaaS applications using SAML
SAML - Standard widely used to allow users secure access to trusted applications, typically outside their corporation by passing tokens that represent user information
With these current-gen IAM components and standards you can accomplish a lot to reduce risk for your organization, including:
Single Sign-on (SSO)
Centralized Policy Management
Central User Store
However, there are also several major gaps that many customers using current generation IAM cannot address in a comprehensive manner, creating risk for the organization. These include:
Mobile - User credentials are often still requested by mobile apps and cached locally
APIs - APIs expose credentials and require many permissions to validate
B2B - Developers are still hard-coding credentials into scripts
The Next Generation of Identity Security is fundamentally different from today's architecture. There are several transformational concepts that are critical to the architecture:
Automation - This is the foundation of Next-Gen Identity. Making connections and setting up trust relationships, should be highly automated and secure without manual intervention.
Client Identity - Identify the software that is working on behalf of the user. This works in conjunction with user identity. This is a shift from current credential management.
Scoped Authorization - The key here is that this spans mobile, API, and B2B use cases and individual clients are given only the access they need for a set time or transaction.
Multi-factor Authentication - Passwords are horribly insecure as a single form of authentication, better forms of multi-factor must become prevalent.
Identity - Standards based identity must be common across Web and Mobile, OpenID Connect is an emerging standard.
Next-Gen Identity ensures that all identities are tracked and managed, including users, software, and devices. Next-Gen addresses use cases seamlessly across human and machine to usher in the Post-Password Era.