CIS14: Identity at Scale: Bridging Gaps between Physical and Logical, Token and Cloud
-
Upload
cloudidsummit -
Category
Technology
-
view
219 -
download
1
description
Transcript of CIS14: Identity at Scale: Bridging Gaps between Physical and Logical, Token and Cloud
Identity at scale:
Bridging gaps between physical and virtual, token and cloud
Chris Corum, AVISIAN Publishing [email protected]
@Avisian
- Some orgs strengthen, most do nothing - Single credential to access many sites - Host in house or go to cloud? - Forces align to kill the weak credential
- Single purpose, weak credentials were issued by individual entities to protect access to their own stuff
- Usage and value of ‘what we’re protecting’ rise, gives rise to hacking and breach culture - Users tire of mass single-use credentials
early
on
mid
pha
se
curr
ent
Mass data breaches
Cloning/counterfeiting
Password fatigue Costanza wallet
Acronym soup Smart cards/2FA SSO Federation/NFC CIS IDaaS
UN/PW Cards and badges
HAVE KNOW ARE
HAVE KNOW ARE
HAVE
KNOW ARE
Traditional authentication
Something you connected to Something you used Something you tapped on Something you drove
Some place you went
Some place you ate
Some place you walked past
Some place you tapped in
Some place you parked
Some way you type
Some way you tap
Some way you mouse over
Some way you twist your device Something you did
Something else you did
Something you did a few minutes ago
Something your are about to do
Something you know
Something else you know
Something you couldn’t know
Something you used to know
Some place you went Some place you ate Some place you walked past Some place you tapped in Some place you parked
Some way you type Some way you tap Some way you mouse over Some way you twist your device
Something you have
Something else you have
Something in handset
Something you are Something else you are Some other thing you are
Something you connected to
Something you used
Something you tapped on
Something you drove
Something you did
Something else you did
Something you did a few
minutes ago
Something your are about to do
Something you know
Som
ething else you know
Something you couldn’t know
Something you used to know
Something you have Something else you have Something in handset
Next gen authentication
Coalescence not Convergence
Scalability Virtually boundless, Internet scale
Bound by time and geography
Issuance Directory or DB records with user-initiated lifecycle management
Cryptographic tokens with expiry and lifecycle management
Know the user Seldom seen, often self-asserted attributes
Face-to-face vetting with verified attributes
Physical and digital took similar paths to reach point where a “net” of adaptive, continuous authentication
can enable us to leapfrog convergence to coalescence if we bridge gaps to tap the strengths of both groups.
Chris Corum, AVISIAN Publishing [email protected]
@Avisian