IDENTITY AND THE NEW AGE OF ENTERPRISE SECURITY BEN SMITH CISSP CRISC CIPT RSA FIELD CTO

Transcription

1 IDENTITY AND THE NEW AGE OF ENTERPRISE SECURITY BEN SMITH CISSP CRISC CIPT RSA FIELD CTO

2 IDENTITY = THE MOST CONSEQUENTIAL ATTACK VECTOR Confirmed data breaches involving weak, default or stolen passwords 63% Web application attacks where credentials are harvested from customer devices 95%+ Point of sale breaches featuring stolen credentials leveraging legitimate partner access 98% Verizon Data Breach Investigations Report (DBIR): 2016, 2015

3

4 STOPPING THE INTERNAL TUG-OF-WAR Easy Access to cloud, web and mobile applications from any device Regain Control of a disrupted perimeter with consistent and centrally enforced policy End Users CIO / CISO

5 AND EXTERNALLY, WHAT ABOUT YOUR SUPPLY CHAIN?

6 DILEMMAS OF THE MODERN ORGANIZATION Protect VPN access with strong authentication OLD WORLD Account lifecycle management automation for IT efficiency

7 DILEMMAS OF THE MODERN ORGANIZATION SECURITY TEAM Supporting SaaS applications is problematic. Too many security problems. Security is key. We need strong authentication and control" CISO We need to secure our identities and applications, comply with regulatory requirements and ensure we are aligned with the business LINE OF BUSINESS We need to get the job done quickly. This SaaS application is the industry standard. We will use it with out without the support of IT, and we will not jump through hoops NEW WORLD IT MANAGER I need to cut cost of ownership, which means moving to the cloud. I need to support SaaS applications AND maintain security RISK MANAGER I need to ensure organization is compliant with internal and external governing policies and industry regulations IAM MANAGER I need to have confidence that I know who has access to what, and that applications and data are protected while enforcing privacy.

8 MODERNIZATION MALICE MANDATES APPS USERS DEVICES PHISHING BREACH MALWARE PCI GDPR DFARS Organizations are taking more business online Cloud and mobile change the game Increasingly sophisticated and more frequent IDENTITY CHALLENGES CONTINUE TO GROW Transitioning from simple guidance to rigid security with a modern, global infrastructure

9 NEW CHALLENGES REQUIRE ADDITIONAL CAPABILITIES EVOLVE FROM STRONG AUTHENTICATION TRANSFORM TO IDENTITY ASSURANCE OTP tokens can be cumbersome for some Access decisions based solely on credentials Passwords still dominant and creating gaps CONVENIENT more choices for a variety of use scenarios INTELLIGENT context and risk increase security & reduce friction PERVASIVE protect ground to cloud limits the attack surface

10 RISK-BASED IDENTITY ASSURANCE Location Role Network Static User and Context Rules PASS Device Session App Approve Tokencode RSA SecurID Location Access Pattern Identity Assurance Engine RISKY Device Biometrics FIDO Device Time App Network Dynamic Behavior-based Confidence SMS Deny Voice

11 BENEFITS TO RISK-BASED IDENTITY ASSURANCE CONVENIENCE SCALE SECURITY Invisible to users Reduce the friction 90% step-ups eliminated Any authentication method Can extend risk-based to all users Lower total cost of ownership (TCO) Continuously monitor all access Risky actions, automatic step-up Learned behaviors over time

12

13 Identity Governance Act with insight to prioritize access decisions Access & SSO Ensures right individuals have convenient and secure access Access Meets Assurance access requirements of the modern workforce Who has access to what? Reduces startup times and lowers costs Identity Lifecycle Ensure users have timely access the the right applications Delivering convenient and secure access to the modern workforce Authentication

14 Identity Governance Manage and provide insight into who has access to what Identity Lifecycle Expanded visibility and control over identities Prioritized actions based on risk Reduces time / manual effort with automated processes Strengthens risk posture Reduces chances of audit failure or breach Reduced TCO

15 WHO is the user? WHAT known fraud is this user or device associated with? WHAT can they access? HOW are they using that access and is it a threat? WHY should I care? Is there a risk to my business?