Kurt Johnson, Courion
A discussion of how identity management needs to move to the next generation of intelligent IAM, combining traditional elements of provisioning and governance with continuous monitoring and rich analytics to identify risk, threats, and vulnerabilities to access.
Exploring the Future Potential of AI-Enabled Smartphone Processors
CIS14: Identity Therapy: Surviving the Explosion of Users, Access and Identities
1. Identity Therapy: Surviving the Explosion
of Users, Access, and Identities
Kurt Johnson
VP Strategy & Corporate Development
Courion Corporation
@kurtvjohnson
3. 3
Customer Need
Mobile AppsCloud Systems & Apps
Data
Resources
Assets
Systems & Apps
ACCESS
Ensure the Right People
have the Right Access
to the Right Resources
and are doing the Right Things
19. 19
2013 may be remembered as the
“year of the retailer breach”, but
a comprehensive assessment
suggests it was a year of
transition from geopolitical
attacks to large-scale attacks on
payment card systems
21. 21
PCI DSS Requirement 8:
Identify and authenticate access to system components
“Only 24.2% of organizations that
suffered a security breach were
compliant with Requirement 8 at the
time of the breach”
“64.4% of organizations failed to
restrict each account with
access to cardholder data to
just one user”
“More than half of insiders committing
IT sabotage were former employees who
regained access via backdoors or
corporate accounts that were never
disabled”
Source: Verizon 2014 PCI Compliance Report
22. 22
Top Audit Findings
0% 5% 10% 15% 20% 25% 30% 35% 40%
Lack of sufficient segregation of duties
Removal of access following a transfer or termination
Excessive developers' access to production systems and data
Excessive acess rights
30%
18%
22%
31%
31%
27%
31%
38%
28%
29%
29%
36%
2012 2010 2009
Source: Deloitte Global Financial Services Security Survey
38. 38
“Shift your security mindset from incident
response to continuous response, wherein
systems are assumed to be compromised and
require continuous monitoring and
remediation.”
“Designing an Adaptive Security Architecture for Protection From Advanced Attacks”
Peter Firstbrook and Neil MacDonald, 2014.
48. 48
Multi-dimensional analysis
Trillions of access
relationships
100’s of policies
& regulations
POLICIES
1000’s of
applications,
file shares &
resources
RESOURCES
Millions of
actions
ACTIVITY
100’s of thousands
of access rights &
roles
RIGHTS
100,000’s of
people, millions
of identities
IDENTITY
53. 53
Intelligent Governance • New account created outside
provisioning system
• High risk application
• High risk set of entitlements
• Employee not in HR system
…another
…and another
61. 61
“By year-end 2020, identity analytics
and intelligence (IAI) tools will deliver
direct business value in 60% of
enterprises, up from <5% today.”
Intelligent IAM