SlideShare ist ein Scribd-Unternehmen logo

You Can't Spell Enterprise Security without MFA

Als PPT, PDF herunterladen
Ping Identity
Ping Identity

Sure, you can spell enterprise security without the letters M-F-A, but the modern digital enterprise isn't as secure without a strong multi-factor authentication (MFA) strategy. Enterprises are under attack, and credentials are a primary target. Many leading enterprises are enhancing their security and control with MFA, allowing them to move away from a high-risk, password-based security approach and to give their employees, partners, and customers a better user experience. View this slide deck for best practices for a MFA strategy.

Technologie
1 von 46
You Can’t Spell Enterprise Security Without MFA Paul Madsen, Principal Technical Architect Office of the CTO Ping Identity Copyright 2013 Ping Identity Corp. All rights reserved.© 1
Agenda Copyright 2013 Ping Identity Corp. All rights reserved.© 2 •Why •What •Which •When & Where
WHY MFA? Copyright 2013 Ping Identity Corp. All rights reserved.© 3 • Deficiencies & vulnerabilities of one factor mitigated by another (unless they are dependent) • Raises the bar for attackers • Compromise of one factor insufficient to enable attacker access to sensitive resources • Voted ‘Easiest to pronounce acronym’ 4 years in a row!
Copyright 2013 Ping Identity Corp. All rights reserved.© 4
5 I come not to bury passwords but to appraise them
MFA is Using two or more login factors in order to authenticate a user
MFA is Using two or more login factors in order to authenticate a user multiple independent
MFA is Using two or more login factors in order to authenticate a user Dynamically choosing from multiple independent
MFA is Using two or more login factors in order to authenticate a user Dynamically choosing from implicit & explicit authentication multiple independent
MFA is Using two or more login factors in order to authenticate a user/ with the optimal balance of security, usability, and cost Dynamically choosing from implicit & explicit authentication multiple independent
MFA is Using two or more login factors in order to authenticate a user/ with the optimal balance of security, usability, and cost Dynamically choosing from implicit & explicit authentication/based on an assessment of risk (determined by analysis of various contextual signals and other considerations) multiple independent
MFA is Using two or more login factors in order to authenticate a user/ with the optimal balance of security, usability, and cost Dynamically choosing from implicit & explicit authentication/based on an assessment of risk (determined by analysis of various contextual signals and other considerations) multiple independent
13 Authentication
Firstly, some secret thou knoweth, secondly some object thoust have in thy living, and thirdly some quality of thy p'rson
In practice •Something you forgot •Something you left at home •Something you are nervous about sharing 15
Key Authentication Trends Trope doesn’t adequately acknowledge 1. Device as factor 2. Local authentication 3. Contextual verification
17 Device as factor
Phones make great *have* factors •Connected •Computation •Storage •UI
Phones make great *have* factors •Connected •Computatio n •Storage •UI In a package a user won’t leave at home
yes no Is device authenticated? no yes User authenticated? Enjoy public application access Enjoy public application access Authenticating device & user
yes no Is device authenticated? no yes User authenticated? Enjoy partial application access Enjoy partial application access User logs in from untrusted device. User logs in from untrusted device. Enjoy public application access Enjoy public application access Authenticating device & user
yes no Is device authenticated? no yes User authenticated? Enjoy partial application access Enjoy partial application access Enjoy full application access Enjoy full application access Device Registration Device Registration User logs in from untrusted device. User logs in from untrusted device. Enjoy public application access Enjoy public application access Authenticating device & user
yes no Is device authenticated? no yes User authenticated? Enjoy partial application access Enjoy partial application access Enjoy full application access Enjoy full application access Device Registration Device Registration User logs in from untrusted device. User logs in from untrusted device. Enjoy public application access Enjoy public application access Authenticating device & user Enjoy partial application access Enjoy partial application access
Stand up straight Copyright 2013 Ping Identity Corp. All rights reserved.© 24 • If relying on device authentication, the ‘device posture’ of that device becomes paramount • This ‘device posture’ includes aspects like PIN, malware, screenshot enabled etc • In the enterprise, EMM solutions allow IT to define & enforce policies over device posture – and (in emerging trend) to report current situation into authentication systems • Work underway in the Identity Defined
25 Local authentication
Local authentication • Capabilities of phones also make practical a model where the verification check is performed locally, ie on the device • As used for ‘device unlock’ – the user logically authenticates to the device • Local authentication (particularly for biometrics) has privacy advantages – no secrets on the server
FIDO Alliance Copyright 2013 Ping Identity Corp. All rights reserved.© 27 • The issue with leveraging local authentication is how – A server can prompt the client to perform an authentication – How client can ‘prove’ to server that it did so • FIDO Alliance normalizes the above pattern • Abstracts away from the server the specifics of the local authentication on the client via an asymmetric cryptographic challenge/response pattern • Inherently multi-factor – must have the private key as well as the local factor (either know or are)
28 Contextual verification
Contextual verification • Contextual verification is a model of passively collecting signals & parameters from the user’s environment and analyzing/comparing them to identify anomalies (from expected) • In the context of authentication, supplements (or in some instance replaces) traditional overt & explicit logins. • Valuable because it can increase assurance without negative usability implications • Signals can be collected via multiple channels & touchpoints, e.g. device, browser, agents • Assumption is that attacker unlikely to be able to simulate all signals in order to impersonate valid user • Manifests as • Geofencing Copyright 2014 Ping Identity Corp. All rights reserved.© 29
Explicit giving way to implicit Copyright 2014 Ping Identity Corp. All rights reserved.© 30 Explici t Implici t Trend Explici t Implici t
31 Choosing Factors
Considerations when picking factors Copyright 2013 Ping Identity Corp. All rights reserved.© 32 • IT benefits Is the authentication method easy to deploy? Will it require additional IT resources? Can it work across multiple channels, e.g. online, telephony, etc? • Usability Is the authentication method easy to use? Will end users accept the new process? Can users be expected to have a device capable of supporting a particular mechanism? Will users be concerned about privacy?. • Initial costs Is there a cost per user that will grow every time a new user is added? What is the replacement cost – both for the device and its associated administrative burden? • Deployment costs What are the costs associated with deploying the authentication mechanism. Is client hardware or software required? If so, how is that distributed to consumers and what are the associated costs?
Copyright 2013 Ping Identity Corp. All rights reserved.© 33
Analysis Low assurance High assurance Poor usability Good usability Smart cards OTP Hardware token Passwords Mobile authentication app Device fingerprinting Low cost Medium cost High cost SMS OTP
Analysis Low assurance High assurance Poor usability Good usability Smart cards OTP Hardware token Passwords Mobile authentication app Device fingerprinting Low cost Medium cost High cost SMS OTP FIDO?
36 Recommendations
Risky business Copyright 2013 Ping Identity Corp. All rights reserved.© 37 • Risk-based MFA demands that resources be analyzed for the risk of their compromise • OMB m04-4 defines a model for assessing risk of an authentication mistake - determined by – Potential harm or impact – Likelihood of the authentication mistake • ‘Harm’ includes – Financial loss, damage to reputation, personal safety, civil/criminal prosecution • Once risk has been assessed, authentication factors can be chosen accordingly
Break away from password hegemony Copyright 2013 Ping Identity Corp. All rights reserved.© 38
Flexibility Copyright 2013 Ping Identity Corp. All rights reserved.© 39 • Particularly for consumer space, provide different options for MFA factors • Both to support heterogeneous user base and to offer fall back mechanisms if and when a particular factor doesn’t work, e.g. if a mobile phone is offline or if the consumer is roaming, fall back to a generated OTP
40 MFA 2.0
MFA 2.0 1. Factor in context 1. Anomalies initially determined by policy, allow for natural learning future 2. Risk it 1. Choose authentication factors based on assessment of risk 2. Rely on contextual verification when possible 3. Device advice 1. Leverage local authentication and device authentication 2. Be sensitive to device posture Copyright 2014 Ping Identity Corp. All rights reserved.© 41
MFA 2.0 Copyright 2014 Ping Identity Corp. All rights reserved.© 42 Risk & Policy EngineRisk & Policy EngineRisk & Policy EngineRisk & Policy Engine ContinueContinueContinueContinueStartStartStartStart Active AuthenticationActive AuthenticationActive AuthenticationActive Authentication DenyDeny BehaviorBehaviorBehaviorBehaviorContextContextContextContext ExternalExternal FeedsFeeds ExternalExternal FeedsFeeds CommunityCommunity IntelligenceIntelligence CommunityCommunity IntelligenceIntelligence DenyDeny Behavioural Feedback CorrelationCorrelationCorrelationCorrelation EnvironmentEnvironmentEnvironmentEnvironment ApplicationApplication infoinfo ApplicationApplication infoinfo PolicyPolicyPolicyPolicy
Policy Data Copyright 2014 Ping Identity Corp. All rights reserved.© 43 IdP Device Environment Authenticati on MFA
Policy Data Copyright 2014 Ping Identity Corp. All rights reserved.© 44 IdP RP Device Environment Authenticati on MFA Authorization
45 The M is table stakes
46 Thanks

Empfohlen

Managing Identity without Boundaries
Managing Identity without BoundariesManaging Identity without Boundaries
Managing Identity without BoundariesPing Identity
 
Connecting The Real World With The Virtual World
Connecting The Real World With The Virtual WorldConnecting The Real World With The Virtual World
Connecting The Real World With The Virtual WorldPing Identity
 
Catalyst 2015: Patrick Harding
Catalyst 2015: Patrick HardingCatalyst 2015: Patrick Harding
Catalyst 2015: Patrick HardingPing Identity
 
Clear and Present Danger
Clear and Present DangerClear and Present Danger
Clear and Present DangerPing Identity
 
Identity-Defined Privacay & Security for Internet of Things
Identity-Defined Privacay & Security for Internet of ThingsIdentity-Defined Privacay & Security for Internet of Things
Identity-Defined Privacay & Security for Internet of ThingsPing Identity
 
Hitchhikers Guide to the Identiverse - How Federated Business will Rule the W...
Hitchhikers Guide to the Identiverse - How Federated Business will Rule the W...Hitchhikers Guide to the Identiverse - How Federated Business will Rule the W...
Hitchhikers Guide to the Identiverse - How Federated Business will Rule the W...Ping Identity
 
Standard Based API Security, Access Control and AI Based Attack - API Days Pa...
Standard Based API Security, Access Control and AI Based Attack - API Days Pa...Standard Based API Security, Access Control and AI Based Attack - API Days Pa...
Standard Based API Security, Access Control and AI Based Attack - API Days Pa...Ping Identity
 
The Case For Next Generation IAM
The Case For Next Generation IAM The Case For Next Generation IAM
The Case For Next Generation IAM Patrick Harding
 

Empfohlen

Managing Identity without Boundaries
Managing Identity without BoundariesManaging Identity without Boundaries
Managing Identity without BoundariesPing Identity
 
Connecting The Real World With The Virtual World
Connecting The Real World With The Virtual WorldConnecting The Real World With The Virtual World
Connecting The Real World With The Virtual WorldPing Identity
 
Catalyst 2015: Patrick Harding
Catalyst 2015: Patrick HardingCatalyst 2015: Patrick Harding
Catalyst 2015: Patrick HardingPing Identity
 
Clear and Present Danger
Clear and Present DangerClear and Present Danger
Clear and Present DangerPing Identity
 
Identity-Defined Privacay & Security for Internet of Things
Identity-Defined Privacay & Security for Internet of ThingsIdentity-Defined Privacay & Security for Internet of Things
Identity-Defined Privacay & Security for Internet of ThingsPing Identity
 
Hitchhikers Guide to the Identiverse - How Federated Business will Rule the W...
Hitchhikers Guide to the Identiverse - How Federated Business will Rule the W...Hitchhikers Guide to the Identiverse - How Federated Business will Rule the W...
Hitchhikers Guide to the Identiverse - How Federated Business will Rule the W...Ping Identity
 
Standard Based API Security, Access Control and AI Based Attack - API Days Pa...
Standard Based API Security, Access Control and AI Based Attack - API Days Pa...Standard Based API Security, Access Control and AI Based Attack - API Days Pa...
Standard Based API Security, Access Control and AI Based Attack - API Days Pa...Ping Identity
 
The Case For Next Generation IAM
The Case For Next Generation IAM The Case For Next Generation IAM
The Case For Next Generation IAM Patrick Harding
 
Gartner IAM London 2017 Session - Security, Standards & User Experience: The ...
Gartner IAM London 2017 Session - Security, Standards & User Experience: The ...Gartner IAM London 2017 Session - Security, Standards & User Experience: The ...
Gartner IAM London 2017 Session - Security, Standards & User Experience: The ...Ping Identity
 
Webinar: Deep Diving Into the KuppingerCole IDaaS Leadership Compass
Webinar: Deep Diving Into the KuppingerCole IDaaS Leadership Compass Webinar: Deep Diving Into the KuppingerCole IDaaS Leadership Compass
Webinar: Deep Diving Into the KuppingerCole IDaaS Leadership Compass Ping Identity
 
Managing Mobile Business Insecurities
Managing Mobile Business InsecuritiesManaging Mobile Business Insecurities
Managing Mobile Business InsecuritiesPing Identity
 
Identity Beyond Employees: How Customer Experience Impacts Your IAM Practices
Identity Beyond Employees: How Customer Experience Impacts Your IAM PracticesIdentity Beyond Employees: How Customer Experience Impacts Your IAM Practices
Identity Beyond Employees: How Customer Experience Impacts Your IAM PracticesPing Identity
 
Webinar: Three Steps to Transform Your Mobile App into a Security Factor
Webinar: Three Steps to Transform Your Mobile App into a Security FactorWebinar: Three Steps to Transform Your Mobile App into a Security Factor
Webinar: Three Steps to Transform Your Mobile App into a Security FactorPing Identity
 
GDPR & Customer IAM: The Real Winners Won’t Stop At Compliance
GDPR & Customer IAM: The Real Winners Won’t Stop At ComplianceGDPR & Customer IAM: The Real Winners Won’t Stop At Compliance
GDPR & Customer IAM: The Real Winners Won’t Stop At CompliancePing Identity
 
Hybrid IAM: Fuelling Agility in the Cloud Transformation Journey | Gartner IA...
Hybrid IAM: Fuelling Agility in the Cloud Transformation Journey | Gartner IA...Hybrid IAM: Fuelling Agility in the Cloud Transformation Journey | Gartner IA...
Hybrid IAM: Fuelling Agility in the Cloud Transformation Journey | Gartner IA...Ping Identity
 
Criteria for Effective Modern IAM Strategies (Gartner IAM 2018)
Criteria for Effective Modern IAM Strategies (Gartner IAM 2018)Criteria for Effective Modern IAM Strategies (Gartner IAM 2018)
Criteria for Effective Modern IAM Strategies (Gartner IAM 2018)Ping Identity
 
CIS 2013 Ping Identity Chalktalk
CIS 2013 Ping Identity ChalktalkCIS 2013 Ping Identity Chalktalk
CIS 2013 Ping Identity ChalktalkCraig Wu
 
9.35am robert humphrey
9.35am robert humphrey9.35am robert humphrey
9.35am robert humphreyArgyle Executive Forum
 
Identity's Role in a Zero Trust Strategy
Identity's Role in a Zero Trust StrategyIdentity's Role in a Zero Trust Strategy
Identity's Role in a Zero Trust StrategyOkta-Inc
 
Get an overview of your network and relax with aruba clear pass and device in...
Get an overview of your network and relax with aruba clear pass and device in...Get an overview of your network and relax with aruba clear pass and device in...
Get an overview of your network and relax with aruba clear pass and device in...Xylos
 
FIDO & The Mobile Network Operator - Goode Intelligence & Nok Nok Labs
FIDO & The Mobile Network Operator - Goode Intelligence & Nok Nok LabsFIDO & The Mobile Network Operator - Goode Intelligence & Nok Nok Labs
FIDO & The Mobile Network Operator - Goode Intelligence & Nok Nok LabsNok Nok Labs, Inc
 
Adopting A Zero-Trust Model. Google Did It, Can You?
Adopting A Zero-Trust Model. Google Did It, Can You?Adopting A Zero-Trust Model. Google Did It, Can You?
Adopting A Zero-Trust Model. Google Did It, Can You?Zscaler
 
Okta Digital Enterprise Report
Okta Digital Enterprise ReportOkta Digital Enterprise Report
Okta Digital Enterprise ReportOkta-Inc
 
2014 IoT Forum_ Fido Alliance
2014 IoT Forum_ Fido Alliance2014 IoT Forum_ Fido Alliance
2014 IoT Forum_ Fido AllianceCOMPUTEX TAIPEI
 
Con8896 securely enabling mobile access for business transformation - final
Con8896 securely enabling mobile access for business transformation - finalCon8896 securely enabling mobile access for business transformation - final
Con8896 securely enabling mobile access for business transformation - finalOracleIDM
 
Multi-Factor Authentication - "Moving Towards the Enterprise"
Multi-Factor Authentication - "Moving Towards the Enterprise" Multi-Factor Authentication - "Moving Towards the Enterprise"
Multi-Factor Authentication - "Moving Towards the Enterprise" mycroftinc
 
Balancing Mobile UX & Security: An API Management Perspective Presentation fr...
Balancing Mobile UX & Security: An API Management Perspective Presentation fr...Balancing Mobile UX & Security: An API Management Perspective Presentation fr...
Balancing Mobile UX & Security: An API Management Perspective Presentation fr...CA API Management
 
Identity Access Management 101
Identity Access Management 101Identity Access Management 101
Identity Access Management 101OneLogin
 
Seminar-Two Factor Authentication
Seminar-Two Factor AuthenticationSeminar-Two Factor Authentication
Seminar-Two Factor AuthenticationDilip Kr. Jangir
 
Eds user authenticationuser authentication methods
Eds user authenticationuser authentication methodsEds user authenticationuser authentication methods
Eds user authenticationuser authentication methodslapao2014
 

Weitere ähnliche Inhalte

Was ist angesagt?

Gartner IAM London 2017 Session - Security, Standards & User Experience: The ...
Gartner IAM London 2017 Session - Security, Standards & User Experience: The ...Gartner IAM London 2017 Session - Security, Standards & User Experience: The ...
Gartner IAM London 2017 Session - Security, Standards & User Experience: The ...Ping Identity
 
Webinar: Deep Diving Into the KuppingerCole IDaaS Leadership Compass
Webinar: Deep Diving Into the KuppingerCole IDaaS Leadership Compass Webinar: Deep Diving Into the KuppingerCole IDaaS Leadership Compass
Webinar: Deep Diving Into the KuppingerCole IDaaS Leadership Compass Ping Identity
 
Managing Mobile Business Insecurities
Managing Mobile Business InsecuritiesManaging Mobile Business Insecurities
Managing Mobile Business InsecuritiesPing Identity
 
Identity Beyond Employees: How Customer Experience Impacts Your IAM Practices
Identity Beyond Employees: How Customer Experience Impacts Your IAM PracticesIdentity Beyond Employees: How Customer Experience Impacts Your IAM Practices
Identity Beyond Employees: How Customer Experience Impacts Your IAM PracticesPing Identity
 
Webinar: Three Steps to Transform Your Mobile App into a Security Factor
Webinar: Three Steps to Transform Your Mobile App into a Security FactorWebinar: Three Steps to Transform Your Mobile App into a Security Factor
Webinar: Three Steps to Transform Your Mobile App into a Security FactorPing Identity
 
GDPR & Customer IAM: The Real Winners Won’t Stop At Compliance
GDPR & Customer IAM: The Real Winners Won’t Stop At ComplianceGDPR & Customer IAM: The Real Winners Won’t Stop At Compliance
GDPR & Customer IAM: The Real Winners Won’t Stop At CompliancePing Identity
 
Hybrid IAM: Fuelling Agility in the Cloud Transformation Journey | Gartner IA...
Hybrid IAM: Fuelling Agility in the Cloud Transformation Journey | Gartner IA...Hybrid IAM: Fuelling Agility in the Cloud Transformation Journey | Gartner IA...
Hybrid IAM: Fuelling Agility in the Cloud Transformation Journey | Gartner IA...Ping Identity
 
Criteria for Effective Modern IAM Strategies (Gartner IAM 2018)
Criteria for Effective Modern IAM Strategies (Gartner IAM 2018)Criteria for Effective Modern IAM Strategies (Gartner IAM 2018)
Criteria for Effective Modern IAM Strategies (Gartner IAM 2018)Ping Identity
 
CIS 2013 Ping Identity Chalktalk
CIS 2013 Ping Identity ChalktalkCIS 2013 Ping Identity Chalktalk
CIS 2013 Ping Identity ChalktalkCraig Wu
 
Identity's Role in a Zero Trust Strategy
Identity's Role in a Zero Trust StrategyIdentity's Role in a Zero Trust Strategy
Identity's Role in a Zero Trust StrategyOkta-Inc
 
Get an overview of your network and relax with aruba clear pass and device in...
Get an overview of your network and relax with aruba clear pass and device in...Get an overview of your network and relax with aruba clear pass and device in...
Get an overview of your network and relax with aruba clear pass and device in...Xylos
 
FIDO & The Mobile Network Operator - Goode Intelligence & Nok Nok Labs
FIDO & The Mobile Network Operator - Goode Intelligence & Nok Nok LabsFIDO & The Mobile Network Operator - Goode Intelligence & Nok Nok Labs
FIDO & The Mobile Network Operator - Goode Intelligence & Nok Nok LabsNok Nok Labs, Inc
 
Adopting A Zero-Trust Model. Google Did It, Can You?
Adopting A Zero-Trust Model. Google Did It, Can You?Adopting A Zero-Trust Model. Google Did It, Can You?
Adopting A Zero-Trust Model. Google Did It, Can You?Zscaler
 
Okta Digital Enterprise Report
Okta Digital Enterprise ReportOkta Digital Enterprise Report
Okta Digital Enterprise ReportOkta-Inc
 
2014 IoT Forum_ Fido Alliance
2014 IoT Forum_ Fido Alliance2014 IoT Forum_ Fido Alliance
2014 IoT Forum_ Fido AllianceCOMPUTEX TAIPEI
 
Con8896 securely enabling mobile access for business transformation - final
Con8896 securely enabling mobile access for business transformation - finalCon8896 securely enabling mobile access for business transformation - final
Con8896 securely enabling mobile access for business transformation - finalOracleIDM
 
Multi-Factor Authentication - "Moving Towards the Enterprise"
Multi-Factor Authentication - "Moving Towards the Enterprise" Multi-Factor Authentication - "Moving Towards the Enterprise"
Multi-Factor Authentication - "Moving Towards the Enterprise" mycroftinc
 
Balancing Mobile UX & Security: An API Management Perspective Presentation fr...
Balancing Mobile UX & Security: An API Management Perspective Presentation fr...Balancing Mobile UX & Security: An API Management Perspective Presentation fr...
Balancing Mobile UX & Security: An API Management Perspective Presentation fr...CA API Management
 
Identity Access Management 101
Identity Access Management 101Identity Access Management 101
Identity Access Management 101OneLogin
 

Was ist angesagt? (20)

Gartner IAM London 2017 Session - Security, Standards & User Experience: The ...
Gartner IAM London 2017 Session - Security, Standards & User Experience: The ...Gartner IAM London 2017 Session - Security, Standards & User Experience: The ...
Gartner IAM London 2017 Session - Security, Standards & User Experience: The ...
 
Webinar: Deep Diving Into the KuppingerCole IDaaS Leadership Compass
Webinar: Deep Diving Into the KuppingerCole IDaaS Leadership Compass Webinar: Deep Diving Into the KuppingerCole IDaaS Leadership Compass
Webinar: Deep Diving Into the KuppingerCole IDaaS Leadership Compass
 
Managing Mobile Business Insecurities
Managing Mobile Business InsecuritiesManaging Mobile Business Insecurities
Managing Mobile Business Insecurities
 
Identity Beyond Employees: How Customer Experience Impacts Your IAM Practices
Identity Beyond Employees: How Customer Experience Impacts Your IAM PracticesIdentity Beyond Employees: How Customer Experience Impacts Your IAM Practices
Identity Beyond Employees: How Customer Experience Impacts Your IAM Practices
 
Webinar: Three Steps to Transform Your Mobile App into a Security Factor
Webinar: Three Steps to Transform Your Mobile App into a Security FactorWebinar: Three Steps to Transform Your Mobile App into a Security Factor
Webinar: Three Steps to Transform Your Mobile App into a Security Factor
 
GDPR & Customer IAM: The Real Winners Won’t Stop At Compliance
GDPR & Customer IAM: The Real Winners Won’t Stop At ComplianceGDPR & Customer IAM: The Real Winners Won’t Stop At Compliance
GDPR & Customer IAM: The Real Winners Won’t Stop At Compliance
 
Hybrid IAM: Fuelling Agility in the Cloud Transformation Journey | Gartner IA...
Hybrid IAM: Fuelling Agility in the Cloud Transformation Journey | Gartner IA...Hybrid IAM: Fuelling Agility in the Cloud Transformation Journey | Gartner IA...
Hybrid IAM: Fuelling Agility in the Cloud Transformation Journey | Gartner IA...
 
Criteria for Effective Modern IAM Strategies (Gartner IAM 2018)
Criteria for Effective Modern IAM Strategies (Gartner IAM 2018)Criteria for Effective Modern IAM Strategies (Gartner IAM 2018)
Criteria for Effective Modern IAM Strategies (Gartner IAM 2018)
 
CIS 2013 Ping Identity Chalktalk
CIS 2013 Ping Identity ChalktalkCIS 2013 Ping Identity Chalktalk
CIS 2013 Ping Identity Chalktalk
 
9.35am robert humphrey
9.35am robert humphrey9.35am robert humphrey
9.35am robert humphrey
 
Identity's Role in a Zero Trust Strategy
Identity's Role in a Zero Trust StrategyIdentity's Role in a Zero Trust Strategy
Identity's Role in a Zero Trust Strategy
 
Get an overview of your network and relax with aruba clear pass and device in...
Get an overview of your network and relax with aruba clear pass and device in...Get an overview of your network and relax with aruba clear pass and device in...
Get an overview of your network and relax with aruba clear pass and device in...
 
FIDO & The Mobile Network Operator - Goode Intelligence & Nok Nok Labs
FIDO & The Mobile Network Operator - Goode Intelligence & Nok Nok LabsFIDO & The Mobile Network Operator - Goode Intelligence & Nok Nok Labs
FIDO & The Mobile Network Operator - Goode Intelligence & Nok Nok Labs
 
Adopting A Zero-Trust Model. Google Did It, Can You?
Adopting A Zero-Trust Model. Google Did It, Can You?Adopting A Zero-Trust Model. Google Did It, Can You?
Adopting A Zero-Trust Model. Google Did It, Can You?
 
Okta Digital Enterprise Report
Okta Digital Enterprise ReportOkta Digital Enterprise Report
Okta Digital Enterprise Report
 
2014 IoT Forum_ Fido Alliance
2014 IoT Forum_ Fido Alliance2014 IoT Forum_ Fido Alliance
2014 IoT Forum_ Fido Alliance
 
Con8896 securely enabling mobile access for business transformation - final
Con8896 securely enabling mobile access for business transformation - finalCon8896 securely enabling mobile access for business transformation - final
Con8896 securely enabling mobile access for business transformation - final
 
Multi-Factor Authentication - "Moving Towards the Enterprise"
Multi-Factor Authentication - "Moving Towards the Enterprise" Multi-Factor Authentication - "Moving Towards the Enterprise"
Multi-Factor Authentication - "Moving Towards the Enterprise"
 
Balancing Mobile UX & Security: An API Management Perspective Presentation fr...
Balancing Mobile UX & Security: An API Management Perspective Presentation fr...Balancing Mobile UX & Security: An API Management Perspective Presentation fr...
Balancing Mobile UX & Security: An API Management Perspective Presentation fr...
 
Identity Access Management 101
Identity Access Management 101Identity Access Management 101
Identity Access Management 101
 

Ähnlich wie You Can't Spell Enterprise Security without MFA

Seminar-Two Factor Authentication
Seminar-Two Factor AuthenticationSeminar-Two Factor Authentication
Seminar-Two Factor AuthenticationDilip Kr. Jangir
 
Eds user authenticationuser authentication methods
Eds user authenticationuser authentication methodsEds user authenticationuser authentication methods
Eds user authenticationuser authentication methodslapao2014
 
Zero Trust Model
Zero Trust ModelZero Trust Model
Zero Trust ModelYash
 
Identity and Security in the Cloud
Identity and Security in the CloudIdentity and Security in the Cloud
Identity and Security in the CloudRichard Diver
 
Webinar: Beyond Two-Factor: Secure Access Control for Office 365
Webinar: Beyond Two-Factor: Secure Access Control for Office 365 Webinar: Beyond Two-Factor: Secure Access Control for Office 365
Webinar: Beyond Two-Factor: Secure Access Control for Office 365SecureAuth
 
FIDO & Strong Authentication Technology Landscape
FIDO & Strong Authentication Technology LandscapeFIDO & Strong Authentication Technology Landscape
FIDO & Strong Authentication Technology LandscapeFIDO Alliance
 
Authentication without Authentication - AppSec California
Authentication without Authentication - AppSec CaliforniaAuthentication without Authentication - AppSec California
Authentication without Authentication - AppSec CaliforniaSoluto
 
Effectively Defending Your IBM i from Malware with Multi-Factor Authentication
Effectively Defending Your IBM i from Malware with Multi-Factor Authentication Effectively Defending Your IBM i from Malware with Multi-Factor Authentication
Effectively Defending Your IBM i from Malware with Multi-Factor Authentication Precisely
 
Webinar - Easy multi factor authentication strategies and PCI DSS
Webinar - Easy multi factor authentication strategies and PCI DSSWebinar - Easy multi factor authentication strategies and PCI DSS
Webinar - Easy multi factor authentication strategies and PCI DSSonionid12
 
Lock it Down: Access Control for IBM i
Lock it Down: Access Control for IBM iLock it Down: Access Control for IBM i
Lock it Down: Access Control for IBM iPrecisely
 
BeyondCorp Seattle Meetup: Closing the Adherence Gap
BeyondCorp Seattle Meetup: Closing the Adherence GapBeyondCorp Seattle Meetup: Closing the Adherence Gap
BeyondCorp Seattle Meetup: Closing the Adherence GapIvan Dwyer
 
Modern Authentication – Turn a Losing Battle into a Winning Strategy, Robert ...
Modern Authentication – Turn a Losing Battle into a Winning Strategy, Robert ...Modern Authentication – Turn a Losing Battle into a Winning Strategy, Robert ...
Modern Authentication – Turn a Losing Battle into a Winning Strategy, Robert ...Core Security
 
BeyondCorp Boston Meetup: Closing the Adherence Gap
BeyondCorp Boston Meetup: Closing the Adherence GapBeyondCorp Boston Meetup: Closing the Adherence Gap
BeyondCorp Boston Meetup: Closing the Adherence GapIvan Dwyer
 
Two factor authentication.pptx
Two factor authentication.pptxTwo factor authentication.pptx
Two factor authentication.pptxArpithaShoby
 
Wfh security risks - Ed Adams, President, Security Innovation
Wfh security risks - Ed Adams, President, Security InnovationWfh security risks - Ed Adams, President, Security Innovation
Wfh security risks - Ed Adams, President, Security InnovationPriyanka Aash
 
Ryan Wilson - ryanwilson.com - IoT Security
Ryan Wilson - ryanwilson.com - IoT SecurityRyan Wilson - ryanwilson.com - IoT Security
Ryan Wilson - ryanwilson.com - IoT SecurityRyan Wilson
 
BeyondCorp SF Meetup: Closing the Adherence Gap
BeyondCorp SF Meetup: Closing the Adherence GapBeyondCorp SF Meetup: Closing the Adherence Gap
BeyondCorp SF Meetup: Closing the Adherence GapIvan Dwyer
 
Mobile authentication
Mobile authenticationMobile authentication
Mobile authenticationHai Nguyen
 
Protecting Your Business from Unauthorized IBM i Access
Protecting Your Business from Unauthorized IBM i AccessProtecting Your Business from Unauthorized IBM i Access
Protecting Your Business from Unauthorized IBM i AccessPrecisely
 
Combat Passwords on Post-Its with Multi-Factor Authentication for IBM i
Combat Passwords on Post-Its with Multi-Factor Authentication for IBM iCombat Passwords on Post-Its with Multi-Factor Authentication for IBM i
Combat Passwords on Post-Its with Multi-Factor Authentication for IBM iPrecisely
 

Ähnlich wie You Can't Spell Enterprise Security without MFA (20)

Seminar-Two Factor Authentication
Seminar-Two Factor AuthenticationSeminar-Two Factor Authentication
Seminar-Two Factor Authentication
 
Eds user authenticationuser authentication methods
Eds user authenticationuser authentication methodsEds user authenticationuser authentication methods
Eds user authenticationuser authentication methods
 
Zero Trust Model
Zero Trust ModelZero Trust Model
Zero Trust Model
 
Identity and Security in the Cloud
Identity and Security in the CloudIdentity and Security in the Cloud
Identity and Security in the Cloud
 
Webinar: Beyond Two-Factor: Secure Access Control for Office 365
Webinar: Beyond Two-Factor: Secure Access Control for Office 365 Webinar: Beyond Two-Factor: Secure Access Control for Office 365
Webinar: Beyond Two-Factor: Secure Access Control for Office 365
 
FIDO & Strong Authentication Technology Landscape
FIDO & Strong Authentication Technology LandscapeFIDO & Strong Authentication Technology Landscape
FIDO & Strong Authentication Technology Landscape
 
Authentication without Authentication - AppSec California
Authentication without Authentication - AppSec CaliforniaAuthentication without Authentication - AppSec California
Authentication without Authentication - AppSec California
 
Effectively Defending Your IBM i from Malware with Multi-Factor Authentication
Effectively Defending Your IBM i from Malware with Multi-Factor Authentication Effectively Defending Your IBM i from Malware with Multi-Factor Authentication
Effectively Defending Your IBM i from Malware with Multi-Factor Authentication
 
Webinar - Easy multi factor authentication strategies and PCI DSS
Webinar - Easy multi factor authentication strategies and PCI DSSWebinar - Easy multi factor authentication strategies and PCI DSS
Webinar - Easy multi factor authentication strategies and PCI DSS
 
Lock it Down: Access Control for IBM i
Lock it Down: Access Control for IBM iLock it Down: Access Control for IBM i
Lock it Down: Access Control for IBM i
 
BeyondCorp Seattle Meetup: Closing the Adherence Gap
BeyondCorp Seattle Meetup: Closing the Adherence GapBeyondCorp Seattle Meetup: Closing the Adherence Gap
BeyondCorp Seattle Meetup: Closing the Adherence Gap
 
Modern Authentication – Turn a Losing Battle into a Winning Strategy, Robert ...
Modern Authentication – Turn a Losing Battle into a Winning Strategy, Robert ...Modern Authentication – Turn a Losing Battle into a Winning Strategy, Robert ...
Modern Authentication – Turn a Losing Battle into a Winning Strategy, Robert ...
 
BeyondCorp Boston Meetup: Closing the Adherence Gap
BeyondCorp Boston Meetup: Closing the Adherence GapBeyondCorp Boston Meetup: Closing the Adherence Gap
BeyondCorp Boston Meetup: Closing the Adherence Gap
 
Two factor authentication.pptx
Two factor authentication.pptxTwo factor authentication.pptx
Two factor authentication.pptx
 
Wfh security risks - Ed Adams, President, Security Innovation
Wfh security risks - Ed Adams, President, Security InnovationWfh security risks - Ed Adams, President, Security Innovation
Wfh security risks - Ed Adams, President, Security Innovation
 
Ryan Wilson - ryanwilson.com - IoT Security
Ryan Wilson - ryanwilson.com - IoT SecurityRyan Wilson - ryanwilson.com - IoT Security
Ryan Wilson - ryanwilson.com - IoT Security
 
BeyondCorp SF Meetup: Closing the Adherence Gap
BeyondCorp SF Meetup: Closing the Adherence GapBeyondCorp SF Meetup: Closing the Adherence Gap
BeyondCorp SF Meetup: Closing the Adherence Gap
 
Mobile authentication
Mobile authenticationMobile authentication
Mobile authentication
 
Protecting Your Business from Unauthorized IBM i Access
Protecting Your Business from Unauthorized IBM i AccessProtecting Your Business from Unauthorized IBM i Access
Protecting Your Business from Unauthorized IBM i Access
 
Combat Passwords on Post-Its with Multi-Factor Authentication for IBM i
Combat Passwords on Post-Its with Multi-Factor Authentication for IBM iCombat Passwords on Post-Its with Multi-Factor Authentication for IBM i
Combat Passwords on Post-Its with Multi-Factor Authentication for IBM i
 

Mehr von Ping Identity

Healthcare Patient Experiences Matter
Healthcare Patient Experiences MatterHealthcare Patient Experiences Matter
Healthcare Patient Experiences MatterPing Identity
 
Optimize Your Zero Trust Infrastructure
Optimize Your Zero Trust InfrastructureOptimize Your Zero Trust Infrastructure
Optimize Your Zero Trust InfrastructurePing Identity
 
Ping’s Technology Partner Program
Ping’s Technology Partner ProgramPing’s Technology Partner Program
Ping’s Technology Partner ProgramPing Identity
 
Remote Work Fuels Zero Trust Growth
Remote Work Fuels Zero Trust GrowthRemote Work Fuels Zero Trust Growth
Remote Work Fuels Zero Trust GrowthPing Identity
 
Identity Verification: Who’s Really There?
Identity Verification: Who’s Really There? Identity Verification: Who’s Really There?
Identity Verification: Who’s Really There? Ping Identity
 
Extraordinary Financial Customer Experiences
Extraordinary Financial Customer ExperiencesExtraordinary Financial Customer Experiences
Extraordinary Financial Customer ExperiencesPing Identity
 
Extraordinary Retail Customer Experiences
Extraordinary Retail Customer ExperiencesExtraordinary Retail Customer Experiences
Extraordinary Retail Customer ExperiencesPing Identity
 
Security Practices: The Generational Gap | Infographic
Security Practices: The Generational Gap | InfographicSecurity Practices: The Generational Gap | Infographic
Security Practices: The Generational Gap | InfographicPing Identity
 
Security Concerns Around the World | Infographic
Security Concerns Around the World | InfographicSecurity Concerns Around the World | Infographic
Security Concerns Around the World | InfographicPing Identity
 
LES ATTITUDES DES CONSOMMATEURS À L’ÈRE DES CYBERATTAQUES
LES ATTITUDES DES CONSOMMATEURS À L’ÈRE DES CYBERATTAQUESLES ATTITUDES DES CONSOMMATEURS À L’ÈRE DES CYBERATTAQUES
LES ATTITUDES DES CONSOMMATEURS À L’ÈRE DES CYBERATTAQUESPing Identity
 
WIE TICKEN VERBRAUCHER IM ZEITALTER DER DATENSCHUTZVERLETZUNGEN?
WIE TICKEN VERBRAUCHER IM ZEITALTER DER DATENSCHUTZVERLETZUNGEN?WIE TICKEN VERBRAUCHER IM ZEITALTER DER DATENSCHUTZVERLETZUNGEN?
WIE TICKEN VERBRAUCHER IM ZEITALTER DER DATENSCHUTZVERLETZUNGEN?Ping Identity
 
Consumer Attitudes in a Post-breach Era: The Geographical Gap
Consumer Attitudes in a Post-breach Era: The Geographical GapConsumer Attitudes in a Post-breach Era: The Geographical Gap
Consumer Attitudes in a Post-breach Era: The Geographical GapPing Identity
 
ATTITUDES DES CONSOMMATEURS A L’ERE DES PIRATAGES LE CONFLIT DE GENERATIONS
ATTITUDES DES CONSOMMATEURS A L’ERE DES PIRATAGES LE CONFLIT DE GENERATIONSATTITUDES DES CONSOMMATEURS A L’ERE DES PIRATAGES LE CONFLIT DE GENERATIONS
ATTITUDES DES CONSOMMATEURS A L’ERE DES PIRATAGES LE CONFLIT DE GENERATIONSPing Identity
 
2018 Survey: Consumer Attitudes in a Post-Breach Era - The Generational Gap
2018 Survey: Consumer Attitudes in a Post-Breach Era - The Generational Gap2018 Survey: Consumer Attitudes in a Post-Breach Era - The Generational Gap
2018 Survey: Consumer Attitudes in a Post-Breach Era - The Generational GapPing Identity
 
WIE TICKEN VERBRAUCHER IM ZEITALTER DER DATENSCHUTZVERLETZUNGEN? ALLES EINE F...
WIE TICKEN VERBRAUCHER IM ZEITALTER DER DATENSCHUTZVERLETZUNGEN? ALLES EINE F...WIE TICKEN VERBRAUCHER IM ZEITALTER DER DATENSCHUTZVERLETZUNGEN? ALLES EINE F...
WIE TICKEN VERBRAUCHER IM ZEITALTER DER DATENSCHUTZVERLETZUNGEN? ALLES EINE F...Ping Identity
 
API Security Needs AI Now More Than Ever
API Security Needs AI Now More Than EverAPI Security Needs AI Now More Than Ever
API Security Needs AI Now More Than EverPing Identity
 
Fishing for a CIAM Platform? 11 Question to Ask Before You Buy
Fishing for a CIAM Platform? 11 Question to Ask Before You BuyFishing for a CIAM Platform? 11 Question to Ask Before You Buy
Fishing for a CIAM Platform? 11 Question to Ask Before You BuyPing Identity
 
Digital Transformation and the Role of IAM
Digital Transformation and the Role of IAMDigital Transformation and the Role of IAM
Digital Transformation and the Role of IAMPing Identity
 
How Aligned Are IT, Employees and Security Practices in Today's Mobile World?
How Aligned Are IT, Employees and Security Practices in Today's Mobile World?How Aligned Are IT, Employees and Security Practices in Today's Mobile World?
How Aligned Are IT, Employees and Security Practices in Today's Mobile World?Ping Identity
 

Mehr von Ping Identity (19)

Healthcare Patient Experiences Matter
Healthcare Patient Experiences MatterHealthcare Patient Experiences Matter
Healthcare Patient Experiences Matter
 
Optimize Your Zero Trust Infrastructure
Optimize Your Zero Trust InfrastructureOptimize Your Zero Trust Infrastructure
Optimize Your Zero Trust Infrastructure
 
Ping’s Technology Partner Program
Ping’s Technology Partner ProgramPing’s Technology Partner Program
Ping’s Technology Partner Program
 
Remote Work Fuels Zero Trust Growth
Remote Work Fuels Zero Trust GrowthRemote Work Fuels Zero Trust Growth
Remote Work Fuels Zero Trust Growth
 
Identity Verification: Who’s Really There?
Identity Verification: Who’s Really There? Identity Verification: Who’s Really There?
Identity Verification: Who’s Really There?
 
Extraordinary Financial Customer Experiences
Extraordinary Financial Customer ExperiencesExtraordinary Financial Customer Experiences
Extraordinary Financial Customer Experiences
 
Extraordinary Retail Customer Experiences
Extraordinary Retail Customer ExperiencesExtraordinary Retail Customer Experiences
Extraordinary Retail Customer Experiences
 
Security Practices: The Generational Gap | Infographic
Security Practices: The Generational Gap | InfographicSecurity Practices: The Generational Gap | Infographic
Security Practices: The Generational Gap | Infographic
 
Security Concerns Around the World | Infographic
Security Concerns Around the World | InfographicSecurity Concerns Around the World | Infographic
Security Concerns Around the World | Infographic
 
LES ATTITUDES DES CONSOMMATEURS À L’ÈRE DES CYBERATTAQUES
LES ATTITUDES DES CONSOMMATEURS À L’ÈRE DES CYBERATTAQUESLES ATTITUDES DES CONSOMMATEURS À L’ÈRE DES CYBERATTAQUES
LES ATTITUDES DES CONSOMMATEURS À L’ÈRE DES CYBERATTAQUES
 
WIE TICKEN VERBRAUCHER IM ZEITALTER DER DATENSCHUTZVERLETZUNGEN?
WIE TICKEN VERBRAUCHER IM ZEITALTER DER DATENSCHUTZVERLETZUNGEN?WIE TICKEN VERBRAUCHER IM ZEITALTER DER DATENSCHUTZVERLETZUNGEN?
WIE TICKEN VERBRAUCHER IM ZEITALTER DER DATENSCHUTZVERLETZUNGEN?
 
Consumer Attitudes in a Post-breach Era: The Geographical Gap
Consumer Attitudes in a Post-breach Era: The Geographical GapConsumer Attitudes in a Post-breach Era: The Geographical Gap
Consumer Attitudes in a Post-breach Era: The Geographical Gap
 
ATTITUDES DES CONSOMMATEURS A L’ERE DES PIRATAGES LE CONFLIT DE GENERATIONS
ATTITUDES DES CONSOMMATEURS A L’ERE DES PIRATAGES LE CONFLIT DE GENERATIONSATTITUDES DES CONSOMMATEURS A L’ERE DES PIRATAGES LE CONFLIT DE GENERATIONS
ATTITUDES DES CONSOMMATEURS A L’ERE DES PIRATAGES LE CONFLIT DE GENERATIONS
 
2018 Survey: Consumer Attitudes in a Post-Breach Era - The Generational Gap
2018 Survey: Consumer Attitudes in a Post-Breach Era - The Generational Gap2018 Survey: Consumer Attitudes in a Post-Breach Era - The Generational Gap
2018 Survey: Consumer Attitudes in a Post-Breach Era - The Generational Gap
 
WIE TICKEN VERBRAUCHER IM ZEITALTER DER DATENSCHUTZVERLETZUNGEN? ALLES EINE F...
WIE TICKEN VERBRAUCHER IM ZEITALTER DER DATENSCHUTZVERLETZUNGEN? ALLES EINE F...WIE TICKEN VERBRAUCHER IM ZEITALTER DER DATENSCHUTZVERLETZUNGEN? ALLES EINE F...
WIE TICKEN VERBRAUCHER IM ZEITALTER DER DATENSCHUTZVERLETZUNGEN? ALLES EINE F...
 
API Security Needs AI Now More Than Ever
API Security Needs AI Now More Than EverAPI Security Needs AI Now More Than Ever
API Security Needs AI Now More Than Ever
 
Fishing for a CIAM Platform? 11 Question to Ask Before You Buy
Fishing for a CIAM Platform? 11 Question to Ask Before You BuyFishing for a CIAM Platform? 11 Question to Ask Before You Buy
Fishing for a CIAM Platform? 11 Question to Ask Before You Buy
 
Digital Transformation and the Role of IAM
Digital Transformation and the Role of IAMDigital Transformation and the Role of IAM
Digital Transformation and the Role of IAM
 
How Aligned Are IT, Employees and Security Practices in Today's Mobile World?
How Aligned Are IT, Employees and Security Practices in Today's Mobile World?How Aligned Are IT, Employees and Security Practices in Today's Mobile World?
How Aligned Are IT, Employees and Security Practices in Today's Mobile World?
 

Kürzlich hochgeladen

Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 

Kürzlich hochgeladen (20)

Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 

You Can't Spell Enterprise Security without MFA

  • 1. You Can’t Spell Enterprise Security Without MFA Paul Madsen, Principal Technical Architect Office of the CTO Ping Identity Copyright 2013 Ping Identity Corp. All rights reserved.© 1
  • 2. Agenda Copyright 2013 Ping Identity Corp. All rights reserved.© 2 •Why •What •Which •When & Where
  • 3. WHY MFA? Copyright 2013 Ping Identity Corp. All rights reserved.© 3 • Deficiencies & vulnerabilities of one factor mitigated by another (unless they are dependent) • Raises the bar for attackers • Compromise of one factor insufficient to enable attacker access to sensitive resources • Voted ‘Easiest to pronounce acronym’ 4 years in a row!
  • 4. Copyright 2013 Ping Identity Corp. All rights reserved.© 4
  • 5. 5 I come not to bury passwords but to appraise them
  • 6. MFA is Using two or more login factors in order to authenticate a user
  • 7. MFA is Using two or more login factors in order to authenticate a user multiple independent
  • 8. MFA is Using two or more login factors in order to authenticate a user Dynamically choosing from multiple independent
  • 9. MFA is Using two or more login factors in order to authenticate a user Dynamically choosing from implicit & explicit authentication multiple independent
  • 10. MFA is Using two or more login factors in order to authenticate a user/ with the optimal balance of security, usability, and cost Dynamically choosing from implicit & explicit authentication multiple independent
  • 11. MFA is Using two or more login factors in order to authenticate a user/ with the optimal balance of security, usability, and cost Dynamically choosing from implicit & explicit authentication/based on an assessment of risk (determined by analysis of various contextual signals and other considerations) multiple independent
  • 12. MFA is Using two or more login factors in order to authenticate a user/ with the optimal balance of security, usability, and cost Dynamically choosing from implicit & explicit authentication/based on an assessment of risk (determined by analysis of various contextual signals and other considerations) multiple independent
  • 14. Firstly, some secret thou knoweth, secondly some object thoust have in thy living, and thirdly some quality of thy p'rson
  • 15. In practice •Something you forgot •Something you left at home •Something you are nervous about sharing 15
  • 16. Key Authentication Trends Trope doesn’t adequately acknowledge 1. Device as factor 2. Local authentication 3. Contextual verification
  • 18. Phones make great *have* factors •Connected •Computation •Storage •UI
  • 19. Phones make great *have* factors •Connected •Computatio n •Storage •UI In a package a user won’t leave at home
  • 20. yes no Is device authenticated? no yes User authenticated? Enjoy public application access Enjoy public application access Authenticating device & user
  • 21. yes no Is device authenticated? no yes User authenticated? Enjoy partial application access Enjoy partial application access User logs in from untrusted device. User logs in from untrusted device. Enjoy public application access Enjoy public application access Authenticating device & user
  • 22. yes no Is device authenticated? no yes User authenticated? Enjoy partial application access Enjoy partial application access Enjoy full application access Enjoy full application access Device Registration Device Registration User logs in from untrusted device. User logs in from untrusted device. Enjoy public application access Enjoy public application access Authenticating device & user
  • 23. yes no Is device authenticated? no yes User authenticated? Enjoy partial application access Enjoy partial application access Enjoy full application access Enjoy full application access Device Registration Device Registration User logs in from untrusted device. User logs in from untrusted device. Enjoy public application access Enjoy public application access Authenticating device & user Enjoy partial application access Enjoy partial application access
  • 24. Stand up straight Copyright 2013 Ping Identity Corp. All rights reserved.© 24 • If relying on device authentication, the ‘device posture’ of that device becomes paramount • This ‘device posture’ includes aspects like PIN, malware, screenshot enabled etc • In the enterprise, EMM solutions allow IT to define & enforce policies over device posture – and (in emerging trend) to report current situation into authentication systems • Work underway in the Identity Defined
  • 26. Local authentication • Capabilities of phones also make practical a model where the verification check is performed locally, ie on the device • As used for ‘device unlock’ – the user logically authenticates to the device • Local authentication (particularly for biometrics) has privacy advantages – no secrets on the server
  • 27. FIDO Alliance Copyright 2013 Ping Identity Corp. All rights reserved.© 27 • The issue with leveraging local authentication is how – A server can prompt the client to perform an authentication – How client can ‘prove’ to server that it did so • FIDO Alliance normalizes the above pattern • Abstracts away from the server the specifics of the local authentication on the client via an asymmetric cryptographic challenge/response pattern • Inherently multi-factor – must have the private key as well as the local factor (either know or are)
  • 29. Contextual verification • Contextual verification is a model of passively collecting signals & parameters from the user’s environment and analyzing/comparing them to identify anomalies (from expected) • In the context of authentication, supplements (or in some instance replaces) traditional overt & explicit logins. • Valuable because it can increase assurance without negative usability implications • Signals can be collected via multiple channels & touchpoints, e.g. device, browser, agents • Assumption is that attacker unlikely to be able to simulate all signals in order to impersonate valid user • Manifests as • Geofencing Copyright 2014 Ping Identity Corp. All rights reserved.© 29
  • 30. Explicit giving way to implicit Copyright 2014 Ping Identity Corp. All rights reserved.© 30 Explici t Implici t Trend Explici t Implici t
  • 32. Considerations when picking factors Copyright 2013 Ping Identity Corp. All rights reserved.© 32 • IT benefits Is the authentication method easy to deploy? Will it require additional IT resources? Can it work across multiple channels, e.g. online, telephony, etc? • Usability Is the authentication method easy to use? Will end users accept the new process? Can users be expected to have a device capable of supporting a particular mechanism? Will users be concerned about privacy?. • Initial costs Is there a cost per user that will grow every time a new user is added? What is the replacement cost – both for the device and its associated administrative burden? • Deployment costs What are the costs associated with deploying the authentication mechanism. Is client hardware or software required? If so, how is that distributed to consumers and what are the associated costs?
  • 33. Copyright 2013 Ping Identity Corp. All rights reserved.© 33
  • 37. Risky business Copyright 2013 Ping Identity Corp. All rights reserved.© 37 • Risk-based MFA demands that resources be analyzed for the risk of their compromise • OMB m04-4 defines a model for assessing risk of an authentication mistake - determined by – Potential harm or impact – Likelihood of the authentication mistake • ‘Harm’ includes – Financial loss, damage to reputation, personal safety, civil/criminal prosecution • Once risk has been assessed, authentication factors can be chosen accordingly
  • 38. Break away from password hegemony Copyright 2013 Ping Identity Corp. All rights reserved.© 38
  • 39. Flexibility Copyright 2013 Ping Identity Corp. All rights reserved.© 39 • Particularly for consumer space, provide different options for MFA factors • Both to support heterogeneous user base and to offer fall back mechanisms if and when a particular factor doesn’t work, e.g. if a mobile phone is offline or if the consumer is roaming, fall back to a generated OTP
  • 41. MFA 2.0 1. Factor in context 1. Anomalies initially determined by policy, allow for natural learning future 2. Risk it 1. Choose authentication factors based on assessment of risk 2. Rely on contextual verification when possible 3. Device advice 1. Leverage local authentication and device authentication 2. Be sensitive to device posture Copyright 2014 Ping Identity Corp. All rights reserved.© 41
  • 42. MFA 2.0 Copyright 2014 Ping Identity Corp. All rights reserved.© 42 Risk & Policy EngineRisk & Policy EngineRisk & Policy EngineRisk & Policy Engine ContinueContinueContinueContinueStartStartStartStart Active AuthenticationActive AuthenticationActive AuthenticationActive Authentication DenyDeny BehaviorBehaviorBehaviorBehaviorContextContextContextContext ExternalExternal FeedsFeeds ExternalExternal FeedsFeeds CommunityCommunity IntelligenceIntelligence CommunityCommunity IntelligenceIntelligence DenyDeny Behavioural Feedback CorrelationCorrelationCorrelationCorrelation EnvironmentEnvironmentEnvironmentEnvironment ApplicationApplication infoinfo ApplicationApplication infoinfo PolicyPolicyPolicyPolicy
  • 43. Policy Data Copyright 2014 Ping Identity Corp. All rights reserved.© 43 IdP Device Environment Authenticati on MFA
  • 44. Policy Data Copyright 2014 Ping Identity Corp. All rights reserved.© 44 IdP RP Device Environment Authenticati on MFA Authorization

Hinweis der Redaktion

  1. This is outdated, doesn’t adequately account for recent trends
  2. Know/have/ar only partially accounts for these trends