Abstract image of a woman sitting on books and studying on a laptop

CIS13: Identity Trends and Transients

CloudIDSummit, profile picture
CloudIDSummit

Eve Maler's presentation outlines key trends, transients, tropes, and transparents within IT and security, emphasizing the rise of API channels and the zero trust security model. The document discusses the challenges of adopting standards like XACML and the misconception that 'passwords are dead,' while highlighting strategies like time-to-live for access controls. Additionally, it stresses the need for a more granular approach to authorization in response to evolving technology landscapes.

Technology
Related topics:
Identity Management
1 of 19
Downloaded 29 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
Making Leaders Successful Every Day
Trends, Transients, Tropes, and Transparents Eve Maler, Principal Analyst, Security & Risk Cloud Identity Summit July 10, 2013
© 2012 Forrester Research, Inc. Reproduction Prohibited What are the T4 all about? 3 Less well noticed Well noticed Transparents Transients Trends Tropes ClosertotruthinessClosertoessentialtruth •  What are they? •  What is the evidence? •  What should you do about them?
© 2012 Forrester Research, Inc. Reproduction Prohibited Trend: webdevification of IT 4 Source: John Musser (formerly) of ProgrammableWeb.com IN THE FUTURE, EVERY ENTERPRISE WILL OPEN AN API CHANNEL TO ITS DIGITAL PLATFORM
© 2012 Forrester Research, Inc. Reproduction Prohibited Confront the changes in your power relationship 5 value X friction Y ACCESS CONTROL IS ABOUT PROTECTION AND MONETIZATION
© 2012 Forrester Research, Inc. Reproduction Prohibited 6 Source: April 5, 2013 Forrester report “API Management For Security Pros” A lot of identities float around an API ecosystem
© 2012 Forrester Research, Inc. Reproduction Prohibited Open Web APIs are, fortunately, friendly to the Zero Trust security model 7 Initially treat all access requesters as untrusted. Require opt-in access. Apply identity federation through APIs. Source: November 15, 2012, Forrester report “No More Chewy Centers: Introducing The Zero Trust Model Of Information Security”
© 2012 Forrester Research, Inc. Reproduction Prohibited Trend: IAM x cloud 8 ZERO TRUST CALLS FOR DISTRIBUTED SINGLE SOURCES OF TRUTH Federate at run time Bind to authn repository Synch accounts Issue an unrelated account
© 2012 Forrester Research, Inc. Reproduction Prohibited Identity plays only an infrastructural role in most cloud platforms 9 cloud services IAM functions user base and attributes cloud identity product with an actual SKU KEEP AN EYE OUT FOR DISRUPTION COMING FROM THE “CISDH” PLAYERS
© 2012 Forrester Research, Inc. Reproduction Prohibited Transient: XACML Adoption has government/compliance drivers, few accelerators, and many inhibitors It’s critical to open up the market for long-tail policy evaluation engines Webdevified scenarios demand different patterns of outsourced authorization XACML 3 IS STUCK AT MODERATE SUCCESS AND IS HEADING FOR DECLINE
© 2012 Forrester Research, Inc. Reproduction Prohibited Authz grain needs to get…finer-grained 11 policy input resource accessed roles groups attributes entitlements domain URL path sets of API calls field XACML etc. scope- grained authz WAM
© 2012 Forrester Research, Inc. Reproduction Prohibited Plan for a new “Venn” of access control 12 AN “XACML LITE” WOULD HAVE A POTENTIALLY VALUABLE ROLE TO PLAY
© 2012 Forrester Research, Inc. Reproduction Prohibited Trope: “Passwords are dead” OH, YEAH? correct horse battery staple
© 2012 Forrester Research, Inc. Reproduction Prohibited We struggle to maximize authentication quality 14 Source: June 12, 20113 “Introducing The Customer Authentication Assessment Framework” Forrester report PARTICULARLY IN CONSUMER-FACING SERVICES
© 2012 Forrester Research, Inc. Reproduction Prohibited Authentication schemes have different characteristics 15 Source: June 12, 20113 “Introducing The Customer Authentication Assessment Framework” Forrester report, based on “The Quest to Replace Passwords: A Framework for Comparative Evaluation of Web Authentication Schemes” ✘ ✔ ?✔ ✘ ✔ ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✔ ✔ ✔ ✔ * *S2 is an affordance of passwords for “consensual impersonation”
© 2012 Forrester Research, Inc. Reproduction Prohibited Think in terms of “responsive design” for authentication 16 LEVERAGE STRENGTHS AND MITIGATE RISKS – ONCE YOU KNOW THEM User identification based on something they… Know Have Are Do
© 2012 Forrester Research, Inc. Reproduction Prohibited Transparent: time-to-live strategies EXPIRATION HAS OUTSIZED VALUE VS. EXPLICIT REVOCATION OF ACCESS IN ZERO-TRUST ENVIRONMENTS
© 2012 Forrester Research, Inc. Reproduction Prohibited Summary of the T4 18 Less well noticed Well noticed Transparent: Time-to-live strategies Transient: XACML Trends: Webdevification of IT Cloud x IAM Trope: “Passwords are dead” ClosertotruthinessClosertoessentialtruth
Thank you Eve Maler +1 617.613.8820 emaler@forrester.com @xmlgrrl

More Related Content

PDF
CIS13: Identity at Scale
CloudIDSummit
 
PPTX
2016 04-26 webinar - consumer-focused identity management
shivan82
 
PDF
CIS13: Hope or Hype: A Look at the Next Generation of Identity Standards
CloudIDSummit
 
PDF
Consumer Identity Management
webhostingguy
 
PDF
CIS13: OpenID Connect: How it Solves your Problems
CloudIDSummit
 
KEY
Push, Pull, or Punt - Identity management tug-of-war: Then, Now, and Beyond
Ian Glazer
 
PDF
Modern IAM Trends and Themes by Eve Maler, Forrester
ForgeRock
 
PPTX
Catalyst 2015: Patrick Harding
Ping Identity
 
CIS13: Identity at Scale
CloudIDSummit
 
2016 04-26 webinar - consumer-focused identity management
shivan82
 
CIS13: Hope or Hype: A Look at the Next Generation of Identity Standards
CloudIDSummit
 
Consumer Identity Management
webhostingguy
 
CIS13: OpenID Connect: How it Solves your Problems
CloudIDSummit
 
Push, Pull, or Punt - Identity management tug-of-war: Then, Now, and Beyond
Ian Glazer
 
Modern IAM Trends and Themes by Eve Maler, Forrester
ForgeRock
 
Catalyst 2015: Patrick Harding
Ping Identity
 

Similar to CIS13: Identity Trends and Transients (20)

PPTX
The New Venn of Access Control in the API-Mobile-IOT Era
ForgeRock
 
PDF
Entitlements: Taking Control of the Big Data Gold Rush
ForgeRock
 
PDF
Who’s Knocking? Identity for APIs, Web and Mobile
Nordic APIs
 
PPTX
Identity's Role in a Zero Trust Strategy
Okta-Inc
 
PDF
[WSO2Con USA 2018] Identity is Eating the World!
WSO2
 
PDF
Identity is Eating the World!
Prabath Siriwardena
 
PPTX
2017 Predictions: Identity and Security
SecureAuth
 
PDF
The Future of Digital IAM
WSO2
 
PPTX
Identity & Access Management - Securing Your Data in the 21st Century Enterprise
Lance Peterman
 
PPT
Identity_and_Access_Management_Overview.ppt
mamathajagarlamudi2
 
PDF
Managing Identity by Giving Up Control - Scott Morrison, SVP & Distinguished ...
CA API Management
 
PPTX
SWXG 2010.6.9 v2
Paul Trevithick
 
PDF
Future of digital identity programme summary - 19 mar 2019 lr
Future Agenda
 
PPT
Tony Nadalin' presentation at eComm 2008
eComm2008
 
PDF
AuthZEN the OpenID Connect of Authorization
David Brossard
 
PPT
Identity, Security and Healthcare
NetIQ
 
PPT
Identity 2.0 and User-Centric Identity
Oliver Pfaff
 
PPTX
Standard Based API Security, Access Control and AI Based Attack - API Days Pa...
Ping Identity
 
PPTX
Unmask anonymous attackers with advanced threat intelligence webinar 6.29 fin...
SecureAuth
 
PPTX
Stopping Breaches at the Perimeter: Strategies for Secure Access Control
SecureAuth
 
The New Venn of Access Control in the API-Mobile-IOT Era
ForgeRock
 
Entitlements: Taking Control of the Big Data Gold Rush
ForgeRock
 
Who’s Knocking? Identity for APIs, Web and Mobile
Nordic APIs
 
Identity's Role in a Zero Trust Strategy
Okta-Inc
 
[WSO2Con USA 2018] Identity is Eating the World!
WSO2
 
Identity is Eating the World!
Prabath Siriwardena
 
2017 Predictions: Identity and Security
SecureAuth
 
The Future of Digital IAM
WSO2
 
Identity & Access Management - Securing Your Data in the 21st Century Enterprise
Lance Peterman
 
Identity_and_Access_Management_Overview.ppt
mamathajagarlamudi2
 
Managing Identity by Giving Up Control - Scott Morrison, SVP & Distinguished ...
CA API Management
 
SWXG 2010.6.9 v2
Paul Trevithick
 
Future of digital identity programme summary - 19 mar 2019 lr
Future Agenda
 
Tony Nadalin' presentation at eComm 2008
eComm2008
 
AuthZEN the OpenID Connect of Authorization
David Brossard
 
Identity, Security and Healthcare
NetIQ
 
Identity 2.0 and User-Centric Identity
Oliver Pfaff
 
Standard Based API Security, Access Control and AI Based Attack - API Days Pa...
Ping Identity
 
Unmask anonymous attackers with advanced threat intelligence webinar 6.29 fin...
SecureAuth
 
Stopping Breaches at the Perimeter: Strategies for Secure Access Control
SecureAuth
 
Ad

More from CloudIDSummit (20)

PPTX
CIS 2016 Content Highlights
CloudIDSummit
 
PPTX
Top 6 Reasons You Should Attend Cloud Identity Summit 2016
CloudIDSummit
 
PDF
CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...
CloudIDSummit
 
PDF
Mobile security, identity & authentication reasons for optimism 20150607 v2
CloudIDSummit
 
PDF
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
CloudIDSummit
 
PDF
CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...
CloudIDSummit
 
PDF
CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...
CloudIDSummit
 
PDF
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...
CloudIDSummit
 
PDF
CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian Puhl
CloudIDSummit
 
PDF
CIS 2015 IoT and IDM in your Mobile Enterprise - Brian Katz
CloudIDSummit
 
PDF
CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...
CloudIDSummit
 
PDF
CIS 2015 What I Learned From Pitching IAM To My CIO - Steve Tout
CloudIDSummit
 
PDF
CIS 2015 How to secure the Internet of Things? Hannes Tschofenig
CloudIDSummit
 
PDF
CIS 2015 The IDaaS Dating Game - Sean Deuby
CloudIDSummit
 
PDF
CIS 2015 SSO for Mobile and Web Apps Ashish Jain
CloudIDSummit
 
PDF
The Industrial Internet, the Identity of Everything and the Industrial Enterp...
CloudIDSummit
 
PDF
CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John Dasilva
CloudIDSummit
 
PDF
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid Khosravian
CloudIDSummit
 
PDF
CIS 2015 So you want to SSO … Scott Tomilson & John Dasilva
CloudIDSummit
 
PDF
CIS 2015 Identity Relationship Management in the Internet of Things
CloudIDSummit
 
CIS 2016 Content Highlights
CloudIDSummit
 
Top 6 Reasons You Should Attend Cloud Identity Summit 2016
CloudIDSummit
 
CIS 2015 Security Without Borders: Taming the Cloud and Mobile Frontier - And...
CloudIDSummit
 
Mobile security, identity & authentication reasons for optimism 20150607 v2
CloudIDSummit
 
CIS 2015 Mobile Security, Identity & Authentication: Reasons for Optimism - R...
CloudIDSummit
 
CIS 2015 Virtual Identity: The Vision, Challenges and Experiences in Driving ...
CloudIDSummit
 
CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in ...
CloudIDSummit
 
CIS 2015 Without Great Security, Digital Identity is Not Worth the Electrons ...
CloudIDSummit
 
CIS 2015 Mergers & Acquisitions in a Cloud Enabled World - Brian Puhl
CloudIDSummit
 
CIS 2015 IoT and IDM in your Mobile Enterprise - Brian Katz
CloudIDSummit
 
CIS 2015 Practical Deployments Enterprise Cloud Access Management Platform - ...
CloudIDSummit
 
CIS 2015 What I Learned From Pitching IAM To My CIO - Steve Tout
CloudIDSummit
 
CIS 2015 How to secure the Internet of Things? Hannes Tschofenig
CloudIDSummit
 
CIS 2015 The IDaaS Dating Game - Sean Deuby
CloudIDSummit
 
CIS 2015 SSO for Mobile and Web Apps Ashish Jain
CloudIDSummit
 
The Industrial Internet, the Identity of Everything and the Industrial Enterp...
CloudIDSummit
 
CIS 2015 SAML-IN / SAML-OUT - Scott Tomilson & John Dasilva
CloudIDSummit
 
CIS 2015 Session Management at Scale - Scott Tomilson & Jamshid Khosravian
CloudIDSummit
 
CIS 2015 So you want to SSO … Scott Tomilson & John Dasilva
CloudIDSummit
 
CIS 2015 Identity Relationship Management in the Internet of Things
CloudIDSummit
 
Ad

Recently uploaded (20)

PDF
5-Ways-AI-is-Revolutionizing-Telecom-Quality-Engineering.pdf
Kalilur Rahman
 
PPTX
GROUP4NURSINGINFORMATICSREPORT-2 PRESENTATION
ClarisejaneSartillo1
 
PDF
The-2025-Engineering-Revolution-AI-Quality-and-DevOps-Convergence.pdf
Kalilur Rahman
 
PDF
OpenACC and Open Hackathons Monthly Highlights July 2025
OpenACC
 
PDF
The-Future-of-Automotive-Quality-is-Here-AI-Driven-Engineering.pdf
Kalilur Rahman
 
PDF
giants, standing on the shoulders of - by Daniel Stenberg
Daniel Stenberg
 
PDF
Produktkatalog für HOBO Datenlogger, Wetterstationen, Sensoren, Software und ...
Metrics GmbH
 
PDF
Accessing-Finance-in-Jordan-MENA 2024 2025.pdf
Mustafa Kuğu
 
PDF
NewMind AI Weekly Chronicles – August ’25 Week III
NewMind AI
 
PDF
CloudStack 4.21: First Look Webinar slides
ShapeBlue
 
PDF
Transform-Your-Factory-with-AI-Driven-Quality-Engineering.pdf
Kalilur Rahman
 
PDF
How ambidextrous entrepreneurial leaders react to the artificial intelligence...
IAESIJAI
 
PDF
NewMind AI Weekly Chronicles – August ’25 Week IV
NewMind AI
 
PDF
Comparative analysis of machine learning models for fake news detection in so...
IAESIJAI
 
PPTX
Training Program for knowledge in solar cell and solar industry
RabindranathKaibarty
 
PDF
A review of recent deep learning applications in wood surface defect identifi...
IAESIJAI
 
PPTX
Build Your First AI Agent with UiPath.pptx
suhanisingh58689
 
PPTX
MicrosoftCybserSecurityReferenceArchitecture-April-2025.pptx
SilvioHayashi
 
PDF
Transform-Your-Streaming-Platform-with-AI-Driven-Quality-Engineering.pdf
Kalilur Rahman
 
PPTX
Microsoft Excel 365/2024 Beginner's training
frank yeboah
 
5-Ways-AI-is-Revolutionizing-Telecom-Quality-Engineering.pdf
Kalilur Rahman
 
GROUP4NURSINGINFORMATICSREPORT-2 PRESENTATION
ClarisejaneSartillo1
 
The-2025-Engineering-Revolution-AI-Quality-and-DevOps-Convergence.pdf
Kalilur Rahman
 
OpenACC and Open Hackathons Monthly Highlights July 2025
OpenACC
 
The-Future-of-Automotive-Quality-is-Here-AI-Driven-Engineering.pdf
Kalilur Rahman
 
giants, standing on the shoulders of - by Daniel Stenberg
Daniel Stenberg
 
Produktkatalog für HOBO Datenlogger, Wetterstationen, Sensoren, Software und ...
Metrics GmbH
 
Accessing-Finance-in-Jordan-MENA 2024 2025.pdf
Mustafa Kuğu
 
NewMind AI Weekly Chronicles – August ’25 Week III
NewMind AI
 
CloudStack 4.21: First Look Webinar slides
ShapeBlue
 
Transform-Your-Factory-with-AI-Driven-Quality-Engineering.pdf
Kalilur Rahman
 
How ambidextrous entrepreneurial leaders react to the artificial intelligence...
IAESIJAI
 
NewMind AI Weekly Chronicles – August ’25 Week IV
NewMind AI
 
Comparative analysis of machine learning models for fake news detection in so...
IAESIJAI
 
Training Program for knowledge in solar cell and solar industry
RabindranathKaibarty
 
A review of recent deep learning applications in wood surface defect identifi...
IAESIJAI
 
Build Your First AI Agent with UiPath.pptx
suhanisingh58689
 
MicrosoftCybserSecurityReferenceArchitecture-April-2025.pptx
SilvioHayashi
 
Transform-Your-Streaming-Platform-with-AI-Driven-Quality-Engineering.pdf
Kalilur Rahman
 
Microsoft Excel 365/2024 Beginner's training
frank yeboah
 

CIS13: Identity Trends and Transients

  • 2. Trends, Transients, Tropes, and Transparents Eve Maler, Principal Analyst, Security & Risk Cloud Identity Summit July 10, 2013
  • 3. © 2012 Forrester Research, Inc. Reproduction Prohibited What are the T4 all about? 3 Less well noticed Well noticed Transparents Transients Trends Tropes ClosertotruthinessClosertoessentialtruth •  What are they? •  What is the evidence? •  What should you do about them?
  • 4. © 2012 Forrester Research, Inc. Reproduction Prohibited Trend: webdevification of IT 4 Source: John Musser (formerly) of ProgrammableWeb.com IN THE FUTURE, EVERY ENTERPRISE WILL OPEN AN API CHANNEL TO ITS DIGITAL PLATFORM
  • 5. © 2012 Forrester Research, Inc. Reproduction Prohibited Confront the changes in your power relationship 5 value X friction Y ACCESS CONTROL IS ABOUT PROTECTION AND MONETIZATION
  • 6. © 2012 Forrester Research, Inc. Reproduction Prohibited 6 Source: April 5, 2013 Forrester report “API Management For Security Pros” A lot of identities float around an API ecosystem
  • 7. © 2012 Forrester Research, Inc. Reproduction Prohibited Open Web APIs are, fortunately, friendly to the Zero Trust security model 7 Initially treat all access requesters as untrusted. Require opt-in access. Apply identity federation through APIs. Source: November 15, 2012, Forrester report “No More Chewy Centers: Introducing The Zero Trust Model Of Information Security”
  • 8. © 2012 Forrester Research, Inc. Reproduction Prohibited Trend: IAM x cloud 8 ZERO TRUST CALLS FOR DISTRIBUTED SINGLE SOURCES OF TRUTH Federate at run time Bind to authn repository Synch accounts Issue an unrelated account
  • 9. © 2012 Forrester Research, Inc. Reproduction Prohibited Identity plays only an infrastructural role in most cloud platforms 9 cloud services IAM functions user base and attributes cloud identity product with an actual SKU KEEP AN EYE OUT FOR DISRUPTION COMING FROM THE “CISDH” PLAYERS
  • 10. © 2012 Forrester Research, Inc. Reproduction Prohibited Transient: XACML Adoption has government/compliance drivers, few accelerators, and many inhibitors It’s critical to open up the market for long-tail policy evaluation engines Webdevified scenarios demand different patterns of outsourced authorization XACML 3 IS STUCK AT MODERATE SUCCESS AND IS HEADING FOR DECLINE
  • 11. © 2012 Forrester Research, Inc. Reproduction Prohibited Authz grain needs to get…finer-grained 11 policy input resource accessed roles groups attributes entitlements domain URL path sets of API calls field XACML etc. scope- grained authz WAM
  • 12. © 2012 Forrester Research, Inc. Reproduction Prohibited Plan for a new “Venn” of access control 12 AN “XACML LITE” WOULD HAVE A POTENTIALLY VALUABLE ROLE TO PLAY
  • 13. © 2012 Forrester Research, Inc. Reproduction Prohibited Trope: “Passwords are dead” OH, YEAH? correct horse battery staple
  • 14. © 2012 Forrester Research, Inc. Reproduction Prohibited We struggle to maximize authentication quality 14 Source: June 12, 20113 “Introducing The Customer Authentication Assessment Framework” Forrester report PARTICULARLY IN CONSUMER-FACING SERVICES
  • 15. © 2012 Forrester Research, Inc. Reproduction Prohibited Authentication schemes have different characteristics 15 Source: June 12, 20113 “Introducing The Customer Authentication Assessment Framework” Forrester report, based on “The Quest to Replace Passwords: A Framework for Comparative Evaluation of Web Authentication Schemes” ✘ ✔ ?✔ ✘ ✔ ✘ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✔ ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✘ ✔ ✔ ✔ ✔ * *S2 is an affordance of passwords for “consensual impersonation”
  • 16. © 2012 Forrester Research, Inc. Reproduction Prohibited Think in terms of “responsive design” for authentication 16 LEVERAGE STRENGTHS AND MITIGATE RISKS – ONCE YOU KNOW THEM User identification based on something they… Know Have Are Do
  • 17. © 2012 Forrester Research, Inc. Reproduction Prohibited Transparent: time-to-live strategies EXPIRATION HAS OUTSIZED VALUE VS. EXPLICIT REVOCATION OF ACCESS IN ZERO-TRUST ENVIRONMENTS
  • 18. © 2012 Forrester Research, Inc. Reproduction Prohibited Summary of the T4 18 Less well noticed Well noticed Transparent: Time-to-live strategies Transient: XACML Trends: Webdevification of IT Cloud x IAM Trope: “Passwords are dead” ClosertotruthinessClosertoessentialtruth