BT

Facilitating the Spread of Knowledge and Innovation in Professional Software Development

Write for InfoQ

Topics

Choose your language

InfoQ Homepage News Cloud Identity Summit Pushes Change in Identity and Security

Cloud Identity Summit Pushes Change in Identity and Security

This item in japanese

Bookmarks

The theme of the 2016 Cloud Identity Summit (CIS) was r/evolution of enterprise security, using identity as the security perimeter rather than the border of the corporate network. 

CIS is hosted annually by Ping Identity, who provides “identity as a service” solutions for more than 50% of the Fortune 100. The summit is where the identerati - identity researchers, practitioners and consultants - discuss trends, challenges and solutions surrounding identity and security in the enterprise.

Bringing together the concerns of security at the border and security by identity was one of the key mandates of CIS this year.  In this regard, Ping Identity and its partners in the Identity Defined Security Alliance (IDSA) launched a new identity integration framework to further these considerations. The framework provides a map for the functionality that companies need to feature when building an integrated, identity-centred security solution.  Optiv joined the IDSA in March this year. Their role is to take the guidance, patterns and formulae proposed by the framework to market. Optiv shared more on the new framework here.

The summit took place in New Orleans from June 6-9. Keynote speakers from Ping Identity, Google and Microsoft and others were present.  Sessions were conducted by numerous speakers from almost 100 companies. Those four days were packed with experiences, guidance and warnings. Ping Identity and Google provided almost 20% of the speakers and drove the choice of topics. Other stakeholders like Optiv, Microsoft, and Auth0 conducted sessions and master classes specific to their technologies in this space. 

Identity and access management is a key area for the enterprise in the cloud and are building blocks for any application being developed.  Managing identity is about managing representations. In his keynote address, Ping Identity’s CTO, Patrick Harding broke down the limitations of Blockchain technology and revealed Ping Identity’s push into distributed session management as their approach to solving the dilemma.

There were 12 keynote presentations. They’re outlined below with additional resources where available.

Keynotes

Rethinking Everything

Andre Durand, chairman and chief executive officer  of Ping Identity, used his keynote to invite attendees to leverage 20 years of experience in security and identity to strategise for the world of where many more services and devices participate in the enterprise, which has led to an increase in the risk and reports of exposure. 

Catch Me If You Can

Frank Abagnale of book and movie fame was present to share stories from his life at the FBI and as a consultant.  His keynote included issues around forgery, counterfeiting and cyber-crime.  In addition to this, he discussed his involvement with Trusona, a startup focused on establishing with a high degree of confidence that the person on the end of a transaction is who they claim to be. 

R/evolution: It Starts Today

Cloud & Mobility is leading to an evolution in Identity and Security. That’s the message that Patrick Harding brought in his keynote. In a recent interview, Harding stated that businesses are coming to the realization that in a world of faster-that-expected growth in IoT and related technologies, identity needs to be designed for those devices.  Automated, dynamic authentication standards are needed. 

Patrick Harding on the limitations of Blockchain, source: https://twitter.com/robbreck/status/740277490770313216

Also, CISNOLA sponsor, Axiomatics explored these issues of Identity and Security in their whitepaper, The Identity & Access Management (R)evolution.

Identity Everywhere With Strong Security

Enterprise utilization of identity as a service offerings is expected to be at 40% by 2020. Against this backdrop Microsoft’s Alex Simmons presented on how the industry is advancing, major victories and opportunities for collaboration.

Better Security, One Step at a Time

 In 2015, Forrester released a report chronicling 12 recommendations for a company’s security program.  In her talk, Stephanie Balaouras, who is a VP at Forrester and is the Research Director serving Security and Risk Professionals, outlined 12 recommendations on how companies can establish a safer business. All with the goal to improving business posture and effectiveness.

The Global Security Conversation

 

Source: https://www.facebook.com/pingidentitypage/photos/pcb.10153705300396794/10153705291121794/?type=3&theater

Andre Durand, Ping Identity CTP, and Gen. David Petraeus teamed up to talk about global threats to governments and businesses.  In the discussion, issues of asymetric threats, a whole new plane of attack - cyberspace - and the general’s rejection of government’s requiring backdoors being built into software were addressed.  They included suggestions on steps that can be taken as plans are made for future challenges in security.

The CISO Conversation

Ron Miller, enterprise reporter at TechCrunch, mediated a discussion with senior security leaders on Information Security today. He described some of the impressions left on him in this article.  One of his key concerns was that siloes still seem to exist between departments and executives within companies and between identity and security as two related but separate concerns. Successful advance depends on removing or reducing the walls. 

Andrew Hindle, Cloud and Identity Seminar content chair, shared this quote that emerged from the panel, "Passwords are toxic assets that nobody wants".

Identity-Defined Security: Enabling the R/evolution

Robert Block, Optiv’s VP of strategic solutions, and other leaders of the Identity Defined Security Alliance led the discussion on a new approach to security.  Identity as a perimeter talks about defining security boundaries based on the identity of the entity in question.  This notion moves away from using only fixed network parameters to determine access and authorization. More reading on identity as a perimeter can be found here.

Leave It to the Professionals!

In this keynote, Eric Sachs of Google speaks to the virtues of IDaaS. Of leaving the wrangling with protocols and standards to the professionals, while the business focuses on its core value. This is one of the standard x-as-a-Service selling points. This session included use cases of advanced scenarios which highlighted why the cloud service-based strategy is a winning one. Sachs shared statistics on the responses users have given to authentication flows in their experience and detailed. The examples, data and statistics shared by Sachs are available in his presentation.

The Case for an Insured Internet

A 2009 research paper by Marc LeLarge and Jean Bolot presented ideas about economic incentives for security on the Internet. They made the case for Internet Insurance.  
Ori Eisen of Trusona used his keynote to explore the dark corners of the Internet and present the need for an insured Internet. 

In one of the stories he presented, a hack on the Associated Press’ twitter account led to almost $100B being wiped off the US stock market. 

Source: https://twitter.com/Steve_Lockstep/status/740905779486691328

Eisen is the CEO of Trusona; more on the case for Internet Insurance is made in its whitepaper.

From the Mouths of Kids and Closing Keynote

Pamela Dingle, Bob Blakley, and Andre Durand focused on the future as it relates to identity and security. Dingle and Blakley emphasized that the policies and standards created now create the framework that today’s children will operate inside of. Children need to be aware of the need to manage their digital identity from a young age, lest they live with potentially lifelong consequences.  

Durand and Blakley got together to wrap up the week and share ideas on the future.

There were many sessions and master classes at Cloud Identity Summit. Their schedule lists who spoke on what topic. Videos of the sessions are not yet available.

 

 

Rate this Article

Adoption
Style

BT