Breakout Presentation by Ben Boyd during the 2017 Nebraska Cybersecurity Conference.
Discussion on the importance of identity. How it relates to recent breaches, and how to architect security frameworks, policies, and processes around identity.
Identity and access management does more to protect your organization than any Fancy Technology, Deep Packet Inspection, Artificial Intelligence, Machine Learning, and quantum cryptography.
7. It’s as easy as 1,2,3….. 4
• Identify
• Subjects, Objects, Actions… verbs?
• Decide
• Allow/Deny/Challenge (Know, Have, and Are)
• Grant
• Permissions, Authority, Access
• Watch
• Monitor, Record, Timed Access
8. But what about the last 4 months?
• September 2017
• SEC – Non public filings (Remote Code Execution) GRANT
• Equifax – 143M records of PII (Remote Code Execution) GRANT
• Deloitte – 100% of emails (Admin Account..OMG 2FA) DECIDE
• July 2017
• Verizon – 14M records of PII (Insecure publically facing) GRANT/WATCH
• CA Assoc. of Realtors – 250K Credit Cards (Malware) GRANT/WATCH
• June 2017
• Deep Root Analytics – 198M records of PII (unsecured cloud)
GRANT/WATCH
• Washington State University – 1M records of PII (stolen safe)
GRANT/WATCH
9. Ok… The last 6 months?
• May 2017
• Kmart – 1M Credit Cards (Malware)
• OneLogin– 100% of customers (Private Key Loss)
• Gmail – 1M Users Email Accounts (phishing)
• April 2017
• Chipotle– 1M+ Credit Cards (Malware)
• IHG – 1M+ Credit Cards (Malware)
• FAFSA IRS Tool – 100K records of PII (Public Tool Abuse)
10. Identity. The new (old) perimeter.
Yesterday’s Reality Today’s Reality
Monolithic, Contained, Rigid
Employees
Perimeter Security, VPN
THE WORLD BEFORE
Distributed, Mobile, Hybrid
Insecure, Fragmented
THE WORLD TODAY
Partners
Employees
Contractors
Customers
11. Start Now!
• The attack surface is spreading
• Target and HVAC
• Toasters and Cars coming soon!
• Wait, Dyson is making a car?
16. Beside the Obvious
Workstations (End Users) Servers
Seriously? Why are we still giving these people admin rights?! User namespaces (Jails)
Containers
18. Applications
• Put identity at the center of everything!
• Network effect on access – Scale from 1 to millions
• Stay neutral!
Lifecycle
Management
Mobility
Management
Universal
Directory
Adaptive
Multi-Factor
Authentication
Developer
SDKs
Single
Sign-On
API Access
Management
Extensible Profiles,
Attribute
Transformations,
Directory Integration
and AD Password
Management
Secure SSO for All Your
Web Apps, On-prem
and Cloud, with Flexible
Policy, from Any Device
Contextual Access
Policies,
Modern Factors,
Adaptive
Authentication,
Integrations for Apps
and VPNs
Lifecycle Management,
Cloud & On-prem App
Integration, Mastering
from Apps, Directory
Provisioning, Rules,
Workflow, Reporting
Tight User Identity
Integration, Device
Based Contextual
Access,
Light-weight
Management
OAuth 2.0 API
authorization,
Flexible identity-driven
policy engine,
Easy & centralized
administration across
APIs
SDKs simplify the
process of managing
your Okta org. Use our
REST APIs easily.