CIS13: Identity is the New Currency

12
©2005-9 Arctec Group Identity is the New Currency Presentation by Gunnar Peterson @oneraindrop

TAGS:

Transcript of CIS13: Identity is the New Currency

Page 1: CIS13: Identity is the New Currency

©2005-9 Arctec Group

Identity is the New Currency

Presentation by Gunnar Peterson @oneraindrop

Page 2: CIS13: Identity is the New Currency

©2005-9 Arctec Group

About the speaker

•  Gunnar Peterson –  Managing Principal, Arctec Group –  Twitter @oneraindrop –  Editor Build Security In software security column for IEEE Security & Privacy Journal

(www.computer.org/security) –  Primary and contributing author for DHS/CERT Build Security In portal on Web Services

security, Identity, and Risk management (https://buildsecurityin.us-cert.gov/daisy/bsi/home.html)

–  Project lead, OWASP Top Ten Web Services, OWASP XML Security Gateway Evaluation Criteria project Associate editor Information Security Bulletin (www.chi-publishing.com)

–  Contributor Web Application Firewall Evaluation Criteria (http://www.webappsec.org/projects/wafec/)

–  IANS Faculty member –  Securosis Contirbuting Analyst –  Microsoft MVP –  Visiting Scientist, Carnegie Mellon University, Software Engineering Institute –  Blog: (http://1raindrop.typepad.com) –  Slides/presentations (http://www.arctecgroup.net/articles.htm)

Page 3: CIS13: Identity is the New Currency

1.  Problem statement

The Hardest Question I’ve Ever Been Asked

Page 4: CIS13: Identity is the New Currency

2. Lesson from Mahogany Row

Page 5: CIS13: Identity is the New Currency

Source: Robert Garigue http://1raindrop.typepad.com/1_raindrop/2007/02/thinking_about_.html

Page 6: CIS13: Identity is the New Currency

3. Taking Yes for an Answer

Page 7: CIS13: Identity is the New Currency

4. Identity is the New Currency

Page 8: CIS13: Identity is the New Currency

Some things we do today

1. Up front integration Automated Provisioning Stronger authentication

2. Backend integration Force reauthentication Integration to fine grained authorization

3. Keep malicious actors at bay TLS/SSL OAuth revocation

©2005-9 Arctec Group

Page 9: CIS13: Identity is the New Currency

5. How well positioned are we for other trends?

Page 10: CIS13: Identity is the New Currency

6. We still have more to learn from cheeseburgers

Page 11: CIS13: Identity is the New Currency
Page 12: CIS13: Identity is the New Currency

©2005-9 Arctec Group

•  …”let’s collectively build security in” – Gunnar Peterson

•  Blog: http://1raindrop.typepad.com •  Web: http://www.arctecgroup.net •  Twitter: @oneraindrop •  Email: [email protected]

“Everything  we  think  of  as  a  computer  today  is  really  just  a  device  that  connects  to  the  big  computer  that  we  are  all  collec;vely  building”  


CIS13: At the Crossroads: Big Data and Identity Management

CIS13: At the Crossroads: Big Data and Identity Management

CIS13: Don't Panic! How to Apply Identity Concepts to the Business

CIS13: Don't Panic! How to Apply Identity Concepts to the Business

CIS13: Re-Engineering Identity

CIS13: Re-Engineering Identity

CIS13: dentity in the Enterprise: Using OAuth in Google’s Cloud Platform and Identity and Security in Google Apps

CIS13: dentity in the Enterprise: Using OAuth in Google’s Cloud Platform and Identity and Security in Google Apps

CIS13: Next Generation Privileged Identity Management: A Market Overview

CIS13: Next Generation Privileged Identity Management: A Market Overview

CIS13: OpenStack API Security

CIS13: OpenStack API Security

CIS13: So, You Want to Be a Relying Party: Federated Login with Google Identity Toolkit and Google+ Sign-In

CIS13: So, You Want to Be a Relying Party: Federated Login with Google Identity Toolkit and Google+ Sign-In

CIS13: Identity Tech Overview: Less Pain, More Gain

CIS13: Identity Tech Overview: Less Pain, More Gain

CIS13: Bootcamp: Ping Identity OAuth and OpenID Connect In Action with PingFederate Hands-On

CIS13: Bootcamp: Ping Identity OAuth and OpenID Connect In Action with PingFederate Hands-On

Customer Identity is the New Currency: Signal featuring Forrester Research

Customer Identity is the New Currency: Signal featuring Forrester Research

CIS13: Authorization Agent (AZA) Mobile Protocol

CIS13: Authorization Agent (AZA) Mobile Protocol

CIS13: Impact of Mobile Computing on IT

CIS13: Impact of Mobile Computing on IT

CIS13: SCIM Interop

CIS13: SCIM Interop

CIS13: Managing Mobility with Identity Standards

CIS13: Managing Mobility with Identity Standards

CIS13: Identity—The Great Enabler of Next

CIS13: Identity—The Great Enabler of Next

CIS13: How to Build a Federated Identity Service on Identity and Context Virtualization

CIS13: How to Build a Federated Identity Service on Identity and Context Virtualization

CIS13: From Governance to Virtualization: The Expanding Arena of Privileged Identity Management

CIS13: From Governance to Virtualization: The Expanding Arena of Privileged Identity Management

CIS13: Cloud, Identity Bridges, and ITSM: Three is Not a Crowd

CIS13: Cloud, Identity Bridges, and ITSM: Three is Not a Crowd

CIS13: Bootcamp: PingOne as a Simple Identity Service

CIS13: Bootcamp: PingOne as a Simple Identity Service

CIS13: Federation Protocol Cross-Section

CIS13: Federation Protocol Cross-Section