Sponsored by IBM Secure Identity: The Future is Now · IBM Security offers one of the most advanced...
Transcript of Sponsored by IBM Secure Identity: The Future is Now · IBM Security offers one of the most advanced...
Secure Identity: The Future is Now
IAM BRIEFINGSponsored by IBM
Agenda4:00 – 4:30 p.m.
Registration, Networking
4:30 – 5:30 p.m.
Briefing by:
• Tom Field, SVP Editorial, Information Security Media Group • Jason Keenaghan, Director of Offering Management for IBM’s IAM & Fraud portfolio• Adam Case, Technical Offering Manager, IBM Cloud Identity
5:30 – 7:00 p.m.
Wine and Cheese Pairing Course
7:00 p.m.
Program Concludes
Introduction
Identity. Remember when it was just about provisioning access
and reducing password resets?
Today, identity is the cornerstone of strong cybersecurity. You rely on it to not only protect critical assets,
but also empower the business by improving adoption of digital services and creating a frictionless
customer experience.
Your enterprise’s future will be built on secure identity, but how is that future taking shape today?
Imagine innovations such as:
• Friction-free multifactor authentication throughout the enterprise. One experience for all users –
employees, privileged users and admins – across all channels.
• An IAM program that leverages sophisticated analytics to bring actionable intelligence to your team,
so you can make better, faster decisions about who should have access to what.
• The ability to tap into decentralized methods of user presentation and verification that increase user
trust while reducing the burden on enterprises to store and protect credentials.
These ideas are not just the future; they are the present – built into IBM’s evolutionary approach to
identity and access management. Care to learn more about how IBM is enabling the future of IAM today?
Then welcome to this Executive Briefing on Secure Identity: The Future is Now.
Guided by insight from Jason Keenaghan, Director of Offering Management for IBM’s IAM & Fraud
portfolio, as well as Adam Case, Technical Offering Manager for IBM Cloud Identity, this invitation-only
event will offer exclusive insights, demos and case studies on how enterprises are reimaging the way
they secure identities.
You’ll have the opportunity to discuss IAM innovations with a handful of senior executives and market
leaders in an informal, closed-door setting that will also include a cocktail reception and a fun group
activity.
Secure Identity: The Future is Now 2
About the ExpertJoining our discussion today, to share the latest insights and
case studies is:
Jason Keenaghan
Director of Offering Management for IBM’s IAM & Fraud portfolio
Jason Keenaghan is the Director of Offering Management for IBM’s IAM and Fraud portfolio. In this role,
he is responsible for the strategy and delivery of advanced identity governance, access management,
and the convergence with fraud and user risk. In his previous assignments, Jason was a product
manager for DataPower Gateways focusing on web, mobile, API and B2B security. Jason has extensive
experience in architecting high volume transaction processing systems, specifically leveraging IBM z
System. Jason earned his Bachelor of Arts degree in Economics, with a minor in Computer Science,
from Boston College. He also holds an MBA from Marist College.
About IBM
IBM Security offers one of the most advanced and integrated portfolios of enterprise security products
and services. The portfolio, supported by world-renowned IBM X-Force® research, enables
organizations to effectively manage risk and defend against emerging threats. IBM operates one
of the world’s broadest security research, development and delivery organizations, monitors 35 billion
security events per day in more than 130 countries, and holds more than 3,000 security patents. For
more information, please visit www.ibm.com/security, follow @IBMSecurity on Twitter or visit the IBM
Security Intelligence blog.
Secure Identity: The Future is Now 3
About the ExpertJoining our discussion today, to share the latest insights and
case studies is:
Adam Case
Technical Offering Manager, IBM Cloud Security
Adam is the Technical Offering Manager for IBM’s Identity as a Service solution, IBM Cloud Identity. He
is a seasoned security professional who spent years working with Fortune 1000 customers design and
implement security project plans in the endpoint and identity space, primarily on Cloud solutions.
About IBM
IBM Security offers one of the most advanced and integrated portfolios of enterprise security products
and services. The portfolio, supported by world-renowned IBM X-Force® research, enables
organizations to effectively manage risk and defend against emerging threats. IBM operates one
of the world’s broadest security research, development and delivery organizations, monitors 35 billion
security events per day in more than 130 countries, and holds more than 3,000 security patents. For
more information, please visit www.ibm.com/security, follow @IBMSecurity on Twitter or visit the IBM
Security Intelligence blog.
Secure Identity: The Future is Now 4
About the ModeratorLeading our discussion today is:
Tom Field
SVP Editorial, Information Security Media Group
Field is an award-winning journalist with over 30 years of experience in newspapers, magazines,
books, events and electronic media. A veteran community journalist with extensive business/
technology and international reporting experience, Field joined ISMG in 2007 and currently oversees
the editorial operations for all of ISMG's global media properties. An accomplished public speaker,
Field has developed and moderated scores of podcasts, webcasts, roundtables and conferences and
has appeared at RSA Conference and on various C-SPAN, The History Channel and Travel Channel
television programs.
About ISMG
Information Security Media Group (ISMG) is the world’s largest media organization devoted solely
to information security and risk management. Each of our 28 media properties provides education,
research and news that is specifically tailored to key vertical sectors including banking, healthcare
and the public sector; geographies from the North America to Southeast Asia; and topics such as
data breach prevention, cyber risk assessment and fraud. Our annual global Summit series connects
senior security professionals with industry thought leaders to find actionable solutions for pressing
cybersecurity challenges.
Secure Identity: The Future is Now 5
NOTE: In advance of this event, ISMG’s Tom Field spoke about
identity and authentication with Jason Keenaghan of IBM. Here is
an excerpt of that conversation.
Top Threats to Identity
TOM FIELD: What are the threats to identity that concern you most
today?
JASON KEENAGHAN: Stolen credentials, hacked accounts, identity
theft - there are so many breaches every day, I am concerned that
complacency will set in and clients won’t know where to start to
address the problem. Identity and Access Management is a key
pillar in preventing these problems, and companies are still over-
reliant on passwords. We need to make it clear to our clients that
our solutions make it super convenient to implement password
alternatives.
Where Traditional IAM Falls Short
FIELD: What’s wrong with how we’ve been approaching traditional
IAM?
KEENAGHAN: Companies have failed to truly adopt additional
context factors around user behaviors that can assist in
understanding risks associated with their activities.
Behavioral analytics are available that focus on the employee and
consumer populations and are integrated into our IAM suite. Also,
many companies have taken a Band-Aid approach to verification
using techniques that put the burden on the end user causing
friction – techniques like Captcha and MFA methods that are
insecure like knowledge-based questions. Where customers have
implemented multi-factor authentication, we usually see this done
in silos. Employees and consumers should be given a choice in
how they want to authenticate, and they should have a consistent
authentication experience regardless of whether they are using
applications on a mainframe, Linux server, or the latest cloud app.
CONTEXT
Secure Identity: The Future is NowQ&A with Jason Keenaghan of IBM
“I am concerned that complacency will set in and clients won’t know where to start to address the problem.”
Jason Keenaghan
Secure Identity: The Future is Now 6
The Future is Now
FIELD: How is IBM reimaging IAM today?
KEENAGHAN: Here are four ways:
• Authentication – Providing a single authenticator that is delivered
as a service that can enable MFA anywhere – spanning from the
mainframe to on-premise to cloud applications while using user
and device context to know with a high level of certainty that
users are genuine. The context is key. Depending on how risky
a given behavior is, the digital experience can be quite silent, or
frictionless for the end user. IBM leverages behavioral analytics
and a variety of other behind-the-scenes technology to only
intervene with a verification when risky behavior is detected.
• Analytics – Helping organizations make more informed decisions
about their riskiest users so that managers can prioritize taking
managing their biggest risks when it comes to certification
reviews.
• Decentralized ID – We’ve seen many use cases whereby
decentralized identity can provide benefits to individuals (giving
control them over who has access to their information), while at
the same time reducing the burden of organizations in terms of
ensuring privacy.
The Business Impact
FIELD: What business benefits can be realized?
KEENAGHAN: Whenever an organization decides to pursue
innovation in their IAM program, they’re going to make a difference
for the IAM team of course, but they’ll also make a meaningful
difference for their end-users. A company that implements one
authentication experience everywhere, for all their employees, will
find that the consistency in that login experience, and the removal
of additional prompts for verification, makes users more productive
in their day-to-day work. A study we recently conducted with EMA
found that IT security leaders see user education as the biggest
challenge with utilizing their authentication solution. But those
that implement contextually-aware access controls actually said
they struggled much less with user education. When it comes to
decentralized identity programs, the business impact is much more
of a radical one. Early adopters of decentralized ID could reduce
a lot of the costs and liability around the management of a user
directory, of course, but also provide an end-user privacy and trust
benefit that is a business differentiator.
Helping Customers See Value
FIELD: How is IBM helping customers to achieve these benefits?
KEENAGHAN: We’re helping clients transform the way they
deliver identity and access management to their end users, with
both products and personnel to support their transformation.
IBM manages more than 2 billion digital identities today, from the
world’s largest telecoms, to state governments and universities.
One recent example I love is a large banking and insurance firm
that was making an IT-wide move to Microsoft Azure. They came to
IBM looking for help to provide consistent, highly available second
factor authentication to their customers for a set of customer apps
they were delivering on-premises. Working with IBM, they were able
to make a seamless transition to delivering authentication from the
cloud without any impact to their customer experience. Because
they’re taking advantage of a service that can scale, they’re now
able to develop new customer capability even faster.
Critical Questions to Ask
FIELD: What are the critical questions that security leaders need to
be asking about their current approach to IAM?
KEENAGHAN: First off, I want to recognize that IAM programs are
not at all easy to get right – and that many of us may already feel
quite critical of how we’re approaching this today. IAM programs
have huge potential to add value to the business when we focus
on achieving measurable outcomes for our users. When we do
that well, the rest of our business stakeholders will take note. I
would encourage you to first take stock of the progress you and
your teams are making today, and then look for a “quick win” that’s
focused on a set of end users that you know is having a pain point.
It could be your employee population, your customers, your
privileged users, or your IT administrators. Ask them what’s taking
them too much time when it comes to accessing the resources they
need, and try to knock down one productivity barrier for them. Get
a baseline metric – how many times they log-in a day; how long it
takes them to get access to a key application – and then create a
plan to make a difference. n
“IAM programs have huge potential to add value to the business when we focus on achieving measurable outcomes for our users.”
Secure Identity: The Future is Now 7
Notes
Secure Identity: The Future is Now 8
Notes
Secure Identity: The Future is Now 9
902 Carnegie Center • Princeton, NJ • 08540 • www.ismg.io
About ISMG
Information Security Media Group (ISMG) is the world’s largest media organization devoted solely to information
security and risk management. Each of our 28 media properties provides education, research and news that is
specifically tailored to key vertical sectors including banking, healthcare and the public sector; geographies from
North America to Southeast Asia; and topics such as data breach prevention, cyber risk assessment and fraud.
Our annual global Summit series connects senior security professionals with industry thought leaders to find
actionable solutions for pressing cybersecurity challenges.
Contact
(800) 944-0401 • [email protected]