Gartner Identity & Access Management Summit 2013

Similar documents
Federated single sign-on (SSO) and identity management. Secure mobile access. Social identity integration. Automated user provisioning.

Gartner IT Financial, Procurement & Asset Management Summit Trip Report. Overview

identity as the new perimeter: securely embracing cloud, mobile and social media agility made possible

Identity and Access Management (IAM) Across Cloud and On-premise Environments: Best Practices for Maintaining Security and Control

How to Get to Single Sign-On

Gartner Security & Risk Management Summit 2015

Gartner Security & Risk Management Summit 2014

WIPRO IDENTITY CLOUD UNLEASHING THE NEXT GENERATION OF IDENTITY AND ACCESS MANAGEMENT (IAM)

White Paper. What is an Identity Provider, and Why Should My Organization Become One?

Connecting Users with Identity as a Service

Executive Buyer s Guide to Identity and Access Management Solutions

Keynote: Gartner Magic Quadrants and MarketScopes. Ant Allan Felix Gaehtgens Gregg Kreizman Earl Perkins Brian Iverson

People-Focused Access Management. Software Consulting Support Services

Gartner Security & Risk Management Summit 2015

Identity Relationship Management

A Standards-based Mobile Application IdM Architecture

Identity and Access Management for the Hybrid Enterprise

How to Provide Secure Single Sign-On and Identity-Based Access Control for Cloud Applications

expanding web single sign-on to cloud and mobile environments agility made possible

Integrating Single Sign-on Across the Cloud By David Strom

The Cloud App Visibility Blindspot

Google Identity Services for work

Interoperate in Cloud with Federation

Agenda. Enterprise challenges. Hybrid identity. Mobile device management. Data protection. Offering details

SECUREAUTH IDP AND OFFICE 365

Architecting the Digital Business: How to Use and Secure Cloud, Mobile and Data

Address C-level Cybersecurity issues to enable and secure Digital transformation

Authentication Strategy: Balancing Security and Convenience

The Who, What, When, Where and Why of IAM Bob Bentley

pingidentity.com IDENTITY SECURITY TRENDS IN THE MOBILE ERA

Build Your Mobile Strategy Not Just Your Mobile Apps

Workshop: How an IAM RFP Can Help You Choose the Best Solution for Your Business

Cybersecurity Strategic Consulting

ForeScout MDM Enterprise

The ForeScout Difference

Copyright 2013, 3CX Ltd.

The Unique Alternative to the Big Four. Identity and Access Management

IMPLEMENTING A SECURITY ANALYTICS ARCHITECTURE

People-centric IT: Bedeutung für das Identity und Access Management. Uwe Lüthy Solution Sales Specialist Core Infrastructure Microsoft Schweiz Gmbh

Overview of Microsoft Enterprise Mobility Suite (EMS) Cloud University

The Case For A Cloud Access Security Broker

Symantec App Center. Mobile Application Management and Protection. Data Sheet: Mobile Security and Management

F5 Identity and Access Management (IAM) Overview. Laurent PETROQUE Manager Field Systems Engineering, France

GOVERNMENT USE OF MOBILE TECHNOLOGY

Mobile Device Management Version 8. Last updated:

B2C, B2B and B2E:! Leveraging IAM to Achieve Real Business Value

IDENTITY & ACCESS. BYOD and Mobile Security Seizing Opportunities, Eliminating Risks in a Dynamic Landscape

An Overview of Samsung KNOX Active Directory-based Single Sign-On

Key Issues for Identity and Access Management, 2008

Safeguarding the cloud with IBM Dynamic Cloud Security

Mobile device and application management. Speaker Name Date

What Is Cisco Mobile Workspace Solution?

WHITE PAPER SPLUNK SOFTWARE AS A SIEM

Securing Office 365 with Symantec

Extend and Enhance AD FS

Gartner Identity & Access Management Summit 2015

Close the security gap with a unified approach. Detect, block and remediate risks faster with end-to-end visibility of the security cycle

SOLUTION BRIEF SEPTEMBER Healthcare Security Solutions: Protecting your Organization, Patients, and Information

Assuring Application Security: Deploying Code that Keeps Data Safe

Don t Lose the Data: Six Ways You May Be Losing Mobile Data and Don t Even Know It

Cloud Computing for Architects

Adding Stronger Authentication to your Portal and Cloud Apps

Beyond passwords: Protect the mobile enterprise with smarter security solutions

Cloud Security: Is It Safe To Go In Yet?

The Benefits of an Integrated Approach to Security in the Cloud

managing SSO with shared credentials

Securely Yours LLC IT Hot Topics. Sajay Rai, CPA, CISSP, CISM

Vodafone Global Enterprise Deploy the Apple iphone across your Enterprise with confidence

Enterprise Security Tactical Plan

Building an Effective Mobile Device Management Strategy for a User-centric Mobile Enterprise

BT One. Analyst and consultant update, September BT One. Communications that unify 1

Application Overhaul. Key Initiative Overview

Finding Security in the Cloud

White Paper. FFIEC Authentication Compliance Using SecureAuth IdP

Cloud Standards. Arlindo Dias IT Architect IBM Global Technology Services CLOSER 2102

IDENTITY & ACCESS MANAGEMENT IN THE CLOUD

Office365 Adoption eguide. Identity and Mobility Challenges. Okta Inc. 301 Brannan Street San Francisco, CA

WHITEPAPER. SECUREAUTH 2-FACTOR AS A SERVICE 2FaaS

White Paper. Intelligent DDoS Protection Use cases for applying DDoS Intelligence to improve preparation, detection and mitigation

Security and Compliance challenges in Mobile environment

GLOBALSIGN WHITE PAPER. Taking BYOD Too Far. How to avoid the pitfalls of striving for BYOD utopia.

Enterprise Mobility Space

Consumer Web Portals: Platforms At Significant Security Risk

CA Technologies Strategy and Vision for Cloud Identity and Access Management

Windows Phone 8.1 in the Enterprise

Mobile Device Management for CFAES

MOBILITY. Transforming the mobile device from a security liability into a business asset. pingidentity.com

Identity. Provide. ...to Office 365 & Beyond

Transcription:

Gartner Identity & Access Management Summit 2013 Pragmatic Futures for IAM: Meeting Business Needs at the Nexus of Forces Trip Report The annual Gartner Identity & Access Management Summit was held on 11 12 March 2013, at the Park Plaza Westminster Bridge. This report summarizes and provides highlights from the event. Overview In 2013 the Summit brought together over 400 attendees to learn from and network with a range of end users giving case studies, key solution providers on the showfloor and in sessions, and with the Gartner analyst community. Led by the Summit Chair, Ant Allan the Summit took in over 40 presentations, roundtables and workshops furnishing attendees with the latest thinking on their strategy, tactical approaches, and key needs for 2013-14. The Nexus of Forces mobile, cloud, information and social brings new challenges and new opportunities for IAM. CISOs and IAM leaders have to extend their vision to include the Nexus. This is not just a strategic goal but a tactical imperative: The impact of the Nexus of Forces is clear now and underlies the trends Gartner has seen in client engagements across multiple IAM activities and markets of the past year. Meanwhile, CISOs and IAM leaders must keep sight of the needs of day-to-day operations and the demands of governance, risk management and compliance. Furthermore, the obligation remains to deliver meaningful, business-focused results. To efficiently deal with all these seemingly diverse commitments and to effectively orchestrate the necessary technology, tools and techniques and to so with lasting success CISOs and IAM leaders must establish and sustain an enduring IAM program with sound governance processes. Save the date The Gartner Identity & Access Management Summit 2014 will take place on 16 17 March in London, UK. We hope to see you again! Table of Contents 2 Key Take-Aways 3 The Audience 5 Keynote Sessions 6 Top 10 Most-Attended Sessions Park Plaza Westminster Bridge, London, UK Ant Allan speaking at the Gartner Identity & Access Management Summit 2013 7 Sponsors 9 Post Event Resources 2013 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. or its affiliates. For more information, email info@gartner.com or visit gartner.com. 1

Gartner Identity & Access Management Summit 2013 Key Take-Aways Best Practices for IAM Program Management and Governance Create a well-crafted vision and articulate it in light of strategic business needs. Continuously re-evaluate this. Establish an IAM program based around the activity cycle and the pillars of IAM. Establish sound formal governance processes and functions for IAM This should be incorporated within information security governance frameworks, but may require discrete entities at some levels. Bring Your Own 4G: How Secure Are the Mobile and Wireless Networks You Use for Business? Ensure secure setup of wireless networks. Maintain VPN or application-level security for sensitive applications, through 2015. Correlate wireless security with the mobile policy. Use a standard wireless provider and 4G, where possible. Dealing With Advanced Threats and Targeted Attacks Adjust the vulnerability assessment schedule to remediation cycles Initiate security hardening initiatives and evaluate application development process changes to security testing to earlier phases of the development life cycle Extend your SIEM deployment for early breach detection Balance spending among mitigation, shielding and monitoring based on practical limitations of mitigation for specific IT components Enabling Mobility Securely by Protecting Mobile Applications on Smartphones and Tablets Fix as many of the barriers as possible. Fixing even one makes a substantial difference to your success. Give up on the idea of trusting the platform. Secure your apps as soon as possible. Recognize there is not a single solution that works for everyone, and multiple approaches can coexist. Don t wait for standards act tactically, rather than strategically. 2

Get the Plumbing Right: Directories for Internal and Cloud Services Think tactically and strategically Maintain a service catalog Anticipate and plan for new requirements: Mobile devices Cloud XaaS Mergers/Acquisitions Minimize and consolidate (but not too much) Maintain an abstraction layer Embrace the politics of control and autonomy IAM at the Nexus of Cloud, Mobile and Social Partner with business leaders to include security/iam assessments as part of the planning process when procuring cloud-based business application services. Understand your costs for providing internal IAM functions, and your ability to obtain and retain staff as a prelude to comparative shopping for cloud-delivered IAM. Plan for mobile user use cases that will include employee- or consumer-owned devices and direct access to SaaS. Technical Insights: Making It Work: Identity and Mobility Implement adequate certificate enrollment processes for enterprise users: Don t use device-based SCEP enrollment! You will need an MDM (or MDM-like) product Protect your MDM push credentials: Certificate/Private key for Apple Notification Service Google C2MD service password Risk of unauthorized access and denial of service The Audience The Summit attracted over 350 attendees, from 29 countries including 19 European nations represented. The core of the audience was naturally from the UK, with the next highest groupings coming from Germany, Austria and Switzerland followed by Benelux, Nordic, France and the Middle East. In terms of industries represented the key sectors were government and public sector, financial services and manufacturing with a range of other sectors then present. The best represented job titles continued to be Director / Manager of Information Security / Security and variations there of with a presence from Risk, Compliance, and Security Architects. Keep a close eye on NFC developments: There is so much potential for enterprise identity! Get your AD groups right: Device policy management, credentialing, and secure file access depend on it 3

Gartner Identity & Access Management Summit 2013 Fighting Threats With Layered Security and Improved Identity Proofing Establish an overarching identity proofing and fraud management framework for your organization that includes multiple layers. Deploy Layer 1 endpoint-centric and Layer 2 navigation-centric solutions to start with. Integrate mobile applications into your fraud management framework to ensure a cohesive strategy, and shared user and account profiles. Recognize that the threat landscape can quickly change, pointing to the need for a layered approach and comprehensive framework. Good Authentication Choices for Smartphones and Tablets Set internal expectations early about what apps can be on personal device, and which can t Build a foundation for good IAM by matching the right baseline for device or app security Plan for UX being a barrier to meeting regulatory requirements on mobile device look to balancing in ease of use Technical Insights: A Magic 8 Ball in the Sky: Federated, Distributed and Cloud Externalized Authorization Before selecting an authorization mechanism and architecture: What is the coarseness of the decisions? How expressive of policy language is needed? Is the application externalized authorization-aware? Where can subject attributes be found? Ways to Achieve More With Less in Your IAM Program Prioritize your identity-related needs. What can realistically be accomplished through traditional methods with the budget that you have? Determine what might not be accomplished due to lack of budget (or other factors)? Put on your thinking cap, grab a list of what you have, and find a whiteboard! 4

Keynote Sessions Gartner Keynote: The Socialization of Identity Using social network identities can significantly help enterprises to attract and retain customers (a business priority for CIOs). Using login with Facebook (or other popular social networks) lowers friction, and thus improves the user experience (UX) for customer registration and subsequent login. Enterprises also benefit through a fall in the number of abandoned registrations and logins. Login with preferred social network identities makes it easier for customers to browse and buy especially where the merchant is present on other social networks (such as Facebook and Pinterest). Ant Allan Research VP The use of social network identities can lower customer administration costs this can be a business enabler, making profitable services that wouldn t be if they had significant overheads. Gartner sees a small but growing number of enterprises taking this approach, enabled by specialist vendors that prepackage support for a broad range of popular social networks and integrate other social network capabilities (such as gamification). Basic user attribute collection (for registration) and authentication with social identities are also being supported by Web access management products. All enterprises offering consumer-facing services, as well as government agencies offering citizen portals, should assess the benefits of accepting social network identities for customer/citizen registration and login, and weigh these against the risks posed by the lack of identity proofing and weak authentication for social network identities. Potential cost savings may be offset by the cost of mitigating these risks, say via fraud detection and prevention mechanisms and step-up user authentication methods. (But such controls may well be needed anyway!) This assessment should also consider alignment with other business use of social networks; while it can be independent of other initiatives, greater value can come from exploiting synergies. Gartner Closing Keynote: Maverick: Kill Off Security Controls to Reduce Risk Traditional security controls are increasingly ineffective and obstructive in a world where rapid technology change is driving business strategy. A radically new approach is required. Impeding the ability of the majority of users to exploit technology in furthering business objectives, just in order to prevent the bad intentions of a small minority of individuals, makes no business sense. Employees that have no stake or input in security controls and policies are alienated, having no trust in security practices. By adopting a people-centric approach to security, enterprises can reduce overall risk while simultaneously reducing the number of preventative controls. Giving users more personal responsibility, while holding them directly accountable for their actions, requires that he security team offer a more supportive role. Tom Scholtz VP Distinguished Analyst People-centric security PCS represents a major departure from conventional security strategies, but it reflects the reality that current security approaches are increasingly difficult to manage in the rapidly evolving environment Gartner defines as the Nexus of Forces. While changing a security strategy carries its own risks, security leaders should consider adopting elements of PCS as an early starting point for longer term transformation of their security programs. 5

Gartner Identity & Access Management Summit 2013 Top 10 Most-Attended Sessions Best Practices for IAM Program Management and Governance Ant Allan, Research VP Bring Your Own 4G: How Secure Are the Mobile and Wireless Networks You Use for Business? Dionisio Zumerle, Principal Research Analyst Dealing With Advanced Threats and Targeted Attacks Mark Nicolett, Managing VP Enabling Mobility Securely by Protecting Mobile Applications on Smartphones and Tablets John Girard, VP Distinguished Analyst and Dionisio Zumerle, Principal Research Analyst Get the Plumbing Right: Directories for Internal and Cloud Services Andrew Walls, Research VP IAM at the Nexus of Cloud, Mobile and Social Gregg Kreizman, Research VP Technical Insights: Making It Work: Identity and Mobility Trent Henry, Research VP Fighting Threats With Layered Security and Improved Identity Proofing Avivah Litan, VP Distinguished Analyst Good Authentication Choices for Smartphones and Tablets Eric Ahlm, Research Director and John Girard, VP Distinguished Analyst Technical Insights: A Magic 8 Ball in the Sky: Federated, Distributed and Cloud Externalized Authorization Ian Glazer, Research VP Ways to Achieve More With Less in Your IAM Program Ray Wagner, Managing VP 6

TM R Sponsors Premier Platinum Silver 7

Gartner Identity & Access Management Summit 2013 Radiant Logic Launches First On-Premise Identity Bridge Based on Virtualization TM Airbus Discusses the Value of Identity Virtualization at 2013 Gartner IAM Summit The recent rise of cloud applications mobile devices have posed serious challenges for Identity and Access Management practitioners, while the fragmentation of identity systems has frustrated efforts to meet those growing needs. At the 2013 Gartner IAM Summit, Radiant Logic demonstrated how it is uniquely positioned to meet these evolving demands with the release of RadiantOne 6.1, the industry s first complete on-premises enterprise identity provider. The release bundles Radiant Logic s Cloud Federation Service with its market-leading VDS, delivering a standards-based federated identity and access management solution. The newest version of the RadiantOne Cloud Federation Service includes: Support for SAML 2.0, OpenID Connect, and OAuth 2.0 Support for new trusted identity providers such as Facebook, Microsoft, and MyOpenId The ability to indicate the authentication level required to access certain applications Support for over forty new relying parties, making it simple to get single sign-on to almost any new cloud application There is a host of new features in the new VDS as well: Support for SCIM, REST, and SPML protocols to enable robust bulk user provisioning operations to cloud applications Better support for cloud applications such as Salesforce, Office 365, and Google Apps for unified access and provisioning Also at the Gartner IAM Summit, Frederic Fenoglietto, IAM Architect, highlighted how Airbus used RadiantOne to improve performance and service. He demonstrated how RadiantOne VDS enabled Airbus to rationalize and transform data, and eventually retire legacy directories. Learn more about Radiant Logic, a 2012 Gartner Cool Vendor, at www.radiantlogic.com 8

Post Event Resources Recommendations Summary A recommendations summary containing of all of the key recommendations from the Gartner analyst sessions is available for download from Agenda Builder. Please look for the Recommendations Summary file. Learn more with relevant research Want to learn more about the topics that interest you most? Turn to the end of each session presentation for a list of related Gartner research notes. Select Gartner research is available on demand at gartner.com. CONNECT WITH GARTNER IAM Connect with Gartner Business Process Management Summit on Twitter and LinkedIn. #GartnerIAM Gartner IAM Xchange Gartner has you covered View the full Gartner Events Calendar! The World s Most Important Gathering of CIOs and Senior IT Executives 9

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information