Embed Size (px)
Citation preview
10/15/2018
1
Marc Rogers, VP Cybersecurity Strategy, Okta
An Identity-based Approach to Protecting, Detecting, and Responding to Compromise.
The DMZ Was the Perimeter
Software is One Industry
Employees
CIOs are Technology Operators
THE WORLD BEFORE
The World is Changing
Software is Eating the World
CIOs are Business Enablers
THE WORLD TODAY
Partners
Employees
Contractors
Customers
10/15/2018
2
Enterprise Data Center
Enterprise Datacenter to Services
© Okta and/or its affiliates. All rights reserved. Okta Confidential
Cloud-Native Applications Are Dynamic and Public
Multiple Identity Providers
Organizational Identity
Professional Identity
Social Identity
National Identity
Device Identity
Partners
Employees
Contractors
Customers
Identity Store
Identity Store
10/15/2018
3
New Use Cases + Client Types
Mobile Is the Center of Gravity for Identity for People
Identity Is the New Perimeter
http://blogs.wsj.com/cio/2015/05/11/google-moves-its-corporate-applications-to-the-internet/
“assumes that the internal network is as
dangerous as the Internet”
10/15/2018
4
© Okta and/or its affiliates. All rights reserved. Okta Confidential 10
Customer perspective:Ron Zander, County of Placer
Ron ZanderIT Security Team
Who we are
380,000 residents2800 employees
10/15/2018
5
Technology Strategy:As we adopt more cloud solutions….We need one secure method, to access all apps and tools
Why an IAM Solution?
Journey with Okta
Evaluation DecidingFactors
SSO
MFA
10/15/2018
6
Transformation of IT Delivery
Identityisthenewperimeter
Manage access at the Identity Layer
17
Okta assesses device security posture before granting access to the cloud service
3
Devices connect directly to cloud service
1 Cloud service delegates to Oktafor authentication
2
Moving Forward
10/15/2018
7
+ Okta = Connect everything
Zero Trust is giving people and systems access to the right things for the shortest time possible with little friction.
© Okta and/or its affiliates. All rights reserved. Okta Confidential 21
Network Perimeter
The “Castle and Moat” Approach To Securing The Enterprise
TRUSTED
10/15/2018
8
© Okta and/or its affiliates. All rights reserved. Okta Confidential 22
Network Perimeter
The “Castle and Moat” Approach To Securing The Enterprise
TRUSTED UNTRUSTED
© Okta and/or its affiliates. All rights reserved. Okta Confidential
Mobile and cloud have dissolved the traditional perimeter
Result: We can no longer assume trust
PEOPLE
Employees Contractors Partners Suppliers Customers
DATA
Infrastructure Applications Platforms APIs
© Okta and/or its affiliates. All rights reserved. Okta Confidential
PEOPLE and SYSTEMS
Employees Contractors Customers Services Things
DATA
Infrastructure Applications Platforms APIs
The Perimeter Now Extends to the Identity of People and Systems.
Contextual Access
10/15/2018
9
© Okta and/or its affiliates. All rights reserved. Okta Confidential
The Modern Enterprise In a Zero Trust WorldAuthentication
Assurance
Factors
Inactivity
Attestation
Known
Registered
Managed
Compliant
Device Trust
Conditional Access
MFA
Desktop SSO
EMM
On-Prem/Private Cloud
Access Gateway
Zero Trust: The Future of Identity + Security
The Future of Identity + Security
10/15/2018
10
Attribute Authorities
Partner Status
Roles
Last Name
First Name
Team
Phone
OSOS
VersionVersion
MDM EnrolledMDM Enrolled
Passcode ExistsPasscode Exists
Block LevelEncryptionBlock LevelEncryption
FIDO Certified
User Presence
TPM
© Okta and/or its affiliates. All rights reserved. Okta Confidential
Governance of Data and Privacy
IoT Data Actor Claim Holders Data Claims
• GPS location• Speed• Mileage• Acceleration• Battery• Radar• Temperature
Driver
Do not track my location Discard
Track Battery Usage Encrypt
Owner
Publish Battery for
StatisticsAnonymize
Different users often have different claims to data
The Future of Identity + Security
10/15/2018
11
Assurance Decreases Over Time
Time
As
sura
nc
e
© Okta and/or its affiliates. All rights reserved. Okta Confidential
Modular Assurance
Partners
Employees
Contractors
Customers
© Okta and/or its affiliates. All rights reserved. Okta Confidential
New Models for Assurance
IdentityAssurance Level
(IAL)
Federation Assurance Level
(FAL)
AuthenticatorAssurance Level
(AAL)
NIST Special Publication 800-63-3 (Draft)
10/15/2018
12
Modern Passwordless Authentication
AUTHENTICATOR
LOCAL ONLINE
Poor Easy
Wea
kS
tron
g
USABILITY
SE
CU
RIT
Y
Fast IDentity Online
Continuous Authentication
Time
As
su
ran
ce
10/15/2018
13
The Future of Identity + Security
Risk Profiles
Real-Time Identity Intelligence
Humans are not able to prevent, detect and respond in this new world to
HacktivismCrimeEspionage
MischiefWarfare Terrorism
10/15/2018
14
Risk-Based Dynamic Access Control
156 723
Risk-Based Dynamic Access Control
Customers
The Future of Identity + Security
10/15/2018
15
© Okta and/or its affiliates. All rights reserved. Okta Confidential
Shared Signals
Identity Provider
Connected Cloud App
Primary Email Provider
1
2
3
45
© Okta and/or its affiliates. All rights reserved. Okta Confidential
PEOPLE and SYSTEMS
Employees Contractors Customers Services Things
DATA
Infrastructure Applications Platforms APIs
Identity as the perimeter in context aware access
Contextual Access
Identity
Apps
Time
Location
Devices & Protocols
Activity
Behavioral Analytics
Risk Assessment
Adaptive Policy
Allow, Deny, or Challenge
Restrict App Scope/Actions
Alert/Report
Context-Aware Access Management
10/15/2018
16
The Future of Identity + Security = Zero Trust
Single identity system for all your people, devices, services, & things
Attributes with authority, context, and attestation
Continuous authentication that is user-centric
Access control that is dynamic and based on risk
Shared signals across app boundaries
© Okta and/or its affiliates. All rights reserved. Okta Confidential 47
The Zero Trust journey starts with Identity
There’s no silver bullet for Zero
Trust
Okta is the modern Zero Trust Platform
Thank You
