Upload
others
View
1
Download
0
Embed Size (px)
Citation preview
No Littering, No Smoking, NO PASSWORDS
April 2017
Bob Kalka, VP IBM Security
2 IBM Security
The Transformation of Identity and Access Management
Reason: changing technology
environment
63%Of organizations to
replace an IAM technology w/in 2 yrs
#1
94%
*Gartner conference Dec 2016
Of IAM budgets increasing or staying
the same in 2017
3 IBM Security
Password Use is Dropping Rapidly
IBM AND BUSINESS PARTNER INTERNAL USE ONLY
Drop in use due to introduction of
recognition technologies
55%Drop in use of
Passwords and tokens by 2019
*Gartner Strategic planning assumption –Ant Allan(in medium-risk use cases)
4 IBM Security
Enterprises are trying to find the balance between two interests
Demand for Increased Assurance
•Lose customers due to inconvenience
•Employees want to get their job done
•Employee productivity: time consuming, easily forgotten
• Steal a password and you’re in
• Employees, often unwittingly, are key to many large data breaches
• A stolen consumer password turns your customer transaction into fraud
Usability Expectations Increased Assurance
$$$
60%Of known data
breaches use weak or stolen passwords
Password:xgGL$#!jjhh(*%!aAbc
5 IBM Security
Why risk-based authentication?No matter what level of security you require…
Security User Experience
…risk-based authentication is the most basic step towards increasing security without compromising user convenience.
6 IBM Security
Adapt and enforce access based on risk
Time of day
IP reputation
User info
Browser type
Device type
APPROVE CHALLENGE DENY
RISK-ENGINE
7 IBM Security
Why Smartphone-based authentication?
Usability Security
8 IBM Security
Solution: Infuse multiple authentication types for stronger security
Capture
SOMETHING THAT YOU KNOW- Usernames and
passwords- Knowledge questions
SOMETHING THAT YOU HAVE- User presence - One time passwords
- Time-based- Email/ SMS
SOMETHING THAT YOU ARE- Biometrics
Move towards stronger, easier authentication
Risk-based access
9 IBM Security
The IBM approach
Devices / Smartphones
Risk-based access
Less intrusive, more affordable, strong authentication=
+
IBM Verify
10 IBM Security
IBM Security Access Manager: IBM Verify! Mobile Authentication
Enroll Touch(Fingerprint)
Confirm (Y/N)Login
• Multi-modal: different types supported for different scenarios • Integrated: Easily integrate flexible, intelligent multi-factor authentication into applications
• IBM Verify mobile App: out of the box multi-factor authentication• IBM Mobile Access SDK: MFA easily integrated into a custom mobile app
• Policy driven: Permit access when risk is low risk and demand authentication challenges when risk is high
• Extensible: Adopt a platform approach for evolving user expectations and authentication technologies
** Statement of direction: In a future release, IBM intends to add biometric authentication capability into the IBM Security Access Manager platform.
Confirm (Y/N)Transaction
Face & Voice Recognition
(future)**
One Time Password
11 IBM Security
Demo
IBM AND BUSINESS PARTNER INTERNAL USE ONLY
12 IBM Security
IBM Security Access Manager: risk-based access supports five main context domains for adaptive access control
Identity:Groups, roles, credential attributes, organization
Endpoints:There are various unique attributes (device fingerprint).
Screen depth/resolution, Fonts, OS, Browser, Browser plug-in, device model & UUID
Environment:Geographic location, network, local time . . . etc
Resource / Action:The application being requested and what is being done.
Behavior:Analytics of user historical and current resource usage.
User activity monitoring, specific business activity monitoring
ibm.com/security
securityintelligence.com
xforce.ibmcloud.com
@ibmsecurity
youtube/user/ibmsecuritysolutions
© Copyright IBM Corporation 2016. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. Any statement of direction represents IBM's current intent, is subject to change or withdrawal, and represent only goals and objectives. IBM, the IBM logo, and other IBM products and services are trademarks of the International Business Machines Corporation, in the United States, other countries or both. Other company, product, or service names may be trademarks or service marks of others.Statement of Good Security Practices: IT system security involves protecting systems and information through prevention, detection and response to improper access from within and outside your enterprise. Improper access can result in information being altered, destroyed, misappropriated or misused or can result in damage to or misuse of your systems, including for use in attacks on others. No IT system or product should be considered completely secure and no single product, service or security measure can be completely effective in preventing improper use or access. IBM systems, products and services are designed to be part of a lawful, comprehensive security approach, which will necessarily involve additional operational procedures, and may require other systems, products or services to be most effective. IBM does not warrant that any systems, products or services are immune from, or will make your enterprise immune from, the malicious or illegal conduct of any party.
FOLLOW US ON:
THANK YOU