SUBSCRIBE TO TMCnet
TMCnet - World's Largest Communications and Technology Community




TMCNet:  Identity Experts at Yubico, FIDO Alliance and Ping Identity Share Insights on Security Trends Ahead of Cloud Identity Summit

[May 28, 2015]

Identity Experts at Yubico, FIDO Alliance and Ping Identity Share Insights on Security Trends Ahead of Cloud Identity Summit

In anticipation of Cloud Identity Summit on June 8-11, Ping Identity® CEO Andre Durand interviewed three of the event's speakers to discuss issues in the identity industry that are top of mind for enterprises today. The interview participants include Brett McDowell, executive director at the Fast IDentity Online (FIDO) Alliance; Stina Ehrensvard, founder of Yubico; and Brian Campbell, engineer at Ping Identity.

Cloud Identity Summit is the world's premier identity conference with presentations from experts across the technology industry on the latest trends and innovations in identity. This year, the event will bring together CIOs, IT practitioners and other thought leaders to discuss issues that map back to the event's theme, "Borderless Identity."

Durand: What is the most important trend in identity now?

McDowell: We are finding that users are loving FIDO authentication experiences and as a result, we're seeing FIDO-enabled devices being driven by the consumer market that will affect identity developments in the enterprise. We're trying to make sure every browser, PC, tablet and phone will have FIDO authentication capability built in. This way, the identity provider doesn't need to worry about provisioning software to the client - because it's already built in.

Ehrensvard: The big trend within security right now is PKI (public key infrastructure) without the infrastructure. Simplified public key technology will help us overcome a reluctance to use strong authentication hardware. A good analogy is the Swede who invented the three-point seatbelt. People didn't want to put on a seatbelt; they just wanted to get in and drive. To minimize resistance to using it, he maximized its convenience, enabling people to use it with one hand, within seconds. Rather than making this concept proprietary, he encouraged Volvo to open it up as a global standard, available to all manufacturers. I think we will see the same adoption with strong authentication. In Sweden, you cannot log in to your bank or your government service without your security dongle. It's the price Swedes pay to be able to do secure online banking, to be able to pay taxes at home. And when you look at it that way, it's far more convenient to use a security dongle than to stand in line for hours proving your identity in person when renewing your driver's license.

Campbell: The JSON Web Token (JWT) suite of standards is redefining the identity token in a way that's more accessible to the average developer. The underlying technologies, such as JSON, are familiar and easy to use on a wide variety of platforms and environments. The tokens themselves are smaller, which is both more efficient and allows for a wider array of usages, as well as being simpler, which makes it easier to get security right. All of this, I think, is making identity more approachable to developers.

Durand: What's happening in identity that people aren't paying attention to, but should be?

Ehrensvard - BringYour Own Authenticator, or BYOA. Authenticators owned by users can be universally trusted. Everyone talked about BYOD and the problems it introduces for the enterprise. Our response is BYOA - the very same "device" which was once a threat, when properly configured, can become an automatic identity authenticator for secure enablement.




Campbell: The single sign-on experience on mobile right now is fragmented and can be pretty bad. However, I believe that the pieces needed to improve things are available right now and just need to be reassembled. Existing web single sign-on, together with a common OAuth based approach to authorizing native mobile apps, can be implemented now to dramatically improve user experience.

Durand: What keeps you up at night in the identity and security space?

McDowell: The FIDO ecosystem has tremendous momentum right now, but if I had to name the biggest risk to that momentum being sustainable it would be if some large ecosystem stakeholder created its own proprietary protocol stack for cryptographic online authentication instead of using existing FIDO standards. That could potentially create FUD in the market and slow standards adoption.

Campbell: The rate of change in this space as well as in technology in general. There's so much happening on so many different fronts, it's impossible to keep up to date with everything. Therefore, it's important to have a broad view of what's going on in order to make informed decisions about building products that provide meaningful value.

For more insights from these identity visionaries, attend their panels at Cloud Identity Summit:

Cloud Identity Summit 2015 Online Resources

About Cloud Identity Summit 2015 - June 8-11 - San Diego, California

Now in its sixth year, Cloud Identity Summit is the world's premier identity conference. The annual event converges the brightest minds across the identity and security industry. With tracks from industry thought leaders, CIOs and practitioners, Cloud Identity Summit serves as a multi-year roadmap to deploy solutions that are here today but built for the future. This year's sponsors include Radiant Logic, Google, UnboundID, Microsoft, Centrify, Syntegrity Networks, SecureAuth, Courion (News - Alert), Sailpoint, Exostar, Yubico, Advancive, SecZetta, Coreblox, emedia, Akana and Optimal IDM.

CIS Social

Access 2014 presentations: http://www.slideshare.net/CloudIDSummit
Watch 2014 sessions on the Cloud Identity Summit YouTube Channel
Join the conversation on Twitter (News - Alert): @CloudIDSummit and #CISID15
Be part of the Cloud Identity Summit LinkedIn Group
Like the Cloud Identity Summit Facebook


[ Back To Mobile World Congress's Homepage ]




Technology Marketing Corporation

2 Trap Falls Road Suite 106, Shelton, CT 06484 USA
Ph: +1-203-852-6800, 800-243-6002

General comments: [email protected].
Comments about this site: [email protected].

STAY CURRENT YOUR WAY

© 2024 Technology Marketing Corporation. All rights reserved | Privacy Policy