[May 28, 2015] |
|
Identity Experts at Yubico, FIDO Alliance and Ping Identity Share Insights on Security Trends Ahead of Cloud Identity Summit
In anticipation of Cloud
Identity Summit on June 8-11, Ping
Identity®
CEO Andre Durand interviewed three of the event's speakers to discuss
issues in the identity industry that are top of mind for enterprises
today. The interview participants include Brett McDowell, executive
director at the Fast IDentity Online (FIDO) Alliance; Stina Ehrensvard,
founder of Yubico; and Brian Campbell, engineer at Ping Identity.
Cloud Identity Summit is the world's premier identity conference with
presentations from experts across the technology industry on the latest
trends and innovations in identity. This year, the event will bring
together CIOs, IT practitioners and other thought leaders to discuss
issues that map back to the event's theme, "Borderless Identity."
Durand: What is the most important trend in identity now?
McDowell: We are finding that users are loving FIDO
authentication experiences and as a result, we're seeing FIDO-enabled
devices being driven by the consumer market that will affect identity
developments in the enterprise. We're trying to make sure every browser,
PC, tablet and phone will have FIDO authentication capability built in.
This way, the identity provider doesn't need to worry about provisioning
software to the client - because it's already built in.
Ehrensvard: The big trend within security right now is PKI
(public key infrastructure) without the infrastructure. Simplified
public key technology will help us overcome a reluctance to use strong
authentication hardware. A good analogy is the Swede who invented the
three-point seatbelt. People didn't want to put on a seatbelt; they just
wanted to get in and drive. To minimize resistance to using it, he
maximized its convenience, enabling people to use it with one hand,
within seconds. Rather than making this concept proprietary, he
encouraged Volvo to open it up as a global standard, available to all
manufacturers. I think we will see the same adoption with strong
authentication. In Sweden, you cannot log in to your bank or your
government service without your security dongle. It's the price Swedes
pay to be able to do secure online banking, to be able to pay taxes at
home. And when you look at it that way, it's far more convenient to use
a security dongle than to stand in line for hours proving your identity
in person when renewing your driver's license.
Campbell: The JSON Web Token (JWT) suite of standards is
redefining the identity token in a way that's more accessible to the
average developer. The underlying technologies, such as JSON, are
familiar and easy to use on a wide variety of platforms and
environments. The tokens themselves are smaller, which is both more
efficient and allows for a wider array of usages, as well as being
simpler, which makes it easier to get security right. All of this, I
think, is making identity more approachable to developers.
Durand: What's happening in identity that people aren't paying
attention to, but should be?
Ehrensvard - BringYour Own Authenticator, or BYOA.
Authenticators owned by users can be universally trusted. Everyone
talked about BYOD and the problems it introduces for the enterprise. Our
response is BYOA - the very same "device" which was once a threat, when
properly configured, can become an automatic identity authenticator for
secure enablement.
Campbell: The single sign-on experience on mobile right now is
fragmented and can be pretty bad. However, I believe that the pieces
needed to improve things are available right now and just need to be
reassembled. Existing web single sign-on, together with a common OAuth
based approach to authorizing native mobile apps, can be implemented now
to dramatically improve user experience.
Durand: What keeps you up at night in the identity and security space?
McDowell: The FIDO ecosystem has tremendous momentum right now,
but if I had to name the biggest risk to that momentum being sustainable
it would be if some large ecosystem stakeholder created its own
proprietary protocol stack for cryptographic online authentication
instead of using existing FIDO standards. That could potentially create
FUD in the market and slow standards adoption.
Campbell: The rate of change in this space as well as in
technology in general. There's so much happening on so many different
fronts, it's impossible to keep up to date with everything. Therefore,
it's important to have a broad view of what's going on in order to make
informed decisions about building products that provide meaningful value.
For more insights from these identity visionaries, attend their panels
at Cloud Identity Summit:
-
"Can
Hardware MFA Move From Meh to Aha?," a presentation by Stina
Ehrensvard on Monday, June 8, 2015, at 4:30 p.m. PT.
-
"Strong
Authentication Canine," a presentation by Brett McDowell on
Tuesday, June 9, 2015, at 9:00 a.m. PT.
-
"Mobile
SSO: Are We There Yet?," a presentation by Brian Campbell on
Tuesday, June 9, 2015, at 9:45 a.m. PT.
Cloud Identity Summit 2015 Online Resources
About Cloud Identity Summit 2015 - June 8-11 - San Diego, California
Now in its sixth year, Cloud Identity Summit is the world's premier
identity conference. The annual event converges the brightest minds
across the identity and security industry. With tracks from industry
thought leaders, CIOs and practitioners, Cloud Identity Summit serves as
a multi-year roadmap to deploy solutions that are here today but built
for the future. This year's sponsors include Radiant Logic, Google,
UnboundID, Microsoft, Centrify, Syntegrity Networks, SecureAuth,
Courion (News - Alert), Sailpoint, Exostar, Yubico, Advancive, SecZetta, Coreblox,
emedia, Akana and Optimal IDM.
CIS Social
Access 2014 presentations: http://www.slideshare.net/CloudIDSummit Watch
2014 sessions on the Cloud
Identity Summit YouTube Channel Join the conversation on
Twitter (News - Alert): @CloudIDSummit
and #CISID15 Be
part of the Cloud
Identity Summit LinkedIn Group Like the Cloud
Identity Summit Facebook
View source version on businesswire.com: http://www.businesswire.com/news/home/20150528006251/en/
[ Back To Mobile World Congress's Homepage ]
|