beyond username and password it's continuous authorization webinar

© 2016 ForgeRock. All rights reserved.

Beyond Username and Password: It's Continuous

Authorization

Andy Hall Product Management Director, ForgeRock

Chris Kawalek

Sr. Product Marketing Manager, ForgeRock


Agenda

• The Changing Role of Identity and Access Management • Leveraging Context for Continuous Security • The Problem with Passwords • A Better Way: Mobile Push Authentication • Q & A and Next Steps

2


2010 Founded

10 Offices worldwide with headquarters in San Francisco

350+ Employees

450+ Customers

30+ Countries

$52M Funding to date (thru Series C) by Accel Partners, Foundation Capital and Meritech Capital Partners

ForgeRock The leading, next-generation, identity security software platform.


Changes are Adding Complexity

Employees

Employees & Partners

Perimeter Perimeter Federation

Things

Perimeter-less Federation

Cloud SaaS

Mobility Social

Consumers

Perimeter-less Federation

Cloud / SaaS

Com

plex

ity o

f Sca

le

Complexity of Experience


Perimeter-Based Security Identity-Centric Security

Enables Digital Business

Untrusted

Trusted

Inhibits Digital Business

Old Security Model is Broken. Security Must Now Be Identity-Based.


From Simply Managing Identities to Managing Complex Relationships

Identity Access Management Identity Relationship ManagementCustomers (millions)

On-premises

People

Applications and data

PCs

Endpoints

Workforce (thousands)

Partners and Suppliers

Customers (millions)

On-premises Public Cloud

Private Cloud

People

Things (Tens of millions)

Applications and data

PCs Phones Tablets Smart

Watches Endpoints

Source: Forrester Research


Authoriza*on Federa*on

Iden*ty Workflow Self Service

Authen*ca*on

Iden*ty Synchroniza*on

Adap*ve Risk

Directory Services

User-‐Managed Access

Iden*ty Gateway

The ForgeRock Identity Platform Built from the OpenAM, OpenDJ, OpenIDM, and Open IG Open Source Projects


Security is not a one time thing – it’s continuous

Security is All About Context Create/Update Relationship

Create/Update Policy

Adaptive Authentication

Adaptive Authorization

Accumulate History

Adjust Policy


Flexible Authentication for Modern and Legacy Systems • Flexible authentication options that offer more

protection to authenticate to any digital resource including users, devices, applications, APIs, and things

•  Over 25 out-of-the-box authentication modules to fit the needs of your business LDAP, ActiveDirectory, device fingerprinting, one-time password, and Adaptive Risk authentication.

•  Extend authentication to anything in a simple manner with scripted authentication modules.

•  Implement strong multi-factor authentication by chaining modules together

Authen'ca'on


Mobile Authentication Additional Security That’s Easy to Use •  Improve customer experience and security

with Mobile Authentication an out-of-the box mobile authentication app, available both for iOS and Android.

• Enhanced security with frictionless multi-factor and mobile authentication integrated with our Adaptive Risk engine

• Deliver an easy and secure provisioning via QR codes, with Recovery Codes to be used in event of lost or stolen devices

Authen'ca'on


Continuous Security with Context •  Use context-based

intelligence in policies to protect resources at the time of access, not just based on context during authentication.

•  Use context to assess risk, requiring stronger authentication mechanisms only when necessary to make it easier for users while maintaining system security.

User Login = OpenAM Session

Change requires step-‐up

authen'ca'on or external proofing

Risk score or higher level of

assurance grants access

System detects new IP address and device ID

Context Change


Passwords are the De Facto Standard Credential...For Now • A decades old idea, exploited to the

extreme in the modern world • Simple for sites to implement, but also

prone to mistakes that can lead to massive password leaks

• Users frustrated with increased security protocols

•  How long? How many characters? Uppercase and lowercase? How often do I have to change it?

yDQwEv$UZKzhk2NN22u@ Can Anyone Remember This?


The Problem with Passwords •  Insecure

•  Easy to share among people / written down •  Very often used on multiple sites •  Weak passwords are very easy to crack or

socially engineer •  Inconvenient

•  Hard to remember strong passwords •  Very difficult to type on mobile •  Password managers are fidgety and create a

centralized target for attacks •  What happens when you forget, for you and for

the site? •  Is there a better way?


Passwordless Login and Frictionless Multifactor

Authentication Leverage Mobile Push Notifications to Make

Logging in Easier and More Secure


More Information

• Read about all the new features on the ForgeRock blog • Read the documentation on backstage.forgerock.com for

technical details • Follow us on Twitter: @ForgeRock • Subscribe to Identity Disorder podcast on iTunes


Q & A


Thank You


New Mobile Push Authentication •  Eliminates login passwords or use

for a frictionless second factor •  Updated ForgeRock

Authenticator Mobile App for iOS and Android receives notifications and asks the user to approve

•  Users can add their logo, or use the source code to build their own mobile apps

•  Uses SNS for secure communication to phone

Swipe, Fingerprint Scan,

Custom


New Mobile Push Authentication Register Your Device


New Mobile Push Authentication Password-less Login


New Mobile Push Authentication Frictionless Second Factor


New Push Authentication Customer Value •  Vastly improves the user

experience by reducing friction during the user authentication process

•  Increases security by using an “out-of-band” step

•  Push notification prevents man in the middle attacks that could happen with SMS/OTP


Simple, Seamless, and Secure Access to Resources • Establish simple and flexible access policies

that protect your resources at all times •  Assess risk with Contextual Authorization which

requires stronger authentication mechanisms only when necessary to make it easier for users while still maintaining system security

•  Constant security with Continuous Authorization that ensures the authenticity of users, devices, things, and services at all times and mitigate risk whenever an anomaly is detected

Authoriza'on

beyond username and password it's continuous authorization webinar

Software