beyond username and password it's continuous authorization webinar
TRANSCRIPT
© 2016 ForgeRock. All rights reserved.
Beyond Username and Password: It's Continuous
Authorization
Andy Hall Product Management Director, ForgeRock
Chris Kawalek
Sr. Product Marketing Manager, ForgeRock
© 2016 ForgeRock. All rights reserved.
Agenda
• The Changing Role of Identity and Access Management • Leveraging Context for Continuous Security • The Problem with Passwords • A Better Way: Mobile Push Authentication • Q & A and Next Steps
2
© 2016 ForgeRock. All rights reserved.
2010 Founded
10 Offices worldwide with headquarters in San Francisco
350+ Employees
450+ Customers
30+ Countries
$52M Funding to date (thru Series C) by Accel Partners, Foundation Capital and Meritech Capital Partners
ForgeRock The leading, next-generation, identity security software platform.
© 2016 ForgeRock. All rights reserved.
Changes are Adding Complexity
Employees
Employees & Partners
Perimeter Perimeter Federation
Things
Perimeter-less Federation
Cloud SaaS
Mobility Social
Consumers
Perimeter-less Federation
Cloud / SaaS
Com
plex
ity o
f Sca
le
Complexity of Experience
© 2016 ForgeRock. All rights reserved.
Perimeter-Based Security Identity-Centric Security
Enables Digital Business
Untrusted
Trusted
Inhibits Digital Business
Old Security Model is Broken. Security Must Now Be Identity-Based.
© 2016 ForgeRock. All rights reserved.
From Simply Managing Identities to Managing Complex Relationships
Identity Access Management Identity Relationship ManagementCustomers (millions)
On-premises
People
Applications and data
PCs
Endpoints
Workforce (thousands)
Partners and Suppliers
Customers (millions)
On-premises Public Cloud
Private Cloud
People
Things (Tens of millions)
Applications and data
PCs Phones Tablets Smart
Watches Endpoints
Source: Forrester Research
© 2016 ForgeRock. All rights reserved.
Authoriza*on Federa*on
Iden*ty Workflow Self Service
Authen*ca*on
Iden*ty Synchroniza*on
Adap*ve Risk
Directory Services
User-‐Managed Access
Iden*ty Gateway
The ForgeRock Identity Platform Built from the OpenAM, OpenDJ, OpenIDM, and Open IG Open Source Projects
© 2016 ForgeRock. All rights reserved.
Security is not a one time thing – it’s continuous
Security is All About Context Create/Update Relationship
Create/Update Policy
Adaptive Authentication
Adaptive Authorization
Accumulate History
Adjust Policy
© 2016 ForgeRock. All rights reserved.
Flexible Authentication for Modern and Legacy Systems • Flexible authentication options that offer more
protection to authenticate to any digital resource including users, devices, applications, APIs, and things
• Over 25 out-of-the-box authentication modules to fit the needs of your business LDAP, ActiveDirectory, device fingerprinting, one-time password, and Adaptive Risk authentication.
• Extend authentication to anything in a simple manner with scripted authentication modules.
• Implement strong multi-factor authentication by chaining modules together
Authen'ca'on
© 2016 ForgeRock. All rights reserved.
Mobile Authentication Additional Security That’s Easy to Use • Improve customer experience and security
with Mobile Authentication an out-of-the box mobile authentication app, available both for iOS and Android.
• Enhanced security with frictionless multi-factor and mobile authentication integrated with our Adaptive Risk engine
• Deliver an easy and secure provisioning via QR codes, with Recovery Codes to be used in event of lost or stolen devices
Authen'ca'on
© 2016 ForgeRock. All rights reserved.
Continuous Security with Context • Use context-based
intelligence in policies to protect resources at the time of access, not just based on context during authentication.
• Use context to assess risk, requiring stronger authentication mechanisms only when necessary to make it easier for users while maintaining system security.
User Login = OpenAM Session
Change requires step-‐up
authen'ca'on or external proofing
Risk score or higher level of
assurance grants access
System detects new IP address and device ID
Context Change
© 2016 ForgeRock. All rights reserved.
Passwords are the De Facto Standard Credential...For Now • A decades old idea, exploited to the
extreme in the modern world • Simple for sites to implement, but also
prone to mistakes that can lead to massive password leaks
• Users frustrated with increased security protocols
• How long? How many characters? Uppercase and lowercase? How often do I have to change it?
yDQwEv$UZKzhk2NN22u@ Can Anyone Remember This?
© 2016 ForgeRock. All rights reserved.
The Problem with Passwords • Insecure
• Easy to share among people / written down • Very often used on multiple sites • Weak passwords are very easy to crack or
socially engineer • Inconvenient
• Hard to remember strong passwords • Very difficult to type on mobile • Password managers are fidgety and create a
centralized target for attacks • What happens when you forget, for you and for
the site? • Is there a better way?
© 2016 ForgeRock. All rights reserved.
Passwordless Login and Frictionless Multifactor
Authentication Leverage Mobile Push Notifications to Make
Logging in Easier and More Secure
© 2016 ForgeRock. All rights reserved. 15
© 2016 ForgeRock. All rights reserved.
More Information
• Read about all the new features on the ForgeRock blog • Read the documentation on backstage.forgerock.com for
technical details • Follow us on Twitter: @ForgeRock • Subscribe to Identity Disorder podcast on iTunes
© 2016 ForgeRock. All rights reserved.
© 2016 ForgeRock. All rights reserved.
Q & A
© 2016 ForgeRock. All rights reserved.
Thank You
© 2016 ForgeRock. All rights reserved.
New Mobile Push Authentication • Eliminates login passwords or use
for a frictionless second factor • Updated ForgeRock
Authenticator Mobile App for iOS and Android receives notifications and asks the user to approve
• Users can add their logo, or use the source code to build their own mobile apps
• Uses SNS for secure communication to phone
Swipe, Fingerprint Scan,
Custom
© 2016 ForgeRock. All rights reserved.
New Mobile Push Authentication Register Your Device
© 2016 ForgeRock. All rights reserved.
New Mobile Push Authentication Password-less Login
© 2016 ForgeRock. All rights reserved.
New Mobile Push Authentication Frictionless Second Factor
© 2016 ForgeRock. All rights reserved.
New Push Authentication Customer Value • Vastly improves the user
experience by reducing friction during the user authentication process
• Increases security by using an “out-of-band” step
• Push notification prevents man in the middle attacks that could happen with SMS/OTP
© 2016 ForgeRock. All rights reserved.
Simple, Seamless, and Secure Access to Resources • Establish simple and flexible access policies
that protect your resources at all times • Assess risk with Contextual Authorization which
requires stronger authentication mechanisms only when necessary to make it easier for users while still maintaining system security
• Constant security with Continuous Authorization that ensures the authenticity of users, devices, things, and services at all times and mitigate risk whenever an anomaly is detected
Authoriza'on