cis14: identity therapy: surviving the explosion of users, access and identities

Identity Therapy: Surviving the Explosion of Users, Access, and Identities

Kurt Johnson VP Strategy & Corporate Development

Courion Corporation @kurtvjohnson

2

Courion Mission

Help customers succeed in a world of open access and increasing threats.

3

Customer Need

Mobile Apps Cloud Systems & Apps

Data

Resources

Assets

Systems & Apps

ACCESS

Ensure the Right People

have the Right Access

to the Right Resources

and are doing the Right Things

9

Reputation Risk

10

Financial Risk

15

Source: 2014 Verizon Data Breach Investigations Report

Number of breaches per threat action category

16

Hacking breaches by type

0%

10%

20%

30%

40%

50%

60%

2009 2010 2011 2012 2013


Use of stolen credentials

Brute force

Backdoor or C2

SQL

Footprinting

17

Identity and Access Management Controls

Provisioning

Governance

19

2013 may be remembered as the

“year of the retailer breach”, but

a comprehensive assessment

suggests it was a year of

transition from geopolitical

attacks to large-scale attacks on

payment card systems

20

Verizon 2014 PCI Compliance Report

21

PCI DSS Requirement 8: Identify and authenticate access to system components

“Only 24.2% of organizations that suffered a security breach were

compliant with Requirement 8 at the time of the breach”

“64.4% of organizations failed to

restrict each account with access to cardholder data to

just one user” “More than half of insiders committing

IT sabotage were former employees who regained access via backdoors or

corporate accounts that were never disabled”

Source: Verizon 2014 PCI Compliance Report

22

Top Audit Findings

0% 5% 10% 15% 20% 25% 30% 35% 40%

Lack of sufficient segregation of duties

Removal of access following a transfer or termination

Excessive developers' access to production systems and data

Excessive acess rights

30%

18%

22%

31%

31%

27%

31%

38%

28%

29%

29%

36%

2012 2010 2009 Source: Deloitte Global Financial Services Security Survey

24

Identity and Access Management Controls

Provisioning

Governance

32

Identity of the Internet of Things (ID) (IoT)

33

ID IoT

35

Source: PWC Global State of Information Security Survey, 2014

36

Percent of breaches where time was days or less


37

POS Intrusions Discovery Method

0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100%

Internal

External 99%

1%


38

“Shift your security mindset from incident response to continuous response, wherein

systems are assumed to be compromised and require continuous monitoring and

remediation.”

“Designing an Adaptive Security Architecture for Protection From Advanced Attacks” Peter Firstbrook and Neil MacDonald, 2014.

48

Multi-dimensional analysis

Trillions of access relationships

100’s of policies & regulations

POLICIES

1000’s of applications, file shares & resources

RESOURCES

Millions of actions

ACTIVITY

100’s of thousands of access rights &

roles

RIGHTS

100,000’s of people, millions

of identities

IDENTITY

53

Intelligent Governance •  New account created outside provisioning system

•  High risk application •  High risk set of entitlements •  Employee not in HR system

…another

…and another

54

Provisioning Today

Provisioning

Request

Policy

Evaluation

Approval

Fulfillment

Reject

Request

55

Intelligent Provisioning

Provisioning

Request

Policy

Evaluation

Fulfillment

Risk

Scoring

56


Provisioning

Request

Approval

Fulfillment

Reject

Request

Policy

Evaluation

Risk

Scoring

57


Provisioning

Request

Policy

Evaluation

Approval

Fulfillment

Additional Approval

Reject

Request

Risk

Scoring

61

“By year-end 2020, identity analytics and intelligence (IAI) tools will deliver

direct business value in 60% of enterprises, up from <5% today.”

Intelligent IAM

62

Continuous Monitoring & Analytics

Governance Provisioning

Intelligent IAM

Policy

cis14: identity therapy: surviving the explosion of users, access and identities

Technology