directory cis 2015 - eric fazendin
TRANSCRIPT
MULTI-FACTOR FOR ALL, THE EASY WAY CIS 2015
Confidential — do not distribute Copyright © 2015 Ping Identity Corp. All rights reserved. 2
Ran Ne’man Director Products, Strong Authentication and Mobile, Ping Identity
SAFE HARBOR STATEMENT
The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Ping Identity’s products remains at the sole discretion of Ping Identity.
“COMPANIES THAT RELY ON USER NAMES AND PASSWORDS HAVE TO DEVELOP A SENSE OF URGENCY
ABOUT CHANGING THIS. UNTIL THEY DO, CRIMINALS WILL JUST KEEP STOCKPILING PEOPLE’S CREDENTIALS.”
Avivah Litan Security Analyst
Gartner
2,803,036 Records Lost or Stolen Every Day
116,793 Records Lost or Stolen Every Hour
1,947 Records Lost or Stolen Every Minute
32 Records Lost or Stolen Every Second
Meet PingID
Copyright © 2014 Ping Identity Corp. All rights reserved. 5
• Multifactor authentication via mobile app for multiple apps and services, including
PingOne® and PingFederate®
• Define and enforce policies tailored to your needs
• Simple security for end users
• Simple administration for all IT levels
Platform Offering
Confidential — do not distribute Copyright © 2014 Ping Identity Corp. All rights reserved. 6
Confidential — do not distribute Copyright © 2014 Ping Identity Corp. All rights reserved. 7
FEDERATION SERVER ACCESS GATEWAY & POLICY SERVER
IDENTITY AS A SERVICE
Components
How Can You Make it Easy?
Confidential — do not distribute Copyright © 2014 Ping Identity Corp. All rights reserved. 8
User Admin Organization
SO, HOW EASY CAN IT BE?... DEMO
Confidential — do not distribute Copyright © 2014 Ping Identity Corp. All rights reserved. 9
HOW DOES IT WORK?
Confidential — do not distribute Copyright © 2014 Ping Identity Corp. All rights reserved. 10
How PingID Works
Copyright © 2014 Ping Identity Corp. All rights reserved. 11
USER’S MOBILE DEVICE DESKTOP SIGN-ON
How PingID Works
Pair Your Device
Confidential — do not distribute Copyright © 2014 Ping Identity Corp. All rights reserved. 13
User scans the QR code from the app
Device is registered and ready for use
User is prompted to install the PingID mobile app
USER SIDE
Confidential — do not distribute Copyright © 2014 Ping Identity Corp. All rights reserved. 14
Authentication For All Users
Confidential — do not distribute Copyright © 2014 Ping Identity Corp. All rights reserved. 15
H2 2015
H1 2015
Wearables Derive Security and User Experience
Confidential — do not distribute Copyright © 2014 Ping Identity Corp. All rights reserved. 16
H2 2015+
ORGANIZATION SIDE
Confidential — do not distribute Copyright © 2014 Ping Identity Corp. All rights reserved. 17
Confidential — do not distribute Copyright © 2014 Ping Identity Corp. All rights reserved. 18
Multiple Services and Applications
PingID API VPNs
H1 & H2 2015
VPN Integration
Confidential — do not distribute Copyright © 2014 Ping Identity Corp. All rights reserved. 19
Confidential — do not distribute Copyright © 2014 Ping Identity Corp. All rights reserved. 20
Enterprise-Grade VPN Agent
Confidential — do not distribute Copyright © 2014 Ping Identity Corp. All rights reserved. 21
VPN Demo
• REST-based API’s
• Developer friendly documentation
• Full API Audit Trail
• Same API modeling across all Ping Products
Release Defining Features
Authentication and Administrative API’s
Confidential — do not distribute Copyright © 2015 Ping Identity Corp. All rights reserved. 22
H1 & H2 2015
SSH Applications
Confidential — do not distribute Copyright © 2014 Ping Identity Corp. All rights reserved. 23
• Linux / Unix machines with SSH • Privileged accounts security • Supports all user side tokens (e.g. YubiKey),
OTP for offline • On-the-fly pairing • ForceCommand (ssh, scp…) and
PAM (su, sftp…) integrations • C code • APT packaging
Adapting to Your Business
Confidential — do not distribute Copyright © 2015 Ping Identity Corp. All rights reserved. 24
H1 & H2 2015
ADMIN SIDE
Confidential — do not distribute Copyright © 2014 Ping Identity Corp. All rights reserved. 25
• Users without smartphones
• Locations with poor connectivity
• User Self-Service registration
• Integrated administration
Alternative to Mobile App
YubiKey Hardware Token
Confidential — do not distribute Copyright © 2015 Ping Identity Corp. All rights reserved. 26
H1 2015
YubiKey Admin Experience Easy As 1-2-3
Confidential — do not distribute Copyright © 2014 Ping Identity Corp. All rights reserved. 27
1. Get it 2. Register it 3. Manage it + +
H1 2015
CONTINUOUS CONTEXTUAL AUTHENTICATION
Confidential — do not distribute Copyright © 2014 Ping Identity Corp. All rights reserved. 28
One Year Ago @ CIS
Confidential — do not distribute Copyright © 2014 Ping Identity Corp. All rights reserved. 29
Fingerprint by Apple Touch ID and Samsung
• Biometrics, first step
• Security + User experience
• Lost and Stolen
• Apple and Samsung
• Gradual rollout
Confidential — do not distribute Copyright © 2015 Ping Identity Corp. All rights reserved. 30
H1 2015
Confidential — do not distribute
• Geofencing rules for specific locations, e.g. campus
• Country Based
• Network Based
• Ground Speed check
• Proximity
Where are your users?
Geo-location as an Authentication Factor
Copyright © 2014 Ping Identity Corp. All rights reserved. 31
H2 2015+
Device Posture and Pairing Rules
Confidential — do not distribute Copyright © 2014 Ping Identity Corp. All rights reserved. 32
• Session management • Device model and OS version • iOS Vs. Android • Device Lock • Company issued • Rooted / Jailbroken
H2 2015+
And One Engine To Govern Them All
Confidential — do not distribute Copyright © 2014 Ping Identity Corp. All rights reserved. 33
H2 2015+
…
The Customer Perspective
Copyright © 2014 Ping Identity Corp. All rights reserved.34
One secure app to authenticate any employee, partner or customer
One authentication service for any cloud, web, VPN or mobile service
Service
Benefits
Contextual going to continuous authentication
Lower TCO – no on-prem or transaction costs
More than access—brand and fit for yourself
Use across channels— mobile, online, call center, POS
A piece of the IAM platform
Confidential — do not distribute Copyright © 2014 Ping Identity Corp. All rights reserved. 35
What’s Next?
What’s Next?
Confidential — do not distribute Copyright © 2014 Ping Identity Corp. All rights reserved. 36
