1 / 31

WEBINAR Top IAM Trends From The 2017 RSA Conference

WEBINAR Top IAM Trends From The 2017 RSA Conference. Andras Cser, Vice President, Principal Analyst. Merritt Maxim, Senior Analyst. April 10, 2017. Call in at 12:55 p.m. Eastern time. Webinar abstract.

kfred
Download Presentation

WEBINAR Top IAM Trends From The 2017 RSA Conference

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. WEBINARTop IAM Trends From The 2017 RSA Conference Andras Cser, Vice President, Principal Analyst Merritt Maxim, Senior Analyst April 10, 2017. Call in at 12:55 p.m. Eastern time

  2. Webinar abstract While maturing quickly and assuming new delivery forms (prebuilt appliances on hypervisors and in containers), identity and access management (IAM) is undergoing fundamental changes in response to: 1) hybrid cloud access control challenges; 2) IoT security; 3) erosion of the password; 4) maturing of identity analytics; and 5) adoption of cloud directories. This webinar gives security and risk specialists an insider’s look at what’s to come for IAM. Andras Cser and Merritt Maxim discuss the most important IAM changes and trends from the 2017 RSA Conference in San Francisco. Key takeaways: Understand how IAM has changed in the past year. Look at the critical requirements for IAM in 2017 and beyond. Explore the ways in which identity-as-a-service will change in 2017.

  3. Agenda Overall RSA 2017 conference impressions Top IAM trends Five actions to take post-RSA Q&A

  4. Cyberattacks are a board-level concern Companies do not want their breach to appear on CNN. Security is shifting from a director/VP/CISO/CIO IT problem to a CEO problem. Data protection is a key concern. Mobile and IoT present new challenges. BYOD/user-owned devices are here to stay.

  5. The digital transformation is driving IAM. 7

  6. Shift identity to the center of your threat detection ecosystem Perimeter is long gone. (Can you give a laptop with VPN to every contractor and employee???) Identity has emerged as the new perimeter. Holistic approaches for joiner, mover, leaver, attestation, and self-service processes Unified treatment of application, data, endpoint, and network access controls

  7. IAM is essential for today’s business and digital transformation Digital customer experience versus security strength IAM must support profile and preference management. IAM must protect privacy. IAM must help protect sensitive data. Mobile/any device support IAM must support BI.

  8. Hot product categories at RSA Conference 2017 The five most popular categories* in the 2017 RSA program guide: Data security (No. 1 in 2015) Network security (No. 2 in 2015) Cloud security (No. 3 in 2015) Hackers and threats (No. 7 in 2016) Threat management (No. 4 in 2016) *Vendors could select multiple categories (out of 100 categories).

  9. Top vendor categories at RSA Conference, 2012 to 2017

  10. Breakdown of top vendor categories atRSA Conference, 2015 to 2017

  11. Trend No. 1: All IAM vendors are preparing for the normalcy of hybrid environments

  12. Trend No. 2: IDaaS vendors will use analytics to reduce account takeovers — everywhere Fix for one client, fix for all Reduce cost of rule management Reduce false-positives

  13. Trend No. 3: Machine-learning algorithm hype is over Operationalization Better accuracy Self-checking algorithms Scalability

  14. Trend No. 4: RBA is not only being built into web but also other channels Voice POS/3DS In person Mobile apps Includes more data beyond device IDs Phone numbers Address, ZIP, DOB, etc.

  15. Trend No. 5: Identity intelligence is using new threat signals and intel Access logs Access request logs DNS Device Network forensics Marketing information

  16. Trend No. 6: Containerization of IAM will push IAM microservices Microservices reduce the threat surface. Easier hosting Easier to monitor Less expensive to implement

  17. Trend No. 7: “Serverless” and identity services synergies emerge Authentication Authorization Provisioning Data protection Centralized monitoring

  18. Trend No. 8: Password further erodes; biometrics readies for prime time Risk-based authentication improves. Biometrics gaining ground Finger Face Voice Behavioral

  19. Trend No. 9: IoT will evolve beyond device-level identity Devices are the new kid on the block. Life cycle, authentication, biometrics, and API IAM systems have to handle people, apps, systems, and devices. Manage consent in IoT environments explicitly — this is to protect data and privacy Authorization v2.0 Data protection Real-time detection Network access control

  20. Trend No. 10: The GDPR will force IAM vendors to update their products Legacy systems ignore protection of PII —they are not designed with privacy in mind. Firms risk data loss and regulatory fines by continuing to use these systems as the EU GDPR comes into full effect in 2018. Product redesign efforts will take a “design for privacy” approach to fulfill the requirements of the new regulation. IAM becomes solution for GDPR compliance.

  21. Trend No. 11: Importance of optimum CX is accelerating CIAM demand • In the age of the customer, one extra link can drive down retention. • CIAM will become more of a customer engagement platform owned by the CMO and less of a security solution owned by the CISO/IT. • IAM can provide the foundation for superior CX. • Many digital businesses will get serious about deploying CIAM to keep up with customers’ requirements around seamless registration and authentication.

  22. Trend No. 12: Firms get serious about assessing their AD infrastructure • Active Directory (AD) infrastructure: a prime hacking target that requires a robust governance framework to minimize risk of related breaches • First, conduct an in-depth evaluation of your AD infrastructure: • A collaborative approach helps ensure that as security gaps are identified, they are remediated in a risk-appropriate manner that does not significantly affect AD performance. • Quick wins for proving the value of an AD security assessment can be found in group policy objects and group membership.

  23. Trend No. 13: Cloud directories are gaining traction in the midmarket • Cloud-based versions of AD have placed a cloud directory architecture within reach for many organizations. • They align well with IDaaS offerings for cloud-only IAM architecture or as part of other enterprisewide cloud deployments such as Office 365. • Going to AD in the cloud doesn’t eliminate every problem; other challenges have to be addressed, such as high availability, redundancy, and migration/integration with on-premises apps. • Administrative savings from cloud-based architecture is driving many midsize organizations to move to a cloud-based user store — especially for B2C.

  24. General IAM future requirements Consumer-like user interface everywhere API security and availability of IAM services as an API Multimodal and multitarget IAM (SaaS and on-premises IAM policy servers to support cloud and on-premises workloads) IAM becoming lightweight (microservices) Privacy and security must be built in. Behavioral profiling built in

  25. Five actions to take post-RSAC 2017 Validate vendor claims. Reach out to Forrester analysts for clarification and insight. Prepare yourself for the coming wave of analytics/machine learning in all aspects of cybersecurity, including IAM. Assess and build a business case for any planned implementation. Don’t forget about the changing regulatory environment (GDPR) and the potential effect on security. Prepare for (and expect) vendor consolidation.

  26. Businesses have aggressive customer acquisition and retention targets Content is going digital (rental, subscription, library, etc.) Across geographies Across all lines of business Identity fraud / registration fraud is on the rise Ads need to be tailored and personalized Can’t do this without proper IAM Digital approach in the media is unstoppable The digital approach is everywhere.

  27. Selected Forrester Research Making The Business Case For Identity And Access Management Forrester report TechRadar™: Internet Of Things Security, Q1 2017 Forrester report The Top IAM Trends From The RSA Conference 2017 Forrester report

  28. Forrester Insights for iPhone and iPad KEY RESEARCH AND DATA POINTS WHEN AND WHERE YOU NEED THEM • Access playbooks, reports, key takeaways, and data points to accelerate your projects and support your decision making. • Save reports and graphics to read online or offline on the device of your choice. • Receive notifications to stay abreast of the latest trends and insights relevant to your initiatives. forrester.com/app

  29. Andras Cser +1 617-613-6365 acser@forrester.com Merritt Maxim +1 617-613-6153 mmaxim@forrester.com

More Related