Date post: | 14-Jul-2015 |
Category: |
Technology |
Upload: | ca-technologies |
View: | 509 times |
Download: | 2 times |
CA Technologies Predictions for Identity Management in 2015 –
The Application Economy Takes Hold
Michelle Waugh
Vice President, CA Technologies
January, 2015
@michellewaugh
2 © 2015 CA. ALL RIGHTS RESERVED.
Abstract of this session
The stunning rise of cloud, mobile, social, and the internet of things (IoT) has created the new Open Enterprise
and is the driving force behind the application economy, which is real and here now. The application economy
has transformed the way we do business, and our security practices also need to evolve in order to adapt to
this new reality.
As 2015 starts out, it’s time to review which important trends have emerged or shifted in the last year, and
predict what we expect will happen in the world of identity , access, and API management in the coming year.
These predictions from CA Technologies are based on gathering thoughts and ideas from many practitioners
and industry experts, and synthesizing them down to a key set of insights that provide a clear understanding of
where the world of identity and security is going. Please join us for a thought provoking, actionable discussion
on where we’ve come and where we are heading in the identity marketplace.
3 © 2015 CA. ALL RIGHTS RESERVED.
Our speaker
As Vice President of Security Marketing for CA Technologies, Michelle Waugh is responsible for go to market
strategy, messaging and positioning, and marketing execution for CA’s Identity and Access Management (IAM)
security solutions. In her leadership role, Michelle also represents CA on the Board of Trustees for Kantara
Institute, and as corporate member of the Cloud Security Alliance. She holds CISSP certification, and a Master’s
of Business Administration.
Michelle has more than 20 years’ experience in the enterprise software industry with 14+ years focusing on
security, including speaking at industry events and related forums on Security topics.
Prior to CA, Michelle held leadership positions in product management and marketing at various technology
companies including RSA Security and Polycom. When she isn’t working, Michelle spends her free time
travelling with family and friends, reading and designing jewelry.
@michellewaugh
4 © 2015 CA. ALL RIGHTS RESERVED.
Last Year’s Predictions – How did We Do?Bingo! In progress Nope – not yet
1 The Software-Defined, Open Enterprise Emerges
2 Hardware elements in mobile devices will become an increasingly important part of IAM
3 Lack of scalable identity proofing will continue to vex broader B2C/G2C deployments
4 Increased usage of Bring Your Own ID (BYOID), especially for B2C
5 Legislation will drive increased merging of compliance and risk management initiatives
6 The CMO will become a new force for broad identity management initiatives
7 Risk-based authentication expands beyond Financial Services
© 2015 CA. ALL RIGHTS RESERVED.
5 © 2015 CA. ALL RIGHTS RESERVED.
Last Year’s Predictions – How did We Do?Bingo! In progress Nope – not yet
The Software-Defined, Open Enterprise Emerges
2 Hardware elements in mobile devices will become an increasingly important part of IAM
3 Lack of scalable identity proofing will continue to vex broader B2C/G2C deployments
4 Increased usage of Bring Your Own ID (BYOID), especially for B2C
5 Legislation will drive increased merging of compliance and risk management initiatives
6 The CMO will become a new force for broad identity management initiatives
7 Risk-based authentication expands beyond Financial Services
The movement toward exposing APIs to developer communities will strengthen as organizations realize that this is the most viable way to accelerate application delivery.
79% of companies open access to their APIs to customers, partners or suppliers. Inflexible security is viewed as being the top obstacle to becoming more effective in the application economy.
Ponemon Institute Survey, 2014© 2015 CA. ALL RIGHTS RESERVED.
6 © 2015 CA. ALL RIGHTS RESERVED.
Last Year’s Predictions – How did We Do?Bingo! In progress Nope – not yet
The Software-Defined, Open Enterprise Emerges
Hardware elements in mobile devices will become an increasingly important part of IAM
3 Lack of scalable identity proofing will continue to vex broader B2C/G2C deployments
4 Increased usage of Bring Your Own ID (BYOID), especially for B2C
5 Legislation will drive increased merging of compliance and risk management initiatives
6 The CMO will become a new force for broad identity management initiatives
7 Risk-based authentication expands beyond Financial Services
Device manufacturers will build security systems, such as Samsung Knox, into their mobile devices in order to help provide secure ways to separate corporate and personal data and applications.
In the past year, 24 mobile device models have adopted Samsung Knox security.
© 2015 CA. ALL RIGHTS RESERVED.
7 © 2015 CA. ALL RIGHTS RESERVED.
Last Year’s Predictions – How did We Do?Bingo! In progress Nope – not yet
The Software-Defined, Open Enterprise Emerges
Hardware elements in mobile devices will become an increasingly important part of IAM
Lack of scalable identity proofing will continue to vex broader B2C/G2C deployments
4 Increased usage of Bring Your Own ID (BYOID), especially for B2C
5 Legislation will drive increased merging of compliance and risk management initiatives
6 The CMO will become a new force for broad identity management initiatives
7 Risk-based authentication expands beyond Financial Services
As more and more users enroll in online services, demand for identity proofing services will increase significantly, but organizations will continue to experience identity proofing challenges.
By 2016, 50% of enterprises who now rely on KBA (knowledge-based authentication) based on public-aggregated data will no longer use that solution due to high failure rates.
http://bit.ly/1BCetmz © 2015 CA. ALL RIGHTS RESERVED.
8 © 2015 CA. ALL RIGHTS RESERVED.
Last Year’s Predictions – How did We Do?Bingo! In progress Nope – not yet
The Software-Defined, Open Enterprise Emerges
Hardware elements in mobile devices will become an increasingly important part of IAM
Lack of scalable identity proofing will continue to vex broader B2C/G2C deployments
Increased usage of Bring Your Own ID (BYOID), especially for B2C
5 Legislation will drive increased merging of compliance and risk management initiatives
6 The CMO will become a new force for broad identity management initiatives
7 Risk-based authentication expands beyond Financial Services
In 2014, we will continue to see broader adoption of BYOID for consumer-oriented scenarios as organizations seek to reduce customer acquisition costs and simplify the user experience.
50% of IT respondents and 79% of business respondents have high interest in BYOID for their website user populations.
Ponemon Institute Survey, 2014© 2015 CA. ALL RIGHTS RESERVED.
9 © 2015 CA. ALL RIGHTS RESERVED.
Last Year’s Predictions – How did We Do?Bingo! In progress Nope – not yet
The Software-Defined, Open Enterprise Emerges
Hardware elements in mobile devices will become an increasingly important part of IAM
Lack of scalable identity proofing will continue to vex broader B2C/G2C deployments
Increased usage of Bring Your Own ID (BYOID), especially for B2C
Legislation will drive increased merging of compliance and risk management initiatives
6 The CMO will become a new force for broad identity management initiatives
7 Risk-based authentication expands beyond Financial Services
New regulatory measures –especially in the healthcare (ACA) and financial services sectors – will drive the need for additional compliance funding.
Recent regulations/ executive orders:
Executive Order: Improving the Security of Consumer Financial Transactions (Oct, 2014)
NIST Cybersecurity Framework Update (Feb, 2014)
© 2015 CA. ALL RIGHTS RESERVED.
10 © 2015 CA. ALL RIGHTS RESERVED.
Last Year’s Predictions – How did We Do?Bingo! In progress Nope – not yet
The Software-Defined, Open Enterprise Emerges
Hardware elements in mobile devices will become an increasingly important part of IAM
Lack of scalable identity proofing will continue to vex broader B2C/G2C deployments
Increased usage of Bring Your Own ID (BYOID), especially for B2C
Legislation will drive increased merging of compliance and risk management initiatives
The CMO will become a new force for broad identity management initiatives
7 Risk-based authentication expands beyond Financial Services
CMOs need to provide a simple user experience, and capture consumer info to help engage with customers across their lifecycle. Support for social login as an initial authentication method will continue to grow so as to simplify customer acquisition.
18% of organizations report that customer identities are owned by the sales/marketing group, and 76% of business users in these organizations report that this helps them “improve the effectiveness of marketing activities”.
Ponemon Institute Survey, 2014© 2015 CA. ALL RIGHTS RESERVED.
11 © 2015 CA. ALL RIGHTS RESERVED.
Last Year’s Predictions – How did We Do?Bingo! In progress Nope – not yet
The Software-Defined, Open Enterprise Emerges
Hardware elements in mobile devices will become an increasingly important part of IAM
Lack of scalable identity proofing will continue to vex broader B2C/G2C deployments
Increased usage of Bring Your Own ID (BYOID), especially for B2C
Legislation will drive increased merging of compliance and risk management initiatives
The CMO will become a new force for broad identity management initiatives
Risk-based authentication expands beyond Financial Services
Risk-based, contextual user authentication will be used more widely outside Financial Services as the need for stronger user authentication expands.
By year-end 2017, more than 30% of organizations will use contextual, adaptive techniques for workforce remote access, up from less than 5% today.
Ponemon Institute Survey, 2014© 2015 CA. ALL RIGHTS RESERVED.
12 © 2015 CA. ALL RIGHTS RESERVED.
Mega-TrendThe Application Economy takes hold
APIS ARE HOW YOU CONNECT DATA &
APPLICATIONS
IDENTITY IS HOW YOU PROTECT ACCESS TO
DATA & APPLICATIONS
API
Developer Communities
Customers
Partners/Divisions
Employees/Contractors
Desktop / Web
Mobile / loT
Cloud Services
On-Premise
13 © 2015 CA. ALL RIGHTS RESERVED.
Increasingly public breaches will cause shift from identity mgt to identity access security
PREDICTION #1
Recent breaches (Target, SONY, Lowe’s)
have IT executives running scared. As
the financial & reputational damage of
a breach increases, they will be
increasing their security budgets to
increase their controls over systems,
data, and insider actions.
70% of Companies Report a Security Breach in Last 12 Months
Source: Ponemon Institute (Jul 2014) Source: Ponemon Institute (Jul, 2014)
Security budgets will increase
in the next 3 years39%
REPORT: Cybercrime costs US $12.7M a yearThe cost of attacks on large companies is up by 10 percent Source: Ponemon Instituite (Jul, 2014)
Average company now compromised every four days, with no end to the cybercrime wave in sight.(source: http://zd.net/17eEW09)
Summary: Phishing, denial-of-service and virus attacks are now a standard part of doing business for most organizations.
© 2015 CA. ALL RIGHTS RESERVED.
14 © 2015 CA. ALL RIGHTS RESERVED.
The rise of the Application Economy will drive the need for an “identity dial-tone” to span all apps, helping to accelerate new app deployment
PREDICTION #2
There will be an Increased need for
universal access to identity information
across the enterprise. Apps of all kinds
will need easy access to identity &
entitlement info, and it will increasingly
be available thru identity system APIs. A
common “identity dial-tone” will help
simplify app development, and spur new
innovative initiatives.
Identity “dial-tone”
Employees Customers Partners
Cloud Apps Mobile Apps On-Prem Apps
© 2015 CA. ALL RIGHTS RESERVED.
15 © 2015 CA. ALL RIGHTS RESERVED.
Universal authentication comes to your pocket or purse
PREDICTION #3
There will be increased focus on authentication,
driven by factors such as President Obama’s
executive order (for multi-factor authentication),
chip and pin technology, etc. Many authentication
trends will begin to converge – biometrics,
geolocation, context, etc. Organizations will strive
for “zero-touch authentication” to deliver as near
a password-free experience for their customers
and employees as possible. Increasingly, the
phone will be used as a universal authenticator.
Device as universal authenticator
Passwords
Conduct a transaction
Control a connected device (eg open a door)
Connect to an app
© 2015 CA. ALL RIGHTS RESERVED.
16 © 2015 CA. ALL RIGHTS RESERVED.
Mobility & IoT drives the emergence of API-first architectures
PREDICTION #4
Apps (esp mobile apps) need to have
reduced delivery times. But, traditional
middleware is heavy and difficult to use
to build these apps on. The rise of mobile
and IoT will drive a move towards lighter-
weight, API-first architectures in order to
more easily connect these (and other
devices) into the digital ecosystem.
APIs
LIGHTER-WEIGHT, API-BASED ARCHITECTURES
Developers
Customers
Employees
CloudServices
On-Premise
Web Mobile loT
IDENTITIES DEVICE TYPES APP TYPES
Today there are 1.5 connected devices per person in the world. By 2020, there will be 8 devices per person
Source: http://bit.ly/1a7jr2i
Biztech Magazine
© 2015 CA. ALL RIGHTS RESERVED.
17 © 2015 CA. ALL RIGHTS RESERVED.
Increased board visibility into corporate security strategy
PREDICTION #5
Corporate executives & boards will be
increasingly held accountable for
breaches that damage their corporate
brand, so their level of involvement in
security strategy will increase. Security
will shift from an “IT problem” to an
“Executive problem”. Concerns over
“denial of business” (DoB) will drive
increased Board oversight.
See: http://onforb.es/13MB44Z
Identify
Protect
DetectRespond
Recover
Security Strategy & Infrastructure(example: NIST Cybersecurity Infrastructure)
Corporate & Customer Info
Board
18 © 2015 CA. ALL RIGHTS RESERVED.
Teaser! – Survey Results Coming Soon in late JanuaryWe will present the results of an extensive global survey done by Vanson Bourne with 1,425 senior IT and business leaders on key issues related to security and the application economy.
Visit rewrite.ca.com in late Jan for more details
How is the App Economy changing Security?
What is the difference between a Leader and Laggard in their Security deployments?
Does Security help you enable business in addition to protecting it?
What are the top Security priorities?
How do Leaders gain significantly more benefits from Security than Laggards?
What is the impact of mobility on your Security strategy?
19 © 2015 CA. ALL RIGHTS RESERVED.
For More Information
To learn more about CA Security solutions,
please visit:
http://bit.ly/10WHYDm
Insert appropriate screenshot and text overlayfrom following “More Info Graphics” slide here;
ensure it links to correct pageSecurity
20 © 2015 CA. ALL RIGHTS RESERVED.
Legal Notice
Copyright © 2015 All rights reserved. All trademarks, trade names, service marks and logos referenced herein belong to their respective companies.
No unauthorized use, copying or distribution permitted.
THIS PRESENTATION IS FOR YOUR INFORMATIONAL PURPOSES ONLY. CA assumes no responsibility for the accuracy or completeness of the
information. TO THE EXTENT PERMITTED BY APPLICABLE LAW, CA PROVIDES THIS DOCUMENT “AS IS” WITHOUT WARRANTY OF ANY KIND,
INCLUDING, WITHOUT LIMITATION, ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR
NONINFRINGEMENT. In no event will CA be liable for any loss or damage, direct or indirect, in connection with this presentation, including, without
limitation, lost profits, lost investment, business interruption, goodwill, or lost data, even if CA is expressly advised of the possibility of such damages.