CA Technologies Predictions for Identity Management in 2015 – The Application Economy Takes Hold

CA Technologies Predictions for Identity Management in 2015 –

The Application Economy Takes Hold

Michelle Waugh

Vice President, CA Technologies

January, 2015

@michellewaugh

2 © 2015 CA. ALL RIGHTS RESERVED.

Abstract of this session

The stunning rise of cloud, mobile, social, and the internet of things (IoT) has created the new Open Enterprise

and is the driving force behind the application economy, which is real and here now. The application economy

has transformed the way we do business, and our security practices also need to evolve in order to adapt to

this new reality.

As 2015 starts out, it’s time to review which important trends have emerged or shifted in the last year, and

predict what we expect will happen in the world of identity , access, and API management in the coming year.

These predictions from CA Technologies are based on gathering thoughts and ideas from many practitioners

and industry experts, and synthesizing them down to a key set of insights that provide a clear understanding of

where the world of identity and security is going. Please join us for a thought provoking, actionable discussion

on where we’ve come and where we are heading in the identity marketplace.


Our speaker

As Vice President of Security Marketing for CA Technologies, Michelle Waugh is responsible for go to market

strategy, messaging and positioning, and marketing execution for CA’s Identity and Access Management (IAM)

security solutions. In her leadership role, Michelle also represents CA on the Board of Trustees for Kantara

Institute, and as corporate member of the Cloud Security Alliance. She holds CISSP certification, and a Master’s

of Business Administration.

Michelle has more than 20 years’ experience in the enterprise software industry with 14+ years focusing on

security, including speaking at industry events and related forums on Security topics.

Prior to CA, Michelle held leadership positions in product management and marketing at various technology

companies including RSA Security and Polycom. When she isn’t working, Michelle spends her free time

travelling with family and friends, reading and designing jewelry.

@michellewaugh


Last Year’s Predictions – How did We Do?Bingo! In progress Nope – not yet

1 The Software-Defined, Open Enterprise Emerges

2 Hardware elements in mobile devices will become an increasingly important part of IAM

3 Lack of scalable identity proofing will continue to vex broader B2C/G2C deployments

4 Increased usage of Bring Your Own ID (BYOID), especially for B2C

5 Legislation will drive increased merging of compliance and risk management initiatives

6 The CMO will become a new force for broad identity management initiatives

7 Risk-based authentication expands beyond Financial Services

© 2015 CA. ALL RIGHTS RESERVED.



The Software-Defined, Open Enterprise Emerges

2 Hardware elements in mobile devices will become an increasingly important part of IAM






The movement toward exposing APIs to developer communities will strengthen as organizations realize that this is the most viable way to accelerate application delivery.

79% of companies open access to their APIs to customers, partners or suppliers. Inflexible security is viewed as being the top obstacle to becoming more effective in the application economy.

Ponemon Institute Survey, 2014© 2015 CA. ALL RIGHTS RESERVED.




Hardware elements in mobile devices will become an increasingly important part of IAM






Device manufacturers will build security systems, such as Samsung Knox, into their mobile devices in order to help provide secure ways to separate corporate and personal data and applications.

In the past year, 24 mobile device models have adopted Samsung Knox security.






Lack of scalable identity proofing will continue to vex broader B2C/G2C deployments





As more and more users enroll in online services, demand for identity proofing services will increase significantly, but organizations will continue to experience identity proofing challenges.

By 2016, 50% of enterprises who now rely on KBA (knowledge-based authentication) based on public-aggregated data will no longer use that solution due to high failure rates.

http://bit.ly/1BCetmz © 2015 CA. ALL RIGHTS RESERVED.






Increased usage of Bring Your Own ID (BYOID), especially for B2C




In 2014, we will continue to see broader adoption of BYOID for consumer-oriented scenarios as organizations seek to reduce customer acquisition costs and simplify the user experience.

50% of IT respondents and 79% of business respondents have high interest in BYOID for their website user populations.








Legislation will drive increased merging of compliance and risk management initiatives



New regulatory measures –especially in the healthcare (ACA) and financial services sectors – will drive the need for additional compliance funding.

Recent regulations/ executive orders:

Executive Order: Improving the Security of Consumer Financial Transactions (Oct, 2014)

NIST Cybersecurity Framework Update (Feb, 2014)









The CMO will become a new force for broad identity management initiatives


CMOs need to provide a simple user experience, and capture consumer info to help engage with customers across their lifecycle. Support for social login as an initial authentication method will continue to grow so as to simplify customer acquisition.

18% of organizations report that customer identities are owned by the sales/marketing group, and 76% of business users in these organizations report that this helps them “improve the effectiveness of marketing activities”.









The CMO will become a new force for broad identity management initiatives

Risk-based authentication expands beyond Financial Services

Risk-based, contextual user authentication will be used more widely outside Financial Services as the need for stronger user authentication expands.

By year-end 2017, more than 30% of organizations will use contextual, adaptive techniques for workforce remote access, up from less than 5% today.



Mega-TrendThe Application Economy takes hold

APIS ARE HOW YOU CONNECT DATA &

APPLICATIONS

IDENTITY IS HOW YOU PROTECT ACCESS TO

DATA & APPLICATIONS

API

Developer Communities

Customers

Partners/Divisions

Employees/Contractors

Desktop / Web

Mobile / loT

Cloud Services

On-Premise


Increasingly public breaches will cause shift from identity mgt to identity access security

PREDICTION #1

Recent breaches (Target, SONY, Lowe’s)

have IT executives running scared. As

the financial & reputational damage of

a breach increases, they will be

increasing their security budgets to

increase their controls over systems,

data, and insider actions.

70% of Companies Report a Security Breach in Last 12 Months

Source: Ponemon Institute (Jul 2014) Source: Ponemon Institute (Jul, 2014)

Security budgets will increase

in the next 3 years39%

REPORT: Cybercrime costs US $12.7M a yearThe cost of attacks on large companies is up by 10 percent Source: Ponemon Instituite (Jul, 2014)

Average company now compromised every four days, with no end to the cybercrime wave in sight.(source: http://zd.net/17eEW09)

Summary: Phishing, denial-of-service and virus attacks are now a standard part of doing business for most organizations.



The rise of the Application Economy will drive the need for an “identity dial-tone” to span all apps, helping to accelerate new app deployment

PREDICTION #2

There will be an Increased need for

universal access to identity information

across the enterprise. Apps of all kinds

will need easy access to identity &

entitlement info, and it will increasingly

be available thru identity system APIs. A

common “identity dial-tone” will help

simplify app development, and spur new

innovative initiatives.

Identity “dial-tone”

Employees Customers Partners

Cloud Apps Mobile Apps On-Prem Apps



Universal authentication comes to your pocket or purse

PREDICTION #3

There will be increased focus on authentication,

driven by factors such as President Obama’s

executive order (for multi-factor authentication),

chip and pin technology, etc. Many authentication

trends will begin to converge – biometrics,

geolocation, context, etc. Organizations will strive

for “zero-touch authentication” to deliver as near

a password-free experience for their customers

and employees as possible. Increasingly, the

phone will be used as a universal authenticator.

Device as universal authenticator

Passwords

Conduct a transaction

Control a connected device (eg open a door)

Connect to an app



Mobility & IoT drives the emergence of API-first architectures

PREDICTION #4

Apps (esp mobile apps) need to have

reduced delivery times. But, traditional

middleware is heavy and difficult to use

to build these apps on. The rise of mobile

and IoT will drive a move towards lighter-

weight, API-first architectures in order to

more easily connect these (and other

devices) into the digital ecosystem.

APIs

LIGHTER-WEIGHT, API-BASED ARCHITECTURES

Developers

Customers

Employees

CloudServices

On-Premise

Web Mobile loT

IDENTITIES DEVICE TYPES APP TYPES

Today there are 1.5 connected devices per person in the world. By 2020, there will be 8 devices per person

Source: http://bit.ly/1a7jr2i

Biztech Magazine



Increased board visibility into corporate security strategy

PREDICTION #5

Corporate executives & boards will be

increasingly held accountable for

breaches that damage their corporate

brand, so their level of involvement in

security strategy will increase. Security

will shift from an “IT problem” to an

“Executive problem”. Concerns over

“denial of business” (DoB) will drive

increased Board oversight.

See: http://onforb.es/13MB44Z

Identify

Protect

DetectRespond

Recover

Security Strategy & Infrastructure(example: NIST Cybersecurity Infrastructure)

Corporate & Customer Info

Board


Teaser! – Survey Results Coming Soon in late JanuaryWe will present the results of an extensive global survey done by Vanson Bourne with 1,425 senior IT and business leaders on key issues related to security and the application economy.

Visit rewrite.ca.com in late Jan for more details

How is the App Economy changing Security?

What is the difference between a Leader and Laggard in their Security deployments?

Does Security help you enable business in addition to protecting it?

What are the top Security priorities?

How do Leaders gain significantly more benefits from Security than Laggards?

What is the impact of mobility on your Security strategy?

http://bit.ly/17EdGce


For More Information

To learn more about CA Security solutions,

please visit:

http://bit.ly/10WHYDm

Insert appropriate screenshot and text overlayfrom following “More Info Graphics” slide here;

ensure it links to correct pageSecurity






Legal Notice

Copyright © 2015 All rights reserved. All trademarks, trade names, service marks and logos referenced herein belong to their respective companies.

No unauthorized use, copying or distribution permitted.

THIS PRESENTATION IS FOR YOUR INFORMATIONAL PURPOSES ONLY. CA assumes no responsibility for the accuracy or completeness of the

information. TO THE EXTENT PERMITTED BY APPLICABLE LAW, CA PROVIDES THIS DOCUMENT “AS IS” WITHOUT WARRANTY OF ANY KIND,

INCLUDING, WITHOUT LIMITATION, ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR

NONINFRINGEMENT. In no event will CA be liable for any loss or damage, direct or indirect, in connection with this presentation, including, without

limitation, lost profits, lost investment, business interruption, goodwill, or lost data, even if CA is expressly advised of the possibility of such damages.

Date post:	14-Jul-2015
Category:	Technology
Upload:	ca-technologies
View:	509 times
Download:	2 times

CA Technologies Predictions for Identity Management in 2015 – The Application Economy Takes Hold

Technology