SlideShare une entreprise Scribd logo

KuppingerCole CIWUSA17 - Chaining Identity Blocks to boost your UX and KYC strategies

Jean-François LOMBARDO
Jean-François LOMBARDO

Presentation to Kuppinger Cole event at Seattle (September 2017) on CIAM strategy through chaining of identity blocks

Technologie
1  sur  37
Chaining identity blocks to boost your UX and KYC strategies
12 years of expertise in IAM 35+ projects:  Strong Authentication,  Identity Management,  Access Governance,  Information Protection. Proud member of a versatile team of 25+ expert consultants ready for innovation To keep in touch https://twitter.com/IdentityMonk https://ca.linkedin.com/in/jflombardo Chaining identity blocks to boost your UX and KYC strategies
“Engineering is not the art of building devices; it’s the art of fixing problems.” - Yonatan Zunger "I checked it very thoroughly," said the computer, "and that quite definitely is the answer. I think the problem, to be quite honest with you, is that you've never actually known what the question is.” ― Douglas Adams, H2G2
Employee Partner Customer Powers the core business Sustains the core business Benefits from the core business
Employee Partner Customer Ambassador of my Brand Favored for using my Brand Strategic to my Brand Strategic to its Brand Join for the love of my Brand Influence for the love of my Brand
Things can act as any of them Employee Partner Customer Ambassador of my Brand Favored for using my Brand Strategic to my Brand Strategic to its Brand Join for the love of my Brand Influence for the love of my Brand
Goals of Customer-IAM Better User Experience Efficiency Cost Governance  One set of credentials  Single Sign-on first  Backup/step-up mechanisms if necessary  Reduce support calls for access requests  Reduce support calls for credentials loss/forgetting  One place to know who accesses what  Easy to onboard new services and new users  Better insights for better improvements  Cross device consistent Privacy  Consent to use data  Protection of data  Control and traceability of usage of data
Goals of Employee-IAM Better User Experience Efficiency Cost Governance  One set of credentials  Single Sign-on first  Backup/step-up mechanisms if necessary  Reduce support calls for access requests  Reduce support calls for credentials loss/forgetting  One place to know who accesses what  Easy to onboard new services and new users  Better insights for better improvements  Cross device consistent Privacy  Consent to use data  Protection of data  Control and traceability of usage of data
Two worlds that reflect almost completely…
Employee Identity & Credential Management Employee Access Management Corporate Services & Applications How did we solve this?
Employee Identity & Credential Management Corporate Services & Applications Partner Identity & Credential Management Employee and Partner Access Management How did we solve this?
Employee Identity & Credential Management Employee and Partner Access Management Corporate Services & Applications Partner Identity & Credential Management Customer Services & Applications Siloed Customer Access Management Siloed Identity & Credential Management
How we really solved this
More than one set of credentials SSO is difficult SSO is not possible More than one place to know who accesses what Application on-boarding is specific and costly Integration costs are repeated Can we stay like that?
No difference between applications and services Identity chaining Only one recipe for integration Use standards and APIs One Access Manager acts as Access Broker Only one place to know who accesses what One role model to control access to applications and permissions Each population has one set of credentials Specific integration is on the last mile Use standards according to context
Can we do even better? Partners are employees of their own company… Customers are more than individuals and are employees of their own company… 1 2
https://www.facebook.com/SeeMeDesign
Identity Chaining (Meshed) My individual customers through Social Login My strategic customer through delegation My strategic partner through delegation Partners of my strategic partner integration Bi-directional relationship
Contractualized: • To seal a trust relationship and SLAs • To make each partner accountable • To match assurance level (e.g. NIST 800-63-3) • To comply with regulations (GDPR) 3 3 pillars of success Built on top of APIs & standards: OIDC, OAuth 2.0, SAML 2.0, SCIM (+PAM ext.) 1 Oriented towards operating costs and risks reduction 2
What do we gain?
UX gains from Identity Chaining Enable Bring Your Own Identity strategy… User are created/updated based on user data at authoritative link Consent is mandatory for any data brought in/sent out our broker Progressive profile can be easily enforced based on services & applications accessed
UX gains from Identity Chaining Each party can contribute to… …or transform… …with dynamic data transformation… …or map the information
UX gains from Identity Chaining Step-up can still be enforced as close as possible to our services & applications For efficient step-up methods and policies use SP800-63-3 (AAL, FAL) … with “Bring Your Own Token” Authentication is carried out as close as possible to the user
KYC gains from Identity Chaining A good starter for Identity Relationship Management… … and complex Cross-Tenancy scenarii Easy to enable Account Linking A central repository for all possible customer types
A corner stone to the Customer lake CRM License Lifecycle Who is entitled to what? Who uses what? Billing KYC gains from Identity Chaining BI / Marketing Order management Who accesses through what?
Privacy gains from Identity Chaining Central PII and consent management (UMA) Traceability on acquisition and usage Consent is mandatory for any data brought in/sent out our broker Receipt in case of control/audit Central protection of PII and consent within customer lake API oriented for CRUD operations upon consent and scope Prevent PII storage at services / applications
Be ready for ripples GDPR is just a first step… Russia Data Privacy Laws are operational Australia Data Privacy Laws are operational <Insert your country> Data Laws are coming China Data Privacy Laws are drafted
That centrally govern different type of actors and their data Whom we empower by giving them choices and consent control In order to enhance our Business, Security and Compliance Chaining of Identity Blocks: a simple model and strategy
Centralized Federated Christopher Allen, stages of online identity http://www.lifewithalacrity.com User Centric Self Sovereign User control Low High LowHigh Portability
Centralized Federated User Centric Self Sovereign User control Low High LowHigh Portability Based on Christopher Allen, stages of online identity http://www.lifewithalacrity.com What you considered too obsolete and did not capitalize on What you hoped to see and what Blockchain hopes to solve
User control Low High LowHigh Portability User Centric Self Sovereign Centralized Federated Based on Christopher Allen, stages of online identity http://www.lifewithalacrity.com Need Decentralization What you considered too obsolete and did not capitalize on What you hoped to see and what Blockchain hopes to solve Need Trust
David Birch, Director of Consult Hyperion: • Blockchain is not for storing digital ID • Still an issue for managing the private key • Should be managed by trusted party (e.g. Banks) http://dutchblockchainconference.com/2016/06/20/david-birch-hyperion/ Steve Wilson, VP Constellation Research • There is no ID in the blockchain • An intermediary is still needed • See project MDAV for CCICADA https://www.youtube.com/watch?v=dzetCrresXM
User control Low High LowHigh Portability User Centric Self Sovereign Centralized Federated Based on Christopher Allen, stages of online identity http://www.lifewithalacrity.com Need Decentralization What you considered too obsolete and did not capitalize on What you hoped to see and what Blockchain hopes to solve Need Trust Meshed Controlled via: Linking of accounts Consent to share Portable through the Trust framework …
Frédéric Parthenais VP Consulting and Sales fparthenais@facilite.com +1 514-262-2328 Jean-François Lombardo Digital Identity Principal Director jflombardo@facilite.com +1 514-778-5565 Put on your CIAM strategy with those badges (on us)

Recommandé

IdentityNorth Montreal - Furture Proof your Digital Identity strategy
IdentityNorth Montreal - Furture Proof your Digital Identity strategyIdentityNorth Montreal - Furture Proof your Digital Identity strategy
IdentityNorth Montreal - Furture Proof your Digital Identity strategy
Jean-François LOMBARDO
 
Con 8810 who should have access to what - final
Con 8810 who should have access to what - finalCon 8810 who should have access to what - final
Con 8810 who should have access to what - final
OracleIDM
 
Crypto Valley Conference 2019 - CULedger
Crypto Valley Conference 2019 - CULedgerCrypto Valley Conference 2019 - CULedger
Crypto Valley Conference 2019 - CULedger
Darrell O'Donnell
 
Direct id v3, lendit, clean
Direct id v3, lendit, cleanDirect id v3, lendit, clean
Direct id v3, lendit, clean
James Varga
 
Growing Cloud Identity Crisis: Survey Report on Cloud-Based Solutions for Ide...
Growing Cloud Identity Crisis: Survey Report on Cloud-Based Solutions for Ide...Growing Cloud Identity Crisis: Survey Report on Cloud-Based Solutions for Ide...
Growing Cloud Identity Crisis: Survey Report on Cloud-Based Solutions for Ide...
CloudEntr
 
Identity Platform Use Cases
Identity Platform Use CasesIdentity Platform Use Cases
Identity Platform Use Cases
Ubisecure
 
Optimizing E Lending
Optimizing E LendingOptimizing E Lending
Optimizing E Lending
jfrantz
 
PCI FAQs and Myths - BluePay
PCI FAQs and Myths - BluePayPCI FAQs and Myths - BluePay
PCI FAQs and Myths - BluePay
BluePayProcessing
 

Recommandé

IdentityNorth Montreal - Furture Proof your Digital Identity strategy
IdentityNorth Montreal - Furture Proof your Digital Identity strategyIdentityNorth Montreal - Furture Proof your Digital Identity strategy
IdentityNorth Montreal - Furture Proof your Digital Identity strategy
Jean-François LOMBARDO
 
Con 8810 who should have access to what - final
Con 8810 who should have access to what - finalCon 8810 who should have access to what - final
Con 8810 who should have access to what - final
OracleIDM
 
Crypto Valley Conference 2019 - CULedger
Crypto Valley Conference 2019 - CULedgerCrypto Valley Conference 2019 - CULedger
Crypto Valley Conference 2019 - CULedger
Darrell O'Donnell
 
Direct id v3, lendit, clean
Direct id v3, lendit, cleanDirect id v3, lendit, clean
Direct id v3, lendit, clean
James Varga
 
Growing Cloud Identity Crisis: Survey Report on Cloud-Based Solutions for Ide...
Growing Cloud Identity Crisis: Survey Report on Cloud-Based Solutions for Ide...Growing Cloud Identity Crisis: Survey Report on Cloud-Based Solutions for Ide...
Growing Cloud Identity Crisis: Survey Report on Cloud-Based Solutions for Ide...
CloudEntr
 
Identity Platform Use Cases
Identity Platform Use CasesIdentity Platform Use Cases
Identity Platform Use Cases
Ubisecure
 
Optimizing E Lending
Optimizing E LendingOptimizing E Lending
Optimizing E Lending
jfrantz
 
PCI FAQs and Myths - BluePay
PCI FAQs and Myths - BluePayPCI FAQs and Myths - BluePay
PCI FAQs and Myths - BluePay
BluePayProcessing
 
Paradigm Transformation: Paper Based Operations to Paper Less Environment
Paradigm Transformation: Paper Based Operations to Paper Less EnvironmentParadigm Transformation: Paper Based Operations to Paper Less Environment
Paradigm Transformation: Paper Based Operations to Paper Less Environment
Pavan Kumar Vijay
 
Bazaarvoice 3M Detailed Case Study from Summit 2014
Bazaarvoice 3M Detailed Case Study from Summit 2014Bazaarvoice 3M Detailed Case Study from Summit 2014
Bazaarvoice 3M Detailed Case Study from Summit 2014
Brett Hurt
 
Forefront Identity Manager 2010 (Av Rune Lystad)
Forefront Identity Manager 2010 (Av Rune Lystad)Forefront Identity Manager 2010 (Av Rune Lystad)
Forefront Identity Manager 2010 (Av Rune Lystad)
Microsoft Norge AS
 
Introducing: Powered by Avant and AvantVerify
Introducing: Powered by Avant and AvantVerify Introducing: Powered by Avant and AvantVerify
Introducing: Powered by Avant and AvantVerify
Kevin Lewis
 
2012 1 wp securit trustbuilder two-factor authentication
2012 1 wp securit trustbuilder two-factor authentication2012 1 wp securit trustbuilder two-factor authentication
2012 1 wp securit trustbuilder two-factor authentication
Hai Nguyen
 
Identity Data & Credential Self-Service
Identity Data & Credential Self-ServiceIdentity Data & Credential Self-Service
Identity Data & Credential Self-Service
Ubisecure
 
Mobile payment solutions pp.
Mobile payment solutions pp. Mobile payment solutions pp.
Mobile payment solutions pp.
Gary Diego
 
Cybersecurity Leadership Forum - Cincinnati
Cybersecurity Leadership Forum - CincinnatiCybersecurity Leadership Forum - Cincinnati
Cybersecurity Leadership Forum - Cincinnati
Identity Defined Security Alliance
 
Denver ISSA Chapter Meetings - Changing the Security Paradigm
Denver ISSA Chapter Meetings - Changing the Security ParadigmDenver ISSA Chapter Meetings - Changing the Security Paradigm
Denver ISSA Chapter Meetings - Changing the Security Paradigm
Identity Defined Security Alliance
 
CCM_WP-9-8-16-v10__MT_GP_Final
CCM_WP-9-8-16-v10__MT_GP_FinalCCM_WP-9-8-16-v10__MT_GP_Final
CCM_WP-9-8-16-v10__MT_GP_Final
Greg Posten
 
Exclusive Disability Leads
Exclusive Disability LeadsExclusive Disability Leads
Exclusive Disability Leads
alphalead14
 
Just Enough Authentication
Just Enough AuthenticationJust Enough Authentication
Just Enough Authentication
ForgeRock Identity Tech Talks
 
Sasfin 092017
Sasfin 092017Sasfin 092017
Sasfin 092017
Colin Timmis
 
SAML VS OAuth 2.0 VS OpenID Connect
SAML VS OAuth 2.0 VS OpenID ConnectSAML VS OAuth 2.0 VS OpenID Connect
SAML VS OAuth 2.0 VS OpenID Connect
Ubisecure
 
eBay - OpenID Retail Summit at PayPal
eBay - OpenID Retail Summit at PayPaleBay - OpenID Retail Summit at PayPal
eBay - OpenID Retail Summit at PayPal
Ashish Jain
 
Corporate Ppt Tim Osborne
Corporate Ppt Tim OsborneCorporate Ppt Tim Osborne
Corporate Ppt Tim Osborne
otimo55
 
Heartlandpaymentsystemspresentation vinay patel - linked in
Heartlandpaymentsystemspresentation vinay patel - linked inHeartlandpaymentsystemspresentation vinay patel - linked in
Heartlandpaymentsystemspresentation vinay patel - linked in
Vinay Patel
 
SOA for Data Management
SOA for Data ManagementSOA for Data Management
SOA for Data Management
Richard Veryard
 
Event Management Solution Demo
Event Management Solution DemoEvent Management Solution Demo
Event Management Solution Demo
Rick Borry
 
Guide to MFA
Guide to MFAGuide to MFA
Guide to MFA
Jack Forbes
 
Risk Aware IAM for an Insecure World
Risk Aware IAM for an Insecure WorldRisk Aware IAM for an Insecure World
Risk Aware IAM for an Insecure World
Forte Advisory, Inc.
 
Compliance & Identity access management
Compliance & Identity access management Compliance & Identity access management
Compliance & Identity access management
Prof. Jacques Folon (Ph.D)
 

Contenu connexe

Tendances

Paradigm Transformation: Paper Based Operations to Paper Less Environment
Paradigm Transformation: Paper Based Operations to Paper Less EnvironmentParadigm Transformation: Paper Based Operations to Paper Less Environment
Paradigm Transformation: Paper Based Operations to Paper Less Environment
Pavan Kumar Vijay
 
Bazaarvoice 3M Detailed Case Study from Summit 2014
Bazaarvoice 3M Detailed Case Study from Summit 2014Bazaarvoice 3M Detailed Case Study from Summit 2014
Bazaarvoice 3M Detailed Case Study from Summit 2014
Brett Hurt
 
Forefront Identity Manager 2010 (Av Rune Lystad)
Forefront Identity Manager 2010 (Av Rune Lystad)Forefront Identity Manager 2010 (Av Rune Lystad)
Forefront Identity Manager 2010 (Av Rune Lystad)
Microsoft Norge AS
 
2012 1 wp securit trustbuilder two-factor authentication
2012 1 wp securit trustbuilder two-factor authentication2012 1 wp securit trustbuilder two-factor authentication
2012 1 wp securit trustbuilder two-factor authentication
Hai Nguyen
 
Mobile payment solutions pp.
Mobile payment solutions pp. Mobile payment solutions pp.
Mobile payment solutions pp.
Gary Diego
 
Cybersecurity Leadership Forum - Cincinnati
Cybersecurity Leadership Forum - CincinnatiCybersecurity Leadership Forum - Cincinnati
Cybersecurity Leadership Forum - Cincinnati
Identity Defined Security Alliance
 
CCM_WP-9-8-16-v10__MT_GP_Final
CCM_WP-9-8-16-v10__MT_GP_FinalCCM_WP-9-8-16-v10__MT_GP_Final
CCM_WP-9-8-16-v10__MT_GP_Final
Greg Posten
 
Exclusive Disability Leads
Exclusive Disability LeadsExclusive Disability Leads
Exclusive Disability Leads
alphalead14
 
eBay - OpenID Retail Summit at PayPal
eBay - OpenID Retail Summit at PayPaleBay - OpenID Retail Summit at PayPal
eBay - OpenID Retail Summit at PayPal
Ashish Jain
 

Tendances (20)

Paradigm Transformation: Paper Based Operations to Paper Less Environment
Paradigm Transformation: Paper Based Operations to Paper Less EnvironmentParadigm Transformation: Paper Based Operations to Paper Less Environment
Paradigm Transformation: Paper Based Operations to Paper Less Environment
 
Bazaarvoice 3M Detailed Case Study from Summit 2014
Bazaarvoice 3M Detailed Case Study from Summit 2014Bazaarvoice 3M Detailed Case Study from Summit 2014
Bazaarvoice 3M Detailed Case Study from Summit 2014
 
Forefront Identity Manager 2010 (Av Rune Lystad)
Forefront Identity Manager 2010 (Av Rune Lystad)Forefront Identity Manager 2010 (Av Rune Lystad)
Forefront Identity Manager 2010 (Av Rune Lystad)
 
Introducing: Powered by Avant and AvantVerify
Introducing: Powered by Avant and AvantVerify Introducing: Powered by Avant and AvantVerify
Introducing: Powered by Avant and AvantVerify
 
2012 1 wp securit trustbuilder two-factor authentication
2012 1 wp securit trustbuilder two-factor authentication2012 1 wp securit trustbuilder two-factor authentication
2012 1 wp securit trustbuilder two-factor authentication
 
Identity Data & Credential Self-Service
Identity Data & Credential Self-ServiceIdentity Data & Credential Self-Service
Identity Data & Credential Self-Service
 
Mobile payment solutions pp.
Mobile payment solutions pp. Mobile payment solutions pp.
Mobile payment solutions pp.
 
Cybersecurity Leadership Forum - Cincinnati
Cybersecurity Leadership Forum - CincinnatiCybersecurity Leadership Forum - Cincinnati
Cybersecurity Leadership Forum - Cincinnati
 
Denver ISSA Chapter Meetings - Changing the Security Paradigm
Denver ISSA Chapter Meetings - Changing the Security ParadigmDenver ISSA Chapter Meetings - Changing the Security Paradigm
Denver ISSA Chapter Meetings - Changing the Security Paradigm
 
CCM_WP-9-8-16-v10__MT_GP_Final
CCM_WP-9-8-16-v10__MT_GP_FinalCCM_WP-9-8-16-v10__MT_GP_Final
CCM_WP-9-8-16-v10__MT_GP_Final
 
Exclusive Disability Leads
Exclusive Disability LeadsExclusive Disability Leads
Exclusive Disability Leads
 
Just Enough Authentication
Just Enough AuthenticationJust Enough Authentication
Just Enough Authentication
 
Sasfin 092017
Sasfin 092017Sasfin 092017
Sasfin 092017
 
SAML VS OAuth 2.0 VS OpenID Connect
SAML VS OAuth 2.0 VS OpenID ConnectSAML VS OAuth 2.0 VS OpenID Connect
SAML VS OAuth 2.0 VS OpenID Connect
 
eBay - OpenID Retail Summit at PayPal
eBay - OpenID Retail Summit at PayPaleBay - OpenID Retail Summit at PayPal
eBay - OpenID Retail Summit at PayPal
 
Corporate Ppt Tim Osborne
Corporate Ppt Tim OsborneCorporate Ppt Tim Osborne
Corporate Ppt Tim Osborne
 
Heartlandpaymentsystemspresentation vinay patel - linked in
Heartlandpaymentsystemspresentation vinay patel - linked inHeartlandpaymentsystemspresentation vinay patel - linked in
Heartlandpaymentsystemspresentation vinay patel - linked in
 
SOA for Data Management
SOA for Data ManagementSOA for Data Management
SOA for Data Management
 
Event Management Solution Demo
Event Management Solution DemoEvent Management Solution Demo
Event Management Solution Demo
 
Guide to MFA
Guide to MFAGuide to MFA
Guide to MFA
 

Similaire à KuppingerCole CIWUSA17 - Chaining Identity Blocks to boost your UX and KYC strategies

Modern Authentication – Turn a Losing Battle into a Winning Strategy, Robert ...
Modern Authentication – Turn a Losing Battle into a Winning Strategy, Robert ...Modern Authentication – Turn a Losing Battle into a Winning Strategy, Robert ...
Modern Authentication – Turn a Losing Battle into a Winning Strategy, Robert ...
Core Security
 
Identity Management as an Enabler for Digital Transformation
Identity Management as an Enabler for Digital TransformationIdentity Management as an Enabler for Digital Transformation
Identity Management as an Enabler for Digital Transformation
Carlos Sousa
 
How Cloud-Based Service Providers Can Integrate Strong Identity and Security
How Cloud-Based Service Providers Can Integrate Strong Identity and SecurityHow Cloud-Based Service Providers Can Integrate Strong Identity and Security
How Cloud-Based Service Providers Can Integrate Strong Identity and Security
GlobalSign
 
Securing the Digital Enterprise
Securing the Digital EnterpriseSecuring the Digital Enterprise
Securing the Digital Enterprise
Cybersecurity Education and Research Centre
 
Stop Treating Your Customers Like Your Employees (Ian Glazer, Salesforce)
Stop Treating Your Customers Like Your Employees (Ian Glazer, Salesforce)Stop Treating Your Customers Like Your Employees (Ian Glazer, Salesforce)
Stop Treating Your Customers Like Your Employees (Ian Glazer, Salesforce)
ForgeRock
 

Similaire à KuppingerCole CIWUSA17 - Chaining Identity Blocks to boost your UX and KYC strategies (20)

Risk Aware IAM for an Insecure World
Risk Aware IAM for an Insecure WorldRisk Aware IAM for an Insecure World
Risk Aware IAM for an Insecure World
 
Compliance & Identity access management
Compliance & Identity access management Compliance & Identity access management
Compliance & Identity access management
 
Building Your Roadmap Sucessful Identity And Access Management
Building Your Roadmap Sucessful Identity And Access ManagementBuilding Your Roadmap Sucessful Identity And Access Management
Building Your Roadmap Sucessful Identity And Access Management
 
Modern Authentication – Turn a Losing Battle into a Winning Strategy, Robert ...
Modern Authentication – Turn a Losing Battle into a Winning Strategy, Robert ...Modern Authentication – Turn a Losing Battle into a Winning Strategy, Robert ...
Modern Authentication – Turn a Losing Battle into a Winning Strategy, Robert ...
 
The Essence of Online ID Verification for Enhanced User Authentication.pdf
The Essence of Online ID Verification for Enhanced User Authentication.pdfThe Essence of Online ID Verification for Enhanced User Authentication.pdf
The Essence of Online ID Verification for Enhanced User Authentication.pdf
 
Identity Management: Risk Across The Enterprise
Identity Management: Risk Across The EnterpriseIdentity Management: Risk Across The Enterprise
Identity Management: Risk Across The Enterprise
 
Customer Story: Aire
Customer Story: Aire Customer Story: Aire
Customer Story: Aire
 
Smart Identity for the Hybrid Multicloud World
Smart Identity for the Hybrid Multicloud WorldSmart Identity for the Hybrid Multicloud World
Smart Identity for the Hybrid Multicloud World
 
A Simplified Guide to the Evolution of Authentication!
A Simplified Guide to the Evolution of Authentication!A Simplified Guide to the Evolution of Authentication!
A Simplified Guide to the Evolution of Authentication!
 
Identity Management as an Enabler for Digital Transformation
Identity Management as an Enabler for Digital TransformationIdentity Management as an Enabler for Digital Transformation
Identity Management as an Enabler for Digital Transformation
 
Trust Frameworks Explained
Trust Frameworks ExplainedTrust Frameworks Explained
Trust Frameworks Explained
 
How Cloud-Based Service Providers Can Integrate Strong Identity and Security
How Cloud-Based Service Providers Can Integrate Strong Identity and SecurityHow Cloud-Based Service Providers Can Integrate Strong Identity and Security
How Cloud-Based Service Providers Can Integrate Strong Identity and Security
 
IDENTITY ACCESS MANAGEMENT
IDENTITY ACCESS MANAGEMENTIDENTITY ACCESS MANAGEMENT
IDENTITY ACCESS MANAGEMENT
 
IAM
IAMIAM
IAM
 
Securing the Digital Enterprise
Securing the Digital EnterpriseSecuring the Digital Enterprise
Securing the Digital Enterprise
 
Identity as a Service
Identity as a ServiceIdentity as a Service
Identity as a Service
 
Stop Treating Your Customers Like Your Employees (Ian Glazer, Salesforce)
Stop Treating Your Customers Like Your Employees (Ian Glazer, Salesforce)Stop Treating Your Customers Like Your Employees (Ian Glazer, Salesforce)
Stop Treating Your Customers Like Your Employees (Ian Glazer, Salesforce)
 
Stop treating your customers like your employees
Stop treating your customers like your employeesStop treating your customers like your employees
Stop treating your customers like your employees
 
Winning with GDPR: How to Win Customer Loyalty and Trust
Winning with GDPR: How to Win Customer Loyalty and TrustWinning with GDPR: How to Win Customer Loyalty and Trust
Winning with GDPR: How to Win Customer Loyalty and Trust
 
Why KYC Verification Is the Cornerstone of Trust.docx
Why KYC Verification Is the Cornerstone of Trust.docxWhy KYC Verification Is the Cornerstone of Trust.docx
Why KYC Verification Is the Cornerstone of Trust.docx
 

Plus de Jean-François LOMBARDO

Jeff Lombardo - Enforcing access control in depth with AWS - v1.2.pdf
Jeff Lombardo - Enforcing access control in depth with AWS - v1.2.pdfJeff Lombardo - Enforcing access control in depth with AWS - v1.2.pdf
Jeff Lombardo - Enforcing access control in depth with AWS - v1.2.pdf
Jean-François LOMBARDO
 

Plus de Jean-François LOMBARDO (9)

SEC301 - New AWS security services for container threat detection - final.pdf
SEC301 - New AWS security services for container threat detection - final.pdfSEC301 - New AWS security services for container threat detection - final.pdf
SEC301 - New AWS security services for container threat detection - final.pdf
 
Jeff Lombardo - Enforcing access control in depth with AWS - v1.2.pdf
Jeff Lombardo - Enforcing access control in depth with AWS - v1.2.pdfJeff Lombardo - Enforcing access control in depth with AWS - v1.2.pdf
Jeff Lombardo - Enforcing access control in depth with AWS - v1.2.pdf
 
Amazon EKS - security best practices - 2022
Amazon EKS - security best practices - 2022 Amazon EKS - security best practices - 2022
Amazon EKS - security best practices - 2022
 
Yul identity in depth identity enforcement with jwap - 20200609
Yul identity in depth identity enforcement with jwap - 20200609Yul identity in depth identity enforcement with jwap - 20200609
Yul identity in depth identity enforcement with jwap - 20200609
 
Eic munich-2019-ripple effect of gdpr in na- cx pa-rev20190430
Eic munich-2019-ripple effect of gdpr in na- cx pa-rev20190430Eic munich-2019-ripple effect of gdpr in na- cx pa-rev20190430
Eic munich-2019-ripple effect of gdpr in na- cx pa-rev20190430
 
Identiverse 2019-navigating nist sp-800-63-3 -x a-ls cheat sheets-rev20190624
Identiverse 2019-navigating nist sp-800-63-3 -x a-ls cheat sheets-rev20190624Identiverse 2019-navigating nist sp-800-63-3 -x a-ls cheat sheets-rev20190624
Identiverse 2019-navigating nist sp-800-63-3 -x a-ls cheat sheets-rev20190624
 
CPA - Introduction to Digital Identity - rev20171102
CPA - Introduction to Digital Identity - rev20171102CPA - Introduction to Digital Identity - rev20171102
CPA - Introduction to Digital Identity - rev20171102
 
Session 2017 CASB: the Swiss army knife that wants to be a magic wand - en re...
Session 2017 CASB: the Swiss army knife that wants to be a magic wand - en re...Session 2017 CASB: the Swiss army knife that wants to be a magic wand - en re...
Session 2017 CASB: the Swiss army knife that wants to be a magic wand - en re...
 
Synposium gia quebec setting the new course for digital identity- en rev 20...
Synposium gia quebec setting the new course for digital identity- en rev 20...Synposium gia quebec setting the new course for digital identity- en rev 20...
Synposium gia quebec setting the new course for digital identity- en rev 20...
 

Dernier

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 

Dernier (20)

Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 

KuppingerCole CIWUSA17 - Chaining Identity Blocks to boost your UX and KYC strategies

  • 1. Chaining identity blocks to boost your UX and KYC strategies
  • 2. 12 years of expertise in IAM 35+ projects:  Strong Authentication,  Identity Management,  Access Governance,  Information Protection. Proud member of a versatile team of 25+ expert consultants ready for innovation To keep in touch https://twitter.com/IdentityMonk https://ca.linkedin.com/in/jflombardo Chaining identity blocks to boost your UX and KYC strategies
  • 3. “Engineering is not the art of building devices; it’s the art of fixing problems.” - Yonatan Zunger "I checked it very thoroughly," said the computer, "and that quite definitely is the answer. I think the problem, to be quite honest with you, is that you've never actually known what the question is.” ― Douglas Adams, H2G2
  • 4. Employee Partner Customer Powers the core business Sustains the core business Benefits from the core business
  • 5. Employee Partner Customer Ambassador of my Brand Favored for using my Brand Strategic to my Brand Strategic to its Brand Join for the love of my Brand Influence for the love of my Brand
  • 6. Things can act as any of them Employee Partner Customer Ambassador of my Brand Favored for using my Brand Strategic to my Brand Strategic to its Brand Join for the love of my Brand Influence for the love of my Brand
  • 7. Goals of Customer-IAM Better User Experience Efficiency Cost Governance  One set of credentials  Single Sign-on first  Backup/step-up mechanisms if necessary  Reduce support calls for access requests  Reduce support calls for credentials loss/forgetting  One place to know who accesses what  Easy to onboard new services and new users  Better insights for better improvements  Cross device consistent Privacy  Consent to use data  Protection of data  Control and traceability of usage of data
  • 8. Goals of Employee-IAM Better User Experience Efficiency Cost Governance  One set of credentials  Single Sign-on first  Backup/step-up mechanisms if necessary  Reduce support calls for access requests  Reduce support calls for credentials loss/forgetting  One place to know who accesses what  Easy to onboard new services and new users  Better insights for better improvements  Cross device consistent Privacy  Consent to use data  Protection of data  Control and traceability of usage of data
  • 10. Employee Identity & Credential Management Employee Access Management Corporate Services & Applications How did we solve this?
  • 11. Employee Identity & Credential Management Corporate Services & Applications Partner Identity & Credential Management Employee and Partner Access Management How did we solve this?
  • 12. Employee Identity & Credential Management Employee and Partner Access Management Corporate Services & Applications Partner Identity & Credential Management Customer Services & Applications Siloed Customer Access Management Siloed Identity & Credential Management
  • 14. More than one set of credentials SSO is difficult SSO is not possible More than one place to know who accesses what Application on-boarding is specific and costly Integration costs are repeated Can we stay like that?
  • 15. No difference between applications and services Identity chaining Only one recipe for integration Use standards and APIs One Access Manager acts as Access Broker Only one place to know who accesses what One role model to control access to applications and permissions Each population has one set of credentials Specific integration is on the last mile Use standards according to context
  • 16. Can we do even better? Partners are employees of their own company… Customers are more than individuals and are employees of their own company… 1 2
  • 18. Identity Chaining (Meshed) My individual customers through Social Login My strategic customer through delegation My strategic partner through delegation Partners of my strategic partner integration Bi-directional relationship
  • 19. Contractualized: • To seal a trust relationship and SLAs • To make each partner accountable • To match assurance level (e.g. NIST 800-63-3) • To comply with regulations (GDPR) 3 3 pillars of success Built on top of APIs & standards: OIDC, OAuth 2.0, SAML 2.0, SCIM (+PAM ext.) 1 Oriented towards operating costs and risks reduction 2
  • 21. UX gains from Identity Chaining Enable Bring Your Own Identity strategy… User are created/updated based on user data at authoritative link Consent is mandatory for any data brought in/sent out our broker Progressive profile can be easily enforced based on services & applications accessed
  • 22. UX gains from Identity Chaining Each party can contribute to… …or transform… …with dynamic data transformation… …or map the information
  • 23. UX gains from Identity Chaining Step-up can still be enforced as close as possible to our services & applications For efficient step-up methods and policies use SP800-63-3 (AAL, FAL) … with “Bring Your Own Token” Authentication is carried out as close as possible to the user
  • 24. KYC gains from Identity Chaining A good starter for Identity Relationship Management… … and complex Cross-Tenancy scenarii Easy to enable Account Linking A central repository for all possible customer types
  • 25. A corner stone to the Customer lake CRM License Lifecycle Who is entitled to what? Who uses what? Billing KYC gains from Identity Chaining BI / Marketing Order management Who accesses through what?
  • 26.
  • 27. Privacy gains from Identity Chaining Central PII and consent management (UMA) Traceability on acquisition and usage Consent is mandatory for any data brought in/sent out our broker Receipt in case of control/audit Central protection of PII and consent within customer lake API oriented for CRUD operations upon consent and scope Prevent PII storage at services / applications
  • 28. Be ready for ripples GDPR is just a first step… Russia Data Privacy Laws are operational Australia Data Privacy Laws are operational <Insert your country> Data Laws are coming China Data Privacy Laws are drafted
  • 29. That centrally govern different type of actors and their data Whom we empower by giving them choices and consent control In order to enhance our Business, Security and Compliance Chaining of Identity Blocks: a simple model and strategy
  • 30.
  • 31.
  • 32. Centralized Federated Christopher Allen, stages of online identity http://www.lifewithalacrity.com User Centric Self Sovereign User control Low High LowHigh Portability
  • 33. Centralized Federated User Centric Self Sovereign User control Low High LowHigh Portability Based on Christopher Allen, stages of online identity http://www.lifewithalacrity.com What you considered too obsolete and did not capitalize on What you hoped to see and what Blockchain hopes to solve
  • 34. User control Low High LowHigh Portability User Centric Self Sovereign Centralized Federated Based on Christopher Allen, stages of online identity http://www.lifewithalacrity.com Need Decentralization What you considered too obsolete and did not capitalize on What you hoped to see and what Blockchain hopes to solve Need Trust
  • 35. David Birch, Director of Consult Hyperion: • Blockchain is not for storing digital ID • Still an issue for managing the private key • Should be managed by trusted party (e.g. Banks) http://dutchblockchainconference.com/2016/06/20/david-birch-hyperion/ Steve Wilson, VP Constellation Research • There is no ID in the blockchain • An intermediary is still needed • See project MDAV for CCICADA https://www.youtube.com/watch?v=dzetCrresXM
  • 36. User control Low High LowHigh Portability User Centric Self Sovereign Centralized Federated Based on Christopher Allen, stages of online identity http://www.lifewithalacrity.com Need Decentralization What you considered too obsolete and did not capitalize on What you hoped to see and what Blockchain hopes to solve Need Trust Meshed Controlled via: Linking of accounts Consent to share Portable through the Trust framework …
  • 37. Frédéric Parthenais VP Consulting and Sales fparthenais@facilite.com +1 514-262-2328 Jean-François Lombardo Digital Identity Principal Director jflombardo@facilite.com +1 514-778-5565 Put on your CIAM strategy with those badges (on us)