how cloud-based service providers can integrate strong identity and security
TRANSCRIPT
![Page 1: How Cloud-Based Service Providers Can Integrate Strong Identity and Security](https://reader031.vdocuments.mx/reader031/viewer/2022030316/5871e0981a28ab6a7b8b59f9/html5/thumbnails/1.jpg)
Trusted IdentitiesFoundational to Cloud Services
LILA KEE
CHIEF PRODUCT OFFICER GLOBALSI
GN
![Page 2: How Cloud-Based Service Providers Can Integrate Strong Identity and Security](https://reader031.vdocuments.mx/reader031/viewer/2022030316/5871e0981a28ab6a7b8b59f9/html5/thumbnails/2.jpg)
CloudExpo 2016
WHAT YOU WILLLEARN TODAY
• Strong identity verification as a security measure and business enabler• Authentication vs Authorization vs Access Primer
• Types of User Identities – Known and Unknown
• Assurance Levels• 3rd Party Identity
Providers - MobileConnect
• Trends in Web Security
![Page 3: How Cloud-Based Service Providers Can Integrate Strong Identity and Security](https://reader031.vdocuments.mx/reader031/viewer/2022030316/5871e0981a28ab6a7b8b59f9/html5/thumbnails/3.jpg)
TRUST – It All Starts with Identity Verification
Identity is in Everything – Everything Needs a Trusted and Manageable Identity
• Cloud-based service provider customers are looking to their providers to ensure the security of their identities, transactions and data.
• With the increased reliance on cloud-based services, service providers must build security and trust into their offerings, adding value to customers and improving the user experience.
• Making identity, security and privacy easy for customers provides a unique advantage over the competition.
![Page 4: How Cloud-Based Service Providers Can Integrate Strong Identity and Security](https://reader031.vdocuments.mx/reader031/viewer/2022030316/5871e0981a28ab6a7b8b59f9/html5/thumbnails/4.jpg)
Protecting User Identities is Essential
• Customerretention
• Brand protection• Compliance
Know Your Customer
• Prevent• Identity theft• Fraud• Money laundering
![Page 5: How Cloud-Based Service Providers Can Integrate Strong Identity and Security](https://reader031.vdocuments.mx/reader031/viewer/2022030316/5871e0981a28ab6a7b8b59f9/html5/thumbnails/5.jpg)
Identity Theft: The Good News - Awareness
19People fall victim to identity
theft every MINUTE
*Federal Trade Commission
![Page 6: How Cloud-Based Service Providers Can Integrate Strong Identity and Security](https://reader031.vdocuments.mx/reader031/viewer/2022030316/5871e0981a28ab6a7b8b59f9/html5/thumbnails/6.jpg)
Security as a Business Advantage
• Differentiate from your competitor with a superior user experience
• Reduce order / sign up abandonment
• Reduce customerchurnwith easy re-engagement
• Avoid costly fines and reputation loss by complying with privacy regulations
![Page 7: How Cloud-Based Service Providers Can Integrate Strong Identity and Security](https://reader031.vdocuments.mx/reader031/viewer/2022030316/5871e0981a28ab6a7b8b59f9/html5/thumbnails/7.jpg)
User Identities
![Page 8: How Cloud-Based Service Providers Can Integrate Strong Identity and Security](https://reader031.vdocuments.mx/reader031/viewer/2022030316/5871e0981a28ab6a7b8b59f9/html5/thumbnails/8.jpg)
What Do We Mean By “Identity”?
• We all have identities. In the digitalworld our identities manifest themselves in the form of attributes, entries in the database.
• A unique attribute differentiates us from other online users. Such an attribute could be an email address, phone number, or a social security number.
• We get attributes from our employers in the form of titles, in which business unit we belong to, roles that we have in projects, or in the organization hierarchy.
• Attributes pertaining our private and working life are different and change over time as we change jobs, move, get married etc.
![Page 9: How Cloud-Based Service Providers Can Integrate Strong Identity and Security](https://reader031.vdocuments.mx/reader031/viewer/2022030316/5871e0981a28ab6a7b8b59f9/html5/thumbnails/9.jpg)
Attribute = Authorization?
• Some of the identity attributes that we have are powerful. They allow us to do things online.
• A role attribute that describes a position within a company, a purchase manager for example, can tell an online site what the person is allowed to do on that specific site.
• Therefore, it is quite crucial that attributes granting power to the user are carefully managed and maintained.
![Page 10: How Cloud-Based Service Providers Can Integrate Strong Identity and Security](https://reader031.vdocuments.mx/reader031/viewer/2022030316/5871e0981a28ab6a7b8b59f9/html5/thumbnails/10.jpg)
What Do We Mean By “Access”?
• Access decisions are Yes/No decisions.• When an access control is deployed it will be tasked with
making the Yes/No decision when an online user tries to enter or use the resource.
• There can be and usually are, multiple access controlpoints within an online service.
• On the top level there’s an access control point trying todetermine if the user is allowed to enter the site at all.
• Then in the lower level the access control point reaches theindividual files located somewhere on the hard drive.
![Page 11: How Cloud-Based Service Providers Can Integrate Strong Identity and Security](https://reader031.vdocuments.mx/reader031/viewer/2022030316/5871e0981a28ab6a7b8b59f9/html5/thumbnails/11.jpg)
What Do We Mean By “Authentication”?
• Authentication is a process where the identity of the user will be established.
• There are many of different ways to authenticate the user.• User name and
Password• PKI• eID• LEIs• Email control• Mobile Connect• OTP• Etc.
Authentication credentials are issued after identities are verified• Email control• Active Directory/HR on-
boarding• Assertion by IdP
![Page 12: How Cloud-Based Service Providers Can Integrate Strong Identity and Security](https://reader031.vdocuments.mx/reader031/viewer/2022030316/5871e0981a28ab6a7b8b59f9/html5/thumbnails/12.jpg)
GSMA MobileConnect
Mobile Network Operators (MNOs) have the opportunity to remove the biggest obstacle in Service Provider onboarding – the customers.
With millions of subscribers and potential Mobile Connect users the MNO is well positioned to offer convenient user authentication to online services.
![Page 13: How Cloud-Based Service Providers Can Integrate Strong Identity and Security](https://reader031.vdocuments.mx/reader031/viewer/2022030316/5871e0981a28ab6a7b8b59f9/html5/thumbnails/13.jpg)
Assurance Level
![Page 14: How Cloud-Based Service Providers Can Integrate Strong Identity and Security](https://reader031.vdocuments.mx/reader031/viewer/2022030316/5871e0981a28ab6a7b8b59f9/html5/thumbnails/14.jpg)
One Size Does Not Fit All
Low Medium HighRisk
Social Email control
Face to FaceIdentity
verification
User Name/PW
Contextual 2FAAuthentication
![Page 15: How Cloud-Based Service Providers Can Integrate Strong Identity and Security](https://reader031.vdocuments.mx/reader031/viewer/2022030316/5871e0981a28ab6a7b8b59f9/html5/thumbnails/15.jpg)
Identity vs Access Management
• Identity Management is about managingthe attributesrelatedto the user
• Access Management is about evaluating the attributes based on policies and making Yes/No decisions
![Page 16: How Cloud-Based Service Providers Can Integrate Strong Identity and Security](https://reader031.vdocuments.mx/reader031/viewer/2022030316/5871e0981a28ab6a7b8b59f9/html5/thumbnails/16.jpg)
The New Age of Bring Your Own Identity
Building Online Privacy Confidence
Gartner Recommends Use of 3rd-party IDs
![Page 17: How Cloud-Based Service Providers Can Integrate Strong Identity and Security](https://reader031.vdocuments.mx/reader031/viewer/2022030316/5871e0981a28ab6a7b8b59f9/html5/thumbnails/17.jpg)
Don’t go it Alone - Use 3rd-party verified IDs
• Reduces verifications costs up to 30 times• Look for IAM providers that provide a single
integration torelevant high assurance IDs
![Page 18: How Cloud-Based Service Providers Can Integrate Strong Identity and Security](https://reader031.vdocuments.mx/reader031/viewer/2022030316/5871e0981a28ab6a7b8b59f9/html5/thumbnails/18.jpg)
Creating a Trusted eService Site
Trends in SSL
![Page 19: How Cloud-Based Service Providers Can Integrate Strong Identity and Security](https://reader031.vdocuments.mx/reader031/viewer/2022030316/5871e0981a28ab6a7b8b59f9/html5/thumbnails/19.jpg)
Building Online Privacy Confidence
SSL/TLS (HTTPS) delivers website and server identity authentication as well as encryption of data in transit
Protecting your eServices with SSL certificates provide customers and visitors assurances that their browsing session is safe, and that payment details and personal information is kept secure and encrypted.
However, browsers and Certificate Authorities are making big changes to make browsing
safer that may impact your eService
![Page 20: How Cloud-Based Service Providers Can Integrate Strong Identity and Security](https://reader031.vdocuments.mx/reader031/viewer/2022030316/5871e0981a28ab6a7b8b59f9/html5/thumbnails/20.jpg)
Always on SSL
![Page 21: How Cloud-Based Service Providers Can Integrate Strong Identity and Security](https://reader031.vdocuments.mx/reader031/viewer/2022030316/5871e0981a28ab6a7b8b59f9/html5/thumbnails/21.jpg)
SSL Trends
• With rise of Web 2.0 users arecommunicating sensitive information well beyond credit card data.
• According to OTA, “Cybercriminals today are targeting consumers using an attack method called sidejacking that takes advantage of consumers visiting unencrypted HTTP web pages after they have logged into a site.
• Online Trust Alliance (OTA) is calling on the security, business and interactive advertising communities to adopt Always On SSL (AOSSL), the approach of using SSL/TLS across your entire website to protect users with persistent security, from arrival to login to logout.
![Page 22: How Cloud-Based Service Providers Can Integrate Strong Identity and Security](https://reader031.vdocuments.mx/reader031/viewer/2022030316/5871e0981a28ab6a7b8b59f9/html5/thumbnails/22.jpg)
Google – Always on SSL – Motivating Good Security
• Marking HTTP as Insecure – Google has done it others likely to follow• Mozilla and Apple have both indicated that they want more web
encryption. And even the US government has taken important steps in that direction, requiring all .gov websites to be HTTPS by default before the end of this year.
• Google made website security a factor in keyword search• While the ranking increase is starting out quite slight, Google
hinted they will strengthen it’s impact over time as their goal isto encourage stronger adoption of HTTPS technology acrossthe board to “keep everyone safe on the web.”
![Page 23: How Cloud-Based Service Providers Can Integrate Strong Identity and Security](https://reader031.vdocuments.mx/reader031/viewer/2022030316/5871e0981a28ab6a7b8b59f9/html5/thumbnails/23.jpg)
Certificate Transparency
• Certificate Transparency makes it possible to detect SSL certificates that have been mistakenly issued by a certificate authority or maliciously acquired from an otherwise unimpeachable certificateauthority. It also makes it possible to identify certificate authorities that have gone rogue and are maliciously issuing certificates. Via:• Certificate Logs• Monitors• Audits• Early detection of misissued certificates, malicious certificates, and rogue CAs.• Faster mitigation after suspect certificates or CAs are detected.• Better oversight of the entire TLS/SSL system.
• Google is currently the only browser with a CT policy and the only one with an enforcement mechanism.
• When Chrome encounters an EV certificate which does not comply with the policy the EV Green bar treatment is removed. In order to have be compliant, the EV certificate:
![Page 24: How Cloud-Based Service Providers Can Integrate Strong Identity and Security](https://reader031.vdocuments.mx/reader031/viewer/2022030316/5871e0981a28ab6a7b8b59f9/html5/thumbnails/24.jpg)
Server Security Configuration
![Page 25: How Cloud-Based Service Providers Can Integrate Strong Identity and Security](https://reader031.vdocuments.mx/reader031/viewer/2022030316/5871e0981a28ab6a7b8b59f9/html5/thumbnails/25.jpg)
Health Check Your Webserver Security
• Key size Use 2048-bit Private Keys• Private key protection• Ensure Sufficient Hostname Coverage• Obtain Certificates from a Reliable CA• Use Strong Certificate Signature Algorithms• Configuration
• Deploy with Valid Certificate Chains• Use Secure Protocols• Control Cipher Suite Selection• …… lots more. There’s an easy way
![Page 26: How Cloud-Based Service Providers Can Integrate Strong Identity and Security](https://reader031.vdocuments.mx/reader031/viewer/2022030316/5871e0981a28ab6a7b8b59f9/html5/thumbnails/26.jpg)
Installing SSL Certificate, Just the Beginning
• https://globalsign.ssllabs.com/
![Page 27: How Cloud-Based Service Providers Can Integrate Strong Identity and Security](https://reader031.vdocuments.mx/reader031/viewer/2022030316/5871e0981a28ab6a7b8b59f9/html5/thumbnails/27.jpg)
Google DevTools
![Page 28: How Cloud-Based Service Providers Can Integrate Strong Identity and Security](https://reader031.vdocuments.mx/reader031/viewer/2022030316/5871e0981a28ab6a7b8b59f9/html5/thumbnails/28.jpg)
Conclusion• Enhanced security doesn’t have to mean decline in user
experience• Stay on top of browser changes• Utilize bring your own identity by leveraging 3rd party
identityproviders
• Apply the appropriate level of identity verification andauthentication methods to the impact of breach to data
• Remember users are increasingly becoming more security savvy• Only ask for what you need• Solicit consent around data privacy (Federation, Cross-
borders)• Strong identity verification is a business enabler