More Related Content Similar to Modern IAM Trends and Themes by Eve Maler, Forrester (20) Modern IAM Trends and Themes by Eve Maler, Forrester3. Transparents
Trends
• What are they?
• What is the evidence?
• What should you do about them?
Closer to truthiness
Closer to essential truth
What are the T4 all about?
Tropes
Transients
Less well noticed
© 2012 Forrester Research, Inc. Reproduction Prohibited
Well noticed
3
4. Trend: webdevification of IT
IN THE FUTURE, EVERY ENTERPRISE WILL OPEN AN API CHANNEL TO ITS
DIGITAL PLATFORM
Source: John Musser (formerly) of ProgrammableWeb.com
© 2012 Forrester Research, Inc. Reproduction Prohibited
4
5. Confront the changes in your power
relationship
ACCESS CONTROL IS ABOUT PROTECTION AND MONETIZATION
friction Y
value X
© 2012 Forrester Research, Inc. Reproduction Prohibited
5
6. A lot of identities float around an API
ecosystem
Source: April 5, 2013 Forrester report “API Management For Security Pros”
© 2012 Forrester Research, Inc. Reproduction Prohibited
6
7. Open Web APIs are, fortunately, friendly
to the Zero Trust model of security
Initially treat all access requesters as
untrusted. Require opt-in access. Apply
identity federation through APIs.
© 2012 Forrester Research, Inc. Reproduction Prohibited
Source: November 15, 2012, Forrester report “No More Chewy Centers:
Introducing The Zero Trust Model Of Information Security”
7
8. Trend: IAM x cloud
ZERO TRUST CALLS FOR DISTRIBUTED SINGLE SOURCES OF TRUTH
Prefer
these
choices
when
crossing
domains
Provision just
in time
through SSO
Synchronize
accounts
periodically
Bind to a
user store
and replay
credentials
© 2012 Forrester Research, Inc. Reproduction Prohibited
Issue and
manage a
disconnected
account
8
9. Identity plays only an infrastructural
role in most cloud platforms
DISRUPTION IS COMING FROM THE CLOUD IDENTITY SERVICES DARK HORSES
cloud identity product with an actual SKU
IAM functions
user base and attributes
cloud services
© 2012 Forrester Research, Inc. Reproduction Prohibited
9
10. Transient: XACML
XACML 3 IS STUCK AT MODERATE SUCCESS AND IS HEADING FOR DECLINE
Adoption has government/compliance drivers, few
accelerators, and many inhibitors
It’s critical to open up the market for long-tail policy
evaluation engines
Webdevified and mobile-friendly scenarios demand
different patterns of outsourced authorization
© 2012 Forrester Research, Inc. Reproduction Prohibited
11. Authz grain needs to get…finer-grained
field-level
entitlements
XACML
etc.
policy
input
scopegrained
authz
roles
groups
attributes
WAM
domain
URL path
sets of
API calls
field
resource accessed
© 2012 Forrester Research, Inc. Reproduction Prohibited
11
12. Plan for a new “Venn” of access control
AN “XACML LITE” WOULD HAVE A POTENTIALLY VALUABLE ROLE TO PLAY
© 2012 Forrester Research, Inc. Reproduction Prohibited
12
13. Trope: “Passwords are dead”
OH, YEAH?
correct hors
e battery sta
© 2012 Forrester Research, Inc. Reproduction Prohibited
ple
14. We struggle to maximize authentication
quality
PARTICULARLY IN CONSUMER-FACING SERVICES
Source: June 12, 20113 “Introducing The Customer Authentication Assessment Framework” Forrester report
© 2012 Forrester Research, Inc. Reproduction Prohibited
14
15. Authentication schemes have different
characteristics
*
?
*S2 is an affordance of passwords for “consensual impersonation”
Source: June 12, 20113 “Introducing The Customer Authentication Assessment Framework” Forrester report, based on
“The Quest to Replace Passwords: A Framework for Comparative Evaluation of Web Authentication Schemes”
© 2012 Forrester Research, Inc. Reproduction Prohibited
15
16. Think in terms of “responsive design”
for authentication
LEVERAGE STRENGTHS AND MITIGATE RISKS – ONCE YOU KNOW THEM
Know
Do
User
identification
based on
something
they…
Have
Are
© 2012 Forrester Research, Inc. Reproduction Prohibited
16
18. Closer to essential truth
Summary of the T4
Transparent:
Trends:
Time-to-live
strategies
Webdevification of IT
Cloud x IAM
Trope:
“Passwords
are dead”
Transient:
Closer to truthiness
XACML
Less well noticed
© 2012 Forrester Research, Inc. Reproduction Prohibited
Well noticed
18