Identity Transformed Zero Touch in Zero Trust Soumik Ghoshal
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
Identity Transformed
Zero Touch in Zero Trust
Soumik Ghoshal
©2021
1 RSA©2021
Security
RSA LLC or its affiliates.
Security LLC or itsAllaffiliates.
rights reserved.
All rights reserved. C O N F I D E N T I A L
Welcome Gavin!
©2021
2 RSA©2021
Security
RSA LLC or its affiliates.
Security LLC or itsAllaffiliates.
rights reserved.
All rights reserved. C O N F I D E N T I A LMarket Trends Have Accelerated
Digital Transformation Attack Surface Regulatory and
Accelerated Growing with Remote Compliance Pressure
3 ©2021 RSA Security LLC or its affiliates. All rights reserved. C O N F I D E N T I A LToday’s Critical Business Initiatives
Increasing Expectations Implementing Identity
for Convenient Access Assurance
Enabling a Remote Simplifying Access
Workforce Governance
Adopting a Zero Trust
Moving to the Cloud
Security Model
4 ©2021 RSA Security LLC or its affiliates. All rights reserved. C O N F I D E N T I A LZero Trust is Not One Product, It’s a Strategy
NIST Seven Tenets of Zero Trust
1 2 3 4 5 6 7
Everything All Dynamic Broad
Access Per Dynamic Monitoring
Considered Communication Resource Information
Session Access Policy All Assets
Resource Secure Authentication Collection
5 ©2021 RSA Security LLC or its affiliates. All rights reserved. C O N F I D E N T I A LIdentity & Access Management is a Journey
STAGE 1 STAGE 3
Perimeter- Off Perimeter Zero Trust Next
based Shift Generation
Perimeter Access User-Driven Access User + Device Access
Real-time Decisions
Password Step Up, MFA Passwordless
• Decentralized Identity
• Machine Access (IoT)
Static Access Conditional Access Dynamic, Risk-Based
Access
Identity Governance & Lifecycle Management
Support at every stage in your journey
6 ©2021 RSA Security LLC or its affiliates. All rights reserved. C O N F I D E N T I A LAccess Today – Manage and Secure Perimeter
Perimeter
User Company
Device
VPN
User Company
Device + Token
On Premise
Password
Cloud
7 ©2021 RSA Security LLC or its affiliates. All rights reserved. C O N F I D E N T I A LManage Identity & Access – Dynamic Authentication Perimeter
Corporate Employees On Premise Customers
Remote
SSO Access
Healthcare
Portal
On Premise
Access
Shopping
Users Remote Users
Access
Reward
Program
Remote
Passwordless
Banking
Virtual
Desktop Cloud
8 ©2021 RSA Security LLC or its affiliates. All rights reserved. C O N F I D E N T I A LThe Way Forward: Identity is Central to Zero Trust Strategy
Corporate Employees IDENTITY AND ACCESS PLATFORM Customers
Remote SSO
Access
Governance Identity
Policy Lifecycle Healthcare
Portal
On Premise
Access FAIL
RISK Shopping
Step Up Step Up
Users Remote Users
Access
PASS Authentication Reward
Program
Remote
Passwordless
SSO Banking
Virtual
Desktop
On Premise Cloud
9 ©2021 RSA Security LLC or its affiliates. All rights reserved. C O N F I D E N T I A LHow are we helping organizations today?
Modern Authentication Conditional Access & Risk-Based Assurance
Security and convenience for a mobile and dynamic workforce Mitigate threats and reduce friction through invisible layers of protection
RBAC / ABAC
Conditional Policy
RISK PASS RISK DENY
Levels of Assurance
Push Mobile OTP Biometrics Text Msg Voice Call Machine Learning
HW Token SW Token FIDO Proximity Wearables Role Location Device Behavior External
EMPLOYEE ADMINISTRATOR THIRD PARTY
DIVERSE CREDENTIAL
USERS LIFECYCLE
Enterprise-Grade Credential Management Bridge Islands of Identity
Secure the entire lifecycle, reduce TCO and enable deployment at scale Complete coverage from ground to cloud with a seamless user experience
10 ©2021 RSA Security LLC or its affiliates. All rights reserved. C O N F I D E N T I A LSecurID Access Today
Modern Authentication • Range of authentication options—hardware,
Security and convenience for a mobile and dynamic workforce
embedded, software and mobile
• Thought leaders—FIDO board; first mover in
Push Mobile OTP Biometrics Text Msg Voice Call tech innovations like wearables and proximity
• Passwordless authentication—online or offline
HW Token SW Token FIDO Proximity Wearables • Flexibility and choice
• Organizational policy (what is allowed?)
• User preference (what do you want to use?)
• Role / use case (e.g., SMS for contractors;
hardware token for admins; exceptions for users
with disabilities)
• Assurance level (e.g., mobile push for medium
trust vs. biometrics for high trust applications)
11 ©2021 RSA Security LLC or its affiliates. All rights reserved. C O N F I D E N T I A LSecurID Access Today
Conditional Access & Risk-Based Assurance
• Role and attribute-based access controls Mitigate threats and reduce friction through invisible layers of protection
• Conditional policies (e.g., network, country
RBAC / ABAC
of origin, geo-fencing, known device, etc.) Conditional Policy
RISK PASS RISK DENY
Levels of Assurance
Machine Learning
• Dynamic risk scoring based on behavioral
analysis and ML; tuned at both the individual
user and group levels
Role Location Device Behavior External
• Use external sources of risk intelligence to
identify risky users and react in real time
• Ability to define complex, hybrid policies
combining all of the above
• Risk dashboard provide insights into risk Pro Tip: Zero Trust Network Access (ZTNA)
engine tuning for planning and “black box” Two key principles of Zero Trust:
troubleshooting 1) Establishing the trustworthiness of a user’s identity claim
2) Limiting access to only what that user needs (“least privilege”)
With a remote workforce, this cannot be done through static rules. It
requires dynamic controls that are context and risk-aware
12 ©2021 RSA Security LLC or its affiliates. All rights reserved. C O N F I D E N T I A LSecurID Access Today
• The broadest support from datacenter to
cloud
• RSA Ready: 500+ certified solutions;
thousands more through open standards
• RSA proactively tests, certifies, updates,
documents and supports every integration
• Many are embedded in partner products and
supported out-of-the-box
• Strongest support for on-prem and legacy
platforms, applications and infrastructure that
remain mission critical to most enterprises
• Strong Microsoft partnership including
Windows Hello, Azure MFA and O365
• Day 1 integrations regularly featured in PR
and at Microsoft Ignite
Bridge Islands of Identity
Complete coverage from ground to cloud with a seamless user experience
13 ©2021 RSA Security LLC or its affiliates. All rights reserved. C O N F I D E N T I A LSecurID Access Today
• SaaS, on-prem, hybrid and virtual to support the
deployment needs of any organization
• Highly-available SaaS with on-prem failover
• Enterprise-grade security, features and scale
• Secure the entire credential lifecycle to eliminate
weak points like on-boarding, emergency access
and credential recovery
• Admin and self-service credentialing to support
multiple identity assurance levels and strict
regulatory requirements
EMPLOYEE ADMINISTRATOR THIRD PARTY
• Full customization through APIs and Prime for
integration with existing back-office systems,
DIVERSE CREDENTIAL
USERS LIFECYCLE
processes and workflow
Enterprise-Grade Credential Management
Secure the entire lifecycle, reduce TCO and enable deployment at scale
14 ©2021 RSA Security LLC or its affiliates. All rights reserved. C O N F I D E N T I A LZero Touch in Zero trust
Technology Authentication
Integration
Zero Trust Zero Touch
• Segregated Authentication Layer • Dynamic Resource Policy
• Seamless multi-challenge per session • Dynamic resource Authentication
• Broad Information collection and
correlation capability
Governance Access &
& Lifecycle SSO
Cloud On-Premises Hybrid
19 ©2021 RSA Security LLC or its affiliates. All rights reserved. C O N F I D E N T I A L40 Years of Innovation in Authentication
2003 - 2005: 2015:
RSA SecurID Access (SaaS)
Push Mobile OTP Biometrics Proximity Wearables
RSA SecurID for Windows logon
BlackBerry software token Mobile Push
HW Token SW Token FIDO SMS Voice Call
1977: RSA Algorithm Site-to-user authentication Apple Touch ID
SAML 2.0 co-authors
2009 - 2011: 2016:
Risk-based auth for Enterprise RSA Identity Assurance 2018:
1986: RSA SecurID for iOS & Android Apple Face ID Windows Hello
Time-synchronous OTP “Credentials Everywhere”: SanDisk, Apple Watch Azure AD MFA
(RSA SecurID) Broadcom, IronKey, Upek, Good
1977 - 2014 2015 - 2020
2006 - 2008: 2019:
1996:
RSA Transaction Signing Threat Aware Authentication
RSA SecurID
software token RSA FraudAction FIDO2 / passwordless
PIV / FIPS 201 Motiv Ring
2001 - 2002: 2016:
SMS authentication Proximity MFA for Windows
Palm Pilot software token Samsung Fingerprint
Windows Mobile software token FIDO U2F
20 ©2021 RSA Security LLC or its affiliates. All rights reserved.SecurID: The Trusted Identity Platform
EMPOWERING FLEXIBLE CONVENIENT
99.99+
percent
Availability
Always-on protection Range of Tested & Innovative Unified admin and user experience.
Hybrid/On-Prem Failover Authentication Options Choice: On-prem/cloud, Online/Offline
50+
million
Tested Identities Optimized
500+ certified and thousands Scaled access to any platform, Configurable, Customizable, Automated
open-source integrations anywhere, any environment Policies and Workflows
21 ©2021 RSA Security LLC or its affiliates. All rights reserved. C O N F I D E N T I A LThank You
You can also read
