Bring Your Own Identity
Download as PPTX, PDF5 likes3,079 views
The document discusses Bring Your Own Identity (BYOI) strategies for organizations, emphasizing the potential benefits of cost reduction and improved customer engagement while addressing security concerns. It highlights trends in BYOI adoption, such as the merging of personal devices and identities and the need for risk assessment based on user access levels. A case study on NYC's BYOI implementation illustrates the varying requirements and security considerations based on the nature of user interactions.
Bring Your Own Identity
- 1. Bring Your Own Identity (BYOI) strategies for organizations and their impact Matthew Ulery Director of Product Management
- 2. Agenda What is BYOI? Why do we care about BYOI? When to allow BYOI? What are others doing about BYOI? 2 © 2013 NetIQ Corporation. All rights reserved.
- 3. What is BYOI? Bring your own Infrastructure Bring your own Iron Bring your own Identity Bring your own Improv Bring your own Intoxicant 3 © 2013 NetIQ Corporation. All rights reserved.
- 4. Early adopters and providers BYOI Trends Social, web resource and retail ─ ─ ─ ─ Social identity providers investing in BYOI ─ 4 Use LinkedIn account to access a whitepaper Use Amazon ID rather than creating a new retail account Apply to a new job using LinkedIn account NYC adopting to support constituents Seeking greater return on their identity validation investment © 2013 NetIQ Corporation. All rights reserved.
- 5. BYOD accelerating BYOI BYOI Trends Identity Overload ─ ─ ─ ─ ─ Merging of personal device and identity ─ ─ 5 Average 25 accounts per person and growing Social Networking Financial Accounts (bank, payment, entertainment) Loyalty programs etc Collection of business and personal identities Expect seamless experience from personal device © 2013 NetIQ Corporation. All rights reserved.
- 6. 6 © 2013 NetIQ Corporation. All rights reserved.
- 7. Why do we care about BYOI? Cost reduction / avoidance ─ Increase customer / constituent engagement ─ ─ Reduce registration abandonment Enable more personalized experience interactions Emerging changes in risk ─ ─ ─ 7 Management of identities is expensive Risk shared with customer/constituent and identity provider Responsibility to protect customer privacy remains Privacy risk mitigated by reducing identifiable information © 2013 NetIQ Corporation. All rights reserved.
- 8. Big Question? Should we allow BYOI? 8 © 2013 NetIQ Corporation. All rights reserved.
- 9. Security Concerns When to allow BYOI? Strength of authentication ─ ─ Strength of identity administration ─ ─ How is identity validated for administration? What is required to issue a password reset? Compromised identity ─ ─ 9 Hurdles required to create the identity Hurdles required to validate the identity Who is responsible if identity is breached? How can you revoke access? © 2013 NetIQ Corporation. All rights reserved.
- 10. Different Identity Types When to allow BYOI? Customer and constituents ─ ─ Privileged users ─ ─ ─ Employees, partners, contractors, etc. Significant access to sensitive information & systems Much greater level of personal identifiable information Allow BYOI…? ─ 10 Limited to no access to sensitive information & systems Limited amount of personal identifiable information Must balance risk and value © 2013 NetIQ Corporation. All rights reserved.
- 11. NYC.GOV BYOI Case Study • Different Goals / Desires / Requirements – Residents – NYC – Site Politicians admins Needed a Lightly secured, customer facing portal 11 © 2013 NetIQ Corporation. All rights reserved.
- 12. NYC Constituent Experience BYOI Case Study Access Management requirements Secure Identity-enabled Web Services to provide account info am.nyc.gov Public Resources Non Identity-based information and services, optimized for speed pub.nyc.gov www.nyc.gov is a site composed of information from other webservices, secure, public, and semipublic. 12 © 2013 NetIQ Corporation. All rights reserved. Social Access requirements cf.nyc.gov Personalized Web content, requires only simple consumer authentication or NYC.ID
- 13. Management of public resources BYOI Case Study NYC Tennis Courts ─ ─ ─ Is this a candidate for BYOI? ─ ─ ─ 13 60,000 permits and tickets, 500 courts Annual permits ($100) Scheduling courts a nightmare for NYC and permit holders Low risk Lower cost from web scheduling and external identity Enables external payment collection (i.e. PayPal) © 2013 NetIQ Corporation. All rights reserved.
- 14. Risk of Hacked Identity Mat Honan, Wired Magazine Linked many of his accounts ─ ─ Social accounts: Twitter, LinkedIn Personal: Amazon, Gmail Hackers wanted Twitter handle Hackers exploited weak link 14 © 2013 NetIQ Corporation. All rights reserved.
- 15. Risk of Hacked Identity Mat Honan, Wired Magazine “In the space of one hour, my entire digital life was destroyed.” ─ ─ ─ 15 “First my Google account was taken over, then deleted.” “Next my Twitter account was compromised, and used as a platform to broadcast racist and homophobic messages.” “And worst of all, my AppleID account was broken into, and my hackers used it to remotely erase all of the data on my iPhone, iPad, and MacBook?” “In many ways, this was all my fault. My accounts were daisy-chained together.” © 2013 NetIQ Corporation. All rights reserved.
- 16. Required no advanced skills Mat Honan, Wired Magazine Twitter linked to Gmail account ─ ─ ─ Resetting Apple account requires ─ ─ ─ Physical address & last four digits of credit card Easy to get address How could they get the credit card information? Amazon and AppleID accounts linked ─ ─ ─ 16 Google Account recovery page Gave alternate email: m****n@me.com (hmmmm mhonan)… Letting them know he had an AppleID Name and email address needed to add a card to Amazon Knowing card number allows resetting password Now they have the credit card number for AppleID © 2013 NetIQ Corporation. All rights reserved.
- 17. Key Take-aways Balancing Risk and Value BYOI benefits ─ ─ ─ BYOI risk assessment ─ ─ ─ Customers/constituents involved in identity selection Security of identity beyond your control Still must protect personal identifiable information Must balance value against savings ─ ─ 17 Reduce cost of generating and managing identities Reduce customer/constituent engagement Enable more personalized experience interactions What type of access does it fit? May not be right for your organization…yet © 2013 NetIQ Corporation. All rights reserved.
Editor's Notes
- #11: Identity provisioning really breaks down into two classes. The first class is that of people you provide a service to – constituents, customers , etc . The second class are employees. People who require access to provide a service for you.We collect different identity information from both of these groups. The mechanisms for collection and storage are different, as are the purposes for collection. While some of this identity information is equivalent in sensitivity, it is often handled differently.Depending on what identity class you lost the data from, it will probably have different mitigation requirements and even impact on your organization.
- #12: Residents : Another #$%^$#**** account and password?Not more paperwork…NYC Politicianseasy to use and reduce work (admins)merge disparate accessprovide graded access for customers / constituents and employeeshandle high volume accessneed a drop in solutionneeds to be personalizedcheap (comptroller)Not going to get me in trouble ( compliance)Site admins – need to: work with staff they have
- #13: Always appear to be openSecure identity be available, but did not want to mint a new identity for all constituents. Optimize the consituent experience on the web site to improve customer experience – what have they done before, highlight services based on who, what they have done in the pastAM – SecurityPR – Group of users to sort and filter informationSA – Tailoring it for them