SlideShare a Scribd company logo

Identity - The Cornerstone of Information Security

Ben Boyd, profile picture
Ben Boyd

The document discusses the importance of identity in information security and introduces the concept of zero-trust and least privilege as essential strategies to block a significant percentage of threats. It highlights recent high-profile security breaches, emphasizes the need for adaptable security measures across various technologies and environments, and advocates for comprehensive identity management strategies. The document concludes by stressing the necessity of placing identity at the center of security management to ensure effective monitoring and access control.

Technology
Related topics:
Information Security • IT Security • Identity Management
1 of 22
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
Identity The Cornerstone of Information Security Ben Boyd | Sr. Security Architect | Integration Partners
YOU CAN BLOCK 95-100% of THREATS No machine learning No artificial intelligence No quantum cryptography
Really? How? Zero-Trust Least Privilege
The End
IdentityPeople Technology Applications Endpoints Infrastructure Wearables IoT Employees Contractors Vendors Customers Anyone/Everyone
A Native Nebraskan Knew in 1936
It’s as easy as 1,2,3….. 4 • Identify • Subjects, Objects, Actions… verbs? • Decide • Allow/Deny/Challenge (Know, Have, and Are) • Grant • Permissions, Authority, Access • Watch • Monitor, Record, Timed Access
But what about the last 4 months? • September 2017 • SEC – Non public filings (Remote Code Execution) GRANT • Equifax – 143M records of PII (Remote Code Execution) GRANT • Deloitte – 100% of emails (Admin Account..OMG 2FA) DECIDE • July 2017 • Verizon – 14M records of PII (Insecure publically facing) GRANT/WATCH • CA Assoc. of Realtors – 250K Credit Cards (Malware) GRANT/WATCH • June 2017 • Deep Root Analytics – 198M records of PII (unsecured cloud) GRANT/WATCH • Washington State University – 1M records of PII (stolen safe) GRANT/WATCH
Ok… The last 6 months? • May 2017 • Kmart – 1M Credit Cards (Malware) • OneLogin– 100% of customers (Private Key Loss) • Gmail – 1M Users Email Accounts (phishing) • April 2017 • Chipotle– 1M+ Credit Cards (Malware) • IHG – 1M+ Credit Cards (Malware) • FAFSA IRS Tool – 100K records of PII (Public Tool Abuse)
Identity. The new (old) perimeter. Yesterday’s Reality Today’s Reality Monolithic, Contained, Rigid Employees Perimeter Security, VPN THE WORLD BEFORE Distributed, Mobile, Hybrid Insecure, Fragmented THE WORLD TODAY Partners Employees Contractors Customers
Start Now! • The attack surface is spreading • Target and HVAC • Toasters and Cars coming soon! • Wait, Dyson is making a car?
So, I should just grill everyone?
A balancing act between YES and NO Speaking of Toasters… 11 IPs 3 Bluetooth radios 8 Zigbee radios 3 Z-wave radios How many toasters do you have? IPs? Radios? USBs? Miswires?
Where does Identity Matter?
Context Matters • Geo-location • Device specific • Corporate Asset • Registered BYOD • Unregistered “Bad Guy” • IP/Location Reputation • Time Sensitive
Beside the Obvious Workstations (End Users) Servers Seriously? Why are we still giving these people admin rights?! User namespaces (Jails) Containers
Firewalls • Perimeter, Core, Virtual? D. All of the above • User-based FW is a MUST • User-based policies are a MUST
Applications • Put identity at the center of everything! • Network effect on access – Scale from 1 to millions • Stay neutral! Lifecycle Management Mobility Management Universal Directory Adaptive Multi-Factor Authentication Developer SDKs Single Sign-On API Access Management Extensible Profiles, Attribute Transformations, Directory Integration and AD Password Management Secure SSO for All Your Web Apps, On-prem and Cloud, with Flexible Policy, from Any Device Contextual Access Policies, Modern Factors, Adaptive Authentication, Integrations for Apps and VPNs Lifecycle Management, Cloud & On-prem App Integration, Mastering from Apps, Directory Provisioning, Rules, Workflow, Reporting Tight User Identity Integration, Device Based Contextual Access, Light-weight Management OAuth 2.0 API authorization, Flexible identity-driven policy engine, Easy & centralized administration across APIs SDKs simplify the process of managing your Okta org. Use our REST APIs easily.
How about both? (Sponsor Time!)
Where else? • Data Analytics • Info from everything • Network Gear • Servers • Endpoints • Clouds • Wireless • Toasters? • Aware, Alert, Alarm • Churn baby churn!
Questions
Thank You!

More Related Content

PDF
Refugees on Rails Berlin - #2 Tech Talk on Security
Gianluca Varisco
 
PDF
Hack the World: IT/IOT/ICS SCADA OSINT
DefCamp
 
PDF
Iot ppt
dhritykachhwaha
 
PPTX
LAW PPT-LAWS IN DIGITAL AGE/SOCIAL MEDIA.
Rushabh Shah
 
PPTX
Cybercrime trends in last five years
SABBY GILL
 
PPTX
Things Security
Dony Riyanto
 
PPTX
IoT - Rise of New Zombies Army
Muhammad Faisal Naqvi, CISSP, CISA, AMBCI, ITIL, ISMS LA n Master
 
PPTX
Security is sim
Tim Krabec
 
Refugees on Rails Berlin - #2 Tech Talk on Security
Gianluca Varisco
 
Hack the World: IT/IOT/ICS SCADA OSINT
DefCamp
 
Iot ppt
dhritykachhwaha
 
LAW PPT-LAWS IN DIGITAL AGE/SOCIAL MEDIA.
Rushabh Shah
 
Cybercrime trends in last five years
SABBY GILL
 
Things Security
Dony Riyanto
 
IoT - Rise of New Zombies Army
Muhammad Faisal Naqvi, CISSP, CISA, AMBCI, ITIL, ISMS LA n Master
 
Security is sim
Tim Krabec
 

What's hot (20)

PDF
Privacy on the Series of Tubes of Things
EFF-Austin
 
PPTX
Digital law
Alieyn_
 
PPTX
The art of deceiving humans a.k.a social engineering
Suraj Khetani
 
PPTX
Isc(2) eastbay-lenin aboagye
Lenin Aboagye
 
PPTX
Webinar: True Stories From the Threat Hunting Files
Kelsey LaBelle (She Her)
 
PDF
Introduction to the Internet of Things
Ismail Al Kamal
 
PDF
Intro to information security
Viraj Ekanayake
 
PPTX
C3 Cyber
Deepak Kumar (D3)
 
PDF
Christopher Biedermann, EmiTel Ltd: Cybersecurity and the Internet of Things
Katedra Informatologii. Wydział Dziennikarstwa, Informacji i Bibliologii, Uniwersytet Warszawski
 
PPTX
Stepping Up conference 2013
kumar641
 
PDF
The Basics: Reviewing & Producing ESI Evidence
Aaron Vick
 
PPTX
How to keep women safe, online?
Ankit Mehta
 
PPTX
Location: Trends, Ethics & Diversity
PLACE
 
PPTX
IoT & Big Data - A privacy-oriented view of the future
Facundo Mauricio
 
PPTX
Cyber crime1 vaibhavi
Vaibhavikhurana
 
PDF
Around a Few Big Buttons
Suo&Co Oy
 
PDF
Cyphra - Cyber Security
NICVA
 
PPTX
ICO Presentation - Data Protection
NICVA
 
PPTX
Energy and The Internet of Things
Eenovators Limited
 
PDF
Building powerful apps with ArangoDB & KeyLines
Cambridge Intelligence
 
Privacy on the Series of Tubes of Things
EFF-Austin
 
Digital law
Alieyn_
 
The art of deceiving humans a.k.a social engineering
Suraj Khetani
 
Isc(2) eastbay-lenin aboagye
Lenin Aboagye
 
Webinar: True Stories From the Threat Hunting Files
Kelsey LaBelle (She Her)
 
Introduction to the Internet of Things
Ismail Al Kamal
 
Intro to information security
Viraj Ekanayake
 
C3 Cyber
Deepak Kumar (D3)
 
Christopher Biedermann, EmiTel Ltd: Cybersecurity and the Internet of Things
Katedra Informatologii. Wydział Dziennikarstwa, Informacji i Bibliologii, Uniwersytet Warszawski
 
Stepping Up conference 2013
kumar641
 
The Basics: Reviewing & Producing ESI Evidence
Aaron Vick
 
How to keep women safe, online?
Ankit Mehta
 
Location: Trends, Ethics & Diversity
PLACE
 
IoT & Big Data - A privacy-oriented view of the future
Facundo Mauricio
 
Cyber crime1 vaibhavi
Vaibhavikhurana
 
Around a Few Big Buttons
Suo&Co Oy
 
Cyphra - Cyber Security
NICVA
 
ICO Presentation - Data Protection
NICVA
 
Energy and The Internet of Things
Eenovators Limited
 
Building powerful apps with ArangoDB & KeyLines
Cambridge Intelligence
 
Ad

Similar to Identity - The Cornerstone of Information Security (20)

PPT
Embracing the IT Consumerization Imperitive
Barry Caplin
 
PPT
Embracing the IT Consumerization Imperitive
Barry Caplin
 
PDF
Threat Hunting, Detection, and Incident Response in the Cloud
Ben Johnson
 
PDF
Better to Ask Permission? Best Practices for Privacy and Security
Eric Kavanagh
 
PDF
Recent developments in data analytics and big data
Dez Blanchfield
 
PDF
A Comedy of Errors in Web Application Security
Rob Dudley
 
PPTX
Protecting Yourself From Data and Identity Theft
Mary Lou Roberts
 
PDF
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
APNIC
 
PDF
2017-03-30 IT Security - What You Need To Know
Raffa Learning Community
 
PPT
Lumension Security - Adjusting our defenses for 2012
Andris Soroka
 
PPTX
Discover advanced threats with threat intelligence - Jeremy Li
Jeremy Li
 
PDF
2015-03-24 IT Security - What You Need to Know
Raffa Learning Community
 
PPTX
Iron Bastion: How to Manage Your Clients' Data Responsibly
Gabor Szathmari
 
PDF
DECEPTICONv2
đź‘€ Joe Gray
 
PDF
[Bucharest] Catching up with today's malicious actors
OWASP EEE
 
PDF
The 5 Crazy Mistakes IoT Administrators Make with System Credentials
BeyondTrust
 
PPTX
Cyber threat Intelligence and Incident Response by:-Sandeep Singh
OWASP Delhi
 
PDF
This Time, It’s Personal: Why Security and the IoT Is Different
Justin Grammens
 
PPTX
Do it Best Corp. Techapalooza 2013 Presentation
Brian T. O'Hara CISA, CISM, CRISC, CCSP, CISSP
 
PDF
OSINT- Leveraging data into intelligence
Deep Shankar Yadav
 
Embracing the IT Consumerization Imperitive
Barry Caplin
 
Embracing the IT Consumerization Imperitive
Barry Caplin
 
Threat Hunting, Detection, and Incident Response in the Cloud
Ben Johnson
 
Better to Ask Permission? Best Practices for Privacy and Security
Eric Kavanagh
 
Recent developments in data analytics and big data
Dez Blanchfield
 
A Comedy of Errors in Web Application Security
Rob Dudley
 
Protecting Yourself From Data and Identity Theft
Mary Lou Roberts
 
UMS Cybersecurity Awareness Seminar: Cybersecurity - Lessons learned from sec...
APNIC
 
2017-03-30 IT Security - What You Need To Know
Raffa Learning Community
 
Lumension Security - Adjusting our defenses for 2012
Andris Soroka
 
Discover advanced threats with threat intelligence - Jeremy Li
Jeremy Li
 
2015-03-24 IT Security - What You Need to Know
Raffa Learning Community
 
Iron Bastion: How to Manage Your Clients' Data Responsibly
Gabor Szathmari
 
DECEPTICONv2
đź‘€ Joe Gray
 
[Bucharest] Catching up with today's malicious actors
OWASP EEE
 
The 5 Crazy Mistakes IoT Administrators Make with System Credentials
BeyondTrust
 
Cyber threat Intelligence and Incident Response by:-Sandeep Singh
OWASP Delhi
 
This Time, It’s Personal: Why Security and the IoT Is Different
Justin Grammens
 
Do it Best Corp. Techapalooza 2013 Presentation
Brian T. O'Hara CISA, CISM, CRISC, CCSP, CISSP
 
OSINT- Leveraging data into intelligence
Deep Shankar Yadav
 
Ad

Recently uploaded (20)

PDF
NewMind AI Weekly Chronicles – August ’25 Week III
NewMind AI
 
PDF
A comparative study of natural language inference in Swahili using monolingua...
IAESIJAI
 
PDF
Web App vs Mobile App What Should You Build First.pdf
KodekX
 
PDF
Univ-Connecticut-ChatGPT-Presentaion.pdf
ry7r52mzb4
 
PPT
Module 1.ppt Iot fundamentals and Architecture
nanditha7766
 
PDF
From MVP to Full-Scale Product A Startup’s Software Journey.pdf
KodekX
 
PDF
August Patch Tuesday
Ivanti
 
PPTX
O2C Customer Invoices to Receipt V15A.pptx
ssuserbfa915
 
PPT
What is a Computer? Input Devices /output devices
GulJan8
 
PDF
STKI Israel Market Study 2025 version august
Dr. Jimmy Schwarzkopf
 
PDF
Getting Started with Data Integration: FME Form 101
Safe Software
 
PDF
Zenith AI: Advanced Artificial Intelligence
Biz Preneurs
 
PDF
WOOl fibre morphology and structure.pdf for textiles
Rajendrakumar868651
 
PDF
gpt5_lecture_notes_comprehensive_20250812015547.pdf
Chinchu40
 
PPTX
TLE Review Electricity (Electricity).pptx
JayPolicarpio2
 
PDF
A novel scalable deep ensemble learning framework for big data classification...
IAESIJAI
 
PDF
Architecture types and enterprise applications.pdf
ChristopherTHyatt
 
PDF
Enhancing emotion recognition model for a student engagement use case through...
IAESIJAI
 
PDF
Hybrid model detection and classification of lung cancer
IAESIJAI
 
PPTX
1. Introduction to Computer Programming.pptx
bonakiduza1024
 
NewMind AI Weekly Chronicles – August ’25 Week III
NewMind AI
 
A comparative study of natural language inference in Swahili using monolingua...
IAESIJAI
 
Web App vs Mobile App What Should You Build First.pdf
KodekX
 
Univ-Connecticut-ChatGPT-Presentaion.pdf
ry7r52mzb4
 
Module 1.ppt Iot fundamentals and Architecture
nanditha7766
 
From MVP to Full-Scale Product A Startup’s Software Journey.pdf
KodekX
 
August Patch Tuesday
Ivanti
 
O2C Customer Invoices to Receipt V15A.pptx
ssuserbfa915
 
What is a Computer? Input Devices /output devices
GulJan8
 
STKI Israel Market Study 2025 version august
Dr. Jimmy Schwarzkopf
 
Getting Started with Data Integration: FME Form 101
Safe Software
 
Zenith AI: Advanced Artificial Intelligence
Biz Preneurs
 
WOOl fibre morphology and structure.pdf for textiles
Rajendrakumar868651
 
gpt5_lecture_notes_comprehensive_20250812015547.pdf
Chinchu40
 
TLE Review Electricity (Electricity).pptx
JayPolicarpio2
 
A novel scalable deep ensemble learning framework for big data classification...
IAESIJAI
 
Architecture types and enterprise applications.pdf
ChristopherTHyatt
 
Enhancing emotion recognition model for a student engagement use case through...
IAESIJAI
 
Hybrid model detection and classification of lung cancer
IAESIJAI
 
1. Introduction to Computer Programming.pptx
bonakiduza1024
 

Identity - The Cornerstone of Information Security

  • 1. Identity The Cornerstone of Information Security Ben Boyd | Sr. Security Architect | Integration Partners
  • 2. YOU CAN BLOCK 95-100% of THREATS No machine learning No artificial intelligence No quantum cryptography
  • 6. A Native Nebraskan Knew in 1936
  • 7. It’s as easy as 1,2,3….. 4 • Identify • Subjects, Objects, Actions… verbs? • Decide • Allow/Deny/Challenge (Know, Have, and Are) • Grant • Permissions, Authority, Access • Watch • Monitor, Record, Timed Access
  • 8. But what about the last 4 months? • September 2017 • SEC – Non public filings (Remote Code Execution) GRANT • Equifax – 143M records of PII (Remote Code Execution) GRANT • Deloitte – 100% of emails (Admin Account..OMG 2FA) DECIDE • July 2017 • Verizon – 14M records of PII (Insecure publically facing) GRANT/WATCH • CA Assoc. of Realtors – 250K Credit Cards (Malware) GRANT/WATCH • June 2017 • Deep Root Analytics – 198M records of PII (unsecured cloud) GRANT/WATCH • Washington State University – 1M records of PII (stolen safe) GRANT/WATCH
  • 9. Ok… The last 6 months? • May 2017 • Kmart – 1M Credit Cards (Malware) • OneLogin– 100% of customers (Private Key Loss) • Gmail – 1M Users Email Accounts (phishing) • April 2017 • Chipotle– 1M+ Credit Cards (Malware) • IHG – 1M+ Credit Cards (Malware) • FAFSA IRS Tool – 100K records of PII (Public Tool Abuse)
  • 10. Identity. The new (old) perimeter. Yesterday’s Reality Today’s Reality Monolithic, Contained, Rigid Employees Perimeter Security, VPN THE WORLD BEFORE Distributed, Mobile, Hybrid Insecure, Fragmented THE WORLD TODAY Partners Employees Contractors Customers
  • 11. Start Now! • The attack surface is spreading • Target and HVAC • Toasters and Cars coming soon! • Wait, Dyson is making a car?
  • 12. So, I should just grill everyone?
  • 15. Context Matters • Geo-location • Device specific • Corporate Asset • Registered BYOD • Unregistered “Bad Guy” • IP/Location Reputation • Time Sensitive
  • 16. Beside the Obvious Workstations (End Users) Servers Seriously? Why are we still giving these people admin rights?! User namespaces (Jails) Containers
  • 17. Firewalls • Perimeter, Core, Virtual? D. All of the above • User-based FW is a MUST • User-based policies are a MUST
  • 18. Applications • Put identity at the center of everything! • Network effect on access – Scale from 1 to millions • Stay neutral! Lifecycle Management Mobility Management Universal Directory Adaptive Multi-Factor Authentication Developer SDKs Single Sign-On API Access Management Extensible Profiles, Attribute Transformations, Directory Integration and AD Password Management Secure SSO for All Your Web Apps, On-prem and Cloud, with Flexible Policy, from Any Device Contextual Access Policies, Modern Factors, Adaptive Authentication, Integrations for Apps and VPNs Lifecycle Management, Cloud & On-prem App Integration, Mastering from Apps, Directory Provisioning, Rules, Workflow, Reporting Tight User Identity Integration, Device Based Contextual Access, Light-weight Management OAuth 2.0 API authorization, Flexible identity-driven policy engine, Easy & centralized administration across APIs SDKs simplify the process of managing your Okta org. Use our REST APIs easily.
  • 19. How about both? (Sponsor Time!)
  • 20. Where else? • Data Analytics • Info from everything • Network Gear • Servers • Endpoints • Clouds • Wireless • Toasters? • Aware, Alert, Alarm • Churn baby churn!