Embed Size (px)
Citation preview
Does Multi Factor Authentication MFA without Single Sign On SSO make sense in a Cloud Centric World?
Daniel Power - Regional Sales Manager
Identity-driven enterprise security
The History of Identity & SSO
CloudAWS
Google AppsSalesforce
WebappsNetscapeCookiesFirewall-1
Inflection PointDevelopment
20172010200620011996199419911972Dinosaurs
On Prem AppsSAP
OracleMicrosoft
SSOSiteMinder
OblixClearTrust
TAM
FederationSaaSSAMLCams
HTTPWWWMosaic
IDaaSOneLogin
PingAzure AD
● Virtual Private Networks
● Privileged access
● Legacy Apps - No Standards SSO
● Digital Workspaces - Citrix/VMWare
● Device Security - Fingerprints on
devices
Traditional MFA/2FA Usage in the Enterprise
The challenge of Ubiquitous SaaS usage and Shadow IT
Where are we with cloud adoption?
86%Of new applications are
build to be Browser or
Mobile Only (Forrester)
1,739The number of files
containing passwords in
the cloud (Skyhigh)
1,427Avg cloud services in
use in an average
organisation
(Skyhigh)
92%Of companies have
stolen credentials for
sale on the Darknet
(Skyhigh)
36Avg number of cloud
services regularly used
per employee
(Skyhigh)
19.6%The increased rate at
which companies who
adopt the cloud grow
(Skyhigh)
95%Of cloud security failures
that will be the
customer’s fault through
2020 (Gartner)
18.1%Of files in the cloud
contain sensitive data
(Skyhigh)
Verizon found that “63% of confirmed data breaches involve leveraging weak, stolen or default
passwords.” Further, Verizon reported that 93% of data breaches occurred within minutes, while 83%
weren’t discovered for weeks.
Shadow IT & The Warehouse Metaphor
The Old World Datacentre
● Only One or Two Physical Locations
● Strict Physical Point of Entry
● Strict Control over Access to Apps Passwords - Internal / VPN
● Strict Monitoring of Data Ingress and Egress of data
● Full Access to Activity
● Ability to monitor types of data (PII)
● Easy Decommissioning - get the computer back!
The Warehouse Metaphor
The New SaaS World
● Hundreds of Cloud Locations
● No visibility of point of entry
● No Strict Control over Access to Apps & complexity of
Passwords
● No monitoring of data type (PII)
● No centralised visibility of activity
● No centralised decommissioning
The Warehouse Metaphor
● Discovery
● Technical / Manual / Organisational
● Communication
● LOB Responsibilities
● Building Rules
● Building Trust
● Building Process
● Service Catalogue
● Deployment Process - strong and repeatable
● Deliver SSO with MFA
How do we address the challenge of Shadow IT?
OneLogin
Cloud Security for your entire enterprise
SIEM Integration
WirelessConnect to Multiple ADs
VPNs
Single Sign On for 1000’s of SaaS Apps
On-prem Apps
User Provisioning
Virtual LDAP
1000’s of SaaS Apps
OneLogin Architecture
AD1
ADC 1
ADC 2
ADC 3
LDAP
ADC 1
ADC 2
ADC 3
Trusted IDPSSO
3rd Party IDP
e.g. ADFS/CA/IBM
User Provisioning
User Provisioning
Manual
CSV
Self Reg Portal
API
OneLogin
Universal
Directory
SSO
ON PREM/PRIVATE CLOUD
Reverse ProxyAuth/SSO: SAML/LDAP & WAM(Htttp Headers)Provisioning: SCIM
PUBLIC CLOUD
SaaS AppsAuth/SSO:
SAML/OAuth/OIDC/ Vaulting
Provisioning: SCIM/API
Adaptive Authentication hardened with Machine Intelligence
New city or country
Traveled 500 miles in 2 mins
Known malicious IP address
New device
Unusual time of day
Blacklisted country
Secure and manage all apps
Granular Authentication Policies
Who are they
Centralize Different policies for different people.
Execs v Warehousemen
Accounts v Volunteers
Where are they accessing form
What Apps are they accessing
What policy is suitable from the corporate LAN?
What policy is suitable for working from a Hotel?
Do we need MFA for a learning App for Shop Floor Workers?
Should we always enforce MFA for HR staff accessing HR Software?
Added business benefits of deploying Single Sign On
● Happier Users - Employees will learn to love IT Again. One Password for all their
Apps and no time wasted doing password resets every time they forget a password.
● Happier Security teams - Security now have visibility of Applications, can enforce
Password Policies, 2 Factor Authentication and Off Boarding workflows
● Happier Compliance teams have a full audit trail of which applications users have,
when they accessed them and when access was revoked
● Happier Application and Line of Business Managers as they can pass back
responsibility to IT for ensuring onboarding and off boarding of employees and can
learn to love IT again. Line of Business managers also get full visibility as to who is
using which applications and how often.
● Happier IT teams as they do not have to spend time on small provisioning tasks
when someone joins an organisation.
Q&A
