CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in Three Acts - Laura Hunter

Deploying Strong Authentication to a Global Enterprise: A Comedy in Three Acts

Laura E. Hunter@adfskitteh

Cards Against Identity

Act One: The Perpetual Pilot


Microsoft IT’s Azure MFA Deployment was in Pilot for ______ months…



Cards Against Identity Cards Against Identity




1 month Cards Against Identity1 month Cards Against Identity



1 month 2 months1 month 2 months


6 months Cards Against Identity

1 month 2 months1 month 2 months


6 months 12 months

1 month 2 months

12 months


Why so long?


“Sharp Edges” in the User Experience


Lack of Top-Down Organizational Messaging


A year-long pilot was still worthwhile, because it allowed IT to ___________ and ___________.


Learn How To Operate a New Service Offering


Plan for Scale


Act Two: The Inciting Event



What did Laura get for Christmas this year?






1 month Cards Against IdentityA pony Cards Against Identity



1 month 2 monthsA pony New shoes


Back2back Seahawks Super Bowl victories


1 month 2 monthsA pony New shoes


Back2back Seahawks Super Bowl victories

A 9:30am Christmas-morning conference call with her CISO

A pony New shoes

A 9:30am Christmas-morning conference call with her CISO


“Hey IT…you can roll out strong auth to all Microsoft users by the end of the month, right?”







1 month Cards Against Identity“Is there a hole in the ground that I can disappear into right now?”




1 month 2 months“Is there a hole in the ground that I can disappear into right now?”

“Are you directly out of your everloving mind?”


“Absolutely, boss. We can get that done.”


1 month 2 months“Is there a hole in the ground that I can disappear into right now?”




“Sorry, can we chat later? I’m watching Winter Soldier.”

“Is there a hole in the ground that I can disappear into right now?”




So how did it go, Laura?


Executive sponsorship…


…including acceptance of some rough edges…


…led to a largely successful deployment of strong auth to Microsoft employees.


Act Three: The New Normal


What Constitutes a Legitimate Exception to Strong Auth Policy?







1 month Cards Against Identity“I’m sitting on my sofa with my iPad. My laptop is on my kitchen table and I don’t feel like getting up to go get it.”




1 month 2 months“I’m sitting on my sofa with my iPad. My laptop is on my kitchen table and I don’t feel like getting up to go get it.”

Retail employees working the sales floor.


“I do customer demos.” Cards Against Identity

1 month 2 months“I’m sitting on my sofa with my iPad. My laptop is on my kitchen table and I don’t feel like getting up to go get it.”



“I do customer demos.” “NEIN! NEIN! NEIN!ZERE VIL’ BE NO EXCEPTIONS!”

“I’m sitting on my sofa with my iPad. My laptop is on my kitchen table and I don’t feel like getting up to go get it.”


After a Strong Auth Rollout, What Will IT Get Blamed For?







1 month Cards Against Identity“I can’t get on wireless, is it because of 2FA?”




1 month 2 months“I can’t get on wireless, is it because of 2FA?”

“I can’t renew my smart card, is this because of 2FA?”


“The MDM PIN policy changed, is this because of 2FA?”


1 month 2 months“I can’t get on wireless, is it because of 2FA?”




“<%insert name of app%> wouldn’t launch this morning, is it because of 2FA?”

“I can’t get on wireless, is it because of 2FA?”




Postlude: The Road Ahead


THANK YOU!

Laura E. Hunter@adfskitteh

Cards Against Identity Template design: [email protected]

Technology

CIS 2015 Deploying Strong Authentication to a Global Enterprise: A Comedy in Three Acts - Laura Hunter