Product and service reviews are conducted independently by our editorial team, but we sometimes make money when you click on links. Learn more.

Identity Defined Security Alliance, Letting Risk Dictate User Privileges

By - Source: Toms IT Pro
Tags :

As users bring more portable devices to work, and millennials insist on working from anywhere, putting organizational data in the cloud, what happens to the organization's boundaries? One of the hardest security problems to solve is how we govern user privileges if users work from locations with different security profiles. Those differing profiles are caused by consumer change: sometimes engaging in risky behaviors, or using a compromised device.  

Pam Dingle, senior technical architect for Ping Identity, explained that the old security concept of protecting single elements, such as endpoints, cloud applications, email, or networks is challenged by the proliferation of BYOD, spreading domains, and remote borders. In short, the old way of protecting these single elements doesn't work.  

Enter Identity Defined Security Alliance (IDS Alliance). This new consortium comprises Ping Identity, AirWatch (which was purchased by VMware last year), Netskope, and ThreatMetrix. Ping Identity is an identity and access management (IAM) company, AirWatch is an enterprise mobility management  company, Netskope is a cloud-based security services company, and ThreatMetrix is an SaaS (software as a service) security company using sophisticated metrics to verify digital identities. 

"The proliferation of cloud, mobile and Internet of Things has made navigating an already confusing landscape of security solutions even more challenging for CISOs," said Andre Durand, founder and CEO, Ping Identity. "There is no silver bullet solution to the complex challenges that today's modern enterprises face, so we created this alliance to help companies select technology solution partners that share a common vision for a new approach to security that ensures trusted users seamless, secure access to what they need to get their job done."

How would this work in practice? How would we apply security policies across all resources in a transparent fashion? Pam Dingle gave this example:  Say a user removes a pass code from a mobile device. AirWatch detects this and makes a call to the risk evaluation engine (ThreatMetrix), which calculates a new risk score in real time. This changed risk is communicated to Netskope and PING federate. Netskope locks out access to cloud applications, and PING federate revokes long term tokens. 

Identity and access flow from initial authentication to access of various services, moderated by risk analysis (gray boxes). Identity and access flow from initial authentication to access of various services, moderated by risk analysis (gray boxes).

Though there is no single pane of glass for these separate products – that comes later – as of now, the IDS Alliance companies pledge that the products will work together with out of the box integration, and there will be no finger pointing. This notion has buy-in from executive management at all four companies.

Other Alliance goals include promulgation of implementation guidance, consumer education, and eventual seamless administration. Sanjay Beri, co-founder and CEO, Netskope observed: "Our goal ... is to enable the safe usage of those apps, whether sanctioned or unsanctioned ... will ensure that cloud-forward organizations have the most comprehensive framework for identity management and cloud governance available today."

In summary, the IDS Alliance's comprehensive platform includes the following features, which enable cradle-to-grave user management of borderless access:

● Identity federation and single sign-on

● Contextual, multi-factor authentication

● Web and API access security

● Enterprise mobility management

● Cloud access security brokering

● Identity, behavior and threat analytics

● Endpoint security management

Perhaps Reed Taussig, president and CEO of ThreatMetrix, best concluded, "As the Identity Defined Security Alliance clearly illustrates, the most effective way to fight today's advanced threats is through a unified approach to cybersecurity."