Executives from AOL, FIDO Alliance and Monsanto Share Insights Ahead of Conference
DENVER — July 15, 2014 —Ping Identity®, The Identity Security Company™, today released an interview between Ping Identity CEO Andre Durand and three speakers at this year’s Cloud Identity Summit, July 19-22, at the Monterey Conference Center in Monterey, Calif. This year’s sessions bring together the brightest minds in identity and security to speak about issues that are top of mind for enterprises today, including:
- Internet of Things
- APIs and Identity
- Identity at Scale
- Rethinking Enterprise Cloud Identity
- Identity Governance and Administration
- Faster Application Deployment by Federating Identities
- Mobile Authentication Revolution
In anticipation of Cloud Identity Summit, Ping Identity CEO Andre Durand spoke with George Fletcher, chief architect of Consumer Identity Services, AOL, Inc. (NYSE: AOL), Anthony Randall, security architect, Monsanto (NYSE: MON) and Michael Barrett, president of the FIDO Alliance, about their sessions at the event.
Durand: How do you define “next generation identity management?”
In next generation identity management, recognition will be more critical than credential validation. Instead of asking, “Did they answer their password correctly?” we need to take more factors into consideration to ensure the person or device has permission to do or access what it’s requesting. As the Internet of Things becomes standard, recognizing the entity — whether it’s a person or device — will be critical to avoid trouble when determining who has access to my thermostat, for example.
Next generation identity management is about convergence. It’s about shifting focus from back-office systems and processes to front of house delivery. People require online, on-demand, personalized and self-controlled interactions with their service providers. We need to deliver front of house information systems that represent and allow people, their devices and relationships to interact simply.
In the past we’ve gone through several phases when it comes to identity management, from Identity Access Management (IAM) to federated, to more consumer-facing with OpenID. Now, we’re moving into a maturation phase where all of these factors are coming together and strong authentication is the lynchpin. The addition of strong authentication standards will make a big difference as we define identity management for the next generation.
Durand: What are the major identity management challenges facing enterprises today?
User experience is a major challenge, expectations are access anywhere, any time, any place. There is a wide-range of users, from digital natives to the elderly and we need to simplify their online interactions. Additionally, as we move more to cloud-delivered solutions we need to ensure we have the right mechanisms to maintain user privacy and user/enterprise data.
Durand: How does security need to change now that innovations in the cloud, mobile and Internet of Things pervade our everyday lives at work and at home?
In many ways we hadn’t figured out security and identity in the unconnected world of the late 1990s/2000s, so it’s no surprise that in our hyper-connected world many companies are still struggling with the basics. With the Internet of Things, we need to have a good security model for how two things should be talking to each other and how they can be remotely controlled. Otherwise we have issues with someone being able to turn off your fridge remotely and hack your lightbulbs – concerns that need to be addressed but haven’t been completely solved as technologies continue to evolve.
Durand: Do you think we can ever really do away with the password?
Passwords and PINs are likely forever. However, I think we can make big in-roads into replacements such as, biometrics, recognition-based authentication and certificates. Biometrics are showing promise, they provide stronger authenticators than the password and are gaining adoption, even more so in some verticals, such as healthcare and banking. Advancements in big data have helped improve the very notion of recognition-based authentication, with data sets helping to verify who you are and what you want to do. Finally, as more enterprises deploy mobile devices, certificates are making a resurgence providing certificate-based authentication.
The industry is already moving in this direction and deploying a number of options. The standard way in which users interact with passwords today will definitely change. I can see the concept of passwords, “something I know,” being used in some verification flows but not as the main mechanism for authentication. Of course how long it takes to get there is dependent on making the new forms of authentication easier for the user than using passwords.
This question is very close to home in regards to the work we’re doing at FIDO Alliance. Passwords are going to slowly die, but it’s going to be a long transition. We’re at the beginning stages of a multi-year journey where people will start to use better alternatives, such as biometrics. Over time passwords will become less prevalent, and I expect the majority of people to use other methods for day-to-day authentication.
George Fletcher’s session, titled “Securing the Internet of Things with Open Standards,” will take place on Saturday, July 19, 2014 at 11:00 a.m. PT. Anthony Randall will speak on the topic of “Identity at Scale: Building from the Ground Up,” on Monday, July 21, 2014 at 3:10 p.m. PT. Lastly, Michael Barrett’s session, “Filling the “authentication goes here” Hole in Identity” will take place on Tuesday, July 22 at 3:50 p.m. PT.
Visit www.cloudidentitysummit.com to register for the conference.
About Cloud Identity Summit 2014 – July 19-22 – Monterey, California
Now in its fifth year, Cloud Identity Summit is the world’s premier identity conference. The annual event converges the brightest minds across the identity and security industry. With tracks from industry thought leaders, CIOs and practitioners, Cloud Identity Summit serves as a multi-year roadmap to deploy solutions that are here today but built for the future. This year’s sponsors include (Platinum) Radiant Logic; (Gold) Centrify and Google; (Silver) Axiomatics, Courion, ForgeRock, MicroStrategy, Skyhigh Networks, ThreatMetrix, iC Consult, OneSpan, SailPoint and SecureAuth; (Bronze) Advancive, CoreBlox, Exostar, ViewDS, Layer 7, Qubera Solutions, Yubico, Nok Nok Labs, and UnboundID.
Access last year’s presentations: http://www.slideshare.net/CloudIDSummit
Join the conversation on Twitter: @ CloudIDSummitand # CISmcc
Be part of the Cloud Identity Summit LinkedIn Group
Like the Cloud Identity Summit Facebook
About Ping Identity | The Identity Security Company
Ping Identity believes secure professional and personal identities underlie human progress in a connected world. Our identity and access management platform gives enterprise customers and employees one-click access to any application from any device. Over 1,200 companies, including half of the Fortune 100, rely on our award-winning products to make the digital world a better experience for hundreds of millions of people. Visit
pingidentity.com for more information.
Ping Identity Contacts
Ping Identity Corporation
Follow Us on Twitter:@PingIdentity
Join our LinkedIn Group: Ping Identity Cloud
Subscribe to our YouTube Channel:PingIdentityTV
Like Us on Facebook:PingIdentityPage
FIDO Alliance Releases Guidelines for Optimizing User Experiences with FIDO Security Keys
New guidel...6月 22, 2022