IAM for the Masses: Managing Consumer Identities
description
Transcript of IAM for the Masses: Managing Consumer Identities
© 2014 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. or its affiliates. This publication may not be reproduced or distributed in any form without Gartner's prior written permission. If you are authorized to access this publication, your use of it is subject to the Usage Guidelines for Gartner Services posted on gartner.com. The information contained in this publication has been obtained from sources believed to be reliable. Gartner disclaims all warranties as to the accuracy, completeness or adequacy of such information and shall have no liability for errors, omissions or inadequacies in such information. This publication consists of the opinions of Gartner's research organization and should not be construed as statements of fact. The opinions expressed herein are subject to change without notice. Although Gartner research may include a discussion of related legal issues, Gartner does not provide legal advice or services and its research should not be construed or used as such. Gartner is a public company, and its shareholders may include firms and funds that have financial interests in entities covered in Gartner research. Gartner's Board of Directors may include senior managers of these firms or funds. Gartner research is produced independently by its research organization without input or influence from these firms, funds or their managers. For further information on the independence and integrity of Gartner research, see "Guiding Principles on Independence and Objectivity."
Lori [email protected]
IAM for the Masses: Managing Consumer Identities
© 2014 Gartner, Inc. and/or its affiliates. All rights reserved.
Gartner delivers the technology-related insight necessary for our clients to make the right decisions, every day.
2
© 2014 Gartner, Inc. and/or its affiliates. All rights reserved.
Nexus of forces
© 2014 Gartner, Inc. and/or its affiliates. All rights reserved.
Anytime, anywhere, any device
4
© 2014 Gartner, Inc. and/or its affiliates. All rights reserved.
Social permeates business
• BYOI• Marketing• Customer interactions• Internal communication
5
Colleagues
Teams
Network
FriendsEnterprise
Personal
© 2014 Gartner, Inc. and/or its affiliates. All rights reserved.
Physical & virtual worlds Mmrge
Trainer
Doctor
Insurance Agent
© 2014 Gartner, Inc. and/or its affiliates. All rights reserved.
The digital business has arrived!
7
© 2014 Gartner, Inc. and/or its affiliates. All rights reserved. 8
Identity (circa) 2014…
© 2014 Gartner, Inc. and/or its affiliates. All rights reserved. 9
© 2014 Gartner, Inc. and/or its affiliates. All rights reserved. 10
© 2014 Gartner, Inc. and/or its affiliates. All rights reserved. 11
© 2014 Gartner, Inc. and/or its affiliates. All rights reserved.
• Government-to-citizen (G2C)• Application-to-Application (A2A)• Things-to-things (T2T)
Many relationships to manage…
• Business-to-employee (B2E)• Business-to-business (B2B)• Business-to-consumer (B2C)
© 2014 Gartner, Inc. and/or its affiliates. All rights reserved.© 2014 Gartner, Inc. and/or its affiliates. All rights reserved.
Consumer IAM Characteristics
13
© 2014 Gartner, Inc. and/or its affiliates. All rights reserved.
14
Consumer Employee
Massive Scale Medium to Large
Distributed Control Centralized
Individual Focus Business
© 2014 Gartner, Inc. and/or its affiliates. All rights reserved.
It’s about relationships & data!
• Consumer IAM is marketing & revenue driven• CMO often sponsors project• User experience impacts revenue: login is the
front door to the digital storefront• Identity data is the new gold!
- Personalization & contextualization- Targeted marketing- Direct sell of ID data
© 2014 Gartner, Inc. and/or its affiliates. All rights reserved.© 2014 Gartner, Inc. and/or its affiliates. All rights reserved.
Consumer IAM Requirements
16
© 2014 Gartner, Inc. and/or its affiliates. All rights reserved.© 2014 Gartner, Inc. and/or its affiliates. All rights reserved. 17
© 2014 Gartner, Inc. and/or its affiliates. All rights reserved.
Balance benefit vs. risk
• Protect individuals’ privacy while maximizing the value of consumer data
Revenue Privacy
Consent & Permission
Choice & Control
Transparency
Data sharing & federation
Personalization
Consumer Profile Data
© 2014 Gartner, Inc. and/or its affiliates. All rights reserved.
• Ensure that users are who they say they are.
• Make sure the right users get access to the right information.
Secure individual & business assets
© 2014 Gartner, Inc. and/or its affiliates. All rights reserved.
User experience matters!
20
• Simplified• Seamless across domains• Mobile optimized• Personalized & Contextualized
© 2014 Gartner, Inc. and/or its affiliates. All rights reserved.
Scale to the Masses
• Ability to support millions of identities• Available 24 x 7 x 365• Ensure throughput • Performance at scale
21
© 2014 Gartner, Inc. and/or its affiliates. All rights reserved.
Ensure Agility
22
Employee Contractor Vendor Partner Customer Public
Traditional Hybrid Modern
© 2014 Gartner, Inc. and/or its affiliates. All rights reserved.© 2014 Gartner, Inc. and/or its affiliates. All rights reserved.
Consumer IAM: Technical Approaches
23
© 2014 Gartner, Inc. and/or its affiliates. All rights reserved.
Registration
• Self-service registration• Delegated administration• Social identities • Just-in-time (JIT) provisioning• User account provisioning
Note: Consumer identities are typically only de-provisioned or deleted upon consumer request)
© 2014 Gartner, Inc. and/or its affiliates. All rights reserved.
Identity assurance levels
25
Generic/Guest
Social Identity
Registered User
Vetted Identity
Low Assurance High Assurance
© 2014 Gartner, Inc. and/or its affiliates. All rights reserved.
Data validation & identity proofing
- Data validation• Data structure rules• Data verification (e.g. email address, credit card data)
- Identity proofing• E-mail verification• KBA • Identity matching & scoring• Telephone caller id• Device fingerprinting• Social footprint
26
© 2014 Gartner, Inc. and/or its affiliates. All rights reserved.
Consumer profile management
• Consumer profile management tools allow user to:- Set user preferences- Manager user name and password- Control privacy settings - Populate identity attributes:• User volunteered: Progressive Profiling• Social sharing
27
© 2014 Gartner, Inc. and/or its affiliates. All rights reserved.
Data collection, aggregation, & storage
28
• Identity store must scale for the masses• Consumer data is dispersed across multiple
sources• Identity Store:• Databases• Special purpose directories
• Data synchronization:• Virtual directories• Meta-directories• User provisioning
© 2014 Gartner, Inc. and/or its affiliates. All rights reserved.
Authorization
• Rules• Roles• Group membership• OAuth• Externalized Auth
© 2014 Gartner, Inc. and/or its affiliates. All rights reserved.
Authentication
• Username/Password combo• Multifactor authentication:
- Knowledge-based authentication (pins, images, personal information, historical information, and so on)
- One-time passwords (often using mobile devices)- Out of band (email, SMS, mobile device, phone)
• Federation/ Social Login (SAML, OpenID Connect, OAuth)
© 2014 Gartner, Inc. and/or its affiliates. All rights reserved.
Authentication
• Adaptive Access Control
31
© 2014 Gartner, Inc. and/or its affiliates. All rights reserved.
Audit
• Focus on protecting both the business' assets and consumers' privacy
• Differs from enterprise IAM audits• Includes:
- Reporting- Real-time Monitoring- Fraud Detection- Behavioral/Contextual Analysis- SIEM and GRC Integration
© 2014 Gartner, Inc. and/or its affiliates. All rights reserved.© 2014 Gartner, Inc. and/or its affiliates. All rights reserved.
Additional Considerations
© 2014 Gartner, Inc. and/or its affiliates. All rights reserved.
Standards and protocols
• SAML 2.0• OAuth 2.0• Open ID Connect• SCIM 1.1
© 2014 Gartner, Inc. and/or its affiliates. All rights reserved.
REST
© 2014 Gartner, Inc. and/or its affiliates. All rights reserved.
Technology maturity
• Not all technologies are equal on the maturity scale.• Provisioning, workflow, LDAP, enterprise federation,
and audit technologies are established, more mature.
• Federated and user-centric technologies are still evolving, less mature.
• Some "old school" technologies like directories are being revamped to handle massive scale.
© 2014 Gartner, Inc. and/or its affiliates. All rights reserved.
Who can manage identities for me? Outsourcing alternatives
• Social Identities• Federation Hubs• Identity Providers
© 2014 Gartner, Inc. and/or its affiliates. All rights reserved.© 2014 Gartner, Inc. and/or its affiliates. All rights reserved.
Recommendations
© 2014 Gartner, Inc. and/or its affiliates. All rights reserved.
Recommendations
Build an IAM program specific to consumers: Consumer IAM use cases are not necessarily the same as employee IAM use cases.
Understand who the business stakeholders are for the consumer IAM program.
Integrate existing IAM infrastructure wherever possible.
Design a consumer IAM infrastructure that not only protects the business, but ensures the privacy of the consumer.
© 2014 Gartner, Inc. and/or its affiliates. All rights reserved.
Recommendations
Consider using social identities (for low-assurance transactions).
Deploy identity proofing for higher assurance.Preprovision only when you have to: Use JIT.Use a scalable/purpose-built directory or
database.Implement stronger authentication mechanisms.Implement adaptive access controls.Utilize standards as much as possible.
© 2014 Gartner, Inc. and/or its affiliates. All rights reserved.
Recommended Gartner Research
Guidance Framework for Managing Consumer Identities
Lori Robinson
Understanding Modern Federation Trends and Their Influence on Identity and Access Architecture
Mary E. Ruddy (G00251840)
Adaptive Access Control Brings Together Identity, Risk and Context
Trent Henry (G00250319) Deploying OAuth and OpenID Connect for Enterprise
Use Cases
Mary E. Ruddy (G00252923)
For more information, stop by Gartner Research Zone.