We have seen two evolutionary trends in the Identity and Access Management (IAM) industry. The first is a universal realization that passwords are not enough and must be combined with a second additional factors to properly authenticate users. The second, more recent trend is that even this stronger authentication should not stop at the perimeter, but instead should be done, or re-done, as close as possible to the actual interactions that matter. These interactions can be starting an application, accessing a data block, or performing a transaction. In response to these trends players in the IAM space have been developing targeted solutions that address a specific aspect of the overall need. For example, there are products that specialize in single sign-on (SSO), multi-factor authentication (MFA or 2FA), access management (AM) and or privileged access management (PAM). Although these products may rely on standards such as SAML, OpenID Connect (OIDC), they are generally not interchangeable across vendor boundaries. As a result customers have to get a bundled solution from a single vendor – not an ideal situation to say the least.
Instead of being forced to select all of these individual products from a single source, customers prefer to have the flexibility to pick products from different vendors. Multiple vendors in the IAM space have recognized this need and have created an industry consortium, Identity Defined Security Alliance (IDSA, https://www.idsalliance.org/) to promote interoperability among member products so customers can have this flexibility.
In this talk, we will explain why MFA, SSO, AM, and PAM are specialized areas and how they have evolved independently in response to the two aforementioned trends. We will also explain why it is difficult for a single vendor to deliver robust solutions in all four of these specialized areas, and why it is important to build solutions that inter-operate. The complexity of building robust security solution in today’s ever-changing environment demands this industry collaboration and confluence of expertise. We will then show an example of how SSO-AM-MFA-PAM chain of service can be build using products from different vendors.
This talk will cover the following topics:
- Evolutionary trends in IAM space
- Difference between SSO, MFA, AM, PAM
- Why it is difficult for a single vendor to deliver products in all four of these areas
- How IDSA can help build identity centric security strategies
- A dDemo of an example integration to get chain of chained SSO-AM-MFA-PAM services