Identity in the Cloud IAM for the new Digital Age. Corné van Rooij - VP Product Management May 16 th 2017 SIGS Technology Conference 2017

Transcription

1 Identity in the Cloud IAM for the new Digital Age Corné van Rooij - VP Product Management May 16 th 2017 SIGS Technology Conference 2017

2 Move applications to the cloud 2 iwelcome BV 2017

3 Employee Identities going Airborne Employee Identity Employee Identity Employee Identity Need for Cloud First IAM + OnPrem support 24x7 Available & Secure 3 iwelcome BV 2017 Employee Identity

4 Employee IAM needs a redesign Airborne Employee Identities Balance between Risk and User Convenience & user experience (consumerization) Rise of the Mobile Workforce New Supply Chain models Self Service instead of central authorisation desk/function Identity Management needs a redesign 4 iwelcome BV 2017

5 Consumer IAM needs a redesign New Digital Business models Consumer data is the new gold = precious / valuable = need protection New regulation: GDPR, PSD2, others (protection of data, privacy & consent) Internet of Things ( IoT ) on the rise Here Consumerization is the rule, You need to adopt Privacy awareness growing and in a growing group (the rest starts to care more) No Poor services acceptance = drop off / break off Identity Management needs a redesign 5 iwelcome BV 2017

6 CONSTANT Finding the right balance between: USER CONVENIENCE STAYING OUT OF THE PAPERS ( Breach, Fraud, etc. ) 6 iwelcome BV 2017

7 Workforce (Employee) versus Consumer 1. Single Sign On (One Password) 2. Strong & Convenient protection of Access 3. Role & Function based access (RBAC) 4. Life Cycle Management (Identity) 5. Department User Management 6. HQ / Branch offices, (partly) independency 1. Single Sign On (One Identity) 2. Strong & Convenient protection of Access 3. Attribute based access control (ABAC) 4. Life Cycle Management (Identity) 4. Life Cycle Management (Consent) 5. Family Management 6. Delegated Admin (B2B2C) 7. Legislation (GDPR / PSD2) 7. Security & Governance 7 iwelcome BV 2017

8 Consent Life Cycle Management A core requirement coming up with GDPR is that parties processing personally identifiable information need to ask the user for his/her consent to do so and let the user revoke that consent any time and as easy as it was given. Keeping an auditable trail of consent, scope of use and revocation during the whole customer identity life cycle is a significant requirement not covered by traditional Identity & Access Management (IAM) solutions. 8 iwelcome BV 2017

9 Regulation and market trends that require consent IoT CONSENT 9 iwelcome BV 2017

10 ICO Consultation: GDPR consent guidance Consultation: GDPR consent guidance 10 iwelcome BV 2017

11 Consent in most privacy regulations in the EU Consent Must haves On an attribute basis and per purpose. As easy to withdraw as it was given. Freely given, informed, unambiguous = cristal clear. Privacy by default means minimal data collection, by default. Limits scope of consent. Opt-in, not opt-out. Consent Nice to have An overall view of all your (consumer) consents. And a consumer would like to see when the consent is being used so audit trail on that. 11 iwelcome BV 2017

12 IAM can play an important role in aligning consumers rights & agreements with a company for processing of it s personal data (control) towards the (inside of the) company. The authoritive source! Close to the data subject* 12 iwelcome BV 2017 *Data subject = the fancy name for consumer/civilian

13 HOW TO KEEP TRACK OF CONSENT? Consent Lifecycle Management extend the scope, multi-value consent, give, pause, withdraw, etc. 13 iwelcome BV 2017

14 Datamodel for GDPR - Meta Data per attribute IDENTITY PROFILE ATTRIBUTE RICH GOLDEN RECORD META NIST 8112 CONTEXT Last Update: 22-nov-2016 Mandatory field: Yes Provider name: Facebook Consent given: Yes Consent reason given: To send you our Consent data: 15-nov-2016 Verifier: not verified Classification: confidential Date deletion date: 12 month after last login Expiration date: 22-nov-2017 Parental control: yes Parents allowed for consent: UID;UID x N Consent Life Cycle FIRST NAME LAST NAME DATE OF BIRTH PHONE NR ADDRESS GENDER Driver License # Group Preferences AuthZ > Member API Policy driven data management & Consent management Applications 14 iwelcome BV 2017

15 Finding a balance CUSTOMER EXPERIENCE UI UX Very transparent & user friendly Profile page / My Page SECURITY by Design PRIVACY by Design & Default 15 iwelcome BV 2017

16 User Experience & GDPR compliancy CUSTOMER EXPERIENCE UI UX TRANSPARANCY CONTROL CONSENT CONTEXT LEAVE gracefully RELATIONSHIP BUIDING ATTRIBUTE SHARING (UMA) FOLLOW ME (Private) MARKETING (Wanted) TRUST (Loyalty, Stay) 16 iwelcome BV 2017

17 Thank you for your attention!