My first visit to New Orleans and first CIS (Cloud Identity Summit) was exceptional and many thanks to the organisers for inviting me to talk about trust technology in IoT devices. My talk paled in comparison to Frank Abagnale’s recounting of his life story (which was somewhat less glamorous than portrayed in Catch Me If You Can), an interview with General Petraeus and a very authentic and heartfelt keynote by Andre Durand having just sold Ping Identity to Vista Equity Partners. The toughest part of CIS was choosing which sessions to attend, particularly when so many other talks ran concurrently with mine.
As an outsider to the industry (a non-Identerati), I sensed a lot of past focus on users interacting with apps served through websites, but this is where things are changing. Mobile devices with native apps now outnumber accesses by traditional browser. In the IoT world, apps can live anywhere – on small edge nodes, mobile apps, gateway devices (eg VMWare Liota) and in the cloud. The good news is that many of these devices are built to be more secure than untrusted browsers. They need to be if they are going to interact with the real world. We need to Identify All the Things.
A talk from Ian Glazer of Salesforce was revealing – The Identerati covet their InfoSec peers’ professional qualifications, and lament having none to reflect their own accomplishments. This is strange because many of the talks delivered hammer blows to yesterday’s Infosec technology – VPNs, firewalls, anti-virus, passwords – they are all proclaimed dead. The perimeter no longer exists; the new security model should assume that attackers are already inside an organization. If that’s the case, then why covet those InfoSec qualifications? Many InfoSec problems start with poor identification and enrolment, compromised authentication and over-permissioned authorizations. The Identerati don’t need to look backward; they need to keep forging ahead for Identity is the new Infosec – Forrester shows where the money is going. We need to Identify all the Users.
