There has been significant progress building the standards and infrastructure at the federal level to establish a baseline for trust and security for user access.
These efforts have provided a solid foundation for the
Identity Governance is fully integrated with Access Management and Directory Services, and uses our Platform Security Services, to provide a complete, scalable, standards based IDM Platform.
One of the long time problems that we have addressed is how to preserve all of your customizations. After all, if you spend the time to get a UI exactly how you want it, you really don’t want to have to rebuild it after an upgrade.
Integration with social networks is important for employee and consumer relationships
Study by Enterprise Consulting group: 44% of organizations plan to social enable apps in the near future
OAAM: Placing more than one layer between the end user and the protected resource
Credential authentication alone is a single point of failure
Credentials don’t address many modern threats. Even the strongest credential is not a magic bullet.
No solution is complete without layered access security
Device Fingerprinting
Location tracking
User behavioral profiling
Transaction risk analysis
Risk-based interdiction
Trust but verify - authN creds are important but they should not be trusted alone
Look beyond "strong" credentials to other available factors to make an access decision
Profile behaviors - does this access request seem strange compared to other? Does it look similar to past fraud or abuse?
Allow access based on the specific risk of the current sitution
Improve UX where possible
Challenge only when required by risk
users don't try to get around good UX
productivity is lost when authN is burdensome