SlideShare a Scribd company logo
1 of 14
Download to read offline
Issue 2
New Paradigms of Digital
Identity: Authentication
and Authorization as a
Service (AuthaaS)
2
New Paradigms of Digital Identity: Authentication and Authorization as a Service (AuthaaS) is published by Telefonica Editorial content supplied by Telefonica is independent of Gartner analysis. All Gartner research is
used with Gartner’s permission, and was originally published as part of Gartner’s syndicated research service available to all entitled Gartner clients. © 2015 Gartner, Inc. and/or its affiliates. All rights reserved. The
use of Gartner research in this publication does not indicate Gartner’s endorsement of Telefonica’s products and/or strategies. Reproduction or distribution of this publication in any form without Gartner’s prior written
permission is forbidden. The information contained herein has been obtained from sources believed to be reliable. Gartner disclaims all warranties as to the accuracy, completeness or adequacy of such information.
The opinions expressed herein are subject to change without notice. Although Gartner research may include a discussion of related legal issues, Gartner does not provide legal advice or services and its research
should not be construed or used as such. Gartner is a public company, and its shareholders may include firms and funds that have financial interests in entities covered in Gartner research. Gartner’s Board of
Directors may include senior managers of these firms or funds. Gartner research is produced independently by its research organization without input or influence from these firms, funds or their managers. For further
information on the independence and integrity of Gartner research, see “Guiding Principles on Independence and Objectivity” on its website, http://www.gartner.com/technology/about/ombudsman/omb_guide2.jsp.
2
Introduction
3
The Digital Identity Ecosystem
6
New Models of Authentication/
Authorization as a Service: AuthaaS
8
An Integrated Vision
10
From the Gartner Files:
New Competitive Threats as the IDaaS
Opportunity Evolves
14
About Telefonica Business Solutions
The concept of identity has always been the key factor when it comes to es-
tablishing a relationship between individuals. Identification as a way to ensure
someone is who they claim to be gains even greater relevance in an increas-
ingly digitized world. This also brings a host of new challenges, including:
Multidimensionality of digital identities. Their management and how this
impacts on the definition of Corporate Identity (Social Identity vs Validated Identity).
Attribution. Validation of the data (attributes) that make up and define a
digital identity.
Identity proofing. Validation of the relationship of an identity in the digital
world with an identity in the real world.
The aim of this document is to discuss the concept of digital identity in the cur-
rent ecosystem, talk about IAM solutions (Identity and Access Management)
and IDaaS (IAM as a Service) and propose a model that will reduce complexity
in the process of authenticating and authorizing identity management.
Introduction
3
Background
For many years, the way of moving an individual’s identity into the
digital world has involved the creation of a digital representation of
that individual. The manner in which this individual’s digital identity is
formulated depends on where it is to be used.
From the perspective of the public sector, the validation of
the relationship between this digital identity and the real
world identity (identification/identity proofing) is vital.
Typically, this identification process concludes with the generation of
a set of credentials which links the individual with their identity in the
digital world. This is the case of the processes that allow to register an
individual within the society by issuing a unique number or physical
token (e.g. national identifiers, social security numbers, digital certificate
passwords, etc.). This issuance, managed by public authorities,
constitutes a legally validated record,
and it can be affirmed that these
credentials correspond uniquely to a
single individual. In addition, during the
process of generating these credentials,
certain attributes, which define the
individual (such as name, surname,
date of birth, nationality, gender, etc)
will be validated. This set of identifiers,
along with the validated attributes, whilst
taking into account this 1:1 relationship
with the individual which they identify,
may be called Physical Identity.
In private companies the scenario is slightly different.
Companies have a need to validate the existence of an
individual and their attributes in order to create another
type of identity: Corporate Identity. To that end, it is
possible to delegate the physical responsibility for carrying out the
identification of individuals to the issuers of these identities. This is
the case for a service provider who, in order to convert individuals
into users of their systems or services, create their own credentials
(e.g. an online banking user, a company employee or a consumer of
services of a retail outlet). They require, to a greater or lesser degree,
the submission of the corresponding physical identities so as to
incorporate the attributes, which have already been validated, into the
new identity.
By creating these corporate digital identities, in addition to the
attributes already validated by third parties, it is possible to add
new attributes which can be validated by the service provider (e.g.
postal address, bank account or phone number) or, even, attributes
that it was not possible to validate but which have been provided by
the individual themself — now the user. This type of digital identity,
unlike physical identities, does not have a unique relationship with
the individual. That is to say, the same person may have multiple
identities with a single service provider (e.g. in the case of a provider
that identifies its users by their account number, a user may have
multiple accounts with the same provider). These digital identities
have traditionally been managed by IAM (Identity and Access
Management) systems.
With the advent of Social Media and the emergence
of Social Identities, there is no longer a need for
identification to link digital identities to a physical identity.
It is now possible for individuals to assign themselves an
identity on a Social Media site and, although they are asked to provide
attributes, there is no robust process of identification to validate the
authenticity of those attributes. The creation of an identity on a social
network such as Facebook is a case where, unlike the previously
mentioned, the information which an individual will be asked for
during the identification process is not directly validated. When a
new user joins Facebook, identification is established by requesting a
prior digital identity (i.e. an email account). It could be argued that this
identification is verified by an identification request made to the email
account provider. However, there is no certainty that this provider
actually validates the attributes of the individual.
.
Example of physical identity
with validated attributes
The Digital Identity Ecosystem
4
IDAAS solutions are key factors in the evolution of traditional IAM management models
Source: Telefonica
FIGURE 1
How to obtain the best balance between usability, security and verification when authenticating and identifying users?
PHYSICAL IDENTITY CORPORATE IDENTITY SOCIAL IDENTITY
SECURITY
Physical Check
Digital Certificate
USABILITY
SECURITY
VERACITY
User/Password -
2FA (token SMS, @) -
Social Login
add
�
add
�
IAM
B2B B2C
Whilst the benefits of social identities means better usability (fewer
passwords, login and registration steps, improved and easy support)
and improved intelligence (which make it easier to use these OTT
solutions), there are disadvantages concerning privacy or identity
theft. This, in turn, is leading to hybrid models which link digital
identities generated by service providers with the identities that users
provide. This need, together with the emergence of federated identity
management, has given rise to complex scenarios in which identity
management is carried out in a fragmented and adaptable way. This
fragmentation means that now whoever issues and validates the
credentials of a digital identity does not necessarily have to be the
owner of the resource. This means being able to provide identity, as
well as its management, as a service (IDaaS).
Source: Telefonica
5
Source: Telefonica
FIGURE 2
6
New Models of Authentication/
Authorization as a Service: AuthaaS
Following this trend (IDaaS), in which companies or service providers
increasingly delegate certain aspects of identity management to a third
party, it is fundamental to focus on verifying that an individual is who
they claim to be and therefore authorize their access to a resource.
•	User authentication must be able to validate that the credentials a
user provides have not been altered and thus enable verification that
the user who owns them is, in fact, a legitimate user of the system.
•	User authorization must be able to establish how users can gain
access to certain resources, and who is authorized to do so at any
given time.
AuthaaS solutions should adapt how users authenticate, access
and interact with the business. Within this proposal the mobile
device is the key:
•	 Maximizes universality, allowing any user to interact anywhere
using any technology. The mobile device is the only physical device
that nowadays can be considered universal
•	 Maximizes usability, allowing user interactions with no barriers
(anywhere, anytime) Identification, with solutions that give the
ability to individuals, businesses and governments to trust and have
confidence in the identities of people with whom they interact. The
use of mobile device requires a SIM card which distribution is highly
regulated by the market (Telcos) and in that process a validation of
the identity holder is carried out prior to activation controlled;
•	 Evolving security. Mobile device allows companies to create
authentication/authoritation adaptatives schemes over traditional
IAM models
Your mobile, your identity
Source: Telefonica
FIGURE 3
Mobile devices – key factors in the search for convergence between physical identity and digital identity
3G
4G
Wifi
Network Connectivity Internet, apps and data
Camera
GPS
Screen
NFC
Bluetooth
Biometric Sensors
ID-related Technologies
SIM
(Suscriber Identity Module)
MICRO SD
(Micro Secure Digital)
eSE
(Embedded Secure Element)
Security elements
to protect user data
1. Mobile Device = Authentication Device
There are a huge number of types of credentials that are being explored in order to create a way of preserving the unchanged relationship of digital
identities. The various solutions that exist on the market today are based on something that the individual knows (e.g. passwords), something that the
individual possesses (e.g. physical tokens: smartcards, NFC tokens, etc.), something that the individual is (e.g. fingerprints, voice signature, iris signature, etc.),
or something that tells you how the individual behaves (e.g. behavioural analysis). In fact, in order to ensure the usability of authentication solutions, hybrid
systems are often devised involving several of these methods, and providing differing degrees of authentication.
7
Mobile devices as authenticators:
•	 They act as alternative channels for the verification of access to
services (enabled for OTP service implementation – via SMS, or
automatic notification via APP). They are a good method to protect
users against malicious acts, such as phishing or identity theft.
•	 They provide different degrees of authentication
•	 Simple Authentication:
Single factor = “something I have”
•	 Click OK (SMS URL or SIM click OK)
•	 Strong Authentication:
Two factors = “something I have and something I know”
•	PIN
	 Two factors = “something I have and something I am”
•	Biometrics
2. Mobile Devices as Authorization Devices
The most frequent use of the authentication mechanisms mentioned
above is usually related to the control of access to the resources of a
system. This enables authorization mechanisms to establish how users
can gain access to certain resources, and who is authorized to do so at
any given time.
In this regard, as is the case with authentication, mobile devices can
be used as elements of interaction with users which can apply global
strategies (Mandatory Access Control – MAC) or discretionary strategies
(DAC). As a part of those strategies, different methods are defined:
RBAC, capabilities, as a couple of examples. In a complementary
manner, the use of mobile devices would enable the role of who
defines access policy to be widened, so that it is not only the owner of
the resource. This would enable the mobile user to set controls on the
use of resources when such a use is made using their credentials.
3. Mobiles Devices as Signature Devices
Mobile devices incorporated as part of business processes can
be used to perform digital signature processes, either by using a
digital certificate stored on the device itself, through the use of a
PIN encrypted in the SIM card, or by using a handwritten signature
(biometrics).
It is clear that mobile devices used as identity tokens offer
companies or service providers the following benefits:
•	 A secure element for the authentication and identification of
users thanks to the use of the operator’s infrastructure: mobile
network + SIM as a secure container.
•	 A link between physical identity and digital identity. Phone
numbers enable us to establish this link between identities, by
enabling the identification of an individual in services, both public
and private, thanks to authentication and the sharing of attributes.
•	 Global reach. Mobile devices (Smartphones) have undoubtedly
become the most used and widely adopted form of technology
which keeps digital users connected.
•	 More frequent log-ins by removing passwords while improving
security, at the time it improves customer insights by receiving a
persistent, unique, User ID across any device used by the same user.
•	 Creation of adaptive models. Mobile identity management as
part of IAM solutions enables authentication/adaptive authorization
systems to be configured based on context. This enables risk-
based policies to be defined and so improves the end user
experience (mobility, elimination of the password).
•	 Show innovation and leadership by supporting a “mobile first”
strategy.
Source: Telefonica
8
An Integrated Vision
Based on the mobile device as the key to set authentication and
authorization, Telefonica go for a combined model Authentication /
Authorization as a Service that allows companies to:
a)	 Enjoy different levels of authentication (multifactor adaptive
authentication) depending on the context and the risks that the
company are ready to assume: from basic authentication to strong
authentication.
b)	 Be able to apply an effective access control strategy (Authorization)
across traditional IT environments and over current IAM
environments: OTP and digital latch.
c)	 In addition, under the same approach, the integration of the
solution with business processes will allow the Enterprise to turn the
mobile device company in a security tool to sign.
Telefónica has increased its Security offering with the generation of
brand new and innovative products focused on Identity and Privacy.
Our Identity and Access solutions adapt to the way users authenticate,
access and interact with businesses, based on a vision that maximizes
four key vectors:
•	 Identification; solutions that give the ability to individuals, businesses
and governments to have confidence in the identities of people with
whom they interact.
•	 Universality; allowing any user to interact anywhere using any
technology.
•	 Compliance; making security a companion for your business,
not a barrier.
•	 Usability; solutions that allow user interactions with no barriers
(mobility and avoiding the use of passwords).
Source: Telefonica
FIGURE 4
AuthaaS reduces complexity when authenticating and authorizing combined with Enterprise current IAM solutions.
AUTHENTICATION AUTHORIZATON AUTHENTICITY
· Seamless
· Click OK SMS Url
· Click OK SMS Applet
· SIM + Certificate
· Biometric signature
- Fingerprint
- Handwritten
· SIM Applet + PIN
· TEE + Biometrics
· SIM / SMS · Digital Latch
TELEFÓNICA SERVICE
SERVICE PROVIDER
Basic
Authentication
Strong
Authentication
Digital
Signature
Otp
Enable users to
authenticate to your
applications and to
authorize access to
resources via their phone
9
Secure digital identity is now in our hands
Mobile Connect – an operator service for secure authentication and
identification:
•	 Uses a mobile phone for authentication (i.e. no passwords).
•	 Easy to use, anonymous and many uses – including second factor
authentication.
•	 Develops a secure way of sharing attributes – putting the user in
control.
•	 Leverages existing operator assets – there is no user name and
password to make a phone call or send SMS.
•	 Offered as APIs for service providers to integrate into their digital
services.
A digital Switch
Latch - protect your business and provide your users with an extra
security layer
•	 Latch lets you implement a safety latch on your online services. By
minimizing the time during which services are accessible the risk of
theft or unauthorized usage is reduced.
•	 Reduces the risk of attacks directed at your online services by
letting the users to lock the service account or selected features
conveniently, when they don´t want to use them.
•	 Independent of other authentication mechanisms, as it supports
most platforms and programming languages through APIs, SDKs
and plugins.
•	 Available for Android, Blackberry, iPhone, Firefox OS devices and
Windows Phone.
Sign your documents using your mobile phone
SealSign - digital and biometric signature to securely sign
electronic documents through your mobile phone
•	 Scalable, modular and full enterprise platform for electronic
document signatures compatible with digital certificates, biometric
systems, OTP systems and long-term archiving of signed
documents.
•	 Reduces costs associated with hardcopy management (printing,
digitalization, transfer, archiving).
•	 Improves productivity and efficiency of business processes.
•	 Accessible from business applications and mobile devices.
•	 Generates electronic documents with full legal validity.
•	 Possibility of service via cloud or on-premise platform to meet
enterprise needs.
For more information see Telefonica Security Services portfolio at
https://www.elevenpaths.com/es/index.html
Source: Telefonica
10
For product and go-to-market strategists at
IAM vendors and service providers:
•	 Expand new capabilities to account for
more complex IAM use cases involving
the management of relationships between
objects, systems and users.
Strategic Planning Assumption
By 2019, 40% of IDaaS revenue will accrue to
PaaS vendors, up from less than 5% in 2014.
Analysis
Introduction
Growth in the identity and access
management as a service (IDaaS) market
(see Note 1) outpaces that in the overall
identity and access management (IAM)
market, thanks in large part to increased
adoption of SaaS and platform as a service
(PaaS) computing models. Compared with
even a few years ago, the IDaaS market
is much more competitive, varied and
diverse. Longstanding players, such as
CA Technologies (CA), Okta, OneLogin and
Ping, compete with new entrants, including
broader platform vendors (such as Microsoft
and Salesforce) and providers with an
integrator background. This will put pressure
on IDaaS pricing in the next few years,
changing the competitive dynamics of both
the cloud and on-premises IAM markets.
Product and go-to-market strategists at
traditional IAM providers and IDaaS providers
must be aware of these changing dynamics
and adjust their market approaches
accordingly.
A Diverse, Changing and Attractive
Market
The IDaaS market is still in its early stages,
but will carry on, growing rapidly. Gartner
estimates that, over the next five years,
the average annual growth rate in the
IDaaS market will be 37%, compared with
8% for the overall IAM market. (Note that
we do not include current calculations of
the user authentication market in these
estimates. Authentication as a service is a
simple function to deliver compared with
As IDaaS adoption increases, PaaS providers
will expand their mind share, altering
the dynamics of the IAM market. As the
opportunity evolves, product and go-to-
market strategists at IDaaS and IAM providers
should highlight their uniqueness and target
skills gaps and IoT-related demand.
Impacts
•	 Increasing SaaS and public cloud adoption
will favor the growth and influence of large
PaaS and IaaS IDaaS players, pushing
many small pure-play IDaaS providers to
look for new opportunities.
•	 The evolution of enterprises’ IT
infrastructure toward mobile and cloud-
based ecosystem needs will push IDaaS
and IAM providers into expanded feature
sets and/or services, such as enterprise
mobility management.
•	 The proliferation of connected, networked
devices will bring major changes to the
IAM space, and this will force IDaaS
and broader IAM providers to align their
approaches with new enterprise scenarios
where access control activities will expand
to external users, devices and systems.
Recommendations
For product and go-to-market strategists at
existing stand-alone IDaaS providers:
•	 Exploit clients’ potential concerns
about lock-in with platform vendors to
fend off increasing competition from
cloud providers such as Microsoft and
Salesforce.
For product and go-to-market strategists at
pure-play and PaaS IDaaS providers:
•	 Market your IDaaS solution’s ability to
address skills shortages, the simplification
of the existing IAM ecosystem, and rapid
integration and implementation. When
organizations decide to buy IDaaS over
on-premises software, business drivers
centered on time-to-value often trump cost.
multifunction IDaaS.) Estimated total spend on
multifunction IDaaS was almost $300 million
in 2014, and we expect it to exceed $1 billion
by year-end 2018.
The IDaaS solutions market is composed
of many startups that often specialize in
IAM. This is in contrast to the traditional on-
premises IAM market, which is dominated
by big providers such as IBM, Oracle, CA and
Microsoft, which offer products that span the
security and IT space. But growing interest in
cloud-based IAM, and the sheer numbers of
smaller players in the market, have resulted
in a recent spate of mergers and acquisitions
(M&As) and market consolidation,1 which has
now peaked. Many IAM providers are less
likely to acquire in this space as a result of
prior acquisitions or internal development of
their own IDaaS capabilities.
Looking ahead, the overall IAM market will
be shaped by elements of what Gartner
defines as digital business: social media,
mobility, the cloud, data and the Internet of
Things (IoT).
•	 Employees’ widespread use of new
mobile platforms and devices, social
media and — most importantly — cloud
computing will characterize IAM activities
in the future. Users’ growing need for
mobile applications, for example, will
create pressure to authenticate mobile
users and support mobile applications.
•	 Multifactor and device authentication will
be particularly important, especially with
the proliferation of devices that the IoT is
likely to create.
•	 Providers will have to create and deploy
hybrid product features. This imperative
will be driven by the need to authenticate
access to SaaS applications by employees
and external users (such as business
partners or contractors), and the
continuing need to meet more traditional
IAM requirements.
From the Gartner Files
New Competitive Threats as the
IDaaS Opportunity Evolves
11
11
Figure 1 highlights the main impacts
affecting the developing IDaaS market, and
corresponding recommendations for product
and go-to-market strategists.
Impacts and Recommendations
Increasing SaaS and public cloud
adoption will favor the growth and
influence of large PaaS and IaaS
IDaaS players, pushing many small
pure-play IDaaS providers to look
for new opportunities
Several factors are influencing the higher
uptake of IDaaS:
•	 Increasing use of SaaS applications in
companies, and the need to authenticate
users using these applications. This is
creating more demand for security controls
to cope with users’ changing requirements.
•	 The challenges posed by the complexity of
traditional on-premises IAM tools, and the
lack of suitably qualified staff to implement
solutions (especially in small or midsize
businesses [SMBs]).
•	 The increasing requirement for IAM in
consumer-facing applications.
Large vendors such as Microsoft, IBM and
Salesforce entered the market in 2014. These
more general providers are likely to have
a considerable influence, offering IDaaS as
part of a broader portfolio. We can expect
PaaS IDaaS vendors to capture 40% of the
overall IDaaS market by 2019. Cloud platform
players can become very competitive in this
growing market via two connected routes.
They can offer integrated “good enough”
IDaaS capabilities to both existing and
new PaaS and IaaS clients. Along with this,
they can offer discounted pricing or some
bundled cloud-based IAM capabilities at no
extra cost. Examples of this approach include
Amazon, which offers some limited cloud-
based IAM capabilities as part of its PaaS
product, or Microsoft’s free Azure AD option.
The expansion of general cloud providers
into this market is likely to push down prices,
putting further pressure on this evolving but
increasingly competitive space.
In small and midsize organizations, SaaS
models within IAM systems remain a popular
alternative. But we can expect uptake among
large organizations to increase as they try to
cope with the IAM demands originating from
new digital business requirements such as
mobility, cloud and IoT.
Source: Gartner (January 2015)
FIGURE 1
Impacts and Recommendations for Product and Go-to-Market Strategists
12
Recommendations:
For product and go-to-market strategists at
existing stand-alone IDaaS providers:
•	 Exploit clients’ potential concerns
about lock-in with platform vendors to
fend off increasing competition from
cloud providers such as Microsoft and
Salesforce.
For product and go-to-market strategists at
broad IAM providers:
•	 Consider new pricing models to align
with new technology consumption
demands originating from cloud-based
IAM. On-premises providers introducing
subscription models will be able to cope
better with the pressure brought by IDaaS.
The evolution of enterprises’ IT infrastructure
toward mobile and cloud-based ecosystem
needs will push IDaaS and IAM providers into
expanded feature sets and/or services, such
as EMM
The new requirements of mobile computing
and the cloud will also change the dynamics
of the IAM market. The need to provision and
authenticate users’ access to applications
from traditional Windows endpoints to
multiplatform mobile devices will have to
fulfill users’ requirements for adaptable and
flexible functionality that can be delivered
rapidly. Providers will position IDaaS to deliver
this functionality with better time to value for
organizations that do not have the expertise
to deliver on-premises solutions.
We don’t expect market share positioning
in the overall IAM market to change
dramatically in the short term. But traditional
on-premises providers that do not also have
an IDaaS offering will come under increasing
pressure from enterprises’ growing demands
for cloud-based IAM. This will produce its
own competitive pressure, particularly as
PaaS and IDaaS providers increase their
market presence.
Recommendations:
For product and go-to-market strategists at
pure-play and PaaS IDaaS providers:
•	 Market your IDaaS solution’s ability to
address skills shortages, the simplification
of the existing IAM ecosystem, and
rapid integration and implementation.
This is particularly true in those cases
where IDaaS is used to address and
replace ineffective deployments. When
organizations decide to buy IDaaS over
on-premises software, business drivers
centered on time to value often trump cost.
•	 Bear in mind that business drivers
often determine how cloud-based IAM
capabilities are deployed. These drivers
include time to value, movement to
operating expenditure (opex) over capital
expenditure (capex), and reducing duplicate
IAM infrastructures rather than cost.
The proliferation of connected,
networked devices will bring major
changes to the IAM space, and this
will force IDaaS and broader IAM
providers to align their approaches
with new enterprise scenarios
where access control activities will
expand to external users, devices
and systems.
New IoT-based challenges to IAM will arise
because of the following key factors.
•	 A huge number of new devices will be
deployed, with identities that have to be
managed.
•	 There will be a wide variety of device
types, some smarter than others. Most
IoT devices are expected to use different
protocols, so proxies will be needed to
manage them. IAM tools will have to find a
way to interface with these proxies.
•	 People and things will have multiple
relationships, with each other and with
various services. IAM will become more
about managing relationships among
people, services and things.
The added complexity caused by these
factors will bring a set of new problems
to organizations. Being able to apply an
effective access control strategy across
traditional IT environments and IoT
infrastructures will become crucial, to avoid
potential security breaches. Product and
go-to-market strategists at IDaaS providers
will have to determine which competencies
and strengths they can use to meet these
new requirements, and how well-positioned
they are to compete in this evolving scenario.
Based on this assessment, they can consider
and develop a new IAM strategy to align
with new enterprise scenarios. This is
especially pertinent because there will be a
push to expand the focus of the approach to
a more complex set of relationships involving
users, systems and devices. Potentially, in the
long term, the entire competitive landscape
may change, with new players, such as
traditional asset management vendors,
becoming competitors.
Ownership of devices may not reside within
the organization that interconnects with them,
and IoT devices may not be operating within
the enterprise’s boundaries. This is likely to be
the biggest challenge to face. And it should
make a cloud-based IAM approach more
suitable to catering to the needs of an IoT
environment, because of its greater flexibility
and potential for faster implementation.
13
13
Source: Gartner Research, G00260800, Ruggero Contu, Gregg Kreizman, 30 January 2015
Recommendations:
For product and go-to-market strategists at
IAM vendors and service providers:
•	 Expand new capabilities to account for
more complex IAM use cases involving
the management of relationships between
objects, systems and users.
For product and go-to-market strategists at
pure-play IDaaS providers:
•	 Expand your capabilities for internal IAM
and privileged account management
(PAM) delivered via hybrid solutions or
entirely from the cloud. This will require you
to invest in development or acquire small
identity governance and administration
(IGA) or PAM providers.
Note 1
IDaaS
Identity and access management as a service (IDaaS) is a subset of IAM.
Vendors in the IDaaS market deliver a service that is predominantly cloud-
based, in a multitenant or dedicated and hosted delivery model. This service
brokers core identity governance and administration, access and intelligence
functions to target systems on customers’ premises and in the cloud.
For product and go-to-market strategists at
pure-play and PaaS IDaaS players:
•	 Consider the short-term opportunities
created by the demand for external identity
management requirements to allow access
by contractors, vendors and other external
users, especially around PAM.
Evidence
1
Examples of such activity include IBM’s
purchase of Lighthouse Security Group,
Intermedia’s purchase of SaaSID, and EMC/
RSA’s purchase of Symplified’s intellectual
property.
14
Telefonica Business Solutions, a leading provider of a wide range of
integrated communication solutions for the B2B market, manages
globally the Enterprise (Large Enterprise and SME), MNC (Multinational
Corporations), Wholesale (fixed and mobile carriers, ISPs and content
providers) and Roaming businesses within the Telefonica Group. Business Solutions develops an integrated,
innovative and competitive portfolio for the B2B segment including digital solutions (m2m, Cloud, Security, e-Health
or Digital Marketing) and telecommunication services (international voice, IP, bandwidth capacity, satellite services,
mobility, integrated fixed, mobile, IT services and global solutions). Telefonica Business Solutions is a multicultural
organization, working in over 40 countries and with service reach in over 170 countries.
https://twitter.com/TelefonicaB2B
About Telefonica Business Solutions

More Related Content

What's hot

Authentication and Authorization Models
Authentication and Authorization ModelsAuthentication and Authorization Models
Authentication and Authorization ModelsCSCJournals
 
IRJET-An Economical and Secured Approach for Continuous and Transparent User ...
IRJET-An Economical and Secured Approach for Continuous and Transparent User ...IRJET-An Economical and Secured Approach for Continuous and Transparent User ...
IRJET-An Economical and Secured Approach for Continuous and Transparent User ...IRJET Journal
 
Sp 29 two_factor_auth_guide
Sp 29 two_factor_auth_guideSp 29 two_factor_auth_guide
Sp 29 two_factor_auth_guideHai Nguyen
 
Modern Method for Detecting Web Phishing Using Visual Cryp-tography (VC) and ...
Modern Method for Detecting Web Phishing Using Visual Cryp-tography (VC) and ...Modern Method for Detecting Web Phishing Using Visual Cryp-tography (VC) and ...
Modern Method for Detecting Web Phishing Using Visual Cryp-tography (VC) and ...IJERA Editor
 
Session 7 e_raja_kailar
Session 7 e_raja_kailarSession 7 e_raja_kailar
Session 7 e_raja_kailarHai Nguyen
 
Digital certificate management v1 (Draft)
Digital certificate management v1 (Draft)Digital certificate management v1 (Draft)
Digital certificate management v1 (Draft)Avirot Mitamura
 
Two factor authentication-in_your_network_e_guide
Two factor authentication-in_your_network_e_guideTwo factor authentication-in_your_network_e_guide
Two factor authentication-in_your_network_e_guideNick Owen
 
DS-NIZKP: A ZKP-based Strong Authentication using Digital Signature for Distr...
DS-NIZKP: A ZKP-based Strong Authentication using Digital Signature for Distr...DS-NIZKP: A ZKP-based Strong Authentication using Digital Signature for Distr...
DS-NIZKP: A ZKP-based Strong Authentication using Digital Signature for Distr...IJCSIS Research Publications
 
ipas implicit password authentication system ieee 2011
ipas implicit password authentication system ieee 2011ipas implicit password authentication system ieee 2011
ipas implicit password authentication system ieee 2011prasanna9
 
IRJET- Password Management Kit for Secure Authentication
IRJET-  	  Password Management Kit for Secure AuthenticationIRJET-  	  Password Management Kit for Secure Authentication
IRJET- Password Management Kit for Secure AuthenticationIRJET Journal
 
IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...
IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...
IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...IJERD Editor
 
An Overview on Authentication Approaches and Their Usability in Conjunction w...
An Overview on Authentication Approaches and Their Usability in Conjunction w...An Overview on Authentication Approaches and Their Usability in Conjunction w...
An Overview on Authentication Approaches and Their Usability in Conjunction w...IJERA Editor
 
Empirical Study of a Key Authentication Scheme in Public Key Cryptography
Empirical Study of a Key Authentication Scheme in Public Key CryptographyEmpirical Study of a Key Authentication Scheme in Public Key Cryptography
Empirical Study of a Key Authentication Scheme in Public Key CryptographyIJERA Editor
 
IRJET- Data Security with Multifactor Authentication
IRJET- Data Security with Multifactor AuthenticationIRJET- Data Security with Multifactor Authentication
IRJET- Data Security with Multifactor AuthenticationIRJET Journal
 
Survey Paper on Frodo: Fraud Resilient Device for Off-Line Micro-Payments
Survey Paper on Frodo: Fraud Resilient Device for Off-Line Micro-PaymentsSurvey Paper on Frodo: Fraud Resilient Device for Off-Line Micro-Payments
Survey Paper on Frodo: Fraud Resilient Device for Off-Line Micro-PaymentsIRJET Journal
 
Blacklisting and blocking anonymous credential users
Blacklisting and blocking anonymous credential usersBlacklisting and blocking anonymous credential users
Blacklisting and blocking anonymous credential usersIAEME Publication
 
Blacklisting and blocking anonymous credential users
Blacklisting and blocking anonymous credential usersBlacklisting and blocking anonymous credential users
Blacklisting and blocking anonymous credential usersIAEME Publication
 
Multi Factor Authentication
Multi Factor AuthenticationMulti Factor Authentication
Multi Factor AuthenticationPing Identity
 

What's hot (19)

Authentication and Authorization Models
Authentication and Authorization ModelsAuthentication and Authorization Models
Authentication and Authorization Models
 
IRJET-An Economical and Secured Approach for Continuous and Transparent User ...
IRJET-An Economical and Secured Approach for Continuous and Transparent User ...IRJET-An Economical and Secured Approach for Continuous and Transparent User ...
IRJET-An Economical and Secured Approach for Continuous and Transparent User ...
 
Sp 29 two_factor_auth_guide
Sp 29 two_factor_auth_guideSp 29 two_factor_auth_guide
Sp 29 two_factor_auth_guide
 
Modern Method for Detecting Web Phishing Using Visual Cryp-tography (VC) and ...
Modern Method for Detecting Web Phishing Using Visual Cryp-tography (VC) and ...Modern Method for Detecting Web Phishing Using Visual Cryp-tography (VC) and ...
Modern Method for Detecting Web Phishing Using Visual Cryp-tography (VC) and ...
 
Session 7 e_raja_kailar
Session 7 e_raja_kailarSession 7 e_raja_kailar
Session 7 e_raja_kailar
 
Digital certificate management v1 (Draft)
Digital certificate management v1 (Draft)Digital certificate management v1 (Draft)
Digital certificate management v1 (Draft)
 
Two factor authentication-in_your_network_e_guide
Two factor authentication-in_your_network_e_guideTwo factor authentication-in_your_network_e_guide
Two factor authentication-in_your_network_e_guide
 
DS-NIZKP: A ZKP-based Strong Authentication using Digital Signature for Distr...
DS-NIZKP: A ZKP-based Strong Authentication using Digital Signature for Distr...DS-NIZKP: A ZKP-based Strong Authentication using Digital Signature for Distr...
DS-NIZKP: A ZKP-based Strong Authentication using Digital Signature for Distr...
 
ipas implicit password authentication system ieee 2011
ipas implicit password authentication system ieee 2011ipas implicit password authentication system ieee 2011
ipas implicit password authentication system ieee 2011
 
IRJET- Password Management Kit for Secure Authentication
IRJET-  	  Password Management Kit for Secure AuthenticationIRJET-  	  Password Management Kit for Secure Authentication
IRJET- Password Management Kit for Secure Authentication
 
IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...
IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...
IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...
 
An Overview on Authentication Approaches and Their Usability in Conjunction w...
An Overview on Authentication Approaches and Their Usability in Conjunction w...An Overview on Authentication Approaches and Their Usability in Conjunction w...
An Overview on Authentication Approaches and Their Usability in Conjunction w...
 
Empirical Study of a Key Authentication Scheme in Public Key Cryptography
Empirical Study of a Key Authentication Scheme in Public Key CryptographyEmpirical Study of a Key Authentication Scheme in Public Key Cryptography
Empirical Study of a Key Authentication Scheme in Public Key Cryptography
 
IRJET- Data Security with Multifactor Authentication
IRJET- Data Security with Multifactor AuthenticationIRJET- Data Security with Multifactor Authentication
IRJET- Data Security with Multifactor Authentication
 
Survey Paper on Frodo: Fraud Resilient Device for Off-Line Micro-Payments
Survey Paper on Frodo: Fraud Resilient Device for Off-Line Micro-PaymentsSurvey Paper on Frodo: Fraud Resilient Device for Off-Line Micro-Payments
Survey Paper on Frodo: Fraud Resilient Device for Off-Line Micro-Payments
 
Blacklisting and blocking anonymous credential users
Blacklisting and blocking anonymous credential usersBlacklisting and blocking anonymous credential users
Blacklisting and blocking anonymous credential users
 
Blacklisting and blocking anonymous credential users
Blacklisting and blocking anonymous credential usersBlacklisting and blocking anonymous credential users
Blacklisting and blocking anonymous credential users
 
Multi Factor Authentication
Multi Factor AuthenticationMulti Factor Authentication
Multi Factor Authentication
 
App Authentication
App AuthenticationApp Authentication
App Authentication
 

Viewers also liked

Latch en Linux (Ubuntu): El cerrojo digital
Latch en Linux (Ubuntu): El cerrojo digitalLatch en Linux (Ubuntu): El cerrojo digital
Latch en Linux (Ubuntu): El cerrojo digitalChema Alonso
 
Cazando Cibercriminales con: OSINT + Cloud Computing + Big Data
Cazando Cibercriminales con: OSINT + Cloud Computing + Big DataCazando Cibercriminales con: OSINT + Cloud Computing + Big Data
Cazando Cibercriminales con: OSINT + Cloud Computing + Big DataChema Alonso
 
Defcon 17 Tactical Fingerprinting using Foca
Defcon 17   Tactical Fingerprinting using FocaDefcon 17   Tactical Fingerprinting using Foca
Defcon 17 Tactical Fingerprinting using FocaChema Alonso
 
CyberCamp 2015: Low Hanging Fruit
CyberCamp 2015: Low Hanging FruitCyberCamp 2015: Low Hanging Fruit
CyberCamp 2015: Low Hanging FruitChema Alonso
 
Configurar y utilizar Latch en Magento
Configurar y utilizar Latch en MagentoConfigurar y utilizar Latch en Magento
Configurar y utilizar Latch en MagentoChema Alonso
 
Índice Pentesting con Kali 2.0
Índice Pentesting con Kali 2.0Índice Pentesting con Kali 2.0
Índice Pentesting con Kali 2.0Chema Alonso
 

Viewers also liked (6)

Latch en Linux (Ubuntu): El cerrojo digital
Latch en Linux (Ubuntu): El cerrojo digitalLatch en Linux (Ubuntu): El cerrojo digital
Latch en Linux (Ubuntu): El cerrojo digital
 
Cazando Cibercriminales con: OSINT + Cloud Computing + Big Data
Cazando Cibercriminales con: OSINT + Cloud Computing + Big DataCazando Cibercriminales con: OSINT + Cloud Computing + Big Data
Cazando Cibercriminales con: OSINT + Cloud Computing + Big Data
 
Defcon 17 Tactical Fingerprinting using Foca
Defcon 17   Tactical Fingerprinting using FocaDefcon 17   Tactical Fingerprinting using Foca
Defcon 17 Tactical Fingerprinting using Foca
 
CyberCamp 2015: Low Hanging Fruit
CyberCamp 2015: Low Hanging FruitCyberCamp 2015: Low Hanging Fruit
CyberCamp 2015: Low Hanging Fruit
 
Configurar y utilizar Latch en Magento
Configurar y utilizar Latch en MagentoConfigurar y utilizar Latch en Magento
Configurar y utilizar Latch en Magento
 
Índice Pentesting con Kali 2.0
Índice Pentesting con Kali 2.0Índice Pentesting con Kali 2.0
Índice Pentesting con Kali 2.0
 

Similar to New Paradigms of Digital Identity: Authentication & Authorization as a Service (AuthaaS)

Govt authentication brief ca v
Govt authentication brief ca vGovt authentication brief ca v
Govt authentication brief ca vMike Kuhn
 
An Introduction to Authentication for Applications
An Introduction to Authentication for ApplicationsAn Introduction to Authentication for Applications
An Introduction to Authentication for ApplicationsUbisecure
 
The future of Identity Access Management | Sysfore
The future of Identity Access Management | SysforeThe future of Identity Access Management | Sysfore
The future of Identity Access Management | SysforeSysfore Technologies
 
White Paper: ​The Evolution of Consumer Identity - Five Predictions for 2016​
White Paper: ​The Evolution of Consumer Identity - Five Predictions for 2016​White Paper: ​The Evolution of Consumer Identity - Five Predictions for 2016​
White Paper: ​The Evolution of Consumer Identity - Five Predictions for 2016​Gigya
 
When trust boosts customer engagement
When trust boosts customer engagementWhen trust boosts customer engagement
When trust boosts customer engagementAntoine Megglé
 
CASE STUDY ON PKI & BIOMETRIC BASED APPLICATION
CASE STUDY ON PKI & BIOMETRIC BASED APPLICATIONCASE STUDY ON PKI & BIOMETRIC BASED APPLICATION
CASE STUDY ON PKI & BIOMETRIC BASED APPLICATIONPankaj Rane
 
White Paper: Social Login 101
White Paper: Social Login 101White Paper: Social Login 101
White Paper: Social Login 101Gigya
 
Future of digital identity programme summary - 19 mar 2019 lr
Future of digital identity   programme summary - 19 mar 2019 lrFuture of digital identity   programme summary - 19 mar 2019 lr
Future of digital identity programme summary - 19 mar 2019 lrFuture Agenda
 
Noggin - World's first marketplace for Personal Data
Noggin - World's first marketplace for Personal DataNoggin - World's first marketplace for Personal Data
Noggin - World's first marketplace for Personal DataNoggin Asia
 
For digital media companies, effective cybersecurity programs a must
For digital media companies, effective cybersecurity programs a mustFor digital media companies, effective cybersecurity programs a must
For digital media companies, effective cybersecurity programs a mustGrant Thornton LLP
 
Future of digital identity Programme summary - 15 dec 2018 lr
Future of digital identity  Programme summary - 15 dec 2018 lrFuture of digital identity  Programme summary - 15 dec 2018 lr
Future of digital identity Programme summary - 15 dec 2018 lrFuture Agenda
 
Customer IAM vs Employee IAM (Legacy IAM)
Customer IAM vs Employee IAM (Legacy IAM)Customer IAM vs Employee IAM (Legacy IAM)
Customer IAM vs Employee IAM (Legacy IAM)Ubisecure
 
Benefits of Blockchain for Identity and Access Management - By Azgari Lipshy
Benefits of Blockchain for Identity and Access Management - By Azgari Lipshy Benefits of Blockchain for Identity and Access Management - By Azgari Lipshy
Benefits of Blockchain for Identity and Access Management - By Azgari Lipshy Azgari Lipshy
 
Identity progress-linked-digital-world
Identity progress-linked-digital-worldIdentity progress-linked-digital-world
Identity progress-linked-digital-worldMEDICI
 
Future of digital identity initial perspective - final lr
Future of digital identity   initial perspective - final lrFuture of digital identity   initial perspective - final lr
Future of digital identity initial perspective - final lrFuture Agenda
 
Digital signatures whitepaper_thinkdox
Digital signatures whitepaper_thinkdoxDigital signatures whitepaper_thinkdox
Digital signatures whitepaper_thinkdoxChristopher Wynder
 
Intelligence Driven Identity and Access Management
Intelligence Driven Identity and Access ManagementIntelligence Driven Identity and Access Management
Intelligence Driven Identity and Access ManagementEMC
 

Similar to New Paradigms of Digital Identity: Authentication & Authorization as a Service (AuthaaS) (20)

Govt authentication brief ca v
Govt authentication brief ca vGovt authentication brief ca v
Govt authentication brief ca v
 
An Introduction to Authentication for Applications
An Introduction to Authentication for ApplicationsAn Introduction to Authentication for Applications
An Introduction to Authentication for Applications
 
The future of Identity Access Management | Sysfore
The future of Identity Access Management | SysforeThe future of Identity Access Management | Sysfore
The future of Identity Access Management | Sysfore
 
White Paper: ​The Evolution of Consumer Identity - Five Predictions for 2016​
White Paper: ​The Evolution of Consumer Identity - Five Predictions for 2016​White Paper: ​The Evolution of Consumer Identity - Five Predictions for 2016​
White Paper: ​The Evolution of Consumer Identity - Five Predictions for 2016​
 
Automating trust with new technologies
Automating trust with new technologiesAutomating trust with new technologies
Automating trust with new technologies
 
Identity in the Internet Age
Identity in the Internet Age Identity in the Internet Age
Identity in the Internet Age
 
When trust boosts customer engagement
When trust boosts customer engagementWhen trust boosts customer engagement
When trust boosts customer engagement
 
CASE STUDY ON PKI & BIOMETRIC BASED APPLICATION
CASE STUDY ON PKI & BIOMETRIC BASED APPLICATIONCASE STUDY ON PKI & BIOMETRIC BASED APPLICATION
CASE STUDY ON PKI & BIOMETRIC BASED APPLICATION
 
Identity 101: Boot Camp for Identity North 2016
Identity 101: Boot Camp for Identity North 2016Identity 101: Boot Camp for Identity North 2016
Identity 101: Boot Camp for Identity North 2016
 
White Paper: Social Login 101
White Paper: Social Login 101White Paper: Social Login 101
White Paper: Social Login 101
 
Future of digital identity programme summary - 19 mar 2019 lr
Future of digital identity   programme summary - 19 mar 2019 lrFuture of digital identity   programme summary - 19 mar 2019 lr
Future of digital identity programme summary - 19 mar 2019 lr
 
Noggin - World's first marketplace for Personal Data
Noggin - World's first marketplace for Personal DataNoggin - World's first marketplace for Personal Data
Noggin - World's first marketplace for Personal Data
 
For digital media companies, effective cybersecurity programs a must
For digital media companies, effective cybersecurity programs a mustFor digital media companies, effective cybersecurity programs a must
For digital media companies, effective cybersecurity programs a must
 
Future of digital identity Programme summary - 15 dec 2018 lr
Future of digital identity  Programme summary - 15 dec 2018 lrFuture of digital identity  Programme summary - 15 dec 2018 lr
Future of digital identity Programme summary - 15 dec 2018 lr
 
Customer IAM vs Employee IAM (Legacy IAM)
Customer IAM vs Employee IAM (Legacy IAM)Customer IAM vs Employee IAM (Legacy IAM)
Customer IAM vs Employee IAM (Legacy IAM)
 
Benefits of Blockchain for Identity and Access Management - By Azgari Lipshy
Benefits of Blockchain for Identity and Access Management - By Azgari Lipshy Benefits of Blockchain for Identity and Access Management - By Azgari Lipshy
Benefits of Blockchain for Identity and Access Management - By Azgari Lipshy
 
Identity progress-linked-digital-world
Identity progress-linked-digital-worldIdentity progress-linked-digital-world
Identity progress-linked-digital-world
 
Future of digital identity initial perspective - final lr
Future of digital identity   initial perspective - final lrFuture of digital identity   initial perspective - final lr
Future of digital identity initial perspective - final lr
 
Digital signatures whitepaper_thinkdox
Digital signatures whitepaper_thinkdoxDigital signatures whitepaper_thinkdox
Digital signatures whitepaper_thinkdox
 
Intelligence Driven Identity and Access Management
Intelligence Driven Identity and Access ManagementIntelligence Driven Identity and Access Management
Intelligence Driven Identity and Access Management
 

More from Chema Alonso

CritoReto 4: Buscando una aguja en un pajar
CritoReto 4: Buscando una aguja en un pajarCritoReto 4: Buscando una aguja en un pajar
CritoReto 4: Buscando una aguja en un pajarChema Alonso
 
Dorking & Pentesting with Tacyt
Dorking & Pentesting with TacytDorking & Pentesting with Tacyt
Dorking & Pentesting with TacytChema Alonso
 
Pentesting con PowerShell: Libro de 0xWord
Pentesting con PowerShell: Libro de 0xWordPentesting con PowerShell: Libro de 0xWord
Pentesting con PowerShell: Libro de 0xWordChema Alonso
 
Recuperar dispositivos de sonido en Windows Vista y Windows 7
Recuperar dispositivos de sonido en Windows Vista y Windows 7Recuperar dispositivos de sonido en Windows Vista y Windows 7
Recuperar dispositivos de sonido en Windows Vista y Windows 7Chema Alonso
 
It's a Kind of Magic
It's a Kind of MagicIt's a Kind of Magic
It's a Kind of MagicChema Alonso
 
Ingenieros y hackers
Ingenieros y hackersIngenieros y hackers
Ingenieros y hackersChema Alonso
 
Cuarta Edición del Curso Online de Especialización en Seguridad Informática p...
Cuarta Edición del Curso Online de Especialización en Seguridad Informática p...Cuarta Edición del Curso Online de Especialización en Seguridad Informática p...
Cuarta Edición del Curso Online de Especialización en Seguridad Informática p...Chema Alonso
 
Auditoría de TrueCrypt: Informe final fase II
Auditoría de TrueCrypt: Informe final fase IIAuditoría de TrueCrypt: Informe final fase II
Auditoría de TrueCrypt: Informe final fase IIChema Alonso
 
El juego es el mismo
El juego es el mismoEl juego es el mismo
El juego es el mismoChema Alonso
 
El Hardware en Apple ¿Es tan bueno?
El Hardware en Apple ¿Es tan bueno?El Hardware en Apple ¿Es tan bueno?
El Hardware en Apple ¿Es tan bueno?Chema Alonso
 
Hacking con Python
Hacking con PythonHacking con Python
Hacking con PythonChema Alonso
 
Tu iPhone es tan (in)seguro como tu Windows
Tu iPhone es tan (in)seguro como tu WindowsTu iPhone es tan (in)seguro como tu Windows
Tu iPhone es tan (in)seguro como tu WindowsChema Alonso
 
Codemotion ES 2014: Love Always Takes Care & Humility
Codemotion ES 2014: Love Always Takes Care & HumilityCodemotion ES 2014: Love Always Takes Care & Humility
Codemotion ES 2014: Love Always Takes Care & HumilityChema Alonso
 
Analizando la efectividad de ataques de correlación pasivos en la red de ano...
Analizando la efectividad de ataques de correlación pasivos en la red de ano...Analizando la efectividad de ataques de correlación pasivos en la red de ano...
Analizando la efectividad de ataques de correlación pasivos en la red de ano...Chema Alonso
 
Guía de uso de Latch en la UNIR
Guía de uso de Latch en la UNIRGuía de uso de Latch en la UNIR
Guía de uso de Latch en la UNIRChema Alonso
 
Curso Online de Especialización en Seguridad Informática para la Ciberdefensa
Curso Online de Especialización en Seguridad Informática para la CiberdefensaCurso Online de Especialización en Seguridad Informática para la Ciberdefensa
Curso Online de Especialización en Seguridad Informática para la CiberdefensaChema Alonso
 
No me indexes que me cacheo
No me indexes que me cacheoNo me indexes que me cacheo
No me indexes que me cacheoChema Alonso
 
XSS Google Persistentes
XSS Google PersistentesXSS Google Persistentes
XSS Google PersistentesChema Alonso
 

More from Chema Alonso (20)

CritoReto 4: Buscando una aguja en un pajar
CritoReto 4: Buscando una aguja en un pajarCritoReto 4: Buscando una aguja en un pajar
CritoReto 4: Buscando una aguja en un pajar
 
Dorking & Pentesting with Tacyt
Dorking & Pentesting with TacytDorking & Pentesting with Tacyt
Dorking & Pentesting with Tacyt
 
Pentesting con PowerShell: Libro de 0xWord
Pentesting con PowerShell: Libro de 0xWordPentesting con PowerShell: Libro de 0xWord
Pentesting con PowerShell: Libro de 0xWord
 
Foca API v0.1
Foca API v0.1Foca API v0.1
Foca API v0.1
 
Recuperar dispositivos de sonido en Windows Vista y Windows 7
Recuperar dispositivos de sonido en Windows Vista y Windows 7Recuperar dispositivos de sonido en Windows Vista y Windows 7
Recuperar dispositivos de sonido en Windows Vista y Windows 7
 
It's a Kind of Magic
It's a Kind of MagicIt's a Kind of Magic
It's a Kind of Magic
 
Ingenieros y hackers
Ingenieros y hackersIngenieros y hackers
Ingenieros y hackers
 
Cuarta Edición del Curso Online de Especialización en Seguridad Informática p...
Cuarta Edición del Curso Online de Especialización en Seguridad Informática p...Cuarta Edición del Curso Online de Especialización en Seguridad Informática p...
Cuarta Edición del Curso Online de Especialización en Seguridad Informática p...
 
Auditoría de TrueCrypt: Informe final fase II
Auditoría de TrueCrypt: Informe final fase IIAuditoría de TrueCrypt: Informe final fase II
Auditoría de TrueCrypt: Informe final fase II
 
El juego es el mismo
El juego es el mismoEl juego es el mismo
El juego es el mismo
 
El Hardware en Apple ¿Es tan bueno?
El Hardware en Apple ¿Es tan bueno?El Hardware en Apple ¿Es tan bueno?
El Hardware en Apple ¿Es tan bueno?
 
Hacking con Python
Hacking con PythonHacking con Python
Hacking con Python
 
Shuabang Botnet
Shuabang BotnetShuabang Botnet
Shuabang Botnet
 
Tu iPhone es tan (in)seguro como tu Windows
Tu iPhone es tan (in)seguro como tu WindowsTu iPhone es tan (in)seguro como tu Windows
Tu iPhone es tan (in)seguro como tu Windows
 
Codemotion ES 2014: Love Always Takes Care & Humility
Codemotion ES 2014: Love Always Takes Care & HumilityCodemotion ES 2014: Love Always Takes Care & Humility
Codemotion ES 2014: Love Always Takes Care & Humility
 
Analizando la efectividad de ataques de correlación pasivos en la red de ano...
Analizando la efectividad de ataques de correlación pasivos en la red de ano...Analizando la efectividad de ataques de correlación pasivos en la red de ano...
Analizando la efectividad de ataques de correlación pasivos en la red de ano...
 
Guía de uso de Latch en la UNIR
Guía de uso de Latch en la UNIRGuía de uso de Latch en la UNIR
Guía de uso de Latch en la UNIR
 
Curso Online de Especialización en Seguridad Informática para la Ciberdefensa
Curso Online de Especialización en Seguridad Informática para la CiberdefensaCurso Online de Especialización en Seguridad Informática para la Ciberdefensa
Curso Online de Especialización en Seguridad Informática para la Ciberdefensa
 
No me indexes que me cacheo
No me indexes que me cacheoNo me indexes que me cacheo
No me indexes que me cacheo
 
XSS Google Persistentes
XSS Google PersistentesXSS Google Persistentes
XSS Google Persistentes
 

Recently uploaded

UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6DianaGray10
 
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDEADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDELiveplex
 
Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioChristian Posta
 
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsIgniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsSafe Software
 
Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024SkyPlanner
 
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAshyamraj55
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...DianaGray10
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1DianaGray10
 
9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding TeamAdam Moalla
 
Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1DianaGray10
 
Nanopower In Semiconductor Industry.pdf
Nanopower  In Semiconductor Industry.pdfNanopower  In Semiconductor Industry.pdf
Nanopower In Semiconductor Industry.pdfPedro Manuel
 
UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8DianaGray10
 
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online CollaborationCOMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online Collaborationbruanjhuli
 
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UbiTrack UK
 
Cybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxCybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxGDSC PJATK
 
Linked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesLinked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesDavid Newbury
 
Introduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxIntroduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxMatsuo Lab
 
VoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXVoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXTarek Kalaji
 
How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?IES VE
 

Recently uploaded (20)

UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6
 
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDEADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
 
Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and Istio
 
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsIgniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
 
Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024
 
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
 
9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team
 
Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1
 
Nanopower In Semiconductor Industry.pdf
Nanopower  In Semiconductor Industry.pdfNanopower  In Semiconductor Industry.pdf
Nanopower In Semiconductor Industry.pdf
 
UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8
 
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online CollaborationCOMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
 
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
 
Cybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxCybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptx
 
Linked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesLinked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond Ontologies
 
Introduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxIntroduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptx
 
20150722 - AGV
20150722 - AGV20150722 - AGV
20150722 - AGV
 
VoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXVoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBX
 
How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?
 

New Paradigms of Digital Identity: Authentication & Authorization as a Service (AuthaaS)

  • 1. Issue 2 New Paradigms of Digital Identity: Authentication and Authorization as a Service (AuthaaS)
  • 2. 2 New Paradigms of Digital Identity: Authentication and Authorization as a Service (AuthaaS) is published by Telefonica Editorial content supplied by Telefonica is independent of Gartner analysis. All Gartner research is used with Gartner’s permission, and was originally published as part of Gartner’s syndicated research service available to all entitled Gartner clients. © 2015 Gartner, Inc. and/or its affiliates. All rights reserved. The use of Gartner research in this publication does not indicate Gartner’s endorsement of Telefonica’s products and/or strategies. Reproduction or distribution of this publication in any form without Gartner’s prior written permission is forbidden. The information contained herein has been obtained from sources believed to be reliable. Gartner disclaims all warranties as to the accuracy, completeness or adequacy of such information. The opinions expressed herein are subject to change without notice. Although Gartner research may include a discussion of related legal issues, Gartner does not provide legal advice or services and its research should not be construed or used as such. Gartner is a public company, and its shareholders may include firms and funds that have financial interests in entities covered in Gartner research. Gartner’s Board of Directors may include senior managers of these firms or funds. Gartner research is produced independently by its research organization without input or influence from these firms, funds or their managers. For further information on the independence and integrity of Gartner research, see “Guiding Principles on Independence and Objectivity” on its website, http://www.gartner.com/technology/about/ombudsman/omb_guide2.jsp. 2 Introduction 3 The Digital Identity Ecosystem 6 New Models of Authentication/ Authorization as a Service: AuthaaS 8 An Integrated Vision 10 From the Gartner Files: New Competitive Threats as the IDaaS Opportunity Evolves 14 About Telefonica Business Solutions The concept of identity has always been the key factor when it comes to es- tablishing a relationship between individuals. Identification as a way to ensure someone is who they claim to be gains even greater relevance in an increas- ingly digitized world. This also brings a host of new challenges, including: Multidimensionality of digital identities. Their management and how this impacts on the definition of Corporate Identity (Social Identity vs Validated Identity). Attribution. Validation of the data (attributes) that make up and define a digital identity. Identity proofing. Validation of the relationship of an identity in the digital world with an identity in the real world. The aim of this document is to discuss the concept of digital identity in the cur- rent ecosystem, talk about IAM solutions (Identity and Access Management) and IDaaS (IAM as a Service) and propose a model that will reduce complexity in the process of authenticating and authorizing identity management. Introduction
  • 3. 3 Background For many years, the way of moving an individual’s identity into the digital world has involved the creation of a digital representation of that individual. The manner in which this individual’s digital identity is formulated depends on where it is to be used. From the perspective of the public sector, the validation of the relationship between this digital identity and the real world identity (identification/identity proofing) is vital. Typically, this identification process concludes with the generation of a set of credentials which links the individual with their identity in the digital world. This is the case of the processes that allow to register an individual within the society by issuing a unique number or physical token (e.g. national identifiers, social security numbers, digital certificate passwords, etc.). This issuance, managed by public authorities, constitutes a legally validated record, and it can be affirmed that these credentials correspond uniquely to a single individual. In addition, during the process of generating these credentials, certain attributes, which define the individual (such as name, surname, date of birth, nationality, gender, etc) will be validated. This set of identifiers, along with the validated attributes, whilst taking into account this 1:1 relationship with the individual which they identify, may be called Physical Identity. In private companies the scenario is slightly different. Companies have a need to validate the existence of an individual and their attributes in order to create another type of identity: Corporate Identity. To that end, it is possible to delegate the physical responsibility for carrying out the identification of individuals to the issuers of these identities. This is the case for a service provider who, in order to convert individuals into users of their systems or services, create their own credentials (e.g. an online banking user, a company employee or a consumer of services of a retail outlet). They require, to a greater or lesser degree, the submission of the corresponding physical identities so as to incorporate the attributes, which have already been validated, into the new identity. By creating these corporate digital identities, in addition to the attributes already validated by third parties, it is possible to add new attributes which can be validated by the service provider (e.g. postal address, bank account or phone number) or, even, attributes that it was not possible to validate but which have been provided by the individual themself — now the user. This type of digital identity, unlike physical identities, does not have a unique relationship with the individual. That is to say, the same person may have multiple identities with a single service provider (e.g. in the case of a provider that identifies its users by their account number, a user may have multiple accounts with the same provider). These digital identities have traditionally been managed by IAM (Identity and Access Management) systems. With the advent of Social Media and the emergence of Social Identities, there is no longer a need for identification to link digital identities to a physical identity. It is now possible for individuals to assign themselves an identity on a Social Media site and, although they are asked to provide attributes, there is no robust process of identification to validate the authenticity of those attributes. The creation of an identity on a social network such as Facebook is a case where, unlike the previously mentioned, the information which an individual will be asked for during the identification process is not directly validated. When a new user joins Facebook, identification is established by requesting a prior digital identity (i.e. an email account). It could be argued that this identification is verified by an identification request made to the email account provider. However, there is no certainty that this provider actually validates the attributes of the individual. . Example of physical identity with validated attributes The Digital Identity Ecosystem
  • 4. 4 IDAAS solutions are key factors in the evolution of traditional IAM management models Source: Telefonica FIGURE 1 How to obtain the best balance between usability, security and verification when authenticating and identifying users? PHYSICAL IDENTITY CORPORATE IDENTITY SOCIAL IDENTITY SECURITY Physical Check Digital Certificate USABILITY SECURITY VERACITY User/Password - 2FA (token SMS, @) - Social Login add � add � IAM B2B B2C Whilst the benefits of social identities means better usability (fewer passwords, login and registration steps, improved and easy support) and improved intelligence (which make it easier to use these OTT solutions), there are disadvantages concerning privacy or identity theft. This, in turn, is leading to hybrid models which link digital identities generated by service providers with the identities that users provide. This need, together with the emergence of federated identity management, has given rise to complex scenarios in which identity management is carried out in a fragmented and adaptable way. This fragmentation means that now whoever issues and validates the credentials of a digital identity does not necessarily have to be the owner of the resource. This means being able to provide identity, as well as its management, as a service (IDaaS). Source: Telefonica
  • 6. 6 New Models of Authentication/ Authorization as a Service: AuthaaS Following this trend (IDaaS), in which companies or service providers increasingly delegate certain aspects of identity management to a third party, it is fundamental to focus on verifying that an individual is who they claim to be and therefore authorize their access to a resource. • User authentication must be able to validate that the credentials a user provides have not been altered and thus enable verification that the user who owns them is, in fact, a legitimate user of the system. • User authorization must be able to establish how users can gain access to certain resources, and who is authorized to do so at any given time. AuthaaS solutions should adapt how users authenticate, access and interact with the business. Within this proposal the mobile device is the key: • Maximizes universality, allowing any user to interact anywhere using any technology. The mobile device is the only physical device that nowadays can be considered universal • Maximizes usability, allowing user interactions with no barriers (anywhere, anytime) Identification, with solutions that give the ability to individuals, businesses and governments to trust and have confidence in the identities of people with whom they interact. The use of mobile device requires a SIM card which distribution is highly regulated by the market (Telcos) and in that process a validation of the identity holder is carried out prior to activation controlled; • Evolving security. Mobile device allows companies to create authentication/authoritation adaptatives schemes over traditional IAM models Your mobile, your identity Source: Telefonica FIGURE 3 Mobile devices – key factors in the search for convergence between physical identity and digital identity 3G 4G Wifi Network Connectivity Internet, apps and data Camera GPS Screen NFC Bluetooth Biometric Sensors ID-related Technologies SIM (Suscriber Identity Module) MICRO SD (Micro Secure Digital) eSE (Embedded Secure Element) Security elements to protect user data 1. Mobile Device = Authentication Device There are a huge number of types of credentials that are being explored in order to create a way of preserving the unchanged relationship of digital identities. The various solutions that exist on the market today are based on something that the individual knows (e.g. passwords), something that the individual possesses (e.g. physical tokens: smartcards, NFC tokens, etc.), something that the individual is (e.g. fingerprints, voice signature, iris signature, etc.), or something that tells you how the individual behaves (e.g. behavioural analysis). In fact, in order to ensure the usability of authentication solutions, hybrid systems are often devised involving several of these methods, and providing differing degrees of authentication.
  • 7. 7 Mobile devices as authenticators: • They act as alternative channels for the verification of access to services (enabled for OTP service implementation – via SMS, or automatic notification via APP). They are a good method to protect users against malicious acts, such as phishing or identity theft. • They provide different degrees of authentication • Simple Authentication: Single factor = “something I have” • Click OK (SMS URL or SIM click OK) • Strong Authentication: Two factors = “something I have and something I know” • PIN Two factors = “something I have and something I am” • Biometrics 2. Mobile Devices as Authorization Devices The most frequent use of the authentication mechanisms mentioned above is usually related to the control of access to the resources of a system. This enables authorization mechanisms to establish how users can gain access to certain resources, and who is authorized to do so at any given time. In this regard, as is the case with authentication, mobile devices can be used as elements of interaction with users which can apply global strategies (Mandatory Access Control – MAC) or discretionary strategies (DAC). As a part of those strategies, different methods are defined: RBAC, capabilities, as a couple of examples. In a complementary manner, the use of mobile devices would enable the role of who defines access policy to be widened, so that it is not only the owner of the resource. This would enable the mobile user to set controls on the use of resources when such a use is made using their credentials. 3. Mobiles Devices as Signature Devices Mobile devices incorporated as part of business processes can be used to perform digital signature processes, either by using a digital certificate stored on the device itself, through the use of a PIN encrypted in the SIM card, or by using a handwritten signature (biometrics). It is clear that mobile devices used as identity tokens offer companies or service providers the following benefits: • A secure element for the authentication and identification of users thanks to the use of the operator’s infrastructure: mobile network + SIM as a secure container. • A link between physical identity and digital identity. Phone numbers enable us to establish this link between identities, by enabling the identification of an individual in services, both public and private, thanks to authentication and the sharing of attributes. • Global reach. Mobile devices (Smartphones) have undoubtedly become the most used and widely adopted form of technology which keeps digital users connected. • More frequent log-ins by removing passwords while improving security, at the time it improves customer insights by receiving a persistent, unique, User ID across any device used by the same user. • Creation of adaptive models. Mobile identity management as part of IAM solutions enables authentication/adaptive authorization systems to be configured based on context. This enables risk- based policies to be defined and so improves the end user experience (mobility, elimination of the password). • Show innovation and leadership by supporting a “mobile first” strategy. Source: Telefonica
  • 8. 8 An Integrated Vision Based on the mobile device as the key to set authentication and authorization, Telefonica go for a combined model Authentication / Authorization as a Service that allows companies to: a) Enjoy different levels of authentication (multifactor adaptive authentication) depending on the context and the risks that the company are ready to assume: from basic authentication to strong authentication. b) Be able to apply an effective access control strategy (Authorization) across traditional IT environments and over current IAM environments: OTP and digital latch. c) In addition, under the same approach, the integration of the solution with business processes will allow the Enterprise to turn the mobile device company in a security tool to sign. Telefónica has increased its Security offering with the generation of brand new and innovative products focused on Identity and Privacy. Our Identity and Access solutions adapt to the way users authenticate, access and interact with businesses, based on a vision that maximizes four key vectors: • Identification; solutions that give the ability to individuals, businesses and governments to have confidence in the identities of people with whom they interact. • Universality; allowing any user to interact anywhere using any technology. • Compliance; making security a companion for your business, not a barrier. • Usability; solutions that allow user interactions with no barriers (mobility and avoiding the use of passwords). Source: Telefonica FIGURE 4 AuthaaS reduces complexity when authenticating and authorizing combined with Enterprise current IAM solutions. AUTHENTICATION AUTHORIZATON AUTHENTICITY · Seamless · Click OK SMS Url · Click OK SMS Applet · SIM + Certificate · Biometric signature - Fingerprint - Handwritten · SIM Applet + PIN · TEE + Biometrics · SIM / SMS · Digital Latch TELEFÓNICA SERVICE SERVICE PROVIDER Basic Authentication Strong Authentication Digital Signature Otp Enable users to authenticate to your applications and to authorize access to resources via their phone
  • 9. 9 Secure digital identity is now in our hands Mobile Connect – an operator service for secure authentication and identification: • Uses a mobile phone for authentication (i.e. no passwords). • Easy to use, anonymous and many uses – including second factor authentication. • Develops a secure way of sharing attributes – putting the user in control. • Leverages existing operator assets – there is no user name and password to make a phone call or send SMS. • Offered as APIs for service providers to integrate into their digital services. A digital Switch Latch - protect your business and provide your users with an extra security layer • Latch lets you implement a safety latch on your online services. By minimizing the time during which services are accessible the risk of theft or unauthorized usage is reduced. • Reduces the risk of attacks directed at your online services by letting the users to lock the service account or selected features conveniently, when they don´t want to use them. • Independent of other authentication mechanisms, as it supports most platforms and programming languages through APIs, SDKs and plugins. • Available for Android, Blackberry, iPhone, Firefox OS devices and Windows Phone. Sign your documents using your mobile phone SealSign - digital and biometric signature to securely sign electronic documents through your mobile phone • Scalable, modular and full enterprise platform for electronic document signatures compatible with digital certificates, biometric systems, OTP systems and long-term archiving of signed documents. • Reduces costs associated with hardcopy management (printing, digitalization, transfer, archiving). • Improves productivity and efficiency of business processes. • Accessible from business applications and mobile devices. • Generates electronic documents with full legal validity. • Possibility of service via cloud or on-premise platform to meet enterprise needs. For more information see Telefonica Security Services portfolio at https://www.elevenpaths.com/es/index.html Source: Telefonica
  • 10. 10 For product and go-to-market strategists at IAM vendors and service providers: • Expand new capabilities to account for more complex IAM use cases involving the management of relationships between objects, systems and users. Strategic Planning Assumption By 2019, 40% of IDaaS revenue will accrue to PaaS vendors, up from less than 5% in 2014. Analysis Introduction Growth in the identity and access management as a service (IDaaS) market (see Note 1) outpaces that in the overall identity and access management (IAM) market, thanks in large part to increased adoption of SaaS and platform as a service (PaaS) computing models. Compared with even a few years ago, the IDaaS market is much more competitive, varied and diverse. Longstanding players, such as CA Technologies (CA), Okta, OneLogin and Ping, compete with new entrants, including broader platform vendors (such as Microsoft and Salesforce) and providers with an integrator background. This will put pressure on IDaaS pricing in the next few years, changing the competitive dynamics of both the cloud and on-premises IAM markets. Product and go-to-market strategists at traditional IAM providers and IDaaS providers must be aware of these changing dynamics and adjust their market approaches accordingly. A Diverse, Changing and Attractive Market The IDaaS market is still in its early stages, but will carry on, growing rapidly. Gartner estimates that, over the next five years, the average annual growth rate in the IDaaS market will be 37%, compared with 8% for the overall IAM market. (Note that we do not include current calculations of the user authentication market in these estimates. Authentication as a service is a simple function to deliver compared with As IDaaS adoption increases, PaaS providers will expand their mind share, altering the dynamics of the IAM market. As the opportunity evolves, product and go-to- market strategists at IDaaS and IAM providers should highlight their uniqueness and target skills gaps and IoT-related demand. Impacts • Increasing SaaS and public cloud adoption will favor the growth and influence of large PaaS and IaaS IDaaS players, pushing many small pure-play IDaaS providers to look for new opportunities. • The evolution of enterprises’ IT infrastructure toward mobile and cloud- based ecosystem needs will push IDaaS and IAM providers into expanded feature sets and/or services, such as enterprise mobility management. • The proliferation of connected, networked devices will bring major changes to the IAM space, and this will force IDaaS and broader IAM providers to align their approaches with new enterprise scenarios where access control activities will expand to external users, devices and systems. Recommendations For product and go-to-market strategists at existing stand-alone IDaaS providers: • Exploit clients’ potential concerns about lock-in with platform vendors to fend off increasing competition from cloud providers such as Microsoft and Salesforce. For product and go-to-market strategists at pure-play and PaaS IDaaS providers: • Market your IDaaS solution’s ability to address skills shortages, the simplification of the existing IAM ecosystem, and rapid integration and implementation. When organizations decide to buy IDaaS over on-premises software, business drivers centered on time-to-value often trump cost. multifunction IDaaS.) Estimated total spend on multifunction IDaaS was almost $300 million in 2014, and we expect it to exceed $1 billion by year-end 2018. The IDaaS solutions market is composed of many startups that often specialize in IAM. This is in contrast to the traditional on- premises IAM market, which is dominated by big providers such as IBM, Oracle, CA and Microsoft, which offer products that span the security and IT space. But growing interest in cloud-based IAM, and the sheer numbers of smaller players in the market, have resulted in a recent spate of mergers and acquisitions (M&As) and market consolidation,1 which has now peaked. Many IAM providers are less likely to acquire in this space as a result of prior acquisitions or internal development of their own IDaaS capabilities. Looking ahead, the overall IAM market will be shaped by elements of what Gartner defines as digital business: social media, mobility, the cloud, data and the Internet of Things (IoT). • Employees’ widespread use of new mobile platforms and devices, social media and — most importantly — cloud computing will characterize IAM activities in the future. Users’ growing need for mobile applications, for example, will create pressure to authenticate mobile users and support mobile applications. • Multifactor and device authentication will be particularly important, especially with the proliferation of devices that the IoT is likely to create. • Providers will have to create and deploy hybrid product features. This imperative will be driven by the need to authenticate access to SaaS applications by employees and external users (such as business partners or contractors), and the continuing need to meet more traditional IAM requirements. From the Gartner Files New Competitive Threats as the IDaaS Opportunity Evolves
  • 11. 11 11 Figure 1 highlights the main impacts affecting the developing IDaaS market, and corresponding recommendations for product and go-to-market strategists. Impacts and Recommendations Increasing SaaS and public cloud adoption will favor the growth and influence of large PaaS and IaaS IDaaS players, pushing many small pure-play IDaaS providers to look for new opportunities Several factors are influencing the higher uptake of IDaaS: • Increasing use of SaaS applications in companies, and the need to authenticate users using these applications. This is creating more demand for security controls to cope with users’ changing requirements. • The challenges posed by the complexity of traditional on-premises IAM tools, and the lack of suitably qualified staff to implement solutions (especially in small or midsize businesses [SMBs]). • The increasing requirement for IAM in consumer-facing applications. Large vendors such as Microsoft, IBM and Salesforce entered the market in 2014. These more general providers are likely to have a considerable influence, offering IDaaS as part of a broader portfolio. We can expect PaaS IDaaS vendors to capture 40% of the overall IDaaS market by 2019. Cloud platform players can become very competitive in this growing market via two connected routes. They can offer integrated “good enough” IDaaS capabilities to both existing and new PaaS and IaaS clients. Along with this, they can offer discounted pricing or some bundled cloud-based IAM capabilities at no extra cost. Examples of this approach include Amazon, which offers some limited cloud- based IAM capabilities as part of its PaaS product, or Microsoft’s free Azure AD option. The expansion of general cloud providers into this market is likely to push down prices, putting further pressure on this evolving but increasingly competitive space. In small and midsize organizations, SaaS models within IAM systems remain a popular alternative. But we can expect uptake among large organizations to increase as they try to cope with the IAM demands originating from new digital business requirements such as mobility, cloud and IoT. Source: Gartner (January 2015) FIGURE 1 Impacts and Recommendations for Product and Go-to-Market Strategists
  • 12. 12 Recommendations: For product and go-to-market strategists at existing stand-alone IDaaS providers: • Exploit clients’ potential concerns about lock-in with platform vendors to fend off increasing competition from cloud providers such as Microsoft and Salesforce. For product and go-to-market strategists at broad IAM providers: • Consider new pricing models to align with new technology consumption demands originating from cloud-based IAM. On-premises providers introducing subscription models will be able to cope better with the pressure brought by IDaaS. The evolution of enterprises’ IT infrastructure toward mobile and cloud-based ecosystem needs will push IDaaS and IAM providers into expanded feature sets and/or services, such as EMM The new requirements of mobile computing and the cloud will also change the dynamics of the IAM market. The need to provision and authenticate users’ access to applications from traditional Windows endpoints to multiplatform mobile devices will have to fulfill users’ requirements for adaptable and flexible functionality that can be delivered rapidly. Providers will position IDaaS to deliver this functionality with better time to value for organizations that do not have the expertise to deliver on-premises solutions. We don’t expect market share positioning in the overall IAM market to change dramatically in the short term. But traditional on-premises providers that do not also have an IDaaS offering will come under increasing pressure from enterprises’ growing demands for cloud-based IAM. This will produce its own competitive pressure, particularly as PaaS and IDaaS providers increase their market presence. Recommendations: For product and go-to-market strategists at pure-play and PaaS IDaaS providers: • Market your IDaaS solution’s ability to address skills shortages, the simplification of the existing IAM ecosystem, and rapid integration and implementation. This is particularly true in those cases where IDaaS is used to address and replace ineffective deployments. When organizations decide to buy IDaaS over on-premises software, business drivers centered on time to value often trump cost. • Bear in mind that business drivers often determine how cloud-based IAM capabilities are deployed. These drivers include time to value, movement to operating expenditure (opex) over capital expenditure (capex), and reducing duplicate IAM infrastructures rather than cost. The proliferation of connected, networked devices will bring major changes to the IAM space, and this will force IDaaS and broader IAM providers to align their approaches with new enterprise scenarios where access control activities will expand to external users, devices and systems. New IoT-based challenges to IAM will arise because of the following key factors. • A huge number of new devices will be deployed, with identities that have to be managed. • There will be a wide variety of device types, some smarter than others. Most IoT devices are expected to use different protocols, so proxies will be needed to manage them. IAM tools will have to find a way to interface with these proxies. • People and things will have multiple relationships, with each other and with various services. IAM will become more about managing relationships among people, services and things. The added complexity caused by these factors will bring a set of new problems to organizations. Being able to apply an effective access control strategy across traditional IT environments and IoT infrastructures will become crucial, to avoid potential security breaches. Product and go-to-market strategists at IDaaS providers will have to determine which competencies and strengths they can use to meet these new requirements, and how well-positioned they are to compete in this evolving scenario. Based on this assessment, they can consider and develop a new IAM strategy to align with new enterprise scenarios. This is especially pertinent because there will be a push to expand the focus of the approach to a more complex set of relationships involving users, systems and devices. Potentially, in the long term, the entire competitive landscape may change, with new players, such as traditional asset management vendors, becoming competitors. Ownership of devices may not reside within the organization that interconnects with them, and IoT devices may not be operating within the enterprise’s boundaries. This is likely to be the biggest challenge to face. And it should make a cloud-based IAM approach more suitable to catering to the needs of an IoT environment, because of its greater flexibility and potential for faster implementation.
  • 13. 13 13 Source: Gartner Research, G00260800, Ruggero Contu, Gregg Kreizman, 30 January 2015 Recommendations: For product and go-to-market strategists at IAM vendors and service providers: • Expand new capabilities to account for more complex IAM use cases involving the management of relationships between objects, systems and users. For product and go-to-market strategists at pure-play IDaaS providers: • Expand your capabilities for internal IAM and privileged account management (PAM) delivered via hybrid solutions or entirely from the cloud. This will require you to invest in development or acquire small identity governance and administration (IGA) or PAM providers. Note 1 IDaaS Identity and access management as a service (IDaaS) is a subset of IAM. Vendors in the IDaaS market deliver a service that is predominantly cloud- based, in a multitenant or dedicated and hosted delivery model. This service brokers core identity governance and administration, access and intelligence functions to target systems on customers’ premises and in the cloud. For product and go-to-market strategists at pure-play and PaaS IDaaS players: • Consider the short-term opportunities created by the demand for external identity management requirements to allow access by contractors, vendors and other external users, especially around PAM. Evidence 1 Examples of such activity include IBM’s purchase of Lighthouse Security Group, Intermedia’s purchase of SaaSID, and EMC/ RSA’s purchase of Symplified’s intellectual property.
  • 14. 14 Telefonica Business Solutions, a leading provider of a wide range of integrated communication solutions for the B2B market, manages globally the Enterprise (Large Enterprise and SME), MNC (Multinational Corporations), Wholesale (fixed and mobile carriers, ISPs and content providers) and Roaming businesses within the Telefonica Group. Business Solutions develops an integrated, innovative and competitive portfolio for the B2B segment including digital solutions (m2m, Cloud, Security, e-Health or Digital Marketing) and telecommunication services (international voice, IP, bandwidth capacity, satellite services, mobility, integrated fixed, mobile, IT services and global solutions). Telefonica Business Solutions is a multicultural organization, working in over 40 countries and with service reach in over 170 countries. https://twitter.com/TelefonicaB2B About Telefonica Business Solutions