![]() It’s not determined by how good you think you’ve built the systems to communicate with each other. You have a better idea of the green and the red and a lot less in the middle where you’re willing to balance the equation. You’re enabling those services to make really good judgments and reduce that whole idea of the grey. You’ve got passive behavioral biometrics with profiling and all the data analytics on the backend. You see when they’re coming in, when they’re resetting it, what they’re trying to do. And what that means is you’re continuously looking at information along the journey of the individual. So instead of just having the green at the front door zero trust identity is in there. You’re getting a lot more analytics and information. So we’re going to try to figure out how we want to run within that space. We don’t know enough about this middle, and it’s gray. When you try to figure out your risk posture, you say, okay, this is green we know that. Matt: You can’t limit the idea on credentials as being the only thing that determines whether or not something is risky. How do you see that? Is that a silver bullet that’s going to help address 80% of the risk? So let’s introduce FIDO2 and Webauthn, what everybody is talking about. There are still many areas in the identity lifecycle that you were thinking about - from account origination and KYC processes to continual risk and analysis. So if you are still limiting yourself to something that no longer makes sense to secure at scale, get out of that whole routine.Ī lot of other passwordless solutions bring them in by saying, “Here’s a password, reset it, and this will be your fallback anytime you have an issue, and if you forget how to get into your account, we’re going to reset with a password.”Ĭraig: Also, passwordless is one piece to strengthening credentials. We’re in a different place now with our devices, services and analytics and on the backend. So if we’re thinking about passwordless, the idea is to expand the scope past that limitation. Matt Nunn with Citigroup: If you think of why we had passwords and pins, the reason is: the only interface you had in the computing environment for the individuals to use was a keyboard, right? And you had to have something to try to identify what was going on and how they were interacting. It’s trimmed down to give you the most valuable information from their Q&A:Ĭraig Currim with Transmit Security: Matt, tell us, why do you think passwordless matters? Or keep reading to get the best highlights of their talk. ![]() If you have an all-access pass to Gartner IAM, you can re-play their full session. How to start with one pain point and expand further.Advice on shrinking the gray area between “good” and “bad”.Why and how to secure the full identity journey.Matt Nunn gave attendees illuminating and tactical advice, loaded with real-world scenarios. We certainly couldn’t do it without a customer like Citi, willing to share their story. Gartner organizers said it was in the top three talks at the event. In a conversational session, “Rolling Out Passwordless to 200 Million Banking Clients in 160 Countries,” Transmit Security’s SVP Field CTO Craig Currim sat down with Citi’s Director and Global Head of Identity & Access Management Engineering Matt Nunn. And that’s certainly the case with Citigroup. It’s a journey that warrants strategic tips and insights from security experts with hands-on experience, preferably those who’ve achieved large-scale success. If drawing a crowd at Gartner IAM is proof, it’s fair to conclude: identity professionals are hungry to hear from other companies that have crossed the chasm - from risky passwords to passwordless customer authentication.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |