Identity Gets Boost as ‘DNA’ for Digital Enterprise Security: Top Takeways from Ping’s Cloud Identity Summit

Could identity become the DNA for delivering agile, strong, and situational security solutions for the new-gen digital enterprise?   A growing number of security execs see the possibilities. IDN looks at the Cloud Identity Summit with execs from Ping Identity.

Tags: API, authentication, cloud, distributed session management, IDaaS, identity, IDS Alliance, federated, MFA, mobile, multi-factor, Ping, security, SSO, WAM,

Pam Dingle
Principal Technical Architect

"The growth of the digital enterprise means an organization’s boundaries are less defined. This opens up a whole new set of challenges."

Enterprise Security
Identify, Combat, Neutralize and Predict Threats to the Enterprise
July 28, 2016
An Online Conference

Ping Identity debut products and plans for identity-base security at its Cloud Identity Summit.


Taken together, three major items show that Ping – alongside a growing number of partners – see where identity-centered security could be the DNA for delivering agile, strong and situational security for the new-gen digital enterprise.


IDN looks at

  • Ping’s Identity as a Service (IDaaS) cloud platform;
  • New work from an identity-focused security alliance founded in 2015 and
  • Ping’s plans new technologies, including a cross-domain ‘kill switch’

Ping’s Identity as a Service (IDaaS) cloud platform looks to help both IT and business uses adopt multi-factor authentication.  It looks to the end to a tricky trade-off IT has long had to make between strong security and a seamless (even enjoyable) user experience. 

The IDaaS upgrade sports features to make it simpler for companies to create and launch trusted mobile and cloud apps – while making them easier for end users.  It comes as investments accelerate in ‘digital enterprise’ projects which blend on-prem, legacy, web, mobile, SaaS and cloud assets.


“In today’s mobile-centric world, user experience is everything, and identity can make or break it,” Ping CEO Andre Durand said in a statement. “Today’s [Ping IDaaS] announcement ensures that enterprises can create trusted mobile experiences with very little friction, while also supporting IT’s need to move quickly without compromising quality.”


Durant shared one example where IDaaS can smooth adoption of multi-factor authentication:

A rise in phishing attacks, now spreading to mobile users, is prompting multi-factor authentication to “evolve from a ‘nice-to-have’ to a ‘must have,’” Durant noted.  But a decision to secure apps with multi-factor authentication can too often degrade the user experience.  That trade-off is no longer acceptable, he added. 


As to specifics, Ping’s latest IDaaS delivers:

  • A consistent, familiar user experience on mobile devices.
  • Updates to mobile MFA let enterprises can brand the entire MFA experience for employees and partners as their own.
  • Secure privileged access and enhanced support for Windows Remote Desktop.
  • Support for MFA for Windows RDP, expanding support for apps that run on om-prem, in the cloud and even using VPNs and Secure Shell (available through PingID).
  • An upgraded user interface in the PingOne cloud.


Cisco Systems is using Ping IDaaS to provide their app users a secure, seamless and easy-to-use experience, according to Cisco security architect Ranjan Jain.


Identity-Defined Security Alliance Promotes Framework To Secure the Digital Enterprise

Security is often an equation where the outcome is more valuable than the sum of its parts.


That’s the way to think of the Identity Defined Security Alliance, a cross-discipline coalition of security vendors, including Ping, formed in 2015 to createa new identity integration framework.


The framework, debuted this month, maps out a multi-layer approach for securing a borderless digital enterprise. It also details the security pieces that need to be stitched together, along with how they should integrate and interoperate. As one might surmise from its name, the IDS Alliance framework puts identity at the center of security. (see image) 


Over time, the IDS Alliance integrated platform aims to de-mystify and uncomplicated security for complex hybrid IT environments (on-prem, cloud, mobile, even IoT) by providing organizations a pre-configured approach by bringing together key components that will work well together.


According to members, the explosion of the digital enterprise capabilities – today and into the future – requires better cooperation among security providers to make it easier and simpler for companies to assure their security.

Ping senior technical architect Pam Dingle put today’s security challenges in terms architects and integration developers can relate to. 


“The ways we used to deliver security protecting individual elements, such as apps, endpoints, networks, devices, today is a challenge. The growth of the digital enterprise, with cloud, mobile and so on, means an organization’s boundaries are less defined. Plus, workers now expect to work from anywhere, not just in the office,” Dingle told IDN. “This opens up a whole new set of challenges for protecting data, devices and even the user privileges from being compromised.”


IDS Alliance lists these components that will all work together in its integrated framework.

IDS Alliance

Identity federation and single sign-on
Security incident and event management (SIEM)
Contextual, multi-factor authentication
Web and API access security
Enterprise mobility management
Cloud access security brokering (CASB)
Identity, behavior and threat analytics, (including UEBA)
Risk management, including privileged access management (PAM)
Endpoint security management

IDS Alliance’s members represent many of these capabilities, and include:

Ping (identity and access management)
Netskope (CASB)
ThreatMetrix (fraud and risk)
VMWare/AirWatch (EMM)
Exabeam (UEBA)
Lieberman Software (PAM)
Optiv, incident response, risk and compliance, and other managed security services

By integrating top-rated security solutions, with identity at the center, the IDS Alliance’s goal to deliver a framework for a new generation of easier-to-install integrated security solutions, Dingle told IDN. The integrated solution will be able to monitor, protect, enforce policy and even predict vulnerabilities – across all the ‘borderless’ touch-points of the digital enterprise, she added.   


Ping’s CEO Durand put it this way:


"The proliferation of cloud, mobile and Internet of Things has made navigating an already confusing landscape of security solutions even more challenging for CISOs. There is no silver bullet solution to (these) complex challenges . . . so we created this alliance . . . for a new approach to security that ensures trusted users seamless, secure access to what they need to get their job done.”


For his part, Robert Block, vice president of Optiv (an IDS Alliance co-founder) said in a statement “To be successful, security leaders need a holistic strategy and program that include the right mix of people, process and technology with identity positioned at the heart of everything.”


Members of IDS Alliance are making the commitment that their products will work together, thanks to pre-defined and coordinated integration capabilities available out of the box with each. Ping launched the Alliance in late 2015 to address the growing frustration expressed by CISOs regarding too many solutions in silos.


Ping Moves To Develop ‘Cross Domain’ Kill Switch; Continuous Authentication 

Ping Identity Security Cloud

Ping is also taking identity to tackle a new set of security challenges. 

Ping CTO Patrick Harding told the crowd at CIS the industry’s move to the digital enterprise holds security challenges Ping is ready to take on.


For example: Harding said that today, there’s no way to quickly and reliably shut down multiple session all at once from one place, he noted said.  “We need a kill switch for identity. . . Unless we do this well, I’m worried we’re leaving doors open to the bad guys.”


Harding put the need for a kill switch, and why identity could be the key, into context.


“In the identity world, we’ve grown our capabilities over time, as we’ve had to solve different problems,” he said. Today’s new problem is to get security under control for the digital enterprise, and the spike in the number of devices, users, apps that run outside enterprise walls.


“The growth in compromised records has been trending upwards [as] the attack surface is increasing.” Harding told the crowd. Further exposing risk is password-based SSO (single sign-on). While SSO has proven convenient for the user, many SSO solutions are based on weak passwords – and that creates vulnerabilities, Harding said.


He also got technical about the make-up of such a ‘kill switch.’ It would implement federated identity and support distributed session management, distributed consensus and distributed trust, Harding said. 


With this in mind, Ping made a seed investment in Swirlds, a new platform that aims to solve some crucial limitations of blockchain technology to better assure Distributed Session Management. Ping plans to work with Swirlds to create a new standard for DSM that can be used by all cloud applications and identity providers.


Ping is also investing in continuous authentication, where a user is not simply authenticated once, when logging into an app.  Instead, systems will continuously verify the identity of the user, tracking user activity over time.


The industry needs to “move identity out of static policies, and allow systems to make more dynamic decisions based on intelligent services, Harding said.   “We can shift away from static policies that are driven by rules, into a world of more dynamic authentication, based on what that user has been doing over time.”


Vista Private Equity Likes The Vision So Much – It Bought the Company

Earlier in June, Ping announced it had been acquired by Vista Equity Partners, a leading private equity firm focused on software, data and technology-enabled businesses.  Ping execs said the acquisition was a validation of its IDaaS strategy and capabilities.


“This is a great day for Ping Identity as the investment validates what we’ve built: the leading Identity and Access Management platform,” Durand said in a statement at the time. He reported Ping’s expected annual recurring revenue was on track to exceed $100 million for the full year 2016.


“The growth of the digital enterprise means an organization’s boundaries are less defined. This opens up a whole new set of challenges.