Security Market Segment LS
Monday, 18 May 2015 16:59

Ping Identity promotes stepping stone to a new world of identity


Ping Identity says its approach provides a way to retrofit federated identity and single sign on to existing applications as a stepping stone to the broad adoption of its proposed standards.

Since internet protocols were originally based on the idea of routing packets between trusted entities, the internet has no universal concept of identity, said Ping Identity CEO and chairman Andre Durand (pictured above), noting that Vint Cerf, one of the fathers of the internet, has said that if given a second chance to start from scratch he would tackle identity.

But "retrofitting the house" is a messy and complicated business, said Durand, as it means building identity into everything, and that has resulted in password proliferation.

While it is useful but not essential to know who is visiting a particular web site ("There's a lot of money at stake" in knowing who is visiting a particular site, he said, predicting a shift from 'anonymous by default' to 'identified by default'), identity is essential where value is involved, whether that is about transferrable value - think internet banking sites or PayPal - or the use of subscription services.

It is also an essential part of corporate systems, as different people have access to different systems and data.

So Ping Identity's platform is designed to suit the need for systems to identify users whether they are employees, customers, partners or whatever.

The company's vision is that identity should be the centrepiece of security (the traditional concept of users and systems both being inside a firewall is no longer realistic), and that identity is used to give the right people access to the right resources. "I think we're on the way," he told iTWire.

Durand sees a parallel with the early 1990s where proprietary protocols meant many organisations had internal email systems that could not be used to communicate with the outside world. But that changed when internet-oriented protocols including SMTP were widely adopted.

Ping Identity has been developing identity standards to cover every use case, he said, and putting them on top of proprietary identity systems in order to provide broad single-sign-on capabilities for diverse systems, including SaaS.

Federated sign-on means that once users have identified themselves, they can access all the internal or external resources they are entitled to, without having to repeatedly log in.

Ping Identity CloudDesktop

Durand sees these new standards replacing existing identity architectures over time. "A refresh is quickly approaching," he told iTWire. There comes a point where people accept that standards are good enough, and the new identity standards are getting there.

For now, the company is working with systems integrators such as PriceWaterhouseCoopers and Deloitte, as well as vendors including Amazon Web Services, Cisco, F5, MDM provider MobileIron, and identity management specialist UnboundID. "The ecosystem's pretty broad," he said.

As noted in a previous article, some organisations are cutting back on their data centres in favour of IaaS. One very large US company is using Ping Identity in such an environment, Durand told iTWire.

Local customers include certain Queensland Government departments and some large private banks, he added.

Looking ahead, smartphones "open the door to user authentication," he said, as they provide a platform for "continuous authentication." Examples include the ability to consider how the user typed a PIN or password rather than merely what was typed, to incorporate Touch ID and other biometrics, and to take into account the location of the device. The more atypical the pattern and the more valuable the resource being accessed, the more reason there is to deny or challenge the interaction.

Durand gave as an example the way that as CEO, he is authorised to view the company's bank accounts and initiate wire transfers, but he has never done so because the finance function takes care of that. So if he did attempt a transfer, that should be flagged as risky behaviour as it is so atypical - but the right analytics layer is needed to determine whether it is appropriate to increase authentication activity in case someone has been able to get hold of his phone while it was unlocked, or to block the activity completely in case he had gone rogue.


As part of our Lead Machine Methodology we will help you get more leads, more customers and more business. Let us help you develop your digital marketing campaign

Digital Marketing is ideal in these tough times and it can replace face to face marketing with person to person marketing via the phone conference calls and webinars

Significant opportunity pipelines can be developed and continually topped up with the help of Digital Marketing so that deals can be made and deals can be closed

- Newsletter adverts in dynamic GIF slideshow formats

- News site adverts from small to large sizes also as dynamic GIF slideshow formats

- Guest Editorial - get your message out there and put your CEO in the spotlight

- Promotional News and Content - displayed on the homepage and all pages

- Leverage our proven event promotion methodology - The Lead Machine gets you leads

Contact Andrew our digital campaign designer on 0412 390 000 or via email



Security requirements such as confidentiality, integrity and authentication have become mandatory in most industries.

Data encryption methods previously used only by military and intelligence services have become common practice in all data transfer networks across all platforms, in all industries where information is sensitive and vital (financial and government institutions, critical infrastructure, data centres, and service providers).

Get the full details on Layer-1 encryption solutions straight from PacketLight’s optical networks experts.

This white paper titled, “When 1% of the Light Equals 100% of the Information” is a must read for anyone within the fiber optics, cybersecurity or related industry sectors.

To access click Download here.


Stephen Withers

joomla visitors

Stephen Withers is one of Australia¹s most experienced IT journalists, having begun his career in the days of 8-bit 'microcomputers'. He covers the gamut from gadgets to enterprise systems. In previous lives he has been an academic, a systems programmer, an IT support manager, and an online services manager. Stephen holds an honours degree in Management Sciences and a PhD in Industrial and Business Studies.



Recent Comments