Duo Security Speaks at IRM Summit 2014 in Phoenix, Arizona
Duo Security’s Security Evangelist Mark Stanislav spoke on panels at this year’s Identity Relationship Management (IRM) Summit in Phoenix, Arizona from June 3-5. Hosted by ForgeRock at the Arizona Biltmore, the conference addressed IRM platforms as they relate to the IoT (Internet of Things).
The workshops, sessions, demos and panels addressed the business and technical pillars of IRM, including how to manage identities in a world growing exponentially in users and devices, with data and resources no longer only located on-premises but also in the cloud.
Contextual Authentication and Security Signals
Mark first spoke on the panel, Contextual Identity as a Differentiator, discussing the recent increase in breaches and how identity attributes can be used as inputs to adaptive authentication, as well as used to personalize consumer services.
He referred to Google’s search algorithm that uses signals in order to determine which sites should show up in their top ten results. Similarly, with contextual authentication, the signals we use are numerous. One example is the amount of contextual data used to inform authentication that we derive from mobile phones that are used as authentication devices.
The data can be used to bring up many different questions that affect security, including: What kind of risk do jail-broken devices introduce in terms of security? Or, what about patch levels? For example, Android devices may be lagging in device security if they’re outdated and don’t have any carrier updates available.
He went on to discuss how certain devices may introduce different types of risk, what that means to contextual authentication, and what kinds of signals are ideal to use for authentication. Other panelists included Brian Spector, CEO of CertiVox; Didier Perrot, CEO of inWeboo Development; and Josh Alexander, CEO and co-founder of Toopher.
Watch the full video below to learn more:
User Authentication in a Borderless World
Mark also spoke on the panel, As the World Turns: The Changing Drivers Behind User Authentication, discussing how user authentication needs to change to adapt to new risks introduced by access management in a borderless world.
In particular, he discussed how with the advent of cloud integrations with the Internet of Things, many vendors are leveraging backend services. In his security research, he’s found that passwords can be passed from one vendor to another, and how that can become problematic in the event of a breach as it leads to confusion about who exactly was breached.
The other panelists are the same as above, with the addition of Rajiv Dholakia, VP of Product of Nok Nok Labs, Inc.
Watch the full video below to learn more:
To find out more about upcoming conferences, including where Duo will be next, check out our Security Conference Calendar (Duo-attended events outlined in green)!
Mark Stanislav, Security Evangelist, Duo Security
Mark Stanislav is the Security Evangelist for Duo Security, an Ann Arbor, Michigan-based startup focused on two-factor authentication and mobile security. With a career spanning over a decade, Mark has worked within small business, academia, startup, and corporate environments, primarily focused on Linux architecture, information security, and web application development.
Mark has spoken internationally at over 75 events including including RSA, DEF CON, ShmooCon, SOURCE Boston, and THOTCON. Mark’s security research and initiatives have been featured by news outlets such as the Wall Street Journal, The Register, The Guardian, CSO Online, Security Ledger, and Slashdot.
Mark earned his Bachelor of Science Degree in Networking & IT Administration and his Master of Science Degree in Technology Studies, focused on Information Assurance, both from Eastern Michigan University. During his time at EMU, Mark built the curriculum for two courses focused on Linux administration and taught as an Adjunct Lecturer for two years. Mark holds CISSP, Security+, Linux+, and CCSK certifications.