Security Market Segment LS
Monday, 18 May 2015 16:59

Ping Identity promotes stepping stone to a new world of identity


Ping Identity says its approach provides a way to retrofit federated identity and single sign on to existing applications as a stepping stone to the broad adoption of its proposed standards.

Since internet protocols were originally based on the idea of routing packets between trusted entities, the internet has no universal concept of identity, said Ping Identity CEO and chairman Andre Durand (pictured above), noting that Vint Cerf, one of the fathers of the internet, has said that if given a second chance to start from scratch he would tackle identity.

But "retrofitting the house" is a messy and complicated business, said Durand, as it means building identity into everything, and that has resulted in password proliferation.

While it is useful but not essential to know who is visiting a particular web site ("There's a lot of money at stake" in knowing who is visiting a particular site, he said, predicting a shift from 'anonymous by default' to 'identified by default'), identity is essential where value is involved, whether that is about transferrable value - think internet banking sites or PayPal - or the use of subscription services.

It is also an essential part of corporate systems, as different people have access to different systems and data.

So Ping Identity's platform is designed to suit the need for systems to identify users whether they are employees, customers, partners or whatever.

The company's vision is that identity should be the centrepiece of security (the traditional concept of users and systems both being inside a firewall is no longer realistic), and that identity is used to give the right people access to the right resources. "I think we're on the way," he told iTWire.

Durand sees a parallel with the early 1990s where proprietary protocols meant many organisations had internal email systems that could not be used to communicate with the outside world. But that changed when internet-oriented protocols including SMTP were widely adopted.

Ping Identity has been developing identity standards to cover every use case, he said, and putting them on top of proprietary identity systems in order to provide broad single-sign-on capabilities for diverse systems, including SaaS.

Federated sign-on means that once users have identified themselves, they can access all the internal or external resources they are entitled to, without having to repeatedly log in.

Ping Identity CloudDesktop

Durand sees these new standards replacing existing identity architectures over time. "A refresh is quickly approaching," he told iTWire. There comes a point where people accept that standards are good enough, and the new identity standards are getting there.

For now, the company is working with systems integrators such as PriceWaterhouseCoopers and Deloitte, as well as vendors including Amazon Web Services, Cisco, F5, MDM provider MobileIron, and identity management specialist UnboundID. "The ecosystem's pretty broad," he said.

As noted in a previous article, some organisations are cutting back on their data centres in favour of IaaS. One very large US company is using Ping Identity in such an environment, Durand told iTWire.

Local customers include certain Queensland Government departments and some large private banks, he added.

Looking ahead, smartphones "open the door to user authentication," he said, as they provide a platform for "continuous authentication." Examples include the ability to consider how the user typed a PIN or password rather than merely what was typed, to incorporate Touch ID and other biometrics, and to take into account the location of the device. The more atypical the pattern and the more valuable the resource being accessed, the more reason there is to deny or challenge the interaction.

Durand gave as an example the way that as CEO, he is authorised to view the company's bank accounts and initiate wire transfers, but he has never done so because the finance function takes care of that. So if he did attempt a transfer, that should be flagged as risky behaviour as it is so atypical - but the right analytics layer is needed to determine whether it is appropriate to increase authentication activity in case someone has been able to get hold of his phone while it was unlocked, or to block the activity completely in case he had gone rogue.


You cannot afford to miss this Dell Webinar.

With Windows 7 support ending 14th January 2020, its time to start looking at your options.

This can have significant impacts on your organisation but also presents organisations with an opportunity to fundamentally rethink the way users work.

The Details

When: Thursday, September 26, 2019
Presenter: Dell Technologies
Location: Your Computer


QLD, VIC, NSW, ACT & TAS: 11:00 am
SA, NT: 10:30 am
WA: 9:00 am NZ: 1:00 pm

Register and find out all the details you need to know below.



iTWire can help you promote your company, services, and products.


Advertise on the iTWire News Site / Website

Advertise in the iTWire UPDATE / Newsletter

Promote your message via iTWire Sponsored Content/News

Guest Opinion for Home Page exposure

Contact Andrew on 0412 390 000 or email [email protected]


Stephen Withers

joomla visitors

Stephen Withers is one of Australia¹s most experienced IT journalists, having begun his career in the days of 8-bit 'microcomputers'. He covers the gamut from gadgets to enterprise systems. In previous lives he has been an academic, a systems programmer, an IT support manager, and an online services manager. Stephen holds an honours degree in Management Sciences and a PhD in Industrial and Business Studies.



Recent Comments