Identiverse (formerly the Cloud Identity Summit) is running this week in Boston. It’s hosted by Ping Identity, and while it does features some Ping news, it’s largely about vendor-neutral identity and access management topics. I really enjoyed my first time at the show last year, and I’m sorry that I have to miss it this time, but some of my TechTarget colleagues are attending, so I’m looking forward to hearing what they have to report.
Anyway, the big Ping Identity news out of Identiverse 2018 is their acquisition of Elastic Beam. (Press release here.)
Elastic Beam monitors and audits API activity, and then uses artificial intelligence to identify attacks and other anomalous behavior. It can autodiscover APIs, and it integrates with API management and gateway platforms, applications servers, and infrastructure platforms such as public clouds, Docker, or VMware.
Elastic Beam was founded in 2014, funded by the founders and angel investors, and came out of stealth in 2017. As it turns out, CEO and co-founder Bernard Harguindeguy, who I spoke to on a pre-briefing call last week, has experience in the desktop virtualization space, having been the board chairman (and for several years president and CEO) of Atlantis, as well the board chairman of Norskale.
AI (or machine learning, or really just anything that makes access decisions “smarter”) and API management are two important trends in identity management.
APIs and identity management
To date, here at BrianMadden.com, we’ve focused on identity for end users accessing applications. However, APIs and API transactions (and identity, management, and security for them) are also growing in importance. (It’s not clear if this is a topic that will end up being in our wheelhouse on an ongoing basis, since it’s sort of outside the definitions of end user computing, but I thought this news was interesting so I wanted to write about it—that’s a benefit of being a blog.)
APIs are like apps in many ways: They provide access to sensitive data, so they need to be managed and secured. The mechanisms of attack and management are slightly different, since we’re talking about apps or perhaps IoT devices interacting with APIs, not humans, but many of the overall concepts are similar.
APIs can be attacked with stolen credentials or by brute force, public APIs may be subject to distributed denial of service attacks, and so on. Protecting APIs is an important task for identity and access management, and newer standards like OAuth and OpenID Connect are helping improve on older password-based authentication.
Ping provides identity management to APIs through PingAccess, and now the Elastic Beam products will be known as PingIntelligence for APIs.
AI and machine learning were a big theme at last year’s Cloud Identity Summit, both when it comes to identifying anomalous user behavior and helping to automate the growing number of identity and access decisions that need to be made.
Back then, Ping didn’t have anything specific to share about their AI/ML plans, but with the Elastic Beam acquisition, they’re clearly taking a big step now. Elastic Beam’s data collection platform and AI expertise will be applied to other Ping products, though as of Identiverse, they weren’t quite ready to say which areas would be productized first.