In a webinar this Thursay (March 5th) I'll talk about my thoughts about attestation, with focus on approaches that as well provide quick wins as are valid from a long-term perspective. What I currently observe is that attestation is sold as sort of panacea for all GRC issues. What is true is that attestation is important. But some approaches might only provide a positive feeling without much real impact. I frequently miss the support of multi-layered attestation which really covers all levels of IT security. I also frequently wonder about what happens after attestation. It is fine to do attestation - but

  1. the results should lead to actions
  2. these actions should be automated whereever appropriate
  3. attestation shouldn't be a singular event but has to be part of a concept which ensures a continuous high level of proven entitlements
Attestation is a part of an overall GRC strategy and attestation has to be integrated into a risk management strategy.

It is important to have a clear view on the limitations and the prospects of attestation - to invest in the right tools and to build the right concepts. Participate in the webinar or listen to the recording we will publish close to the webinar! And, by the way: Our European Identity Conference will as well provide a lot of information on attestation and GRC in general - not only on IAM.