The "Fortress Identity" session stream is dedicated to dissecting the critical nexus of identity management and security. In an age where digital identities are as valuable as physical assets, safeguarding them against escalating threats and vulnerabilities is paramount. This stream explores innovative strategies, technologies, and frameworks to fortify identity systems.
Join industry leaders and security experts as they navigate the complexities of authentication, authorization, and identity assurance, offering insights into building resilient, trustworthy identity ecosystems that stand firm against the tides of cyber threats.
Fortress Identity
Zero Trust
June 05, 2024 12:00 - 12:15
Location: A 05-06
Improving Zero-Trust in a Multi-Workload Environment
In today's multi-workload / micro-service environments there are client authentication mechanisms to protect communication between services. This provides consistent server-to-server trust but does not address the protection of a transaction as it traverses through the different workloads. This talk will discuss the recently adopted Transaction Token draft, in the IETF OAuth working group, which defines a mechanism to protect the immutable data of a transaction, protecting it as the...
June 05, 2024 12:15 - 12:30
Location: A 05-06
Zero Trust Network Access - Market Overview
As businesses embrace Digital Transformation and become increasingly cloud-native, mobile, and interconnected, the corporate network perimeter is gradually disappearing, exposing users to malware, ransomware, and other cyber threats. Traditional perimeter security tools no longer provide adequate protection from these threats. Unlike traditional perimeter-based security models that assume trust within the network, Zero Trust Network Access (ZTNA) adopts a more granular and identity-centric...
June 05, 2024 12:30 - 12:45
Location: A 05-06
From Zero Trust to Identity Threat Detection and Response: Insights into Lessons Learned, Best Practices and Bad Ideas
This session delves into the evolving cybersecurity landscape, focusing on the transition from Zero Trust frameworks to Identity Threat Detection and Response (ITDR). A central theme is how ITDR aligns with Zero Trust principles to effectively mitigate risks. Participants will explore key considerations for implementing ITDR, uncovering how it plays a pivotal role in enhancing organizational security. The session will illuminate potential challenges and pitfalls encountered in global ITDR...
June 05, 2024 12:45 - 13:00
Location: A 05-06
From Firefighters to Business Enablers: Embracing Zero Trust as a Strategy
Think back to the '90s when computers at work were mostly used by employees. Today, things are different. Everyone and everything—partners, suppliers, and all our devices—are all connected. But surprisingly, our way of protecting who can access what hasn't changed much. Let's talk about how our world has evolved so much, yet our methods to keep things safe have stayed behind. This talk dives into why we need a fresh approach—Zero Trust. It's a way to move from just...
Fortress Identity
Future-Proofing IAM
June 05, 2024 14:30 - 14:50
Location: A 05-06
Securing Identity in a Digital Jungle: Battling AI-Driven Digital Injection Attacks
Digital ecosystems continue to grow and expand at record levels as organizations and governments seek to provide remote access and services to meet customer, citizen and employee demand. However, an unintended side effect of this growth is an ever-expanding attack surface that legacy identity verification systems can’t stand up to. Couple that with easily accessible and criminally weaponized generative artificial intelligence (AI) and machine learning tools, and there is an increasing...
June 05, 2024 14:50 - 15:10
Location: A 05-06
Creating a Killer IAM Business Case
Enterprises today face a pivotal challenge: how to prepare for the future while maximizing current capabilities. In the heart of this challenge lies Identity and Access Management (IAM) transformation projects. While often seen as routine upgrades, these initiatives hold the key to unlocking a company's true potential.
Imagine a journey where mundane processes are transformed into dynamic workflows, where every transaction becomes a strategic move. This is the essence of IAM transformation....
June 05, 2024 15:10 - 15:30
Location: A 05-06
Generative AI in Identity and Security: the Potential and the Risks
Generative AI not only represents opportunities to transform Security for your organisation, but it creates new risks both in the hands of attackers and when deploying AI models within your technology stack. Wondering how you can responsibly use the benefits of AI in Identity and Access Management? Join our Senior Solution Engineer Arkadiusz Krowczynski to learn how you can apply AI capabilities to increase security, improve user experience and maximise operational efficiency.
Cyber Resilience & Fighting Fraud
June 05, 2024 15:30 - 16:00
Location: A 05-06
Cyber Resilience: A Selection of Practical Patterns
Large and complex cyber systems, often spanning from legacy to cloud systems, are difficult to maintain and operate, including all questions on cyber security. Investing in cyber resilience helps not only in cyber security but also helps building, maintaining and operating these systems.
We will explore some basic patterns for building robust and resilient cyber systems and reflect them on some practical use cases in typical on-premises/cloud scenarios and complex identity management...
June 05, 2024 16:00 - 16:15
Location: A 05-06
Fighting Fraud: Key techniques for reducing fraud against consumer identities
Fraud is a major cost to businesses worldwide. Banking, finance, payment services, and retail are some of the most frequent objectives of fraudsters, as expected. However, insurance, gaming, telecommunications, health care, cryptocurrency exchanges, government assistance agencies, travel and hospitality, and real estate are increasingly targeted as cybercriminals have realized that most online services trade in monetary equivalents. In this session we will look at critical capabilities...
June 05, 2024 16:15 - 16:30
Location: A 05-06
Gamifying Cybersecurity & Level Up Your Identity Defense Strategy
In the dynamic realm of cybersecurity, safeguarding against identity-based threats is crucial for organizations. To fortify your defense strategy, Identity and security professionals need to continually augment their expertise and capabilities. The integration of gamification into identity-based cybersecurity has transformed the learning landscape, providing an immersive and pragmatic method to stay abreast of the latest attack vectors, exploits, and vulnerabilities.Embark on a journey into...
Cloud Security
June 05, 2024 17:30 - 17:45
Location: A 05-06
Is Your Cloud NIS2 Ready?
With the European Union's Network and Information Security (NIS2) directive being in effect in October 2024, it is estimated that 40000 German companies do not realize they must comply with the directive. One of the big questions is how companies could prepare for the NIS2 Directive, especially if they are using cloud-native infrastructures. The talk will discuss on what are the steps needed to make the clouds to be ready for NIS2.
June 05, 2024 17:45 - 18:00
Location: A 05-06
How to Adopt Passkeys for B2C in Regulated Markets
There is no need to insist on the benefits of passkeys in terms of UX, security and even cost reduction. Together with their widespread availability on all kinds of platforms, it is a no brainer that any digital service provider should jump on to implement support for them. A different question is how. For financial service providers, this question is particularly relevant. Among the many things to consider are:
the critical nature of the assets they protect
financial regulations they...
June 05, 2024 18:00 - 18:15
Location: A 05-06
API Security and Management: Market Overview, Current Trends, Future Developments
From what used to be a purely technical concept created to make developers’ lives easier, Application Programming Interfaces (APIs) have evolved into one of the foundations of modern digital business. APIs are now powering the logistics of delivering digital products to partners and customers. Almost every software product or cloud service now comes with a set of APIs for management, integration, monitoring, or a multitude of other purposes. This evolution only continues to accelerate....
June 05, 2024 18:15 - 18:30
Location: A 05-06
Cloud Security Alphabet Soup
Is securing your cloud security different from securing other forms of IT? You would think so from the alphabet soup of acronyms around the subject.Organizations are exploiting cloud because they help to accelerate business changes without the need for capital expenditure or lengthy procurement delays to obtain hardware. However, the dynamic nature of cloud services creates new security challenges that need a dynamic approach to governance and security controls.In addition, the...
Fortress Identity
Securing the Digital Frontier
June 06, 2024 11:00 - 11:30
Location: A 05-06
Multi Region - Multi Hyperscaler: The Crucial Role of Identity Providers in Modern IT Architecture and How to Ensure Their Availability
In a modern Zero Trust based IT architecture, the IDP is one of the most central components and therefore one of the most critical ones.
As all the requests within the network need to be authenticated, its robustness directly correlates with the overall integrity and continuity of digital and therefore-business operations.
Not only the availability but also low latency is key in global distributed ecosystems.
As experience has shown, one hyperscaler can’t guarantee this high demand...
June 06, 2024 11:30 - 11:45
Location: A 05-06
Beyond the Surface: The Dark Side of Digital Identity
In the digital age, identity has transcended personal identification, evolving into a complex digital footprint that is as unique as it is vulnerable. This session focuses on the multifaceted and often hidden threats that lurk within digital identity to unravel the digital threats that individuals and organizations face in today's interconnected world.
We will explore the mechanics and implications of various threat vectors, including the insidious rise of bot attacks, the...
June 06, 2024 11:45 - 12:00
Location: A 05-06
Bridging Frontiers: The Synergy of Intelligent SIEMs in Unifying Identity, Cloud Security, and Advanced Threat Detection
Bridging Frontiers: The Synergy of Intelligent SIEMs in Unifying Identity, Cloud Security, and Advanced Threat Detection
Traditional security information and event management (SIEM) solutions are often associated with high deployment and operating costs, as well as an inability to identify and respond to threats effectively in the cloud and mobile computing era.
Join this session to find out why the latest generation of SIEMs,...
Decentralized Enterprise
June 06, 2024 12:00 - 12:20
Location: A 05-06
How Decentralized Identities can Improve the Security in Enterprise Networks
The session will show how SSI can develop its full potential when used in enterprise communication networks. The speaker will talk about his current research on the integration of SSI in the Kerberos protocol (used for authentication in Windows network environments) and in the Extensible Authentication Protocol (used for enterprise network environments). The integration of SSI in those protocols used by most companies today provides a tremendous enhancement in network security and also...
June 06, 2024 12:20 - 12:40
Location: A 05-06
Advancing Secure Credentialing: The Impact of Non-Interactive Threshold Signature Schemes
In the realm of identity management within zero trust security frameworks, the "never trust, always verify" paradigm is critical. This approach, a departure from traditional IT security models, assumes no inherent trust in users, devices, or networks, regardless of their location or origin. It emphasizes continuous verification and authentication, fundamentally changing the way access and credentials are managed. In this context, the role of signature schemes in credential issuance is...
June 06, 2024 12:40 - 13:00
Location: A 05-06
Securing the Foundations of Verifiable Credential Ecosystems
As verifiable credentials are adopted at scale in ecosystems around the world, addressing security and privacy challenges is becoming increasingly important. In this talk, I will discuss some of the most pressing issues around protocols and credential formats and how they can — or cannot — be addressed.Using the OpenID and IETF specifications as examples, I will discuss the challenges of establishing trust, mitigating replay and phishing attacks, avoiding linkability and tracking,...
Fortress Identity
Privileged Access
June 06, 2024 14:30 - 14:45
Location: A 05-06
Is Least Privileged Even Possible?
Are role models and least privileged at odds? When defining roles, we tend to grant more access in one role to avoid having to create multiple similar roles or managing exceptions. So where does that leave our pursuit of implementing a least privileged access model in a zero trust environment?
June 06, 2024 14:45 - 15:00
Location: A 05-06
Snapshot on Trends in Privileged Access Management
Paul Fisher is KuppingerColes’s resident expert on the PAM. In this session, he will highlight new findings from his most recent research into a market that continues to develop in line with identity and infrastructure demands. Paul will speak about the trends that are shaking up the PAM market; the renewed focus on identity management, better understanding of the needs of developer groups and the influence of CIEM and ITDR on capabilities being offered. He will also offer a glimpse...
June 06, 2024 15:00 - 15:15
Location: A 05-06
PAM Design Patterns and Anti-Patterns: Assessing Your Organization's Best Practices
In today's cybersecurity landscape, organizations are increasingly recognizing the importance of implementing robust Privileged Access Management (PAM) programs. This recognition is primarily driven by regulatory requirements and the growing pressure from malicious actors. However, despite the availability of mature baseline capabilities for PAM products in the market, the implementation of privileged access often falls behind leading practices in typical organizations.
In this talk, we will...
June 06, 2024 15:15 - 15:30
Location: A 05-06
Myths of Least Privilege Management (POLP)
The principle of Least Privilege (PoLP) requires granting identities only the minimum permissions needed to perform their tasks. However, many technical and human factors make PoLP difficult to achieve. In this talk, we will go through the various dimensions which need to be considered when we are implementing PoLP and what are the challenges in achieving it. While the obvious consideration for least privilege is the set of permissions, we show why factors such as grant timing and duration,...
Biometrics & AI for IAM
June 06, 2024 15:30 - 15:45
Location: A 05-06
Biometric Myths and Legends
Biometric authentication has achieved huge success in consumer applications like smartphones, payment cards and door locks. However several myths and misconceptions surrounding biometrics remain today, that can limit the adoption. In this myth busting session we will discuss some of those misconceptions and review future trends.
June 06, 2024 15:45 - 16:00
Location: A 05-06
Unlocking Identity Security with Behavioral Biometrics and AI
This session will explore the expansive role of Behavioral Biometrics and AI in the broader scope of identity and cybersecurity. Our discussion will encompass a range of advanced techniques, including traditional typing habits and mouse movements, as well as cutting-edge methods such as voice recognition, gait analysis, and understanding interactions with mobile devices. We will explore how these unique behavioral aspects offer a more holistic and secure approach to identity verification,...
June 06, 2024 16:00 - 16:15
Location: A 05-06
Cloudy with a Chance of Breaches: Why Cloud-Based Biometrics Pose Privacy Concerns
Centralized biometrics protect user privacy like a band-aid protects a leak. In this session cryptography scholar Paolo Gasti will explain in simple terms why cloud-based biometrics as it currently exists puts biometric data at risk. Dr. Gasti will explain how to avoid the pitfalls associated with centralized storage systems and several emerging approaches that are tackling it.
June 06, 2024 16:15 - 16:30
Location: A 05-06
AI@IAM
In recent years, the maturity and coverage level in identity and access management have been continuously expanded. The information and tasks in extend far beyond IT, usually involving the entire organization and requiring additional efforts. With AI, relief could be provided for end users and process participants in specific scenarios. The presentation will introduce concrete use cases and their prerequisites that we observe with our clients.
Identity Resilience in a Changing Threat landscape
June 06, 2024 17:30 - 18:00
Location: A 05-06
One-Click Login as a Convenient Solution for Multi-Factor Authentication According to NIS2 Requirements
Starting from October 2024, all companies with critical infrastructure are mandated to grant access to their IT systems to customers and employees solely through secure multi-factor authentication. This requirement poses a significant challenge for businesses, especially in maintaining customer conversion rates. Implementing this regulatory obligation by adding a second factor (e.g., one-time password via SMS, email, or a separate authenticator app) incurs additional efforts for users and...
June 06, 2024 18:00 - 18:30
Location: A 05-06
Panel: Building Identity Resilience - Strategies for Navigating the Evolving Threat Landscape
In this engaging panel session we will explore the critical topic of Identity Resilience in today's rapidly evolving threat landscape. As organizations face increasingly sophisticated cyber threats and regulatory challenges, the resilience of identity management systems and practices is paramount to safeguarding sensitive information and maintaining trust in digital interactions.
The panelists will share insights, best practices, and real-world experiences in building identity resilience to...
Fortress Identity
FIDO & Passkeys
June 07, 2024 10:30 - 10:45
Location: A 05-06
Passwordless Authentication for Your Workforce: Control the FIDO Authenticators Life Cycle
FIDO has appeared as a savior for the authentication world, often touted as the gold standard in terms of phishing-resistant MFA, while also offering a more convenient user experience. However, the global adoption by large organizations has been rather slow. Our discussions with some large organizations reveal their concerns around FIDO authenticators' lifecycle that prevents these organizations from fully embracing FIDO as their de facto method of phishing-resistant MFA. Join us in this...
June 07, 2024 10:45 - 11:00
Location: A 05-06
Authentication Evolution: Convergence of Passkeys and Identity Wallets
In the realm of modern authentication, FIDO and passkeys have launched a new paradigm that is both practical and transformative. Passkey providers have seamlessly integrated the capability to synchronize passkeys across various devices, extending their reach even to different device families. Users enjoy default implementations of passkey providers with each new device, empowering relying parties to leverage passkeys across the multitude of devices. In contrast, relying parties cannot assume...
June 07, 2024 11:00 - 11:15
Location: A 05-06
Securing digital identity wallets using FIDO Security Keys
As part of the revision of the EU common identity framework regulation, also known as eIDAS 2.0, EU Member States will all soon implement a new common structure for electronic credentials based on digital identity wallets. This includes the development of a European Digital Identity (EUDI) wallet.
This wallet can be implemented as a web wallet running in a browser. This means a smartphone is not required to use the wallet – making it inclusive and independent of app stores and phone...
Securing Identity with Automation and AI
June 07, 2024 11:30 - 11:50
Location: A 05-06
Unleashing the Power of Automation in PAM
Privileged Access Management (PAM) plays a crucial role in securing organizations by managing and controlling access to sensitive systems and data. As organizations evolve, there is a growing need to streamline and automate PAM processes to enhance efficiency, security, and compliance.
This presentation will explore the paradigm shift towards adopting a "PAM as Code" mindset, emphasizing the use of automation to manage privileged access seamlessly.
June 07, 2024 11:50 - 12:10
Location: A 05-06
AI & IGA: Practical Considerations & Use Cases to Drive Business Value
Join Craig Ramsay, Senior Solution Architect at Omada, for an exciting session that will outline how to build AI powered IGA use cases that provide real value and accelerate your journey towards an identity-first security architecture. You will gain insight on the history and definition of AI; what is possible today and key considerations to harness the power of AI in IGA going forward.
June 07, 2024 12:10 - 12:30
Location: A 05-06
Transforming IGA with Generative AI Capabilities
The IAM community grapples with various issues today, including complex UIs from vendors, vendor-specific jargon, and heavy reliance on SMEs for routine tasks, driving up service costs significantly. This presents a challenge for smaller organizations unable to afford such expenses, hindering their ability to derive benefits, despite training efforts. Large organizations face lengthy onboarding processes and complex implementations, frustrating business lines as they struggle to perform tasks...
AD (Recovery)
June 07, 2024 13:30 - 14:30
Location: A 05-06
A Ransomware Attack Against Your AD – The Things To Do Pre-Attack And Post-Attack!
With cybercrime on the rise, ransomware attacks that target Active Directory (AD), the primary identity store for most businesses worldwide, are as common as having a cup of coffee. Many cyber incidents involve AD in one way or another. Given that an attack on AD, these days, is more of a "when" rather than an "if" scenario, organizations must have a tested AD DR plan and purpose-built solutions for securing AD before a cyberattack and recovering and securing AD after that cyberattack. In...
