Identity Defined Security

  • TYPE: Combined Session DATE: Tuesday, September 14, 2021 TIME: 14:30-15:30 LOCATION: ALPSEE
Track

Sessions:

Traditional IAM models have focused on users, policies, and roles, which met the needs of web applications in years past but as application development has evolved to APIs, an innovative approach to identity management is required. It is no longer just users, roles, and permissions. APIs must be integrated into the identity and access management framework to ensure adequate governance and security.

Within an API there is a requestor (often on behalf of a user), a service (API), and the data that is being passed. All these entities in the transaction require unique identity and authorization; without identity, compliance and enforcement mandates cannot be met effectively and without authorization, there is a free-for-all on your APIs reminiscent of Cambridge Analytica and Facebook.

In this session, we will look at how rapid digitalization (first and third-party APIs + multi-or hybrid-cloud environments) has complicated security efforts, the role of API integration in data governance, and how companies can best navigate the heightened cyber-threat environment we find ourselves in today.

- Why API security requires more than traffic policy management and course-grained enforcement.
- Why APIs need to be integrated into the identity and access management framework to ensure adequate governance and security.
- How companies can reduce the burden on developers to allow for a proactive approach to API security instead of reactive.


Speaker:

More panelists to be announced

As a leader in innovative aerospace manufacturing with locations across the world, Airbus recognized the need to fortify its third-party identity management processes to better meet the operational efficiency and security needs of its evolving business and supply chain. Specifically, Airbus wanted to upgrade its identity management capabilities around lifecycle management, data quality, and obsolescence management for its third-party, non-employee users.

Common to most manufacturers, Airbus works with a significant number of outside contractors and partners related to its commercial aircraft, helicopter, defense, security and space markets. What’s particularly unique to Airbus, however, is the scale of the situation. Airbus has more than 10,000 partner organizations around the globe that are provided with access to 5,000 internal applications while working either in situ or ex situ.

For Airbus, third-party users outnumber employees so appropriately managing supplier access with controls that provide scalability and frequent identity proofing to prove the person accessing data, systems, or facilities is authorized is critical to security. A primary concern given this number of non-employee identities is that each one requires different levels of access to the organization’s assets throughout Airbus’ supply chain processes. And since many of these non-employee identities also have contracts with Airbus’ direct competitors, the risk of intellectual property breach is further exacerbated.

Mitigating this risk was a key motivator for Airbus to prioritize proper identity and access management and identify blind spots, such as downstream access. Given this complex web of third-party identities and the high turnover rates of contracted workers, Airbus also sought a more efficient and secure process for onboarding and deprovisioning non-employees to lower risk and protect against improper access.

In this presentation, Julien Jaouën, Head of Identity Management for Airbus, will share an overview of how the company manages its third-party identity lifecycle to drive its business forward. Using SecZetta’s Third-Party Identity Risk Solution, Airbus successfully manages its diverse third-party identity ecosystem through the entire lifecycle of each non-employee, from the initial access to the final timeframe of completed work. Armed with these tools, Airbus ensures appropriate access is granted to the right person at the right time and unauthorized or deprovisioned contacts are removed in a timely manner. SecZetta’s solution provides Airbus with an authoritative source for non-employee data to improve operational efficiency and accuracy in provisioning access, streamlining compliance audits, assessing risk, providing identity verification, and deprovisioning access at the conclusion of a relationship.

As organizations continue to advance through digital transformation, expand their partner network, and leverage non-employees for business needs, Mr. Jaouën will offer strategies for other organizations to successfully manage their third-party identities to prevent potential breaches.

Session attendees will gain a clear understanding of the evolving supply chain ecosystem and how the proliferation of non-employees (and non-human workers) is presenting significant new third-party security risks organizations must be aware of and work to combat.

Session attendees will hear a case study of the global aircraft manufacturing organization Airbus and their initiatives to implement an identity management solution that both scales to support its high volume of third-party users, provide appropriate supply chain access, and automate its lifecycle management processes for on- and off-boarding contracted partners. Airbus will discuss the selection criteria it used to identify and implement this solution and how it measures success.

Attendees will leave the session with an understanding of proven modern security technology strategies that can be put in place to successfully manage their third-party identities to mitigate risk.


Speaker:

Julien Jaouen is Head of Identity Management for Airbus, a global leader in aeronautics, space and related services. Jaouen has 10 years of Identity & Access Management (IAM) experience, and has held various roles ranging from service delivery manager to project manager before...



Moderators:


Register now!

And get your early bird discount


Hybrid Event

European Identity and Cloud Conference 2021

Language:
English
Registration fee:
€2500.00
€840.00 till 30.06.2021
$3125.00
$1050.00 till 30.06.2021
S$4000.00
S$1344.00 till 30.06.2021
27500.00 kr
9240.00 kr till 30.06.2021
Mastercard Visa American Express PayPal INVOICE
Contact person:

Mr. Levent Kara
+49 211 23707710
lk@kuppingercole.com
  • Sep 13 - 16, 2021 08:00-20:00 Munich, Germany
Attendance Opportunities