Identity Governance & Security

  • TYPE: Combined Session DATE: Wednesday, September 15, 2021 TIME: 15:30-16:30 LOCATION: ALPSEE


In a 2018 study by Onus & Ponemon on data risk in the third-party ecosystem, more than 75% of companies surveyed said they believe third-party cybersecurity incidents are increasing. Those companies were right to believe that.

As our world becomes more digitized, and thus more interconnected, it becomes increasingly more difficult to safeguard organizations from cybercrime. Tack on to that challenge a global pandemic that all but forced organizations to become “perimeter-less,” if they weren’t already, and the potential access points for bad actors through third-party access increases exponentially.

The problem is two-fold.

The landscape of third-party users is vast and continues to grow. From third-party non-employees like vendors, contractors and affiliates to non-human third parties like IoT devices, service accounts and bots, more organizations are engaging third parties to assist with their business operations and help them to innovate, grow faster, improve profitability, and ultimately create greater customer value – faster. On average, companies share confidential and sensitive information with more than 580 third parties and in many cases, an organization's third-party workers can actually outnumber their regular, full-time workforce.

Yet, despite the increased use of third-party workers in business, most organizations lack the proper third-party risk culture, processes, and technologies to protect themselves against the long list of third parties with access to their sensitive data and systems. Organizations have these systems in place to manage their full-time employees but lack the same level of rigor to manage these higher-risk third-parties. As a result, many third-party users are provided with more access than needed for their roles, and most disturbingly, that access is frequently not terminated when the third party no longer needs it.

Without the right third-party identity lifecycle management procedures in place, businesses unwittingly expand their attack surface, unnecessarily put sensitive information at risk, and create additional access points for hackers.

As a panelist, David Pignolet, founder and CEO of SecZetta, can bring an expert third-party identity risk perspective to a range of fast-evolving security topics, including:

Zero Trust: Without an authoritative source of information for third-party workers, Zero Trust programs cannot be implemented across an organization's entire workforce.
Artificial Intelligence: Bots (both chatbots and transactional bots) are third-party non-employee identities that use AI to replicate human behaviors and can be found on websites, messaging applications and mobile apps. If not properly managed and monitored, cybercriminals can turn bots into “evil bots” and use them as a springboard to scan a network for security vulnerabilities that can be exploited at a later date.

Identity Governance and Administration: The identity governance of third-party users is far more chaotic and less linear than that of regular employees. Enterprises often lack formal procurement vetting and identity management processes for third parties, and responsibilities are often distributed across lines of business, Legal, HR, Compliance, and Information Security. A third-party relationship needs to be managed by resources within (sponsors) and outside (delegates) the organization. Current disconnects in this process and lack of transparency into third-party identities often heighten risks including over-provisioned and orphaned accounts.

Cyber Supply Chain Risk Management: Organizations that rely on a robust supply chain sector can have upwards of 2-3 supply chain workers for every one employee, but like with most other industries, these organizations often lack the proper onboarding systems and processes for their supply chain workers. To mitigate the risks third parties present in their supply chains, manufacturers must improve the granularity, transparency, consistency, and agility of their third-party risk management effort. In particular, manufacturers can’t overlook the safety and IP protection concerns related to granting third parties access to facilities.

Privileged Access Management: Organizations grant their employees certain security privileges and access based on their roles and typically have well documented processes for revoking those privileges upon termination of employment. However, too many organizations lack the protocols and processes for revoking privileges and access to non-employee workers once their jobs are complete, leaving an organization vulnerable to cybercriminals who can gain access through unauthorized access privileges.

Session participants will learn the many ways in which increased digitization in workforces has expanded the cyber attack surfaces for organizations lacking proper third-party identity risk cultures.

Session participants will return to their organizations with a clear and thorough understanding of the third-party identity risks that might be threatening their business and how to mitigate that risk.

Session participants will understand how to apply the proper third-party identity risk culture to their organization’s work to minimize their potential cyber attack surface, including specific best practices they can immediately put in place.


With nearly two decades of experience in application, network, and data security, David Pignolet founded SecZetta in 2006, assembling a highly-experienced team and securing strategic partnerships to address a growing need for better IT security and identity and access management in...

More panelists to be announced

What if we took the traditional way of thinking of Identity Governance and reversed it completely? Putting together a successful IGA program has commonly been a long haul,

A headache,

A mess,

A budget destroyer,

And an expectation disappointer.

There is a new way. Some call us crazy and some say its impossible. However, those who have experienced the new way call us visionaries. We have been presenting a modern ideology and process for IGA that drastically reduces the time to value, the total cost of ownership, and the economic impact of an Identity Governance Solution.

This panel will focus on strategic order of operations, calculating the economic return of the modern approach, how to optimize AI/ML in Identity Governance, and the ways simplicity expediates the path to stronger compliance and security postures.


Austin leads the sales and strategic partnership efforts at SecurEnds. He has a diverse background aligning multiple business units in various industries to create cohesive technology strategies. His career has consisted of consulting and advocating disruptive processes to expedite digital...

More panelists to be announced

The FIDO Alliance was launched in 2013 with the audacious goal: to change the very nature of authentication. To move the entire world away from usernames and passwords and traditional multi-factor authentication with an open and free web standard that makes authentication simpler and stronger. It’s 2021, so why are passwords still persisting? The session will answer that question, and detail the progress that has been made towards standardizing strong authentication and the opportunity for companies to start on a journey past passwords.

Join Andrew Shikiar, executive director of FIDO Alliance, as we look the past year from the FIDO standards lens, including:
-- The impacts of Covid-19 on digital transformation plans and securing remote workforces & where strong authentication has fit in
-- Progress global organizations have made toward going truly passwordless
-- Considerations for strong authentication when seeking compliance with regulation such as PSD2 SCA
-- What other areas, such as identity verification, that need to be strengthened to better secure the web

-- Attendees will understand how a global pandemic affected companies' digital transformation plans, including strong authentication projects

Key Takaways: 

-- Attendees will learn the status of efforts to standardize strong authentication, and where support stands today
-- Attendees will be able to analyze their strong authentication options for complying with regulation like PSD2 SCA
-- Attendees will be able to explain how identity verification and authentication relate, and efforts in motion to better secure both areas



Register now!

And get your early bird discount

Hybrid Event

European Identity and Cloud Conference 2021

Registration fee:
€840.00 till 30.06.2021
$1050.00 till 30.06.2021
S$1344.00 till 30.06.2021
27500.00 kr
9240.00 kr till 30.06.2021
Mastercard Visa American Express PayPal INVOICE
Contact person:

Mr. Levent Kara
+49 211 23707710
  • Sep 13 - 16, 2021 08:00-20:00 Munich, Germany
Attendance Opportunities