Emerging privacy-preserving frameworks for biometrics and identity limit the need to store personal data while still ensuring digital security.
The reason to use biometrics as a form of identity is that they are unique, unchanging and are the one direct and unequivocal link to an individual. But what if these identifiers are compromised? For years, this has been a conundrum in the world of identity - whether to store the data in a centralized system that has to be protected or choose device-based solutions that are not linked to a vetted physical identity. In this never-ending loop of having to choose between privacy and security, we as a society have ended up with neither. In the meantime, this is becoming an emergency, with the explosion of remote identification needs that have come out of the pandemic (remote working, explosion of e-commerce, vaccine passports, etc.). This session will explore this topic and the emerging privacy by design frameworks (not just blockchain) that can help bridge the gap.
Dream - Policy-Driven Management of Security, Identity and Access for All IT
The complexity in modern IT environments has increased over the years. A whole range of new delivery models, from Infrastructure as a Service (IaaS) to Software as a Service (SaaS), from serverless and containers to classic virtualization platforms, have emerged alongside and in addition to classic data center operations.
DREAM (Dynamic Resource Entitlement and Access Management) constitutes a concept to securely and compliantly provision, operate and continuously adapt today's and tomorrow's IT. It extends CIEM (Cloud Infrastructure Entitlement Management) to the full breadth needed to master the complexity of multi-cloud, multi-hybrid environments.
The consistent implementation of the KuppingerCole Identity Fabric concept eliminates identity and security silos and melds them into a holistic, integrated concept. This results in a uniform management of access to all resources for everyone and everything. This concept provides an important foundation for delivering on the zero-trust promise.
For when there is no traditional network edge, if networks are volatile and can be local, multi-cloud, or even multi-hybrid, their security configuration and posture must be reviewed and adjusted, largely automated based on sustainable policies. And when identities and resources can be anywhere in such an environment, trust in them is essential and all of them must be continuously authenticated and authorized before gaining or retaining access to applications and data.
Matthias Reinwarth explains the first steps (tactical and strategic) to transform existing environments towards this paradigm.
Security is not independently measurable, it only makes sense if we first establish: in what context under what circumstances. Like in any field of security there has been a lot of theoretical speculation about attacks that could happen. Initially these were attacks that required physical access, then moving towards internal attackers, attacks across tenants and more recently supply chain attacks. These are usually the source of most of the anxiety and consequently most of the headlines adding to the availability and confirmation bias. AWS was established in 2006. Luckily by now we have 15 years of data of what risks have actually materialized, attacks that actually happen. Let’s take a look at this to try to get a better handle on the more slippery part of risk: the likelihood.