CISO Best Practices for Enterprise Enablement
Facebook Twitter LinkedIn

CISO Best Practices for Enterprise Enablement

Combined Session
Wednesday, May 11, 2022 15:30—16:30
Location: A03-04

What Ails Enterprise Authorization

Continued advances in authentication technology have made the "identity" part of "identity and access management" more manageable over the years. Access management on the other hand, is still very much a "wild-west" landscape. As enterprises move to a zero-trust network access model, access management is the only way in which attackers can be prevented from gaining unwarranted access to enterprise data. Attackers can include both malicious insiders and those using compromised identities. Numerous organizations have suffered significant financial damage as a result of such unwarranted access from legitimately identified users.

Authorization rules in an enterprise can apply to many types of assets: files on a network drive, cloud resources such as virtual machines and storage buckets and enterprise applications and actions within them. Managing authorization across all these assets is complex in and of itself. Most enterprises also use third-party “Software as a Service '' platforms that maintain their own permissions, further complicating enterprises’ efforts to effectively manage authorization.

This talk identifies common causes of "privilege sprawl" in enterprises, and discusses management techniques that can result in "least privilege" permissions to personnel while ensuring no business disruption

Atul Tulshibagwale
Atul Tulshibagwale
SGNL
Atul is a federated identity pioneer and the inventor of the Continuous Access Evaluation Protocol (CAEP), forming the basis of the Shared Signals and Events working group in the OpenID Foundation,...

OpenID SSE, CAEP and RISC - Critical standards that enable Zero-Trust security

Zero-trust security relies heavily on the ability for independently owned and operated services to dynamically adjust users’ account and access parameters. These adjustments are based on related changes at other network services, such as identity providers, device management services or others. A set of standards from the OpenID Foundation enable independent services to provide and obtain such dynamic information in order to better protect organizations that rely on zero-trust network access. These standards are being used today in some of the largest cloud-based services from Microsoft and Google to dynamically adjust users’ account and access properties.

This talk gets into the details of the Shared Signals and Events (SSE) Framework, which is the foundational standard for secure webhooks. We also explain two standards based on the SSE Framework: The Continuous Access Evaluation Profile (CAEP), which provides dynamic session information, and the Risk Information and Account Compromise (RISC) Profile, which provides account compromise information

Tim Cappalli
Tim Cappalli
Microsoft
Tim Cappalli is a member of the Identity Standards Team in Microsoft's Identity Division. Tim is currently working on identity coexistence with privacy-related changes in browsers and operating...
Atul Tulshibagwale
Atul Tulshibagwale
SGNL
Atul is a federated identity pioneer and the inventor of the Continuous Access Evaluation Protocol (CAEP), forming the basis of the Shared Signals and Events working group in the OpenID Foundation,...

What Supports Zero Trust in the Enterprise?

When we think of Zero Trust, we often discuss how it can support and improve your security posture, defense-in-depth strategies, and architecture -- but what supports Zero Trust? This discussion will focus on other IT / Security strategies, methodologies, and business practices that can help better position an organization to be successful in their approach to Zero Trust. 

Bryan Meister
Bryan Meister
Yahoo
Bryan Meister has been with Yahoo since 2011 holding multiple roles throughout the CIO organization including Service Desk Analyst, Technical Program Manager, Business Systems Analyst, and...

Tickets

On-Demand Access
Re-live EIC 2022
€300
 
Watch 200 sessions on-demand
Download all available presentations
Subscribe for updates
Please provide your email address