CISO Best Practices for Enterprise Enablement

What Ails Enterprise Authorization

Continued advances in authentication technology have made the "identity" part of "identity and access management" more manageable over the years. Access management on the other hand, is still very much a "wild-west" landscape. As enterprises move to a zero-trust network access model, access management is the only way in which attackers can be prevented from gaining unwarranted access to enterprise data. Attackers can include both malicious insiders and those using compromised identities. Numerous organizations have suffered significant financial damage as a result of such unwarranted access from legitimately identified users.

Authorization rules in an enterprise can apply to many types of assets: files on a network drive, cloud resources such as virtual machines and storage buckets and enterprise applications and actions within them. Managing authorization across all these assets is complex in and of itself. Most enterprises also use third-party “Software as a Service '' platforms that maintain their own permissions, further complicating enterprises’ efforts to effectively manage authorization.

This talk identifies common causes of "privilege sprawl" in enterprises, and discusses management techniques that can result in "least privilege" permissions to personnel while ensuring no business disruption

Event Recording

What Ails Enterprise Authorization

Click here to watch the recording of this session. Please note that this video is only available to event participants and subscribers. You'll need to log in to watch it.

Presentation deck

What Ails Enterprise Authorization

Click here to download the slide deck. Please note that downloads are only available for event participants and subscribers. You'll need to log in to download it.

OpenID SSE, CAEP and RISC - Critical standards that enable Zero-Trust security

Zero-trust security relies heavily on the ability for independently owned and operated services to dynamically adjust users’ account and access parameters. These adjustments are based on related changes at other network services, such as identity providers, device management services or others. A set of standards from the OpenID Foundation enable independent services to provide and obtain such dynamic information in order to better protect organizations that rely on zero-trust network access. These standards are being used today in some of the largest cloud-based services from Microsoft and Google to dynamically adjust users’ account and access properties.

This talk gets into the details of the Shared Signals and Events (SSE) Framework, which is the foundational standard for secure webhooks. We also explain two standards based on the SSE Framework: The Continuous Access Evaluation Profile (CAEP), which provides dynamic session information, and the Risk Information and Account Compromise (RISC) Profile, which provides account compromise information

Event Recording

OpenID SSE, CAEP and RISC - Critical standards that enable Zero-Trust security

Click here to watch the recording of this session. Please note that this video is only available to event participants and subscribers. You'll need to log in to watch it.

Presentation deck

OpenID SSE, CAEP and RISC - Critical standards that enable Zero-Trust security

Click here to download the slide deck. Please note that downloads are only available for event participants and subscribers. You'll need to log in to download it.

What Supports Zero Trust in the Enterprise?

Event Recording

What Supports Zero Trust in the Enterprise?

Click here to watch the recording of this session. Please note that this video is only available to event participants and subscribers. You'll need to log in to watch it.

Presentation deck

What Supports Zero Trust in the Enterprise?

Click here to download the slide deck. Please note that downloads are only available for event participants and subscribers. You'll need to log in to download it.