Business Impact of Cyberattacks
Facebook Twitter LinkedIn

Business Impact of Cyberattacks

Combined Session
Thursday, May 12, 2022 17:30—18:30
Location: A03-04

Preserving Privacy in Identity-Aware Customer Applications

 As customer identity programs mature, they bring new opportunities and risks. In the rush to launch new customer experiences, personal data is over-exposed and over-replicated. The default is to ship all identity attributes, to all systems, on every request in order to make access decisioning easier for application developers.

This approach disperses identity information across the application stack; which increases risks of data breach, data loss, and compromised identities. As a result, consumers lose trust and new business opportunities falter; or worse, customers like the new experience, but its success creates security and compliance liabilities that expand exponentially. To remediate the risk, data teams enter a never-ending cycle of costly data analysis and audits.

Identity architects and developers need to address privacy requirements earlier - not in post-collection data management, but instead in the application development process. While Privacy by Design and Privacy by Default principles are a helpful framework, they offer little practical guidance for developers to actually build privacy-preserving applications.

We will discuss how to use identity data at run-time, in the context of the application; how to retrofit existing applications with privacy requirements; and how to easily evolve applications over time.

Mayur Upadhyaya
Mayur Upadhyaya
Mayur is the CEO of Contxt, a privacy layer for customer identity. Previously he was AVP Identity Cloud at Akamai technologies where he led the former Janrain team after acquisition. In 2014 he...

Zero Trust and the Business – why you have to align with the application owners!

Many organizations started their Zero Trust Journey with Zero Trust Access Gateways and Microsegmentation. But focussing on the Subject, the Digital Identity has enormous potential to drive security dramatically. Therefore it is required not just to take the static data and hard facts into consideration but also all the context information, dynamic data, and weak signals.
The challenge is not collecting the data but interpreting it and utilizing the outcome to make the right access decisions. This is not possible without a good understanding of the business process - so a close interaction with the business owner of the application is mandatory. And you really need a robust framework and reliable approach to scale for the whole enterprise.
Key learnings:
– Why is the subject important in a Zero Trust Architecture?
– Pitfalls when implementing Zero Trust
– Approaches on how Business and IAM experts can define the right policies

Andre Priebe
Andre Priebe
iC Consult Group GmbH
Andre Priebe is Chief Technology Officer of the iC Consult Group, a vendor-independent system integrator specialized in Identity & Access Management with more than 500 employees around the...


On-Demand Access
Re-live EIC 2022
Watch 200 sessions on-demand
Download all available presentations
Subscribe for updates
Please provide your email address