Landing in a new organisation with a declared objective to transform the way customer identity was done but no mandate was daunting. Being able to look back three years later and tick of an infrastructure consolidation, the deployment of a central authorisation solution, being on the precipice of participating in a Digital ID scheme, and having the Chief Digital Officer shouting from the rooftops about a universal login is priceless. Come along to hear me talk about some critical success factors, calculated risks, fortunate circumstances, and the incredible support of some incredible people helped make this happen. I’ll also touch on my personal journey from an engineering role to a product person to illustrate the increasing maturity levels we went through.
The claim or desire for authorizations, permissions and the rights set in practice often have a wide divergence. Typically, more rights are assigned unconsciously than were actually required.
The resulting vulnerabilities can have significant consequences therefore, it is essential to be able to monitor the true permissions at any time, regardless of how the permissions have been set. It is almost impossible to manage monitoring manually, even in small environments. Therefore, independent automatisms that can automatically explore, analyze and report the real settings are becoming a requirement.
In this session we will show you how Cygna Labs can support you in these challenging tasks and thereby ensure and improve security in your company.
How do we control what we do not see?
Supply chains are like that. The problem is that while you may have sight of your nearest third-party relationships, if you look further out to their relationships, things start to become a bit obscured. And that is where the risk lies.
In recent years Okta, Toyota and Morgan Stanley have all suffered data breaches that originated with an attack on the supply chain.
In this presentation, we explore the complex nature of supply chains/digital ecosystems and all the parties involved. We’ll look at the pattern of some recent third-party attacks, examine their root cause and what lessons we can learn.
Finally, we'll explore the critical capabilities that are needed as the foundation for a solid third-party strategy; one that provides active, continuous monitoring while reducing the overhead for compliance.