Is FIDO Ready for Enterprise Deployment?

Is FIDO Ready for Enterprise Deployment?

With the ever-increasing number of cyber-attacks, level of fines and unstable geopolitical climate, organizations are looking to better protect themselves against data breach by deploying phishing resistant authentication for their workforce.

FIDO combines the benefits of high security with a standards-based approach, but with its background in the consumer world, including privacy by design, how does it fit into an enterprise deployment with the increased demand for identity management?

This session will discuss:

1. What do enterprises require for high-assurance credential management?
2. How can FIDO meet these needs?
3. Options for integrating FIDO into existing IDAM solutions

What’s Next In Enterprise Authorization

As organizations undergo digital transformation to zero-trust architectures, identity-driven security becomes a critical aspect. Beyond new authentication technologies, organizations must have strong authorization controls. Today, if and when an identity is compromised, the attacker can make lateral movements with very few restrictions and access a wide range of critical systems and information. Much of this over-permissive environment can be attributed to manual permissions management processes that are hard to maintain over time. Role-based Access Control (RBAC) and Attribute-based Access Control (ABAC), which underlie these manual processes, provide a good baseline for access security. However, their complexity grows over time and the management overhead they place oftentimes subvert the very goals of security and compliance they are deployed for. Just-In-Time Access Management (JITAM) represents a new robust and secure authorization strategy that can reduce the need for periodic access certifications and manual role administration, while providing auditability. Learn how the authorization space is rapidly changing from RBAC and ABAC to JITAM, and how it could benefit your organization.

Centralized eID May be the Target of the Next Nordstream Pipeline Attack

With the vast centralization of government digitization in general, and issuance and operation of Digital Identity services in particular, the Nordic countries have made themselves unnecessarily vulnerable to attacks by actors such as those with the resources to blow up the Nordstream pipelines in the Baltic Sea.

With the new Danish digital identity, MitID, as an example, I will discuss

1. How governments and/or banks centrally attempt to strike a balance between vulnerability and user adoption,
2. Why compliance and certification may only take you so far, and finally,
3. How concepts such as wallets and Verifiable Credentials may decentralize the digital identity ecosystem not only for increased privacy but also for more robust and secure infrastructures less prone to attacks by bad actors.