Early-bird Discount
expires in
Register Now

Agenda

IAM and Data Governance Beyond Compliance

IAM and Data Governance Beyond Compliance

Combined Session
Friday, June 07, 2024 11:30—12:30
Location: B 07-08
Log in to download presentations

Do we need to Internalize Authorization Before we Externalise it?
11:30—11:50

Watch the video

 

Compared to externalising authentication, externalising authorization has proven elusive. Yet a combination of the rise of advanced threat actors, regulation, compliance and pressures for greater business agility is bringing it back in focus. It is tempting to think of externalising authorization as a technology problem. Technology like policy languages, authorization engines and workflow systems is necessary to enable the externalisation of authorization, but it is not sufficient. Externalising authorization requires three foundational building blocks to be in place, namely value for all stakeholders from engineers to customers, supporting business processes and technology. In this session we explore each of these building blocks should be internalised in terms of mapping value for all stakeholders, the process and culture needed to make authorization policies explicit and finally the need to drive authorization infrastructure, from policy language to enforcement engines, into the compute and network fabric to address greenfield and brownfield deployments in order to remove barriers to externalising authorization.

Pieter Kasselman
Identity Standards Architect
Microsoft
Pieter Kasselman is a member of Microsoft's Identity Standards team where he focus on developing standards to address the most important problems in the field of identity. Pieter has over 25 years'...
Micro Authorizations: Unlocking the Potential of Zero Trust in Privileged Access Management
11:50—12:10

Watch the video

 

The cybersecurity landscape is evolving rapidly, and traditional security paradigms are proving inadequate in the face of modern threats. As organizations strive to embrace Zero Trust principles, the role of Privileged Access Management (PAM) is pivotal. This talk explores the transformative concept of "Micro Authorizations" and its potential to shape the optimal direction for PAM implementations in support of Zero Trust initiatives.

The Authorization Fabric decides whether a specific principal is authorized to perform a precise operation on a particular resource and whether the resource permits this access.

The granularity of this approach is vital in today’s threat landscape, requiring organizations to shift their focus to a comprehensive, system-wide authorization framework. This shift, parallels the principles of microservices but applies them to the realm of access control.

Rather than depending on a single point of control, there is a need for a network proxy that acts as a bridge between trust and authorization.

Join us on a journey towards a future powered by micro authorizations, where precision, adaptability, and contextual awareness define access control. Explore how micro authorizations can address contemporary security challenges and facilitate the adoption of the Zero Trust model.

Justin McCarthy
Co-founder and CTO
strongDM
Justin McCarthy is the co-founder and CTO of strongDM. He originally developed empathy for Operations as a founding and pager-carrying member of many operations and data teams. As an Executive, he...
Beyond Compliance: Enriching Data Governance with Identity Insights
12:10—12:30

Watch the video

 

One of Identity’s core purposes is to secure access to resources. Since the inception of Identity Governance programs, organizations we have taken an “inside out” approach to secure access and have not focused as much on the resource model. While this approach has produced positive results, it has come at the cost of efficiency, speed and accuracy. We explore the different contributions that identity governance can make to data governance and how combining data and identity governance programs can produce more accurate results, better models and a more secure infrastructure.

Thierry Meritan
Professional Services Manager
Netwrix
Thierry Meritan is a passionate IT professional dedicated to leveraging technology to benefit both businesses and individuals. He began his career in the field of Information Systems, starting as a...
Almost Ready to Join EIC 2024?
Reach out to our team with any remaining questions
Get in touch