Playlist

European Identity & Cloud Conference 2015

Keynotes, interviews, and selected sessions from the European Identity & Cloud Conference 2015.

Please note that some of these videos are only available for the conference participants or users having a KuppingerCole Research subscription.
45 videos in this playlist
Event Recording
European Identity & Cloud Awards 2015
May 22, 2015

The European Identity & Cloud Awards 2015 were presented by KuppingerCole at the 9th European Identity & Cloud Conference (EIC). These awards honor outstanding projects and initiatives in Identity & Access Management (IAM), Governance, Risk Management and Compliance (GRC), as well as Cloud Security.

Event Recording
Understanding and Dealing with Macro-Level Risks that Affect your Institution’s Risk Profile
May 17, 2015

The concept of "think globally, act locally" has new meaning in the context of business organization risk from IoT, the cloud and other networked information system functions. The local instances of information functions on which businesses increasingly rely are part of data and identity “supply chains” that are hybrids of technology and policy that are themselves increasingly part of vast global networks where individual businesses often perceive a loss of leverage and control and increased risk. In effect, federated and cloud based data and identity functions are enabling these functions to be outsourced, like shipping, payroll, accounting and other company functions that have previously been outsourced to global networks.

Event Recording
Assessing and Mitigating Cloud Risks
May 17, 2015

The modern reality is that even the most technology conservative companies are thinking to shift some of their valuable assets to the cloud. However, since anyone with a credit card can purchase cloud services with a single click, the governance and control of organisations are frequently being circumvented. This can create various challenges for organisations that wish to adopt the cloud securely and reliably.

This session will lead you through various approaches on how to assess and mitigate risks for onboarding cloud solutions.

Event Recording
Mike Small - Cloud Risk Assessment
May 17, 2015

When moving to the use of cloud services it is most important to take a risk based approach.  However the process involved is often manual and time consuming; a tool is needed to enable a more rapid and consistent assessment of the risks involved.  This session describes why a risk based approach to the use of cloud services is needed.  It introduces the KuppingerCole Cloud Rapid Risk Assessment Tool developed by KuppingerCole to help organizations assess the risks around their use of cloud services together in a rapid and repeatable manner.

Event Recording
Olga Kulikova - Dynamic Control Selection Framework for Onboarding Cloud Solutions
May 17, 2015

This talk proposes a data-driven selection of organisational, technical, contractual and assurance requirements, so secure usage of cloud solutions within the enterprise can be guaranteed. The importance of data oriented control selection is outlined and key control domains are introduced.

Event Recording
Mario Hoffmann - Dynamic Certification of Cloud Ecosystems
May 17, 2015

Cloud ecosystems are dynamic and flexible enablers for innovative business models. Some business models, especially for the European cloud market, however, still face challenges in security, privacy, and trust. A common approach among cloud providers addressing these challenges is proving one's reliability and trustworthyness by audit certificates. Basically, audit certificates are based on national and/or international as well as business and/or governmental compliance rules. The most prominent certifications in cloud computing are the "Open Certification Framework (OCF)" of Cloud Security Alliance, EuroCloud's "Star Audit", and "Certified Cloud Service" provided by TÜV Rheinland as well as more general certifications following ISO 27001, BSI Grundschutz, ENISA, and NIST.

This session discusses the state of the art of auditing and certifying cloud ecosystems and how current certification catalogues and schemes have to be enhanced to meet future requirements - requirements such as dynamic certification, on-demand-audits, and automatic monitoring and evaluations.

Event Recording
Stefan van Gansbeke - One Step Closer to the Unhackable Enterprise
May 17, 2015

The threat landscape became wicked and rougher. Governments are desperately  trying to fight the cyber threats. But their efforts will  never satisfy the needs. As a company, community or individual you remain a vulnerable target. Applying a layered information security strategy can effectively reduce your risk exposure. Define your drivers and long term security goals; involve your  stakeholders; engage your customers, employees and suppliers; clearly communicate and achieve your targets by implementing the security roadmap are the key steps for becoming a security intelligent company who will be better protected against the next attack.

Event Recording
Recruiting Customers, Suppliers and Even Competitors to Help Reduce Risk
May 17, 2015

Various types of shared economic interests and risks create communities of interest where separate organizations work together such as in myriad supply chains worldwide. How can COIs come together in structured settings such as technical and policy standards initiatives, government programs, markets and other regulatory and self regulatory contexts to identify common needs and design, develop and deploy mutually acceptable solutions?

Event Recording
Amar Singh - It Takes a Community to Reduce Risk
May 16, 2015

To help stakeholders balancing their needs to protect the organization against the needs to run the business - this is the new role IT professionals have to take over in the era of digital business. Moving forward, security people aren´t the "defenders against cyber threats" anymore. They are becoming the facilitators of a balance between the needs to protect and the needs to run a business. In digital Business, we are moving things into the cloud. We are moving things into software-as-a service. We don´t have control of them anymore. A lot of the traditional technologies just don´t apply. So we have to start looking at other things like contract clauses and the new types of controls which come along with the new breed of digital risks.

Event Recording
Prof. Dr. Rüdiger Grimm - Negotiating the Risk of Privacy, Understanding Privacy and its Risks
May 16, 2015

In this presentation, the risk of privacy in the modern communication technology, both Internet and mobile networks, is analyzed. It turns out, that users have to negotiate the risk of privacy between refraining from services, trusting services, using self-data-protection methods and trusting privacy enhancing technologies. Services, on the other hand, have to present themselves as trustworthy with respect of their competent and decent way to handle user data. This presentation identifies the privacy principles and related trust areas and protection means.

Event Recording
Thom Langford - Flushing Away Preconceptions of Risk
May 16, 2015

Risk is often seen as a dirty word in business. It is a thing that needs to be reduced to nothing, and has no possible good use in an organization, especially a security programme. This couldn’t be more wrong! Risk is an inherent part of any business, and yet it is often poorly recognized and leveraged in the security organisation.

In this presentation Thom looks at three areas of the risk conundrum to open the veil on the elusive art of understanding and ultimately measuring risk:

  1. The initial interpretation of risk and how it is often misunderstood.
  2. The measurement of risk, and how some systems work and other don’t.
  3. The effective treatment of risk, and how sometimes the obvious thing to do can be the wrong thing to do.
Event Recording
Mapping the Changes in Data and Identity Risk Landscapes
May 16, 2015

Well-managed organizations address unique and emerging risks, such as networked data and identity-related risks in the context of their overall risk profile, and seek to implement solutions that can cost-effectively address organizational risk at multiple levels. As new online and networked system risks associated with data and identity handling systems have surfaced, pre-existing risks still remain relevant; and together they vie for the attention of managers around the world, causing them many sleepless nights. How are emerging risks similar to and different from traditional risks faced by enterprises? How can traditional risk mitigation strategies inform, or mislead, managers seeking to address emerging risks?

Event Recording
Hanns Proenen - From Security to Information Security to Digital Risk
May 16, 2015

Hanns Proenen takes you on a small journey through traditional IT security, as it was until recently, and how he is observing and experiencing the shift to information security and IT risk. He talks about the tasks for the IT Risk Officer and how to build a firewall between the digital and the analogue world. 

Event Recording
Bringing it All Together – Distributed Strategy Solutions for Distributed Risk
May 16, 2015

In evaluating distributed systems risk, the attention to data is misdirected. Rather it is the distributed nature of data management systems (and the increase in interaction volume) that increase the perception and actuality of risk. Distributed problems need distributed solutions. Applying the community of interest approach – how can your organization more effectively reduce and manage risk?

Event Recording
Risk Metrics
May 16, 2015

Data is the lifeblood of organizations and managers of organizations have access to increasing volumes of data; but what does data really mean in a given context? How can effective and dynamic risk evaluation and mitigation processes be cultivated from better measurement practices in an organization, and a more nuanced understanding of how different sources of risk will reveal themselves through different sorts of metrics.

Event Recording
The Role of Policy Management in the Software-Defined Era
May 16, 2015

The panel is comprised of industry experts from NIST NCCoE, Microsoft, Intel, Cisco and HyTrust, who discuss the role of policy management in the software-defined era. Speakers present commonly used policy definitions and usage, and debate the emerging need for policy-based resource lifecycle management, including how to secure these resources and demonstrate compliance, leveraging concrete use cases: 1) Software Defined Networking, 2) Software Defined Data Center/Orchestration, and 3) NCCoE Building Blocks – ABAC and Trusted Geo-Location.

Event Recording
Cloud Contracting Risks
May 16, 2015

Cloud adoption is rapidly increasing, many organisations struggle to establish a sustainable contracting process. The one-size-fits-all aspect of cloud computing is often reflected in the limited flexibility of cloud service providers during contract negotiations. More and more organizations are left with the choice of signing standard terms and conditions. This strongly increases the need for organizations to define their contract requirements prior to selecting a cloud solution. The specific types of data (e.g. confidential data, privacy sensitive data) to be stored in the future cloud service, the related risks and applicable legal domains (e.g. data privacy, trade controls) should determine the contract requirements. These requirements have to be taken into account in order to ensure compliance with laws and regulations after accepting any terms and conditions.

Event Recording
EU Privacy Regulation
May 16, 2015

The proposed new data protection regulation aims at European data protection standards which are better harmonized than the current legislation and also suit the technical standards in times of transformation. A unified data protection Regulation that is directly applicable as part of the EU’s Digital Single Market shall make it easier for all parties to understand what their rights and obligations are and what compliance risks they need to manage.  One of the main changes  foresees that EU data protection law is valid whenever the European market is targeted – whether from within or outside of the EU. Amongst other regulatory novelties, strict enforcement and data protection by design will mean a truly new data protection environment.

Event Recording
Prabath Siriwardena - Connected Identity: Benefits, Risks & Challenges
May 15, 2015

SAML, OpenID, OpenID Connect, WS-Federation all support identity federation – cross domain authentication. But, can we always expect all the parties in a connected environment to support SAML, OpenID or OpenID Connect? Most of the federation systems we see today are in silos. It can be a silo of SAML federation, a silo of OpenID Connect federation or a silo of OpenID federation. Even in a given federation silo how do you scale with increasing number of service providers and identity providers? Each service provider has to trust each identity provider and this leads into the Spaghetti Identity anti-pattern.

Federation Silos and Spaghetti Identity are two anti-patterns that need to be addressed. This talk presents benefits, risks and challenges in a connected identity environment.

Event Recording
Thom Langford - RISK is Not a @#$%&! Dirty Word!
May 15, 2015

Risk is akin to the multitude of bacteria found in the human body; without it the body does not flourish.  If you think your risk assessments and risk registers keep you safe from risk, then think again. Risk is a vital part of business, one that helps prompt correct decision making, open up greater rewards and helps grow an organisation and keep it healthy. Learn from clear examples and understand when risk can be embraces and when it can be avoided.

Event Recording
Kuan Hon, Dr. Karsten Kinast - The EU Draft General Data Protection Regulation: Where are we and what can we expect?
May 15, 2015

Keynote at the European Identity & Cloud Conference 2015

Event Recording
Louis-Marie Fouchard - Cybersecurity for Critical Infrastructures and Industry 4.0: Shaping the future of IAM
May 15, 2015

Identity and Access Management is one of the core building blocks to address IT/OT challenges. The specific situation of OT solutions and critical infrastructures, however, entails a set of functional and non-functional requirements which cannot be fulfilled by off-the-shelf IAM products available in today’s marketplace. New cost-efficient deployment methods, nearly unlimited scalability and light-weight APIs and protocols must be defined and implemented to shape the IAM architectures and services of the future.

In this keynote we give a short overview of the current technology landscape for IAM, the new requirements and some design principles and promising technologies and standards.

Event Recording
Yariv Lenchner - Securing Privileged Identities in OT (Operational Technology) and Industrial Control Systems
May 15, 2015

In the last years we see that privileged accounts in Operational Technology (OT) environments (e.g. critical infrastructure) have an even higher importance and criticality than in the traditional IT. OT networks and the Internet of Things (IoT) implementations are taking shape and are being connected to enterprise networks and to the internet. This brings many business advantages but also opens these once isolated technologies to advance threats. Securing these privileged account and their privileged sessions are a critical security practice for enterprises and critical infrastructure operators.

Event Recording
David Mount - A smarter, More Secure Internet of Things?
May 15, 2015

We are standing on the very brink of the most fundamental change in the way human beings use technology since the introduction of agriculture, over 6 thousand years ago. The Internet of Things will not just change our work or home, it will change every aspect of our lives, including redefining the very concepts of privacy, industry and government. When something is so important, how can we build in the security and intelligence necessary? What are the key challenges we face? And what will an always on, hyperconnected world mean to the concept of identity itself?

In this plenary session, David Mount discusses the opportunities and challenges of the Internet of Things, as well as some of the early indicators of what the IoT world will look like. He also addresses thinking on security and privacy, and the critical role that the concept of identity will play in the future.

Event Recording
Dr. Jan Camenisch - Cryptography for the People
May 15, 2015

As our lives are becoming increasingly digital, we all need to protect and manage our personal digital assets including family pictures, health information, contact data, calendar entries, and digital identity information. We store and use these information at different places using different devices.

In this talk, Dr. Camenisch reviews the state of the art in cryptography in terms of how it can help us to protect and manage our data on different devices and in the cloud. He discusses what features the different cryptographic mechanisms provide and to what extend they can be used in practice or how far out they are.

Event Recording
Nick Tuffs - The Good, the Bad and the Ugly of IAM: An Enterprise View
May 15, 2015

Vodafone’s Workforce Identity and Access Management (WIAM) platform treads the line between Security - being a guardian of the Vodafone brand – and a Business Enabler – providing an agile, cost-effective, simple method of allowing 350,000 users to access IS and telecom systems. Based on their recent experiences, successes and failures, Nick provides practical insights to delegates on the programme methodologies, design principles and business decisions, which can help future-proof your enterprise-class IAM solutions.

Event Recording
Howard Mannella - I Am a Black Swan
May 15, 2015

Much has been written about “Black Swans”: unpredicted, massively game-changing and, in hindsight completely foreseeable events. Why do they happen and why are we surprised? More importantly, what can we do to mitigate against the unforeseeable?

The potential for game-changing risks is becoming more frequent and more impactful, due to global drivers and trends: from the technology front (speed of technical advance and disintermediation of technology) to the business front (concentration risk from outsourcing and interdependencies of supply chains) to the political front (Eurozone consolidation and global terrorism).

Event Recording
Ian Glazer - Stop Treating your Customers like your Employees
May 15, 2015

Enterprise identity management has been primarily focused on serving the correct access to employees and contractors. But as the industry has been perfecting how to serve employees, consumer identity has presented itself as a growth opportunity for businesses and identity professionals alike. Unfortunately, the industry has tried to apply employee-centric techniques for consumer and citizen identity scenarios. In this talk, Mr. Glazer highlights the difference between employee- and customer-centric identity and proposes techniques that identity professionals need to employ to delight customers.

Event Recording
Eve Maler - User-Managed Identity and Access for the Digitally Transformative Enterprise
May 14, 2015

Self-determination, decisional autonomy, privacy enablement, and meaningful choice are not just tools for customer satisfaction: They’re also tools and characteristics for identity management in the enterprise that’s ready for digital transformation. How has user-managed identity and access shaped up so far, in terms of technology, processes, and adoption? And what progress can we expect in the decade to come? Join ForgeRock innovation VP Eve Maler to learn about the exciting ride we’ll all be on — one you’ll actually enjoy, because last we checked, enterprise IT experts are people too.

Event Recording
Patrick Parker - How to Manage Authorizations in Cloud Services: Getting a Grip on Both Microsoft Azure and Amazon AWS
May 14, 2015

As organizations race to transplant onsite infrastructure and applications to the Cloud, strong yet flexible control over authorization will play a critical role. Each Cloud vendor approaches the challenge of role and attribute-based authorization in a completely different manner and the facilities they offer are undergoing a rapid evolution. This session offers an overview of the authorization capabilities offered by the Microsoft Azure and Amazon AWS platforms and include best practice suggestions.

Event Recording
Andrea Servida - Boosting Trust in the Digital Market: the Role of eIDAS Regulation
May 14, 2015

eIDAS Regulation 910/2014 on electronic identification and trust services provides the legal framework for the cross-border recognition of electronic identification means, ensures the legal certainty and interoperability of trust services (namely electronic signatures, electronic seals, electronic registered delivery services, electronic time stamp and web site authentication) and establishes the non-discrimination of electronic documents vis-à-vis their paper equivalent. The presentation focuses on the role of eIDAS in realising the digital single market and on the actions at the EU level to support the uptake of electronic identification and trusts services and the Regulation in the EU.

Event Recording
Hanns Proenen - Digital Risk & the Analog World
May 14, 2015

It seems that the Internet of Everything and the convergence of IT and OT (Operational Technology) are on their way to take control over the analogue part of our world, with digital threats not only affecting our companies and each of us as individuals, but also public life as a whole. How real are those threats and how serious are the risks evolving from them?

Hanns Proenen shows in his keynote, why mitigation and remediation of digital risks evolving from this new threat landscape are requiring new skills from IT security professionals and how these new skills will look like.

Event Recording
Dr. Scott David, LL.M. - Digital Transformation: New Dimensions of Risk and Risk Mitigation
May 14, 2015

As value propositions for organizations have changed, risks and risk mitigation strategies have changed along with them. When value was derived chiefly from physical property, risk involved more traditional theft or destruction of property and the technologies of fences and vaults, and fire extinguishers and insurance were developed to mitigate such risk to physical property. When value propositions migrated increasingly to services, risk of loss of proprietary secrets emerged, and mechanisms of secrets and confidential information were deployed to mitigate the risk of loss of such intangibles. The digitization of information led to new intangibles markets and new risk mitigation (in the form of information flow controls such as DRM and encryption).

Event Recording
Ravi Bindra - Moving the Security Perimeter: What Needs to be Done Before the Internet Firewalls are Removed?
May 14, 2015

If you announced “we will remove the internet firewalls” different people will hear different things. However, to ensure continued security (confidentiality, availability and integrity) of your information assets you will need to re-prioritise your budget spend, fit out your team with different skill sets, and paugh wholeheartedly at your peers. This presentation discusses all the considerations you may want to take before setting yourself down the path of removing the external barriers, which by itself will lead you to re-define your vision, strategy and roadmap. 

Event Recording
Martin Kuppinger - Identity, Access, Security: The Fundaments for Digital Risk Mitigation in the Age of Transformation
May 14, 2015

The Digital Transformation of Business is unstoppable. It affects virtually all industries. The IoT (Internet of Things) is just a part of this transformation, at the technical level. However, without changing business models, organizations will not succeed. Furthermore, connecting things with apps and services is imposing new challenges. These include product security and liability issues, but also appropriately dealing with customer “big” data. Identity, Access, and Security become critical success factors for the Digital Transformation of Business. Martin Kuppinger talks about how IT has to transform and how Information Security can become a business enabler for the Digital Transformation of Business.

Event Recording
Dirk Venzke - Identity & Access Process Automation: Improving Business Alignment & Reducing Digital Risk
May 14, 2015

How can this aim be achieved in an complex global enviroment? The approach is based on an overall process of Identity & Access Management operated by a multi-level control system. Following the 3 LOD-model different layers are linked in order to reduce digital risk via connected activities (e.g. recertification, SOD-checks, …). Combined with strict processes, an intense communication with the business and measurement by key indicators.

Event Recording
John Hermans - "Guiding" the Management and Supervisory Boards to Choose the Right Investment Priorities for Cyber Risk Mitigation
May 14, 2015

Cyber security has been under the spotlight for the past few years. Due to the number and seriousness of cyber incidents, the media’s focus on such incidents and the importance of tackling cyber issues in the extensive digitization of most organisations, this area requires the attention of C-level executives and supervisory boards. John discusses in his talk some lessons learned on how to engage C-level executives and board members to take well-informed, business risk driven decisions on handling the cyber risk.

Event Recording
Luca Martelli, Christian Patrascu - Evolution or Revolution: Unlocking The Potential of The New Digital Economy
May 14, 2015

Cloud, Mobile & Social continue to have an impacting effect on IAM projects. In addition to this, Digital business plus Internet of Things have begun to further influence the IAM programs worldwide. The Convergence of identities like people & things is furthermore driving these trends. Hence the question can be put: Is Identity in the gravity center of these emerging trends? The presentation goes though some real life examples of how Security and Identity Management are enabling Digital Transformation from the business and technical points of view.

Event Recording
Ravi Srinivasan - Digital Identities = Security Threats. Is your IAM Program Ready?
May 14, 2015

Digital Identities are transforming the way companies architect their IT environment. They adapt and optimize by moving to cloud, adopting mobile technologies and interacting with customers through social platforms. These open enterprises now have little control over how users are entering their networks to access corporate information. As such, Identity has become a key security parameter that businesses can control. Watch this session to learn how organizations can manage the identity context across all security domains by implementing a threat-aware approach to IAM.

Event Recording
André Durand - No Security without Identity
May 13, 2015

The holy grail of security is to ensure the right people have access to the right things, always, anywhere, everywhere and all the time. Is it simply coincidence or a premonition of fate that the mission of the Identerati is to enable the same thing? With identity becoming the control point, the backplane and the new perimeter in a world with shifting borders, it's time to rethink our overall approach to information security. Identity defined security is moving to center stage and this session will explore the patterns and architectures of this new approach to security.

Event Recording
Jackson Shaw - The Convergence of IT, Operational Technology and the Internet of Things
May 13, 2015

Did you know that today, there are over 30 billion connected IoT devices? And that in 2020, that number will double? Do you know how these devices connect to the internet? To each other? To their manufacturer? How many IoT devices are used within your company? If you’re a security professional you’ll need to be able to answer these questions and more. In this session, Jackson Shaw discusses the convergence (collision?) of IoT with IT and OT, what it means to him as a consumer and what it means to us as identity and IT security professionals.

Event Recording
Kim Cameron - Identity Services 2020
May 13, 2015

Keynote at the European Identity & Cloud Conference 2015

Event Recording
Martin Kuppinger's EIC 2015 Summary
May 11, 2015

Martin Kuppinger, Founder and Principal Analyst at KuppingerCole, outlines the hottest topics and most important takeaways from the European Identity & Cloud Conference 2015.

Event Recording
Impressions from the EIC 2015
May 08, 2015

Thank you for attending the EIC 2015. See you next year!

Event Recording
European Identity & Cloud Conference 2015 Teaser
Nov 27, 2014

European Identity & Cloud Conference 2015, taking place May 5 – 8, 2015 at the Dolce Ballhaus Forum Unterschleissheim, Munich/Germany, is the place where identity management, cloud and information security thought leaders and experts get together to discuss and shape the Future of secure, privacy-aware agile, business- and innovation driven IT.

Previous
Page 1 of 12