Playlist

European Identity and Cloud Conference 2021

157 videos in this playlist
Event Recording
EIC 2021 - Impressions
Sep 19, 2021
Event Recording
EIC 2021 - Attendees Greetings
Sep 19, 2021
Event Recording
EIC 2021 - Venue, Sponsor Booths
Sep 19, 2021
Event Recording
EIC 2021 - Keynotes & Workshops
Sep 19, 2021
Event Recording
EIC 2021 - Networking Lounge & Buffet
Sep 19, 2021
Event Recording
Workshop | Move your Active Directory to the Cloud
Sep 16, 2021
Martin Kuppinger, Principal Analyst, KuppingerCole
Patrick Parker, Founder and CEO, EmpowerID
Matthias Reinwarth, Lead Advisor & Senior Analyst, KuppingerCole
Event Recording
Workshop | Zero Trust & Modern Digital Workplaces
Sep 16, 2021
Event Recording
Secrets in the Clouds: The Journey of Digital Vaults to Cloud
Sep 15, 2021

When we traditionally think of vaults, we expect them to be in the close vicinity of a user. In our rapidly digitising world, the nature of such vaults have transformed as well. Data *(or Password, whichever word you think is correct)* vaults which are expected to be located on premises are now digital, making ownership of these vaults and access to these vaults critical functions for an organisation. The Cloud hosts a lot of secrets and this journey of vaults becoming digital and part of Cloud Environments is nothing but fascinating.

Anil Bhandari, Chief Mentor & Thought Leader, ARCON TechSolutions
Event Recording
The Future of Blockchain in the Enterprise
Sep 15, 2021

Looking at the digital transformation in the industries and the relevance Blockchain / DLT will have.

Moritz von Bonin, Head of Blockchain & DLT Solutions, Deutsche Bahn
Event Recording
Security & Identity: How Hindsight Helps Us Plan for the Future
Sep 15, 2021

Our approach to security across all aspects of our lives has changed considerably over the last 20 years. From firewalls to the cloud, Max Faun explores how security technology has evolved since the start of the millennium.

One size no longer fits all but everything does come down to trust, or lack of it! Is Zero Trust the way forward for an identity-centric secure future? Max looks at four pillars that businesses and individuals can apply to gain trust back and reap the benefits. 

Max Faun, Head of Consulting, Europe, Okta
Event Recording
Digital Keys and Secrets: When to Manage Them, When to Get Rid of Them
Sep 15, 2021

Hybrid IT environments are full of secrets, like tokens, passwords, certificates and encryption keys that open access to mission-critical information. The emergence of concepts like Zero Trust authentication, Just-in-Time access and Zero Standing Privileges suggests that these access secrets don’t need to be permanent. Instead they can be created on the fly and made to expire automatically, paving way for the future where secrets or passwords no longer need to be managed and vaulted at all.

SSH.COM's CTO, Miikka Sainio, explores how reducing the number of permanent secrets enterprises manage in dynamic environments improves security, operational velocity cost-efficiency. He also discusses why managing and vaulting secrets is still a necessary phase in many cases when companies adopt modern and future-proof methods.

Miikka Sainio, CTO, SSH

Event Recording
Customer External Digital Identity, What is it, What can you use it for and Should you Play
Sep 15, 2021

The debate on Customer External Digital Identity has reached fever pitch. This session takes a step back and looks at how Customer External Digital Identity can enable Trust between individuals and organisations in many sectors, what that allows organisations and individuals to do and also looks at the different roles that you might choose for your organisation.

Martin Ingram, Product Owner, Identity Services, NatWest
Event Recording
Proactive and Polymorphic Adaptation of Multi-Cloud Deployments
Sep 15, 2021

During the last couple of years, hybrid and multi-cloud solutions are becoming very popular. With the emerging cloud options, modern enterprises increasingly rely on hybrid cloud solutions to meet their computational demands by acquiring additional resources from public clouds dynamically as per their needs.

Alicja Reniewicz, Team Leader, 7bulls.com
Paweł Skrzypek, Chief Architect, 7bulls.com Sp. z o.o.
Event Recording
Programming People: How to implement 'AI for good'
Sep 15, 2021

Artificial Intelligence is a little bit like sex: Everyone talks about it, very few people actually do it and if you don't do it safely, the consequences can be devastating. This session will give you a basic understanding of what you (yes, you!) can do to implement "ethical" AI systems in your organization and enjoy the promising opportunities this new tool offers while being aware of its limitations and risks.

Anita Klingel, Senior Consultant, PD
Event Recording
PAM 101
Sep 15, 2021
Paul Fisher, Senior Analyst, KuppingerCole
Event Recording
Clouds for all Seasons
Sep 15, 2021

Cloud services have enabled organizations to exploit leading edge technologies without the need for large capital expenditure.  In addition, to survive the COVID pandemic, organizations have had to accelerate their use of these services.  The market for these services is forecast to grow significantly as organizations complete their digital transformation and move, migrate, or modernize their IT systems.  However, according to some estimates only around 4% of enterprise workloads have currently been moved to the public cloud.  The factors limiting this growth are the challenges faced by organizations of managing the security and compliance of this new complex hybrid IT environment.  This presentation will describe how we expect the market for cloud services to evolve and the key changes needed to help organizations to manage these challenges. 

Mike Small, Senior Analyst, KuppingerCole
Event Recording
Panel | From Piecemeal to Strategic Priority: What CISOs need to know about CIEM
Sep 15, 2021

CIEM (Cloud Infrastructure Entitlement Management) is a SAAS delivered, converged approach to next generation, ideally AI driven multi-cloud security, managing access and privileges in the cloud. It is playing across the disciplines Identity Management & Governance, Access, Privilege Management and Authentication, addressing the complexity of multi-cloud adoption with privilege & access management working differently for each provider.

Gerry Gebel, Head of Standards, Strata Identity, Inc
David Higgins, EMEA Technical Director, CyberArk
Jon Lehtinen, Director, Okta
Patrick Parker, Founder and CEO, EmpowerID
Matthias Reinwarth, Lead Advisor & Senior Analyst, KuppingerCole
Event Recording
The Ethical Part of AI Governance
Sep 15, 2021

The Ethical Part of AI Governance – my personal learning journey

This talk is about my personal learning journey in AI and AI Ethics together with Bosch. I want to share what brought me to AI and AI Ethics personally and professionally and what instrument is used at Bosch to bring AI Ethics to life.

Sina Brandstetter, Software Engineer and Solution Architect, Robert Bosch GmbH
Event Recording
"That’s Not Fair!": Detecting Algorithmic Bias with Open-Source Tools
Sep 15, 2021

The harm that the misuse of AI/ML can have is obvious, from the ProPublica Recidivism piece from 2016 to the latest discovery of bias in facial recognition classifiers by Joy Buolamwini.

 

The need for tools to use AI/ML ethically is concentrated in two particular areas: transparency and fairness. Transparency involves knowing why an ML system came to the conclusion that it did—something that is essential if we are to identity bias. In some forms of ML, this is difficult. We’ll cover two tools to assist with transparency: LIME and SHAP. We’ll highlight where each of these tools performs well and poorly, and provide recommendations for utilizing them in unison where appropriate.

 

Once transparency is established, we’ll pause to evaluate potential sources of bias that would affect the fairness of a particular algorithm. Here the number of tools available is far-reaching. We’ll start with an explanation of bias metrics, explaining the roles that true/false positives and true/false negatives play in calculating various accuracy metrics. The basics of fairness established, then we will explore various tools used against a few, publicly available sample ML implementations. Tools in this review will include: Aequitas, AIF360, Audit-AI, FairML, Fairness Comparison, Fairness Measures, FairTest, Themis™, and Themis-ML. We’ll compare these tools, providing recommendations on their usage and profiling their strengths and weaknesses.

Mike Kiser, Senior Identity Strategist, SailPoint
Event Recording
Security Automation in the Financial Sector: Research Findings, Best Practices, and Lessons Learned
Sep 15, 2021

This presentation combines the findings of a doctoral study into security automation in the financial sector with real-world experiences in implementing security automation. The research focused on strategies financial institutions need to reduce the gap between the attacker's time to compromise and the defender's time to detect and respond. Learn from the experiences of companies that have implemented or are implementing security automation. This session will look at what to expect from security automation (and what not to expect), how to decide what to automate, strategies to help ensure a successful security automation program, and lessons learned from success and failure.

Dr. Donnie Wendt, Principal Security Researcher, MasterCard
Event Recording
Why must CISOs and security leaders let IAM drive their cloud security adoption?
Sep 15, 2021

As organizations expand their cloud footprint to accelerate innovation and digital transformation, increased security risks pose an imminent and elevated threat to their growing cloud presence. The market is overwhelmed with numerous security technologies, approaches and frameworks for securing an organization’s cloud adoption journey, but security leaders and architects must meticulously assess the security risks associated with their cloud usage, migration patterns and digital interactions with customers, employees and partners to suite their business requirements and cloud security priorities.

Identity and Access Management (IAM) remains one of the key security disciplines to support digital transformation and cloud adoption objectives, by not only providing a secure identity and access foundation for the user, device and cloud-service types but also by offering additional cloud-specific security provisions that include cloud access management, cloud entitlement management, cloud privileged access and cloud access governance to its evolving technology portfolio.

In this session, we will discuss the important security tenets of an organization's cloud adoption program and how effective IAM architecture and planning can help navigate CISOs and security leaders through their cloud adoption journey.

Anmol Singh, Sr. Cloud Security Advisor, Microsoft
Event Recording
Picos and Decentralized SSI Agencies
Sep 15, 2021

Picos (persistent compute objects) are an actor-model programming system with long-term persistent state. Each pico also has persistent identity and availability for a cloud-native developer experience. Picos are DIDComm-enabled agents supporting SSI. Consequently, picos are capable of running specialized application protocols for any given workflow in a secure, cryptographic environment. The architecture of picos makes them independent of the runtime they executed on, holding out hope of a decentralized SSI agency. This talk introduces picos, demonstrates their DIDComm capabilities, and presents a roadmap for building a decentralized SSI agency, independent of any particular organization.

Dr. Phil Windley, Enterprise Architect, Brigham Young University
Event Recording
Panel | Managing Zero Standing Access
Sep 15, 2021
Horst Bliedung, Head of IAM Product Management, Atos
Paul Fisher, Senior Analyst, KuppingerCole
Vadim Lander, Chief Technology Officer and Distinguished Engineer, Symantec Identity Security, Broadcom
Brandon Nolan, Global Digital Identity Lead, Avanade
Patrick Parker, Founder and CEO, EmpowerID
Event Recording
Cloudification of Access Management – Lessons Learned from the Migration of a Large-scale Production System
Sep 15, 2021

Access Management is a crucial capability in the IT infrastructure of any Enterprise. But it is even further crucial, when the whole application landscape is integrated, i.e., more than 1,800 applications used by millions of users. Back in 2017 we modernized the existing access infrastructure and set up ForgeRock as its successor on-premises in our data center. With rising demands regarding availability, scalability, and support for market-specific customizations, as well as more products and applications are going to the cloud, it became increasingly clear that project will have to cloudify its infrastructure and application stack. The future setup should follow modern paradigms like GitOps, Everything as Code and making use of highly automated processes based on Service Layers, all whilst keeping the integrated applications up and running and migrating the product stack to the AWS (Amazon Web Services) cloud.

Key Takeaways:

- How does a target architecture look like
- What challenges will appear when it comes to the migration
- How to ensure the migration to the cloud, whilst minimizing the effect for all integrated applications

Dr. Heiko Klarl, Chief Marketing and Sales Officer, iC Consult Group
Stephanus Rieger, Product Owner, BMW AG
Event Recording
Addressing Multi-cloud Identity Challenges with a New Standard: IDQL
Sep 15, 2021

The trend toward adopting multiple cloud providers means identity is now distributed, rendering traditional, centralized access policies and perimeters obsolete. As a result, the way we think about identity and access management (IAM) has to change. This session will present Identity Query Language (IDQL), a new standard for identity and access policy orchestration across distributed and multi-cloud environments.

Gerry Gebel, Head of Standards, Strata Identity, Inc
Event Recording
Cloud Infrastructure Entitlement Management (CIEM): Advancing from Cloud First to Identity First
Sep 15, 2021
Matthias Reinwarth, Lead Advisor & Senior Analyst, KuppingerCole
Event Recording
Exploring the Future of AI
Sep 15, 2021
Anne Bailey, Analyst, KuppingerCole
Event Recording
Panel | Global AI Governance: World Stage
Sep 15, 2021

Recent years have seen significant Artificial Intelligence (AI) development across all domains of business and society. This panel aims to bring attention to societal impacts of AI – benefits and challenges, by bringing thought leaders and practitioners from different parts of the world to leverage diverse viewpoints around AI governance that continue to drive AI development across borders. 

Anne Bailey, Analyst, KuppingerCole
Armin Bauer, Managing Director Technology and Founder, IDnow GmbH
Al Lynn, Vice President Emerging Technology and Incubation, Cisco
Event Recording
From Zero to Full Domain Admin: The Real-World Story of a Ransomware Attack
Sep 15, 2021
Joseph Carson, Chief Security Scientist & Advisory CISO, Thycotic
Event Recording
Panel | Best Practices to Implement Security Automation
Sep 15, 2021
Alexei Balaganski, Lead Analyst, KuppingerCole
Joseph Carson, Chief Security Scientist & Advisory CISO, Thycotic
Christopher Schütze, Director Practice Cybersecurity and Lead Analyst, KuppingerCole
Event Recording
The Rise of An Identity-Native Web 3.0 World
Sep 15, 2021

Identity is a fundamental element in the traditional world to associate information to the same individuals. As we leave more and more digital footprints in the world of Internet, these information are giving birth to our digital profiles, raising issues of privacy protection, monetization of data, identity theft and more. While in this presentation, we revisit the manifestation and formation of identity in the incoming world of Web 3.0, and discover how the native citizens of Web 3.0 are forming their own identities and reputations with native behavior data that are distributed, interoperable, and self-sovereign.

Gloria Wu, Chief of Ecosystem Partnerships, Ontology
Event Recording
Panel | A First-Person Account of Third-Party Identity Risk Management
Sep 15, 2021

In a 2018 study by Onus & Ponemon on data risk in the third-party ecosystem, more than 75% of companies surveyed said they believe third-party cybersecurity incidents are increasing. Those companies were right to believe that.

As our world becomes more digitized, and thus more interconnected, it becomes increasingly more difficult to safeguard organizations from cybercrime. Tack on to that challenge a global pandemic that all but forced organizations to become “perimeter-less,” if they weren’t already, and the potential access points for bad actors through third-party access increases exponentially.

The problem is two-fold.

The landscape of third-party users is vast and continues to grow. From third-party non-employees like vendors, contractors and affiliates to non-human third parties like IoT devices, service accounts and bots, more organizations are engaging third parties to assist with their business operations and help them to innovate, grow faster, improve profitability, and ultimately create greater customer value – faster. On average, companies share confidential and sensitive information with more than 580 third parties and in many cases, an organization's third-party workers can actually outnumber their regular, full-time workforce.

Yet, despite the increased use of third-party workers in business, most organizations lack the proper third-party risk culture, processes, and technologies to protect themselves against the long list of third parties with access to their sensitive data and systems. Organizations have these systems in place to manage their full-time employees but lack the same level of rigor to manage these higher-risk third-parties. As a result, many third-party users are provided with more access than needed for their roles, and most disturbingly, that access is frequently not terminated when the third party no longer needs it.

Without the right third-party identity lifecycle management procedures in place, businesses unwittingly expand their attack surface, unnecessarily put sensitive information at risk, and create additional access points for hackers.

Event Recording
Panel | Digital Identities and IoT - How to Leverage OIDC and OAuth 2.0 for the Best User Experience and Security! IAM Related Experiences From the Automob
Sep 15, 2021

A lot of innovation around physical products is created by connectivity, allowing them to become part of the consumer's larger digital ecosystem and the providing enterprise. Gartner says in its megatrends for the next decade: "Anything costing more than a few USD will be "intelligent and networked". Examples are electronic wall boxes to charge cars or remote-control for dishwashers, cars, etc.
Several compelling use cases require smart things to act not only for themselves but also on behalf of the end-user. OpenID Connect and OAuth 2.0 can be used to provide a user-friendly and secure user journey. Learn about the experiences with these standards when it is about IoT and how Identity & Access Management products help to reduce time-to-market, costs, and inconsistency between different touchpoints.

Key Takeaways: 

- What are the essential protocols to bring identity and IoT together
- What are the challenges, best practices, and pitfalls of IoT projects
- Arguments for buy or build

Fulup Ar Foll, Founder and Lead Architect, IoT.bzh
Andre Priebe, CTO, iC Consult Group
Graham Williamson, Director APAC / Senior Analyst, KuppingerCole
Event Recording
The Future of IoT Security
Sep 15, 2021

Speaker: Graham Williamson

Event Recording
Panel | From Smart Cities to Manufacturing – Securing Clouds of Things
Sep 15, 2021
Fulup Ar Foll, Founder and Lead Architect, IoT.bzh
Graham Williamson, Director APAC / Senior Analyst, KuppingerCole
Event Recording
Fraud Controls for Digital Identity Ecosystems
Sep 15, 2021

To date, Digital Identity Trust Frameworks have generally been light touch regarding the specification of fraud controls, relying on the theoretical protection a Digital ID offers through more robust authentication. It is true that improvements in authentication methods, such as soft tokens and biometrics, mean the ID theft vector of phishing for a user’s password may be removed. However, ID fraudsters will continue to use stolen ID information to create an ID in the victim’s name. They will continue to create synthetic IDs. They will also continue to try and take over victim’s accounts, using online account recovery and voice helpdesk channels to replace a strong authentication method with one that the fraudster controls.

In recognition of this ongoing threat from fraudsters, the Open Identity Exchange (OIX) has produced a comprehensive Guide to Fraud Controls for Digital ID Ecosystems.

The guide covers the processes and channels that need to be considered from a fraud risk point of view. It identifies the different types of fraud controls that should be applied in each channel, including ecosystem wide syndicated fraud controls, such as shared signals. The process of dealing with a suspected fraud is examined: how should these be prioritised, what investigation process should be followed, and how should victims be informed. Finally, it covers legal considerations when implementing fraud controls, in particular when sharing information and collaborating across the ecosystem to act as a joined-up defence against fraud attack.

This presentation / panel session will provide discuss these topics and how the guide can help those implementing Digital ID and provide the audience a chance to speak about their own fraud challenges with the authors and how the recommendations in the guide might be applied to help

Nick Mothershaw, Chief Identity Strategist, The Open Identity Exchange
Event Recording
Panel | Bringing the Global Assured Identity Network (GAIN) to Reality
Sep 15, 2021
Donna Beatty, Digital Identity Industry Expert, Digital Identity
Vittorio Bertocci, Principal Architect, Auth0
Daniel Goldscheider, CEO, yes.com
Don Thibeau, Executive Director, OpenID Foundation
Event Recording
Managing Self-Sovereign Identities as an Institution with Lissi
Sep 15, 2021

The presentation explains how institutions can establish relationships with clients and manage their data.
It will include a mixture of theoretical background knowledge as well as a practical demonstration of the "Lissi institutional Agent".
The demonstration will include the following steps:
- creation of schemas and credential definitions
- Establishing an encrypted peer-to-peer connection
- Requesting information from the user (self-attested, verified and Zero-knowledge proofs)
- Issuance of credentials
- Management of received costumer data

Adrian Doerk, Business Development Manager, Main Incubator GmbH
Event Recording
How can Decentralized Identities reshape the Future of eCommerce?
Sep 15, 2021
Dr. Michele Nati, Head of Telco and Infrastructure Development, IOTA Foundation
Event Recording
Implementing Identity Management on AWS
Sep 15, 2021

Identity on AWS may be well trodden ground, but that doesn’t necessarily make it any more inviting for enterprise practitioners who may not have had occasion to yet dive into the topic when tasked with an implementation.

Jon Lehtinen, Director, Okta
Event Recording
The Proper Care and Feeding of Non-Human Identities
Sep 15, 2021

Non-human identities are crucial for managing access risk with IGA, especially for non-standard accounts that provide the most access risk for organizations.

Brian Iverson, Chief Product Officer, Tuebora
Event Recording
Identity Management and Governance, in a Cloud Native World
Sep 15, 2021

Most enterprise infrastructure and software are in the later stages of cloud transformation. However Identity Management and Governance has lagged behind. First generation monolithic IAM solutions and providers do not provide agility into entitlement and risks in a cloud first world. The complexity of diverse infrastructure, security policies, and development velocity make it virtually impossible to provision, analyze and remediate at scale.

Arun Binaykia, CEO, Sath Inc
Event Recording
Mission Possible or How to Implement Automated Identity Lifecycle in a 200 years old Enterprise
Sep 15, 2021

Identity Lifecycle automation project in Swedbank lasted for 4 years. During all those years I fulfilled business analyst role in IAM area. I collected requirements, draw process models, and did detailed analysis. I also defined minimum viable scope of the project and drove the team to reach the goal. Finally, I did acceptance testing. I can share key activities for business analyst throughout different phases of the project.
Analysis
* Get descriptions or describe yourself HR-processes, which are related to identity area.
* Get descriptions/explanations of data feeds from HR-systems.
* Describe your needs to HR-system development team, such as future employment changes, deputies etc in advance.
* Trust but verify: ask for example files /data. Perform data analysis to makes sure, that previous descriptions and processes are valid.
* Just acknowledge that “roll-out” of new processes is not one day activity, this can last for multiple months and must be treated and described as a separate process.

Development
* Help developers with clarifying tiny details from stakeholders
* Document the details
* Control the scope and drive team to do correct prioritization
* Discuss alternative solutions to implement same business need

Testing
* Rehearse migration
* Rehearse roll-out
* If testing resource is limited – verify major business cases. Prolong pilot period to see rare business cases in production.

Roll-out
* Define different scopes and roll-out in smaller scopes (to keep incidents queue managed)
* Start roll-out from the process, that has smaller impact on acting employees (In our case we decided to start roll-out with leaver)
* Set up regular meetings with major stakeholders to inform them about changes in the processes. Good if you managed to agree on convenient communication channels (such as chat in Teams) between operational teams to be able to resolve incidents quickly.

Pilot
* Verify not only concrete cases, but also analyze the data.
* Agree on convenient way of communicating issues/bugs/questions to developers.
* Resolve incidents and fix bugs as quickly as possible, so that operating units don’t feel alone with software/data issues.

 

Key takeaways:

 

* Everything is possible but
* Define viable minimum
* Management team must be involved and work for your project. Your project must be a priority for all stakeholders / involved parties
* Start roll-out from the end
* Find a way to analyze your data to make sure, that everything is ok

Ekaterina Silina, Business Analyst, Digital Identity team, Swedbank
Event Recording
Panel | The Modern Approach to Identity Governance
Sep 15, 2021

What if we took the traditional way of thinking of Identity Governance and reversed it completely? Putting together a successful IGA program has commonly been a long haul,

A headache,

A mess,

A budget destroyer,

And an expectation disappointer.

There is a new way. Some call us crazy and some say its impossible. However, those who have experienced the new way call us visionaries. We have been presenting a modern ideology and process for IGA that drastically reduces the time to value, the total cost of ownership, and the economic impact of an Identity Governance Solution.

This panel will focus on strategic order of operations, calculating the economic return of the modern approach, how to optimize AI/ML in Identity Governance, and the ways simplicity expediates the path to stronger compliance and security postures.

Austin Baker, Director of Sales, SecurEnds
Gal Helemski, Co-Founder & CIPO, PlainID
Fabian Süß, Project Manager, KuppingerCole
Event Recording
The State of Strong Authentication
Sep 15, 2021

The FIDO Alliance was launched in 2013 with the audacious goal: to change the very nature of authentication. To move the entire world away from usernames and passwords and traditional multi-factor authentication with an open and free web standard that makes authentication simpler and stronger. It’s 2021, so why are passwords still persisting? The session will answer that question, and detail the progress that has been made towards standardizing strong authentication and the opportunity for companies to start on a journey past passwords.

Join Andrew Shikiar, executive director of FIDO Alliance, as we look the past year from the FIDO standards lens, including:
-- The impacts of Covid-19 on digital transformation plans and securing remote workforces & where strong authentication has fit in
-- Progress global organizations have made toward going truly passwordless
-- Considerations for strong authentication when seeking compliance with regulation such as PSD2 SCA
-- What other areas, such as identity verification, that need to be strengthened to better secure the web

-- Attendees will understand how a global pandemic affected companies' digital transformation plans, including strong authentication projects

Key Takaways: 


-- Attendees will learn the status of efforts to standardize strong authentication, and where support stands today
-- Attendees will be able to analyze their strong authentication options for complying with regulation like PSD2 SCA
-- Attendees will be able to explain how identity verification and authentication relate, and efforts in motion to better secure both areas

Andrew Shikiar, Executive Director and Chief Marketing Officer, FIDO Alliance
Event Recording
Panel | Identity in the Asia-Pacific - Untangling the Web
Sep 15, 2021

Do you want to launch or expand your identity-related business in the Asia-Pacific region but don’t know where to start?

Linden Dawson, Director, Cybersecurity & Digital Trust, PwC Australia
Allan Foster, Chief Evangelist, ForgeRock
Graham Williamson, Director APAC / Senior Analyst, KuppingerCole
Event Recording
How Denmark is Building the Cyberprotection Bridge Between the Private and Public Sectors: The National Danish Cybersecurity Council
Sep 15, 2021

Denmark is among the most digitaized countries in the world and as the digitarization strategy moves forward, it is necessary to improve and enhance the nation's overall cyberprotection. In 2019, the Government appointed a new 20-member national Cybersecurity Council for the period of two years. The council’s role is to advise the government on new initiatives that can support both the private and public sectors by improving resillience and better cyberprotection; contribute to knowledge sharing, advisories and guidance on the strategic level; and look into the need for cyber security competences and suggest measures to further develop these, both among private citizens and employees, as well as within education and research.

In this session, you will get a view into the midway status of the work of the Council, and will learn which initiatives work and which need more effort. The Council has been advising the healthcare authorities on the Danish COVID-19 app, and has been discussing the SolarWinds hack and the upcoming vaccination passport.

Bjarke Alling, Chair, National Danish Cybersecurity Council
Event Recording
Digital Identity in Germany
Sep 15, 2021

Explore the:

- Landscape of digital identity in Germany
- Success factors
- Future Outlook

Roland Adrian, CEO, Verimi GmbH
Event Recording
ADI Association: Bringing Accountability to Digital Identity
Sep 15, 2021

The Accountable Digital Identity (ADI) Association is a nonprofit organization dedicated to advancing an open framework for digital identity that focuses on accountability, privacy, and interoperability. The Association is a global coalition of private and public organizations spanning finance, government, healthcare, and technology parties.

Ramesh Kesanupalli, Co-Founder, ADI Association
Event Recording
Case Study: How an Entire Industry adopts Digital Enterprise Identity
Sep 15, 2021

Back in November 2013 the U.S. congress enacted the Drug Supply Chain Security Act (DSCSA). Part of the regulation is that actors within the U.S. pharmaceutical industry must verify the U.S. state license, which is issued by the U.S. Drug Enforcement Administration (DEA), status (and thus the authenticity) of every trading partner within their supply chain. And this does not stop just by direct trading partners a pharmaceutical supply chain actor might have, the regulation states, that also indirect trading partner’s U.S. state license status must be proofed.

Dr. Carsten Stöcker, Co-founder and CEO, Spherity
Event Recording
IATA Travel Pass - Self Sovereignty in Action
Sep 15, 2021
Self-sovereign identity has been a hot topic at EIC since 2016. We've seen it rapidly go from concept to reality, with a massive increase in global interest from car manufacturers to banks to healthcare. We've seen innovative pilot projects, new software and exciting new privacy innovations. 
But what happens when advanced new technology and protocols come into contact with the real world? In this talk, Andy will describe how SSI underpins the IATA Travel Pass ecosystem. He'll cover some of the implementation challenges, the do's and don'ts, and describe how the technology is just one small cog in the machine that comprises airlines, airports, testing laboratories and governments around the world. 
As IATA's technology partner, Evernym has been at the centre of the storm of global travel pass innovation, and Andy will give you a look under the covers of what a global SSI rollout looks like.
Andrew Tobin, European Managing Director, Evernym
Event Recording
Decentralized Identity and the US Dept. of Homeland Security
Sep 15, 2021
Markus Sabadello, CEO, Danube Tech
Event Recording
Identity in Zero Trust model
Sep 15, 2021
Anoop Mangla, Cybersecurity Practice Director, Wipro
Event Recording
In-house OAuth/OIDC infrastructure as a competitive advantage
Sep 15, 2021

Leading service providers have started developing their software in-house to achieve competitive business advantages.

Event Recording
Solving the Access Challenge in Cloud Migration
Sep 15, 2021
Berno Snijder, Account Lead Security, Accenture
Event Recording
Digital Onboarding
Sep 15, 2021

Enterprise hiring in the time of Covid is putting greater emphasis on supporting remote on boarding of new employees. This creates new challenges for the IAM team as it is no longer self evident that new contractors and employees to show up at a physical helpdesk, provide ID and pick up their new accounts. How do you organize the remote onboarding and are there technologies and approaches that are used in digital customer onboarding and KYC processes that can be leveraged to also handle employee onboarding?

Another important aspect is that remote working has become the norm and securing the remote connections is critical. A big part of that effort is to implement MFA at scale but in this situation how do you handle the roll out of the MFA when the users are not present in the office?

How do you support remote onboarding at scale?
How do you roll out MFA to a 100 000 people organisation?
What is the future for remote onboarding of contractors and employees?

Martin Sandren, Manager IAM, AholdDelhaize
Event Recording
Panel | Identity vs Authorization - Where to Draw the Line
Sep 15, 2021

We will look at OAuth protocol and its misusage for authorization purposes. What is the difference between client and user authorization and at which stage should each happen? We will revise what Identity is at its core and what should or should not be part of it. And what about Group Membership – a ‘domain-driven’ advise how to triage roles between Identity and Authorization. All these best practices are backed by real-life experience.

- OAuth and its misusage as an authorization protocol
- Essence of Identity
- Difference between client authorization and user authorization in the context of OAuth
- Group Membership – where do roles belong?
- Theory backed by practice

Hristomir Hristov, Solutions Architect, KPMG
Martin Manov, Software Architect, Cobuilder International
Fabian Süß, Project Manager, KuppingerCole
Event Recording
Beyond Blockchain: New Frameworks for Data Privacy and Security
Sep 15, 2021

The reason to use biometrics as a form of identity is because they are unique, unchanging and are the one direct and unequivocal link to an individual. But what if these identifiers are compromised? This is not a hypothetical scenario as the U.S. Office of Personnel Management breach sadly taught us several years ago. For years, this has been a conundrum in the world of biometrics - to store the data in a centralized system that has to be protected or choose device-based biometrics that are not linked to a vetted physical identity. In this never-ending loop of having to choose between privacy and security, we as a society have ended up with neither. This is about to change.

There are multiple forces now converging, that are driving serious attention and urgency to solve this problem as never before - continued, massive data breaches, skyrocketing use of biometrics and the emergence of far-reaching privacy and data protection laws that put the onus on protecting personal data on the private sector.

Owning personal data, and especially biometrics, has become a hot potato. Noone wants to hold it, but it is necessary for doing business. Consumers on the other hand are asking for more control. As a result, we are seeing new frameworks emerge, frameworks that go beyond blockchain and take into account the need for holistic, decentralized identity management that binds a rooted identity to a trusted authentication key that cannot be stolen, lost or circumvented by fraudsters operating under assumed identities with stolen PII.

Join us as we take you through a journey of what these new frameworks look like and the new possibilities that emerge when there is no binary choice to be made between privacy and security. It will finally be possible to have both.

Frances Zelazny, Co-Founder & CEO, Anonybit
Event Recording
Digital Onboarding Game Change: Face Verification and Liveness Detection
Sep 15, 2021

2020 will be eternally known as “The Year of COVID.” It will also be known as the year remote digital onboarding was near instantaneously transformed from a strategic, forward-thinking business development objective to an urgent, mission critical business priority. This has accelerated the adoption of biometric face recognition and liveness detection to create secure, trusted, and frictionless onboarding experiences.

The market landscape is being shaped by a range of innovators. From biometric face recognition and liveness technology providers to targeted digital onboarding and identity verification platforms, to the identity BIG THREE: IDEMIA, NEC, and Thales; everyone wants in. The market is heating up as the stakes couldn't be higher.

Using Acuity’s proprietary Constellation market landscape model as context, the current state of play will be evaluated in terms of the key market sectors, drivers, challenges, and opportunities for real world problem solving and disruptive innovation.

C. Maxine Most, Principal, Acuity Market Intelligence
Event Recording
Panel | Tackling the Identity Emergency
Sep 15, 2021
Paul Fisher, Senior Analyst, KuppingerCole
C. Maxine Most, Principal, Acuity Market Intelligence
Frances Zelazny, Co-Founder & CEO, Anonybit
Event Recording
Decentralized Identity: What's Been Happening and Why it Matters
Sep 15, 2021

Decentralized Identity is seeing a proliferation of activity -- so much that even experts struggle to make sense of it all. Even the names of the emerging specs have gotten wacky (or, technically, WACI...)

Kim Hamilton Duffy, Director, Identity and Standards, Centre Consortium
Event Recording
Self-Issued OP and OpenID Connect for SSI (OIDC4SSI)
Sep 15, 2021

One crucial component to SSI is end-users being able to interact with verifiers directly, without relying on a third-party provider or having to operate their own hosted infrastructure.

Kristina Yasuda, Identity Standards Architect, Microsoft
Event Recording
DIDComm and the Self-Sovereign Internet
Sep 15, 2021
DIDComm is the messaging protocol implemented in Hyperledger Aries that provides utility for DID-based relationships. Many may think DIDComm is just a way to exchange credentials, but it's more than that. DIDComm is a protocol layer capable of supporting specialized application protocols for any given workflow. Because of its general nature and inherent support for self-sovereign relationships, DIDComm provides a basis for a self-sovereign internet, a secure internet overlay, that is much more private, enabling, and flexible than the one we've built using Web 2.0 technologies. This talk introduces Autonomic Identity Architectures, describes DIDComm, discusses its protocological nature, and presents use cases in the Internet of Things. 
Dr. Phil Windley, Enterprise Architect, Brigham Young University
Event Recording
Hybrid cloud enablement: use cases, challenges, best practices
Sep 15, 2021

Cloud computing has become commonplace in recent years, it is almost inevitable for small to medium sized companies to leverage cloud services largely if not fully. However, it is not easy to run cloud enablement project in bigger and yet most importantly traditional companies, where there are hundreds of legacy applications, which expect data to be closer to the computing units, and which are dependent on bandwidth and reliable network availability. In this presentation, I am going to address cloud migration requirements, usual challenges, and lessons learnt and best practices from project management, security and service management point of view.

Paraj Sharma, Program Manager, Global IT-Infrastructure Services, Thyssenkrupp Industrial Solutions AG
Event Recording
It takes a village...
Sep 15, 2021

As a byproduct of the current activity across industry, government, and regulatory sectors, digital identity leaders face unprecedented opportunities- and challenges.

Covid has accelerated the global imperative to establish a strong and safe global digital economy that is enabled by a secure, interoperable,  digital identity ecosystem.   One of the most daunting challenges is how, where and when to start. 

The reality is that the target global ecosystem will be years in the making despite the widely held view that better identity is crucial to achieving a trusted digital-first marketplace.  The fact is that the target state is the quintessential “it takes a village” challenge.  It is this speaker’s strongly held view that the leaders who move the market now will be best positioned to substantively shape the government, regulatory and legal frameworks that might otherwise hamper ecosystem growth.

The focus of this session is to speak to the market movers in the audience and provide food-for-thought in devising a strategy to move forward.  The ‘right’ strategy will attract global relying parties, identity service providers and the digitally-enabled consumer audience writ large (‘the village.’)  The global ecosystem will take time to evolve but the time to build the foundation is now.

Donna Beatty, Digital Identity Industry Expert, Digital Identity
Event Recording
Closing Keynote & Announcement of EIC 2021 Gamification Winners
Sep 15, 2021
Event Recording
From Day One to Hour One: IGA in the Era of Extreme Automation
Sep 15, 2021

Cloud capabilities are driving automation approaches that will upend traditional, linear templates for Identity Governance service delivery. This extends to everything from application/service on-boarding, provisioning and user lifecycle management workflows. In this session, Manoj will share his experience of working on automation approaches for cloud workloads and discuss what this means for the future of IGA in the era of continuous integration and delivery.

Suganya Balan, Manager – Privileged Access Management, Philip Morris International
Manoj Kumar, Director, Identity and Access Management, Philip Morris International
Event Recording
WHY ON PREMISE IGA IS THE NEW LEGACY
Sep 15, 2021

In this session Thomas Müller-Martin, Global Technical Lead at Omada will share his insights about the evolving IGA market and why companies today choose an enterprise IGA SAAS platform over an on-premise solution. Learn in this session how to transform your legacy or home-grown solution to a modern IGA solution without the hassle of long and cumbersome implementation and high maintenance costs. Based on best practices, we will demonstrate to you how organizations today can deliver fast value to their business to mitigate risk and increase efficiency. Join this interesting speech by Omada, a global market leader in Identity Governance and Administration (IGA).

Thomas Müller-Martin, Global Technical Lead, Omada
Event Recording
What are the benefits of handling external users in IGA?
Sep 15, 2021

Most of the companies today are handling all external users with HR processes using HR systems, which can cause friction and inefficiency when managing external users' lifecycle. 

Lauri Reunamäki, Partner, Business Operations, Lempinen & Partners
Event Recording
Worlds Collide: The Importance of Convergence in IAM
Sep 14, 2021

Identity and privileged access management have existed in silos for decades. But cloud adoption and the rise in remote workers have introduced new vulnerabilities, and cybercriminals have noticed. As ransomware, breaches, and credential theft continue to make headlines, one thing is clear: We need to treat all access as privileged access and understand the context — and risk — of that access.

In this session, Chris Owen, Saviynt Director of Product Management, will discuss how identity worlds collide through Saviynt Enterprise Identity Cloud. He will show how this converged platform brings intelligence, visibility, and context together so you can manage the entire identity lifecycle, including governance, privileged access, application access, and third-party access.

Chris Owen, Director of Product Management, Saviynt
Event Recording
Goodbye Dogmatism / Hellō Pragmatism
Sep 14, 2021

Disciples of decentralized identity have preached for years that DIDs are the only true path to giving users control over their identity, AKA self sovereign identity. The lack of widespread adoption is evidence that a more pragmatic approach is needed.

Event Recording
Why ‘Zero Trust’ is Driving an Identity Centric Security Strategy
Sep 14, 2021

As organisations continue to adopt and embrace new technology platforms, it also brings with it the requirement to reassess how these new environments are secured. The Assume Breach mindset, a key aspect of a Zero Trust, shifts the risk posture to that of applying defense against the concept that the perimeter has already been breached.

In this session, we run through the Tactics, Techniques, and Procedures used in recent breaches and highlight the commonality across them; identity compromise and privilege elevation. This analysis will highlight the importance of taking an assume breach mindset to defense and that Identity becomes central to this strategy. Further, we will then position recommendations on how to protect against Credential Theft, Lateral Movement, and Privileged Escalation across hybrid and cloud environments

Event Recording
How to Thrive in an Accelerated Access management world
Sep 14, 2021

Research from 2020 has shown a phonemonal growth in the access management market.

The pandemic, for all its impact, has enabled organisations to re-evaluate their working strategies and practices. But at what cost? Cybercrime on corporate applications has risen exponentially from the dispersed workforce and rapid cloud adoption has left organisations vulnerable to ransomware, malicious activity and internal subterfuge.

Danna Bethlehem, Director Product Marketing Authentication at Thales discusses how organisations can accelerate their business with the right approach to their IAM strategy. For 2021 and beyond, enterprises need to leave survival mode behind and adopt a drive to thrive.

Drawing on recently released research into the EMEA IAM market, she will highlight:

  • How demands of the corporate workforce for dispersed working is bringing IAM security concerns to the fore
  • How the next generational approach to IAM can enable forward thinking organisations to thrive
  • How enterprises can build an effective IAM strategy to drive their growth
Danna Bethlehem, Director Product Marketing IAM, Thales Cloud Protection & Licensing
Event Recording
Browser Features vs. Identity Protocols: An Arms Race?
Sep 14, 2021

In an attempt to protect users from excessive tracking and surveillance, the last couple of years have witnessed major browser vendors introducing increasingly restrictive anti-tracking measures. Identity protocols and features got caught in the crossfire, however, forcing identity software vendors and developers to hastily introduce changes to restore functionality that browser changes broke. Is this the new normal? What will we do when a change will break an identity feature beyond repair?

This session will review the main browser changes that have affected identity over the last few years – Chrome’s SameSite and Safari’s ITP2 in particular, interpreting them as part of a larger trend and attempting to predict what the future will look like for identity customers and practitioners.

Vittorio Bertocci, Principal Architect, Auth0
Event Recording
The Changing Landscape of Consumer Identities
Sep 14, 2021
John Tolbert, Lead Analyst, KuppingerCole
Event Recording
Panel | CIAM During Covid - How to Better Secure the Identities of Your Customers
Sep 14, 2021
Max Faun, Head of Consulting, Europe, Okta
Paul Fisher, Senior Analyst, KuppingerCole
Jason Goode, Regional Director – EMEA, Ping Identity
Dali Kilani, CTO, Lifen
Event Recording
Security and Anti fraudsters CIAM strategy for next years
Sep 14, 2021

In this lecture I present a reference architecture covering CIAM, API and PAM thinking about closing the main attack possibilities in modern contexts

  • Reference architecture validated covering CIAM, PAM and API
  • How to decrease frauds
  • How to increase the user experience with security
Alfredo Luiz dos Santos Junior, Senior IAM Architect, Farfetch
Event Recording
The Next Frontier: Why Decentralised Identity is only Base Camp
Sep 14, 2021

Over the past decade significant advancements have been made towards decentralised, self-sovereign and tokenised identity. Now that we can tokenise a unique value what is the new value we can enable?

Katryna Dow, CEO & Founder, Meeco
Event Recording
Security and Privacy Challenges of Authentication, Verification and Authorisation of Customers
Sep 14, 2021
Sarb Sembhi, CISO, AirEye
Event Recording
Future proofing national eID
Sep 14, 2021

How to future proof a national eID scheme where 13 registered commercial IdPs, 1 government IdP and several brokers operate?

Petteri Ihalainen, Senior Specialist, National Cyber Security Centre, Finland
Event Recording
Identity Management as a Service - What it is and How to Build One
Sep 14, 2021

I considered myself quite an experienced programmer and having some expertise in Identity management when I was hired by Swedbank to work as full time Identity engineer. Besides projects, I had assignment to describe an architecture of the IAM as a service from my manager. Honestly, I had no clue about how to envision it. I tried to assemble standards and squeeze something out from practices and papers. But these were not really all my ideas and I did not feel much confident. But something started to happen in few last years when we had a very hard time implementing our IAM project (believe or not, it was successful). We had to answer hundred times to questions "why", "what" and "how". And finally the blueprint of the architecture of IAM as a service appeared from the mist. It is not one and only, because same size does not fit for all. Still, I do not agree that there are indefinite number of possible solutions. I think similar enterprises and engineers may find this presentation useful to draw their own blueprints.

IAM projects start usually from implementing baseline IAM processes - joiners, leavers, movers. Because this is what is usually most needed. But then you will get asked for more - identity data, events, other services. This is what makes up IAM as a service.

Neeme Vool, Software Engineer, Swedbank
Event Recording
Better Living Through Centralized IAM Policy Decisions
Sep 14, 2021
Stephen Hutchinson, Board Member & VP of Security Architecture, IDPro & MUFG
Event Recording
Best-Practice Approaches to Multi-Cloud IAM in the Enterprise
Sep 14, 2021

As more and more organizations go multi-cloud, the question arises how to integrate existing and compliance-proven enterprise IAM processes with the upcoming requirements of managing identity in the clouds.
In this talk we will present two different approaches on how an organization can manage multi-cloud identities and access. The models are based on real life examples we have found to work out for organizations we work with. What we learn with these examples is that there is a wide spectrum between agility and control. Each organization has to find their own balance in this playing field and design a solution that is valuable to them and their team.

The dynamic nature of cloud environments requires a frictionless user experience when it comes to providing and retrieving access
There is no one size fits all - the best solution for your organization depends on your positioning within a large spectrum between agility and control
Implementing a declarative approach for your multi-cloud IAM is a essential when aiming for continuous compliance

Rebecca Bausinger, Product Manager, Meshcloud
Christina Kraus, Co-Founder & CRO, meshcloud
Event Recording
Bad things that Can Happen
Sep 14, 2021

Disclaimer: The speaker at this session has not been involved either directly or indirectly in the work in the aftermath of any of the Ransomware attacks described in this session. All of the information from the cases is based solely on data that is in public domain.

Bjarke Alling, Chair, National Danish Cybersecurity Council
Event Recording
The Rise of the Machines
Sep 14, 2021

As processing power becomes cheaper, smaller, and more accessible, the issues of Identity in this automated space become increasingly relevant. We will discuss how machine learning (ML) can perform many traditional governance tasks previously the responsibility of managers – from ensuring appropriate access controls to automating the processing of access requests. We will also examine how intelligent devices are acting as agents for other identities and the challenges this brings to traditional identity management. Real-world examples will be presented of ML identifying security concerns and other vulnerabilities. 

Allan Foster, Chief Evangelist, ForgeRock
Event Recording
Panel | Mastering the Security Challenge for AI
Sep 14, 2021

Artificial Intelligence (AI) has been boosting innovation and creating a whole new wave of business models. With its rapid expansion into most use cases in many industries, a new threat landscape is evolving and as such presenting tough challenges to cybersecurity teams. With its huge impact on the way we interact with technology, the need for good practices and high standards in securing AI infrastructures is becoming a priority. In this panel session, we will    

  1. Identify and describe common AI security threats
  2. Talk about data quality, integrity and reliability
  3. Discuss AI risk mitigation strategies
  4. And look into the human factor of AI security
Anne Bailey, Analyst, KuppingerCole
Dr. Barbara Mandl, Director Cybersecurity, FOSTER FORE
Lex Tan, CEO & Founder, MotionsCloud
Event Recording
Building Mindset for Privileged Access
Sep 14, 2021

For most companies, privileged access management is associated with creating borders or limitations. Often organizations are forced to implement PAM due to the legal regulations and do not see it as an investment but rather consider cybersecurity as a cost center. Moreover, most employees think of it as another layer of control and make an assumption that the company does not trust them. 

Konstantin Krasovsky, Director EMEA, Indeed Identity
Event Recording
Staging & Release Management in IDM Environments
Sep 14, 2021

Ever since, Identity Management Environments do belong to the ‘more complex’ solution stacks in the world of IT. As a central
component and the ‘spider in the web’, it must adopt to any evolutionary change made in connected applications and systems.
Furthermore, new or modified business requirements or procedures do drive constant changes to IDM-Systems itself.
Depending on traditional, agile or ‘mixed’ service delivery and maintenance approaches in conjunction with multi-tier
environments for development, staging, pre- production and production (or even more), it becomes quite challenging to
appropriately integrate new functionality with the expected level of quantity and quality.
Most likely, its not only code and configuration which needs to be staged between the different system tiers, but also digital
identities and entitlement information.
In this talk, we will investigate different approaches to release and change management techniques specifically for IDM-Systems
and the benefits of integrated Multi-Tier environments. We discuss Good- Practice approaches from several Identity Management
projects from the past two decades, do’s and dont’s and how to deal with pseudonymization in staging environments which can
be used by any team for their ‘real-world’ acceptance tests, demo or lab work.
Key takeaways
• Get an overview of common mult-tier staging environments in IDM/IAM Landscapes
• Learn about good-practice approaches to establish staging functionalities
• anonymization and pseudo-anonymization for entity staging

Thorsten Niebuhr, CEO, WedaCon
Event Recording
The Security Debt Crisis – How to Catch Up on Past Due Patches and Neglected Risk
Sep 14, 2021

There is a common theme for many of the mega breaches of recent years – a neglect of basic cybersecurity hygiene that has resulted in a backlog of unpatched apps, misapplied configurations and overlooked tasks. This debt compounds over time and, as with financial debt can snowball to reach a point, where it becomes insurmountable. As organizations become increasingly cloud first, the risk profile from security debt further increases.

Richard Archdeacon, Advisory CISO, Duo Security
Event Recording
Panel | Best Practices to integrate AI in Identity Access
Sep 14, 2021
Anne Bailey, Analyst, KuppingerCole
Fabrice Gürmann, Data & AI Specialist, Microsoft
Tobias Oberrauch, Senior AI Consultant // Leader Group at Baden-Württemberg, CGI // AI PIONEERS // German AI Association
Event Recording
Integrated Intelligence – Combining Human and Artificial Intelligence for Competitive Advantage
Sep 14, 2021

Many companies from diverse industries increasingly rely on AI for strengthening their efficiency by automating jobs. Many of these advanced automation tools, however, currently become standard applications. Consequently, an isolated use of these tools will not enable companies to gain a competitive advantage. This presentation builds on an intelligence-based view of firm performance and the ‘Integrated Intelligence’ approach, which highlights the need to integrate AI with specific human expertise to outperform competitors and to transform a firm’s intelligence architecture. It further discusses the leadership implications for general managers and offers a systematic framework for generating growth and innovation beyond automation and efficiency. The ‘I3 – Integrated Intelligence Incubator’ provides executives with a toolset for developing appropriate strategic initiatives for intelligence-based future competition.

Prof. Dr. Ulrich Lichtenthaler, Professor of Management and Entrepreneurship, International School of Management
Event Recording
How to successfully rob a bank (and almost get away with it)
Sep 14, 2021

The majority of crimes in our industry are initiated with cyber-attacks on people - however, our people can also be our most valuable assets. This presentation start with a walkthrough of multiple "bank robbery" scenarios to focus on a real event from 2016, when in one of the largest cyber heist ever, $1 billion were at stake being stolen from a bank. And how human vigilance (as well as human mistakes by the criminals) finally prevented the worst.

Kashif Husain, CISO, Vice President, Nomura
Event Recording
Malware Manipulated in Cloud Environments - Is it Dangerous?
Sep 14, 2021

During this presentation, I'll show how the effects can bring in inside the Cloud environment if was exploitable by Malware using PDF file, explaining how each session works within a binary, what are the techniques used such as packers, obfuscation with JavaScript (PDF) and more, explaining too about some anti-desassembly techniques, demonstrating as a is the action of these malwares and where it would be possible to "include" a malicious code.

Filipi Pires, Security Researcher, THOR - Threat Hunting Offensive Researcher
Event Recording
One PAM - A Holistic Approach to PAM for the Shift to a Zero Trust Model
Sep 14, 2021

Join Peter Dulay, Symantec Identity Management Adoption Advisor, Broadcom, as he introduces One PAM, which brings together traditional proxy-based (credential vaulting) with agent-based (granular access controls) capabilities into one consolidated solution and approach, and how One PAM is better positioned to help customers shift to a Zero Trust model.  

Peter Dulay, Security & Integration Adoption Advisor, Broadcom
Event Recording
Continuous ZeroTrust as a Way To Know Your User
Sep 14, 2021

Organisations perceive their users through data. In the world of fewer and fewer opportunities for physical contact, identity verification is going all remote. All online service providers need to model the risks related to user impersonation and user manipulation attacks.
In this talk, we will dig through the classical methods of Knowing Your User through the static data:
Authentication
Coupling the session with the device
Checking the network environment
Next, I will present manipulation methods related to data spoofing to express the business impact. Usual scenarios are primarily associated with rewards in the form of money for the attackers.
Time-series data analysis and the impact on the business and customer experience will be presented to show the way forward in the adaptive risk management context.
Finally, food for thought related to the standardisation of behavioural biometrics that is getting more and more attention as one of the defence methods will be shared to show that we need Zero Trust and a way to verify if and how the vendor products are working.

Static data can be easily spoofed. Dynamic data analysis (mainly in a time series manner) is the way to go.
Data resilience related to side-channel time series data analysis.
Zero Trust is also about not trusting your data sources and all the environment related to it.
Behavioural biometrics strives for standardisation.

Mateusz Chrobok, VP of Innovation, Revelock
Event Recording
The human factor in Cyber Security - Creating a cyber aware culture
Sep 14, 2021
Alex Weishaupt, Practice Lead Cyber Security, Morgan Philips
Event Recording
What a CISO needs to know about GDPR
Sep 14, 2021
Stefan Hessel, Rechtsanwalt I Attorney-at-Law, reuschlaw Legal Consultants
Event Recording
Panel | Is Traditional MFA the Right Solution in a Post-COVID World?
Sep 14, 2021

The hybrid mix of remote and office work combined with digital transformation initiatives is driving the rapid adoption of cloud. This trend is also prompting organizations to rethink requirements for authenticating employees and other members of an organization supply chain. Companies are now exploring how to significantly improve both security and the end user experience. Unfortunately traditional multi-factor authentication is lacking in both areas. 

Joni Brennan, President, Digital ID & Authentication Council of Canada
Martin Kuppinger, Principal Analyst, KuppingerCole
Patrick McBride, Chief Marketing Officer, Beyond Identity
Andrew Shikiar, Executive Director and Chief Marketing Officer, FIDO Alliance

 

Discussion topics include:

  • How is the post COVID era changing the security and identity / access management landscape?
  • Should traditional MFA still be the “go to”?
  • What new requirements have emerged and why?
  • What approaches are advanced customers adopting?
  • What is the difference between Traditional MFA and newer options?
  • Is device trust important?  Why or why not?
  • What is the role of continuous, risk-based authentication?
Event Recording
Airbus Expert Perspective: Managing Third-Party Identity Risk in the Supply Chain
Sep 14, 2021

As a leader in innovative aerospace manufacturing with locations across the world, Airbus recognized the need to fortify its third-party identity management processes to better meet the operational efficiency and security needs of its evolving business and supply chain. Specifically, Airbus wanted to upgrade its identity management capabilities around lifecycle management, data quality, and obsolescence management for its third-party, non-employee users.

Benjamin Gasperi, On/Offboarding Product Manager, Airbus
Guillaume Lugat, Head of Identity & Access Management, Airbus
Event Recording
From a Business Centric Consent Management Paradigm to a User Centric One
Sep 14, 2021

I today's digital world (post EU DMA, DSA, DGA regulation proposals (now tabled in EU Parliament for legislative approval by 2023), GAIAx birth in Europe and eprivacy new regulations adoption, the hard line separation between personal and non personal data is blurring and companies have yet understood what this means for them. While they thought that only personal data needed to be consented, now it's all the data that need the consent log prof for each digital identity they get associated to. Europeans have also created a new "notion" of cloud (GaiaX). A cloud where data can circulate freely, can be shared and mutualised (upon consent). This will have implications. Huge implications as GaiaX carries the option to "import/acquire" data also originated from other entities (including from outside Europe). The transfer mechanism will only be possible upon user express consent, voluntarily. User will need to be incentivised to agree to share. Since transfer can only be performed by users, and with consent, that will in fact open up to a secondary data market which sees the consent log representing a "transaction event'. Hence privacy will exit the framework compliance to enter the framework of "strategy and business development'. The contextual "data" hunt can begin (vs big data paradigm which fades aways). The de-monopolisation of consumer data, too.

Insights in how the new european digital policy opens to new business (data driven) opportunities;

Explanation of what market what solutions are available (commercial) to deploy (large or small companies, pubic sector, etc) to meet this important shift in data monetization strategies

Get access to information about partnerships/research projects linked to data portability implementation

Isabella de Michelis di Slonghello, CEO and founder, ErnieApp
Event Recording
Panel | Building Trust with CIAM
Sep 14, 2021
Armin Bauer, Managing Director Technology and Founder, IDnow GmbH
Paul Fisher, Senior Analyst, KuppingerCole
John Erik Setsaas, VP of Identity and Innovation, Signicat AS
Event Recording
From top-down ecosystems to collaborative ones
Sep 14, 2021
Traditional identity and access management solutions built so far on the trust for selected identity providers and their adoption from an ecosystem of identity owners and identity verifiers. The decentralized identity paradigm is disrupting these ecosystems and required more democratic collaboration and competition among a number of identity and credential issuers, identity owners, and verifiers selecting and using them. This requires not only to design and implement new technologies but also to identify new business opportunities and business models. Collaboration, experimentation, and evaluation are the road to adoption, and the EU collaborative H2020 research and innovation framework offers the opportunity to de-risk such collaborations, in favor of innovation.
This talk will present the activities and lessons from three EU collaborations, CityExhcange, ENSURESEC and ORCHRESTRA, generating innovation with the adoption of decentralized identities for individuals, things, and organizations among complex stakeholders ecosystems in the smart energy, e-commerce, and smart transport domains.

 

Dr. Michele Nati, Head of Telco and Infrastructure Development, IOTA Foundation
Event Recording
Why We Need Guardianship in the Digital World, and How We Might Approach Delivering Guardianship Using Verifiable Credentials
Sep 14, 2021

 

Guardianship is a condition of life in human societies. When we are young we may be looked after by parents until we become adults. When we are adults we on occasions need others to look after us, and sometimes we may need increasing levels of care as we age.
In our physical world, we may recognise a guardianship role between parents and children and within families, and we may have more or less sophisticated laws to recognise instances where someone needs to take care of another for medical, financial or other needs.
While the concept of Guardianship is reasonably well developed and understood in our physical lives, it is scarcely considered in our digital lives. Very few (if any) considerations are made for the possibility that someone may need another to look after their affairs online. Without this consideration, we resort to poor approaches such as where a Guardian needs to "log in" as the dependent, without the visibility of the service provider, or has to prove their Guardianship status to a service provider who is physically remote and often in a different legal jurisdiction.
In late 2019, the Sovrin Task Force on Guardianship wrote a white paper on Guardianship considering these issues against two specific use cases: a child refugee and an adult living with dementia. A Working Group was established at the beginning of 2020 to develop these ideas further within the context of Trust over IP and has produced two key documents: an Implementation Guide to Guardianship using Verifiable Credentials, and a Technical Requirements document for Guardianship using Verifiable Credentials.
I would like to present these new pieces of work and, hopefully, engage in a discussion on guardianship in the digital world.
**Please note that this work was created by a team working with the not-for-profit Sovrin Organisation and is provided on a Creative Commons BY SA 4.0 Licence**

John Phillips, Partner, 460degrees
Event Recording
Panel | The State of Decentralized Identity - World Stage
Sep 14, 2021

 

Raj Hegde, Project Manager, KuppingerCole
Dr. Michele Nati, Head of Telco and Infrastructure Development, IOTA Foundation
John Phillips, Partner, 460degrees
Event Recording
Entitlement Management across Hybrid Cloud for Security & Compliance
Sep 14, 2021

Companies across the globe are undergoing digital transformation. The main challenge with this approach is the ability to securely manage access for on-premise, cloud and SaaS applications. Entitlement Management across this hybrid landscape requires management of cloud assets, IAM profiles, groups, roles and entitlements in support of Identity Lifecycle Management, Access Management, and Access Governance.

Workloads have been running in the cloud since the last decade or so. AWS, GCP and Azure have replaced traditional data centers and companies continue to migrate their production workloads to cloud at blistering pace. So, what changed? Firstly, we are starting to realize that this cloud infrastructure model necessitates a different type of identity and access management solutions as native solutions don’t cover multi-cloud IaaS model and traditional IGA solutions fall short in their scope. Secondly, business goals and priorities are driving engineering teams to work on initiatives without formal approval and oversight. With IaaS it is easy to spin up an instance, assign various resources. As organizations aren’t centrally controlling these spin offs, any vulnerabilities in this growing shadow IT is a target for hackers.

SecurEnds enables entitlement management across hybrid cloud assets for security and compliance.

1. Provide visibility over hybrid-cloud assets
Discover all identities, service accounts, IAM users, roles and policies within single or hybrid cloud the IaaS infrastructure.
See the granular permissions held by IAM Users, Roles and Service Accounts. This is important to define least privilege policies.
2. Provide governance over hybrid-cloud assets
Enforce least privilege policies across all cloud identities to avoid privilege creep.
Routine audits of configurations across cloud environments helps with policy enforcement and compliance.
3: Provide remediation over hybrid-cloud assets
Post identity review kick off automation to rectify privileges

Austin Baker, Director of Sales, SecurEnds
Event Recording
Zero Party Data - knowing without controlling
Sep 14, 2021

Applying the principles of self-sovereign identity to financial and social media sourced data points will enable businesses to make better and informed decisions about retention, acquisition and eligibility whilst relieving them of most of their obligations under GDPR.

Julian Wilson, Founder, Valido Limited
Event Recording
Zero Trust Use Cases
Sep 14, 2021

Zero Trust Use Cases: a pragmatic look from well-known use cases to lesser known ones. Focus will be on real world examples and situations proven in practice rather than on formal compliance. Further on we will have some critical thoughts on this topic.

 

Key Topics:

* What is Zero Trust?

* Some appliances for Zero Trust

              - Well-known use case: Web shop

              - Current use cases: Bring-your-own-device, Bring-your-own-account

              - Further use cases: Micro-segmentation, cloudification

* Some critical thoughts on non-deterministic systems

Eleni Richter, Chief Architect, EnBW
Event Recording
Siemens Zero Trust Architecture in 2021 and Beyond
Sep 14, 2021

Siemens AG drives the comprehensive Zero Trust program enabling most areas of Cyber Security, Enterprise and Product IT. In the presentation we are going to share our architecture vision as well as the implementation road map. We are going to share some lessons learned, which we gained on the way we passed so far.

Dr. Jan Herrmann, Senior Cybersecurity Architect - Authorization Technologies and IAM, Siemens
Dimitri Lubenski, Head of Technology and Innovation (IT Strategy), Siemens
Event Recording
The impact of agile on progressing Identity Security
Sep 14, 2021

After applying an agile way of working for the last three years the Rabobank Identity & Access Management service has gone through a transformation. The increased autonomy of teams, using backlogs with prioritized epics, applying agile rituals in order to create space for growth in applying agile principles, all of these have affected how IAM services are developed and delivered. Where the arena is uncertain and customers have a somewhat-defined request the agile, iterative approach works. Yet where the arena is regulatory governed and compliance driven an agile approach works less. The impact of incidents in a 24x7 security service immediately reflects itself on the development of the service when a devops team is used. The strain between waterfall project management and this agile approach is not instrumental but conceptual. Aligning expectations with the wider organization is a challenge in itself. This presentation will demonstrate the pros and cons of agile on IAM.

Agile pitfalls
Alignment with the wider organization (using waterfall and deadlines)
Where agile works well and where it does not
Countering the management drive for 'new and improved', whilst also applying agile

Henk Marsman, Lead Product Manager IAM, Rabobank
Event Recording
Improving IAM Success Rates with Rigorous Concepts
Sep 14, 2021

IAM programs in organizations have a reputation for difficulty and high failure rates. Through education and later through experience, professionals learn that communication is the most critical success factor in all human undertakings. We may have cutting-edge technology, generous budgets, and a competent team and still fail our project miserably. High-quality communication about IAM with our stakeholders is insufficient to succeed, but it is a necessary condition. 

And what is the building block of communication? Words and concepts.

Improving the IAM vocabulary's accuracy is the idea behind the TOME (The Open-Measure Encyclopedia) project - an open-source encyclopedia specialized in IAM, authored by volunteer IAM professionals for their peers. Its goal is to become the industry reference dictionary. It is free of charge and licensed under Creative Commons to facilitate its widespread adoption. It is rooted in science with a solid methodology and pervasive references to stand on the shoulders of giants.

In this session, I will present and define a series of IAM concepts, both frequently used and rare but often misunderstood

David Doret, Founder, Open-Measure
Event Recording
Journey from Enterprise Strategy to Identity Simplification
Sep 14, 2021

In an insurance sector not yet impacted by uberisation, AXA is moving toward its digital transformation. To achieve its key targets, including reduced time to market and improved user experience, AXA has launched several major programs: network, datacenter, workspace, .., and Identity and Access Management. Come discover how AXA leads the IAM program to support its digital transformation though improved agility, automation & business partnership capacity, both external and internal, while maintaining a high level of security.

– Adapt your IAM program to your context
– Define and maintain the key objectives of your program
– Accept that an IAM program is a transformation program, not a technical program

David Martinache, Manager, Wavestone
Fabrice Perrin, Global Program Director, AXA
Event Recording
Balancing User Experience, Privacy and Business Requirements – Learnings From Social CRM
Sep 14, 2021

Based on our research about critical privacy areas in Social CRM I could present solutions and discuss further potentials provided by upcoming technologies and resulting requirement on privacy management systems.
Social CRM is a bit special as indeed many applications and processes areas are still in legally grey area, without established and accepted standards. Users tend to ignore this fact as many applications and process provide a value for them and/or are comfortable. Based on this specific setup I could build up the discussion and presentation.
This presentation would be more a discussion to show potential solutions and not the presentation of a specific solution

Dr. Olaf Reinhold, Board Member, Researcher, Social CRM Research Center e.V.
Event Recording
Data Privacy
Sep 14, 2021

Do people really care about data privacy?

Jason Smith, Chief Commercial Officer, Meeco
Event Recording
Securing the Privacy of Non-logged in Devices
Sep 14, 2021

Many services across the web today allow users to consume the service without explicitly signing up. They generally identify users by a cookie containing a unique browser-id and store user data against it.

George Fletcher, Identity Standards Architect, Verizon Media Group
Deepak Nayak, Privacy platforms Architect, Verizon Media
Event Recording
Applying Zero Trust to Humans and Things
Sep 14, 2021

The pandemic has dramatically changed how we work, shop, meet and learn. Simple username and password credentials can no longer be part of this new world. They have become every user’s and every IT departments’ nightmare. Connected IoT things are for the first time outnumbering non IoT connections such as Tablet, Phones and PCs and many emerging business models will drive more revenue through IoT-enabled services than the products through which they’re delivered. Applying zero trust thinking to all identities including connected things and not just employees and their PCs is therefore a concept organisations will need look into to ensure adequate security measures for their employees and things.

In this session we’ll talk about:

  • Current challenges of managing IoT devices
  • How identity of things automate and improve user experience
  • The role of IAM in Zero Trust
Gerhard Zehethofer, Vice President IoT and Technology Partnerships, ForgeRock
Event Recording
Using Identity in a Zero Trust Architecture
Sep 14, 2021

Zero trust requires an enterprise to identify and monitor all the network identities used in the enterprise. NIST SP 800-207 refers to a zero trust deployment pattern called “enhanced identity governance”. The National Cybersecurity Center of Excellence (NCCoE) has a project on implementing a zero trust architecture that will include enhanced identity governance. This talk will be an overview of the role of network identities in zero trust and the current status of the NCCoE project.

Scott Rose, Computer Scientist, National Institute of Standards and Technology (NIST)
Event Recording
Trust as the Key Concept in Future Mobility
Sep 14, 2021

The Internet and consequently the Internet of Things were built without a trust layer. Decentralized Digital Identities as basis for Connected Mobility may be one of the needed missing components to implement real data sovereignty and a trusted Economy of Things in future Connected Vehicles scenarios.

Peter Busch, Product Owner Distributed Ledger Technologies Mobility, Robert Bosch Group
Event Recording
The #FutureOfMobility is decentralized
Sep 14, 2021

Mobility-as-a-service is changing the way people move. From mobility based on driving your own car, it is converging to the consuming of various services using multiple modes of transportation. Ranging from eScooters, bicycles, ride-sharing to car-sharing, ride-hailing and public transport.

Dr. Harry Behrens, Founder and CTO, Power & Mobility Ltd - bloXmove.com
Event Recording
A Primer for SSI in DE
Sep 14, 2021

Self-Sovereign Identity – or SSI in brief – is now a major thing. Germany has become one of the world’s key SSI accelerators. Countless people and organizations – small and large – are getting excited and actively involved. Now de facto driving forces are: 1. SSI Pilots by the German Federal Chancellery as first demonstrations of the Digital Identity Ecosystem. 2. IDunion – a solution-oriented research project co-funded by the German Federal Ministry of Economic Affairs and Energy in the cluster of showcases in Secure Digital Identity. This presentation provides a brief SSI introduction and an update on these two major German SSI initiatives.

Dr. André Kudra, CIO, esatus AG
Event Recording
FIDO for Developers - How Developers Can Master FIDO and Passwordless Authentication Without Adding Unnecessary Complexity.
Sep 14, 2021

The paradox of simplicity is that making things simpler is hard work. - Bill Jensen

 Building strong passwordless authentication from scratch can be very time-consuming. Integrating the necessary infrastructure into a typical password-centric identity code base increases code complexity exponentially. Taking into consideration that well-known user flows have to be changed and enhanced with new authentication options may also pose significant challenges for developers. They have to get it right - and make it as simple as possible for the end user.

 In this talk, we highlight possible pitfalls and necessary considerations when implementing passwordless FIDO and WebAuthn protocols. You will recognize how a cloud-native approach can simplify the integration of passwordless authentication and smoothen the requirements for developers and product owners of any online service. You’ll also learn how to gradually migrate existing users to the new authentication methods in a frictionless manner.

Join us to explore three possible abstraction layers we’ve identified to take the complexity away when dealing with FIDO and passwordless multi-factor authentication. Ranging from utilizing a managed FIDO API and SDKs up to a fully-fledged passwordless-native identity provider that can be integrated with OpenID Connect. We also will share some secrets on useful extensions of the FIDO standards we’ve identified when building our passwordless user experiences.

 Felix Magedanz, founder and CEO, Hanko.io

Event Recording
How Biometric Face Verification Enables Effortless IAM in a Zero Trust Environment
Sep 14, 2021

Now more than ever, the world is operating online. Governments and enterprises need a way of securely verifying an individual’s identity whilst providing an inclusive and positive customer experience. iProov is a world leader in cloud-based face biometric authentication technology. Our Genuine Presence Assurance™ technology, powered by flashmark, ensures that the individual is: the right person, a real person, and also confirms that they are authenticating right now.

Tom Whitney, Global Head of Solutions Consultancy, iProov
Event Recording
Using Hypermedia to Adapt Client-side Login to Go Beyond Passwords
Sep 14, 2021

There are various ways that client applications may need to log in when going beyond passwords. With a username and password, client development is easy -- just collect a couple of inputs from the user and match them on the server. When going beyond these though, how can client applications be deployed and maintained in a way that the server still dictates what the client should present and obtain from the user when authenticating them?

Travis Spencer, CEO, Curity
Event Recording
Four Steps to a Next Generation PAM Solution
Sep 14, 2021

Four simple steps to the perfect PAM.

Stefan Schweizer, Vice President, Sales – DACH, ThycoticCentrify
Event Recording
Going Passwordless and Beyond - The Future of Strong Authentication
Sep 14, 2021

The onslaught of account takeover attacks from insecure passwords is driving the rapid adoption of passwordless solutions.  While the risk reduction benefits are substantial, eliminating passwords is just the first step on the path to fundamentally strong authentication.  In the “new normal” era of work from anywhere, and rapidly increasing cloud adoption, organizations are moving to a new risk-based authentication model.  Advanced organizations are validating users, their devices, and inspecting the security posture of the device for each login.  Strong and continuous authentication is a fundamental building block of Zero Trust. Learn how you can make it happen without making the user experience miserable.

 Discussion topics include:

  • New cybersecurity and identity management requirements in the post COVID era
  • Traditional MFA vs Passwordless - avoiding the “security vs. painful user experience” tradeoff
  • Device trust and the confluence of cybersecurity and identity management
  • Continuous risk-based authentication 

Takeaways:

  • Account takeovers and other attacks have increased as a result of distributed working - adopting a solution that removes passwords removes most of the risk
  • MFA has evolved beyond the traditional “password + SMS + pin” approach
  • CISO’s and IT no longer have to trade increased security for user convenience
  • Modern devices allow organizations to leverage the Secure Enclave / Trusted Platform Module for increased security
  • Continuous, risk-based authentication is a key factor in identity and access management
Patrick McBride, Chief Marketing Officer, Beyond Identity
Event Recording
Panel | Prioritizing Identity - Identity-Centric Security Strategy
Sep 14, 2021

Identity management is critical for digital transformation and continues to evolve and gain importance as the business environment changes in today's hyperconnected world, where employees, business partners, devices, and things are all tightly interwoven. Deploying an identity security solution – regardless of your business size or industry is a fundamental requirement today to facilitate secure communications and reliable transactions.

This panel explores identity security strategies that enable your business to take full advantage of your solution’s capabilities.

Yvo van Doorn, Senior Solutions Engineer, Auth0
Oliver Krebs, GM EMEA, Onfido
Martin Kuppinger, Principal Analyst, KuppingerCole
Event Recording
Panel | APIs - Where Security Meets Identity Management
Sep 14, 2021

Traditional IAM models have focused on users, policies, and roles, which met the needs of web applications in years past but as application development has evolved to APIs, an innovative approach to identity management is required. It is no longer just users, roles, and permissions. APIs must be integrated into the identity and access management framework to ensure adequate governance and security.

Within an API there is a requestor (often on behalf of a user), a service (API), and the data that is being passed. All these entities in the transaction require unique identity and authorization; without identity, compliance and enforcement mandates cannot be met effectively and without authorization, there is a free-for-all on your APIs reminiscent of Cambridge Analytica and Facebook.

In this session, we will look at how rapid digitalization (first and third-party APIs + multi-or hybrid-cloud environments) has complicated security efforts, the role of API integration in data governance, and how companies can best navigate the heightened cyber-threat environment we find ourselves in today.

- Why API security requires more than traffic policy management and course-grained enforcement.
- Why APIs need to be integrated into the identity and access management framework to ensure adequate governance and security.
- How companies can reduce the burden on developers to allow for a proactive approach to API security instead of reactive.

Nathanael Coffing, Co-Founder, CSO and Board Member, Cloudentity
Gal Helemski, Co-Founder & CIPO, PlainID
David Martinache, Manager, Wavestone
Fabian Süß, Project Manager, KuppingerCole
Event Recording
User Terms Engineering Layer for IEEE (The Institute of Electrical and Electronics Engineers)
Sep 14, 2021
Doc Searls, Co-founder and board member of Customer Commons, and Director of ProjectVRM, Harvard's Berkman Klein Center for Internet and Society
Event Recording
Panel | One Size Doesn't Fit All - Why Identity User Experience Matters More Than Ever in a Zero Trust World
Sep 14, 2021

Balancing usability and security is a well-known challenge in the field of identity. With increasing threats to personal and critical business data posed by nation-states and other bad actors, organizations are moving to a default posture of Zero Trust with more and more technology vendors and service providers delivering solutions in the form of complex monitoring and policies designed to keep the bad guys out. Knowledge workers, including an increasing population of frontline workers, require and expect seamless collaboration and productivity without barriers that waste time and require technical expertise. And businesses of all sizes are looking for solutions that can be operated by managers and program owners who are not necessarily identity and security experts. At the same time, individuals are drowning in a sea of passwords and clamoring to maintain their privacy and preventing compromise in their personal lives. With more signals, potentially come more annoyances, and with more annoyances come to the proliferation of unsafe practices. As vendors and enterprises dedicated to secure and seamless identity, it is our responsibility to invest in a more secure future while remaining dedicated to solutions that guarantee higher security but are even easier and more delightful to use than today's conventional solutions. FIDO2 and the move towards passwordless solutions are getting more adoption, but still carry with them some experience challenges in onboarding and recovery. Innovations like distributed identity show promise in decentralizing ownership of personal data and putting control back in the hands of end-users but are in very early days. EIC represents the industry and our commitment to creating trustworthy frameworks that protect organizations and people.

Join a panel of experts to share their thoughts on how we can continue on a pace of innovation in zero-trust while maintaining trust and usability for everyday people in a digital world.

- innovation requires investment across security, privacy, and usability

- abstracting complexity from both end-users and operators is more important than ever

- vendors and enterprises owe it to their users to consider everyday user experience a vital part of creating a secure environment

Paul Fisher, Senior Analyst, KuppingerCole
Robin Goldstein, Partner Group Program Manager, Microsoft
Alexander Koch, VP Sales DACH & CEE, Yubico
Event Recording
How to Stay Relevant in the Age of Conversational Banking
Sep 14, 2021

The age of conversational banking represents a transformation of how and when banks interact with their users.

Şebnem Elif Kocaoğlu-Ulbrich, Founder, Contextual Solutions
Event Recording
How Secure is Your Multi-Factor Authentication?
Sep 14, 2021

Well-designed multi-factor authentication technologies, especially when paired with a mobile device or other token, mitigate security risks from single factor username/password authentication while still providing a positive user experience.

Rebecca Nielsen, Director of Technology Integration, PKH Enterprises
Event Recording
Driving Business Value in the Enterprise with Zero Trust
Sep 14, 2021

With the merger of AOL+Yahoo, the newly formed Enterprise Identity team had the challenges of planning to support the cloud-first future of the new company Oath (which would become Verizon Media), building a new Identity ecosystem with Zero-Trust methodologies, and supporting a security-minded culture.

Bryan Meister, Senior Principal Architect, Yahoo
Event Recording
Integrating IoT With SSI-Enabled Technologies For Healthcare
Sep 14, 2021
Dr. Christos Patsonakis, Postdoctoral Research Associate, The Centre for Research & Technology Hellas
Event Recording
Panel | Futureproofing Pharmaceutical Supply Chain Security
Sep 14, 2021
Bob Celeste, Founder, Center for Supply Chain Studies
Jeffery Denton, Vice President, Global Secure Supply Chain, AmerisourceBergen
Georg Jürgens, Manager Industry Solutions, Spherity
David Kessler, President, Legisym
David Mason, Supply Chain Compliance and Serialization Lead, Novartis
Gena Morgan, Strategic Consultant, GS1 US
Dr. Oliver Nürnberg, Chief Product Owner, SAP Life Sciences
Event Recording
Introducing ESSIF-LAB - The European Self-Sovereign Identity Framework Lab
Sep 14, 2021
Drs. Jacoba C. Sieders, Member Of The Board Of Advisors, EU SSIF-lab
Event Recording
Securing the Digital Double - The Path to a Trusted Digital Ecosystem
Sep 14, 2021

Digital life is a replication of the physical world in a digital ecosystem. As a result, people and things have an equal digital representation, which we call a digital double. Your digital double is active and involved in various activities, even when you take a nap. Therefore, securing the digital double is critical. 

Asanka Abeysinghe, Chief Technology Evangelist, WSO2
Event Recording
Persistent digital reputation across industries, countries, and legal frameworks
Sep 14, 2021
Stepan Gershuni, VC Marketplace WG Lead, Decentralized Identity Foundation
Event Recording
Distributed Identity using the example of a digital vaccination card
Sep 14, 2021

Distributed Identity (DI) is less known to many and even less in connection with the pandemic. The concept that DI delivers is an excellent starting point for creating a digital vaccination record.

Why DI is generally a good idea and what a digital vaccination record based on it can look like, is shown in this lecture. If you want to explain to your family in practical terms what IAM, IGA and PAM do: get vaccinated and (hopefully soon) apply for a digital vaccination certificate!

Ingo Schubert, Global Cloud Identity Architect, SecurID, RSA Security
Event Recording
A Window Into Our Industry
Sep 14, 2021

Keeping up with the changes in our industry is no simple task. The rate of change for identity technologies, their applications, and their roles in the enterprise is simply too great. Since 2018, IDPro has conducted an industry survey to call attention to the skills that identity practitioners possess and employee to be successful. In 2019, the survey was expanded to explore enterprise priorities to highlight which areas of the identity industry were garning more attention and investment. And in 2021, IDPro expanded the survey again to include questions about diversity and inclusion. Join Ian Glazer, Founder and Vice-President of IDPro, as he explores the results of this year’s survey and the implications for you, your employer, and the industry as a whole.

Ian Glazer, VP, Identity Product Management, Co-Founder, IDPro

Event Recording
Evolution of User Centricity in Customer IAM
Sep 14, 2021

The transformation of the IAM landscape of a Multi Service Provider is taking shape.

Rolf Hausammann, Head of Identity and Access Management, Swisscom
Event Recording
European Identity & Cloud Awards Ceremony 2021
Sep 14, 2021
Event Recording
Meeting Expectations – 5 pillars for IoT project success
Sep 14, 2021

Deployment of IoT installations are accelerating as organisations seek to expand their business by adding IoT functionality to their products/service, or reduce their costs by automating processes. Unfortunately, in many cases these initiatives are not adequately executed and, as a result, do not meet expectations.

In this session we will look at 5 pillars of an IoT deployment: the Device pillar ensures we select the appropriate sensors and actuators, the Control pillar guides our decisions on controller functionality, the Communications pillar ensures we consider which options fit our required functionality and budget, the IT pillar determines the level of integration between our IT and OT environments, and the Security pillar guides our protection strategy.

A holistic approach is a success-indicator for our IoT projects.

Graham Williamson, Director APAC / Senior Analyst, KuppingerCole
Event Recording
Introducing BASIS - Addition to Martin Kuppinger's Opening Keynote
Sep 13, 2021
Event Recording
Multi-Cloud Multi-Hybrid IT: How to Make your Digital Business Fly
Sep 13, 2021

IT has changed fundamentally in the past years. Multi-cloud environments mixed with private clouds and on-premises infrastructures (multi-hybrid) are the new normal.
The high pace in transformation, modernization, and innovation required for success in the digital age requires these environments to work smooth and secure.
In his talk, Martin Kuppinger will discuss where and how IT, IT Security, and IAM need to evolve to make the digital business fly.

Event Recording
Identity and the Rise of the Platforms
Sep 13, 2021

The first era of SaaS is ending, and we are entering a new era of convergence. This new era will result in new kinds of enterprise platforms that converge discrete functionalities into new systems of delivery. Best of breed solutions will all but disappear. Point solutions will fade away. The identity industry will fundamentally shift. The traditional IAM vendors you know are going to face competition from Salesforce, ServiceNow, Workday and others. You, the customer, are going to be influenced more and more by these players and their new systems of delivery. In this session, I will explore what is driving this trend and how it may shape the future of the identity industry.

Event Recording
Where Stands the Sovereign Self?
Sep 13, 2021

When thinking about what SSI means for enterprises and providers of services to enterprises, it's easy to forget that SSI is about each of our sovereign selves. This means SSI should give us each a clear sense of independence, agency, and obvious freedom from the old centralized Identity Provider Relying Party model, and the federated one that followed from it. But we aren't there yet. What will it take to get us there—for our sovereign selves, and not just for hot new SSI businesses?

Event Recording
Hybrid. It’s Never Only One Thing
Sep 13, 2021

New technology is often seen as a total replacement for whatever came before. This is evident in the “Move to Cloud”! However, we are almost never in a greenfield position: we must interoperate with legacy systems and the demands of the business drive towards different and competing solutions for different problems. We will discuss the challenges of a hybrid deployment, addressing multi-cloud as well as on-premises components, and how a hybrid approach to identity is required to competently address these often conflicting requirements. We will use real-world examples of hybrid solutions to demonstrate the solutions.

Event Recording
Identity, Privacy, Security - The European Perspective
Sep 13, 2021

In recent years, we have seen quite a few transatlantic policy issues with regards to Cybersecurity and the way how personal information is being treated by private and public organizations. The main areas where we see these differences are data protection/privacy, standards & certification and last but not least private-public information sharing.

Event Recording
Modernizing the Customer Journey
Sep 13, 2021

As organizations are recovering from the pandemic, the need to adapt to rapid technology, organization and social changes makes many of them embark on a digital transformation at high speed. Investments to drive online business, powered by customer insights and an attractive user experience, yet secure and compliant to rules and regulations, have never been bigger.
Integrating Marketing and Customer Relationship Management (CRM) functions with Customer Identity & Access Management (CIAM), if done well, can help business owners achieve the ROI they are looking for.

Join Gerald Horst, who leads PwC's Digital Identity team in EMEA, as he explains how powerful Customer Identity & Access Management can be when you are transforming your organization to become successful in doing business online. Gerald will share relevant client experiences, demonstrate some key capabilities and give his view on future client demands in this context.

Key takeaways:

  • How to onboard new customers within minutes while applying a zero-trust approach
  • How to balance the user experience, cost, and security requirements the right way
  • Integrating CIAM with SalesForce to support a digital customer journey from A to Z
  • The power of CIAM in future online business models 

 

Event Recording
Identity’s evolving role in cloud security
Sep 13, 2021

As we emerge from the first wave of digital transformation, most organizations have embraced multi-cloud and hybrid environments. Companies increasingly use digital technologies to transform the actual products and services they sell to their customers, while modern service and app architectures drive adoption of containers and micro-services. These trends pose new challenges and opportunities for security. The number of machine-to-machine interactions is growing, as is the need to establish trust in real time across many distributed systems. In this thought-provoking session, Joy Chik will explore trends that are making identity even more central to modern security.

Event Recording
The Dawn of Digital IAM
Sep 13, 2021

Join Vadim Lander, Symantec Identity Management Security Chief Architect and CTO, Broadcom as he discusses the new realities that are driving the evolution of Identity and Access Management (IAM) and how organizations use IAM as a key pillar in the architecture for Zero Trust. Vadim will also highlight the future of the Symantec’s IAM suite of solutions and how they will help our customers build their own Identity Fabric.  

Event Recording
Identity is the New Blue
Sep 13, 2021

Blue is the world’s most popular color.

But this was not always the case. Originally, it was little used in art and clothing, and in turn, had little symbolic cultural value. In the course of a few key decades, however, blue overcame obstacles of sourcing and production, and its popularity exploded—rising to represent some of the highest values of society.  Subsequently, a wave of innovation democratized the color, placing it in the hands of “normal people” and cementing its cultural legacy.

Identity finds itself on a similar path. After a period of relative obscurity, identity has begun its rise over the past decade—but the journey is just beginning. Like blue, it faces challenges to its ascendancy—both practical and ethical. We’ll extract lessons from the trajectory of the world’s most popular hue and seek to apply them to the arc of identity.

The color of the world is changing once more.

Event Recording
The Rise of the Developer in IAM
Sep 13, 2021

Everything is famously code today—cars are computers with wheels, appliances have Internet access, smart doors and houses are controlled from mobile phone apps. With all this code around, security is more of a challenge than ever. A central pillar of security is identity management: the technology that protects logins and controls access. This, too, is becoming code to work with all the other code. Libraries for developers are essential, including ID controls in mobile and Web applications for initial sign on, single sign-on, federated sign-on, biometric authentication systems, and controlling access to sensitive data. And code itself is becoming code: automation systems for producing code, deploying code, updating code, configuring resources and access controls. IAM code has to be wherever it’s needed, when it’s needed, and automated, just like any other code. The better we do this, the more secure we all are with our ubiquitous computers. 

Event Recording
Cloud without Compromise: Identity-Centric Security that Mitigates Modern Risks
Sep 13, 2021

Is your IGA strategy keeping up with modern threats? Novel attack methods are revealed daily, compliance requirements never stop evolving, and how and where we work has forever escaped the traditional office. As a result, organizations require more flexibility than ever to protect what matters most. You shouldn’t have to compromise functionality nor security levels because your IT resources and people operate on-premises, in the cloud or in a hybrid environment. The point is that you don’t need to.

Don’t miss this 20-minute keynote address by One Identity’s Rima Pawar, VP of Product Management, as she discusses the secret fears of many CISOs and other senior IT leadership and how an identity-centric security strategy can mitigate modern threats and help IT executives sleep at night. Topics will include best practices to extend security beyond the traditional perimeter; how to take an identity-centric approach to security; as well as hear how your peers are pursuing Zero Trust strategies.

Event Recording
Introducing The Global Assured Identity Network (GAIN)
Sep 13, 2021
100 experts propose an interoperable scheme to create a virtual IDP.
Event Recording
COVID has Accelerated Public Demand for Digital ID
Sep 13, 2021

Digital ID and Authentication Council of Canada (DIACC) research finds that three-quarters of Canadians feel that it’s important to have a secure, trusted, and privacy-enhancing digital ID to safely and securely make transactions online. As federal governments focus on post-pandemic recovery, investing in digital ID makes strong economic sense, especially for small and medium-sized businesses (SMEs). For SMEs, the impact of digital identity could be used to improve processes that are difficult today.

This is especially true in situations where businesses need to provide proof of identity to another business. Considering SMEs account for approximately 30 percent of Canada’s overall GDP ($450 billion), if we assume that the average SME could be just one percent more efficient with access to trusted digital identity, this results in a potential $4.5 billion of added value to SMEs and reinvestments in the Canadian economy. This presentation will provide a detailed overview of research performed over the course of 2 years to quantify public perception and demand for secure, interoperable, digital identity that works across the whole of the economy. 

Event Recording
Give Me 10 Minutes, I'll Give You The Truth About Identity
Sep 13, 2021

User recognition and authentication is becoming the central element of companies' digitalisation strategy. Not only are user registration and login the first experiences users make, Identity and Access management will ultimately determine which company recognises and serves the needs of its users best and will be successful in the market.

What you can expect

  • A holistic view on identity and access management
  • A forward-looking way of thinking and
  • Progressive software architectures
Event Recording
Complexity has Reached a Tipping Point in IT – What Can we do About it?
Sep 13, 2021

"Act quickly; allow me to think less; protect me from risk." These incongruent objectives are being asked of IT departments and their staff. We are living through a great digital transformation that is rewriting our way of working and means of producing goods and services. Underlying and enabling this transformation is an increasingly complex, obscure, and challenging myriad of interwoven software systems spanning organizational and technological boundaries. IT complexity is no longer isolated to back-office nerds conversing in technobabble and pushing us aside to remedy our newb problems. All portions of the workforce are more exposed and dependent on technology to complete their day-to-day duties.