Event Recording

Cloud-Powered Technologies and Strategies for Secured DevOps Environments

Show description
Speaker
Fouad Mulla
Cloud Security Lead Consultant
Devoteam
Fouad Mulla
Fouad is Cloud Security Lead Consultant in Devoteam with over 10 years of professional experience in the digital and software industry at global corporations, Fouad helped many businesses to govern and protect their information, identify and understand cybersecurity risks to allow them to make...
View profile
Playlist
European Identity and Cloud Conference 2023
Event Recording
Preparations for Smoother PAM Flight
May 11, 2023

The short abstract of this topic would be "How we can make a proper business case and ROI(Return on Investment) for PAM". Below are some of the preparations we need for a smoother PAM flight:

  1. Business Use Case
  2. Technical Use Case draft and definition
  3. Vendor selection & Role of research organisations like KuppingerCole
  4. POC
  5. ROI for management and their approval
  6. Vision, Mission & Use case selection and prioritizations
Event Recording
Identity Governance with a Purpose – Deciding and Documenting Why Access is Granted
May 10, 2023

Deciding what constitutes appropriate access to sensitive information is a growing challenge for today’s enterprise. Whether it is regarding securing mission critical enterprise data or protecting the privacy of data gathered about the organization’s customers, an often-overlooked element is capturing and documenting the reasons why a given access request or entitlement is necessary and appropriate for the continued operation of the business.   Organizations are required to manage the data that they are entrusted with in a secure, purpose-based, and privacy-compliant manner.  Identity Governance processes can help the enterprise review the current state of access, make decisions regarding the validity of this access state, and attest to its accuracy.  Identity Governance processes are also ideally suited to also document the reasons why this access state is appropriate and necessary for business operations.

This session will cover how Identity Governance processes can help enterprises refine their security, make better access control decisions, and provide much clearer accountability around why access is granted – all in better alignment with Zero Trust initiatives.

Event Recording
The Identity Security Blind Spot: MFA for Legacy Systems and Service Accounts
May 10, 2023

MFA and other identity security controls are very effective in stopping cyber attacks, and are widely used on modern apps, but until now they couldn't be applied to legacy apps, service accounts (non-human identities), command-line interfaces, OT systems and many other critical resources. These 'blind spots' are targeted in almost all data breaches and ransomware attacks, and often prevent compliance with regulations and cyber insurance requirements. Join this session to learn how your existing MFA and modern identity solutions can be extended to all these legacy assets using a new technology.

Event Recording
Why Many MFA Programs Fail Strong Authentication Cyber Insurance Criteria - And What to do About It.
May 12, 2023

Like many businesses, you started the MFA journey and might even consider it at a level of maturity. Yet, when questioned to rate compliance coverage or cyber insurance requirements for strong authentication business-wide, do you have a moment?

Workforce identity workflows are complicated, with an extensive portfolio of assets and legacy applications that create gaps in strong authentication coverage. However, organizations need to trust nothing and no one - and have to prove strong authentication is in place to regulators and cyber insurance underwriters.

In this session we will explore ways to strengthen your authentication system and fill coverage gaps:

  • Understand how MFA program can overcome strong authentication challenges from legacy applications and privileged users
  • Get tactics and strategy recommendations that accelerate your journey to Full Passwordless
  • Learn from our real-world experiences in meeting MFA challenges head-on
Event Recording
Is it a User? Is it a Person? No, it's an.. Identity?
May 11, 2023

None of us in this industry work with bricks and mortar or other tangible, real objects. Everything we do (in IT, not just Identity and Access) is instead a digital representation, an abstraction, of something that might exist in the real world.

Identity and Access is the glue for many of those digital representations, and this concept of representation may be the most important thing to understand when considering the different possible meanings of words.

People new to Identity and Access quickly find that many of the words they encounter have different meanings than they first thought. Most frequently encountered are probably “user” and “identity” - do they represent the same type of entity or is a difference intended? Do they refer to the physical, real life person or do they refer to a virtual, digital object somewhere within the IT systems? Or both at the same time? And since people are often reluctant to show weakness in front of perceived experts, questions are too often not being asked when unsure.

In any industry, a typical consequence of miscommunication is that the end product or project will have lower quality or take longer to get delivered. This presentation highlight how this problem of misunderstanding may be larger in our industry of Identity and Access than in others, discuss why that is, and what might be done to counter it.

The presentation offers examples of where terms are ambiguous (where definitions seem to vary across the industry) and it discusses ways to perhaps improve the situation.

The presentation is based on a corresponding article in the IDPro Body of Knowledge.

Event Recording
A Sovereign Cloud for the German Government
May 11, 2023

You will learn about the Sovereign Cloud for the German Government, this solution is based on Azure and operated by Delos Cloud Gmbh

Event Recording
To Rotate or Not to Rotate (Privileged Accounts) - That is the Question
May 11, 2023

Rotating credentials of some privileged accounts is a risky task, which might lead to a business shutdown when things go wrong. But the alternative of not rotating them opens the door for attackers to take hold of your organization - thus leading to a business shutdown as well. This is a lose-lose situation.
So what should we do ? Rotate or not rotate credentials of privileged accounts ?
In this session we will discuss about the challenges and solutions.

Event Recording
EUDI Wallet - Critical Success factors for Digital Single Market and Private Sector Use
May 10, 2023

Why the private sector is the major milestone for the European Identity Wallet to succeed ? Let’s discuss:
• Will the current EUDI-wallet enable or hamper eg the banking sector in future (in relation to KYC, Strong Customer Authentication, Payments, ….)?
• Which standards are the right ones to enable eg the travel / mobility sector (mdoc, icao, verifiable credentials)? Which give the most added value?
• How will current private sector wallets at large --like those used in ecommerce-- interact with the EUDI whilst ensuring citizen privacy-by-design?
• Which technologies are at hand to keep our wallets secure and combat identity theft/fraud/threats when Europe has no control over those mobile devices?

Event Recording
Urban Planning and Identity with Slime Mold or: How I learned to Stop Worrying and Learn from the Blob
May 10, 2023

In 1994, Italian physicist Cesare Marchetti discovered something: cities expand as a function of transportation speed. In short, “transportation is the lifeblood of a city.” Innovation in transportation has driven the expansion of cities—from small, walkable areas to the sprawling, car-based metropolises, presenting a challenge for urban planners.

Identity in the modern organization faces a similar challenge: if transportation is the lifeblood of cities, then identity is the lifeblood of organizations. And our organizations are not ancient, walkable Rome, but modern, sprawling Atlanta—with identities and resources widely strewn around the globe.

Like urban planners, we face a nearly-intractable challenge: how can we provide access to resources and data easily while still meeting the stringent demands of security and compliance?

Thankfully, there appears to be a solution for both urban planning *and* identity, albeit from an unexpected source: Ordinary slime mold. Aka, “The Blob.”

We’ll learn from this simple organism, describe how its simple actions create complex systems that solve these sorts of “unsolvable” problems, and see how the Blob might “think” about identity.

Event Recording
Biometrics for Identity Assurance
May 10, 2023

In many respects, identity programs are inherently vulnerable because they often rely on something that is shareable; something that a person knows or something that they have. 

Join iProov to hear how biometrics can improve security for both digital and physical access.  Included in this presentation will be guidance on: aligning biometrics to high-risk inflection points in the identity lifecycle; important considerations for inclusivity; and how to mitigate the risk of generative AI in modern attack methodologies.

Event Recording
Challenges in Transitioning to the Next Generation Password-less Experience
May 10, 2023

Cash.App is the #1 financial app in the US. It started out with a password-less authentication paradigm back in 2013, built around OTP verifications. We are now transitioning to the next generation password-less experience built around passkey. While the transition offers many promises, the path comes with several challenges, around security guarantees, backward compatibility and seamless user experience. We share insights we learned along the journey.

Event Recording
AI Governance & Regulation - How to Prepare for the Inevitable
May 12, 2023

For many years public concern about technological risk has focused on the misuse of personal data, with GDPR, most hated and loved at the same time as one of the results. With the huge success of LLMs and generative AIs such as ChatGPT,  artificial intelligence soon will be omnipresent  in products and processes, which will shift regulator´s attention to the potential for bad or biased decisions by algorithms. Just imagine the consequences of a false medical diagnose, or of a correct diagnose created by an AI and then not accepted by the doctor. Not to mention all the other fields where bad AI can be harmful, such as autonomous cars or algorithms deciding on your future credibility. Inevitably, many governments will feel regulation is essential to protect consumers from that risk.

In this panel discussion we will try to jointly create a list of those risks that we need to regulate the sooner the better and try to create an idea on how this future regulation will impact the way we use AI in our bsuiness and private lives.