Event Recording

Covering Your Customer Identity Needs - The Way Forward

Name: Covering Your Customer Identity Needs - The Way Forward
Uploaded: 2023-05-12T12:00:00+02:00
Duration: 24 min 27 s
Description: The Art of CIAM is to converge user Experience (UX) , security and privacy in a way that is seamless and unobtrusive for the user. In this panel session we will discuss the role of decentralized technologies, biometrics, and AI in Digtal ID, allowing for more secure and efficient authentication processes.

Posted on May 12, 2023

The Art of CIAM is to converge user Experience (UX) , security and privacy in a way that is seamless and unobtrusive for the user. In this panel session we will discuss the role of decentralized technologies, biometrics, and AI in Digtal ID, allowing for more secure and efficient authentication processes.

Show description

Speakers

Principal Architect
Okta

Vittorio Bertocci

Vittorio Bertocci is a Principal Architect in Okta and host of the Identity, Unlocked podcast. A veteran of the identity industry, with more than 20 years of hands-on experience, he helped usher the claims based identity era with his work on identity for developers in Microsoft,...

View profile

Senior Product Management Director
ForgeRock

Matthew Berzinski

As a Senior Director of Product Management, Matt is responsible for building product strategies in bringing the ForgeRock product portfolio to market. Matt works closely with customers and partners to understand the current market demands and bring them to the product teams to deliver...

View profile

Senior Product Strategist
Thales Digital Identity and Security

Ward Duchamps

Ward Duchamps has an extensive experience in Identity and Access Management. Currently, he serves as VP of strategic partnerships at OneWelcome. Ward was the founder and CEO of Scaled Access, a specialist in fine-grained and policy-based authorisation, which has been added to the OneWelcome...

View profile

VP & GM Identity
Entrust

James Lapalme

James Lapalme is the VP/GM of Entrust. Before that, he was the CRO/SVP of Leonovus Inc. Prior to that, he was the Vice President of Business Development at WinMagic.

View profile

EMEA CTO
Ping Identity

Rob Otto

Rob is a Principal Architect for Ping Identity in the UK and also the EMEA representative to the Ping Identity CTO Office. Rob has 20 years experience in identity and access management. He has worked on complex implementation projects in the UK, USA, Europe and South Africa. His current area of...

View profile

CEO
cidaas

Sadrick Widmann

Sadrick Widmann joined the company to transform his management and IT talent into a compelling and intelligent customer solution. As the CEO of Widas ID, together with Yael Widmann he is responsible for the innovative Cloud Identity & Access Management System – cidaas.

View profile

Show Transcript

Victoria the stage.
Sure, why not? Let's, let's be the opener everybody And welcome. Are you being racist now?
Did you say unruly? Yes. Unruly. My name is Viri. I work as an architect for Okta, and I come from the route of developers. I spent all of my career in identity of intersection between identity and developers, and c i m is the poster child of how this synergy is really, really important. Because if you go on the workforce side, you typically follow a script in which you have to use most of the same things. You have to give emails, you have to deal with documents, you have to make sure that people don't breach. But in cm, if you're working for an airline or for a health organization or for a government, you have a dramatically different requirements. And so of course, developers are the ones that help you to cross the last mile. And so we are very, very important.
Thank you. I'm Matt Brazinski. Hi. Nice to meet you guys here. I am a senior product manager from, for dr. I've been in identity management for long enough to have way too much gray hair that I like to admit. So anyhow,
My background is all identity and biometrics. And when it comes to Siam and being able to provide that great experience for, for end users, whether they're citizens, whether they're customers, whoever they are, it really comes down to being able to take all that data that we have on customers and being able to orchestrate journeys in ways that make them feel secure, make them feel that they can trust your organization. And as we've heard about earlier and all the other presentations make it easy as well. So what I see is our customers customers now demand absolute easy experience, but they, they must have ultimate security. And so that's the trick in the balance when it comes to Siam.
Good. So my name is from tall. I'm working on the product strategy over there. For us, the the three main topics in that strategy to deal with consumer identity is all about making sure that you minimize data, so maximize the use of self-sovereign identity, that you focus more on the authorizations rather than on the identity of a user. And that you also orchestrate actually the journey of the dent user. And combining these things, these three things actually brings us to a point where we can actually have a convenient security, security that consumers actually do not, do not see anymore. Very transparent.
Hi James. Lap Palm. I'm the GM of the identity business unit at Interests. So interests has been in the identity game for about 50 years in the Siam and workforce game for about 15 years. So I head up their, their business unit. Our view on Siam, especially at a keynote, especially on the evolutionary side of Siam, it's, we're really taking a look at securing the customer journey, which means from everything from id proofing, onboarding account, opening credit, risking fraud assessment, all the way into issuance and all the way into transacting. So, you know, step up, mfa, cert based mfa, risk-based mfa, and all the way into digital signatures and beyond. So, so our views I am is kind of a bit bit broad. So
Rob Otto, cto, ping Identity. I'm a passionate European from South Africa who lives in the uk. I love all people, especially the Italians. Most, most of all from a Siam point of view, the wonderful thing about Siam is that every single one of us uses it every day. Well, every single one of us uses a lot of services every day. Most of it sucks, let's be honest, right? We all have amazing ideas about what we could do to help organizations improve their experiences. And I don't know, maybe I just feel like being controversial today after too many drinks last night, but something is, something is not translating there, there are still way too many things that you do that are just difficult. I mean, not to point fingers at anybody in the room here. Did, did anybody figure out how to actually like sign into the app for this conference? Somebody says, somebody sent me a pass, a password in clear text. Yeah, we, we, we have a, we have a lot to do and, and we, we we're spending a lot of time here talking about almost like going over our skis, right, in terms of amazing things like decentralized and wallets and all of the rest of it. But there's still a massive getting up to speed with, with the stuff from five, 10 years ago that we, we need to help our customers with. I'll stop. You have all the
Answers, so Yeah, it's finally on me to be brief. The others did, the chief did. So yeah, my name is Cedric, I'm CEO O of CDAs. We are the leading European customer at Nexus management solution both in B2C and B2B use cases. And obviously we do the same as all the others and more
The same and more number
Of users.
The first question I have here is to you Victoria, but I'm sure Rob you're gonna jump in as well. Victoria, in your view, is it possible today to converge user experience, security and privacy in a way that is seamless and obtrusive and secure? And if yes, what is the key enabler of this? And if not, what do you consider to be the remaining challenges?
It depends.
Classic.
I think that the, today more than any other time in the past, we have extraordinary tools for achieving all the things that you list you listed, but the, as William Gibson likes to say, the feature is already here, is just not uniformly distributed. I love
It.
So for example, I'm sure you heard talking a lot about PAKEs. Pakis are a fantastic technology and the support for it is not uniformly distributed. So if you are on iOS or Androids, you have a visa wonderful publicly cryptography mechanism, which is largely rooted in biometric gesture. So very easy is very privacy, preserving is fishing resistant, it's fantastic. And if your customer comes from windows, it kind of not really work that way. That's to say that you can use this technology, but the pasky that you create will be limited to the local device. And so a lot of the challenges which led to the creation of multi-device credentials, like the syncing PAs, like for example, user loses the device user have more one device they camera rushing back. And so today as a, someone uses the CIM system that supports fasts is you can have a solution which works really great for a subset of your potential users.
And this is just one example of a fractal complexity of these kind of things because like every situation will have a different constraints. Like you mentioned privacy, privacy in itself is a nightmare because on one side of course you want to do the right thing and preserves your users on the other. Our customers expect to extract intelligence from the use of their products. They expect to be able to lubricate their funnel so that people can more easily do signups. They expect to be able to understand the sequence in which they needed to present things to people so that they will engage with their product and maybe buy more or whatever. So we as the CM providers, we needed to walk with extremely fine line of not being patronizing because people needed to have tools that allow them to do their job while at the same time helping them to do the ethical right choices without becoming experts in identity because they lazy alternative for us is to just give people a huge dashboard of switches and for which you need to be a certified pilot to use it instead. A lot of people look at us to provide them with their knowledge about identity that helps them to use helpful defaults. And so a lot of a burden is on us to try to give them a right default. And I stop here, otherwise a blah too long.
Does anyone else want to chip in a yard drop? Go for it.
Okay. I will, I will say one thing quickly and then I'll then I'll keep going. I, I, I thought your answer to that was gonna be yes, of course. So the answer is to by Octa and I would say no, the answer is to by ping, but in, in a way I almost feel like, look, everything, everything you said is, is completely right. I I almost wonder if we are looking at this from the wrong perspective, right? We, we we're starting and we are coming, we're bubbling up terms that we, we understand as identity people, you know, what, what should we do with passwordless? What should we do with, you know, verification? I, I found myself wondering, does does Siam exist? Is is Siam a thing, right, or is is the thing the way that businesses interact with their consumer users, right? And is Siam rarely just a part of that? Something that empowers it and underpins it, but not actually a, a separate discipline? Because I get very worried and I've gone completely off topic, so I'm gonna stop talking in a second. I get very worried that we get together in a room with a whole bunch of identity people and we talk about a whole bunch of cool stuff about Siam and the people who are actually concerned with getting interactions with their customers, right? Aren't, aren't in that room. So, oh, there we go. Here's a thought. Oh
No, that's fair
Point. I'll say something that,
That's a fair point. And this morning one of my colleagues, Dr. Phillip Messerschmidt made that very point is that it's not just about the the technical side, the user experience is all Cedric, you wanted to add something?
Yeah, I think that's completely right. I think what we are missing from the vendor's side, partially, I think we all have great tools. We have cool features set all, and we're talking about passwordless privacy and all that. But what we need to help customers with is showing them the path, how to achieve the customer experience. So how to use the tools, passwordless, how is the transformation from password to passwordless, how the transparency in the privacy and all that can be achieved. So it's more about highlighting the use case that also brings into the game. CM may be a different discipline, but we need to consider the complete story more.
Yeah, sure. But then it, it needs to be achieved in the background. So I mean, over the past couple of days we've been talking a lot about decentralized identity and those kind of supporting technology. So I wanted to ask you, what is your perspective on, on for, you know, for this audience, the role of decentralized in the Siam context?
Yeah, I think there are different things about decentralized identities. We decentralized in general, we have decentralized identities which can play a, a bigger role. So we have seen different concepts in that story. We also have decentralized architectures. Basically it's not only about our IDE identity, we, it'll be much more distributed around the world. So all the edges will be included. It might be identification. We are currently discussing a lot about identification in the digital world. You will have all the edges in the real world too. So I think decentralization will be a big, a big thing. Not about only decentralized identities. Also about our decentralized architectures, what we'll have
And in terms of interacting, oh,
Sorry. And I still want to add on that the, for me, the big challenge is that it will change the way how, how we have to deal with consumer data. So decentralized identity means that the data will no longer live in our Siam repository. So at the end we will not have a Siam repository anymore. We will only have data that actually passes by, but we will not be able to store, we will not be allowed to store it anymore. So sure you disagree.
Where did you hear that? That you will not be able to store with data?
Will we still be allowed to store data Yeah. From the consumers. Yeah. Will the consumer still allow you
From the decentral, decentralization
Means? So, so so the storage, the storage of that identity data, is that something that we as a SI vendor should keep? Or is that data that actually belongs to the CRM platform?
Sure, that which, which is a true already today that's say vendor. The sheer fact that people now will be able to have a cash token on their device instead of having to ask for the token from a centralized place changes nothing from our side as a verifi fire, you just get this token, whether this token was just freshly signed and squeezed from a IDP or it's something that was in the wallet of a user. From our point of view, nothing changes. What might change is that the regulator, once those things will be in the wallet of people, and once people will be able to do what they do today with dialogue, accept all cookies, but instead of cookies they'll be shining verified information about themselves. Then maybe regulator will wake up and say, hmm, I mean it's a bit dangerous. Correct. And then there might be laws for which we will have to comply, which might mean now some of the functions that we do in cim, we will no longer be able to, but from a technical perspective until the regulator doesn't show up, nothing changes.
And it, it might change a little, the the customer experience, right? It might not change technically, but it might change the story. What we are telling users when they, when they onboard. So you might have different identity sources, you might have different ways how you get all the data, you might have different concepts, how you have privacy. So if you have a decent right identity and the user's control of that identity, he might just trigger the deletion from any other ways or the, the technical level. What we do on our, on the vendor side might be still the same or might change slightly.
Can you expand on that story? The thing about it you just said about there will be different like internal of experience, like the user gets the phone and they navigated to one website, which is protected by our stuff. And now instead of just sanin with your directory sanin with Google, there will be sanin with your mobile driving license. Once we click that, how is their experience gonna be different and how is this privacy thing that you're saying is gonna change? I'm like, so every time I look at this, people say this will change, but when, when you look at the sequence is exactly the same as before.
So it's, it's, so we were just having a side brief here. So it's really around con consent management, right? So, so, so privacy is a choice if, if I choose to be private or I don't choose to be private privacy is a choice. PII because an individual subscriber, like all of us can or cannot control it in a centralized manner. Verifiable credentials offers the ability with correct consent management so that people get to make a choice. If they choose to share their privacy, then has a, as a consumer of data, then that's, that's fine, but it adds a level of ability for people to do consent and consent management.
I'm sorry, but I disagree. That's to say that from a point of view of the consumer, like the thing that you are mentioning is classic gospel from a people that talk about verifiable credentials. But the selective disclosure is an ability that we already have today. In fact, the verbal credentials needed to do cryptographic magic in order to bring it back. Because today when I go to the identity provider, open connect SAML of all the protocols we have, have the ability to say exactly, I would like to have a visa list of claims. And ity provider can give you just that list of claims in every single interaction. The problem we are now, but you talking about that you are cashing, we're token and the token is signed so you cannot change it. So we add to add the capability of doing new selective disclosure, but from the capability perspective and gentleman was talking about the user experience, the dialogue that you see whether this thing does a crypto magic for selecting visa, the claims that you have or whether it asks for the claims for the IDP and gets only those claims. From the user perspective, it doesn't change. If we want, if there is a business reason for doing consent, nothing prevents us from doing it today is that the fire doesn't do it because the more data we can get, the happier they are. So they they have no business incentive to do it. It's not a technological problem. Sorry for my passion, but No, no. Every time we talk about this stuff, no,
But I think you, you're right on a technical level, but the story, what you tell the user changes, right? So I take the the l example, what you mentioned at the beginning, you obviously can tell them, okay, sign up for the airline, provide me your email, first name, last name, whatever password or password list. If you, if you go once step ahead next you say later, okay, give me your, your whatever passport details and so on. If I have the, the decentralized credentials or decentralized identities later and other things I might, might already pass certain details. So the customer experience, the customer journey itself changes the technical level I'm on, on your side, we have open id, we have all two, we have different things how we can handle that. But the customer journey and how I or the customer experience what I deliver can be completely different on the, on the communication level as well as on the, on the customer journey itself.
Yeah.
Sorry, can I just interject to say that we're kind out of time, you know, like you, you have zero seconds, you have zero seconds to summarize the
The last guy, the last guy went over by six minutes. So we there are
The 20, you were allocated 20 minutes. So
Basic Matts
Well yeah, basic Matthias. So we're 30, it's 1236. So we can
Start, should we move onto
Summarizing? You know, kind of thing. But seeing it's just us and between you and lunch, I think you're the worst of all the unruly reallys. Yeah. So bearing in mind that, that we're, we are between everyone and lunch. Yeah, your point was
Start are izing give your pitch.
Great. So I think that we are putting too much like now just launching to the decentralized thing, the decentralized thing as an enormous potential. But it is a call to start problem with multi parts. And I'm sure that marketing wants to rush into capitalizing on the interest of this thing. But in practice right now, until we don't have powerful credentials issued from organic authorities, this thing is not particularly actionable. And if you want to achieve things like selective disclosures, things like do not save and similar, we don't need to wait for that. We can do it already today. The problem is that usually there is no business incentive and there is no regulator incentive to do it. These will not change once we will have the technology widely adopted until the regulator doesn't step in, there will be no difference in term of the experience that we give to people other than we will have a powerful credentials which now are harder to get. Instead then people will be able to do it with a tap, which is fantastic, but I don't think we should overstate what that will mean in practice for C.
So wow, that was a really great passionate debate. And the one thing I love about being up here and listening to all that is I got to learn a lot, but I also see the passion that all of us as vendors have for providing the right solutions to our customers. The trick though, and Rob pointed out to begin is our customers are five years behind us. And I was talking to one of our customer, one of our customers yesterday, he said he feels bad when he leaves these shows because they talk about this is what I'm supposed to be doing and I get back to my system and I can't get there. So what we have to think about Yeah, yeah, yeah, exactly. So, but what we have to think about as our, as vendors when we talk to our customers and we have to help our customers move from what they have to what we're talking about. And that's, that's the big key because Rob, as you said, most of the interactions suck because they're five years old and we have customers ourselves that are on five year old technology and we just constantly try to tell 'em they need to upgrade. So look for how do you move from old to new is the most important thing.
Yeah. But it's not only the customer that's also the consumer. So there is, there is one word that I still wanted to add in this that is actually a word that comes from ai. It's explainability. We, we, we do a bad job as an industry to explain to our consumers what we actually do and why we do certain things and boils down to consent balls down to, to journey boils down to all different things.
Yeah, I mean there's doing it for a while. There's a very long road to, to trek. I mean, 15 years ago Siam was a single factor MFA that was painful and password reset on 80% of occasions and et cetera, et cetera. So I mean, I think we've made great leaps and bound, I'm a big advocate. I've decentralized as the great tsunami of our industry, right? So, you know, verifiable credentials, proper consent management. We're years away, but it's coming. So yeah.
All right. All right. So I just have a few slides on user experience orchestration. No, I'm kidding. So I mean, le less lesson learned from me is don't try to be the controversial one on a panel with, with Victoria on it. Cuz you're, you're never, you're never gonna, I think, I think it's just that the hair, the hair sets him a apart immediately. So for me, I think there are things that I, that I touched on here. I might, I might say this in a very blunt way. Let's stop wasting time with internal discussions amongst ourselves with staff that our customers and their customers don't really care about. And to be honest with you, don't, don't see the difference. I love some of the things that I think decentralized identity, verifiable credentials and wallets will empower user privacy is not one that anybody I know cares about. Gonna be honest. And the last thing I will say one more thing is make first party greats, again,
Kind of cellers of the hair right
Say was even better
With who these multicolor
To summarize, yeah, I think some good statements, statements were done. I think we need to change perspective to support our customers in the journey to help them utilize really features also include the consumers of end users basically. We also need to get rid of the fear failure in that to just drawing out things might help in that perspective. And I think it was a good round, good emotional discussion. That's great.
Well, clearly we needed 40 minutes or more, but once again, thank you very much guys. A big hand.

Playlist

European Identity and Cloud Conference 2023

Event Recording

Centralized eID May be the Target of the Next Nordstream Pipeline Attack

May 11, 2023

With the vast centralization of government digitization in general, and issuance and operation of Digital Identity services in particular, the Nordic countries have made themselves unnecessarily vulnerable to attacks by actors such as those with the resources to blow up the Nordstream pipelines in the Baltic Sea.

With the new Danish digital identity, MitID, as an example, I will discuss

How governments and/or banks centrally attempt to strike a balance between vulnerability and user adoption,
Why compliance and certification may only take you so far, and finally,
How concepts such as wallets and Verifiable Credentials may decentralize the digital identity ecosystem not only for increased privacy but also for more robust and secure infrastructures less prone to attacks by bad actors.

Watch

Event Recording

Hack a Cloud and Kubernetes

May 10, 2023

People are under the impression that when you spin up the latest and greatest AKS, EKS, OpenShift or GKE instance, that you're secure. However with K8S, now more than ever the workload underneath matters. One privileged, neglected, container can compromise an entire setup. Rather than just talking about the risks or best practices, this talk is all about showing how easy it is to do.

The talk will first discuss possible attack paths in the Kubernetes cluster, and what differences exist in the attack techniques compared to classic infrastructures. For this purpose, a web application in a container will be compromised, then the Kubernetes cluster and the cloud account. Subsequently, 2 open-source tools will be discussed how such vulnerabilities and misconfigurations can be detected in the different infrastructure layers.

Watch

Event Recording

Reducing Complexity – Introducing a Practical Model for Security Classifications

May 11, 2023

Practical Cyber Security Architecture: Reducing complexity – Introducing a practical model for security classifications. Building and running cyber security in both worlds modern cloud security in combination with legacy on premises introduces extra complexity. Some of the well-known security patterns and models are not applicable in cloud systems while the modern security models like zero trust barely fit in legacy systems. Based on a model for security classification we will explore some practical methods for reducing complexity in modern cyber security.

Watch

Event Recording

The eID Threat Landscape – Stay Ahead of the Fraudsters

May 10, 2023

Cash grab-robberies are out, online fraud is in. When multinational hacker groups target senior and vulnerable citizens as a business model.

Learn how BankID is fighting fraud and helps you stay on top by identifying, preventing and notifying you of fraudulent usage in real time, while preserving top user experience.

The dream of tomorrows digitalized society is already a reality. Sweden is one of the world’s most digital and innovative societies. The fast and secure digital identification provided by BankID is a corner stone in this, to many, futuristic ecosystems. Many shops and stores do not accept cash and the amount of cash is low, something that inflicts digital threat. Studies shows a steep growth curve of digital fraud in several markets. In some places, fraud has surpassed drugs in turnover and profitability and fraud factories are popping up globally. Talented social engineering fraudsters and patterns with efficient crime-as-a service software, modus and tools. Fraud schemes including native and international fraud clusters targeting Swedish bank customers.

Learn more around the Risk and Anti-fraud toolset in the BankID Identity Platform. Digital identity is an area where the need for innovation is extensive. Whatever future eID scenario you discuss, security is always at the core.

Watch

Event Recording

Safeguarding IoT/OT/IIoT Devices, Their Identities and Communication with Autonomous Networking

May 11, 2023

Autonomous networking aims at the appropriate handling of the growing number of devices, machine, sensors and components for which authentication and authorization must be ensured, i.e., identities must exist. The initial provision of such identities, but also the handover and onboarding into the respective operational environment (WiFi, smart home, factory floor) require scalable, automated, end-to-end secured procedures and concepts to facilitate trusted communication, but also e.g., the provision of made-to-measure updates.
Making IoT/OT/IIoT identities and networks secure by design is essential. ACP (Autonomic Control Planes) and BRSKI (Bootstrapping Remote Secure Key Infrastructure) lay one foundation for achieving this.

Watch

Event Recording

Kantara Initiative Meet-Up - The Identity Place To Be

May 09, 2023

This workshop will feature the innovative and strategic initiatives underway at the Kantara Initiative. Where do you fit in and how can you benefit from all that Kantara has to offer? Key takeaways:

Kantara leads the way in US certifications for compliance with NIST Digital Identity Guidelines, 800-63. With all the major US identity verification companies entering their assurance program to obtain trust marks against the NIST 800-63 standards, earning IA2, AAL2, and FAL2 certifications. Learn how to become part of this elite group of service providers.
Version 4 of NIST 800-63 is out and Kantara is defining the requirements in the Identity Assurance Framework. Learn about future updates that will enable you to participate in real-world innovation that allows service providers and relying parties to gain meaningful return on their investment on the cutting edge of digital identity founded on standards.
Get the latest reports, white papers, and releases from the Kantara Work Groups, some of which will also be featured during the conference, including the Identity Assurance Work Group (IAWG), Privacy Enhancing Mobile Credentials WG (PEMC), Advanced Notice & Consent Receipt WG (ANCR), User Managed Access (UMA) WG, and Resilient Identifiers for Underserved Populations (RIUP) WG.
Equity and inclusion is a key priority for Kantara, learn about recent efforts and ways to use DEIA strategies to raise your bottom line and increase your return on investment by building DEIA into your business case.

Watch

Event Recording

Digital Identity (Wallet) in (International) Travel and Tourism

May 10, 2023

This panel discussion is addressing what is currently happening to make the travel and tourism ecosystem ready for the use of a digital identity that has the level of assurance to cross an international border, board a flight and sign in to a hotel. The travel ecosystem still revolves around a physical passport/ID card or drivers licence and this is about to see incremental, but pivotal changes. The digital wallet will also ad to the way we get ready to travel and add verifiable credentials that travellers can share in advance of their trip.

Watch

Event Recording

CAEP and Shared Signals - Past, Present and Future

May 10, 2023

What started as a simple blog post from Google has rapidly ballooned into an industry movement. Major vendors have implemented the Continuous Access Evaluation Protocol / Profile (CAEP) and analysts, practitioners and decision makers agree that it is critical to the future of zero-trust. This keynote, by the inventor of CAEP, goes into the pain points that led to the development of CAEP, the process to recast it as a part of the Shared Signals working group in the OpenID Foundation and the trends that make it an indispensable component of any zero-trust architecture. CAEP’s non-prescriptive nature makes it easy for anyone to implement their own policies and the Shared Signals Framework makes communicating changes efficient and nearly instantaneous. A future powered by Shared Signals and CAEP enables enterprises and vendors to break information silos to create a highly secure outcome.

Watch

Event Recording

Identity Inclusion – Why it Matters

May 09, 2023

The cornerstone of the digital world is trust and key to that experience is a secure and verifiable digital identity. More than one billion people worldwide lack a basic verifiable identity. Without recognizable and consistent proof of identity there can be no financial, health, citizen, or digital inclusion. Women in Identity is a not-for-profit organization championing diversity and inclusion in the identity sector. Women in Identity enables change through awareness from our research projects (such as the code of conduct) and through our sponsors and members. In this keynote the chair and vice chair of the Board will share insights on the impact of identity exclusion and provide practical and pragmatic ways organizations and individuals can help drive Identity inclusion.

Watch

Event Recording

The Invisible Man Paradox

May 12, 2023

How changing requirements for a seamless yet secure customer experience affect your Customer Identity solution

Today's consumers live parallel lives, with one foot in the physical world and the other foot leaving many digital footprints across the internet. In the physical world, trust is easier to build and identity is easier to validate. In the digital world the consumer is The Invisible Man - more difficult to interact and connect with but wanting a simple, effortless digital experience with impeccable security.

In this session, we will explore how identity is the link between both worlds and is the centre of every great customer experience. From providing delightful experiences to ensuring security and privacy, we will show how the right Identity Solution resolves the Invisible Man paradox, building connection and trust in the digital world.

Watch

Event Recording

Automated Serverless Security Testing: Delivering Secure Apps Continuously

May 10, 2023

Serverless technology eliminates the need for development teams to provision servers, and it also results in some security threats being passed to the cloud provider. This frees up developers to concentrate on building logic and producing value quickly. But cloud functions still execute code. If the software is written poorly, it can lead to a cloud disaster.

How can developers ensure that their code is secure enough? They can scan for common vulnerabilities and exposures (CVEs) in open-source code. They can even scan their Infrastructure-as-Code (IaC) tool to identify insecure configurations. But what about custom code? At many organizations, the application security team struggles to keep up with the speed of development in a serverless environment. Traditional testing tools not only provide very limited coverage, but also slow development cycles unacceptably. Serverless code contains a mixture of cloud configurations and application programming interfaces (API) calls. As a result, legacy solutions lack the context that is necessary in a serverless environment, and the consequence is a lack of observability and slower response times.

Fortunately, it does not have to be this way. Organizations can leverage robust security during serverless development, automatically—if it is done properly. In this talk, we will discuss common risks in serverless environments. We will then cover existing testing methodologies and why they do not work well for serverless. Finally, we will present a new, completely frictionles

Watch

Event Recording

Three Years is a Long Time in Identity

May 10, 2023

Landing in a new organisation with a declared objective to transform the way customer identity was done but no mandate was daunting. Being able to look back three years later and tick of an infrastructure consolidation, the deployment of a central authorisation solution, being on the precipice of participating in a Digital ID scheme, and having the Chief Digital Officer shouting from the rooftops about a universal login is priceless. Come along to hear me talk about some critical success factors, calculated risks, fortunate circumstances, and the incredible support of some incredible people helped make this happen. I’ll also touch on my personal journey from an engineering role to a product person to illustrate the increasing maturity levels we went through.

Watch

Ask an Analyst

Covering Your Customer Identity Needs - The Way Forward