Event Recording

How to Get Your Cyber Insurance, Bring Down the Premium and Up the Coverage

Show description
Henk van der Heijden
Hub Security
Henk van der Heijden
Mr. Henk van der Heijden is an IT and information security professional with over 35 years’ experience in IT (Security) sales and services. Henk is VP Sales and Global Head of the Cyber Division of Hub Security where he is responsible for Strategy development, Solution Development, Sales...
View profile
European Identity and Cloud Conference 2023
Event Recording
Past, Present and Future of the Italian Digital Identity Ecosystem
May 11, 2023

Italy has two National Digital Identity schemes, namely: SPID and CieID (leveraging the national ID card). Both of them are based on SAML2 and are on their way to supporting OpenID Connect. The reasons for this decision are numerous, and they are primarily related to OpenID Connect Core features such as flexibility, ease of implementation, better support for mobile applications, and widespread adoption, particularly in the private sector. To manage this transition, we considered several documents by the OAuth working group describing security best Current Practices and the OpenID Foundation specifying a profile for iGov and a framework for federation. In particular, the latter defines a hierarchical federation model with high security, interoperability, scalability, and transparency based on dynamic delegation mechanisms; Italy is an enthusiastic early adopter.
In this talk, we introduce the Italian OpenID Connect profile based on the iGov and federation profiles and explain the main security measures that we considered within our design from the aforementioned standards and available best current practices. We also discuss how the Italian OpenID Connect profile contributes to the iGov and OpenID Connect Federation documents. We conclude the presentation with a brief discussion of eIDAS 2.0 and some of the ongoing preliminary works in the context of the Italian digital identity ecosystem to move toward an SSI-based solution using the Italian OpenID Connect profile as a starting point.

Event Recording
Market Overview: Identity Governance & Administration (IGA)
May 10, 2023

The Identity Governance and Administration (IGA) market is continuing to evolve through more integrated Identity Lifecycle Management and Access Governance solutions that are now increasingly aided by intelligent features. In this session, KuppingerCole´s Nitish Deshpande will share with you insights into the IGA market, providing you a compass to help you find the products that can meet the criteria necessary for successful IGA deployments.

Event Recording
FIDO 2: Zero Trust in Action with Passwordless Phishing Resistant Authentication
May 10, 2023

By now, organizations are well aware of the need for better protecting data and application with modern access management and authentication.
Thales and Microsoft partner to help organizations going passwordless to fight against phishing attacks. Thales and Microsoft experts Sarah Lefavrais and Thomas Detzner will talk about the role of Fido and other phishing resistant authentication methods like CBA in achieving Zero Trust approach.

Event Recording
Beware of the Dark Side… Shining a Light on Supply Chain Security
May 10, 2023

How do we control what we do not see?

Supply chains are like that. The problem is that while you may have sight of your nearest third-party relationships, if you look further out to their relationships, things start to become a bit obscured. And that is where the risk lies.

In recent years Okta, Toyota and Morgan Stanley have all suffered data breaches that originated with an attack on the supply chain.

In this presentation, we explore the complex nature of supply chains/digital ecosystems and all the parties involved.  We’ll look at the pattern of some recent third-party attacks, examine their root cause and what lessons we can learn.

Finally, we'll explore the critical capabilities that are needed as the foundation for a solid third-party strategy; one that provides active, continuous monitoring while reducing the overhead for compliance.

Event Recording
Cyber Insurance: Results from a Recent Survey
May 12, 2023

After several tumultuous years, the cyber insurance safety net is in question as costs rise and coverage contracts. Research conducted with IT security professionals to understand the real-life experiences companies have in obtaining and using cyber insurance.In this session we’ll unpack the survey findings and put them in context. Join the discussion to prepare for your next cyber insurance assessment so you end up with coverage and rates that accurately reflect your organization’s risk profile.

Joe Carson will talk about

  • The factors driving the skyrocketing costs of cyber insurance
  • The role Boards of Directors play in driving demand for cyber insurance
  • Fine print to check before finalizing your cyber insurance policy

And help you find answers to these questions

  • What security controls do cyber insurance companies expect you to have?
  • What cyber incidents are excluded from cyber insurance policies?
  • What recovery costs does cyber insurance cover?
Event Recording
Cyber Criminals by Design – Using Digital Twins to Understand Misbehavior
May 11, 2023

A digital twin is a virtual representation of a real-life subject. This mapping encompasses its entire lifecycle, is updated from real-time data, and uses simulation, machine learning, and reasoning to support decision-making.

Human beings and their behavior can also be copied and simulated by digital twins. During the last talk at the EIC conference, we already looked at the threats, challenges and opportunities creating digital twins in cybersecurity.
This time we want to discuss how we can dive into a world through a digital twin of a cybercriminal to change perspectives and to understand the cybercriminals behavior.
Imagine having a tool that can perform these simulations at the highest level. Why not use it to our own advantage?
A digital twin that not only simulates the approach and behavioral patterns of cyber criminals but can also predict ahead of time. What if we can turn the tables on cybercriminals by fighting fire with fire?

Event Recording
Navigating B2B2X Complexity with Identity-Centric Personas and Policy-based Access controls
May 10, 2023

As ecosystems of customers, workforce, partners and suppliers become increasingly intertwined, companies face the challenge of managing access consistently. Companies often install different access systems for different populations, with different types of accounts and different lifecycle management.

This session presents an approach whereby different populations can be managed with a single system and a single user profile. Key in this approach is that the user profile indicates to which population (or more than one population) the user belongs. The approach also enables delegated administration and temporary accounts in a very intuitive way.

Event Recording
eIDAS 2.0 and EUDI Wallet - State of Play
May 12, 2023

While eIDAS 2.0 is still under legislative process, closing to the end, the European Commission prepares the framework for the EUDI Wallet reference implementation, and standardization bodies are working on developing new technical standards.
There is a real need for updated information on all efforts around eIDAS 2.0, as the implementing deadlines are very tight.
The session will shed light on latest developments and impact on the market.

Event Recording
The ID-Wallet in Germany’s eHealth Sector from Jan 1st 2024
May 12, 2023

Germany's healthcare sector will introduce its own ID wallet called "Sectoral IDP" for all statutorily insured persons on 01.01.2024. The issuers of the wallet are the health insurance companies, and approval will be granted in accordance with the extensive specifications of gematik (the regulatory authority). The ID attributes are issued by 2 issuers: PID and health insurer. The sectoral IDP is based on the OpenID Connect (core and Federation), Open Authorization 2.0 (OAuth 2) and JSON Web Token (JWT) standards. The presentation will describe the specific gematik requirements for product and operations of the ID wallet as well as their possible implementation. Despite the closed system in eHealth (Telematics Infrastructure) by definition, bridges to developments of ID wallets outside the sector such as EU, AML and eIDAS will be shown.

Event Recording
Challenges, Risks and Rewards of Energy Grid Smartification
May 09, 2023
Event Recording
Covering Your Customer Identity Needs - The Way Forward
May 12, 2023

The Art of CIAM is to converge user Experience (UX) , security and privacy in a way that is seamless and unobtrusive for the user. In this panel session we will discuss the role of decentralized technologies, biometrics, and AI in Digtal ID, allowing for more secure and efficient authentication processes. 

Event Recording
Enforce a faster sign-in with Biometrics and Pin – even for legacy apps of a DAX company
May 11, 2023

Join this session if you want to learn how a globally operating science and technology company introduced a faster and phishing-resistant sign-in – driven by the open-industry standard FIDO.

Employees use Biometrics or Pin, instead of Password & SMS, Call or App.

A “Detached Authentication” feature enables apps without FIDO/WebAuthn support and allow us to globally enforce the phishing-resistant sign-in – without fallback to other MFA methods.

Identity Verification is required for the registration and recovery of Biometrics or Pin. SaaS or self-developed identity verification methods can be used and combined.

The infrastructure for authentication and registration of Biometrics and Pin runs in a self-hosted environment. It allows us to stay true to our principles: Own Identities, Credentials and Authentication.

# What makes it unique

Passwordless Sign-in
– Biometrics of device-in-use 

Biometrics sign-in available for all apps
Detached Authentication for apps without WebAuthn

Biometrics sign-in enforced for all users
No SMS, Call or Authentication Apps

Onboarding, Registration, Recovery, Password Reset
– Self-services secured with identity verification

Centrally stored FIDO-Credentials for multiple IdPs
Self-hosted infrastructure with IdP plugins