Event Recording

Enforcing Decentralized Authorization in a Multi-Platform API Landscape at Scale

Show description
Speaker
Michael Lind Mortensen
Manager, Security & Compliance
Bankdata
Michael Lind Mortensen
Michael is a leader in one of Denmark's biggest banking consortiums, Bankdata, managing zero-trust decentralized authorization for 8 member banks and 2000+ APIs. Michael has also been a board member in the Danish Council for Digital Security for the past 6 years, advicing politicians and private...
View profile
Playlist
European Identity and Cloud Conference 2023
Event Recording
Continuous Exposure Management - Keeping one step ahead of attackers through continuous exposure management
May 12, 2023

Companies are facing increasingly complex security threats. Many are struggling to assess their own security risks due to an inability to address potential issues as they arise, due to the breakneck pace at which issues are disclosed, and teams' ability to address said issues as they accumulate and because the huge number of security tools in use create diagnostic fatigue. 

Vulnerability management programs rarely ever match the overall scale of the organization, boosting the number of potential points of exposure. What's more, besides vulnerabilities, attackers are increasingly leveraging exposures such as misconfigurations and stolen credentials to gain access to companies' core business. Because of this, attack paths to critical assets are often overlooked or identified too late.

Instead of looking at vast numbers of isolated issues, XM Cyber aggregates them into an attack graph to proactively identify hidden attack paths and weaknesses in both the cloud and on-premises. XM Cyber helps organizations efficiently address the issues that can have the greatest impact on organizational risk. Then teams can eliminate attack paths at critical junctures, i.e., choke points, in order to achieve ultra-efficient risk remediation.

Event Recording
How to Get Your Cyber Insurance, Bring Down the Premium and Up the Coverage
May 12, 2023

More and more it becomes difficult to Insure yourself against a Cyber attack. Understanding all the different vectors of your risk posture, the flood of different tools and checklists that need to be taken into account and the way to consolidate this risk into an overarching risk dashboard is an immense challenge for CISO's, Risk Managers and their senior leadership. Because of this major challenge and a non-standard way of calculating the risk; more and more Insurance companies are putting a high demand on the information provided in order to get a proposal for a Cyber Insurance and then, if and when a Cyber Insurance is offered, the premiums and coverage become another big challenge and financial burden on companies.

The presentation will highlight these challenges and will provide hints and tips on how to deal with this problem, ensuring to get Cyber Insurance at the lowest possible premium and with the highest coverage.

Event Recording
FIDO for the Enterprise - Challenges & Rewards
May 11, 2023
Event Recording
Tilting at White Towers: Making Your Identity Architecture Actionable
May 10, 2023

As an identity professional, you're constantly studying and reviewing new technologies, new protocols, and new products within the space but you struggle for the best way to extract the value of these new shiny, items to benefit your organization. You've been told that a well-developed identity architecture plan is the best way solve business challenges and produce concrete results but your research and fully-notated diagrams have failed to engage your peers.

Many times this is because the architecture was designed by architects for architects without inout from those who are most impacted by the existing legacy technololgies. Architects tend to be more isolated from the actual business so focus more on things like ArchiMate notation and TOGAF frameworks.

Steve "Hutch" Hutchinson will share his own decades of architecture experience and provide attendees with proven methods to make your architecture artifacts relatable to your front-line business workers, understandable by your technical peers from across cyber/IT, and provide demonstratable value to your organization's senior leadership. These same methods will allow you to shepherd your organization to a modern identity econsystem on a budget and timetable purpose fit for your organization's needs and culture.

Event Recording
The Future role of PAM: Securing any Privileged Workload & Access
May 11, 2023

PAM (Privileged Access Management) is one of the established core disciplines within IAM. PAM also is the IAM discipline that is changing most from what it has been in the past.

On one hand, there is the impact of CIEM & DREAM, Cloud Infrastructure Entitlement Management or Dynamic Resource Entitlement & Access Management. This is about the expansion of PAM beyond humans accessing servers and selected applications towards any type of human and non-human (silicon) identity accessing any type of workload, from servers to dynamic cloud resources. This also implies an expansion from serving static data center infrastructures to dynamic workloads in today’s agile IT. PAM is changing, with more parties involved – a “PAMocracy”, as KuppingerCole Analyst Paul Fisher recently named it.

These changes also require expansions in integration to other IT services. There needs to be a dynamic governance approach, where IGA comes into play. It requires rethinking whether PAM tools really should care for authentication. There is no need for authentication point solutions in an age where most organizations have a strong Access Management solution with MFA, passwordless authentication and adaptive, risk- and context-based access in place. Finally, this new PAM must integrate with the DevOps tools chain for permanent updates about new code and the resources used as well as with IT Asset Management for an always up-to-date insight into the ever-changing, dynamic IT landscape that needs to be protected.

Also worth to think about is integration with further security solutions, beyond the standard SIEM/SOAR integration. AI-powered security solutions are one aspect. Integration to Cloud Security Posture Management is another example.

In this panel, the state and requirements on the future PAM will be discussed.

Event Recording
FIDO à la Carte
May 12, 2023

Finding the right passwordless solution can be a daunting task. Searching the web for a passwordless authentication solution will present many options for various use cases. With so many options, how do you choose the solution that best meets your requirements?

This presentation will help guide you through the different FIDO standards, Passkeys and provide real-world examples of how they are being used today. We'll explore the benefits of FIDO, including increased security and improved user experience, and discuss the challenges and limitations.

If you're ready to say goodbye to passwords and embrace the future of passwordless authentication, join us and learn how to find the right FIDO solution for your passwordless needs.

Event Recording
Decentralized Identity: The Way Forward
May 10, 2023

Decentralized Identity is enabling individuals and organizations to have control over their own personal data, providing self-sovereignty, privacy and security. But, is a relatively new concept with high development and standardization dynamics. In this session we will look into what we should do today to take full advantage of this promising concept.

Event Recording
The Future of IAM & Cybersecurity is Policy-Based
May 12, 2023

There are several sessions at this year’s EIC looking at the roles of policies in IAM, for modernizing and efficiency gains in IGA, for authentication and fraud detection, and for authorization. In his keynote, Martin Kuppinger, Principal Analyst at KuppingerCole Analysts, will take a broader perspective and look at why the future of IAM and cybersecurity must and will be policy-based. This involves policies in IGA, policies in cybersecurity, hierarchies of policies, policies for application developers and IaaS administrators, policies in Zero Trust, overcoming static entitlements, policies in the context of DID (decentralized identities), and other topics. He also will discuss what needs to be done where, such as Policy Governance, Data Governance, and Policy Lifecycle Management, and why the shift to policy-based approaches requires a multi-speed approach, with policies in new digital services coming faster than policies for modernizing legacy IAM.

Event Recording
Validating the Security of Mobile Authentication Apps
May 10, 2023

You are shifting through RFIs for a new mobile app based multi-factor authentication solution for your company. The vendors claim that their products are 100% secure and we all know that there's no such thing as a 100% secure solution, but it's marketing and you know how marketing sometimes goes overboard. How do you determine if the solution is actually fit for your appetite for risk? Can you be sure development time dev credentials have been cleaned up? Is the rooting detection any good? Does the app store plaintext credentials? Is it vulnerable or can someone build a scalable attack against the product you are about to acquire to protect your crown jewels? Let's take a look at different options out there and talk a little bit about what you can request from the vendors.

Event Recording
The Ubiquitous Credential - Government-issued Identity in Your Phone
May 11, 2023

This decade may well be labeled “the decade of the digital credential.” From COVID passports to mobile driver’s licenses, digitized credentials transforming to “born digital” credentials, and governments and large tech companies developing their own wallets, personal information has never been easier to share with the wave of a device. The convenience is amazing, and the privacy implications are terrifying.

Even scoping the issue down to government-issued credentials or credentials directly derived from government data, there are a variety of requirements feeding into this growing ecosystem:

  • user control of data
  • data minimization
  • relying party accountability
  • extensibility to other domains
  • optional audit log of transactions and ability to assert rights (CCPA, GDPR)
  • minimization of fraud

In this session, Heather Flanagan and Mike Kiser will discuss the outcomes of the recently released white paper on government-issued credentials and the privacy landscape (publication date expected in April 2023). The issues at hand are not solely about policy, nor are they only about technology. It is about closing the policy and protocol gaps that exist between today’s disparate solutions and services and providing a vision of a privacy-preserving, globally viable privacy landscape.

Event Recording
Biometrics for Identity Assurance
May 10, 2023

In many respects, identity programs are inherently vulnerable because they often rely on something that is shareable; something that a person knows or something that they have. 

Join iProov to hear how biometrics can improve security for both digital and physical access.  Included in this presentation will be guidance on: aligning biometrics to high-risk inflection points in the identity lifecycle; important considerations for inclusivity; and how to mitigate the risk of generative AI in modern attack methodologies.

Event Recording
Managing Your Enterprise Security Posture to Avoid Web3 and Smart Contract Breaches. Practices & Lessons for Enterprises with Case Studies
May 11, 2023

Web3 is a revolutionary changing aspect of technology in the current era but protecting Web3 will be a challenge considering how smart contracts are challenging. New businesses utilizing blockchain technology are more focused on business while their different assets need eyes, such as the most vulnerable DApps and Web3 services.

Decentralized applications, commonly referred to as dApps, are not controlled by a single point of authority. Instead, they run on a blockchain or a P2P network, making them more complex and riskier than traditional applications.

In this talk, we'll discuss how hackers are utilizing their techniques to attack web3 and smart contracts and what are best practices for enterprises to prepare for the challenge.