The European Identity Awards 2012 honoring outstanding projects and initiatives in Identity Management, GRC (Governance, Risk Management and Compliance) and Cloud Security were presented yesterday by the analyst group KuppingerCole at their annual event, the European Identity Conference 2012 in Munich. Winners were chosen from a shortlist of exemplary projects and initiatives compiled by the analysts at KuppingerCole, end-user companies and vendors during the last 12 months.
It's a little bit different regarding corporations, but at the end of the day, it's about innovation, about good ideas. And there are, I think there are different things we are looking at. Then there should be some leading aspect in there for sure there is. If you look at what we are having this year as Edwards. And so we have some things that are, for example, we are currently looking at. So one of the important topics for us today is really supporting hybrid clouds. An interesting point, we see tightly integrating different types of technologies for a complete offering and really integrating different things, making use of new technologies and standard on a very large scale or doing it very efficiently. And I think that's also embracing and extending existing it infrastructures covering complex heterogeneous environments, either from the involves parties or from the technology and dealing with particularly complex project scenarios.
So they are, are a lot of, let's say different points we are looking at and we really try to find out, okay, where are the projects where we say, okay, that's something we never have seen and heard about and so great. Or that's something we are expecting for quite a while. And finally someone has completed the project that way. And that's basically the, the, what we really look at. And then we have just to give you a little background, we receive nominations, we do calls with the companies. We, we look at other things. We also have written reports this year for virtually all of the awards. Most of them will be available at our website, I think latest by tomorrow. So you can then have also look at it a little bit more in detail, we have changed something. So we have only, usually only one award per category, only in one category.
We have two, these are really so different, but outstanding projects in that area, that it was really hard to say the one is better in the Arab because we both are outstanding. We will have a special award on mobile security, which was a very important topic. And we also will have the first time a thing we call lifetime achievement award, something we didn't have until now. So it'll be five categories plus special award plus lifetime achievement award, plus the one category where we have two winners. So that's it what we will see right now. And so I would say, I head over to NTRA right now.
You. And I will sit over there because then I can always move to the next slide, which then provide some details about the project.
Very good. Very good. Well, we are delighted to proceed then with the, the awards and the process is that for each award, an Analyst from capping a coal or a guest will make a brief presentation speech, and then we shall give the award. And the first award is the best identity and access management project and the presentation speeches from Sebastian raw.
Yeah. Thank you. Does this work okay? Yeah, it's my special honor that today's first award goes to one of my former employees, employers, and it's a really large organization, and this is definitely one of the reasons this project has been chosen, because we all know if you have a multinational company with lots of different HR organizations, with lots of external resources that need to be provisioned and need to be supported with identity and access management, you tend to get a very, very complex environment. And we found that this project especially stood out from the crowd because it was both serving cloud environments and non-cloud environments. It was taking in data from SAP systems and non-SAP HR systems. It has a focus on being a hybrid in the deployment mode, and that would really make us see that the complexity of this whole project was really, really large and impressed us.
One other thing that you have in international deployments is that you tend to have multiple regulatory environments that you have to take care of. And this really gives a headache to all the auditors and also to the identity and access management stuff. So one more reason here was that this project did not only comply with the very strict German regulations, but also was covering some of the EU and international legislations. So we had a multi regulatory project that satisfied auditor requirements from all over the globe, which is definitely something that earns this project, an award, one of the really pain inducing things that we have sometimes is that if you have workflows in the approval and the approvals are not there, so you have to have stand-ins, you have to have people that say, well, I can't approve that. I don't have a clue who that is. So they just promote that to somebody else and escalate. And what we've seen in this project is that there were actually workflows that allowed for up to 20 people to actually say, yeah, this is okay, or this is not okay. And I think this is again, a, a showcase for the complexity that has been covered and successfully covered in this project.
So I'm delighted now to present this award, this is the best identity and access management project. And you name the award.
Yes, it's Zen's corporation. And I like to welcome on the stage, Mr. Shefa and Mrs. CCA from the corporate it department being responsible for all the HR applications.
Congratulations, sir. Congratulations. And do we have a formal photograph here? Do we all mind for photograph init? Okay. Okay, excellent. Thank you very much. Now,
Do you want,
So thank you very much. I think this award is a recognition for the excellent work the team has done. The team has met many challenges like handling a complex architecture, communicate with users all over the world and last but not least observe many national and international rules and regulations, and this is really not easy. So again, thank you very much on behalf of the whole team consisting of artists
Bicon and Siemens. Thank you very much.
We move now to the second award, which is the award for best access governance and intelligence project. And the presentation speech is from Martin cope.
Okay. Yeah. In that case, it was a project which is from my perspective, interesting, not because takes, let's say the standard access governance approaches. It's more really about how can I deal with complex requirements? How can I deal with complex infrastructure in that area with a lot of participants and how can I do things like which I would call identity our security. So really going beyond let's say the traditional approach of logs and looking who has access to what, but really looking also on the real time aspect of all these things. And there are environments which are specifically sensitive regarding security, which we find in several areas of the government. And in that case, it really was one of the projects where it is about such an environment, which is, and you will, once you hear the name of the winner, it becomes very clear that they are extremely sensitive in this area.
So really what they've done is they've dealt with a lot of parties from different countries in a very complex environment, again, where they have very high security requirements and very, really gun beyond let's say, trust, analyzing who has access to what, towards an approach, which also looks at what is happening at that point of time, integrating sort of sea. So security incident event management with the traditional approaches, more from the identity access management side. And so that is I think a very good reason to give the award in that specific category to Euro pole or oil pole. And I'd like to have the person from oil pole then to come to our stage. I've seen in someone's before. So hopefully it's here yet. Okay, here you go. Oh, and as I said, it's a really, a very interesting project because it goes well beyond the traditional static approaches. So welcome please from Europe.
Thank you. Congratulations. Thank you, Martin. Thanks. Thank you. Thank you.
Good evening. All I'm very glad of partying that he didn't say Interpol. That's the usual mistake that people make. So that's the first joke. So first I would like to thank basically critical for this. Let's say preparation, and I think, you know, winning an award does not mean that we have addressed all the challenges. So after listening to the wonderful presentations where we, you know, have all the new technologies and the new challenges ahead of us, I think there is a lot of work still to be done. And you know, this is, and for people that are more interested to, let's say, learn more about our experience tomorrow. I'm giving a presentation to maybe begin into details or real life business issues that you need to think. Let's say using the tools and the, the wonderful standards that we have been discussing, but then with the business enabled view of it to let's address the challenges. So thank you again, and please, if you have opportunity to join, let's say us tomorrow. That would be great. Thanks.
We move now to the third award where in fact, we have two awards in this category, the best cloud security project, and we have first a presentation speech from Sasha palace.
So good evening. The cloud security category obviously is something we are very proud of having, trying both to get people onboarding to the cloud whilst preserving the security. So this is something very specific here. The project that had been awarded in the first place has chosen has been, was chosen for the European identity award due to its reuse of existing infrastructure components to support a hybrid cloud environment and for significantly reducing risks in the cloud infrastructure, it shows the importance of having identity and access management in place to be able to make the move to the cloud in a secure and compliant way. Specifically, the project supports the security of one of the very largest cloud collaboration pro collaboration deployments worldwide. In this project, the award winner migrated towards a Microsoft private cloud collaboration solution used by more than 200,000 employees, strong authentication using soft certificates together with a tight integration with the corporate directory assured strong access control while preserving the critical information within the company's it premises, the award, the first award in the category best cloud security project goes to Daimler. And I would like to welcome Dr. Barbara Armand on S
My team didn't.
And we'll have the photograph cool photograph here. Here. Are you like to make some remarks? Yes.
Well, this has been a long journey and it's still a longer journey to come. I wanna thank somebody. Who's not in room here. There is a person who's been enabling me for many years in my department, and that is my CIO. So I've been very lucky cuz without the CIO, this wouldn't have been possible. My team to of the most, the biggest contributors who've been on the team very long and did the first grunt work in identity and access management at all. And I want to thank our partners for many years, very loyal and very good and excellent partners. I see consult. Thank you very much. Have a nice evening.
And the second award in this category, the presentation speeches from Mike Small,
Good evening. Well it's for the last several years, I have been writing, presenting and advising on cloud security. And so it gives me a particular amount of pleasure tonight to make this presentation of this award, to an organization that has clearly followed much of the advice that I've been giving.
Now many people come and say, what should we do about the cloud and what should our strategy be for the cloud? Well, the answer that we always give is that you really should be meeting business requirements. And so the first thing is to understand what the business requirements really are. And in this particular case, the business requirements were to satisfy the need for a number of merge merges and acquisitions and an escalating number of accesses to different software as a service providers. And to do this and to do this with security. Now, when you look at cloud security, once again, many of the times people will talk in particular about things like antivirus hacking web issues, but the most fundamental part of security is who can access what so identity and access management is a very important part of cloud security and it's especially important because the organization that is using the cloud, largely speaking remains responsible for testing the users that have that access. And so it's particularly pleasurable to give this award to an organization that is focused upon that particular area. And the third thing that is, is key in, in this particular award that we are giving tonight is that it has to be scalable. It has to be done quickly and it has to be done in a way which clearly matches all of those requirements. So it's a particular pleasure for me today to present this award to sonar and their technology provider ping. So please can the representatives of sonar and ping come to the stage.
Thank you. Thank you very much. Thank you. Congratulations. So we would like, this is for us. No, thank you. Thank you. Thank you. So should we have this graph? Okay. Maybe in middle. Very good. Okay. You wanna make some remark?
Speaker 10 00:20:26 Thank you very much all. And I would like to thank everyone that has been working on this project and we, we have been doing a great teamwork within, with Sanofi ping and Kenya network. So thank you very much.
We come now to the best approach on improving governance and mitigating risks and the presentation speeches from Phillip PA.
Speaker 11 00:21:25 So this award really pleased me on the first point because it improves security of some things that I'm using regularly as a consumer of the service. So more than the technology, you have a direct concern about what they do. And when we are talking about plane, airline airport, everyone expect that security is a given. Nevertheless, it filled me and probably you as well, good that not only people are chatting about security, but they also do something real. And in this case, you know, this project was about improving the governance and risk mitigation by removing the administration password for more than a 10,000 system and aligning the, the process with the international standard and finally verifying that the work was effective by scanning tools and verifying that it was effectively via Dawn. So I'm very pleased to, and also very proud as a French citizen that APER DEPA wants this award for improving governments and risk mitigation. I I think, and not in the room, but that Han girl from cyber a is going to retrieve this award.
Thank you very much.
Speaker 12 00:23:30 Thank you very much, very, very much. I'm very happy to receive that award on behalf of a Porwal party. As you mentioned, they cannot be here. I think they didn't get a plane.
Speaker 12 00:23:42 They pretty, they pretty much did what every company does. Does they are ISO 27, 0 1 certified. But what only very few companies do is they also took care for really living that, that policies that they gave themselves. And one of those was a full law mention already to also take care of privileged accounts. So it was a privileged identity management project. And I think it's a good thing to see that also this specific part is now coming more and more on top of the not thank you very much.
Next award is for best innovation, new standard in, in information security and the presentation speeches from Dave Kerns.
Speaker 13 00:24:44 Good evening, everybody I'm really happy that I get to present this award for best innovation and or best new standard because I think the awardee satisfies both parts of that equation. It is indeed the best new standard I've seen in a while, as far as identity is concerned, but it also shows a good deal of innovation in the reuse of things that we've used before
Speaker 13 00:25:14 I recently called this protocol, the gigabit ethernet of identity. And by that I meant that gigabit ethernet bears the relationship to the ethernet. Bob Metcalf invented 45 years ago that this protocol has to his predecessors. That is to say they share a name. Gigabit ethernet has really very little in common with the old ethernet. The old ethernet just couldn't work at those kinds of speeds. New things had to be done, but we called it ethernet and people accepted it and they used it well in the same way. Our honoree here, open ID connect bills on the legacy of open ID at the same time, adding into the protocol, those things that were missing from open ID. Now, I was there the day open ID was born. It was a rainy day in Berkeley, California at the first internet identity workshop. When a group of people realized that they were all working independently on essentially the same thing they got together and out of that open ID was born. Unfortunately, open ID had some major flaws, never caught on the way we would like it to, but some for thinking people formed the open ID foundation to carry on the work. That was the intent and the
Speaker 13 00:26:47 Promise of open ID. So at they've worked very, very hard, very, very diligently, and they've created what we can only call an elegantly simple design. And these are people now working on this who created this, who have come from all different areas of the world who come from partners, competitors of people who like each other and people who don't like each other, but they've gotten together. They've given us open ID connect, a wonderful protocol built on top of O O 2.0 and SAML, which leverages of course, the brand recognition of open ID simplifies for identity providers, relying parties and users, secure authentication, and secure authorization. Open connect is going to have a substantial, positive impact on usable, secure identity solutions, both for traditional computing platforms and for the mobile devices. We've been hearing so much about this week. So for that reason, we're awarding this year award to the open ID foundation. I congratulate them on their win and to accept on their behalf, Don Tebow, who is the director of the open ID foundation. And that's
Speaker 14 00:28:28 Please, thanks.
You're taking this.
Speaker 14 00:28:52 The paparazzi is a
Very paparazzi moment of celebrity.
Speaker 13 00:29:00 Why don't we get groupies?
Speaker 15 00:29:06 It's my pleasure to receive this procedure. Our on behalf of my community open connect is a collaborative effort of many companies and individuals, and it's very secure, very privacy enhancing. And so if you haven't looked at it yet, please do. It's a very elegant solution.
Speaker 14 00:29:33 As Dave indicated, the open ID connect
Speaker 13 00:29:38 Protocol is the
Speaker 14 00:29:39 Product of a team of rivals companies like Google and Microsoft and Facebook all contributing. So the alternative was either a bolt of lightning or an award. So we're very pleased to accept the award. And I particularly wanted to acknowledge net Secora Mike Jones and John Bradley for their leadership of this splendid team of rivals. Thank you very much
Now, somewhat different award now and the lifetime achievement award. And we have a distinguished guest to make the presentation speech. His significance will be explained in the context of the award Dr. Jack bus.
Speaker 16 00:30:41 Well, first of all, I would like to thank the organization for inviting me to give this particular award because I'm really very pleased and honored to be able to do that lifetime achievement award for ID and ID questions, ID, business, and innovation for the influence that the person has had on the various organizations and governments and his involvement over the whole lifetime. And of course that is along and very rich time. He started as a mathematician, but not the very theoretical type as maybe I myself am, but with a great enthusiasm for HandsOn work in electronics and also in programming. And in fact, as I heard, he is still actively implementing mobile apps in his teaching environment. He became a professor when he was at the age of 33 and he was one of the inventors of what was called MUPIT the Australian telex terminal or network computer, which presented in delivery tele software, downloadable executives, which we are currently calling apples.
Speaker 16 00:32:08 And in fact, that was quite an important invention. It was later mentioned as prior art in a patent infringement case of, of w versus AOL Netscape with respect to browsers in the nineties, he specialized in information security, particularly asymmetric, crypto, and implementation of smart cards. He of course draw the attention of, of, of his government and was a director of the Austrian information security advisory board. He was responsible for the Austrian citizen card project, and he is still a chair of the Austrian I CT board. And also internationally. He was extremely active in the O C D in many situations and, and committees in the council of Europe. He shared also the E I D talk group of the E Europe. He was one of the fathers of the stock project. And I think most of you certainly know this interoperability E I D project in Europe.
Speaker 16 00:33:21 He was the chairman for four years of Thea management board. And he was, he is also member of the ITRA, the Verizon. And that means advising as one of the wise men to the commissioners Cruz and Seth CVI. In fact, I of course wouldn't know that all because I know him only since eight years, I really respect him for his enormous dedication to his, to his, to the objectives. And I also like him very much as a person to work with on a person on whom one can rely. I met him, I think for the first time when I was head of unit in trust security in the European commission, that was at a Vienna workshop. I remember that was the first workshop where I did the ESE walls in the classic way in the evening together with V Redding in a, in a ballroom, which was quite an experience.
Speaker 16 00:34:29 I also stimulated him to work with Kim Karon and Chiron about on a proposal for common, for a common identity framework, user-centric ID meta system in 2008. And I convinced him that he should become a member of the receptors advisory board, which stands for research and innovation or security, privacy trust in information society, which I had kind of organized via a project of the European commission, and which came with a very well received report on the subject that I just mentioned. And now he is still also as a kind of a consequence or a follow up of this receptors board working with me in an association, which is called digital enlightenment forum, where we are trying together with other people to further to stimulate the discussion of the transformation or of the society or the impact of the society of the digitalization. And he is really one of the key members there. So I am very, very happy to be able to give this award to what the jury and I quoted Jordy says the smartest governmental CIO in Europe for this contribution to the innovation and to the influence in Austria, in Europe and beyond in electronic identity management in governance and security. And of course also as a very good friend re posh,
Speaker 17 00:36:56 Thank you. It was really a surprise. I just got a, an information whether I was present today. So I didn't know until a few minutes ago that this is going to happen. I'm greatly surprised and honored. And I understand this as a clear message that I should keep be Bush pushing towards the commission because a former commission member or member of, of the services of the commission is doing the introduction. So I, I will use that as, as a clear message to get, to keep involved in the new regulatory framework on E I D, which is coming this year. And in this context is to my view, the, the, the very moment in this year to receive this. Thank you.
Thank you very much.
And finally, we have a special award for mobile security and the presentation speech is from Martin.
Yeah. So thank you. In that case, you know, mobile security is one of these topics. I'm, I'm very, very interested in for a long time. I always say, you know, we are dealing with devices, which are pretty small, which are approximately have approximately the same security as the PC mid of, of mid eighties, but which is heavily connected and which is capable of doing much more things than the first PC I had, was able to do, which wasn't connected and which, which what, which room I could know which, which device I couldn't use for many things. When I go back to my first IBM PCT, and now we have these mobile devices, they are more or less as insecure at that device as this device, but it's a totally different world. And so I really look at things which help us to improve mobile security.
And I've seen a lot of things there. And I think one of the things which is always a problem is on one hand to get hardware vendors of mobile devices, to really implement security at a higher level, because it costs a little bit of money. And so the question's always versus the business case. And the other thing is if I look at solutions, which then say, okay, you might put in some other type of hardware in there, or you might carry another token with you. I don't really don't believe in these things because when logistics becomes to complex or usability, it won't work. And I think that's, that's another very important point. So when it comes to mobile security, it's really about how can you make these things work in a very smooth way, very simple, based on the things people have. So the device, regardless of what type of device it is, we think that's another very important point.
So if it works only for today's device of choice and mobile operating system of choice, the problem simply is, yeah, we don't know whether this will work two years from now, now with new operating systems, new devices of choice and so on. And if it's a pure and only software based approach, we might struggle with the fact that an out of band authentication or something like this can turn pretty quickly into an in-band authentication. If it's the same device, or it becomes uncomfortable again, because you can't use the device you'd like to use for your, let's say e-banking to receive the SMS, which provides the pin because then it would be in bad. So I think it's a complex situation. I really look at approaches, which makes things easier. And the other thing behind us is also, I think a piece of hardware, a piece of software is no service behind doesn't help that much. So it's also about having something where you have a set of services, manage services, which really enable you to use solutions. And this year, the special award for mobile security really fulfills this criteria. It works regardless of the operating system. It requires only something which you have in every mobile device, it's based on standards. And there's a set of
Increasing set of managed services available. So there, first things are out in pilot for customers, and there will be other things as well. And it's something which right now starts in Switzerland. But based on the fact that it's, it's, it works with standards it's interoperable, it can throw. And I think it's also a very good, let's say a very good example for maybe either mobile service providers to follow that path. So the award in that category this year goes to oops, Swisscom for using mobile ID and the project they've built around that, which is a really a project, which says, okay, I use a SIM card, which is enabled to securely store certificates. And if you have your SIM card of that type, which is rolled out, now you have the security technology and you carry it around because you carry a mobile device around. So you don't have another piece of hardware. You don't have another thing there and you have to manage services. And that's really the reason why I think this is definitely worse, special award for mobile security. And I'd like to welcome the persons from Swisscom to receive this award, please
Speaker 18 00:43:20 Well, thank you very much for the introduction of the mobile. It it's, it's a product that is now started now. It's now launched and yes. Thank you very much for the,
Say one sentence.
I think I trust what had, because it was one thing I've, I've learned, I think yesterday when talking with some of the mobile, the open iConnect guys and just short thing I'd like to have, they said, you know, last year at your conference, we were sitting in the lobby in one of these sort of cubicles and we're discussing the functional specification of open ID connect. So what makes me somewhat proud is that our conference was a part of the work on a thing where, which we found right now really definitely worse to receive abroad. Really think that's a nice story at side of these things right now. I hand over to you again, natural. Thank you.
Well, this has been an exciting evening and it has only just begun type of celebration. It's a wonderful thing to be able to award people for their efforts. And it strikes me what is so interesting as you see here, the whole sort of process, but the ideas, the principles, the execution, and I think an awards occasion is a very special one because there's, this is, this is the product. This is the achievement. And we are all encouraged and excited and encouraged, not least to emulate those who have had such success. So as you leave the room this evening, we have champagne. I believe waiting at the doors in tune with the occasion. We will have a buffet dinner upstairs, and then we hope you will all join the ping party. And the buses leave at 20 half past 8, 20, 30, and 21, 21 30. And so we have a whole evening of celebration. And then tomorrow morning we commence with keynotes at the usual time. Thank you very much. Thank you, mark.
How can we help you