EIC Awards ceremony at the European Identity & Cloud Conference 2014
May 14, 2014 at Munich, Germany
KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Optimize your decision-making process with the most comprehensive and up-to-date market data available.
Compare solution offerings and follow predefined best practices or adapt them to the individual requirements of your company.
Configure your individual requirements to discover the ideal solution for your business.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
EIC Awards ceremony at the European Identity & Cloud Conference 2014
May 14, 2014 at Munich, Germany
EIC Awards ceremony at the European Identity & Cloud Conference 2014
May 14, 2014 at Munich, Germany
European identity cloud award 2014. The idea of this award is that we look at projects that we got become informed about projects, which are in some way or another outstanding from other things, not only about project. We also have the lifetime achievement of art, which will be then the last one today. And so we have various categories. We had a situation this year, I think, where we skipped one category because there was not a project check where he said, this is perfectly perfect enough or good enough, outstanding enough to do it. So I will go through that.
And where I wanted to start is, was the best cloud security project. So you might argue, there can't be a best cloud security project in these days was the trust issue and all that stuff.
So that's, that might be an argument, but, and I've had talks with a lot of companies, especially over here in Europe, but also with a lot of companies from the us about what has this sort of this in these past post known era, what does it mean to cloud services? And I had a conversation, I think sometimes today where it was about things might slow down an unstoppable trend, but it will not stop such a trend. And moving towards the cloud is clearly an unstoppable trend. So it will be slowed down. Things will have to change in some areas, but that can happen.
And, and clearly in some scenarios, if you're in a security sense of industry, if you're based in Europe, things are a little bit more complex. Sometimes if you due to your industry might even need a certification of in that case, the German BSI, the federal institution, which was responsible for the security in which strongly, very, very strongly believed and recommended to use open as a and so on. So we can't raise the question without the right wants to certify such things right now. But if you need it, then the question is how to do it. How can you do it?
And the point is there are ways to do it. So if you need, if you need to connect to cloud applications, if you need to manage your users, move forward, simplify things like the password reset, authentication, etc. Reduce help desk cost by becoming easier in the authentication. Then this is a challenge.
You know, there are things where you say, okay, probably not the best time to do that project. And in fact, the project we are looking at started before Mr. Snowden told us all these things, but it survived despite sort of the things around it survived. And it also has one thing in which I find particularly relevant for everything you do when it comes to cloud identity management, that is hybrid because a lot of your applications live in your organization and some live outside, a lot of your users already live in your internal directory, some live outside.
And so doing it only in the cloud, I think it's not sufficient. I'm, I'm a strong believer in extending what you have embracing what you have moving forward on these things, but not just saying, okay, I do something else which is completed disparate. And this project I'm talking about did things.
So it is, it fulfilled the regulatory compliance requirements. It's hybrid, it's run on a Europe based platform meeting these requirements. The best cloud security project in 2014 is the one NXP semiconductors from the Netherlands run. And please welcome is one friends for Hoen and will cams from NXP, semi contractors, so that we can hand over this word to you. Welcome. So if you want, you can say some words on that. Yeah. Okay. Sure. Thank you. Indeed. Was a nice project.
We did actually last year and one of the key things was So, so one of the key things was how to, to, to do it in a short time. And one of the criteria was how to avoid a complex situation, how to avoid to complex things like Patriots act and things like that. So at the end we found a company. I welcome. Danny is also here to work together to, to go to a solution. Yeah.
We really choice for in cooperation with an, with a partner to find a good solution that I think that was also the one of the key factors to, to make progress and at the end to have a, a good solution, still not perfect, but we are on the good, good road. So thank you all, especially to, to France and will, who did actually implementation my role was only to, to facilitate to what I heard today. A lot of times speak to your stakeholders, basically stakeholder management and, and arrange the funding and the timelines, things like that.
Okay, Perfect. Thank you. Thank you. And congratulations. Thank you. So let's move forward. It's not the only awards this evening. The second category is the best project on X or the best access governance and intelligence project. So I think we had some talk and then various sessions around analytics coming in, making things more visible and access governance, access intelligence, I think are very important parts of our identity management space. And when I look at this area, I think we, we saw a lot of evolution over the years.
And so many things were more, I would say, yeah, more hated than laughed by the business. So you say to the business, okay, right now you have to re-certify if you do it right, that might be, might work out some way, but it's just another burden. Another task for a lot of people in the business, you have to say, okay, these entitlements are still correct. And I've seen some interesting things around it, by the way, over the years. So I've seen one implementation where the departmental managers were asked to re-certify the Peter transaction numbers, the project failed by the way.
So this is, this is one of the things I have seen the other approach, which in fact ended up with trust distributed Excel spreadsheets, which also did not turn out to be the best approach to do it. And so I'm, I'm, I'm pretty, pretty happy to look at a project where the focus was on the thing, which I really like side of other things in the project is it was enabling the business to better understand their risks. So not only saying, okay, these people have these entitlements, but saying, okay, look at this is the risks. Here are your potential risks.
Understanding this in a, in a simple analyze is simple to use for a significant number of users. So several thousand users using that, being able to, to understand their risks better, also being able to understand the, the auditor to answer the auditor requests faster.
But, but as I've said, the main thing from my perspective is really enabling the business to understand the risks. Not only say, Hey, you have to do things but providing a benefit. And this is the reason why we grant this award to the Stoia award. I think that's for Dave current, tried to learn me this award to the banker in Tesa be grant. So a company from Serbia, again, it's really states was Europe. Unfortunately, unfortunately, the, the, the, the person from the leader of the project, I had to cancel on short notice.
So as a present, in that case of the vendor, I asked N from the who on stage. So to take it on behalf of the customer and hand it over to the customer down concrete dations, just say one more. Yeah. Thanks.
As, as Martin Martin Ko as saying, I'm very sorry to say that the colleagues from bank Anza couldn't come and they had to counsel on certain note, as for several reasons, I feel very honored to take for these colleagues, this award for category best intelligence project. The award as Martin is saying is going of course, to the technology team. And they will feel honored for that because they implemented such a quite sophisticated solution in a very short period of time. But this is also a VO to the department level.
As Martin was saying, the project is giving the team managers the capability to assess the risk in their, in their environments, in their access rights, directly from a system. And we all know how difficult it is to implement methodologies like risk management on a department level. Everybody has a different understanding. So this award is clearly for the technology team, but also for the department level to have accepted such a quite innovative approach and have supported the project. And otherwise it wouldn't have been so successful. Okay. So I will take this and we'll take this in honor.
Thank you for bank. Thanks. Okay. So we were Netherlands Serbia let's look, which country comes next. We're talking about a best identity in access management project. And I think this is again, one of the, the interesting things, and this is one, one thing, which I think is still a challenge in many situations. So if you have organizations, let's call it like that, that have complex supply chain then dealing with the big suppliers is quite easy. Dealing with the small suppliers is a far, a bigger challenge there.
So when, when you look at this things, we might become rather complex. So how do you do you manage this uses onboard off board ensure that are the right ones and how do you do it in a, in an area where Security is key. So where it's really about things should not go wrong in that area for a good reason that you will learn the reason when I talk about who receives that reward. So how can you access to content management where share information between the various suppliers? How can you manage identity Federation?
So that user only can access content appropriate, automatically provisioning, auditing governance and something which really works for all of the suppliers in a very complex scenario. And this is something where interestingly in government till organization is the one who made it succeed.
In that case, we are talking about the UK ministry of defense, which Had developed or let develop a platform, which allowed them to deal fundamentally different with their suppliers, very efficient, allowing them to involve all the suppliers, not only focusing on the tier one suppliers, not only focusing on the big, big ones, but supporting everyone. Also in that case, I have to, to say for various reasons, we don't have a person of the ministry of defense itself here. So Mike managing director of Orion pro will take the awards on behalf and hand them over to the UK ministry of defense.
So our applause to the UK ministry of defense for that solution. And hopefully, hopefully Mike will show up here year.
So, oh, they promised me that he will be here, but if not, then we have all handed over separately. Let's move forward innovations, new standards. This was at middle Italy, a little bit, the most difficult category this year, because there are, there are some interesting things and maybe I, I would have chosen open ID connect, but we already gave them an award. So we were maybe a little early, but I think it's good.
You know, I've looked, we did it a while ago and obviously we, we had a good feeling and I think we, so let's look at other things. Not that I, one is less than open ID connect. I think it's something which is another very, very important evolution. And it's probably the same stage when open ID connect was when open ID connect was, was getting its word.
So what you're talking about is how can we give individuals and organizations, a unified control point for authorizing who and what can get access to their online, personal and corporate data content APIs, no matter where these resources reside on the web. So, you know, we are talking a lot about privacy, privacy, privacy, body side. We're talking a lot about these things at the entire conference. I think it's one of the, the long running scenes at our conference. It's always about that stuff.
And when I look at this, it's very important to move forward with standards, not only disclosure teams agreement, cetera, cetera. So The one thing we have here, there are some more rewards to come. Two more.
In fact, so the one we are talking here about is Uma or U a or user managed access, or here's something standing pronounced. I'm not sure how I should pronounce it correctly, but probably Johnny Brennan, who will take this award on behalf of the Ken Tara initiative will tell you how to pronounce it correctly. Please welcome Jon congratulations. So this is really the work of the Uma work group E mailer Dominico Catalana, who's here, mache Mak who's here as well. And so many people within the community. I think we've been inspired.
At least I've been inspired by this conference and the focus on delivering agile services, delivering adaptable, scalable services that really focus on what the user needs in building businesses. And we've heard a lot about trust over the evening, and I think trust is a state and not a thing. And trust is not the end goal, but trust is a tool to achieve something. And so trust is part of a major platform for building business, as well as delivering many services.
So again, on behalf of those here for Uma, wasn't me, but we're very happy to provide the platform for Uma to develop. And we look forward to so many achievements to come. So thank you all.
So, and, and when we are talking about best innovation around standard stuff, et cetera, we moved to especially work, which is I call it the best innovation for security in the API economy. So we had a lot of talk around, not only people communicating with people, but also services, communicating with services, things, communicating, et cetera. And there's a lot around APIs and there's a lot around lot talk around all that restful and chasing and whatever stuff.
And I think what are happened again is that when things like rest etcetera came into play, they were new standards with a gap in security. So like with web services where we first had soap, and then we had a lot of other things. And so it's always the same story.
I think I, I, I gave up hope that it will ever be different, but it means we need some people who do the next step and help making the world more secure. And this is really what is award is about. And this might be maybe one of the, the most important standards and security ever for our entire life, because it goes so deep into all of these things and apps and whatever communicating.
And, and when I go back, so you might have heard before about the API billion as the ones, which have billions of API calls, et cetera, making all these things more secure, I think is a, an essential thing for us. So chase and rests based protocols are quickly adopted in the cloud on the internet and mobile devices and the enterprise. And there are things coming up and this are the chase and web token or JWT and the underlying chase and web chasing web tokens with the object designing and encryption chose standards.
I think Mike maybe can explain it then for the others, but this is what I think is, is so important that it's absolutely worse, especially word. This word goes to the internet engineering task. First it and the team which developed JWT and Choi. And I like to ask Dr. Michael Jones net second mu is here and tr Bradley is here to come to the stage and receive that award, please. Okay. Congratulations.
Great, great drop. Yep. Who will talk on mic? You will do. Okay. So the Jason web token is a security token, just like Sam token with many of the same properties, except it's Jason, rather than XML, XML might have done the job, but in practice web developers didn't seem to be taking it up by storm where this other Jason data structure seemed to be what people were using.
And so a number of us sort of independently actually invented Jason and codings for signed content and the innovation, if you will, was getting everybody together, who'd been working on it at one point, mostly over email, but later at the internet identity workshop and saying, well, let's all agree to agree on a common format so that we have Jason based security token for this new Jason rest based world. And then that in turn evolved into also having general purpose, Jason signing, encryption and key representation formats.
So this is a set of specs, which is actually not done in the ITF, cuz it takes a while there, but there's some 20 or 40 interoperable implementations already deployed. And in fact, it's used by Uma. It's used by open ID connect. It's used by a lot of other protocols and I'm pleased to have worked with these gentlemen plus a number of others who aren't here, including some great minds in the ITF to produce these Specifications.
Okay, perfect. Thank you.
And so, so finally we come to the lifetime achievement award and it's a pleasure for me to ask him to come to the stage, but not because Kim is receiving the award. If you have been here last year, you might have noticed that Kim already has the lifetime achievement award, but you know, and European identity award ceremony without Kim is not an European identity award ceremony because I think every year he has been at a stage for some reason. And this case, he's the one who does the validation for the person receiving that lifetime achievement award came with your turn.
Well, thank you. Thank you for the opportunity to present this award to one of my favorite people In 2007 one day, you know, I, I picked up my mail off my desk and typically when I open it, which is rarely and I go to read something, I think I know what I'm about to read.
You know, I, I look at the title and I go, oh yeah, I know this. In this case, I opened it. It was an official report. And I read the following a reporter from the CBC, the Canadian broadcasting corporation advised that she had been notified by an individual who much to his surprise had viewed the image of a toilet in a washroom on his vehicle's backup camera while driving by a clinic. The reporter also said that they brought a, a private investigator subsequently drove by and stopped at the clinic in a vehicle that had another backup camera installed in it.
And they saw on the backup, camera's monitor a disturbing image of a woman using a toilet. It is my understanding that the image of the woman included a reasonably detailed image of her face.
Now, what do you say about reading that before your coffee? And it turned out that all of the methadone and other clinics in Ontario, Canada had installed wireless cameras for monitoring the administration of various tests. And all of those wireless cameras were broadcasting the contents of the tests onto all of the backup screens and all of the cars that drove past all of the clinics.
Now, if there had been no privacy commissioner for the province of Ontario, there's no doubt in my mind that the practice would've probably continued and maybe even become more extensive. But this was just one of thousands of reports that I discovered had been prepared by, by the privacy commissioner of Ontario to, to protect us basically from the idiocy of technologists and others. What was interesting here was the, the clinic in question refused to accept responsibility.
They said, well, it's just like a, it isn't our responsibility. If there's a peeping, Tom who passes by and looks into our window. So rather than even emerging and saying, we're gonna deal with this problem. They actually spent the time and the trouble to have a legal defense against their responsibility for having prevented it in the first place.
Well, the, the person who set, set up and, and, and developed and developed the reputation of this, of this privacy commissioner is a truly remarkable person. Dr. Anne KA the, we, we, you know, in French we say the she's responsible for protecting private life. And I see her that way more than a privacy commissioner, a commissioner of private, of private life in general.
Now I, her list of awards and recognitions and so on is immense. And you have to understand that this person creates an aura and, and a beautifully well functioning organization populated with just really topnotch technologists and legal experts who dedicate themselves, not just to making vague policy statements, but actually getting their hands dirty, totally embracing the problem of understanding the technology. And so at a certain point, I started to make pilgrimages to the commissioner's offices in order to interact with her people.
And I've always found it immensely useful as a technologist to have these people who, who can advise me and, and, and bounce things off, off with the, the height of, of all of this was Anne's. If I may call her that formulation of the idea PR that what we needed was privacy by design and taking the whole notion of security by design that all of us take for granted and saying yes, but it's really only part of the answer. The rest of the answer is privacy by design.
And then instead of taking a confrontational POS position towards technologists, really embracing our problems, our concrete problems in developing systems and saying let's work together to figure out what the methodology would be to do privacy by design, just as we have a methodology that allows us to do security by design, and which has been so important in moving past the horrors of the early two thousands, when, when we had all of our very insecure systems deployed.
So this privacy by design idea has been taken up by a whole bunch of people in the I ETF in the no in the Oasis group with Dr. Jula leadership and Dr. Kabuki's participation. And now there is an emerging standard on how we would go about analyzing what we build prior to, to, to, to even embarking on it so that we actually have a scientific way of being able to enumerate the privacy threats and, and the problems.
And so for that, I think we should all be extremely grateful because as has been demonstrated this conference, the whole internet of things, and the whole problem of the cloud computing and big data is one in which privacy by design has to be the fundamental element of all that we do, or really we risk seeing our civilization fade away in, in, in terms of the core values that we've all believed in and, and want our children to be able to share. So for this reason, I'd like to thank our friend Dr. Kabuki. Thank You.
Thank you, Kim Curtis lation. And I first would like to ask Michelle trip, who's here working with Ann and here to take the award on behalf of Anne. So right after that, we will have a short video of am, which we will done show. Speaker 10 00:32:09 Thank you. Thank you. Okay. Thank you. I think we did the video then. Perfect. Yes. Yes. You might say something shortly. Speaker 10 00:32:28 I guess I, I, I get to, to preempt the commissioner. I don't know whether I'll have my job when I go back anyways, but I wanted to say, thank you so much.
I, I wanna thank, you know, Martin and his team, certainly for embracing privacy by design, but, but what was so touching was whenever I went into any of the sessions that all of you have, and I think the commissioner, you know, you'll see in her video, how thankful she is to all of you for all of your hard work in, in the area of security and privacy.
And we feel so, so thankful for, for, for having colleagues such as you, the other thing that she would say, and I don't, I'm not sure whether she would say it in the video, but it's when she hears this, she tells me, oh, tell them I could kiss them now. I'm sure she's kissed Kim already, you know, but I will throw this kiss out to all of you from her, from the bottom of our hearts. Thank you. Okay. Thank you. Speaker 12 00:33:39 Hello. My name is Anne KaVo Kim, and I'm the information and privacy commissioner of Ontario, Canada.
And I'm here to thank you from the bottom of my heart for this amazing award, the European identity and cloud lifetime achievement award. I cannot tell you how much this means to me, especially because it validates the work that I've been doing for many years on privacy, by design, trying to just put the word out that we can embed privacy into the design of it. Technologies embed it into the data architecture and into all that we do.
And, and I'm just so delighted. I cannot tell you when I heard of this, I was just blown away and I'm so grateful to you all for, so kindly giving me this award. I I'm truly, truly humbled by this and I especially wanna thank, and I, I written it down so that I make sure I get all the names, right.
Speaker 12 00:34:41 I wanna thank of course, Martin Kuppinger, founder of KuppingerCole and Jorg Resh, also of KuppingerCole and the entire team of analysts there who work so diligently and have shown such exceptional leadership in preserving information, security and privacy in this increasingly complex world that we live in. I am convinced more and more that we, if we don't embed privacy and security by design, that the potential for surveillance to grow and basically remain unchecked will be the future that we'll be facing.
And that is just a future that is unacceptable because privacy, I would say equals freedom. If we wanna live in a free world, if we value freedom and Liberty, that we must have privacy, which forms the basis of all of these protections and our rights and preserves our ability to exercise some control over our information over our lives, over our freedom and the world that we wanna live in. Speaker 12 00:35:49 So thank you so much. I'm so sorry. I couldn't be there with you today. I love Munich.
I wish I could be there, but I'm delighted that my director of policy and special projects, Michelle Chiba, who is wonderful, she is there with you and she will do an exceptional job, and I'm very grateful that she could accept the award on my behalf. So again, thank you so very much. I can't tell you how this has just made my day. And I think, I really think this is the most important award that I have ever been given, and I owe you a huge debt of gratitude. Thank you.