Event Recording

The Role of Policy Management in the Software-Defined Era

Show description
Speakers
Tim Grance
Senior Computer Scientist
NIST
Tim Grance
Tim Grance is a senior computer scientist at the National Institute of Standards and Technology in Gaithersburg, MD. He has held a variety of positions at NIST including Group Manager for Systems and Network Security, and Program Manager for Cyber and Network Security. He has led a broad...
View profile
Dr. Michael B. Jones
Building the Internet’s Missing Identity Layer
OpenID Foundation
Dr. Michael B. Jones
Michael B. Jones is on a quest to build the Internet’s missing identity layer. He is an editor of the OpenID Connect specifications, IETF OAuth specifications, including JSON Web Token (JWT) and DPoP , the IETF JSON Object Signing and Encryption (JOSE)   specifications,...
View profile
Andy Land
Security Technology Executive
IBM
Andy Land
Andy Land is a security technology executive who runs worldwide product marketing at IBM Security for the Identity, Application, and Data Security segments. He has a successful background in leading marketing, product marketing/management, and strategy teams at start-ups and large enterprises....
View profile
Ken Owens
Chief Technical Officer Cloud Infrastructure Services
Cisco Systems
Ken Owens
Ken Owens is Chief Technical Officer, Cloud Infrastructure Services at Cisco Systems. Ken is responsible for creating and communicating technical/scientific vision and strategy for Cloud Infrastructure Services (CIS) technical vision/strategy. He brings a compelling view of technology trends in...
View profile
Hemma Prafullchandra
CTO and Senior Vice President of Products
HyTrust
Hemma Prafullchandra
Hemma Prafullchandra is Chief Technology Officer and Senior VP, Products at HyTrust. She is responsible for HyTrust strategy and its security and compliance innovations. As an evangelist for what's possible, she drives the company and eco-system (partners, industry bodies, customers) to enable...
View profile
Playlist
European Identity & Cloud Conference 2015
Event Recording
Mike Small - Cloud Risk Assessment
May 17, 2015

When moving to the use of cloud services it is most important to take a risk based approach.  However the process involved is often manual and time consuming; a tool is needed to enable a more rapid and consistent assessment of the risks involved.  This session describes why a risk based approach to the use of cloud services is needed.  It introduces the KuppingerCole Cloud Rapid Risk Assessment Tool developed by KuppingerCole to help organizations assess the risks around their use of cloud services together in a rapid and repeatable manner.

Event Recording
Mapping the Changes in Data and Identity Risk Landscapes
May 16, 2015

Well-managed organizations address unique and emerging risks, such as networked data and identity-related risks in the context of their overall risk profile, and seek to implement solutions that can cost-effectively address organizational risk at multiple levels. As new online and networked system risks associated with data and identity handling systems have surfaced, pre-existing risks still remain relevant; and together they vie for the attention of managers around the world, causing them many sleepless nights. How are emerging risks similar to and different from traditional risks faced by enterprises? How can traditional risk mitigation strategies inform, or mislead, managers seeking to address emerging risks?

Event Recording
European Identity & Cloud Awards 2015
May 22, 2015

The European Identity & Cloud Awards 2015 were presented by KuppingerCole at the 9th European Identity & Cloud Conference (EIC). These awards honor outstanding projects and initiatives in Identity & Access Management (IAM), Governance, Risk Management and Compliance (GRC), as well as Cloud Security.

Event Recording
Luca Martelli, Christian Patrascu - Evolution or Revolution: Unlocking The Potential of The New Digital Economy
May 14, 2015

Cloud, Mobile & Social continue to have an impacting effect on IAM projects. In addition to this, Digital business plus Internet of Things have begun to further influence the IAM programs worldwide. The Convergence of identities like people & things is furthermore driving these trends. Hence the question can be put: Is Identity in the gravity center of these emerging trends? The presentation goes though some real life examples of how Security and Identity Management are enabling Digital Transformation from the business and technical points of view.

Event Recording
Yariv Lenchner - Securing Privileged Identities in OT (Operational Technology) and Industrial Control Systems
May 15, 2015

In the last years we see that privileged accounts in Operational Technology (OT) environments (e.g. critical infrastructure) have an even higher importance and criticality than in the traditional IT. OT networks and the Internet of Things (IoT) implementations are taking shape and are being connected to enterprise networks and to the internet. This brings many business advantages but also opens these once isolated technologies to advance threats. Securing these privileged account and their privileged sessions are a critical security practice for enterprises and critical infrastructure operators.

Event Recording
EU Privacy Regulation
May 16, 2015

The proposed new data protection regulation aims at European data protection standards which are better harmonized than the current legislation and also suit the technical standards in times of transformation. A unified data protection Regulation that is directly applicable as part of the EU’s Digital Single Market shall make it easier for all parties to understand what their rights and obligations are and what compliance risks they need to manage.  One of the main changes  foresees that EU data protection law is valid whenever the European market is targeted – whether from within or outside of the EU. Amongst other regulatory novelties, strict enforcement and data protection by design will mean a truly new data protection environment.

Event Recording
Prabath Siriwardena - Connected Identity: Benefits, Risks & Challenges
May 15, 2015

SAML, OpenID, OpenID Connect, WS-Federation all support identity federation – cross domain authentication. But, can we always expect all the parties in a connected environment to support SAML, OpenID or OpenID Connect? Most of the federation systems we see today are in silos. It can be a silo of SAML federation, a silo of OpenID Connect federation or a silo of OpenID federation. Even in a given federation silo how do you scale with increasing number of service providers and identity providers? Each service provider has to trust each identity provider and this leads into the Spaghetti Identity anti-pattern.

Federation Silos and Spaghetti Identity are two anti-patterns that need to be addressed. This talk presents benefits, risks and challenges in a connected identity environment.

Event Recording
Jackson Shaw - The Convergence of IT, Operational Technology and the Internet of Things
May 13, 2015

Did you know that today, there are over 30 billion connected IoT devices? And that in 2020, that number will double? Do you know how these devices connect to the internet? To each other? To their manufacturer? How many IoT devices are used within your company? If you’re a security professional you’ll need to be able to answer these questions and more. In this session, Jackson Shaw discusses the convergence (collision?) of IoT with IT and OT, what it means to him as a consumer and what it means to us as identity and IT security professionals.

Event Recording
Cloud Contracting Risks
May 16, 2015

Cloud adoption is rapidly increasing, many organisations struggle to establish a sustainable contracting process. The one-size-fits-all aspect of cloud computing is often reflected in the limited flexibility of cloud service providers during contract negotiations. More and more organizations are left with the choice of signing standard terms and conditions. This strongly increases the need for organizations to define their contract requirements prior to selecting a cloud solution. The specific types of data (e.g. confidential data, privacy sensitive data) to be stored in the future cloud service, the related risks and applicable legal domains (e.g. data privacy, trade controls) should determine the contract requirements. These requirements have to be taken into account in order to ensure compliance with laws and regulations after accepting any terms and conditions.

Event Recording
Thom Langford - RISK is Not a @#$%&! Dirty Word!
May 15, 2015

Risk is akin to the multitude of bacteria found in the human body; without it the body does not flourish.  If you think your risk assessments and risk registers keep you safe from risk, then think again. Risk is a vital part of business, one that helps prompt correct decision making, open up greater rewards and helps grow an organisation and keep it healthy. Learn from clear examples and understand when risk can be embraces and when it can be avoided.

Event Recording
André Durand - No Security without Identity
May 13, 2015

The holy grail of security is to ensure the right people have access to the right things, always, anywhere, everywhere and all the time. Is it simply coincidence or a premonition of fate that the mission of the Identerati is to enable the same thing? With identity becoming the control point, the backplane and the new perimeter in a world with shifting borders, it's time to rethink our overall approach to information security. Identity defined security is moving to center stage and this session will explore the patterns and architectures of this new approach to security.

Event Recording
Bringing it All Together – Distributed Strategy Solutions for Distributed Risk
May 16, 2015

In evaluating distributed systems risk, the attention to data is misdirected. Rather it is the distributed nature of data management systems (and the increase in interaction volume) that increase the perception and actuality of risk. Distributed problems need distributed solutions. Applying the community of interest approach – how can your organization more effectively reduce and manage risk?