Event Recording

From Zero to Full Domain Admin: The Real-World Story of a Ransomware Attack

Show description
Speaker
Joseph Carson
Chief Security Scientist & Advisory CISO
Delinea
Joseph Carson
Joseph Carson is an award-winning cyber security professional and ethical hacker with more than 25 years’ experience in enterprise security specialising in blockchain, endpoint security, network security, application security & virtualisation, access controls and privileged access...
View profile
Playlist
European Identity and Cloud Conference 2021
Event Recording
Security and Privacy Challenges of Authentication, Verification and Authorisation of Customers
Sep 14, 2021
Sarb Sembhi, CISO, AirEye
Event Recording
Case Study: How an Entire Industry adopts Digital Enterprise Identity
Sep 15, 2021

Back in November 2013 the U.S. congress enacted the Drug Supply Chain Security Act (DSCSA). Part of the regulation is that actors within the U.S. pharmaceutical industry must verify the U.S. state license, which is issued by the U.S. Drug Enforcement Administration (DEA), status (and thus the authenticity) of every trading partner within their supply chain. And this does not stop just by direct trading partners a pharmaceutical supply chain actor might have, the regulation states, that also indirect trading partner’s U.S. state license status must be proofed.

Dr. Carsten Stöcker, Co-founder and CEO, Spherity
Event Recording
Workshop | Zero Trust & Modern Digital Workplaces
Sep 16, 2021
Event Recording
Building Mindset for Privileged Access
Sep 14, 2021

For most companies, privileged access management is associated with creating borders or limitations. Often organizations are forced to implement PAM due to the legal regulations and do not see it as an investment but rather consider cybersecurity as a cost center. Moreover, most employees think of it as another layer of control and make an assumption that the company does not trust them. 

Konstantin Krasovsky, Director EMEA, Indeed Identity
Event Recording
Going Passwordless and Beyond - The Future of Strong Authentication
Sep 14, 2021

The onslaught of account takeover attacks from insecure passwords is driving the rapid adoption of passwordless solutions.  While the risk reduction benefits are substantial, eliminating passwords is just the first step on the path to fundamentally strong authentication.  In the “new normal” era of work from anywhere, and rapidly increasing cloud adoption, organizations are moving to a new risk-based authentication model.  Advanced organizations are validating users, their devices, and inspecting the security posture of the device for each login.  Strong and continuous authentication is a fundamental building block of Zero Trust. Learn how you can make it happen without making the user experience miserable.

 Discussion topics include:

  • New cybersecurity and identity management requirements in the post COVID era
  • Traditional MFA vs Passwordless - avoiding the “security vs. painful user experience” tradeoff
  • Device trust and the confluence of cybersecurity and identity management
  • Continuous risk-based authentication 

Takeaways:

  • Account takeovers and other attacks have increased as a result of distributed working - adopting a solution that removes passwords removes most of the risk
  • MFA has evolved beyond the traditional “password + SMS + pin” approach
  • CISO’s and IT no longer have to trade increased security for user convenience
  • Modern devices allow organizations to leverage the Secure Enclave / Trusted Platform Module for increased security
  • Continuous, risk-based authentication is a key factor in identity and access management
Patrick McBride, Chief Marketing Officer, Beyond Identity
Event Recording
The impact of agile on progressing Identity Security
Sep 14, 2021

After applying an agile way of working for the last three years the Rabobank Identity & Access Management service has gone through a transformation. The increased autonomy of teams, using backlogs with prioritized epics, applying agile rituals in order to create space for growth in applying agile principles, all of these have affected how IAM services are developed and delivered. Where the arena is uncertain and customers have a somewhat-defined request the agile, iterative approach works. Yet where the arena is regulatory governed and compliance driven an agile approach works less. The impact of incidents in a 24x7 security service immediately reflects itself on the development of the service when a devops team is used. The strain between waterfall project management and this agile approach is not instrumental but conceptual. Aligning expectations with the wider organization is a challenge in itself. This presentation will demonstrate the pros and cons of agile on IAM.

Agile pitfalls
Alignment with the wider organization (using waterfall and deadlines)
Where agile works well and where it does not
Countering the management drive for 'new and improved', whilst also applying agile

Henk Marsman, Lead Product Manager IAM, Rabobank
Event Recording
Panel | Digital Identities and IoT - How to Leverage OIDC and OAuth 2.0 for the Best User Experience and Security! IAM Related Experiences From the Automob
Sep 15, 2021

A lot of innovation around physical products is created by connectivity, allowing them to become part of the consumer's larger digital ecosystem and the providing enterprise. Gartner says in its megatrends for the next decade: "Anything costing more than a few USD will be "intelligent and networked". Examples are electronic wall boxes to charge cars or remote-control for dishwashers, cars, etc.
Several compelling use cases require smart things to act not only for themselves but also on behalf of the end-user. OpenID Connect and OAuth 2.0 can be used to provide a user-friendly and secure user journey. Learn about the experiences with these standards when it is about IoT and how Identity & Access Management products help to reduce time-to-market, costs, and inconsistency between different touchpoints.

Key Takeaways: 

- What are the essential protocols to bring identity and IoT together
- What are the challenges, best practices, and pitfalls of IoT projects
- Arguments for buy or build

Fulup Ar Foll, Founder and Lead Architect, IoT.bzh
Andre Priebe, CTO, iC Consult Group
Graham Williamson, Director APAC / Senior Analyst, KuppingerCole
Event Recording
Securing the Privacy of Non-logged in Devices
Sep 14, 2021

Many services across the web today allow users to consume the service without explicitly signing up. They generally identify users by a cookie containing a unique browser-id and store user data against it.

George Fletcher, Identity Standards Architect, Verizon Media Group
Deepak Nayak, Privacy platforms Architect, Verizon Media
Event Recording
Panel | Futureproofing Pharmaceutical Supply Chain Security
Sep 14, 2021
Bob Celeste, Founder, Center for Supply Chain Studies
Jeffery Denton, Vice President, Global Secure Supply Chain, AmerisourceBergen
Georg Jürgens, Manager Industry Solutions, Spherity
David Kessler, President, Legisym
David Mason, Supply Chain Compliance and Serialization Lead, Novartis
Gena Morgan, Strategic Consultant, GS1 US
Dr. Oliver Nürnberg, Chief Product Owner, SAP Life Sciences
Event Recording
Better Living Through Centralized IAM Policy Decisions
Sep 14, 2021
Stephen Hutchinson, Board Member & VP of Security Architecture, IDPro & MUFG
Event Recording
Cloud without Compromise: Identity-Centric Security that Mitigates Modern Risks
Sep 13, 2021

Is your IGA strategy keeping up with modern threats? Novel attack methods are revealed daily, compliance requirements never stop evolving, and how and where we work has forever escaped the traditional office. As a result, organizations require more flexibility than ever to protect what matters most. You shouldn’t have to compromise functionality nor security levels because your IT resources and people operate on-premises, in the cloud or in a hybrid environment. The point is that you don’t need to.

Don’t miss this 20-minute keynote address by One Identity’s Rima Pawar, VP of Product Management, as she discusses the secret fears of many CISOs and other senior IT leadership and how an identity-centric security strategy can mitigate modern threats and help IT executives sleep at night. Topics will include best practices to extend security beyond the traditional perimeter; how to take an identity-centric approach to security; as well as hear how your peers are pursuing Zero Trust strategies.

Event Recording
Digital Onboarding Game Change: Face Verification and Liveness Detection
Sep 15, 2021

2020 will be eternally known as “The Year of COVID.” It will also be known as the year remote digital onboarding was near instantaneously transformed from a strategic, forward-thinking business development objective to an urgent, mission critical business priority. This has accelerated the adoption of biometric face recognition and liveness detection to create secure, trusted, and frictionless onboarding experiences.

The market landscape is being shaped by a range of innovators. From biometric face recognition and liveness technology providers to targeted digital onboarding and identity verification platforms, to the identity BIG THREE: IDEMIA, NEC, and Thales; everyone wants in. The market is heating up as the stakes couldn't be higher.

Using Acuity’s proprietary Constellation market landscape model as context, the current state of play will be evaluated in terms of the key market sectors, drivers, challenges, and opportunities for real world problem solving and disruptive innovation.

C. Maxine Most, Principal, Acuity Market Intelligence