Event Recording

Multi-Cloud Multi-Hybrid IT: How to Make your Digital Business Fly

Show description
Martin Kuppinger
Principal Analyst
Martin Kuppinger
Martin Kuppinger is Founder and Principal Analyst at KuppingerCole, a leading analyst company for identity focused information security, both in classical and in cloud environments. Prior to KuppingerCole, Martin wrote more than 50 IT-related books and is known  as a widely-read columnist...
View profile
European Identity and Cloud Conference 2021
Event Recording
Balancing User Experience, Privacy and Business Requirements – Learnings From Social CRM
Sep 14, 2021

Based on our research about critical privacy areas in Social CRM I could present solutions and discuss further potentials provided by upcoming technologies and resulting requirement on privacy management systems.
Social CRM is a bit special as indeed many applications and processes areas are still in legally grey area, without established and accepted standards. Users tend to ignore this fact as many applications and process provide a value for them and/or are comfortable. Based on this specific setup I could build up the discussion and presentation.
This presentation would be more a discussion to show potential solutions and not the presentation of a specific solution

Dr. Olaf Reinhold, Board Member, Researcher, Social CRM Research Center e.V.
Event Recording
Future proofing national eID
Sep 14, 2021

How to future proof a national eID scheme where 13 registered commercial IdPs, 1 government IdP and several brokers operate?

Petteri Ihalainen, Senior Specialist, National Cyber Security Centre, Finland
Event Recording
From Zero to Full Domain Admin: The Real-World Story of a Ransomware Attack
Sep 15, 2021
Joseph Carson, Chief Security Scientist & Advisory CISO, Thycotic
Event Recording
Integrated Intelligence – Combining Human and Artificial Intelligence for Competitive Advantage
Sep 14, 2021

Many companies from diverse industries increasingly rely on AI for strengthening their efficiency by automating jobs. Many of these advanced automation tools, however, currently become standard applications. Consequently, an isolated use of these tools will not enable companies to gain a competitive advantage. This presentation builds on an intelligence-based view of firm performance and the ‘Integrated Intelligence’ approach, which highlights the need to integrate AI with specific human expertise to outperform competitors and to transform a firm’s intelligence architecture. It further discusses the leadership implications for general managers and offers a systematic framework for generating growth and innovation beyond automation and efficiency. The ‘I3 – Integrated Intelligence Incubator’ provides executives with a toolset for developing appropriate strategic initiatives for intelligence-based future competition.

Prof. Dr. Ulrich Lichtenthaler, Professor of Management and Entrepreneurship, International School of Management
Event Recording
The Ethical Part of AI Governance
Sep 15, 2021

The Ethical Part of AI Governance – my personal learning journey

This talk is about my personal learning journey in AI and AI Ethics together with Bosch. I want to share what brought me to AI and AI Ethics personally and professionally and what instrument is used at Bosch to bring AI Ethics to life.

Sina Brandstetter, Software Engineer and Solution Architect, Robert Bosch GmbH
Event Recording
Entitlement Management across Hybrid Cloud for Security & Compliance
Sep 14, 2021

Companies across the globe are undergoing digital transformation. The main challenge with this approach is the ability to securely manage access for on-premise, cloud and SaaS applications. Entitlement Management across this hybrid landscape requires management of cloud assets, IAM profiles, groups, roles and entitlements in support of Identity Lifecycle Management, Access Management, and Access Governance.

Workloads have been running in the cloud since the last decade or so. AWS, GCP and Azure have replaced traditional data centers and companies continue to migrate their production workloads to cloud at blistering pace. So, what changed? Firstly, we are starting to realize that this cloud infrastructure model necessitates a different type of identity and access management solutions as native solutions don’t cover multi-cloud IaaS model and traditional IGA solutions fall short in their scope. Secondly, business goals and priorities are driving engineering teams to work on initiatives without formal approval and oversight. With IaaS it is easy to spin up an instance, assign various resources. As organizations aren’t centrally controlling these spin offs, any vulnerabilities in this growing shadow IT is a target for hackers.

SecurEnds enables entitlement management across hybrid cloud assets for security and compliance.

1. Provide visibility over hybrid-cloud assets
Discover all identities, service accounts, IAM users, roles and policies within single or hybrid cloud the IaaS infrastructure.
See the granular permissions held by IAM Users, Roles and Service Accounts. This is important to define least privilege policies.
2. Provide governance over hybrid-cloud assets
Enforce least privilege policies across all cloud identities to avoid privilege creep.
Routine audits of configurations across cloud environments helps with policy enforcement and compliance.
3: Provide remediation over hybrid-cloud assets
Post identity review kick off automation to rectify privileges

Austin Baker, Director of Sales, SecurEnds
Event Recording
Evolution of User Centricity in Customer IAM
Sep 14, 2021

The transformation of the IAM landscape of a Multi Service Provider is taking shape.

Rolf Hausammann, Head of Identity and Access Management, Swisscom
Event Recording
Why We Need Guardianship in the Digital World, and How We Might Approach Delivering Guardianship Using Verifiable Credentials
Sep 14, 2021


Guardianship is a condition of life in human societies. When we are young we may be looked after by parents until we become adults. When we are adults we on occasions need others to look after us, and sometimes we may need increasing levels of care as we age.
In our physical world, we may recognise a guardianship role between parents and children and within families, and we may have more or less sophisticated laws to recognise instances where someone needs to take care of another for medical, financial or other needs.
While the concept of Guardianship is reasonably well developed and understood in our physical lives, it is scarcely considered in our digital lives. Very few (if any) considerations are made for the possibility that someone may need another to look after their affairs online. Without this consideration, we resort to poor approaches such as where a Guardian needs to "log in" as the dependent, without the visibility of the service provider, or has to prove their Guardianship status to a service provider who is physically remote and often in a different legal jurisdiction.
In late 2019, the Sovrin Task Force on Guardianship wrote a white paper on Guardianship considering these issues against two specific use cases: a child refugee and an adult living with dementia. A Working Group was established at the beginning of 2020 to develop these ideas further within the context of Trust over IP and has produced two key documents: an Implementation Guide to Guardianship using Verifiable Credentials, and a Technical Requirements document for Guardianship using Verifiable Credentials.
I would like to present these new pieces of work and, hopefully, engage in a discussion on guardianship in the digital world.
**Please note that this work was created by a team working with the not-for-profit Sovrin Organisation and is provided on a Creative Commons BY SA 4.0 Licence**

John Phillips, Partner, 460degrees
Event Recording
"That’s Not Fair!": Detecting Algorithmic Bias with Open-Source Tools
Sep 15, 2021

The harm that the misuse of AI/ML can have is obvious, from the ProPublica Recidivism piece from 2016 to the latest discovery of bias in facial recognition classifiers by Joy Buolamwini.


The need for tools to use AI/ML ethically is concentrated in two particular areas: transparency and fairness. Transparency involves knowing why an ML system came to the conclusion that it did—something that is essential if we are to identity bias. In some forms of ML, this is difficult. We’ll cover two tools to assist with transparency: LIME and SHAP. We’ll highlight where each of these tools performs well and poorly, and provide recommendations for utilizing them in unison where appropriate.


Once transparency is established, we’ll pause to evaluate potential sources of bias that would affect the fairness of a particular algorithm. Here the number of tools available is far-reaching. We’ll start with an explanation of bias metrics, explaining the roles that true/false positives and true/false negatives play in calculating various accuracy metrics. The basics of fairness established, then we will explore various tools used against a few, publicly available sample ML implementations. Tools in this review will include: Aequitas, AIF360, Audit-AI, FairML, Fairness Comparison, Fairness Measures, FairTest, Themis™, and Themis-ML. We’ll compare these tools, providing recommendations on their usage and profiling their strengths and weaknesses.

Mike Kiser, Senior Identity Strategist, SailPoint
Event Recording
What are the benefits of handling external users in IGA?
Sep 15, 2021

Most of the companies today are handling all external users with HR processes using HR systems, which can cause friction and inefficiency when managing external users' lifecycle. 

Lauri Reunamäki, Partner, Business Operations, Lempinen & Partners
Event Recording
Picos and Decentralized SSI Agencies
Sep 15, 2021

Picos (persistent compute objects) are an actor-model programming system with long-term persistent state. Each pico also has persistent identity and availability for a cloud-native developer experience. Picos are DIDComm-enabled agents supporting SSI. Consequently, picos are capable of running specialized application protocols for any given workflow in a secure, cryptographic environment. The architecture of picos makes them independent of the runtime they executed on, holding out hope of a decentralized SSI agency. This talk introduces picos, demonstrates their DIDComm capabilities, and presents a roadmap for building a decentralized SSI agency, independent of any particular organization.

Dr. Phil Windley, Enterprise Architect, Brigham Young University
Event Recording
Identity Management as a Service - What it is and How to Build One
Sep 14, 2021

I considered myself quite an experienced programmer and having some expertise in Identity management when I was hired by Swedbank to work as full time Identity engineer. Besides projects, I had assignment to describe an architecture of the IAM as a service from my manager. Honestly, I had no clue about how to envision it. I tried to assemble standards and squeeze something out from practices and papers. But these were not really all my ideas and I did not feel much confident. But something started to happen in few last years when we had a very hard time implementing our IAM project (believe or not, it was successful). We had to answer hundred times to questions "why", "what" and "how". And finally the blueprint of the architecture of IAM as a service appeared from the mist. It is not one and only, because same size does not fit for all. Still, I do not agree that there are indefinite number of possible solutions. I think similar enterprises and engineers may find this presentation useful to draw their own blueprints.

IAM projects start usually from implementing baseline IAM processes - joiners, leavers, movers. Because this is what is usually most needed. But then you will get asked for more - identity data, events, other services. This is what makes up IAM as a service.

Neeme Vool, Software Engineer, Swedbank