Event Recording

FIDO for Developers - How Developers Can Master FIDO and Passwordless Authentication Without Adding Unnecessary Complexity.

Show description
Speaker
Felix Magedanz
founder and CEO
Hanko.io
Felix Magedanz
Felix Magedanz is the founder and CEO of FIDO Alliance member company Hanko.io, based in Germany. He is an expert for multi-factor and passwordless authentication in consumer-facing applications. Before founding Hanko.io, he was Co-Founder of a German Software Services Company, working with...
View profile
Playlist
European Identity and Cloud Conference 2021
Event Recording
COVID has Accelerated Public Demand for Digital ID
Sep 13, 2021

Digital ID and Authentication Council of Canada (DIACC) research finds that three-quarters of Canadians feel that it’s important to have a secure, trusted, and privacy-enhancing digital ID to safely and securely make transactions online. As federal governments focus on post-pandemic recovery, investing in digital ID makes strong economic sense, especially for small and medium-sized businesses (SMEs). For SMEs, the impact of digital identity could be used to improve processes that are difficult today.

This is especially true in situations where businesses need to provide proof of identity to another business. Considering SMEs account for approximately 30 percent of Canada’s overall GDP ($450 billion), if we assume that the average SME could be just one percent more efficient with access to trusted digital identity, this results in a potential $4.5 billion of added value to SMEs and reinvestments in the Canadian economy. This presentation will provide a detailed overview of research performed over the course of 2 years to quantify public perception and demand for secure, interoperable, digital identity that works across the whole of the economy. 

Event Recording
Securing the Digital Double - The Path to a Trusted Digital Ecosystem
Sep 14, 2021

Digital life is a replication of the physical world in a digital ecosystem. As a result, people and things have an equal digital representation, which we call a digital double. Your digital double is active and involved in various activities, even when you take a nap. Therefore, securing the digital double is critical. 

Asanka Abeysinghe, Chief Technology Evangelist, WSO2
Event Recording
Panel | A First-Person Account of Third-Party Identity Risk Management
Sep 15, 2021

In a 2018 study by Onus & Ponemon on data risk in the third-party ecosystem, more than 75% of companies surveyed said they believe third-party cybersecurity incidents are increasing. Those companies were right to believe that.

As our world becomes more digitized, and thus more interconnected, it becomes increasingly more difficult to safeguard organizations from cybercrime. Tack on to that challenge a global pandemic that all but forced organizations to become “perimeter-less,” if they weren’t already, and the potential access points for bad actors through third-party access increases exponentially.

The problem is two-fold.

The landscape of third-party users is vast and continues to grow. From third-party non-employees like vendors, contractors and affiliates to non-human third parties like IoT devices, service accounts and bots, more organizations are engaging third parties to assist with their business operations and help them to innovate, grow faster, improve profitability, and ultimately create greater customer value – faster. On average, companies share confidential and sensitive information with more than 580 third parties and in many cases, an organization's third-party workers can actually outnumber their regular, full-time workforce.

Yet, despite the increased use of third-party workers in business, most organizations lack the proper third-party risk culture, processes, and technologies to protect themselves against the long list of third parties with access to their sensitive data and systems. Organizations have these systems in place to manage their full-time employees but lack the same level of rigor to manage these higher-risk third-parties. As a result, many third-party users are provided with more access than needed for their roles, and most disturbingly, that access is frequently not terminated when the third party no longer needs it.

Without the right third-party identity lifecycle management procedures in place, businesses unwittingly expand their attack surface, unnecessarily put sensitive information at risk, and create additional access points for hackers.

Event Recording
Meeting Expectations – 5 pillars for IoT project success
Sep 14, 2021

Deployment of IoT installations are accelerating as organisations seek to expand their business by adding IoT functionality to their products/service, or reduce their costs by automating processes. Unfortunately, in many cases these initiatives are not adequately executed and, as a result, do not meet expectations.

In this session we will look at 5 pillars of an IoT deployment: the Device pillar ensures we select the appropriate sensors and actuators, the Control pillar guides our decisions on controller functionality, the Communications pillar ensures we consider which options fit our required functionality and budget, the IT pillar determines the level of integration between our IT and OT environments, and the Security pillar guides our protection strategy.

A holistic approach is a success-indicator for our IoT projects.

Graham Williamson, Director APAC / Senior Analyst, KuppingerCole
Event Recording
The Security Debt Crisis – How to Catch Up on Past Due Patches and Neglected Risk
Sep 14, 2021

There is a common theme for many of the mega breaches of recent years – a neglect of basic cybersecurity hygiene that has resulted in a backlog of unpatched apps, misapplied configurations and overlooked tasks. This debt compounds over time and, as with financial debt can snowball to reach a point, where it becomes insurmountable. As organizations become increasingly cloud first, the risk profile from security debt further increases.

Richard Archdeacon, Advisory CISO, Duo Security
Event Recording
Why must CISOs and security leaders let IAM drive their cloud security adoption?
Sep 15, 2021

As organizations expand their cloud footprint to accelerate innovation and digital transformation, increased security risks pose an imminent and elevated threat to their growing cloud presence. The market is overwhelmed with numerous security technologies, approaches and frameworks for securing an organization’s cloud adoption journey, but security leaders and architects must meticulously assess the security risks associated with their cloud usage, migration patterns and digital interactions with customers, employees and partners to suite their business requirements and cloud security priorities.

Identity and Access Management (IAM) remains one of the key security disciplines to support digital transformation and cloud adoption objectives, by not only providing a secure identity and access foundation for the user, device and cloud-service types but also by offering additional cloud-specific security provisions that include cloud access management, cloud entitlement management, cloud privileged access and cloud access governance to its evolving technology portfolio.

In this session, we will discuss the important security tenets of an organization's cloud adoption program and how effective IAM architecture and planning can help navigate CISOs and security leaders through their cloud adoption journey.

Anmol Singh, Sr. Cloud Security Advisor, Microsoft
Event Recording
Proactive and Polymorphic Adaptation of Multi-Cloud Deployments
Sep 15, 2021

During the last couple of years, hybrid and multi-cloud solutions are becoming very popular. With the emerging cloud options, modern enterprises increasingly rely on hybrid cloud solutions to meet their computational demands by acquiring additional resources from public clouds dynamically as per their needs.

Alicja Reniewicz, Team Leader, 7bulls.com
Paweł Skrzypek, Chief Architect, 7bulls.com Sp. z o.o.
Event Recording
Using Identity in a Zero Trust Architecture
Sep 14, 2021

Zero trust requires an enterprise to identify and monitor all the network identities used in the enterprise. NIST SP 800-207 refers to a zero trust deployment pattern called “enhanced identity governance”. The National Cybersecurity Center of Excellence (NCCoE) has a project on implementing a zero trust architecture that will include enhanced identity governance. This talk will be an overview of the role of network identities in zero trust and the current status of the NCCoE project.

Scott Rose, Computer Scientist, National Institute of Standards and Technology (NIST)
Event Recording
Using Hypermedia to Adapt Client-side Login to Go Beyond Passwords
Sep 14, 2021

There are various ways that client applications may need to log in when going beyond passwords. With a username and password, client development is easy -- just collect a couple of inputs from the user and match them on the server. When going beyond these though, how can client applications be deployed and maintained in a way that the server still dictates what the client should present and obtain from the user when authenticating them?

Travis Spencer, CEO, Curity
Event Recording
From Day One to Hour One: IGA in the Era of Extreme Automation
Sep 15, 2021

Cloud capabilities are driving automation approaches that will upend traditional, linear templates for Identity Governance service delivery. This extends to everything from application/service on-boarding, provisioning and user lifecycle management workflows. In this session, Manoj will share his experience of working on automation approaches for cloud workloads and discuss what this means for the future of IGA in the era of continuous integration and delivery.

Suganya Balan, Manager – Privileged Access Management, Philip Morris International
Manoj Kumar, Director, Identity and Access Management, Philip Morris International
Event Recording
User Terms Engineering Layer for IEEE (The Institute of Electrical and Electronics Engineers)
Sep 14, 2021
Doc Searls, Co-founder and board member of Customer Commons, and Director of ProjectVRM, Harvard's Berkman Klein Center for Internet and Society
Event Recording
Picos and Decentralized SSI Agencies
Sep 15, 2021

Picos (persistent compute objects) are an actor-model programming system with long-term persistent state. Each pico also has persistent identity and availability for a cloud-native developer experience. Picos are DIDComm-enabled agents supporting SSI. Consequently, picos are capable of running specialized application protocols for any given workflow in a secure, cryptographic environment. The architecture of picos makes them independent of the runtime they executed on, holding out hope of a decentralized SSI agency. This talk introduces picos, demonstrates their DIDComm capabilities, and presents a roadmap for building a decentralized SSI agency, independent of any particular organization.

Dr. Phil Windley, Enterprise Architect, Brigham Young University