Event Recording

From top-down ecosystems to collaborative ones

Show description
Speaker
Dr. Michele Nati
Head of Telco and Infrastructure Development
IOTA Foundation
Dr. Michele Nati
Michele Nati, PhD is Head of Telco and Infrastructure Development at IOTA Foundation. Michele is responsible to drive IOTA innovation in the Telco Sector.  Before joining the IOTA Foundation, Michele worked as Lead Technologist for Data and Trust at...
View profile
Playlist
European Identity and Cloud Conference 2021
Event Recording
Security and Privacy Challenges of Authentication, Verification and Authorisation of Customers
Sep 14, 2021
Sarb Sembhi, CISO, AirEye
Event Recording
Zero Trust Use Cases
Sep 14, 2021

Zero Trust Use Cases: a pragmatic look from well-known use cases to lesser known ones. Focus will be on real world examples and situations proven in practice rather than on formal compliance. Further on we will have some critical thoughts on this topic.

 

Key Topics:

* What is Zero Trust?

* Some appliances for Zero Trust

              - Well-known use case: Web shop

              - Current use cases: Bring-your-own-device, Bring-your-own-account

              - Further use cases: Micro-segmentation, cloudification

* Some critical thoughts on non-deterministic systems

Eleni Richter, Chief Architect, EnBW
Event Recording
Using Identity in a Zero Trust Architecture
Sep 14, 2021

Zero trust requires an enterprise to identify and monitor all the network identities used in the enterprise. NIST SP 800-207 refers to a zero trust deployment pattern called “enhanced identity governance”. The National Cybersecurity Center of Excellence (NCCoE) has a project on implementing a zero trust architecture that will include enhanced identity governance. This talk will be an overview of the role of network identities in zero trust and the current status of the NCCoE project.

Scott Rose, Computer Scientist, National Institute of Standards and Technology (NIST)
Event Recording
Panel | Global AI Governance: World Stage
Sep 15, 2021

Recent years have seen significant Artificial Intelligence (AI) development across all domains of business and society. This panel aims to bring attention to societal impacts of AI – benefits and challenges, by bringing thought leaders and practitioners from different parts of the world to leverage diverse viewpoints around AI governance that continue to drive AI development across borders. 

Anne Bailey, Analyst, KuppingerCole
Armin Bauer, Managing Director Technology and Founder, IDnow GmbH
Al Lynn, Vice President Emerging Technology and Incubation, Cisco
Event Recording
Entitlement Management across Hybrid Cloud for Security & Compliance
Sep 14, 2021

Companies across the globe are undergoing digital transformation. The main challenge with this approach is the ability to securely manage access for on-premise, cloud and SaaS applications. Entitlement Management across this hybrid landscape requires management of cloud assets, IAM profiles, groups, roles and entitlements in support of Identity Lifecycle Management, Access Management, and Access Governance.

Workloads have been running in the cloud since the last decade or so. AWS, GCP and Azure have replaced traditional data centers and companies continue to migrate their production workloads to cloud at blistering pace. So, what changed? Firstly, we are starting to realize that this cloud infrastructure model necessitates a different type of identity and access management solutions as native solutions don’t cover multi-cloud IaaS model and traditional IGA solutions fall short in their scope. Secondly, business goals and priorities are driving engineering teams to work on initiatives without formal approval and oversight. With IaaS it is easy to spin up an instance, assign various resources. As organizations aren’t centrally controlling these spin offs, any vulnerabilities in this growing shadow IT is a target for hackers.

SecurEnds enables entitlement management across hybrid cloud assets for security and compliance.

1. Provide visibility over hybrid-cloud assets
Discover all identities, service accounts, IAM users, roles and policies within single or hybrid cloud the IaaS infrastructure.
See the granular permissions held by IAM Users, Roles and Service Accounts. This is important to define least privilege policies.
2. Provide governance over hybrid-cloud assets
Enforce least privilege policies across all cloud identities to avoid privilege creep.
Routine audits of configurations across cloud environments helps with policy enforcement and compliance.
3: Provide remediation over hybrid-cloud assets
Post identity review kick off automation to rectify privileges

Austin Baker, Director of Sales, SecurEnds
Event Recording
Secrets in the Clouds: The Journey of Digital Vaults to Cloud
Sep 15, 2021

When we traditionally think of vaults, we expect them to be in the close vicinity of a user. In our rapidly digitising world, the nature of such vaults have transformed as well. Data *(or Password, whichever word you think is correct)* vaults which are expected to be located on premises are now digital, making ownership of these vaults and access to these vaults critical functions for an organisation. The Cloud hosts a lot of secrets and this journey of vaults becoming digital and part of Cloud Environments is nothing but fascinating.

Anil Bhandari, Chief Mentor & Thought Leader, ARCON TechSolutions
Event Recording
Data Privacy
Sep 14, 2021

Do people really care about data privacy?

Jason Smith, Chief Commercial Officer, Meeco
Event Recording
The State of Strong Authentication
Sep 15, 2021

The FIDO Alliance was launched in 2013 with the audacious goal: to change the very nature of authentication. To move the entire world away from usernames and passwords and traditional multi-factor authentication with an open and free web standard that makes authentication simpler and stronger. It’s 2021, so why are passwords still persisting? The session will answer that question, and detail the progress that has been made towards standardizing strong authentication and the opportunity for companies to start on a journey past passwords.

Join Andrew Shikiar, executive director of FIDO Alliance, as we look the past year from the FIDO standards lens, including:
-- The impacts of Covid-19 on digital transformation plans and securing remote workforces & where strong authentication has fit in
-- Progress global organizations have made toward going truly passwordless
-- Considerations for strong authentication when seeking compliance with regulation such as PSD2 SCA
-- What other areas, such as identity verification, that need to be strengthened to better secure the web

-- Attendees will understand how a global pandemic affected companies' digital transformation plans, including strong authentication projects

Key Takaways: 


-- Attendees will learn the status of efforts to standardize strong authentication, and where support stands today
-- Attendees will be able to analyze their strong authentication options for complying with regulation like PSD2 SCA
-- Attendees will be able to explain how identity verification and authentication relate, and efforts in motion to better secure both areas

Andrew Shikiar, Executive Director and Chief Marketing Officer, FIDO Alliance
Event Recording
Panel | APIs - Where Security Meets Identity Management
Sep 14, 2021

Traditional IAM models have focused on users, policies, and roles, which met the needs of web applications in years past but as application development has evolved to APIs, an innovative approach to identity management is required. It is no longer just users, roles, and permissions. APIs must be integrated into the identity and access management framework to ensure adequate governance and security.

Within an API there is a requestor (often on behalf of a user), a service (API), and the data that is being passed. All these entities in the transaction require unique identity and authorization; without identity, compliance and enforcement mandates cannot be met effectively and without authorization, there is a free-for-all on your APIs reminiscent of Cambridge Analytica and Facebook.

In this session, we will look at how rapid digitalization (first and third-party APIs + multi-or hybrid-cloud environments) has complicated security efforts, the role of API integration in data governance, and how companies can best navigate the heightened cyber-threat environment we find ourselves in today.

- Why API security requires more than traffic policy management and course-grained enforcement.
- Why APIs need to be integrated into the identity and access management framework to ensure adequate governance and security.
- How companies can reduce the burden on developers to allow for a proactive approach to API security instead of reactive.

Nathanael Coffing, Co-Founder, CSO and Board Member, Cloudentity
Gal Helemski, Co-Founder & CIPO, PlainID
David Martinache, Manager, Wavestone
Fabian Süß, Project Manager, KuppingerCole
Event Recording
The Future of Blockchain in the Enterprise
Sep 15, 2021

Looking at the digital transformation in the industries and the relevance Blockchain / DLT will have.

Moritz von Bonin, Head of Blockchain & DLT Solutions, Deutsche Bahn
Event Recording
Panel | Futureproofing Pharmaceutical Supply Chain Security
Sep 14, 2021
Bob Celeste, Founder, Center for Supply Chain Studies
Jeffery Denton, Vice President, Global Secure Supply Chain, AmerisourceBergen
Georg Jürgens, Manager Industry Solutions, Spherity
David Kessler, President, Legisym
David Mason, Supply Chain Compliance and Serialization Lead, Novartis
Gena Morgan, Strategic Consultant, GS1 US
Dr. Oliver Nürnberg, Chief Product Owner, SAP Life Sciences
Event Recording
"That’s Not Fair!": Detecting Algorithmic Bias with Open-Source Tools
Sep 15, 2021

The harm that the misuse of AI/ML can have is obvious, from the ProPublica Recidivism piece from 2016 to the latest discovery of bias in facial recognition classifiers by Joy Buolamwini.

 

The need for tools to use AI/ML ethically is concentrated in two particular areas: transparency and fairness. Transparency involves knowing why an ML system came to the conclusion that it did—something that is essential if we are to identity bias. In some forms of ML, this is difficult. We’ll cover two tools to assist with transparency: LIME and SHAP. We’ll highlight where each of these tools performs well and poorly, and provide recommendations for utilizing them in unison where appropriate.

 

Once transparency is established, we’ll pause to evaluate potential sources of bias that would affect the fairness of a particular algorithm. Here the number of tools available is far-reaching. We’ll start with an explanation of bias metrics, explaining the roles that true/false positives and true/false negatives play in calculating various accuracy metrics. The basics of fairness established, then we will explore various tools used against a few, publicly available sample ML implementations. Tools in this review will include: Aequitas, AIF360, Audit-AI, FairML, Fairness Comparison, Fairness Measures, FairTest, Themis™, and Themis-ML. We’ll compare these tools, providing recommendations on their usage and profiling their strengths and weaknesses.

Mike Kiser, Senior Identity Strategist, SailPoint