Event Recording

Panel | Identity vs Authorization - Where to Draw the Line

Show description
Speakers
Hristomir Hristov
Solutions Architect
KPMG
Hristomir Hristov
Hristomir has 15 years of experience in software development and architecture within different technological fields. For the past few years, he has been focusing on strategic implementations of the Microsoft Azure suite. These include designing different SaaS and PaaS solutions as well as...
View profile
Martin Manov
Software Architect
Cobuilder International
Martin Manov
Martin has 10 years of experience as a software developer in several industries. Currently he is a software architect at Cobuilder. In the past few years, he has been focused on integrating Azure AD B2C into Cobuilder ecosystem, design and implementation of distributed systems and migration of...
View profile
Fabian Süß
Project Manager
KuppingerCole
Fabian Süß
Fabian joined KuppingerCole‘s Events Team in July 2021 as a Project Manager, with a focus in Content and Agenda for the Cybersecurity Leadership Summit. He holds both a M. Eng. in Construction and Real Estate from the University of Applied Sciences Augsburg and an EMBA in Digital...
View profile
Playlist
European Identity and Cloud Conference 2021
Event Recording
Beyond Blockchain: New Frameworks for Data Privacy and Security
Sep 15, 2021

The reason to use biometrics as a form of identity is because they are unique, unchanging and are the one direct and unequivocal link to an individual. But what if these identifiers are compromised? This is not a hypothetical scenario as the U.S. Office of Personnel Management breach sadly taught us several years ago. For years, this has been a conundrum in the world of biometrics - to store the data in a centralized system that has to be protected or choose device-based biometrics that are not linked to a vetted physical identity. In this never-ending loop of having to choose between privacy and security, we as a society have ended up with neither. This is about to change.

There are multiple forces now converging, that are driving serious attention and urgency to solve this problem as never before - continued, massive data breaches, skyrocketing use of biometrics and the emergence of far-reaching privacy and data protection laws that put the onus on protecting personal data on the private sector.

Owning personal data, and especially biometrics, has become a hot potato. Noone wants to hold it, but it is necessary for doing business. Consumers on the other hand are asking for more control. As a result, we are seeing new frameworks emerge, frameworks that go beyond blockchain and take into account the need for holistic, decentralized identity management that binds a rooted identity to a trusted authentication key that cannot be stolen, lost or circumvented by fraudsters operating under assumed identities with stolen PII.

Join us as we take you through a journey of what these new frameworks look like and the new possibilities that emerge when there is no binary choice to be made between privacy and security. It will finally be possible to have both.

Frances Zelazny, Co-Founder & CEO, Anonybit
Event Recording
The human factor in Cyber Security - Creating a cyber aware culture
Sep 14, 2021
Alex Weishaupt, Practice Lead Cyber Security, Morgan Philips
Event Recording
The Proper Care and Feeding of Non-Human Identities
Sep 15, 2021

Non-human identities are crucial for managing access risk with IGA, especially for non-standard accounts that provide the most access risk for organizations.

Brian Iverson, Chief Product Officer, Tuebora
Event Recording
Panel | CIAM During Covid - How to Better Secure the Identities of Your Customers
Sep 14, 2021
Max Faun, Head of Consulting, Europe, Okta
Paul Fisher, Senior Analyst, KuppingerCole
Jason Goode, Regional Director – EMEA, Ping Identity
Dali Kilani, CTO, Lifen
Event Recording
Introducing ESSIF-LAB - The European Self-Sovereign Identity Framework Lab
Sep 14, 2021
Drs. Jacoba C. Sieders, Member Of The Board Of Advisors, EU SSIF-lab
Event Recording
Why We Need Guardianship in the Digital World, and How We Might Approach Delivering Guardianship Using Verifiable Credentials
Sep 14, 2021

 

Guardianship is a condition of life in human societies. When we are young we may be looked after by parents until we become adults. When we are adults we on occasions need others to look after us, and sometimes we may need increasing levels of care as we age.
In our physical world, we may recognise a guardianship role between parents and children and within families, and we may have more or less sophisticated laws to recognise instances where someone needs to take care of another for medical, financial or other needs.
While the concept of Guardianship is reasonably well developed and understood in our physical lives, it is scarcely considered in our digital lives. Very few (if any) considerations are made for the possibility that someone may need another to look after their affairs online. Without this consideration, we resort to poor approaches such as where a Guardian needs to "log in" as the dependent, without the visibility of the service provider, or has to prove their Guardianship status to a service provider who is physically remote and often in a different legal jurisdiction.
In late 2019, the Sovrin Task Force on Guardianship wrote a white paper on Guardianship considering these issues against two specific use cases: a child refugee and an adult living with dementia. A Working Group was established at the beginning of 2020 to develop these ideas further within the context of Trust over IP and has produced two key documents: an Implementation Guide to Guardianship using Verifiable Credentials, and a Technical Requirements document for Guardianship using Verifiable Credentials.
I would like to present these new pieces of work and, hopefully, engage in a discussion on guardianship in the digital world.
**Please note that this work was created by a team working with the not-for-profit Sovrin Organisation and is provided on a Creative Commons BY SA 4.0 Licence**

John Phillips, Partner, 460degrees
Event Recording
Going Passwordless and Beyond - The Future of Strong Authentication
Sep 14, 2021

The onslaught of account takeover attacks from insecure passwords is driving the rapid adoption of passwordless solutions.  While the risk reduction benefits are substantial, eliminating passwords is just the first step on the path to fundamentally strong authentication.  In the “new normal” era of work from anywhere, and rapidly increasing cloud adoption, organizations are moving to a new risk-based authentication model.  Advanced organizations are validating users, their devices, and inspecting the security posture of the device for each login.  Strong and continuous authentication is a fundamental building block of Zero Trust. Learn how you can make it happen without making the user experience miserable.

 Discussion topics include:

  • New cybersecurity and identity management requirements in the post COVID era
  • Traditional MFA vs Passwordless - avoiding the “security vs. painful user experience” tradeoff
  • Device trust and the confluence of cybersecurity and identity management
  • Continuous risk-based authentication 

Takeaways:

  • Account takeovers and other attacks have increased as a result of distributed working - adopting a solution that removes passwords removes most of the risk
  • MFA has evolved beyond the traditional “password + SMS + pin” approach
  • CISO’s and IT no longer have to trade increased security for user convenience
  • Modern devices allow organizations to leverage the Secure Enclave / Trusted Platform Module for increased security
  • Continuous, risk-based authentication is a key factor in identity and access management
Patrick McBride, Chief Marketing Officer, Beyond Identity
Event Recording
Meeting Expectations – 5 pillars for IoT project success
Sep 14, 2021

Deployment of IoT installations are accelerating as organisations seek to expand their business by adding IoT functionality to their products/service, or reduce their costs by automating processes. Unfortunately, in many cases these initiatives are not adequately executed and, as a result, do not meet expectations.

In this session we will look at 5 pillars of an IoT deployment: the Device pillar ensures we select the appropriate sensors and actuators, the Control pillar guides our decisions on controller functionality, the Communications pillar ensures we consider which options fit our required functionality and budget, the IT pillar determines the level of integration between our IT and OT environments, and the Security pillar guides our protection strategy.

A holistic approach is a success-indicator for our IoT projects.

Graham Williamson, Director APAC / Senior Analyst, KuppingerCole
Event Recording
Panel | Best Practices to integrate AI in Identity Access
Sep 14, 2021
Anne Bailey, Analyst, KuppingerCole
Fabrice Gürmann, Data & AI Specialist, Microsoft
Tobias Oberrauch, Senior AI Consultant // Leader Group at Baden-Württemberg, CGI // AI PIONEERS // German AI Association
Event Recording
Goodbye Dogmatism / Hellō Pragmatism
Sep 14, 2021

Disciples of decentralized identity have preached for years that DIDs are the only true path to giving users control over their identity, AKA self sovereign identity. The lack of widespread adoption is evidence that a more pragmatic approach is needed.

Event Recording
Why ‘Zero Trust’ is Driving an Identity Centric Security Strategy
Sep 14, 2021

As organisations continue to adopt and embrace new technology platforms, it also brings with it the requirement to reassess how these new environments are secured. The Assume Breach mindset, a key aspect of a Zero Trust, shifts the risk posture to that of applying defense against the concept that the perimeter has already been breached.

In this session, we run through the Tactics, Techniques, and Procedures used in recent breaches and highlight the commonality across them; identity compromise and privilege elevation. This analysis will highlight the importance of taking an assume breach mindset to defense and that Identity becomes central to this strategy. Further, we will then position recommendations on how to protect against Credential Theft, Lateral Movement, and Privileged Escalation across hybrid and cloud environments

Event Recording
It takes a village...
Sep 15, 2021

As a byproduct of the current activity across industry, government, and regulatory sectors, digital identity leaders face unprecedented opportunities- and challenges.

Covid has accelerated the global imperative to establish a strong and safe global digital economy that is enabled by a secure, interoperable,  digital identity ecosystem.   One of the most daunting challenges is how, where and when to start. 

The reality is that the target global ecosystem will be years in the making despite the widely held view that better identity is crucial to achieving a trusted digital-first marketplace.  The fact is that the target state is the quintessential “it takes a village” challenge.  It is this speaker’s strongly held view that the leaders who move the market now will be best positioned to substantively shape the government, regulatory and legal frameworks that might otherwise hamper ecosystem growth.

The focus of this session is to speak to the market movers in the audience and provide food-for-thought in devising a strategy to move forward.  The ‘right’ strategy will attract global relying parties, identity service providers and the digitally-enabled consumer audience writ large (‘the village.’)  The global ecosystem will take time to evolve but the time to build the foundation is now.

Donna Beatty, Digital Identity Industry Expert, Digital Identity