Event Recording

Integrating IoT With SSI-Enabled Technologies For Healthcare

Show description
Speaker
Dr. Christos Patsonakis
Postdoctoral Research Associate
The Centre for Research & Technology Hellas
Dr. Christos Patsonakis
Dr. Christos Patsonakis is a postdoctoral research associate at CERTH/ITI. He received his BSc from the Department of Informatics and Telecommunications of the National and Kapodistrian University of Athens in 2010. He received his MSc on Computer Systems Technologies with honorary excellence...
View profile
Playlist
European Identity and Cloud Conference 2021
Event Recording
Continuous ZeroTrust as a Way To Know Your User
Sep 14, 2021

Organisations perceive their users through data. In the world of fewer and fewer opportunities for physical contact, identity verification is going all remote. All online service providers need to model the risks related to user impersonation and user manipulation attacks.
In this talk, we will dig through the classical methods of Knowing Your User through the static data:
Authentication
Coupling the session with the device
Checking the network environment
Next, I will present manipulation methods related to data spoofing to express the business impact. Usual scenarios are primarily associated with rewards in the form of money for the attackers.
Time-series data analysis and the impact on the business and customer experience will be presented to show the way forward in the adaptive risk management context.
Finally, food for thought related to the standardisation of behavioural biometrics that is getting more and more attention as one of the defence methods will be shared to show that we need Zero Trust and a way to verify if and how the vendor products are working.

Static data can be easily spoofed. Dynamic data analysis (mainly in a time series manner) is the way to go.
Data resilience related to side-channel time series data analysis.
Zero Trust is also about not trusting your data sources and all the environment related to it.
Behavioural biometrics strives for standardisation.

Mateusz Chrobok, VP of Innovation, Revelock
Event Recording
From a Business Centric Consent Management Paradigm to a User Centric One
Sep 14, 2021

I today's digital world (post EU DMA, DSA, DGA regulation proposals (now tabled in EU Parliament for legislative approval by 2023), GAIAx birth in Europe and eprivacy new regulations adoption, the hard line separation between personal and non personal data is blurring and companies have yet understood what this means for them. While they thought that only personal data needed to be consented, now it's all the data that need the consent log prof for each digital identity they get associated to. Europeans have also created a new "notion" of cloud (GaiaX). A cloud where data can circulate freely, can be shared and mutualised (upon consent). This will have implications. Huge implications as GaiaX carries the option to "import/acquire" data also originated from other entities (including from outside Europe). The transfer mechanism will only be possible upon user express consent, voluntarily. User will need to be incentivised to agree to share. Since transfer can only be performed by users, and with consent, that will in fact open up to a secondary data market which sees the consent log representing a "transaction event'. Hence privacy will exit the framework compliance to enter the framework of "strategy and business development'. The contextual "data" hunt can begin (vs big data paradigm which fades aways). The de-monopolisation of consumer data, too.

Insights in how the new european digital policy opens to new business (data driven) opportunities;

Explanation of what market what solutions are available (commercial) to deploy (large or small companies, pubic sector, etc) to meet this important shift in data monetization strategies

Get access to information about partnerships/research projects linked to data portability implementation

Isabella de Michelis di Slonghello, CEO and founder, ErnieApp
Event Recording
Securing the Privacy of Non-logged in Devices
Sep 14, 2021

Many services across the web today allow users to consume the service without explicitly signing up. They generally identify users by a cookie containing a unique browser-id and store user data against it.

George Fletcher, Identity Standards Architect, Verizon Media Group
Deepak Nayak, Privacy platforms Architect, Verizon Media
Event Recording
Panel | Digital Identities and IoT - How to Leverage OIDC and OAuth 2.0 for the Best User Experience and Security! IAM Related Experiences From the Automob
Sep 15, 2021

A lot of innovation around physical products is created by connectivity, allowing them to become part of the consumer's larger digital ecosystem and the providing enterprise. Gartner says in its megatrends for the next decade: "Anything costing more than a few USD will be "intelligent and networked". Examples are electronic wall boxes to charge cars or remote-control for dishwashers, cars, etc.
Several compelling use cases require smart things to act not only for themselves but also on behalf of the end-user. OpenID Connect and OAuth 2.0 can be used to provide a user-friendly and secure user journey. Learn about the experiences with these standards when it is about IoT and how Identity & Access Management products help to reduce time-to-market, costs, and inconsistency between different touchpoints.

Key Takeaways: 

- What are the essential protocols to bring identity and IoT together
- What are the challenges, best practices, and pitfalls of IoT projects
- Arguments for buy or build

Fulup Ar Foll, Founder and Lead Architect, IoT.bzh
Andre Priebe, CTO, iC Consult Group
Graham Williamson, Director APAC / Senior Analyst, KuppingerCole
Event Recording
Panel | A First-Person Account of Third-Party Identity Risk Management
Sep 15, 2021

In a 2018 study by Onus & Ponemon on data risk in the third-party ecosystem, more than 75% of companies surveyed said they believe third-party cybersecurity incidents are increasing. Those companies were right to believe that.

As our world becomes more digitized, and thus more interconnected, it becomes increasingly more difficult to safeguard organizations from cybercrime. Tack on to that challenge a global pandemic that all but forced organizations to become “perimeter-less,” if they weren’t already, and the potential access points for bad actors through third-party access increases exponentially.

The problem is two-fold.

The landscape of third-party users is vast and continues to grow. From third-party non-employees like vendors, contractors and affiliates to non-human third parties like IoT devices, service accounts and bots, more organizations are engaging third parties to assist with their business operations and help them to innovate, grow faster, improve profitability, and ultimately create greater customer value – faster. On average, companies share confidential and sensitive information with more than 580 third parties and in many cases, an organization's third-party workers can actually outnumber their regular, full-time workforce.

Yet, despite the increased use of third-party workers in business, most organizations lack the proper third-party risk culture, processes, and technologies to protect themselves against the long list of third parties with access to their sensitive data and systems. Organizations have these systems in place to manage their full-time employees but lack the same level of rigor to manage these higher-risk third-parties. As a result, many third-party users are provided with more access than needed for their roles, and most disturbingly, that access is frequently not terminated when the third party no longer needs it.

Without the right third-party identity lifecycle management procedures in place, businesses unwittingly expand their attack surface, unnecessarily put sensitive information at risk, and create additional access points for hackers.

Event Recording
From top-down ecosystems to collaborative ones
Sep 14, 2021
Traditional identity and access management solutions built so far on the trust for selected identity providers and their adoption from an ecosystem of identity owners and identity verifiers. The decentralized identity paradigm is disrupting these ecosystems and required more democratic collaboration and competition among a number of identity and credential issuers, identity owners, and verifiers selecting and using them. This requires not only to design and implement new technologies but also to identify new business opportunities and business models. Collaboration, experimentation, and evaluation are the road to adoption, and the EU collaborative H2020 research and innovation framework offers the opportunity to de-risk such collaborations, in favor of innovation.
This talk will present the activities and lessons from three EU collaborations, CityExhcange, ENSURESEC and ORCHRESTRA, generating innovation with the adoption of decentralized identities for individuals, things, and organizations among complex stakeholders ecosystems in the smart energy, e-commerce, and smart transport domains.

 

Dr. Michele Nati, Head of Telco and Infrastructure Development, IOTA Foundation
Event Recording
The Rise of An Identity-Native Web 3.0 World
Sep 15, 2021

Identity is a fundamental element in the traditional world to associate information to the same individuals. As we leave more and more digital footprints in the world of Internet, these information are giving birth to our digital profiles, raising issues of privacy protection, monetization of data, identity theft and more. While in this presentation, we revisit the manifestation and formation of identity in the incoming world of Web 3.0, and discover how the native citizens of Web 3.0 are forming their own identities and reputations with native behavior data that are distributed, interoperable, and self-sovereign.

Gloria Wu, Chief of Ecosystem Partnerships, Ontology
Event Recording
Four Steps to a Next Generation PAM Solution
Sep 14, 2021

Four simple steps to the perfect PAM.

Stefan Schweizer, Vice President, Sales – DACH, ThycoticCentrify
Event Recording
Panel | From Piecemeal to Strategic Priority: What CISOs need to know about CIEM
Sep 15, 2021

CIEM (Cloud Infrastructure Entitlement Management) is a SAAS delivered, converged approach to next generation, ideally AI driven multi-cloud security, managing access and privileges in the cloud. It is playing across the disciplines Identity Management & Governance, Access, Privilege Management and Authentication, addressing the complexity of multi-cloud adoption with privilege & access management working differently for each provider.

Gerry Gebel, Head of Standards, Strata Identity, Inc
David Higgins, EMEA Technical Director, CyberArk
Jon Lehtinen, Director, Okta
Patrick Parker, Founder and CEO, EmpowerID
Matthias Reinwarth, Lead Advisor & Senior Analyst, KuppingerCole
Event Recording
The Future of IoT Security
Sep 15, 2021

Speaker: Graham Williamson

Event Recording
Panel | Best Practices to Implement Security Automation
Sep 15, 2021
Alexei Balaganski, Lead Analyst, KuppingerCole
Joseph Carson, Chief Security Scientist & Advisory CISO, Thycotic
Christopher Schütze, Director Practice Cybersecurity and Lead Analyst, KuppingerCole
Event Recording
Entitlement Management across Hybrid Cloud for Security & Compliance
Sep 14, 2021

Companies across the globe are undergoing digital transformation. The main challenge with this approach is the ability to securely manage access for on-premise, cloud and SaaS applications. Entitlement Management across this hybrid landscape requires management of cloud assets, IAM profiles, groups, roles and entitlements in support of Identity Lifecycle Management, Access Management, and Access Governance.

Workloads have been running in the cloud since the last decade or so. AWS, GCP and Azure have replaced traditional data centers and companies continue to migrate their production workloads to cloud at blistering pace. So, what changed? Firstly, we are starting to realize that this cloud infrastructure model necessitates a different type of identity and access management solutions as native solutions don’t cover multi-cloud IaaS model and traditional IGA solutions fall short in their scope. Secondly, business goals and priorities are driving engineering teams to work on initiatives without formal approval and oversight. With IaaS it is easy to spin up an instance, assign various resources. As organizations aren’t centrally controlling these spin offs, any vulnerabilities in this growing shadow IT is a target for hackers.

SecurEnds enables entitlement management across hybrid cloud assets for security and compliance.

1. Provide visibility over hybrid-cloud assets
Discover all identities, service accounts, IAM users, roles and policies within single or hybrid cloud the IaaS infrastructure.
See the granular permissions held by IAM Users, Roles and Service Accounts. This is important to define least privilege policies.
2. Provide governance over hybrid-cloud assets
Enforce least privilege policies across all cloud identities to avoid privilege creep.
Routine audits of configurations across cloud environments helps with policy enforcement and compliance.
3: Provide remediation over hybrid-cloud assets
Post identity review kick off automation to rectify privileges

Austin Baker, Director of Sales, SecurEnds