Event Recording

Security and Privacy Challenges of Authentication, Verification and Authorisation of Customers

Show description
Speaker
Sarb Sembhi
CTO
Virtually Informed
Sarb Sembhi
Sarb speaks, writes and contributes to global security events and publications. He was the Workstream Lead for Thought Leadership of UK Cyber Security Council Formation Project and is the Co-Vice Chair of the Smart Buildings Working Group of the IoT Security Foundation. He advises and sits on...
View profile
Playlist
European Identity and Cloud Conference 2021
Event Recording
Customer External Digital Identity, What is it, What can you use it for and Should you Play
Sep 15, 2021

The debate on Customer External Digital Identity has reached fever pitch. This session takes a step back and looks at how Customer External Digital Identity can enable Trust between individuals and organisations in many sectors, what that allows organisations and individuals to do and also looks at the different roles that you might choose for your organisation.

Martin Ingram, Product Owner, Identity Services, NatWest
Event Recording
Panel | Prioritizing Identity - Identity-Centric Security Strategy
Sep 14, 2021

Identity management is critical for digital transformation and continues to evolve and gain importance as the business environment changes in today's hyperconnected world, where employees, business partners, devices, and things are all tightly interwoven. Deploying an identity security solution – regardless of your business size or industry is a fundamental requirement today to facilitate secure communications and reliable transactions.

This panel explores identity security strategies that enable your business to take full advantage of your solution’s capabilities.

Yvo van Doorn, Senior Solutions Engineer, Auth0
Oliver Krebs, GM EMEA, Onfido
Martin Kuppinger, Principal Analyst, KuppingerCole
Event Recording
The Rise of the Developer in IAM
Sep 13, 2021

Everything is famously code today—cars are computers with wheels, appliances have Internet access, smart doors and houses are controlled from mobile phone apps. With all this code around, security is more of a challenge than ever. A central pillar of security is identity management: the technology that protects logins and controls access. This, too, is becoming code to work with all the other code. Libraries for developers are essential, including ID controls in mobile and Web applications for initial sign on, single sign-on, federated sign-on, biometric authentication systems, and controlling access to sensitive data. And code itself is becoming code: automation systems for producing code, deploying code, updating code, configuring resources and access controls. IAM code has to be wherever it’s needed, when it’s needed, and automated, just like any other code. The better we do this, the more secure we all are with our ubiquitous computers. 

Event Recording
Malware Manipulated in Cloud Environments - Is it Dangerous?
Sep 14, 2021

During this presentation, I'll show how the effects can bring in inside the Cloud environment if was exploitable by Malware using PDF file, explaining how each session works within a binary, what are the techniques used such as packers, obfuscation with JavaScript (PDF) and more, explaining too about some anti-desassembly techniques, demonstrating as a is the action of these malwares and where it would be possible to "include" a malicious code.

Filipi Pires, Security Researcher, THOR - Threat Hunting Offensive Researcher
Event Recording
Data Privacy
Sep 14, 2021

Do people really care about data privacy?

Jason Smith, Chief Commercial Officer, Meeco
Event Recording
Fraud Controls for Digital Identity Ecosystems
Sep 15, 2021

To date, Digital Identity Trust Frameworks have generally been light touch regarding the specification of fraud controls, relying on the theoretical protection a Digital ID offers through more robust authentication. It is true that improvements in authentication methods, such as soft tokens and biometrics, mean the ID theft vector of phishing for a user’s password may be removed. However, ID fraudsters will continue to use stolen ID information to create an ID in the victim’s name. They will continue to create synthetic IDs. They will also continue to try and take over victim’s accounts, using online account recovery and voice helpdesk channels to replace a strong authentication method with one that the fraudster controls.

In recognition of this ongoing threat from fraudsters, the Open Identity Exchange (OIX) has produced a comprehensive Guide to Fraud Controls for Digital ID Ecosystems.

The guide covers the processes and channels that need to be considered from a fraud risk point of view. It identifies the different types of fraud controls that should be applied in each channel, including ecosystem wide syndicated fraud controls, such as shared signals. The process of dealing with a suspected fraud is examined: how should these be prioritised, what investigation process should be followed, and how should victims be informed. Finally, it covers legal considerations when implementing fraud controls, in particular when sharing information and collaborating across the ecosystem to act as a joined-up defence against fraud attack.

This presentation / panel session will provide discuss these topics and how the guide can help those implementing Digital ID and provide the audience a chance to speak about their own fraud challenges with the authors and how the recommendations in the guide might be applied to help

Nick Mothershaw, Chief Identity Strategist, The Open Identity Exchange
Event Recording
Identity, Privacy, Security - The European Perspective
Sep 13, 2021

In recent years, we have seen quite a few transatlantic policy issues with regards to Cybersecurity and the way how personal information is being treated by private and public organizations. The main areas where we see these differences are data protection/privacy, standards & certification and last but not least private-public information sharing.

Event Recording
COVID has Accelerated Public Demand for Digital ID
Sep 13, 2021

Digital ID and Authentication Council of Canada (DIACC) research finds that three-quarters of Canadians feel that it’s important to have a secure, trusted, and privacy-enhancing digital ID to safely and securely make transactions online. As federal governments focus on post-pandemic recovery, investing in digital ID makes strong economic sense, especially for small and medium-sized businesses (SMEs). For SMEs, the impact of digital identity could be used to improve processes that are difficult today.

This is especially true in situations where businesses need to provide proof of identity to another business. Considering SMEs account for approximately 30 percent of Canada’s overall GDP ($450 billion), if we assume that the average SME could be just one percent more efficient with access to trusted digital identity, this results in a potential $4.5 billion of added value to SMEs and reinvestments in the Canadian economy. This presentation will provide a detailed overview of research performed over the course of 2 years to quantify public perception and demand for secure, interoperable, digital identity that works across the whole of the economy. 

Event Recording
Panel | Identity vs Authorization - Where to Draw the Line
Sep 15, 2021

We will look at OAuth protocol and its misusage for authorization purposes. What is the difference between client and user authorization and at which stage should each happen? We will revise what Identity is at its core and what should or should not be part of it. And what about Group Membership – a ‘domain-driven’ advise how to triage roles between Identity and Authorization. All these best practices are backed by real-life experience.

- OAuth and its misusage as an authorization protocol
- Essence of Identity
- Difference between client authorization and user authorization in the context of OAuth
- Group Membership – where do roles belong?
- Theory backed by practice

Hristomir Hristov, Solutions Architect, KPMG
Martin Manov, Software Architect, Cobuilder International
Fabian Süß, Project Manager, KuppingerCole
Event Recording
Panel | Identity in the Asia-Pacific - Untangling the Web
Sep 15, 2021

Do you want to launch or expand your identity-related business in the Asia-Pacific region but don’t know where to start?

Linden Dawson, Director, Cybersecurity & Digital Trust, PwC Australia
Allan Foster, Chief Evangelist, ForgeRock
Graham Williamson, Director APAC / Senior Analyst, KuppingerCole
Event Recording
Driving Business Value in the Enterprise with Zero Trust
Sep 14, 2021

With the merger of AOL+Yahoo, the newly formed Enterprise Identity team had the challenges of planning to support the cloud-first future of the new company Oath (which would become Verizon Media), building a new Identity ecosystem with Zero-Trust methodologies, and supporting a security-minded culture.

Bryan Meister, Senior Principal Architect, Yahoo
Event Recording
The human factor in Cyber Security - Creating a cyber aware culture
Sep 14, 2021
Alex Weishaupt, Practice Lead Cyber Security, Morgan Philips