Event Recording

Meeting Expectations – 5 pillars for IoT project success

Show description
Graham Williamson
Fellow Analyst
Graham Williamson
Graham Williamson is a senior Analyst at KuppingerCole. Graham has practical experience in the identity management and access control industry having completed assignments in the academic, government and large corporate industry sectors across three continents. He is an Analyst in the areas of...
View profile
European Identity and Cloud Conference 2021
Event Recording
Security and Privacy Challenges of Authentication, Verification and Authorisation of Customers
Sep 14, 2021
Sarb Sembhi, CISO, AirEye
Event Recording
Security & Identity: How Hindsight Helps Us Plan for the Future
Sep 15, 2021

Our approach to security across all aspects of our lives has changed considerably over the last 20 years. From firewalls to the cloud, Max Faun explores how security technology has evolved since the start of the millennium.

One size no longer fits all but everything does come down to trust, or lack of it! Is Zero Trust the way forward for an identity-centric secure future? Max looks at four pillars that businesses and individuals can apply to gain trust back and reap the benefits. 

Max Faun, Head of Consulting, Europe, Okta
Event Recording
The Rise of the Developer in IAM
Sep 13, 2021

Everything is famously code today—cars are computers with wheels, appliances have Internet access, smart doors and houses are controlled from mobile phone apps. With all this code around, security is more of a challenge than ever. A central pillar of security is identity management: the technology that protects logins and controls access. This, too, is becoming code to work with all the other code. Libraries for developers are essential, including ID controls in mobile and Web applications for initial sign on, single sign-on, federated sign-on, biometric authentication systems, and controlling access to sensitive data. And code itself is becoming code: automation systems for producing code, deploying code, updating code, configuring resources and access controls. IAM code has to be wherever it’s needed, when it’s needed, and automated, just like any other code. The better we do this, the more secure we all are with our ubiquitous computers. 

Event Recording
Panel | The Modern Approach to Identity Governance
Sep 15, 2021

What if we took the traditional way of thinking of Identity Governance and reversed it completely? Putting together a successful IGA program has commonly been a long haul,

A headache,

A mess,

A budget destroyer,

And an expectation disappointer.

There is a new way. Some call us crazy and some say its impossible. However, those who have experienced the new way call us visionaries. We have been presenting a modern ideology and process for IGA that drastically reduces the time to value, the total cost of ownership, and the economic impact of an Identity Governance Solution.

This panel will focus on strategic order of operations, calculating the economic return of the modern approach, how to optimize AI/ML in Identity Governance, and the ways simplicity expediates the path to stronger compliance and security postures.

Austin Baker, Director of Sales, SecurEnds
Gal Helemski, Co-Founder & CIPO, PlainID
Fabian Süß, Project Manager, KuppingerCole
Event Recording
Identity Management as a Service - What it is and How to Build One
Sep 14, 2021

I considered myself quite an experienced programmer and having some expertise in Identity management when I was hired by Swedbank to work as full time Identity engineer. Besides projects, I had assignment to describe an architecture of the IAM as a service from my manager. Honestly, I had no clue about how to envision it. I tried to assemble standards and squeeze something out from practices and papers. But these were not really all my ideas and I did not feel much confident. But something started to happen in few last years when we had a very hard time implementing our IAM project (believe or not, it was successful). We had to answer hundred times to questions "why", "what" and "how". And finally the blueprint of the architecture of IAM as a service appeared from the mist. It is not one and only, because same size does not fit for all. Still, I do not agree that there are indefinite number of possible solutions. I think similar enterprises and engineers may find this presentation useful to draw their own blueprints.

IAM projects start usually from implementing baseline IAM processes - joiners, leavers, movers. Because this is what is usually most needed. But then you will get asked for more - identity data, events, other services. This is what makes up IAM as a service.

Neeme Vool, Software Engineer, Swedbank
Event Recording
Cloud Infrastructure Entitlement Management (CIEM): Advancing from Cloud First to Identity First
Sep 15, 2021
Matthias Reinwarth, Lead Advisor & Senior Analyst, KuppingerCole
Event Recording
Digital Keys and Secrets: When to Manage Them, When to Get Rid of Them
Sep 15, 2021

Hybrid IT environments are full of secrets, like tokens, passwords, certificates and encryption keys that open access to mission-critical information. The emergence of concepts like Zero Trust authentication, Just-in-Time access and Zero Standing Privileges suggests that these access secrets don’t need to be permanent. Instead they can be created on the fly and made to expire automatically, paving way for the future where secrets or passwords no longer need to be managed and vaulted at all.

SSH.COM's CTO, Miikka Sainio, explores how reducing the number of permanent secrets enterprises manage in dynamic environments improves security, operational velocity cost-efficiency. He also discusses why managing and vaulting secrets is still a necessary phase in many cases when companies adopt modern and future-proof methods.

Miikka Sainio, CTO, SSH

Event Recording
How to successfully rob a bank (and almost get away with it)
Sep 14, 2021

The majority of crimes in our industry are initiated with cyber-attacks on people - however, our people can also be our most valuable assets. This presentation start with a walkthrough of multiple "bank robbery" scenarios to focus on a real event from 2016, when in one of the largest cyber heist ever, $1 billion were at stake being stolen from a bank. And how human vigilance (as well as human mistakes by the criminals) finally prevented the worst.

Kashif Husain, CISO, Vice President, Nomura
Event Recording
Picos and Decentralized SSI Agencies
Sep 15, 2021

Picos (persistent compute objects) are an actor-model programming system with long-term persistent state. Each pico also has persistent identity and availability for a cloud-native developer experience. Picos are DIDComm-enabled agents supporting SSI. Consequently, picos are capable of running specialized application protocols for any given workflow in a secure, cryptographic environment. The architecture of picos makes them independent of the runtime they executed on, holding out hope of a decentralized SSI agency. This talk introduces picos, demonstrates their DIDComm capabilities, and presents a roadmap for building a decentralized SSI agency, independent of any particular organization.

Dr. Phil Windley, Enterprise Architect, Brigham Young University
Event Recording
Decentralized Identity and the US Dept. of Homeland Security
Sep 15, 2021
Markus Sabadello, CEO, Danube Tech
Event Recording
IATA Travel Pass - Self Sovereignty in Action
Sep 15, 2021
Self-sovereign identity has been a hot topic at EIC since 2016. We've seen it rapidly go from concept to reality, with a massive increase in global interest from car manufacturers to banks to healthcare. We've seen innovative pilot projects, new software and exciting new privacy innovations. 
But what happens when advanced new technology and protocols come into contact with the real world? In this talk, Andy will describe how SSI underpins the IATA Travel Pass ecosystem. He'll cover some of the implementation challenges, the do's and don'ts, and describe how the technology is just one small cog in the machine that comprises airlines, airports, testing laboratories and governments around the world. 
As IATA's technology partner, Evernym has been at the centre of the storm of global travel pass innovation, and Andy will give you a look under the covers of what a global SSI rollout looks like.
Andrew Tobin, European Managing Director, Evernym
Event Recording
Panel | Digital Identities and IoT - How to Leverage OIDC and OAuth 2.0 for the Best User Experience and Security! IAM Related Experiences From the Automob
Sep 15, 2021

A lot of innovation around physical products is created by connectivity, allowing them to become part of the consumer's larger digital ecosystem and the providing enterprise. Gartner says in its megatrends for the next decade: "Anything costing more than a few USD will be "intelligent and networked". Examples are electronic wall boxes to charge cars or remote-control for dishwashers, cars, etc.
Several compelling use cases require smart things to act not only for themselves but also on behalf of the end-user. OpenID Connect and OAuth 2.0 can be used to provide a user-friendly and secure user journey. Learn about the experiences with these standards when it is about IoT and how Identity & Access Management products help to reduce time-to-market, costs, and inconsistency between different touchpoints.

Key Takeaways: 

- What are the essential protocols to bring identity and IoT together
- What are the challenges, best practices, and pitfalls of IoT projects
- Arguments for buy or build

Fulup Ar Foll, Founder and Lead Architect, IoT.bzh
Andre Priebe, CTO, iC Consult Group
Graham Williamson, Director APAC / Senior Analyst, KuppingerCole