Event Recording

Inside the Mind of a Hacker – From Initial Access to Full Domain Admin

Show description
Speaker
Joseph Carson
Chief Security Scientist & Advisory CISO
Delinea
Joseph Carson
Joseph Carson is an award-winning cyber security professional and ethical hacker with more than 25 years’ experience in enterprise security specialising in blockchain, endpoint security, network security, application security & virtualisation, access controls and privileged access...
View profile
Playlist
European Identity and Cloud Conference 2022
Event Recording
Global Trust Frameworks Interoperability
May 12, 2022
Event Recording
SASE vs. Zero Trust: Perfect twins or antagonists?
May 11, 2022

The concepts behind Zero Trust and SASE are not new, but recent developments in technological capabilities, changes in the way people are working, accelerated adoption of cloud and Edge computing, and the continued evolution of cyberthreats have resulted in both rising in prominence.  

As organizations seek to improve their security capabilities, many are evaluating Zero Trust and SASE to determine whether to adopt either, one, or both.  Join this session to understand what each can potentially deliver and the exact nature of the relationship between them.   

Event Recording
European Identity & Cloud Awards Ceremony
May 11, 2022

Once again, analysts from KuppingerCole come together to showcase outstanding Identity Management and Security projects, standards and people. The winners will be honored live on stage during the award ceremony.

Event Recording
Cloud 3.0: Decentralizing Cloud Storage with Web 3.0 and Analyzing Security Threats
May 12, 2022

We are in the mid of one of the most significant revolutions in the cloud and identity ecosystem since the last decade. With the dynamic transformation from Web2.0 to Web3.0, both the cloud as well as the identity ecosystem embrace themselves for a change in the way we perceived security. Blockchain is revolutionizing both the cloud industry as well as the financial sectors. In my talk, I will focus on the transformative impact of blockchain protocols like Filecoin and Storj which are playing a significant role in changing the way we have perceived cloud storage. Decentralized Cloud Storage will be the future for sustainable data storage in Web 3.0, in which we will move from a single service provider to create an ecosystem where anybody could be a cloud storage provider. Highly successful blockchain projects like Filecoin have been able to create such an ecosystem. But we are far away from attending the level of scale needed to reach out to every corner of the globe. Decentralized Cloud Storage poses a different set of security challenges and scalability issues. I will be presenting my research work which focuses on the new advances in tackling future security threats for decentralized cloud storage. Additionally, I will focus on discussing how to overcome scalability issues in the blockchain using the most advanced cryptographical tools knowns as zk-SNARKs.

Event Recording
Pre-Conference Workshop | Standards Matter. Trustworthy use of Identity and Personal Data
May 10, 2022

The world has changed because of COVID. More fraud is taking place. More misuse of identity is occurring. To combat the rise in fraud and to mitigate risk, the Kantara Initiative offers a 3rd party conformity assessment program.

Event Recording
Practicalities of Identity Proofing for Authentication
May 11, 2022
Event Recording
Implementing SSI using the existing web infrastructure
May 12, 2022

SSI and Verifiable Credentials are the latest development in identity management. They offer many benefits over existing federated identity management systems. Unfortunately some proponents of SSI are mandating that companies implement decentralised identifiers (DIDs) and blockchains in order to benefit from SSI. This is not necessary. In fact the W3C Verifiable Credentials Data Model Recommendation makes it clear that DIDs are not needed for verifiable credentials, and vice versa. DIDs and blockchains are something of a ball and chain around the legs of companies that want to benefit from SSI when leveraging their existing web based security infrastructures. This keynote talk will describe how it is possible to build standards compliant high performance, user friendly, SSI systems using the World Wide Web, Transport Layer Security, Jason Web Tokens, Web Authentication and X.509 public key certificates, allowing them to experience all the benefits of SSI without the ball and chain impediments of DIDs and blockchains. - the benefits of SSI over existing identity management systems - the downsides of DIDs and blockchains - the upsides of using existing World Wide Web infrastructure to build your SSI solution

Event Recording
A Story About Convenient Security
May 11, 2022
Event Recording
Panel | MFA usage in enterprise
May 11, 2022

There are so many ways enterprises could benefit from using Multi-Factor Authorization (MFA). Benefits include identity theft prevention, secure devices, lower breach risks, to name just a few. But why are so many businesses still not using MFA? Perhaps because it is too complex and time-consuming for IT departments? In this panel, our security leaders will try to clear up any misconceptions there seem to be about implementing MFA in the enterprise.

Event Recording
OAuth DPoP (Demonstration of Proof of Possession): How to Not Let Attackers Steal your OAuth Token
May 11, 2022

Most OAuth deployments today use bearer tokens – tokens that can be used by anyone in possession of a copy of them, with no way to distinguish between legitimate uses of them and those that stole them and used them for nefarious purposes. The solution to this is proof-of-possession tokens, where the legitimate client supplies cryptographic material to the issuer that is bound to the token, enabling it to cryptographically prove that the token belongs to it – something attackers cannot do because they don’t possess the proof-of-possession cryptographic material.

The OAuth DPoP (Demonstration of Proof of Possession) specification defines a simple-to-implement means of applying proof of possession to OAuth access tokens and refresh tokens. We will describe real attacks occurring every day against bearer tokens and how they are mitigated by DPoP, providing defense in depth and making real deployed systems substantially more secure with minimal implementation and complexity costs.

These attacks and mitigations are particularly relevant to high-value enterprise deployments, such as in the financial, manufacturing, critical infrastructure, and government sectors.

Event Recording
The Digital Identity Shake-up we’ve been waiting for: How to Survive, and how to Thrive
May 11, 2022

 

Event Recording
Panel | Deliver on the Promise of an Identity Fabric: The Power of Data
May 11, 2022

Digital identities of consumers, customers, business partners, employees, but also devices, things, or services are at the core of the digital business.  Unfortunately, most digital identities reside in siloes. Building a modern Identity Fabric that delivers seamless yet secure and controlled access from everyone and everything to every service requires breaking down the legacy identity siloes, and building a modern, flexible, identity data foundation.