Event Recording

The 'Credentials-first Mobile-first' Identity Ecosystem

Show description
Speaker
Andrew Hughes
Director of Identity Standards
Ping Identity
Andrew Hughes
Andrew Hughes CISM CISSP is Director of Identity Standards at Ping Identity. He is a digital identity strategist contributing to international standards development. He works with international associations and standards bodies as a domain expert, developing standards and related conformity...
View profile
Playlist
European Identity and Cloud Conference 2022
Event Recording
Creating a Seamless Access Experience with the Digital Double
May 12, 2022

Today, seamless access experiences are crafted based on identity fundamentals such as single sign-on, multi-factor authentication, passwordless authentication, self-service portals, and federated access. But, is this enough for the next epoch of digital applications, metaverse, and Web 3.0? 

The digital world is a  replication of the physical world in a digital ecosystem. As a result, people and things have an equal digital representation, which we call a digital double.

In this keynote, Asanka will look at creating a seamless access experience around the digital double using APIs, integration, and identity in order to prepare organizations to address the next digital era. 

Event Recording
A Key Milestone towards CBDC Wallets - The eIDAS 2.0 Payment-Authorising Wallets
May 11, 2022

The presentation to be made by Stéphane Mouy (SGM Consulting - France) and Michael Adams (Quali-Sign - UK) will focus on the forthcoming eIDAS 2.0 digital identity wallets (DIWs) and the payment use case. DIWs will allow users to share high LoA identity and status credentials to various relying parties, including financial institutions, as well as meet applicable strong customer authentication requirements for payments.
The payment use case is of critical importance to eIDAS 2.0 digital identity wallets and promises to be transformational for EU payment service providers as it offers a level-playing field for payment means, whether account-to-account or card based. DIWs are also likely to play a key role for the deployment of CBDCs supporting offline interactions with embedded AML/CFT verifications.
The presentation will draw on the work of the eWallet Network presented in the Developing a digital identity solution for use by the financial sector based around eIDAS trust services report published by the EU commission in October 2021 and authored by Stéphane Mouy. It will include a live presentation of an eIDAS 2.0/ISO 23220-1 digital identity wallet offering online/offline connectivity that can be used in a variety of contexts, including for payment authorisation purposes.
The session should be of interest to anyone interested in eIDAS 2.0 developments for digital identities as well as its regulatory implications for the financial sector but also to digital payment experts. A specific focus will be made on the offline connectivity requirement for DIWs that has clear technology implications.

Event Recording
Trimming down User Access Governance to its Essentials
May 12, 2022

Securing access to data and applications has become a cornerstone of any modern cybersecurity strategy.

In the IAM market, user access governance projects have a history of incurring multi-year roll-outs and requiring specialized personnel, making many companies shy away and bear excessive cyber risk.

In this space, Elimity tries to break the status quo. As an innovator, Elimity provides a data-driven platform that specifically offers the essentials for user access governance: automated data collection, holistic risk analytics and user-friendly access reviews integrated with ITSM. As a result, the platform lets companies achieve mature access governance in a matter of days, not months.

In this session, Maarten will give an overview of the essentials of user access governance, showcase the Elimity platform and how it is successfully applied in practice.

Event Recording
PAM I^3 - Implementation, Integration and Intelligence about Privileged Access Management
May 12, 2022

A look at how 5 of Canada’s biggest financial institutions have tackled the challenge of Privileged Access Management. Sharing similar requirements all went down paths of successful deployments of technologies to protect their clients, and workforce while providing a more efficient user experience for day to day activities.   A look at the 5 common steps to success.

Event Recording
Progress and lessons on the establishment of Digital Identity in UK
May 12, 2022
Event Recording
Impressions from the European Identity and Cloud Conference 2022
May 17, 2022
Event Recording
Model, Measure, Manage - The Journey to Autonomous Security in a Hybrid Multi-Cloud World
May 10, 2022

We cannot manage what we cannot measure.

Event Recording
Global Trust Frameworks Interoperability
May 12, 2022
Event Recording
Preserving Privacy in Identity-Aware Customer Applications
May 12, 2022

 As customer identity programs mature, they bring new opportunities and risks. In the rush to launch new customer experiences, personal data is over-exposed and over-replicated. The default is to ship all identity attributes, to all systems, on every request in order to make access decisioning easier for application developers.

This approach disperses identity information across the application stack; which increases risks of data breach, data loss, and compromised identities. As a result, consumers lose trust and new business opportunities falter; or worse, customers like the new experience, but its success creates security and compliance liabilities that expand exponentially. To remediate the risk, data teams enter a never-ending cycle of costly data analysis and audits.

Identity architects and developers need to address privacy requirements earlier - not in post-collection data management, but instead in the application development process. While Privacy by Design and Privacy by Default principles are a helpful framework, they offer little practical guidance for developers to actually build privacy-preserving applications.

We will discuss how to use identity data at run-time, in the context of the application; how to retrofit existing applications with privacy requirements; and how to easily evolve applications over time.

Event Recording
PAM for the People
May 12, 2022
The cyberssecurity approaches and strategies that works well for a multinational with a large and well funded cybersecurity department may not be as applicable for a mid sized company where the security department may be a single person.
Still if the partner company that delivers the cheese to a retailer falls to a cybersecurity attack there is simply no cheese to sell to the customers so the retailer not only looses money but also fails at their most basic task. So how do we as multinationals help our partners with implementing basic controls such as PAM in a way that works in their business reality?
In this session we will be looking at how you as a relatively cybersecurity mature company can do to help your less mature partners. It is also suitable for persons who has been asked to launch a cybersecurity or PAM program without been given the full resource to execute a full program.
Event Recording
Trust is a Team Sport, and Like all Good Sports it has Rules
May 13, 2022

Trust is not just technical, and it’s not just derived from a process or an organisation. The need for Trust is also variable based on the risk involved in a transaction or the risk appetite of the service provider. Sometimes trust is almost irrelevant. Digital doesn’t make things any easier as we often have multiple parties involved in the communication of trust from issuer to holder of credentials, and on to a relying service not to mention requirements for onboarding, verification, issuance, and authentication to name but a few along the way.

Emerging standards and relentless innovation make many things better, but they also introduce challenges when we want multiple systems to work together and for trust to be largely independent of the underlying technical stacks.

To make Trust work in diverse ecosystems we need clear rules of engagement that champion the needs of all participants and clearly define their responsibilities to one another, and to the wider legal and business ecosystems they ultimately interact with. Efforts in multiple jurisdictions in both the public and private sector are developing these rule sets right now – this is what we can learn from the rise of the Trust Framework.

Event Recording
Drivers for Identity & Access Management in the Financial Industries
May 12, 2022

Identity & Access Management is a key requirement from banning regulations.

At Creditplus, a new IAM solution was implemented recently. Drivers for IAM as well as the overall design of the new solutions are presented in this talk.