Event Recording

The Unique Challenges of Identity M&A in High-Growth Organizations

Show description
Speaker
Jon Lehtinen
Director
Okta
Jon Lehtinen
Jon Lehtinen has 16 years of enterprise identity and access management experience and specializes in both the strategy and execution of Identity & Access Management transformation in global-scale organizations like Thomson Reuters, General Electric, & Apollo Education Group. In addition...
View profile
Playlist
European Identity and Cloud Conference 2022
Event Recording
Challenges for Women in Identity and Security
May 12, 2022

It is well known that women face various challenges when working in the IT industry. These challenges lead to the fact that only about 20% of employees in IT are women. The situation in security and identity is even worse, as some studies have shown. "Women in Identity" is a global organization whose mission is to develop solutions with diverse teams. This presentation will look at the various WID initiatives on a global and local level that support women in the industry and create solutions “for everyone built by everyone”.

Event Recording
Closing Keynote & Announcement of EIC 2022 Gamification Winners
May 13, 2022
Event Recording
How to use the framework of a Trusted Data Ecosystem to simplify building decentralized identity solutions
May 11, 2022

Decentralized identity is an incredibly flexible technology that solves fundamental problems in the way we manage digital communication. But this capacity to do more than one thing at once  can be a source of confusion: How do I actually build a decentralized or self-sovereign identity solution today? How do I put all the components together?  In this session we use the framework of a Trusted Data Ecosystem to show how you can use decentralized identifiers, software agents, verifiable credentials, and the supporting infrastructure to verify data without having to check in with the source of data. We show how we used Trusted Data Ecosystems to deliver solutions to financial services, healthcare, and travel to global enterprises—and we give you a preview of what the next steps are for these technologies. 

Event Recording
There is No Consensus About Consent
May 12, 2022

 

Event Recording
The State of Passwordless Authentication
May 11, 2022

The FIDO Alliance has made tremendous strides in its mission to change the nature of authentication with stronger, simpler and passwordless authentication. Join this session to get find out the state of passwordless authentication from the FIDO lens, including a sneak peak at major news that will – finally - make passwordless FIDO authentication available to the masses.

Event Recording
Digital Identity and Privacy: Stories from the Frontline
May 10, 2022

As the pace of digitalization gathers momentum, organizations are witnessing a dramatic increase in the number of digital identities. These identities interact with systems and applications relentlessly to perform day-to-day IT tasks. Nevertheless, maintaining the privacy of this data is a daunting task. Enterprise data is hosted in multi-tenant cloud, managed service providers and distributed data center environments. How an organization can maintain data privacy in this evolving IT access control use-cases depends on the level of preparedness to protect and monitor those digital identities. An identity and access management solution provides adequate safeguards to enforce IT practices necessary to maintain data privacy.

Event Recording
How to innovate your Identity Governance and Administration program
May 12, 2022

The Holcim EMEA digital center has received the EMEA innovation award in 2021 from their IGA program.

Event Recording
OAuth DPoP (Demonstration of Proof of Possession): How to Not Let Attackers Steal your OAuth Token
May 11, 2022

Most OAuth deployments today use bearer tokens – tokens that can be used by anyone in possession of a copy of them, with no way to distinguish between legitimate uses of them and those that stole them and used them for nefarious purposes. The solution to this is proof-of-possession tokens, where the legitimate client supplies cryptographic material to the issuer that is bound to the token, enabling it to cryptographically prove that the token belongs to it – something attackers cannot do because they don’t possess the proof-of-possession cryptographic material.

The OAuth DPoP (Demonstration of Proof of Possession) specification defines a simple-to-implement means of applying proof of possession to OAuth access tokens and refresh tokens. We will describe real attacks occurring every day against bearer tokens and how they are mitigated by DPoP, providing defense in depth and making real deployed systems substantially more secure with minimal implementation and complexity costs.

These attacks and mitigations are particularly relevant to high-value enterprise deployments, such as in the financial, manufacturing, critical infrastructure, and government sectors.

Event Recording
The ICaaS (Identity Component as a Service) approach for taking control of customer experience
May 11, 2022
Event Recording
Trimming down User Access Governance to its Essentials
May 12, 2022

Securing access to data and applications has become a cornerstone of any modern cybersecurity strategy.

In the IAM market, user access governance projects have a history of incurring multi-year roll-outs and requiring specialized personnel, making many companies shy away and bear excessive cyber risk.

In this space, Elimity tries to break the status quo. As an innovator, Elimity provides a data-driven platform that specifically offers the essentials for user access governance: automated data collection, holistic risk analytics and user-friendly access reviews integrated with ITSM. As a result, the platform lets companies achieve mature access governance in a matter of days, not months.

In this session, Maarten will give an overview of the essentials of user access governance, showcase the Elimity platform and how it is successfully applied in practice.

Event Recording
OpenID SSE, CAEP and RISC - Critical standards that enable Zero-Trust security
May 11, 2022

Zero-trust security relies heavily on the ability for independently owned and operated services to dynamically adjust users’ account and access parameters. These adjustments are based on related changes at other network services, such as identity providers, device management services or others. A set of standards from the OpenID Foundation enable independent services to provide and obtain such dynamic information in order to better protect organizations that rely on zero-trust network access. These standards are being used today in some of the largest cloud-based services from Microsoft and Google to dynamically adjust users’ account and access properties.

This talk gets into the details of the Shared Signals and Events (SSE) Framework, which is the foundational standard for secure webhooks. We also explain two standards based on the SSE Framework: The Continuous Access Evaluation Profile (CAEP), which provides dynamic session information, and the Risk Information and Account Compromise (RISC) Profile, which provides account compromise information

Event Recording
The strategic building blocks of the composable enterprise: Concepts & technologies
May 11, 2022

This session is a continuation of the opening keynote by Martin Kuppinger on the future Composable Enterprise. Together we take a look at what powers the composable enterprise and which concepts and technologies can contribute to building a composable enterprise.