Event Recording

Panel | How to improve customer IAM and CIAM

Speakers
Roland Bühler
Senior Analyst
KuppingerCole
Roland Bühler
Roland Bühler is focused on technology consulting and project management in the marketing and media sector. He is helping companies to automate marketing and to create digital customer journey maps. Considering privacy and information security aspects is mandatory in his area of activity....
View profile
Andre Priebe
Chief Technology Officer
iC Consult Group GmbH
Andre Priebe
Andre Priebe is Chief Technology Officer of the iC Consult Group, a vendor-independent system integrator specialized in Identity & Access Management with more than 500 employees around the globe. With over 15 years of experience in managing IAM projects focussing on workforce, customer, and...
View profile
John Tolbert
Lead Analyst
KuppingerCole
John Tolbert
Background: John Tolbert is a Lead Analyst and Managing Director of KuppingerCole, Inc (US). As Lead Analyst, John covers a number of different research areas, outlined below. John also advises cybersecurity and IAM vendors, from startups to Fortune 500 companies, regarding their product and...
View profile
Henk Willems
CIAM Advisor
OneWelcome
Henk Willems
As a CIAM Advisor at OneWelcome I consult with organizations to map out the phases and steps involved in introducing a Customer Identity and Access Management solution to their Enterprise Architecture. With the current speed of change, organizations that want to remain their competitive edge...
View profile
Playlist
European Identity and Cloud Conference 2022
Event Recording
In Transition - From Platforms to Protocols
May 13, 2022

Only a few years ago the identity ecosystem seemed to be ‘set’ with little chance for change or dislocation of the large federated identity providers. Today the entire identity technology ecosystem is in flux. What will emerge? OIDC? OIDC/SIOP? DIDComm? Join us for a discussion on the changing protocol landscape, the shifting identity power centers and why it is a both/and and not either/or.

Event Recording
Vampires & Cybersecurity: Using Deception to Increase Cyber Resilience
May 12, 2022

This presentation will explore adding deception as a component of a security-in-depth strategy to increase cyber resilience (in case the garlic, crosses, and wooden stakes are not effective). We will discuss whether you should invite attackers into your network. Much like with vampires, inviting attackers in can have serious repercussions. However, unlike vampires, cyber attackers do not need an invitation. Fortunately, deception within our networks can aid in identifying, delaying, and evicting unwanted guests, including insider threats (or vampires already amongst us). We will explore several deception use cases  that can dramatically increase cyber resilience without attracting more attackers.

Event Recording
Practicalities of Identity Proofing for Authentication
May 11, 2022
Event Recording
Impressions from the European Identity and Cloud Conference 2022
May 17, 2022
Event Recording
Making SSI accessible: IOTA technology, solutions and projects
May 12, 2022

Traditional identity and access management solutions built so far on the trust for selected identity providers and their adoption from an ecosystem of identity owners and identity verifiers. The decentralized identity paradigm is disrupting these ecosystems and required more democratic collaboration and competition among a number of identity and credential issuers, identity owners, and verifiers selecting and using them. This requires not only to design and implement new technologies but also to identify new business opportunities and business models. Collaboration, experimentation, and evaluation are the road to adoption, and the EU collaborative H2020 research and innovation framework offers the opportunity to de-risk such collaborations, in favor of innovation.

Event Recording
Cyber-Securing the Digital Industry
May 13, 2022
Event Recording
Identity is the New Perimeter: How to Discover, Mitigate and Protect Identity Risks
May 12, 2022

Two decades of digital transformation and cloud migration have been slowly eroding the traditional network perimeter and with the past two years of transition to more remote work, the walls have come tumbling down. Privileged credentials from access tools (like VPN and RDP) that have been left on endpoints are a valuable target for attack. SAAS applications and Cloud access further expand the proliferation of potentially exposed identities. Once an attacker establishes initial access it becomes trivial for lateral attack movement to take control over critical systems or the entire network. The network perimeter is obsolete. Identity is the new perimeter. Organizations must discover, mitigate and protect their identity risks.

Event Recording
Unified Endpoint Management: Practical Considerations
May 12, 2022
Event Recording
Certificate Based Authentication in a Cloud Native Environment - a Migration Journey from Handcrafted XML Signing to OpenID Connect
May 11, 2022

During this best practice session we will present you with hands-on experience from one of our financial services industry customers.

The company used a handcrafted xml signature mechanism to authenticate their business partners when initiating machine-to-machine communication to exchange data between data centers. When the customer decided to migrate to REST APIs in a cloud native setup, the existing mechanism was no longer fit for purpose. Together, we designed a solution to keep the benefits of certificate based authentication while establishing an interaction model conforming to the OpenID Connect standard. We implemented the mechanism based on the open source software Keycloak, successfully passed an external penetration test and have to this point authenticated hundres of thousands of sessions. After our session, attendees will

  • be familiar with standard conforming approaches to use OpenID Connect with certificates for authentication
  • be able to assess which parts of their authentication flow will benefit from using certificates
  • know relevant open source technologies and technical approaches to use in their own implementations
  • understand common pitfalls and relevant considerations when implementing the standards in a real-world, cloud based scenario
Event Recording
Drivers for Identity & Access Management in the Financial Industries
May 12, 2022

Identity & Access Management is a key requirement from banning regulations.

At Creditplus, a new IAM solution was implemented recently. Drivers for IAM as well as the overall design of the new solutions are presented in this talk.

Event Recording
Progress and lessons on the establishment of Digital Identity in UK
May 12, 2022
Event Recording
Quo vadis, SSI? – Self-sovereign Identity on route to production
May 12, 2022

Self-sovereign identity (SSI) has reached the in-between stage: more than a concept, not yet fully deployed. This is where the work can get the most gruesome and exhausting, but also the most creative and rewarding. While the dedicated W3C standards are reaching maturity levels, we see regulators and government actors jump on board and asking for even more stability across specifications and standards in order to establish real world systems. In fact, we see large pilot projects and implementation programs worldwide. One promising but equally critical development is the eIDAS 2 regulation,  promising dependable answers to questions about governance and trust frameworks that will drive adoption. This short deep dive will give you an orientation of the state of play for SSI in the context of these greater developments – and might provide an outlook for your projects as well.