Event Recording

Model, Measure, Manage - The Journey to Autonomous Security in a Hybrid Multi-Cloud World

Show description
Speaker
Patrick Parker
Founder and CEO
EmpowerID
Patrick Parker
Patrick Parker is the founder and CEO of EmpowerID, a company specializing in Identity and Access Management for over 20 years. He pioneered the unique use of Role and Attribute-Based Access Control within an Identity Orchestration framework to realize a modern and comprehensive vision of...
View profile
Playlist
European Identity and Cloud Conference 2022
Event Recording
Privacy = Data Protection + X
May 13, 2022

Data Protection is a very basic and profound concept of translating privacy as a human right into the digital sphere. But is it enough? and are our current approaches the right ones? In this panel we will try to find answers on how we can translate privacy into the (metaverse) future.

Event Recording
Panel | Introducing Open Policy Agent (OPA) for Multicloud Policy and Process Portability
May 11, 2022

With over 120 million downloads, and users like Netflix, Zalando and GS,  the open source project Open Policy Agent has quickly become the de facto standard for Authorization. In this session, KuppingerCole´s Alejandro Leal will discuss with  Jeff Broberg, Gustaf Kaijser and Ward Duchamps on most common use cases where OPA is adopted.  

Event Recording
Pre-Conference Workshop | How OpenID Standards are Enabling Secure & Interoperable Digital Identity Ecosystems
May 10, 2022

OpenID Foundation Workshops provide technical insight and influence on current digital identity standards while also enabling a collaborative platform to openly address current trends and market opportunities. The OpenID Foundation Workshop at EIC includes a number of presentations focused on 2022 key initiatives for the Foundation.

Event Recording
Impressions from the European Identity and Cloud Conference 2022
May 17, 2022
Event Recording
Inside the Mind of a Hacker – From Initial Access to Full Domain Admin
May 13, 2022

Ethical Hacker Joseph Carson will demonstrate a real-world use case of how a cyber adversary gains an initial foothold in your network through compromised credentials and then elevates control and moves laterally to identify and exfiltrate your critical data. He will share insights into how the mind of a criminal hacker operates based on his experiences and steps you can take to stop them in their tracks.

Staying up to date and learning hacking techniques is one of the best ways to know how to defend your organization from cyber threats. Hacking gamification is on the rise to help keep security professionals up to date on the latest exploits and vulnerabilities. This session is about helping you get started with hacking gamification to strengthen your security team.

In this session Joseph Carson Chief Security Scientist and Advisory CISO at Delinea will select two systems from Hack the Box and walk through each of them in detail explaining each step along with recommendations on how to reduce the risks. Going from initial enumeration, exploitation, abusing weak credentials to a full privileged compromise.

What will I learn?

  • How attackers gain access to IT environments and systems and escalate privileges
  • What a real-world hack looks like in a use-case demonstration
  • Best practices for combating attackers by establishing multiple layers of security to minimize risk

Get answers to these important questions:

  • How has moving to the cloud affected cyber security from a PAM perspective?
  • What are the most common types of attacks that criminal hackers use to compromise cloud environments?
  • What are common misconceptions that lead to cyber security “blind spots” of vulnerability?
Event Recording
Privacy: The Real Cost
May 10, 2022

Privacy is one of the most challenging aspects to protect in identity solutions.

The entities that stand to gain the most from surveilling users can use convenience as a bargaining chip. Users understand and appreciate convenience, but they often don't appreciate the costs of loss of privacy, as the consequences often play out well after the violation occurred.

Identity practitioners often take the need to preserve privacy for granted, and in so doing fail to help users and solution designers understand the concrete impact privacy violations can have on the lives of users. This session will arm you with the concrete scenarios you need to instill in customers and colleagues a new awareness of the real costs privacy violations can have.

Event Recording
Building Secure, Trusted and Interoperable Self-sovereign Identity with OpenID Connect
May 12, 2022

 

Event Recording
Panel | Best Practices for Implementing Zero Trust
May 11, 2022

The “zero trust” approach to cybersecurity has been gaining momentum in recent years, as both corporations and government agencies have struggled with how to enhance security given the de-emphasis on the network perimeter. For the most part, the zero trust movement has remained rooted in network principals. However, in the last two years, much of the world was forced to interact exclusively online, creating a sense of urgency around zero trust security and the “never trust, always verify” philosophy behind it reached a new level of importance.

In this panel, you’ll hear from security leaders who have approached and implemented zero trust with an identity-first philosophy, considering it a transformative way of reducing friction for users, while addressing the increasingly challenging risk environment. They believe a true zero trust environment requires a strong identity and access management framework. 

Event Recording
Qualified electronic signatures in times of the eIDAS2-wallet - a Nordic-Baltic perspective
May 12, 2022

When dealing with digital identity, emphasis is often put on the identification and authentication part. An equally important aspect is digital signing (or more broadly: electronic signing). Qualified electronic signatures have the same legal status as handwritten signatures in the EU. In this session, we shall look at the advantages and challenges that come with them from a Nordic-Baltic perspective. What is their role today and in the future; both independently, and in connection with the upcoming eIDAS2-wallet? Concrete use cases will be demonstrated from the point of view of the citizen, the public sector and businesses.

Event Recording
Cyber Security Architectures in a Hybrid World
May 12, 2022

A practical approach to cyber security architectures: In a hybrid ecosystem we have not only to find a suitable security model for IT but also for OT like in production environments. And after all cloud services are adding another dimension of complexity. We will take a short look at the security basics, compare some outdated, updated and up-to-date security models finding suitable models for IT-security, OT-security and cloud-security. Finally we will put it all together in combined scenarios. This presentation will focus on practical security architecture rather than on formal compliance.

 

Key Topics:

* IT-security, OT-security, cloud-security

* Cyber security: from basics, perimeter, air gap to zero trust

* Hybrid world: isolation or integration

* Tops and flops in practical cyber security

Event Recording
OpenID SSE, CAEP and RISC - Critical standards that enable Zero-Trust security
May 11, 2022

Zero-trust security relies heavily on the ability for independently owned and operated services to dynamically adjust users’ account and access parameters. These adjustments are based on related changes at other network services, such as identity providers, device management services or others. A set of standards from the OpenID Foundation enable independent services to provide and obtain such dynamic information in order to better protect organizations that rely on zero-trust network access. These standards are being used today in some of the largest cloud-based services from Microsoft and Google to dynamically adjust users’ account and access properties.

This talk gets into the details of the Shared Signals and Events (SSE) Framework, which is the foundational standard for secure webhooks. We also explain two standards based on the SSE Framework: The Continuous Access Evaluation Profile (CAEP), which provides dynamic session information, and the Risk Information and Account Compromise (RISC) Profile, which provides account compromise information

Event Recording
Progress and lessons on the establishment of Digital Identity in UK
May 12, 2022