Event Recording

Cyber-Securing the Digital Industry

Speaker
Graham Williamson
Fellow Analyst
KuppingerCole
Graham Williamson
Graham Williamson is a senior Analyst at KuppingerCole. Graham has practical experience in the identity management and access control industry having completed assignments in the academic, government and large corporate industry sectors across three continents. He is an Analyst in the areas of...
View profile
Playlist
European Identity and Cloud Conference 2022
Event Recording
Panel | Decentralized, Global, Human-Owned. The Role of IDM in an Ideal (If there is One) Web3 World
May 13, 2022

The Internet had been created without an identity layer, leaving it to websites and applications to take care for authentication, authorization, privacy and access. We all know the consequences - username and password still being the dominant paradigm and, even more important, users not having control over information that personally identifies them. The risk of data misuse, of being hacked or manipulated has become a significant challenge and and requires a new approach in times of an emerging web3 and its core capability of transferring value. Is decentralized, DLT based Identity the solution that finally will enable DeFi, NFTs and DAOs? Join this awesome keanote panel to controversially discuss this topic. 

Event Recording
Privacy: The Real Cost
May 10, 2022

Privacy is one of the most challenging aspects to protect in identity solutions.

The entities that stand to gain the most from surveilling users can use convenience as a bargaining chip. Users understand and appreciate convenience, but they often don't appreciate the costs of loss of privacy, as the consequences often play out well after the violation occurred.

Identity practitioners often take the need to preserve privacy for granted, and in so doing fail to help users and solution designers understand the concrete impact privacy violations can have on the lives of users. This session will arm you with the concrete scenarios you need to instill in customers and colleagues a new awareness of the real costs privacy violations can have.

Event Recording
Cardea: verifiable credentials for health information go open source
May 11, 2022

As an incubator for innovation in air travel, Aruba has chosen to use verifiable digital credentials to manage entry requirements and health testing for travel to the island. This decentralized, open-source technology, which provides secure authentication while preserving traveler privacy, was developed by SITA and Indicio.tech and donated to Linux Foundation Public Health as  Cardea. In this session, representatives from Aruba’s government, Indicio, and SITA will discuss why they chose a decentralized approach, how they created a trusted data ecosystem, and why the ability to verify personal data without having to check in with the source of that data will transform air travel, healthcare, and tourism

Event Recording
Cyber Security Architectures in a Hybrid World
May 12, 2022

A practical approach to cyber security architectures: In a hybrid ecosystem we have not only to find a suitable security model for IT but also for OT like in production environments. And after all cloud services are adding another dimension of complexity. We will take a short look at the security basics, compare some outdated, updated and up-to-date security models finding suitable models for IT-security, OT-security and cloud-security. Finally we will put it all together in combined scenarios. This presentation will focus on practical security architecture rather than on formal compliance.

 

Key Topics:

* IT-security, OT-security, cloud-security

* Cyber security: from basics, perimeter, air gap to zero trust

* Hybrid world: isolation or integration

* Tops and flops in practical cyber security

Event Recording
Preserving Privacy in Identity-Aware Customer Applications
May 12, 2022

 As customer identity programs mature, they bring new opportunities and risks. In the rush to launch new customer experiences, personal data is over-exposed and over-replicated. The default is to ship all identity attributes, to all systems, on every request in order to make access decisioning easier for application developers.

This approach disperses identity information across the application stack; which increases risks of data breach, data loss, and compromised identities. As a result, consumers lose trust and new business opportunities falter; or worse, customers like the new experience, but its success creates security and compliance liabilities that expand exponentially. To remediate the risk, data teams enter a never-ending cycle of costly data analysis and audits.

Identity architects and developers need to address privacy requirements earlier - not in post-collection data management, but instead in the application development process. While Privacy by Design and Privacy by Default principles are a helpful framework, they offer little practical guidance for developers to actually build privacy-preserving applications.

We will discuss how to use identity data at run-time, in the context of the application; how to retrofit existing applications with privacy requirements; and how to easily evolve applications over time.

Event Recording
Enabling MFA and SSO for IoT and Constrained Devices
May 13, 2022
Event Recording
Global AI Ethics and Governance
May 13, 2022

Recent years have seen significant Artificial Intelligence (AI) development across all domains of business and society. This panel aims to bring attention to societal impacts of AI – benefits and challenges, by bringing thought leaders and practitioners from different parts of the world to leverage diverse viewpoints around AI governance that continue to drive AI development across borders.

Event Recording
Hybrid Central/Decentralized Identity: Deployment Strategies for SSI
May 12, 2022

The disruptive changes in the SSI paradigm will not be effortlessly adopted by the industry worldwide without technological enablers. Indeed, before transitioning to a fully decentralized ecosystem, standard enterprise IAM solutions and canonical IGA disciples will need to adapt and integrate verifiable credentials. This talk will explore the hybrid decentralization paradigm, offering pointers and insights into the uncontestable evolutionary needs of enterprises. After all, industry IAM solutions must evolve to include VCs issuing and verification capabilities to fully embrace the trustless trust paradigm while retaining complete control of authorization flows.

Event Recording
Identity is the New Perimeter: How to Discover, Mitigate and Protect Identity Risks
May 12, 2022

Two decades of digital transformation and cloud migration have been slowly eroding the traditional network perimeter and with the past two years of transition to more remote work, the walls have come tumbling down. Privileged credentials from access tools (like VPN and RDP) that have been left on endpoints are a valuable target for attack. SAAS applications and Cloud access further expand the proliferation of potentially exposed identities. Once an attacker establishes initial access it becomes trivial for lateral attack movement to take control over critical systems or the entire network. The network perimeter is obsolete. Identity is the new perimeter. Organizations must discover, mitigate and protect their identity risks.

Event Recording
Enterprise Domain Annotation based Segregation of Duties strategies
May 12, 2022
Event Recording
Privacy Enhancing Mobile Credentials
May 12, 2022

The Kantara Initiative is developing a standard and requirements so that organizations can demonstrate to their stakeholders that their commitments to privacy and data protection go beyond transactional and technical trust. At the end of the day people trust, or don't trust, organizations - not the technologies that the organizations use. This session will provide you with an up-to-date report on the development of these standards and requirements and also provide you with an opportunity to provide input into their development.

Event Recording
Panel | Deliver on the Promise of an Identity Fabric: The Power of Data
May 11, 2022

Digital identities of consumers, customers, business partners, employees, but also devices, things, or services are at the core of the digital business.  Unfortunately, most digital identities reside in siloes. Building a modern Identity Fabric that delivers seamless yet secure and controlled access from everyone and everything to every service requires breaking down the legacy identity siloes, and building a modern, flexible, identity data foundation.