Event Recording

The Art of Creating a Framework for Responsible AI

Dr. Evelyne Sørensen, LL.M.
Business Lawyer
Dr. Evelyne Sørensen, LL.M.
Dr. Evelyne Sørensen, LL.M. specializes in international data protection law. As a business lawyer at the law firm activeMind.legal she enables international groups and companies to handle complex data processing and international data transfers in a GDPR compliant way. Evelyne holds a...
View profile
European Identity and Cloud Conference 2023
Event Recording
The Future role of PAM: Securing any Privileged Workload & Access
May 11, 2023

PAM (Privileged Access Management) is one of the established core disciplines within IAM. PAM also is the IAM discipline that is changing most from what it has been in the past.

On one hand, there is the impact of CIEM & DREAM, Cloud Infrastructure Entitlement Management or Dynamic Resource Entitlement & Access Management. This is about the expansion of PAM beyond humans accessing servers and selected applications towards any type of human and non-human (silicon) identity accessing any type of workload, from servers to dynamic cloud resources. This also implies an expansion from serving static data center infrastructures to dynamic workloads in today’s agile IT. PAM is changing, with more parties involved – a “PAMocracy”, as KuppingerCole Analyst Paul Fisher recently named it.

These changes also require expansions in integration to other IT services. There needs to be a dynamic governance approach, where IGA comes into play. It requires rethinking whether PAM tools really should care for authentication. There is no need for authentication point solutions in an age where most organizations have a strong Access Management solution with MFA, passwordless authentication and adaptive, risk- and context-based access in place. Finally, this new PAM must integrate with the DevOps tools chain for permanent updates about new code and the resources used as well as with IT Asset Management for an always up-to-date insight into the ever-changing, dynamic IT landscape that needs to be protected.

Also worth to think about is integration with further security solutions, beyond the standard SIEM/SOAR integration. AI-powered security solutions are one aspect. Integration to Cloud Security Posture Management is another example.

In this panel, the state and requirements on the future PAM will be discussed.

Event Recording
Why Many MFA Programs Fail Strong Authentication Cyber Insurance Criteria - And What to do About It.
May 12, 2023

Like many businesses, you started the MFA journey and might even consider it at a level of maturity. Yet, when questioned to rate compliance coverage or cyber insurance requirements for strong authentication business-wide, do you have a moment?

Workforce identity workflows are complicated, with an extensive portfolio of assets and legacy applications that create gaps in strong authentication coverage. However, organizations need to trust nothing and no one - and have to prove strong authentication is in place to regulators and cyber insurance underwriters.

In this session we will explore ways to strengthen your authentication system and fill coverage gaps:

  • Understand how MFA program can overcome strong authentication challenges from legacy applications and privileged users
  • Get tactics and strategy recommendations that accelerate your journey to Full Passwordless
  • Learn from our real-world experiences in meeting MFA challenges head-on
Event Recording
3 Dimensions of Digital Sovereignty
May 09, 2023

Digital sovereignty has become an important topic for individuals as well as a strategic issue for countries and businesses, allowing them to operate in an environment that they trust and can control. This necessitates technology that is not overly reliant on third parties, where there is a risk of misuse of trust or non-compliance.

In this session, we will explore 3 dimensions of digital sovereignty related to identity:

  • Sovereignty of the Individual: The need to protect the individual has triggered privacy laws around the world, like GDPR. Providing end users with more control is now taken one step further with the adoption of the so-called "Self-Sovereign identity (SSI)" and "identity wallets." With SSI, users are in powerful control of their personal data, resulting in a privacy-first user experience.
  • Geopolitical Sovereignty: According to geopolitical sovereignty, data about citizens is subject to the laws and governance of the nation or state to which they belong. As data and the behavior of people become more valuable for countries, the transfer of data is regulated by laws like the US Cloud Act and GDPR. Compliance with cross-border data transfers is becoming more important than ever. 
  • Organisational Sovereignty: Organizations want to protect the interests of their employees, gig workers, customers, and business ecosystem. They also have to comply with multiple data sovereignty laws in various countries (for example, Schrems II, CCPA, LGPD, and so on). This leads to questions like, "Where is my data?" "Who has access?" and "Who holds the keys?" The more global organizations are, the more complex this process is due to the numerous local regulations they have to follow.
Event Recording
How to Manage Complex Clouds Based on Cyber Resistance
May 12, 2023

You have probably heard about Cyber Resilience, and how about Cyber Resistance? What should be the differences between the two terms in the context of Cybersecurity? Cyber Resistance is the same or not?

Prioritizing where to focus efforts first when attack scenarios are almost endless is a complex task. There are often millions of potential attack paths. Most organizations do not know what those paths are or how to prioritize which ones to close first if they can be closed at all.

During this presentation, we will be understanding the differences between Cyber Resistance and Cyber resilience, and how we can apply both concepts to our current technology landscape, besides understanding how we can identify the High-Value Target (HVT) in your organization.

Event Recording
Identity Data, Observability & Analytics - The Road to Identity First Security
May 10, 2023

Data is foundational to business intelligence - but how do you translate that into identity governance? Today’s enterprise has unprecedented levels of real-time, rich identity data across multiple parallel sources. More data leads to more predictive power in machine learning algorithms. These runtime data driven insights can become a central component to a systematic compliance and risk management strategy. This session will highlight how identity data can be used to uncover patterns, anomalies, and outliers and radically improve decision making, supporting your Identity First Security strategy.

Event Recording
Cyber Insurance as a Damage Mitigation Strategy
May 12, 2023

Digital transformation came with a wide range of advantages, but it also opened the door to potential cyberattacks. Every organization faces the risk to be the target of a cybercrime, but the transition to business digitalization leaves a greater room to present vulnerabilities in the system, and if attackers happen to identify them, the attack will occur. The world is changing rapidly, and companies must change with it, and so insurers see their possibility to break into the market. Is it worth to have a cyber-insurance policy? Does it cover all the damages? What is the extent of insurers responsibilities and the company one? Could these cases go to court and under what conditions? 

Event Recording
The Art of Privilege Escalation - How Hackers Become Admins
May 11, 2023

Privilege escalation is also one of the most common techniques attackers use to discover and exfiltrate sensitive valuable data. From a hacker’s perspective, privilege escalation is the art of increasing privileges from the initial access, which is typically that of a standard user or application account, all the way up to administrator, root, or even full system access. With NT AuthoritySystem access or on Linux the root account, attackers have full access to one system. With Domain Administrator access, they own the entire network.

• Top Methods of Privilege Escalation on Windows and Linux
• Common Tools used to identify Privilege Escalation
• And more...

Event Recording
Best Practice: Empowering the Vision of the IoT with Decentralized IAM
May 11, 2023

How Self-Sovereign Identity (SSI) enables decentralized Identity and Access management for Things

  • The Challenges of IoT and Identity 
  • SSI key elements in a nutshell 
    • Decentralized Identifier (DID)
    • Verifiable Credentials (VC)
    • The role of blockchain / DLTs
    • How the elements work basically together
  • The SSI advantages / disadvantages in general and for IoT
  • Can SSI replace “traditional” Identity and access solutions and how? 
    • The IoT possibilities filancore enables with SSI

From SSI zero to hero – ETO`s digital & IoT transformation in practice

    • From or need to vision, strategy and IoT-SSI in operation
      • Our innovation, organization, and technology problems from back then
      • SSI as a competitive chance
    • ETO`s SSI strategy and roadmap – where we started, are and going
    • Our SSI High-Level Architecture and IoT product innovation(s) [decentralized IAM in use]
    • Our lessons learned and take-aways with SSI
Event Recording
Reduce Certification Fatigue with Effective Role Management
May 10, 2023

IAM and security leaders end up certifying far more access than necessary, owing to a failure to classify business resources. Furthermore, business users pay the price because they must spend an inordinate amount of time filling out these lengthy surveys. Benoit will show how to reduce certification fatigue through robust role management, which helps business users achieve better results while taking less time out of their day.

Event Recording
The ID-Wallet in Germany’s eHealth Sector from Jan 1st 2024
May 12, 2023

Germany's healthcare sector will introduce its own ID wallet called "Sectoral IDP" for all statutorily insured persons on 01.01.2024. The issuers of the wallet are the health insurance companies, and approval will be granted in accordance with the extensive specifications of gematik (the regulatory authority). The ID attributes are issued by 2 issuers: PID and health insurer. The sectoral IDP is based on the OpenID Connect (core and Federation), Open Authorization 2.0 (OAuth 2) and JSON Web Token (JWT) standards. The presentation will describe the specific gematik requirements for product and operations of the ID wallet as well as their possible implementation. Despite the closed system in eHealth (Telematics Infrastructure) by definition, bridges to developments of ID wallets outside the sector such as EU, AML and eIDAS will be shown.

Event Recording
Best and Worst Practices of Digital Wallets User Experience
May 10, 2023

Digital identity wallets are central components for Decentralized and Self-Sovereign Identity (SSI) approaches. They are the interface for users to manage their identities and gain access to services. Hence, the usability and user experience of these wallets is pivotal for the adoption of those popular and privacy friendly identity management concepts.  This talk will summarize research findings into naming some of the Best and Worst Practices to be considered in the further development of the user experience of Digital Wallets.

This talk would highlight multiple studies, publications, and projects that I have done on this topic.  However, if you would prefer another topic, I could propose another talk idea that would be related to other identity topics in either the Digital Wallets, mGov/eGov Services, or Trust Management.

Event Recording
Oh, How the Identity Industry Has Changed!
May 12, 2023

Since IDPro began its skills survey in 2018, we have seen technologies rise and fall and how IAM practitioners continue to struggle to feel proficient in their field. From the decline in directories to the power of personal identity, the IAM field is certainly not boring!

In this session, we’ll take a look at the trends over the last several years as seen from the IAM practitioners’ perspectives on the state of the industry, their professional goals, and their alignment with their employers. We’ll also consider what has changed – and what hasn’t – when it comes to our demographics and the diversity of the field. We will also offer some teasers of the results of the most recent IDPro Skills, Programs, & Diversity Survey, which closed in March 2023.

Attendees will leave the session with a better understanding not only of the state of the industry but what skills they might want to consider adding to their repertoire for the coming year.