Event Recording

GAIN in 2023 - and Beyond

Show description
Speakers
Elizabeth Garber
Co-Founder & Chief Product Officer
IDPartner
Elizabeth Garber
Elizabeth Garber is co-founder and Chief Product Officer of IDPartner, a startup that puts people in control of their digital identities. Her background includes leading the Open Digital Trust Initiative at the Institute of International Finance and co-chairing the OpenID Foundation's GAIN...
View profile
Nick Mothershaw
Chief Identity Strategist
The Open Identity Exchange
Nick Mothershaw
Nick is Chief Identity Strategist at the Open Identity Exchange, a community for all those involved in the ID sector to connect and collaborate, developing the guidance needed for inter-operable, trusted identities. Through OIX’s definition of, and education on, Trust Frameworks we create...
View profile
Playlist
European Identity and Cloud Conference 2023
Event Recording
Closing Keynote
May 12, 2023
Event Recording
Wallets as a New Class of Super Apps in the Financial Industry and Beyond
May 11, 2023

Open banking has changed our world, enabling citizens and businesses to create a holistic view of our financial lives. “Superapps” will combine our digital identities with other domains.

Imagine a future where we can view, add, update, or remove our digital identity attributes as easily as we can manage these credentials in our physical wallets today. Further imagine that through the same lens, we can view and control which people and businesses have access to what identity data, for how long and for what purpose and attend to our financial business. “Superapps” will enable us to do exactly that as well as enable us to minimize attributes shared to suit the situational needs.

Beyond the self-evident value to us in terms of ease of use and control, imagine the efficacy that this approach will have on culling fraud when there is no need to expose all of our details with every interaction in the digital universe. Join the conversation to understand what public, private, and standards initiatives are available today and how these need to expand in support of “Superapps”.

Event Recording
Zero Trust in an Industry Where Trust is Key
May 11, 2023

How does a Financial Institution deploy a Zero Trust Model where employees and consumers need access to so much vital data in near real time.

Event Recording
Tech Guidance in the Era of Polycrisis & AI-Driven Disruptive Change
May 11, 2023

The most interesting thing about recent AI innovations in the field of LLMs (Large Language Models) such as ChatGPT is that there is not much discussion going on about the effects LLMs will have on our daily lives, the way we consume information, seek guidance and the way we create information. Will we still need Identity Governnance Tools in 5 years time or will a universal cyber-AI have taken over the task of securely running the enterprise you currently work for? What about Tech Analysts and their guidance work? Will 90% of their work be done by non-humans? In this session we will try to jointly find answers on how tech guidance and consulting/advisory will change and, at least partly, disappear.

And this is how ChatGPT would write the Abstract of this discussion:     

The session on "Tech Guidance in the Era of Polycrisis & AI Driven Disruptive Change" will examine the increasing disruptive pressure on today´s business models caused by an evolving landscape of AI driven technology and the critical role of tech analysts to help organizations navigate the challenges and opportunities presented by the convergence of multiple crisis and the rapid pace of technological change.

Topics to be covered include the evolving role of tech analysts in an AI-driven world, the importance of understanding the ethical implications of technology, and the impact of technological change on job markets and society as a whole. The session will also delve into the challenges of staying abreast of an increasingly complex and rapidly changing technological landscape, as well as the importance of fostering a culture of innovation and collaboration within organizations.

Attendees will have the opportunity to engage with speakers and other participants in a lively discussion of these critical issues, gaining valuable insights into the future role of tech analysts in helping organizations succeed in an era of polycrisis and AI-driven change and disruption.

Event Recording
Urban Planning and Identity with Slime Mold or: How I learned to Stop Worrying and Learn from the Blob
May 10, 2023

In 1994, Italian physicist Cesare Marchetti discovered something: cities expand as a function of transportation speed. In short, “transportation is the lifeblood of a city.” Innovation in transportation has driven the expansion of cities—from small, walkable areas to the sprawling, car-based metropolises, presenting a challenge for urban planners.

Identity in the modern organization faces a similar challenge: if transportation is the lifeblood of cities, then identity is the lifeblood of organizations. And our organizations are not ancient, walkable Rome, but modern, sprawling Atlanta—with identities and resources widely strewn around the globe.

Like urban planners, we face a nearly-intractable challenge: how can we provide access to resources and data easily while still meeting the stringent demands of security and compliance?

Thankfully, there appears to be a solution for both urban planning *and* identity, albeit from an unexpected source: Ordinary slime mold. Aka, “The Blob.”

We’ll learn from this simple organism, describe how its simple actions create complex systems that solve these sorts of “unsolvable” problems, and see how the Blob might “think” about identity.

Event Recording
Entitlements - Claim vs. Reality
May 10, 2023

The claim or desire for authorizations, permissions and the rights set in practice often have a wide divergence. Typically, more rights are assigned unconsciously than were actually required.

The resulting vulnerabilities can have significant consequences therefore, it is essential to be able to monitor the true permissions at any time, regardless of how the permissions have been set. It is almost impossible to manage monitoring manually, even in small environments. Therefore, independent automatisms that can automatically explore, analyze and report the real settings are becoming a requirement.

In this session we will show you how Cygna Labs can support you in these challenging tasks and thereby ensure and improve security in your company.

Event Recording
Zero Trust: Where do We Want to be in Five Years?
May 11, 2023

The digital-first customer experience and remote-first workforce pushed zero trust from buzzword to reality. And yet, much of the conversation is still heavy on theory and light on practice. Cyentia completed a global study of high-level practices which measurably contribute to a more successful cybersecurity program based on a rigorous survey of nearly 5,000 practitioners. Within that study, we analyzed commonalities of organizations implementing and operating Zero Trust. Let's look closely at where we are today.

Now imagine it is 2028. You’re five years into your Zero Trust transformation. People like it and usability has improved. Defensibility is better, too, with a number of attacks having been stopped over the past couple years. But then, in 2028, you get the call. There’s been a security breach. What happened!? This session will explore the future with a pre-mortem on how breaches will look under a Zero Trust architecture.

Event Recording
Building a Rich Workload Identity Stack with SPIFFE and OPA
May 11, 2023

What’s the highest value platform feature you can offer your Kubernetes tenants? It might be standardizing workload identity and policy controls. In this session, we will discuss desirable properties for a workload identity and present a modern architecture built on SPIFFE and cert-manager which uses Open Policy Agent (OPA) for policy decisions. This should leave you with actionable ideas to help you re-evaluate your workload identity functionality and security posture.

Event Recording
Managing your Code-to-Cloud Security Risks in a Multi-Cloud Environment
May 10, 2023

The shift to multi-cloud introduces a wide range of cloud security risks that remain unaddressed due to the siloed approach and limited focus of existing cloud security tools. Most cloud security tools offer highly focused solutions that are limited in scope and capabilities to address the growing spectrum of multi-cloud security risks. The convergence of IAM and multi-cloud security tools (CSPM, CWP and CIEM) offer a cloud security platform that takes an integrated approach to securely manage identities and their access entitlements to cloud resources for cloud-native application development, deployment and operations in the cloud. In this session, we will discuss:

  1. What are the emerging archetypes of IAM and multi-cloud security tools convergence?
  2. What are the essential building blocks to effectively address your code-to-cloud security risks in a multi-cloud environment?
  3. What are the industry best practices and recommendations to deploy and operationalize multi-cloud security tools for best results?
Event Recording
Cyber Insurance Claims & Denials
May 12, 2023
Event Recording
Lessons Learned from More Than 6 years of CIAM in a Media Company
May 10, 2023

As an international media company we’ve been dealing with rapid digital transformation for a bunch of years now. One of the corner stones of our strategy is identity & access management for millions of users and customers. Over the last 6 years we’ve gone through many iterations of our Identity platform; from a fully managed SaaS platform to our own custom built solution. In this talk we’ll share our journey with you and highlight some of the challenges we’ve faced, how we’ve dealt with them and why we believe our homegrown platform has been the right choice for the company.

Event Recording
Why Active Directory is the Prime Cyber attack Target - and what to do about it!
May 10, 2023

For more than two decades, Microsoft Active Directory (AD) has been the de facto method organizations use to authenticate and authorize users for access to computers, devices, and applications within a company’s network. Most companies still rely on it and have further extended its reach into the cloud by synchronizing their on-prem AD with the Microsoft Azure AD to allow proper SSO to cloud-applications by their users. AD is celebrated for its extensive compatibility with various applications and Windows editions, but that compatibility comes with security downsides.

Compromises of Active Directory can occur as an entry point leading to a further attack or can arise at various other points along the kill-chain following an initial compromise via some other mechanism. Even in cases where a compromise is gained following an attack on applications or infrastructure directly, it is frequently infeasible for an attacker to progress further without elevating privileges, making Active Directory a primary target in an overall breach strategy.

It is therefore important that Active Directory defense tools are paired with a wider Zero Trust and XDR approach to provide full visibility over organizational infrastructure, enabling security teams to accurately identify the point of origin of an attack, and to perform the containment and remediation actions required to neutralize and prevent reoccurrence of an attack.

Join Principal Technologist, Guido Grillenmeier, to discuss AD access points used in recent cyberattacks, security risks to watch for in managing AD with Azure AD, how to look for warning signs that AD has been compromised and steps to take in the event of an attack.