Event Recording

The Human Factor & Access Governance

Show description
Speaker
Vlad Shapiro
Founder and CEO
Costidity Inc.
Vlad Shapiro
Vladislav is driven by a deep curiosity for understanding human behavior; especially at the intersection of technology and decision-making. A noted expert in IGA, Vlad is a founder of Costidity Inc, author of “Costidity: The Cost of Human Factor”. Vlad is NPR Cube creator, a patented...
View profile
Playlist
European Identity and Cloud Conference 2023
Event Recording
The European Union Goes Decentralized - Standards and Technical Architecture Behind eIDAS V2
May 12, 2023

The European Union’s regulation on Digital Identity, eIDAS, is currently being overhauled to adopt decentralized identity principles. The goal is to provide all citizens and residents across the EU with highly secure and privacy preserving digital wallets that can be used to manage various digital credentials, from eIDs to diplomas to payment instruments. Decentralized identity principles aim at giving freedom of choice and control to the end-user. Ensuring security and interoperability, however, will be challenging — especially in the enormous scale in terms of users and use cases the EU is aiming at. The choices made in eIDAS will have a huge impact on digital identity in the EU and beyond.

The so-called “Architecture and Reference Framework” (ARF) defines the technical underpinnings of eIDAS v2. Many experts from the member states and the Commission have been working on this framework over the last year, trying to select the best combination of technologies and standards out of the enormous number available in the market today. This talk will introduce the ARF and explain what architectural patterns and technical standards are adopted and how the challenges mentioned above are addressed in order to leverage on the vision of the eIDAS v2 regulation.

Event Recording
Cyber Insurance as a Damage Mitigation Strategy
May 12, 2023

Digital transformation came with a wide range of advantages, but it also opened the door to potential cyberattacks. Every organization faces the risk to be the target of a cybercrime, but the transition to business digitalization leaves a greater room to present vulnerabilities in the system, and if attackers happen to identify them, the attack will occur. The world is changing rapidly, and companies must change with it, and so insurers see their possibility to break into the market. Is it worth to have a cyber-insurance policy? Does it cover all the damages? What is the extent of insurers responsibilities and the company one? Could these cases go to court and under what conditions? 

Event Recording
State and Future of Digital Identity – Results from a KuppingerCole Study
May 10, 2023

KuppingerCole conducted a series of polls over the past months, gathering data about the state and future of IAM. Together with the ongoing market sizing analysis and predictions of the KuppingerCole analysts, we’ve created a study providing insight into our assessment of the current state of the IAM market as well as where we see the market evolving. Martin Kuppinger, Principal Analyst at KuppingerCole Analysts, and Marina Iantorno, Analyst at KuppingerCole Analysts, will present selected results from that study and share their perspectives on the evolution of the IAM market.

Event Recording
AI Governance & Regulation - How to Prepare for the Inevitable
May 12, 2023

For many years public concern about technological risk has focused on the misuse of personal data, with GDPR, most hated and loved at the same time as one of the results. With the huge success of LLMs and generative AIs such as ChatGPT,  artificial intelligence soon will be omnipresent  in products and processes, which will shift regulator´s attention to the potential for bad or biased decisions by algorithms. Just imagine the consequences of a false medical diagnose, or of a correct diagnose created by an AI and then not accepted by the doctor. Not to mention all the other fields where bad AI can be harmful, such as autonomous cars or algorithms deciding on your future credibility. Inevitably, many governments will feel regulation is essential to protect consumers from that risk.

In this panel discussion we will try to jointly create a list of those risks that we need to regulate the sooner the better and try to create an idea on how this future regulation will impact the way we use AI in our bsuiness and private lives.

Event Recording
Market Overview: Secure Access Service Edge (SASE)
May 11, 2023

The term secure access service edge (SASE) has become popular in recent months and has been adopted by numerous vendors. SASE stands for a concept that integrates a range of cloud-native security services including cloud access security brokers (CASB), firewall as a service (FWaaS), secure web gateways (SWG), and zero-trust network access (ZTNA), with wide-area network (WAN) capabilities for delivering both directly to any edge computing location. In this session, KuppingerCole´s John Tolbert will give an overview of the market for SASE solutions and provide a compass to help buyers find the product that best meets their needs. KuppingerCole examines the market segment, vendor capabilities, relative market share, and innovative approaches to providing SASE solutions.

Event Recording
Safeguarding IoT/OT/IIoT Devices, Their Identities and Communication with Autonomous Networking
May 11, 2023

Autonomous networking aims at the appropriate handling of the growing number of devices, machine, sensors and components for which authentication and authorization must be ensured, i.e., identities must exist. The initial provision of such identities, but also the handover and onboarding into the respective operational environment (WiFi, smart home, factory floor) require scalable, automated, end-to-end secured procedures and concepts to facilitate trusted communication, but also e.g., the provision of made-to-measure updates.
Making IoT/OT/IIoT identities and networks secure by design is essential. ACP (Autonomic Control Planes) and BRSKI (Bootstrapping Remote Secure Key Infrastructure) lay one foundation for achieving this.

Event Recording
OpenWallet Deepdive
May 10, 2023
Event Recording
Market Overview: Privileged Access Management Solutions & the Pamocracy
May 11, 2023

In this session, KuppingerCole´s Paul Fisher will give an overview of the market for Privilege Access Management (PAM) platforms and provide a compass to help buyers find the product that best meets their needs. KuppingerCole examines the market segment, vendor capabilities, relative market share, and innovative approaches to providing PAM solutions. He will also explain how the new Pamocracy is affecting the market.

Event Recording
Market Overview CIAM: Customer Identity & Access Management
May 12, 2023

This session provides an overview of the CIAM solution market and provides you with a compass to help finding the solution that best meets your needs. In a recent Leadership Compass, KuppingerCole´s Senior Analyst John Tolbert examined the CIAM market segment, product/service functionality, relative market share, and innovative approaches to providing SOAR solutions.

Event Recording
From Local to Global: ABB's New Platform-First IGA Program
May 09, 2023

Identity governance and administration (IGA) is a mission-critical part of every business as it relates to security, compliance, and operations. For large, global enterprises like ABB, finding the right identity solution is especially important—and especially complex. With operations in over 100 countries, 180,000 employees and contractors, 13,000 servers, 6,500 applications, more than 100 HR systems, and a complex Active Directory implementation, this was a challenging undertaking. 

In this session, attendees will learn how ABB leveraged its existing IT Service Management (ITSM) provider, ServiceNow, and Clear Skye, an identity governance and security solution built natively on the platform, to overcome the business complexities of implementing IGA. By aligning once locally managed systems across the business in one platform, ABB saves time, money, and frustration often associated with new tech integrations and onboarding processes. Stefan Lindner, Global Identity and Access Manager, will discuss how a strategic, platform-first approach to identity enables ABB to: 

  • Maximize its current tech investment in ServiceNow 
  • Eliminate the use of multiple, siloed tools, applications, and processes 
  • Deliver an easy, familiar user experience for employees
Event Recording
Make Decentralized Identity work in the real world with Decentralized Ecosystem Governance
May 11, 2023

Decentralized identity has long been seen as a solution to the interconnected problems of verification, privacy, and security online, but now that it is being deployed in the marketplace, how does it manage the complex information flows and rules required by enterprises and governments? Much theoretical discussion has focused on what should happen, but in this conversation, we’ll discuss what actually happens when a customer implements a decentralized identity solution. We’ll explain why decentralized ecosystem governance is preferred to centralized trust registries, the importance of portable trust, automation, updating, and offline functionality, and why customers need to be able to choose between hierarchical and distributed governance.

Event Recording
Why Active Directory is the Prime Cyber attack Target - and what to do about it!
May 10, 2023

For more than two decades, Microsoft Active Directory (AD) has been the de facto method organizations use to authenticate and authorize users for access to computers, devices, and applications within a company’s network. Most companies still rely on it and have further extended its reach into the cloud by synchronizing their on-prem AD with the Microsoft Azure AD to allow proper SSO to cloud-applications by their users. AD is celebrated for its extensive compatibility with various applications and Windows editions, but that compatibility comes with security downsides.

Compromises of Active Directory can occur as an entry point leading to a further attack or can arise at various other points along the kill-chain following an initial compromise via some other mechanism. Even in cases where a compromise is gained following an attack on applications or infrastructure directly, it is frequently infeasible for an attacker to progress further without elevating privileges, making Active Directory a primary target in an overall breach strategy.

It is therefore important that Active Directory defense tools are paired with a wider Zero Trust and XDR approach to provide full visibility over organizational infrastructure, enabling security teams to accurately identify the point of origin of an attack, and to perform the containment and remediation actions required to neutralize and prevent reoccurrence of an attack.

Join Principal Technologist, Guido Grillenmeier, to discuss AD access points used in recent cyberattacks, security risks to watch for in managing AD with Azure AD, how to look for warning signs that AD has been compromised and steps to take in the event of an attack.