Event Recording

Building the Roadmap for Your Future IAM | Workshop

Speakers
Martin Kuppinger
Principal Analyst
KuppingerCole
Martin Kuppinger
Martin Kuppinger is Founder and Principal Analyst at KuppingerCole, a leading analyst company for identity focused information security, both in classical and in cloud environments. Prior to KuppingerCole, Martin wrote more than 50 IT-related books and is known  as a widely-read columnist...
View profile
Dr. Phillip Messerschmidt
Lead Advisor
KuppingerCole
Dr. Phillip Messerschmidt
Dr. Phillip Messerschmidt joined KuppingerCole in January 2021 as Advisor & Analyst. Prior to this, he worked for various management consultancies, primarily advising major banks on challenges related to the IT security infrastructure topic of identity and access management (IAM). His focus...
View profile
Christopher Schütze
Cybersecurity Practice Director & Chief Information Security Officer
KuppingerCole
Christopher Schütze
Christopher Schütze has been working as Director Practice Cybersecurity and Lead Analyst for KuppingerCole Analysts AG since 2019. Prior to that, he was Head of Cloud Security at an auditing company and working at two integrators for identity and access management. He has provided clients...
View profile
Playlist
European Identity and Cloud Conference 2023
Event Recording
Leveraging Decentralized Identity Approaches in the Enterprise
May 11, 2023

In this session, Martin Kuppinger, Principal Analyst at KuppingerCole Analysts look at the potential of utilizing DID approaches within the enterprise. This session will look at the business benefits, the steps involved, important considerations, challenges, pitfalls, and recommendations for implementing decentralized identity. Martin will explain the potential and look at how this will impact existing technologies such as IGA, PAM, and Access Management, and how this relates to other trends such as WfA, BYOD, Policy-based Access, and more. He also will outline where interoperability and standards must further evolve to enable organizations in re-inventing their IAM, without ripping everything apart. He will discuss the steps involved, important considerations, challenges, pitfalls, and recommendations for implementing decentralized identity in the enterprise.

Event Recording
Cyber Insurance: Results from a Recent Survey
May 12, 2023

After several tumultuous years, the cyber insurance safety net is in question as costs rise and coverage contracts. Research conducted with IT security professionals to understand the real-life experiences companies have in obtaining and using cyber insurance.In this session we’ll unpack the survey findings and put them in context. Join the discussion to prepare for your next cyber insurance assessment so you end up with coverage and rates that accurately reflect your organization’s risk profile.

Joe Carson will talk about

  • The factors driving the skyrocketing costs of cyber insurance
  • The role Boards of Directors play in driving demand for cyber insurance
  • Fine print to check before finalizing your cyber insurance policy

And help you find answers to these questions

  • What security controls do cyber insurance companies expect you to have?
  • What cyber incidents are excluded from cyber insurance policies?
  • What recovery costs does cyber insurance cover?
Event Recording
Rogue on Steam? Risks and Rewards of a Seamless Digital Life in the Metaverse
May 10, 2023
Event Recording
Revolutionizing Identity Governance and Administration with Low-Code Bot Automation
May 11, 2023

Identity Governance and Administration (IGA) is critical for ensuring the security of an organization, but it can also be a complex and time-consuming process. Join us for an engaging conversation on how Identity Governance and Administration Bot Flow (IGABotFlow) is revolutionizing the IGA field. This new approach combines the power of low-code orchestration, bot technologies, and a visual interface to simplify the management of access to sensitive information and resources while improving security.

"Citizen developers" will learn how to use IGABotFlow to automate complex business processes, including identity-related tasks, with low code visual tools. Additionally, attendees will discover how bots can proactively monitor and respond to events and changes in data, performing tasks and interacting with users without explicit requests. IGABotFlow is a game-changer in the field of identity governance and access management. Attendees will learn about the use cases where this technology could make a difference in their organization.

Event Recording
Interworking of Verifiable Credential Products
May 10, 2023

The EU funded Next Generation Internet (NGI) Atlantic project "Next Generation SSI Standards" and the Walmart funded Jobs for the Future (JFF) Plugfest, both have the same aim of fostering wide scale adoption of Verifiable Credentials. They are doing this by funding global interworking of Verifiable Credentials products from many different suppliers located in Europe, the USA and Asia. The NGI Atlantic project is committed to using the OpenID for Verifiable Credentials (OIDC4VCs) draft standard specifications, whilst JFF is allowing the 30+ participants to decide amongst themselves which protocols to use. Three protocol suites have been chosen: OIDC4VCs, VC-API with CHAPI, and DIDComm.

This presentation will provide an overview of the two projects, will provide an overview of the 3 protocol suites that have been chosen, and will present the results of the interworking trials.

The NGI Atlantic project will finish in December 2022, and besides interworking trials, will deliver an open source test suite that suppliers can use to test their implementations for conformance to the OIDC4VCs protocol suit for both credential issuing and verification. Some tests are being added to the W3C CCG Traceability test suite (written in POSTMAN) and some are being added to the Open ID Foundation's existing OpenID Connect conformance test suite (written in Java).

The JFF Plugfest will finish in 1Q2023. In November 2022 each VC Issuing software supplier must demonstrate the issuing of a verifiable credential to the wallets of at least two different wallet software providers, whilst each wallet software provider must obtain a verifiable credential from at least two other VC Issuing software providers. In February 2023 VC wallets must demonstrate the presentation of a Verifiable Presentation/Verifiable Credential to at least two different verification software suppliers, and each verifier must demonstrate that it is capable of accepting a VP/VC from at least two different wallets.

The success of these projects should catapult the acceptance of inter-workable verifiable credential products to the market.

Event Recording
How do You Know Who to Trust?
May 10, 2023

OpenID Connect Federation enables trust establishment at scale and is being deployed to do so in Europe.

A key question when granting access to resources is “Who do you trust?”.  It’s often important to know who the party is that you’re interacting with and whether they’ve agreed to the terms and conditions that apply when accessing a resource.

OpenID Connect enables identities of participants to be securely established but doesn’t answer the question of whether a participant is trusted to access a resource such as your personal data.  A complementary mechanism is needed to do that.  In small-scale and static deployments, it’s possible to keep a list of the trusted participants.  However, in large-scale and dynamic deployments, that doesn’t scale.

This presentation will describe how the OpenID Connect Federation protocol enables scalable trust establishment with dynamic policies.  It does so by employing trust hierarchies of authorities, each of which are independently administered.  Examples of authorities are federation operators, organizations, departments within organizations, and individual sites.

Two OpenID Connect Federations are deployed in Italy, enabling secure access to digital services operated by Italian public and private services with Italian digital identities.  This presentation will also describe why OpenID Connect Federation was selected for them and how it meets their needs.  OpenID Connect Federation is being used by the GAIN PoC.  A public deployment is also being planned in Sweden.

Event Recording
Managing Your Enterprise Security Posture to Avoid Web3 and Smart Contract Breaches. Practices & Lessons for Enterprises with Case Studies
May 11, 2023

Web3 is a revolutionary changing aspect of technology in the current era but protecting Web3 will be a challenge considering how smart contracts are challenging. New businesses utilizing blockchain technology are more focused on business while their different assets need eyes, such as the most vulnerable DApps and Web3 services.

Decentralized applications, commonly referred to as dApps, are not controlled by a single point of authority. Instead, they run on a blockchain or a P2P network, making them more complex and riskier than traditional applications.

In this talk, we'll discuss how hackers are utilizing their techniques to attack web3 and smart contracts and what are best practices for enterprises to prepare for the challenge.

Event Recording
IGA Everywhere - Creating your Future Security Ecosystem
May 10, 2023

Identity Governance and Administration (IGA)is a core component of Identity and Access Management (IAM) infrastructure and refers to integrated solutions that combine Identity Lifecycle Management (ILM) and Access Governance. IGA helps to cut costs, increase security, improve compliance, and give users access to the IT resources they need.

Depending on maturity in terms of IAM, some organizations may need to bolster their capabilities in ILM while others need to focus on Access Governance. But most organizations are looking for a comprehensive IGA solution, that combines traditional User Access Provisioning (UAP) and Identity and Access Governance (IAG).

Event Recording
Spicing up Authorization - A Zanzibar inspired approach
May 11, 2023

As a global OEM of highly critical and complex industrial devices, managing access to hundreds of millions of IIoT device resources spread across customer sites all around the globe is already a challenging task.  
Use cases for providing a digital service platform need to address end customers accessing devices owned by themselves as well as priviledged access for in house and third party analytics applications and serice personnel. A combination of requirements for excelent user experience, authorization management and high performance for cross-tenant queries for endless scenarios can become a nightmare.  
The task was to analyze the access requirements, abstract them and then deploy a “Zanzibar” inspired approach to manage access authorizations with a swift and reliable backend architecture, able to handle millions of information assets to be protected against unauthorized access.  
Creating a mere access model does not do the full trick - it has to be cleverly designed into data storage structures and queries to achive the required performance goals!  
The talk quickly introduces the problem set and then dives deeper into how to implement data storage optimization magic to get quick response times and swift adjustments of authorizations.

Event Recording
Identity Security Implementation and Deployment in KONE
May 11, 2023

In this talk, Krishna Balan Kannappan will describe Kone´s path to a holistic and integrated Identity Security infrastructure.

  • IDM Deployment in KONE includes Lifecycle management of KONE Internal Users and non person accounts. Automated Processes in IDM ensures that minimum accesses required for Internal Users are granted automatically based on User Attributes and all accesses are removed automatically when user leaves the organization. Non Person accounts are hardened automatically based on the usage.
  • Applications authorization is managed by IDM using various provisioning mechanisms.
  • Applications authentication is controlled by Azure AD, MFA enabled is mandated for all applications and end users.
  • Admin Accounts used for Accessing KONE Infrastructure and Workstations are managed in IDM(Microsoft recommended Tier based model is used).
  • Self Service allows Role Owners and Account Owners to Create Access Reviews, Manage Passwords, Manage Access.
  • KONE SOC team uses IDM for performing emergency actions to disable/enable/reset Password of AD Accounts.

Privilege Access Management:

  • KONE uses PRIVX as the PAM Solution for allowing access to Infrastructure. PAM is integrated with IDM for authorizations. PAM Solution ensures KONE Infratructure cannot be accessed outside PAM by access controls and continuous monitoring.
  • PAM Uses Separate MFA for added Security.
  • Automations are implemented to onboard/offboard Application servers into PAM

DevSecops model is used for Development, automated deployments, Security Scans and automated Testing.

Event Recording
EU Wallet – eIDAS 2.0: The New European Identity Framework is a Gamechanger
May 10, 2023

The existing eIDAS governance framework for digital identity is fragmented for different regulated markets in different EU countries. Today identity provider solutions for finance, healthcare and other regulated markets follow central approaches for the management of identities and consent in high secure data center environments and using legacy standards (e.g. OIDC, central public key infrastructure).

eIDAS 2.0 creates a EU wide identity ecosystem with adapted new standards, new stakeholders and a focus on using mobile devices. The existing roadmap allows to anticipate three to five years (or more) transition. For banking, insurance, healthcare or the public sector it is time to adopt these standards in their digital transformation strategy.

Based on the Gematik requirements for a federated identity provider with central OIDC compliant resource and authorization server Comuny shifted relevant identity provider functions (data storage + token generation) on the mobile device.

The speakers will describe challenges and solutions for this regulated market. They also discuss the chance to combine existing central OIDC flows with mobile decentral, wallet based principles as a bridge into the new eIDAS 2.0 governance framework. The audience will get a clear understanding about requirements, opportunities and practice details to create the transition into eIDAS 2.0 identity ecosystem.

Event Recording
Customer-Driven, Digital-First, Trust & Value Based - The Future of CIAM
May 12, 2023

Data is Power. And as a popular comic superhero said, with power comes more responsibility. For companies offering digital services, the responsibility lies in storing the customer data securely. Growing number of global privacy regulations underpin this responsibility.
More and more organizations are using specialized Customer Identity and Access Management (CIAM) solutions which enable them to consolidate the data of existing customers while offering new and innovative ways to acquire new ones. CIAM tools can be used to prevent fraud, monitor suspicious activity as well as generate important business reports and statistics.
CIAM market is growing yearly but remains the most innovative in various IAM disciplines in to meet the fast-changing digital business demand. Utilizing modern, flexible, and scalable CIAM platforms will enable organizations to combine good customer experience with strong data security. Certainly, a recipe for a successful online enterprise!
This talk will give insights on how to strategize your CIAM journey and shed light on some pain points companies face when embarking on this exciting adventure.