Event Recording

Passwordless For the Masses

Speakers
Eve Maler
CTO
ForgeRock
Eve Maler
Eve Maler is ForgeRock’s CTO. She is a globally recognized strategist, innovator, and communicator on digital identity, security, privacy, and consent, with a passion for fostering successful ecosystems and individual empowerment. She has 20 years of experience innovating and leading...
View profile
Rolf Steinbrück
Senior Solutions Engineer
Yubico
Rolf Steinbrück
Rolf Steinbrück is a Senior Solutions Engineer in DACH and CEE at Yubico. Before joining the company, Rolf worked at Sophos for over 17 years. There, he was responsible as Professional Services Manager for the EMEA region. Rolf holds more than 28 years of experience in the field of IT...
View profile
Sadrick Widmann
CEO
cidaas
Sadrick Widmann
Sadrick Widmann joined the company to transform his management and IT talent into a compelling and intelligent customer solution. As the CEO of Widas ID, together with Yael Widmann he is responsible for the innovative Cloud Identity & Access Management System – cidaas.
View profile
Playlist
European Identity and Cloud Conference 2023
Event Recording
Reducing Complexity – Introducing a Practical Model for Security Classifications
May 11, 2023

Practical Cyber Security Architecture: Reducing complexity – Introducing a practical model for security classifications. Building and running cyber security in both worlds modern cloud security in combination with legacy on premises introduces extra complexity.  Some of the well-known security patterns and models are not applicable in cloud systems while the modern security models like zero trust barely  fit in legacy systems. Based on a model for security classification we will explore some practical methods for reducing complexity in modern cyber security.

Event Recording
Automated Serverless Security Testing: Delivering Secure Apps Continuously
May 10, 2023

Serverless technology eliminates the need for development teams to provision servers, and it also results in some security threats being passed to the cloud provider. This frees up developers to concentrate on building logic and producing value quickly. But cloud functions still execute code. If the software is written poorly, it can lead to a cloud disaster.

How can developers ensure that their code is secure enough? They can scan for common vulnerabilities and exposures (CVEs) in open-source code. They can even scan their Infrastructure-as-Code (IaC) tool to identify insecure configurations. But what about custom code? At many organizations, the application security team struggles to keep up with the speed of development in a serverless environment. Traditional testing tools not only provide very limited coverage, but also slow development cycles unacceptably. Serverless code contains a mixture of cloud configurations and application programming interfaces (API) calls. As a result, legacy solutions lack the context that is necessary in a serverless environment, and the consequence is a lack of observability and slower response times.

Fortunately, it does not have to be this way. Organizations can leverage robust security during serverless development, automatically—if it is done properly. In this talk, we will discuss common risks in serverless environments. We will then cover existing testing methodologies and why they do not work well for serverless. Finally, we will present a new, completely frictionles

Event Recording
Trust No One, Always Verify
May 11, 2023

Cybercriminals no longer “hack” in – they simply log in. Once inside, they hunt for privileged accounts. A vast majority of breaches today are due to the abuse of stolen privileged accounts. Privileged accounts are very powerful but at times, anonymous and shared. Learn how to take control of Privileged Access to ensure that your most valuable asset - your data - is protected.

Event Recording
EUDI Wallet - Critical Success factors for Digital Single Market and Private Sector Use
May 10, 2023

Why the private sector is the major milestone for the European Identity Wallet to succeed ? Let’s discuss:
• Will the current EUDI-wallet enable or hamper eg the banking sector in future (in relation to KYC, Strong Customer Authentication, Payments, ….)?
• Which standards are the right ones to enable eg the travel / mobility sector (mdoc, icao, verifiable credentials)? Which give the most added value?
• How will current private sector wallets at large --like those used in ecommerce-- interact with the EUDI whilst ensuring citizen privacy-by-design?
• Which technologies are at hand to keep our wallets secure and combat identity theft/fraud/threats when Europe has no control over those mobile devices?

Event Recording
All the IAMs - Modern Convergence of Digital Identity for Different Populations
May 09, 2023
Event Recording
European Identity & Cloud Awards Ceremony
May 10, 2023
Event Recording
Market Overview: Privileged Access Management Solutions & the Pamocracy
May 11, 2023

In this session, KuppingerCole´s Paul Fisher will give an overview of the market for Privilege Access Management (PAM) platforms and provide a compass to help buyers find the product that best meets their needs. KuppingerCole examines the market segment, vendor capabilities, relative market share, and innovative approaches to providing PAM solutions. He will also explain how the new Pamocracy is affecting the market.

Event Recording
Ethics in Security Design - For Digital Identity
May 11, 2023

Digital Identity and Security solutions impact our environment, typically in a positive and securing manner. However research shows that increasingly digitization of identity services, for digital identity, also exclude and harm individuals.
In this presentation Henk will detail his research into the impact of digital identity solutions on nation state level and how to start involving ethics in the design and implementation of these solutions.
The findings also apply to designing and implementing security solutions for other purposes than digital identity.
The approach to engage with ethical conversations during design will be explained theoretically, linking to the background of Value Sensistive Design (https://en.wikipedia.org/wiki/Value_sensitive_design) and made practical by case studies of Ethics in Security Design.
Henk has been researching the ethics of digital identity at Leiden University, NL, in 2022.

Event Recording
What’s Hot at the OpenID Foundation | Workshop
May 09, 2023

OpenID Foundation leaders and contributors will brief the EIC community on the latest progress and outlook for the OpenID Foundation. As part of this workshop we will cover: 

  • The identity landscape
  • The Foundation’s 2023 strategy
  • New partnerships and liaisons
  • Headlines from the Foundation’s latest whitepapers on Government, Privacy and IoT
  • Briefs on Working Group and Community Group progress and outlook
  • Deep dives on key issues facing the community - for your input!

Please join us early to be part of the conversation. Workshop presenters include Nat Sakimura, Gail Hodges, Kristina Yasuda, Torsten Lodderstedt, Tim Cappalli and others.

Event Recording
Reduce Certification Fatigue with Effective Role Management
May 10, 2023

IAM and security leaders end up certifying far more access than necessary, owing to a failure to classify business resources. Furthermore, business users pay the price because they must spend an inordinate amount of time filling out these lengthy surveys. Benoit will show how to reduce certification fatigue through robust role management, which helps business users achieve better results while taking less time out of their day.

Event Recording
EU Wallet – eIDAS 2.0: The New European Identity Framework is a Gamechanger
May 10, 2023

The existing eIDAS governance framework for digital identity is fragmented for different regulated markets in different EU countries. Today identity provider solutions for finance, healthcare and other regulated markets follow central approaches for the management of identities and consent in high secure data center environments and using legacy standards (e.g. OIDC, central public key infrastructure).

eIDAS 2.0 creates a EU wide identity ecosystem with adapted new standards, new stakeholders and a focus on using mobile devices. The existing roadmap allows to anticipate three to five years (or more) transition. For banking, insurance, healthcare or the public sector it is time to adopt these standards in their digital transformation strategy.

Based on the Gematik requirements for a federated identity provider with central OIDC compliant resource and authorization server Comuny shifted relevant identity provider functions (data storage + token generation) on the mobile device.

The speakers will describe challenges and solutions for this regulated market. They also discuss the chance to combine existing central OIDC flows with mobile decentral, wallet based principles as a bridge into the new eIDAS 2.0 governance framework. The audience will get a clear understanding about requirements, opportunities and practice details to create the transition into eIDAS 2.0 identity ecosystem.

Event Recording
Why Active Directory is the Prime Cyber attack Target - and what to do about it!
May 10, 2023

For more than two decades, Microsoft Active Directory (AD) has been the de facto method organizations use to authenticate and authorize users for access to computers, devices, and applications within a company’s network. Most companies still rely on it and have further extended its reach into the cloud by synchronizing their on-prem AD with the Microsoft Azure AD to allow proper SSO to cloud-applications by their users. AD is celebrated for its extensive compatibility with various applications and Windows editions, but that compatibility comes with security downsides.

Compromises of Active Directory can occur as an entry point leading to a further attack or can arise at various other points along the kill-chain following an initial compromise via some other mechanism. Even in cases where a compromise is gained following an attack on applications or infrastructure directly, it is frequently infeasible for an attacker to progress further without elevating privileges, making Active Directory a primary target in an overall breach strategy.

It is therefore important that Active Directory defense tools are paired with a wider Zero Trust and XDR approach to provide full visibility over organizational infrastructure, enabling security teams to accurately identify the point of origin of an attack, and to perform the containment and remediation actions required to neutralize and prevent reoccurrence of an attack.

Join Principal Technologist, Guido Grillenmeier, to discuss AD access points used in recent cyberattacks, security risks to watch for in managing AD with Azure AD, how to look for warning signs that AD has been compromised and steps to take in the event of an attack.