Event Recording

Validating the Security of Mobile Authentication Apps

Show description
Speaker
Petteri Ihalainen
Senior Specialist
National Cyber Security Centre, Finland
Petteri Ihalainen
Mr. Ihalainen has extensive information security background having worked for organizations like SSH Communication Security, Ubisecure, EU Commission, Gemalto, and GlobalSign. During his career, he has participated in cutting edge initiatives and digital identity programs in various roles. He's...
View profile
Playlist
European Identity and Cloud Conference 2023
Event Recording
Market Overview: Passwordless Authentication
May 10, 2023

This session will provide an overview of the market for Passwordless Authentication products and services and will present a compass to help you to find the Passwordless Authentication product or service that best meets your customers, partners, or workforce needs. KuppingerCole´s Alejandro Leal recently published a Leadership Compass for Passwordless Authentication and examined the market segment, vendor product and service functionality, relative market share, and innovative approaches to providing Passwordless Authentication solutions.

Event Recording
Beyond Zero Trust to Achieve Zero Friction
May 11, 2023

Regulatory bodies, government agencies, and CIOs are mandating Zero Trust as a cyber security framework. What does Zero Trust mean for your security strategy? With a Zero Trust security model, nobody is trusted automatically, even when they’ve cleared the perimeter. Instead, all identities are verified, minimum access is granted based on context, and activities are monitored to make sure controls are working as expected. The Zero Trust model requires multiple security controls throughout an IT environment to protect and manage identities, devices, networks, applications, and data. This session will take you through the reality check of where Zero Trust started, how it has evolved over the years and what does it really mean for your organization today.

Event Recording
The Human Factor & Access Governance
May 11, 2023

One of the fundamental problems of identity and access governance lies in very unclear relationships between real business needs, access policies and decision making about allowing certain action on the assets. For years we are trying to develop access policies which at the same time corresponds to business expectations, digital security rules and regulations, and people-centric to minimize deviations.
In this session, we will discuss human factor in IGA program and how to provide human factor analytics in access governance using new three-dimensional model called NPR (need, policy and resolution). We will show how NPR reports will help the organization to determine necessary adjustments of the policies and their implementation in Identity Governance workflows and processes to improve maturity, decrease risk of breaches, policy deviations by users and cost of managing and enforcing policies also known as Costidity. We will also show the sample reports based on data from higher education customer.

Event Recording
Decentralized Identity: The Way Forward
May 10, 2023

Decentralized Identity is enabling individuals and organizations to have control over their own personal data, providing self-sovereignty, privacy and security. But, is a relatively new concept with high development and standardization dynamics. In this session we will look into what we should do today to take full advantage of this promising concept.

Event Recording
Finding the Signal Through the Noise in Web3(++) Identity
May 11, 2023

2022 brought a lot of activity in web3/crypto identity solutions: Soul Bound Tokens, Verifiable Credentials, and even web5?! In this year-in-review we'll examine the varying approaches, the problems they were trying to solve, and discuss how this can inform all of our user-centric identity efforts.

Event Recording
Policy-Driven IGA – Why This Approach Produces Better Outcomes
May 10, 2023

IGA activities in organizations have largely been around defining access policies manually, configuring access request workflows and scheduling periodic access reviews.  Such activities require significant administration as well as continuous involvement by stakeholders.  There are also delays that come with this model that could potentially cause security risk and non-compliance in the organization.  An approach that is more intuitive is to discover policies, review them and apply access changes based on policies. This results in fewer IGA administrative and end-user activities for the organization while ensuring that both excess access and under access are addressed in a timely manner.

Event Recording
Adaptive Protection for Identities
May 10, 2023

Decentralized Identity protection is important in data collaboration because it helps to protect the privacy and security of individuals and organizations involved in the supply chain. By ensuring that only authorized individuals have access to sensitive information, identity protection helps to prevent data breaches and other security incidents.  A chain of trust establishes a series of checks and verifications that ensure that the data being shared is accurate and trustworthy. This is critical in the context of supply chain regulations, where inaccurate or incomplete information can have serious consequences for compliance and risk management.

In the second part of the talk, we will explore the concept of adaptive protection for identities in Microsoft Purview. By using a combination of machine learning, behavioral analysis, and risk-based decision making, we can create a dynamic system that adapts to new threats in real time. This approach offers a more proactive and effective way to safeguard identities, and can be applied across a range of industries and contexts. Together, we can work to develop a more robust and resilient digital identity ecosystem that protects individuals and organizations alike.

Event Recording
Urban Planning and Identity with Slime Mold or: How I learned to Stop Worrying and Learn from the Blob
May 10, 2023

In 1994, Italian physicist Cesare Marchetti discovered something: cities expand as a function of transportation speed. In short, “transportation is the lifeblood of a city.” Innovation in transportation has driven the expansion of cities—from small, walkable areas to the sprawling, car-based metropolises, presenting a challenge for urban planners.

Identity in the modern organization faces a similar challenge: if transportation is the lifeblood of cities, then identity is the lifeblood of organizations. And our organizations are not ancient, walkable Rome, but modern, sprawling Atlanta—with identities and resources widely strewn around the globe.

Like urban planners, we face a nearly-intractable challenge: how can we provide access to resources and data easily while still meeting the stringent demands of security and compliance?

Thankfully, there appears to be a solution for both urban planning *and* identity, albeit from an unexpected source: Ordinary slime mold. Aka, “The Blob.”

We’ll learn from this simple organism, describe how its simple actions create complex systems that solve these sorts of “unsolvable” problems, and see how the Blob might “think” about identity.

Event Recording
What’s Hot at the OpenID Foundation | Workshop
May 09, 2023

OpenID Foundation leaders and contributors will brief the EIC community on the latest progress and outlook for the OpenID Foundation. As part of this workshop we will cover: 

  • The identity landscape
  • The Foundation’s 2023 strategy
  • New partnerships and liaisons
  • Headlines from the Foundation’s latest whitepapers on Government, Privacy and IoT
  • Briefs on Working Group and Community Group progress and outlook
  • Deep dives on key issues facing the community - for your input!

Please join us early to be part of the conversation. Workshop presenters include Nat Sakimura, Gail Hodges, Kristina Yasuda, Torsten Lodderstedt, Tim Cappalli and others.

Event Recording
City of The Hague: Adding Access Control to Microservice Architectures for ZTA
May 10, 2023

The Common Ground movement of the Dutch municipalities is developing innovative solutions for greater interoperability. An important part of this is the data landscape, where functionality is accessed through microservice API’s. In the analysis of this architecture, one aspect is barely touched upon: The Access Control aspect in API’s is not appropriately co-developed.

The Municipality of The Hague has performed a Proof Of Architecture (the POA) to demonstrate that it is possible to unlock an existing API in which access is not explicitly modeled, or that still uses traditional Role Based Access Control methods internally, restricting interoperability across contexts.

The POA is done in an effective and efficient way through innovative 'zero trust architecture' concepts, such as Policy Based Access Control. Security and privacy are thus demonstrably realized in accordance with legal requirements. The POA proves that it is technically feasible to add input-filtering of access requests to ignore the restricting RBAC method and thereby open doors for municipalities for interoperability in an autonomous and secure way.

During the presentation the working principles of API access from a perspective of Identity & Access Management are explained, but also how these principles can be applied in practice in an existing application landscape.

The presentation will be a joint presentation between the lead architect of the City of The Hague, Jan Verbeek, and access strategist André Koot.

Event Recording
Market Overview: Secure Access Service Edge (SASE)
May 11, 2023

The term secure access service edge (SASE) has become popular in recent months and has been adopted by numerous vendors. SASE stands for a concept that integrates a range of cloud-native security services including cloud access security brokers (CASB), firewall as a service (FWaaS), secure web gateways (SWG), and zero-trust network access (ZTNA), with wide-area network (WAN) capabilities for delivering both directly to any edge computing location. In this session, KuppingerCole´s John Tolbert will give an overview of the market for SASE solutions and provide a compass to help buyers find the product that best meets their needs. KuppingerCole examines the market segment, vendor capabilities, relative market share, and innovative approaches to providing SASE solutions.

Event Recording
Closing Keynote
May 12, 2023