Event Recording

Street Cred: Increasing Trust in Passwordless Authentication

Show description
Speaker
Wolfgang Goerlich
Advisory CISO
Cisco
Wolfgang Goerlich
J. Wolfgang Goerlich is an Advisory CISO for Cisco Secure. Prior to this role, he led IT and IT security in the healthcare and financial services verticals. Wolfgang has held VP positions at several consulting firms, leading security advisory and assessment practices. He is an active part of the...
View profile
Playlist
European Identity and Cloud Conference 2023
Event Recording
Wallets as a New Class of Super Apps in the Financial Industry and Beyond
May 11, 2023

Open banking has changed our world, enabling citizens and businesses to create a holistic view of our financial lives. “Superapps” will combine our digital identities with other domains.

Imagine a future where we can view, add, update, or remove our digital identity attributes as easily as we can manage these credentials in our physical wallets today. Further imagine that through the same lens, we can view and control which people and businesses have access to what identity data, for how long and for what purpose and attend to our financial business. “Superapps” will enable us to do exactly that as well as enable us to minimize attributes shared to suit the situational needs.

Beyond the self-evident value to us in terms of ease of use and control, imagine the efficacy that this approach will have on culling fraud when there is no need to expose all of our details with every interaction in the digital universe. Join the conversation to understand what public, private, and standards initiatives are available today and how these need to expand in support of “Superapps”.

Event Recording
Decentralized Identity: The Way Forward
May 10, 2023

Decentralized Identity is enabling individuals and organizations to have control over their own personal data, providing self-sovereignty, privacy and security. But, is a relatively new concept with high development and standardization dynamics. In this session we will look into what we should do today to take full advantage of this promising concept.

Event Recording
A Sovereign Cloud for the German Government
May 11, 2023

You will learn about the Sovereign Cloud for the German Government, this solution is based on Azure and operated by Delos Cloud Gmbh

Event Recording
Zero Trust with Zero Buzz
May 11, 2023

The objective of the talk is to:

  1. (10%) Clear out the noise around Zero Trust: why Zero Trust has became a buzzword
  2. (20%) Define Zero Trust
  3. (60%) Set the journey:
    • how can we implement Zero Trust?
    • where to start? how to do it?
    • what are the building blocks?
    • building blocks stages and maturity?
  4. (10%) How can Zero Trust protect us against today's threats.
Event Recording
Weaving a Standards Framework for Non-Human Identities
May 11, 2023

We entrust workloads and devices with our most sensitive data, giving them access to far more information than the human on whose behalf it operates, if it is even operating on behalf of a human. Yet, managing these non-human identities and applying Zero Trust Policies to them is a Herculean task complicated by a heterogenous technology landscape, amplified by multi-cloud/multi-hybrid environments, exacerbated by critical skills shortages and magnified by exponential growth in workload and device identities.

It's the kind of problem standards excel at solving by creating interoperability layers between heterogenous environments, codifying the wisdom of the crowd to alleviate pressures on rare skills, and creating eco-systems of interoperable solutions that meet a common security bar.

Fortunately there are already several standards efforts that can help us manage non-human identities. But how are all these efforts related and how to we avoid replacing a patchwork of heterogenous solutions with a patchwork of heterogenous standards? Is it possible to craft a standards framework and connect all these efforts in a single identity trust fabric, and is that desirable? If we had such a framework, what would it look like?

In this talk we explore the benefits of weaving a standards framework for non-human identities by bringing together more than 18 standards from at least 7 standards bodies while identifying opportunities to align and connect them all to solve the emerging challenge of managing non-human identities at scale.

Event Recording
AI & Identity - Perspectives and Use Cases
May 11, 2023
Event Recording
Cyber-Defense Strategies to Protect Cloud Resources & Identities
May 10, 2023

Cyberattacks continue to increase in volume and sophistication, targeting everything owned, managed, and serviced from the cloud. Attackers have also realigned their efforts, focusing on staying undetected, quickly monetizing exploitations, and publicly shaming organizations after successful breaches. BeyondTrust Chief Security Officer (CSO), Morey J. Haber will offer best practices for minimizing these increasingly exploited cloud attack vectors. Join him to learn cutting edge strategies for building the optimal cloud defense for your organizations unique cloud environment and identities.

Event Recording
EU-US Data Transfers - Where are we now?
May 10, 2023
Event Recording
Orchestrating Zero Trust - "Detect, Decide, Direct"
May 10, 2023

The Zero Trust paradigm, the approach of eliminating inherent trust in an IT architecture and always verifying, has been discussed for over a decade. It is well known that Zero Trust is a team sport, with Identity in the center. The many components, from IGA to Device Management, Network-segmentation to contextual awareness and beyond can be fulfilled by as many vendors, bearing the question about how to integrate these for a secure and convenient user experience. While there may be integrations available for some components, they will most likely be disjointed and/or require custom development, making it a challenge to be agile and innovative.

An alternative to the described problem would be Orchestrating Zero Trust, applying the approach of "Detect, Decide, Direct". Through Orchestration the task of gathering all signals and relevant information (Detect) for an appropriate authorization decision (Decide), and continuing with the proper next step(s) (Direct) can be fulfilled in a flexible manner, facilitating customization in a future proof manner.

In this session we will describe the "Detect, Decide, Direct" approach and see how Orchestration can be a key enabler of Zero Trust.

Event Recording
Closing Keynote
May 12, 2023
Event Recording
Trust Inspiring CIAM – Essentials for a Secure, Experience-Driven Digital Business
May 12, 2023

Confusing Customer Identity Management (CIAM) with traditional Enterprise IAM comes at a high price: Applying internal regulatory compliance requirements and heavy security challenges to customer-focused interactions could easily limit user experience in a way that it measurably affects your digital business success, with dropped or interrupted transactions. Building Identity & Access around your customers' needs requires a profoundly different approach, which is on the one hand a trust-driven interaction experience with your brand, and on the other hand, complies with KYC and Cybersecurity requirements. In this session, we will give you an overview on the current state of CIAM and future developments you should include in your considerations before deciding on how to move forward.

Event Recording
3 Dimensions of Digital Sovereignty
May 09, 2023

Digital sovereignty has become an important topic for individuals as well as a strategic issue for countries and businesses, allowing them to operate in an environment that they trust and can control. This necessitates technology that is not overly reliant on third parties, where there is a risk of misuse of trust or non-compliance.

In this session, we will explore 3 dimensions of digital sovereignty related to identity:

  • Sovereignty of the Individual: The need to protect the individual has triggered privacy laws around the world, like GDPR. Providing end users with more control is now taken one step further with the adoption of the so-called "Self-Sovereign identity (SSI)" and "identity wallets." With SSI, users are in powerful control of their personal data, resulting in a privacy-first user experience.
  • Geopolitical Sovereignty: According to geopolitical sovereignty, data about citizens is subject to the laws and governance of the nation or state to which they belong. As data and the behavior of people become more valuable for countries, the transfer of data is regulated by laws like the US Cloud Act and GDPR. Compliance with cross-border data transfers is becoming more important than ever. 
  • Organisational Sovereignty: Organizations want to protect the interests of their employees, gig workers, customers, and business ecosystem. They also have to comply with multiple data sovereignty laws in various countries (for example, Schrems II, CCPA, LGPD, and so on). This leads to questions like, "Where is my data?" "Who has access?" and "Who holds the keys?" The more global organizations are, the more complex this process is due to the numerous local regulations they have to follow.