Event Recording

The Ubiquitous Credential - Government-issued Identity in Your Phone

Show description
Speakers
Heather Flanagan
Principal
Spherical Cow Consulting
Heather Flanagan
Heather Flanagan, Principal at Spherical Cow Consulting, comes from a position that the Internet is led by people, powered by words, and inspired by technology. She has been involved in leadership roles with some of the most technical, volunteer-driven organizations on the Internet, including...
View profile
Mike Kiser
Director, Strategy and Standards
SailPoint
Mike Kiser
Mike Kiser has held a panoply of industry positions over the past 20 years—from the Office of the CTO to Security Strategist to Security Analyst to Security Architect—that might imply otherwise. In spite of this, he has designed, directed, and advised on large-scale security...
View profile
Playlist
European Identity and Cloud Conference 2023
Event Recording
Authorization Trends in the Era of Zero Trust & Web 3
May 10, 2023

In this Session we will look at the business and security benefits of moving to policy-based access controls (PBAC), how this supports a Zero Trust approach to security, and how PBAC can be practical and scalable in hybrid and multi-cloud IT environments. We will look at some of the main authorization use cases that are driving change in enterprise architecture teams. We will also share recommendations on how organizations can improve security, enhance brand trust, and deliver better user experiences.

Event Recording
Running Machine Learning Analytics On Traces
May 11, 2023

Let’s do things differently. To start with, let us view logs and traces as no different from any other data. The data an application indirectly generates when in use (the logs and traces) is no different from the data an application directly works with (input and output). So let’s keep them all together in a scalable cloud storage repository. Once it is there, it is just like any other big data. We need to analyze and apply intelligent monitoring to detect situations of interest. So we need to apply trained ML models to a stream of such data for immediate alerting when the traces indicate an unwanted behavior occurring or brewing. This talk will show how to harness existing technologies to do just that.

Event Recording
Sri Lanka's Digital ID Program (National ID Implementation based on MOSIP)
May 12, 2023

Sri Lanka has successfully implemented a Digital ID POC based on the MOSIP platform.

Integration of all the platform components, from identity authentication to authentication services, to create an effective and efficient system with live use-cases.

Event Recording
Market Overview CIAM: Customer Identity & Access Management
May 12, 2023

This session provides an overview of the CIAM solution market and provides you with a compass to help finding the solution that best meets your needs. In a recent Leadership Compass, KuppingerCole´s Senior Analyst John Tolbert examined the CIAM market segment, product/service functionality, relative market share, and innovative approaches to providing SOAR solutions.

Event Recording
The Human Impact of Identity – Women in Identity Code of Conduct
May 11, 2023

Women in Identity strongly believes there is a need for a global Identity Code of Conduct to address identity exclusion—being excluded from access to identification credentials — that subsequently leads to exclusion from financial services and products.

The Women in Identity team are half way through their research project with the current phase focused on the development of the code of conduct.

This panel will share early look at the guiding principles that will ensure all users of digital identity systems have a consistent and high-quality user experience.

Event Recording
What’s Next In Enterprise Authorization
May 11, 2023

As organizations undergo digital transformation to zero-trust architectures, identity-driven security becomes a critical aspect. Beyond new authentication technologies, organizations must have strong authorization controls. Today, if and when an identity is compromised, the attacker can make lateral movements with very few restrictions and access a wide range of critical systems and information. Much of this over-permissive environment can be attributed to manual permissions management processes that are hard to maintain over time. Role-based Access Control (RBAC) and Attribute-based Access Control (ABAC), which underlie these manual processes, provide a good baseline for access security. However, their complexity grows over time and the management overhead they place oftentimes subvert the very goals of security and compliance they are deployed for. Just-In-Time Access Management (JITAM) represents a new robust and secure authorization strategy that can reduce the need for periodic access certifications and manual role administration, while providing auditability. Learn how the authorization space is rapidly changing from RBAC and ABAC to JITAM, and how it could benefit your organization.

Event Recording
What to Consider When Selecting your Managed Identity Fabric
May 10, 2023

IDaaS, the SaaS-delivered IAM, helps organizations   releasing themselves from a considerable part of the burden that IAM brings. They don’t need to care for software installation and running servers. However, IDaaS is only part of the answer  here. Customers still must   managed and run their IAM environment.

This is where MSPs (Managed Service Providers) and their services come in . They help the organizations in managing major parts of IAM, from onboarding of systems to customization and configuration, but also for a good share of the business-oriented aspects.

MSPs also can help organizations in providing a real IDaaS in the sense of customers/tenants just ordering services, without even caring about the technology below. They buy the services delivered by an Identity Fabric that is built and run by their service provider (which then again might rely on one or more SaaS services).

In this panel, we will discuss how such a “managed Identity Fabric” can look like and what this means to both the MSPs and their tenants. We’ll specifically focus on what distincts such a managed Identity Fabric from just a standard IDaaS offering, and from a MSP operating the IAM the customer already has in place. We’ll discuss the main criteria and capabilities for selecting the managed Identity Fabric.

Event Recording
Cyber Insurance Claims & Denials
May 12, 2023
Event Recording
How to Get Your Cyber Insurance, Bring Down the Premium and Up the Coverage
May 12, 2023

More and more it becomes difficult to Insure yourself against a Cyber attack. Understanding all the different vectors of your risk posture, the flood of different tools and checklists that need to be taken into account and the way to consolidate this risk into an overarching risk dashboard is an immense challenge for CISO's, Risk Managers and their senior leadership. Because of this major challenge and a non-standard way of calculating the risk; more and more Insurance companies are putting a high demand on the information provided in order to get a proposal for a Cyber Insurance and then, if and when a Cyber Insurance is offered, the premiums and coverage become another big challenge and financial burden on companies.

The presentation will highlight these challenges and will provide hints and tips on how to deal with this problem, ensuring to get Cyber Insurance at the lowest possible premium and with the highest coverage.

Event Recording
FIDO 2: Zero Trust in Action with Passwordless Phishing Resistant Authentication
May 10, 2023

By now, organizations are well aware of the need for better protecting data and application with modern access management and authentication.
Thales and Microsoft partner to help organizations going passwordless to fight against phishing attacks. Thales and Microsoft experts Sarah Lefavrais and Thomas Detzner will talk about the role of Fido and other phishing resistant authentication methods like CBA in achieving Zero Trust approach.

Event Recording
Ethics in Security Design - For Digital Identity
May 11, 2023

Digital Identity and Security solutions impact our environment, typically in a positive and securing manner. However research shows that increasingly digitization of identity services, for digital identity, also exclude and harm individuals.
In this presentation Henk will detail his research into the impact of digital identity solutions on nation state level and how to start involving ethics in the design and implementation of these solutions.
The findings also apply to designing and implementing security solutions for other purposes than digital identity.
The approach to engage with ethical conversations during design will be explained theoretically, linking to the background of Value Sensistive Design (https://en.wikipedia.org/wiki/Value_sensitive_design) and made practical by case studies of Ethics in Security Design.
Henk has been researching the ethics of digital identity at Leiden University, NL, in 2022.

Event Recording
Building a Rich Workload Identity Stack with SPIFFE and OPA
May 11, 2023

What’s the highest value platform feature you can offer your Kubernetes tenants? It might be standardizing workload identity and policy controls. In this session, we will discuss desirable properties for a workload identity and present a modern architecture built on SPIFFE and cert-manager which uses Open Policy Agent (OPA) for policy decisions. This should leave you with actionable ideas to help you re-evaluate your workload identity functionality and security posture.