Event Recording

From Identity Theft to Identity Threat to Identity Security

Show description
Speakers
Melissa Carvalho
Global Cyber Security Vice President
Royal Bank of Canada
Melissa Carvalho
Melissa Carvalho, RBC Global Cyber Security Vice President, leads the Cyber security Planning office and the bank’s Global Identity and Access Management group, providing cyber solutions and services for RBC’s 86,000 employees and 17 million clients. Melissa is also the Vice Chair...
View profile
Kay Chopard
Executive Director
Kantara Initiative
Kay Chopard
Ms. Kay Chopard is the newly appointed Executive Director of the Kantara Initiative, a nonprofit corporation. The Kantara Initiative is a unique global ‘commons’ that operates conformity assessment, assurance and grant of Trust Marks against de-jure standards under its Trust...
View profile
Drs. Jacoba C. Sieders
Consultant, Strategic Digital Identity
Independent
Drs. Jacoba C. Sieders
Jacoba is a digital identity expert, eager to make digital life better and a lot more secure than it is today. Keynote speaker at international IAM congresses and teacher of masterclasses.  After twenty years in leading Identity positions at four multinational banks, Jacoba now focuses...
View profile
Dr. Angelika Steinacker
CTO Identity & Access Management
IBM Security Services EMEA
Dr. Angelika Steinacker
Angelika has extensive experience in Security and Identity & Access Management. She has been working in the security industry for over 30 years and with a focus on IAM for 20 years. In her career, she has held a variety of roles in Security and IAM, including executive consulting and...
View profile
Playlist
European Identity and Cloud Conference 2023
Event Recording
Closing Keynote
May 12, 2023
Event Recording
Three Years is a Long Time in Identity
May 10, 2023

Landing in a new organisation with a declared objective to transform the way customer identity was done but no mandate was daunting. Being able to look back three years later and tick of an infrastructure consolidation, the deployment of a central authorisation solution, being on the precipice of participating in a Digital ID scheme, and having the Chief Digital Officer shouting from the rooftops about a universal login is priceless. Come along to hear me talk about some critical success factors, calculated risks, fortunate circumstances, and the incredible support of some incredible people helped make this happen. I’ll also touch on my personal journey from an engineering role to a product person to illustrate the increasing maturity levels we went through.

Event Recording
What’s Next In Enterprise Authorization
May 11, 2023

As organizations undergo digital transformation to zero-trust architectures, identity-driven security becomes a critical aspect. Beyond new authentication technologies, organizations must have strong authorization controls. Today, if and when an identity is compromised, the attacker can make lateral movements with very few restrictions and access a wide range of critical systems and information. Much of this over-permissive environment can be attributed to manual permissions management processes that are hard to maintain over time. Role-based Access Control (RBAC) and Attribute-based Access Control (ABAC), which underlie these manual processes, provide a good baseline for access security. However, their complexity grows over time and the management overhead they place oftentimes subvert the very goals of security and compliance they are deployed for. Just-In-Time Access Management (JITAM) represents a new robust and secure authorization strategy that can reduce the need for periodic access certifications and manual role administration, while providing auditability. Learn how the authorization space is rapidly changing from RBAC and ABAC to JITAM, and how it could benefit your organization.

Event Recording
The MFA Dilemma and Moving Beyond Mobile
May 10, 2023

This panel will explore the current state of multifactor authentication (MFA) and its limitations, as well as potential solutions for improving the security and user experience of MFA. We will discuss topics such as the challenges of implementing MFA, the limitations of mobile-based MFA, and alternative methods for MFA, such as biometrics and behavioral analysis. The panel will also address the future of MFA, discussing the potential for new technologies to improve security and user experience, and the role of industry and government in shaping the future of MFA. Overall, the panel aims to provide valuable insights and perspectives on the multifactor authentication dilemma and the steps needed to move beyond mobile-based solutions.

Event Recording
Identity Fabrics Maturity Levels
May 10, 2023

The term “Identity Fabrics” stands for a paradigm and concept of a comprehensive and integrated set of Identity Services, delivering the capabilities required for providing seamless and controlled access for everyone to every service. Identity Fabrics support various types of identities such as employees, partners, consumers, or things. They deliver the full range of identity services required by an organization.

Identity Fabrics are not necessarily based on a technology, tool, or cloud service, but a paradigm for architecting IAM within enterprises. Commonly, the services are provided by a combination of several tools and services, with up to three solutions forming the core of the Identity Fabric. Most organizations that are using this paradigm as a foundation for the evolution of their overall IAM tend to build on a strong core platform for delivering major features and complementing this by other solutions.

We will look at what must be in every Identity Fabric, and how to evolve from a foundational Identity Fabrics approach towards a higher level of maturity. The session will look at concrete capabilities per maturity level and service group within Identity Fabrics.

Event Recording
Legal Trust Anchors for ZTA: The eIDAS 2 Proposal and the Role of EBSI
May 11, 2023

Credential-based ZTA are a promising new approach for strengthening authentication policies, which is specially suitable for a transformed ecosystem where perimeters and boundaries have already vanished, in favour of ubiquitous access to both cloud and edge computing models. The new eIDAS 2 regulation proposal, properly implemented, will provide a legal trust anchor for these new approach, bringing legal certainty and fostering adoption. The roles of distributed ledgers as EBSI will be explored as well.

Event Recording
Weaving a Standards Framework for Non-Human Identities
May 11, 2023

We entrust workloads and devices with our most sensitive data, giving them access to far more information than the human on whose behalf it operates, if it is even operating on behalf of a human. Yet, managing these non-human identities and applying Zero Trust Policies to them is a Herculean task complicated by a heterogenous technology landscape, amplified by multi-cloud/multi-hybrid environments, exacerbated by critical skills shortages and magnified by exponential growth in workload and device identities.

It's the kind of problem standards excel at solving by creating interoperability layers between heterogenous environments, codifying the wisdom of the crowd to alleviate pressures on rare skills, and creating eco-systems of interoperable solutions that meet a common security bar.

Fortunately there are already several standards efforts that can help us manage non-human identities. But how are all these efforts related and how to we avoid replacing a patchwork of heterogenous solutions with a patchwork of heterogenous standards? Is it possible to craft a standards framework and connect all these efforts in a single identity trust fabric, and is that desirable? If we had such a framework, what would it look like?

In this talk we explore the benefits of weaving a standards framework for non-human identities by bringing together more than 18 standards from at least 7 standards bodies while identifying opportunities to align and connect them all to solve the emerging challenge of managing non-human identities at scale.

Event Recording
Moore's Law and its Seismic Impact on Risk Growth
May 09, 2023
Event Recording
Automated Serverless Security Testing: Delivering Secure Apps Continuously
May 10, 2023

Serverless technology eliminates the need for development teams to provision servers, and it also results in some security threats being passed to the cloud provider. This frees up developers to concentrate on building logic and producing value quickly. But cloud functions still execute code. If the software is written poorly, it can lead to a cloud disaster.

How can developers ensure that their code is secure enough? They can scan for common vulnerabilities and exposures (CVEs) in open-source code. They can even scan their Infrastructure-as-Code (IaC) tool to identify insecure configurations. But what about custom code? At many organizations, the application security team struggles to keep up with the speed of development in a serverless environment. Traditional testing tools not only provide very limited coverage, but also slow development cycles unacceptably. Serverless code contains a mixture of cloud configurations and application programming interfaces (API) calls. As a result, legacy solutions lack the context that is necessary in a serverless environment, and the consequence is a lack of observability and slower response times.

Fortunately, it does not have to be this way. Organizations can leverage robust security during serverless development, automatically—if it is done properly. In this talk, we will discuss common risks in serverless environments. We will then cover existing testing methodologies and why they do not work well for serverless. Finally, we will present a new, completely frictionles

Event Recording
Navigate the DR (Detection & Response) Jungle: EDR, EPDR, XDR, NDR, MDR, ITDR
May 11, 2023

ITDR: Is this really something new, given that around 80% of the cyberattacks are identity-related, from password phishing to bypassing MFA? Is it a separate discipline or just a part of XDR (Extended Detection and Response)? Or a new name for what Access Management and FRIP already do?

As always, there is something new and relevant in this. The fundamental question for many organizations will be on how to address the identity threat challenge best. Does it require new or different tools, or just a different use of what is already there? What to look for specifically? And how to reduce the risk of identity-based attacks? Is ITDR the core, or better identity protection? These questions will be answered in this session to help you navigating through the buzzword jungle.

Event Recording
Designing the New Identity Fabric
May 11, 2023

Modern applications and environments are driving a new Identity Fabric.  Are you ready to build yours?  Join Vadim Lander, Chief Technology Office and Distinguished Engineer at Broadcom Software, as he discusses the design considerations to evolving your Identity and Access Management solution to build a Zero Trust foundation and bridge the identity gap across your hybrid environment.  

Event Recording
State and Future of Digital Identity – Results from a KuppingerCole Study
May 10, 2023

KuppingerCole conducted a series of polls over the past months, gathering data about the state and future of IAM. Together with the ongoing market sizing analysis and predictions of the KuppingerCole analysts, we’ve created a study providing insight into our assessment of the current state of the IAM market as well as where we see the market evolving. Martin Kuppinger, Principal Analyst at KuppingerCole Analysts, and Marina Iantorno, Analyst at KuppingerCole Analysts, will present selected results from that study and share their perspectives on the evolution of the IAM market.