Event Recording

Prompt Engineering for Identity Security Professionals | Workshop

Show description
Playlist
European Identity and Cloud Conference 2023
Event Recording
Big Bang to the Cloud - Lessons Learned from a Successful Large-scale Production System Migration
May 10, 2023

Managing access is a critical capability for the IT infrastructure of any enterprise, especially when dealing with over 6,800 integrated applications used by millions of authentication requests. Due to the increasing demand for availability, scalability, and support for market-specific customizations, as well as the migration of more products and applications to the cloud, we had to migrate our infrastructure and application stack to the AWS cloud. This stack had been introduced in an on-premises setup in 2017 and now follows modern paradigms such as GitOps, Everything as Code, and highly automated processes based on Service Layers and ForgeRock. Our main concern was ensuring that the integrated application landscape remained functional during the migration without experiencing any impact or downtime.

During this presentation, we will share our experience and discuss the key takeaways from our successful large-scale production system migration to the cloud, including:

  • Understanding the target architecture for the migration project
  • Identifying the challenges that arise during cloud migration
  • Discovering strategies for minimizing the impact on integrated applications during the migration process.
Event Recording
Passwordless by Design ("~pbD"?) - Real-Life Experiences, Constraints, and Implications
May 10, 2023
Event Recording
Ahead of the Curve - the Customer Demands it, the Market Demands it, do You?
May 10, 2023

Companies today are being faced with business-critical yet seemingly conflicting topics; how to build trust, loyalty and personalized experiences that fuel growth in a world of fading cookies and GDPR. There has never been more urgency than now to focus on strategy and technology to meet the demands of the privacy-conscious consumer.  The collection of data and its management is core to this challenge, but current identity methods are missing the opportunity to solve it with legacy approaches and risk-based thinking. At IndyKite, we believe that facing this mounting challenge requires us to make leaps in both our thinking and technology implementations. Join us as we challenge the current operating state and discuss what the world might look like when we have the tools to power a truly customer-centric ecosystem - one where consumer data ownership and personalized services that fuel growth are no longer at odds. 

Event Recording
Legal Trust Anchors for ZTA: The eIDAS 2 Proposal and the Role of EBSI
May 11, 2023

Credential-based ZTA are a promising new approach for strengthening authentication policies, which is specially suitable for a transformed ecosystem where perimeters and boundaries have already vanished, in favour of ubiquitous access to both cloud and edge computing models. The new eIDAS 2 regulation proposal, properly implemented, will provide a legal trust anchor for these new approach, bringing legal certainty and fostering adoption. The roles of distributed ledgers as EBSI will be explored as well.

Event Recording
Past, Present and Future of the Italian Digital Identity Ecosystem
May 11, 2023

Italy has two National Digital Identity schemes, namely: SPID and CieID (leveraging the national ID card). Both of them are based on SAML2 and are on their way to supporting OpenID Connect. The reasons for this decision are numerous, and they are primarily related to OpenID Connect Core features such as flexibility, ease of implementation, better support for mobile applications, and widespread adoption, particularly in the private sector. To manage this transition, we considered several documents by the OAuth working group describing security best Current Practices and the OpenID Foundation specifying a profile for iGov and a framework for federation. In particular, the latter defines a hierarchical federation model with high security, interoperability, scalability, and transparency based on dynamic delegation mechanisms; Italy is an enthusiastic early adopter.
In this talk, we introduce the Italian OpenID Connect profile based on the iGov and federation profiles and explain the main security measures that we considered within our design from the aforementioned standards and available best current practices. We also discuss how the Italian OpenID Connect profile contributes to the iGov and OpenID Connect Federation documents. We conclude the presentation with a brief discussion of eIDAS 2.0 and some of the ongoing preliminary works in the context of the Italian digital identity ecosystem to move toward an SSI-based solution using the Italian OpenID Connect profile as a starting point.

Event Recording
Policy-Driven IGA – Why This Approach Produces Better Outcomes
May 10, 2023

IGA activities in organizations have largely been around defining access policies manually, configuring access request workflows and scheduling periodic access reviews.  Such activities require significant administration as well as continuous involvement by stakeholders.  There are also delays that come with this model that could potentially cause security risk and non-compliance in the organization.  An approach that is more intuitive is to discover policies, review them and apply access changes based on policies. This results in fewer IGA administrative and end-user activities for the organization while ensuring that both excess access and under access are addressed in a timely manner.

Event Recording
Navigating the Complexities of User and Group-Focused Authorization in Modern Applications
May 10, 2023

Authorization in modern applications is becoming increasingly complex, particularly when it comes to managing access to resources at the individual user and group levels. OAuth has become a widely-used standard for granting access to resources on behalf of a user, but it is not well-suited for these more nuanced use cases. In this talk, we will explore the confusion surrounding the use of OAuth for user and group-focused authorization in applications. We will discuss the standard meaning of authorization in OAuth, which is to grant access for an application to call APIs on behalf of the user, and how misusing OAuth for this purpose can lead to bad architecture and bloated JWT tokens. We will also introduce alternative standards like UMA (User-Managed Access) and GNAP (Group-Based Nested Access Protocol) as potential solutions for user and group-controlled resource delegation. These standards provide a more fine-grained and dynamic approach to access control and can be integrated with policies created by a PBAC (Policy-Based Access Control) server for a more comprehensive solution. Attendees will leave with a better understanding of the limitations of OAuth for user and group-focused authorization, and with a clear understanding of the potential of UMA and GNAP as solutions for these use cases.

Event Recording
Beyond Zero Trust to Achieve Zero Friction
May 11, 2023

Regulatory bodies, government agencies, and CIOs are mandating Zero Trust as a cyber security framework. What does Zero Trust mean for your security strategy? With a Zero Trust security model, nobody is trusted automatically, even when they’ve cleared the perimeter. Instead, all identities are verified, minimum access is granted based on context, and activities are monitored to make sure controls are working as expected. The Zero Trust model requires multiple security controls throughout an IT environment to protect and manage identities, devices, networks, applications, and data. This session will take you through the reality check of where Zero Trust started, how it has evolved over the years and what does it really mean for your organization today.

Event Recording
Zero Trust with Zero Buzz
May 11, 2023

The objective of the talk is to:

  1. (10%) Clear out the noise around Zero Trust: why Zero Trust has became a buzzword
  2. (20%) Define Zero Trust
  3. (60%) Set the journey:
    • how can we implement Zero Trust?
    • where to start? how to do it?
    • what are the building blocks?
    • building blocks stages and maturity?
  4. (10%) How can Zero Trust protect us against today's threats.
Event Recording
Open Banking and Open Data - Global State of Play. Current Trends and Recent Developments
May 10, 2023

Open Banking is a true global movement that has already been implemented in many countries and being implemented in many others in the next few years. While the overall objective of Open Banking is the same, every implementation is different. This session will provide an overview of analysis of different ecosystems, different approaches to implementation, industry standards used, best (and worst) practices and potential future developments.

Identity and API security are key building blocks for any trust ecosystem supporting Open Banking. We will explore why every Open Data project becomes an identity initiative.

Event Recording
The Yin and Yang of Zero Trust Policy-Based Automation
May 09, 2023

Today’s IT leaders are challenged to secure their complex multi-Cloud hybrid organizations while dealing with a severe cybersecurity skills gap and record levels of burnout and dissatisfaction from existing team members. The only way to overcome this challenge is more intelligent and pervasive automation to enforce policies governing access and behavior. IGA traditionally focuses on positive policies to grant access where appropriate, while Risk Management, as the other side of the coin, defines the negative; access, behaviors, and configurations to be prevented or at least identified and mitigated. In this talk, we’ll review how policies for granting and preventing access are complementary and form a balanced Yin and Yang for automation toward a Zero trust model.

Event Recording
Zero Trust: Where do We Want to be in Five Years?
May 11, 2023

The digital-first customer experience and remote-first workforce pushed zero trust from buzzword to reality. And yet, much of the conversation is still heavy on theory and light on practice. Cyentia completed a global study of high-level practices which measurably contribute to a more successful cybersecurity program based on a rigorous survey of nearly 5,000 practitioners. Within that study, we analyzed commonalities of organizations implementing and operating Zero Trust. Let's look closely at where we are today.

Now imagine it is 2028. You’re five years into your Zero Trust transformation. People like it and usability has improved. Defensibility is better, too, with a number of attacks having been stopped over the past couple years. But then, in 2028, you get the call. There’s been a security breach. What happened!? This session will explore the future with a pre-mortem on how breaches will look under a Zero Trust architecture.