Event Recording

Zero Trust Applied for Access Management - How to Control and Monitor the User Access

Show description
Speaker
Alfredo Luiz dos Santos Junior
Senior IAM Architect
Farfetch
Alfredo Luiz dos Santos Junior
24 years of IT experience with Security, Enterprise Architecture, and Systems Development; Security and Development Book Writer; Identity Management Projects in companies like CA, IBM, Novell, Claro and Tim Celular;
View profile
Playlist
European Identity and Cloud Conference 2023
Event Recording
Disruption Time? How to Approach and Embrace Decentralized Identity Inside the Enterprise
May 11, 2023

Decentralized Identity is about to change the way we do IAM in enterprises. It is not just about the C-identities (consumers, customers, citizens). This raises two questions: What do to differently in IAM, to leverage the potential of decentralized identities? And what not to do anymore, because it is becoming legacy? IAM, without any doubt, will change fundamentally. But is it about rip-and-replace of IAM and in particular IGA, or about complementing it? In this panel,  we dive into this decentralized lake of innovation, new standards, products, vendors and start-ups in order to find out how to benefit from DIDs in the enterprise.

Are there interoperability models and how could a longer-term migration scenario look like? What about Identity Workflow Orchestration? Join this great panel session to discuss the way forward for workforce identity.

Event Recording
Building a Secure Digital Experience Without Friction
May 10, 2023

As the number of digital touchpoints in the customer journey increases, IT teams rely on customer identity to optimize security and user experience. However, ensuring one doesn't overshadow the other often requires multiple integrations and custom development, creating internal friction and slowing innovation.

In this talk, Sadrick Widmann, CEO at cidaas, will explain how to remove barriers and improve cross-functional collaboration to bring seamless, secure customer experiences to market faster.

Event Recording
How to Get Your Cyber Insurance, Bring Down the Premium and Up the Coverage
May 12, 2023

More and more it becomes difficult to Insure yourself against a Cyber attack. Understanding all the different vectors of your risk posture, the flood of different tools and checklists that need to be taken into account and the way to consolidate this risk into an overarching risk dashboard is an immense challenge for CISO's, Risk Managers and their senior leadership. Because of this major challenge and a non-standard way of calculating the risk; more and more Insurance companies are putting a high demand on the information provided in order to get a proposal for a Cyber Insurance and then, if and when a Cyber Insurance is offered, the premiums and coverage become another big challenge and financial burden on companies.

The presentation will highlight these challenges and will provide hints and tips on how to deal with this problem, ensuring to get Cyber Insurance at the lowest possible premium and with the highest coverage.

Event Recording
Challenges, Risks and Rewards of Energy Grid Smartification
May 09, 2023
Event Recording
Ahead of the Curve - the Customer Demands it, the Market Demands it, do You?
May 10, 2023

Companies today are being faced with business-critical yet seemingly conflicting topics; how to build trust, loyalty and personalized experiences that fuel growth in a world of fading cookies and GDPR. There has never been more urgency than now to focus on strategy and technology to meet the demands of the privacy-conscious consumer.  The collection of data and its management is core to this challenge, but current identity methods are missing the opportunity to solve it with legacy approaches and risk-based thinking. At IndyKite, we believe that facing this mounting challenge requires us to make leaps in both our thinking and technology implementations. Join us as we challenge the current operating state and discuss what the world might look like when we have the tools to power a truly customer-centric ecosystem - one where consumer data ownership and personalized services that fuel growth are no longer at odds. 

Event Recording
From Identity Theft to Identity Threat to Identity Security
May 10, 2023

Identity has been always an ambiguous term. Identities exist in a sociocultural and organizational context and in technical ones. We have Digital Identities and eIDs and not only do individuals have identities but so do organizations and non-humans, especially in technical contexts.

Identities had been always under threat, starting with theft of individuals’ identities and credentials in the physical world, such as credit cards and passports. However, these threats have not been on a large scale. We all know that this has changed dramatically with the digitization of everyone and everything. Social engineering, phishing emails, buying credentials in the dark web have become a serious threat to businesses and individuals. These threats have reached new heights with the numerous attacks on identity infrastructures, be it corporate directories or government eID infrastructure.

In this panel, we will explore the identity threats to individuals and organizations, how they are managed, and how identity security can be achieved from a prevention, detection, and management perspective.

Event Recording
GAIN in 2023 - and Beyond
May 12, 2023

This session will share how the concept of a Global Assured Identity Network (GAIN) has evolved since 155 identity experts proposed it in 2021. It summarizes a recent paper by the non-profits that guide the GAIN vision.

GAIN remains a call for collaboration toward globally interoperable identity assurance at-scale - a purpose that underpins the goals of governments, intergovernmental agencies, and private industry. It has inspired multiple working groups and continues to unite six non-profits - even (and especially) as the technical and policy landscape evolves to include emerging standards (e.g. MDLs, DIDs, VCs) and regulation (e.g. eIDAS 2.0).

This talk reflects on GAIN's relevance in today’s landscape and shares progress. It includes a deep dive into the technical community group at the OpenID Foundation, which has built a prototype that demonstrates cross-network trust and high-assurance identity data exchange. It now turns its attention to digital wallets, verifiable credentials, legal entity identifiers, and government-issued IDs.

It also reviews forward-thinking policy work by the Open Identity Exchange, which paves the way for Smart Digital IDs. Their Global Policy Metadata Framework proposes the standard publication of policy characteristics. In this world, policy metadata is shared between each trust framework through trusted wallets.

Event Recording
Beware of the Dark Side… Shining a Light on Supply Chain Security
May 10, 2023

How do we control what we do not see?

Supply chains are like that. The problem is that while you may have sight of your nearest third-party relationships, if you look further out to their relationships, things start to become a bit obscured. And that is where the risk lies.

In recent years Okta, Toyota and Morgan Stanley have all suffered data breaches that originated with an attack on the supply chain.

In this presentation, we explore the complex nature of supply chains/digital ecosystems and all the parties involved.  We’ll look at the pattern of some recent third-party attacks, examine their root cause and what lessons we can learn.

Finally, we'll explore the critical capabilities that are needed as the foundation for a solid third-party strategy; one that provides active, continuous monitoring while reducing the overhead for compliance.

Event Recording
Legacy Enterprise IAM/IAG Transformation
May 11, 2023

Enterprise IDM/IAG and gardening do have much in common. Usually, if the general architecture and setup of the garden is done and completed, only minor changes and adjustments will be done over the years. But still: The yard will look different after a few years, not only because the trees and plants have grown, but also because of replacements, adjustments and optimizations over the years.

Sometimes, calling a bulldozer for a more complete ‚redesign‘ and restart from scratch is considered, but still limited by the boundaries of the property (and the budget of the landlord).

Whether you plan to bulldoze your legacy IAM/IAG Program, or replace a few elements just as you would replace plants, trees and flowers because of their age or cost: In this panel we will discuss the options, do‘s and dont‘s, stories from failed ‚gardening projects‘ and many more related to modernizing your legacy IDM/IAG set of tools.

Event Recording
Panel: What Happens When Applications Don't Use the Identity Standards We Have Built
May 11, 2023

OAuth 2.0 is a widely adopted standard for authorization, but it can be complex to implement correctly. It's not uncommon for developers to have difficulty understanding the nuances of the OAuth 2.0 flow and instead rely on simpler approaches such as using API keys in "god mode."

OAuth 2.0 can be difficult to set up and configure, especially for developers who are new to the standard. It involves creating an OAuth 2.0 client, setting up redirect URIs, and managing access and refresh tokens, which can be confusing and time-consuming. Additionally, the standard requires developers to handle user authentication and authorization separately, which can be difficult to understand for those who are not familiar with the concepts.

Many developers may not understand the security benefits of OAuth 2.0 over API keys. OAuth 2.0 allows for fine-grained access control, enabling developers to limit access to specific resources and actions. In contrast, API keys provide more open access, allowing all actions on all resources. Developers may be inclined to use API keys instead of OAuth 2.0 because they are simpler and easier to implement, but they don't offer the same level of security.
Developers may find it hard to understand the standards, and may end up using an inconsistent approach.

The panel will discuss these reasons and other potential causes for why developers may not be using OAuth 2.0 correctly, and provide recommendations for how to overcome these challenges. We will highlight the benefits of OAuth 2.0, such as improved security and the ability to provide fine-grained access control, to encourage developers to adopt the standard. Additionally we will give examples of real-world attack scenarios that could have been avoided if the application was using OAuth 2.0.

Event Recording
eIDAS 2.0 & Digital Identity Wallet Readiness: What Your Organisation Needs to Know About Digital Identity Wallets
May 12, 2023

The revision of the eIDAS regulation introduces new requirements, challenges as well as opportunities for organisations. In this talk Adrian Doerk provides a structured guidance of aspects organisations need to be aware of to be well positioned in the market. After a general introduction to the eIdAS ecosystem, the focus will be on organisations who want to issue and verify qualified electronic attestation of attributes to/from the European Digital Identity Wallet. 

Event Recording
FIDO for the Enterprise - Challenges & Rewards
May 11, 2023