KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Compare solution offerings and follow predefined best practices or adapt them to the individual requirements of your company.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
The increased importance of a frictionless user experience as a digital business success factor on the one side, and a big wave of ransomware and similar attacks with user credentials as a main entry point are forcing us to rethink authentication and finally get rid of the password. Interview guests of this session will be KC Analyst Martin Kuppinger, Paul Fisher and Jochen Koehler from HYPR.
It is the same set of drivers – first and foremost remote workforce requirements and seamless customer interaction, that make our infrastructure and service even more complex as they used to be, with multiple public and private clouds, on-site IT, all of them with identity silos. In this session, KuppingeCole´s Analyst Martin Kuppinger and Paul Fisher, will talk with André Priebe from iC Consult on how to leave silos behind and take advantage of global identity proofing networks, Decentralized (DID/SSI) or chain-agnostic (GAIN etc.) and how CIEM/DREAM can help reducing complexity.
The pandemic has dramatically accelerated the shift to online transactions in most industries, with the financial industry as an example for a heavily regulated sector being in the forefront of a movement to establish a global standard that leverages the assurance level of online identity vetting (the onboarding process of a digital identity) with traditional face-to-face methods. In this session, KuppingerCole Analysts Martin Kuppinger and Paul Fisher together with ForgeRock's Eve Maler will discuss the relevance of identity proofing for your enterprise and why it will be one of the key topics 2022.
Website www.forgerock.com, email eve.maler@forgerock.com, LinkedIn https://www.linkedin.com/in/evemaler/
Workflows, integration, automation, low & no code – whatever reduces complexity and manual workload will be an even hotter topic in 2022. KuppingerCole Analysts Martin Kuppinger and Paul Fisher will discuss with Clear Skye´s Jackson Shaw on the new era of platform services and how they will help automating Identity & Access Management.
Zero Trust will continue to play a crucial role in cybersecurity and identity management. In this session, KuppingerCole Analysts Martin Kuppinger and Paul Fisher will discuss with Sergej Epp from Palo Alto Networks on how to apply Zero Trust thinking to converge IAM, UEM, MDM, XDR, SIEM, SOAR to a seamless and holistic cybersecurity infrastructure.
Paul Fisher and Matthias present their very subjective summary of a really special and, in particular, especially challenging past year, 2021. They cannot do without the word 'pandemic' after all, but they also try to reach a first perspective on the year 2022 from the past 12 months.
The announcement of the GAIN initiative for the secure distribution of verified and assured identity data has been made at EIC in September. While the core concepts of this initiative have been discussed in earlier episodes, Martin and Anni sit down with Matthias to do a deeper dive into further aspects of GAIN, including the use beyond customer-related IAM and the challenge of privacy in such a hyper-connected network for PII.
Raj Hegde is joined by Sebastian Manhart - Technical Advisor on Digital Identity for the German Chancellery to explore governmental reform and understand stakeholder expectations behind the rollout of digital identity projects in the post-COVID era.
Tune in to this episode to learn how governments can transition from risk-averse waterfall approaches, improve human factors in public services and navigate through the government-private sector nexus to promote citizen access to essential services.
Senior Analyst Graham Williamson joins Matthias from down under to talk about edge computing. Starting from the definition and relevant use cases, they focus on where the edge brings value. They discuss what the key criteria for a successful deployment are and what needs to be looked at to do edge computing while preserving security and privacy.
Knowing who you are doing business with online has been and still is a major challenge. But why do you really need to know, and what are the pitfalls? The presentation will look at some of the important challenges of identifying, validating and authenticating people online.
Inconvenient and weak digital identity affects our digital economy. Adding more band-aids to the legacy knowledge-based digital identity infrastructure isn’t effective anymore.
The FIDO Alliance introduced standards for possession backed authentication which are now supported by all major platforms. Additionally, the Alliance is developing new standards for document based ID verification and passwordless device onboarding.
With standardized approaches supported by the ecosystem, we have all ingredients for a wholesale upgrade to the “fabric of identity” in our hands. It is on us to use them.
The presentation will give context on the EU commission announcement of European Digital Wallets and explains what eIDAS 2.0 defines for member states when it comes to digital identities. SSI can be a potential solution, but currently does not meet the eIDAS 2.0 regulation fully. We will explain why and give an idea on how to evolve SSI and create an ecosystem that is compliant with eIDAS 2.0.
It is no surprise that decentralization is key player in blockchain's role in disrupting every industry requiring trust. But how to do create trust around decentralised solutions? Creating 'Decentralised Trust' is how we solve this. Through Decentralised Name Systems, Decentralised Certificates, Decentralised Bots and more can we enable decentralised trust around decentralised solutions. Such solutions are key in embracing a truly digital society where this 'trustlessness' is key in the greater security, efficiency and trust of the public sector and all industries requiring trust.
Cybercrime, often driven by fraud, continues to plague organizations leading to data breaches and loss of revenue. Account takeovers and account opening fraud contribute to this. But as organizations transition to heavier dependence on digital identities, how do we deal with the rising and changing stakes?
In this session, Anne Bailey will discuss the intersection of digital identity and fraud prevention: identity verification. Listen in to hear how identity verification can be integrated into digital identity management as a preventative measure against fraud.
Lead analyst Alexei Balaganski joins Matthias for an episode on Data-Centric Security. Starting with a definition behind that term, they look at relevant technologies and market segments and discuss adequate ways of adding Data-Centric Security to an organization's cybersecurity strategy.
From November 9th to 11th, the Cybersecurity Leadership Summit 2021 took place in Berlin and virtually online. The Monday after, Martin Kuppinger and Matthias sat together to talk about some first impressions and insights from this event.
The recordings and slide decks are available for participants and those interested.
The Right Reporting Line is the One that Works. Period.
Emerging privacy-preserving frameworks for biometrics and identity limit the need to store personal data while still ensuring digital security.
Dream - Policy-Driven Management of Security, Identity and Access for All IT
The Future of Work is coming. And it’s borderless, lightning-fast, highly creative.
API Management & Security Market: Challenges, Solutions, Future Trends
Ransomware Attacks have become the biggest single cyber risk for enterprises of any size and industry. Current surveys and KuppingerCole´s own research indicate a steep rise not only in the number of attacks, but as well in the average damage per incident. The dark side of digital is industrializing itself, turning ransomware into big business The question is no longer if and when your organization will be attacked, but whether and how successful the attackers will be. “Sophisticated recent ransomware attacks are fully aware of standard backup strategies and corrupt or destroy your one and only option to recover without paying the ransom.” says KuppingerCole´s Cybersecurity Lead Christopher Schütze. “The complexity of today´s multicloud environments require more than traditional backup & restore approaches” he continues.
In this workshop, we will provide you with an overview on the pillars of a proactively resiliient IT Infrastructure. Starting with an individual ransomware resilience assessment, each participant will (individually and anonymously) benchmark the resilience of her organization against ransomware attacks, relative to the average value of the whole group that conducted the assessment. The key topics of this workshop will be:
In the past, servers and applications were rather static, and entitlements too were static. But this has changed. Organizations must deal with a multi-cloud, multi-hybrid IT. Entitlements and access in today’s cloud environments are dynamic, just like workloads. Martin Kuppinger joins Martin to explore the area of Dynamic Resource Entitlement and Access Management (DREAM). Together they look at policies and automation as one key building block for managing today's volatile IT.
No big celebration, but at least a mention: this is the 100th episode of the KuppingerCole analyst chat. Martin Kuppinger joins Matthias to discuss the increasingly important topic of "everything as code" and how to define proper strategies for approaching this, especially in the context of the BASIS concept. For more on this, both recommend revisiting Martin's opening keynote from this year's EIC.
Industry 4.0 is all about connected industries. However, more connectivity also brings more cyber-physical threats, in particular in relation to constrained IoT devices. Distributed Ledger Technologies (aka blockchain) and decentralized identities can help to re-establish trust, improve security and develop new business models. This talk will discuss the role of IOTA DLTs in securing connected industries and present some of the solutions and use cases currently being developed.
Internet of Things (IoT) devices also known as connected devices like smart speakers or smart thermostats have become more common features in modern digital life. As IoT devices become more ubiquitous the concerns about security and privacy of the data captured become more pressing. This session will explore the following:
In his talk, Martin Kuppinger, Principal Analyst at KuppingerCole Analysts, will look at security challenges in Industry 4.0 and how established technologies from IAM and cybersecurity might be utilized for improving security. His talk will also cover the wide range of themes to look at from a security perspective in Industry 4.0, including Edge Computing and SASE.
John Tolbert sits down with Matthias and shares his insights into current approaches for protecting and defending essential enterprise systems beyond traditional, often office-focused cybersecurity. Safeguarding Operational Technology (OT), Industrial Control Systems (ICS), and the Industrial Internet of Things (IIoT) is getting increasingly important. John explains that modern approaches like Network Detection and Response (NDR) and especially Distributed Deception Platforms (DDP) can be valuable building blocks in an overall strategy for defending, for example, the factory floor or critical clinical systems.
A short status review of Blockchain: The development so far and operational challenges
• The race of application solutions
○ Blockchain without tokenization
○ Blockchain with tokenization
• Hurdles of the future
Blockchain is a revolutionary technology, but before it redefines the organization as we know it today, it will revolutionize the way we transact in small ways first. This presentation will discuss the use cases that where blockchain is moving beyond PoC to enterprise implementation.
The explanation will enable CEOs and CFOs of any business to understand how this technology will impact their business.
Covid19 has laid bare just how far behind most governments are in digitising public administration and services for citizens. As countries around the world scramble to catch up, digital identity has emerged as one of the key building blocks. The approach, however, varies greatly. Most governments fall back on a default pattern characterised by centralised approaches and a narrow focus on the public sector only. Other countries especially in Europe and most notably Germany, are taking a different strategy and implementing user-centric, decentralised, self-sovereign digital identity with the goal of providing a holistic identity solution citizens can use everywhere and across borders. Join this talk with Sebastian Manhart, Advisor on Digital Identity to the German Chancellery (Angela Merkel´s Office), who will share what is happening in Germany and Europe, and why this could set the stage for digital identity globally.
Annie Bailey and Matthias take a deeper look at the emerging concept of the Global Assured Identities Network (GAIN) and also seek a broader perspective on the benefits and challenges of reusable identities in general.
The idea of low-code/no-code (LC/NC) application development is for end users to create their own custom applications, perhaps using a graphical design tool, selecting from a library of existing building blocks, or perhaps even with the assistance of artificial intelligence. Alexei Balaganski explains the concepts behind this new development, takes a look at the current market and, finally, highlights the challenges and security issues that may be hidden behind the use of such application development.
In this episode, Raj Hegde sits with Dr. Michele Nati - Head of Telco and Infrastructure Development at #IOTA Foundation to understand how decentralization offers a fresh perspective towards marketplace transactions.
Tune in to this episode to explore how an international initiative comprising of banks, universities and telco providers comes together to safeguard the e-commerce ecosystem.
While moderating and speaking at KuppingerCole's flagship EIC 2021 event in Munich, Matthias also took the opportunity to sit down one-on-one with his fellow analysts in the conference studio for some EIC special analyst chat episodes. In the third and final special episode, Martin Kuppinger and Matthias look at how current technologies and concepts complement each other to improve security and convenience for users of modern technologies at the same time.
KuppingerCole's flagship event EIC 2021 took place very successfully in Munich and online in September. Of course, Matthias took the opportunity to sit down with his fellow analysts in person for some EIC Special Analyst Chat episodes. Building on the themes of his Opening Keynote, Martin Kuppinger explains the concepts behind "Deconstructing the User Journey".
EIC 2021 finally took place in Munich in a hybrid format between on-site and online. Of course, Matthias took the opportunity to sit down with his analyst colleagues in person for some EIC special analyst chat episodes. In the first of three specials, Christopher Schütze talks to him about the findings from his pre-conference workshop on defending against ransomware, and they also turn their attention to a promising new approach to creating globally secured identities.
Leading service providers have started developing their software in-house to achieve competitive business advantages.
Denmark is among the most digitaized countries in the world and as the digitarization strategy moves forward, it is necessary to improve and enhance the nation's overall cyberprotection. In 2019, the Government appointed a new 20-member national Cybersecurity Council for the period of two years. The council’s role is to advise the government on new initiatives that can support both the private and public sectors by improving resillience and better cyberprotection; contribute to knowledge sharing, advisories and guidance on the strategic level; and look into the need for cyber security competences and suggest measures to further develop these, both among private citizens and employees, as well as within education and research.
In this session, you will get a view into the midway status of the work of the Council, and will learn which initiatives work and which need more effort. The Council has been advising the healthcare authorities on the Danish COVID-19 app, and has been discussing the SolarWinds hack and the upcoming vaccination passport.
Back in November 2013 the U.S. congress enacted the Drug Supply Chain Security Act (DSCSA). Part of the regulation is that actors within the U.S. pharmaceutical industry must verify the U.S. state license, which is issued by the U.S. Drug Enforcement Administration (DEA), status (and thus the authenticity) of every trading partner within their supply chain. And this does not stop just by direct trading partners a pharmaceutical supply chain actor might have, the regulation states, that also indirect trading partner’s U.S. state license status must be proofed.
The Accountable Digital Identity (ADI) Association is a nonprofit organization dedicated to advancing an open framework for digital identity that focuses on accountability, privacy, and interoperability. The Association is a global coalition of private and public organizations spanning finance, government, healthcare, and technology parties.
Explore the:
- Landscape of digital identity in Germany
- Success factors
- Future Outlook
Enterprise hiring in the time of Covid is putting greater emphasis on supporting remote on boarding of new employees. This creates new challenges for the IAM team as it is no longer self evident that new contractors and employees to show up at a physical helpdesk, provide ID and pick up their new accounts. How do you organize the remote onboarding and are there technologies and approaches that are used in digital customer onboarding and KYC processes that can be leveraged to also handle employee onboarding? |
How do you support remote onboarding at scale? |
The FIDO Alliance was launched in 2013 with the audacious goal: to change the very nature of authentication. To move the entire world away from usernames and passwords and traditional multi-factor authentication with an open and free web standard that makes authentication simpler and stronger. It’s 2021, so why are passwords still persisting? The session will answer that question, and detail the progress that has been made towards standardizing strong authentication and the opportunity for companies to start on a journey past passwords. |
-- Attendees will understand how a global pandemic affected companies' digital transformation plans, including strong authentication projects Key Takaways:
|
What if we took the traditional way of thinking of Identity Governance and reversed it completely? Putting together a successful IGA program has commonly been a long haul, |
Decentralized Identity is seeing a proliferation of activity -- so much that even experts struggle to make sense of it all. Even the names of the emerging specs have gotten wacky (or, technically, WACI...)
We will look at OAuth protocol and its misusage for authorization purposes. What is the difference between client and user authorization and at which stage should each happen? We will revise what Identity is at its core and what should or should not be part of it. And what about Group Membership – a ‘domain-driven’ advise how to triage roles between Identity and Authorization. All these best practices are backed by real-life experience. |
- OAuth and its misusage as an authorization protocol |
The reason to use biometrics as a form of identity is because they are unique, unchanging and are the one direct and unequivocal link to an individual. But what if these identifiers are compromised? This is not a hypothetical scenario as the U.S. Office of Personnel Management breach sadly taught us several years ago. For years, this has been a conundrum in the world of biometrics - to store the data in a centralized system that has to be protected or choose device-based biometrics that are not linked to a vetted physical identity. In this never-ending loop of having to choose between privacy and security, we as a society have ended up with neither. This is about to change.
There are multiple forces now converging, that are driving serious attention and urgency to solve this problem as never before - continued, massive data breaches, skyrocketing use of biometrics and the emergence of far-reaching privacy and data protection laws that put the onus on protecting personal data on the private sector.
Owning personal data, and especially biometrics, has become a hot potato. Noone wants to hold it, but it is necessary for doing business. Consumers on the other hand are asking for more control. As a result, we are seeing new frameworks emerge, frameworks that go beyond blockchain and take into account the need for holistic, decentralized identity management that binds a rooted identity to a trusted authentication key that cannot be stolen, lost or circumvented by fraudsters operating under assumed identities with stolen PII.
Join us as we take you through a journey of what these new frameworks look like and the new possibilities that emerge when there is no binary choice to be made between privacy and security. It will finally be possible to have both.
2020 will be eternally known as “The Year of COVID.” It will also be known as the year remote digital onboarding was near instantaneously transformed from a strategic, forward-thinking business development objective to an urgent, mission critical business priority. This has accelerated the adoption of biometric face recognition and liveness detection to create secure, trusted, and frictionless onboarding experiences.
The market landscape is being shaped by a range of innovators. From biometric face recognition and liveness technology providers to targeted digital onboarding and identity verification platforms, to the identity BIG THREE: IDEMIA, NEC, and Thales; everyone wants in. The market is heating up as the stakes couldn't be higher.
Using Acuity’s proprietary Constellation market landscape model as context, the current state of play will be evaluated in terms of the key market sectors, drivers, challenges, and opportunities for real world problem solving and disruptive innovation.
One crucial component to SSI is end-users being able to interact with verifiers directly, without relying on a third-party provider or having to operate their own hosted infrastructure.
Cloud computing has become commonplace in recent years, it is almost inevitable for small to medium sized companies to leverage cloud services largely if not fully. However, it is not easy to run cloud enablement project in bigger and yet most importantly traditional companies, where there are hundreds of legacy applications, which expect data to be closer to the computing units, and which are dependent on bandwidth and reliable network availability. In this presentation, I am going to address cloud migration requirements, usual challenges, and lessons learnt and best practices from project management, security and service management point of view.
As a byproduct of the current activity across industry, government, and regulatory sectors, digital identity leaders face unprecedented opportunities- and challenges.
Covid has accelerated the global imperative to establish a strong and safe global digital economy that is enabled by a secure, interoperable, digital identity ecosystem. One of the most daunting challenges is how, where and when to start.
The reality is that the target global ecosystem will be years in the making despite the widely held view that better identity is crucial to achieving a trusted digital-first marketplace. The fact is that the target state is the quintessential “it takes a village” challenge. It is this speaker’s strongly held view that the leaders who move the market now will be best positioned to substantively shape the government, regulatory and legal frameworks that might otherwise hamper ecosystem growth.
The focus of this session is to speak to the market movers in the audience and provide food-for-thought in devising a strategy to move forward. The ‘right’ strategy will attract global relying parties, identity service providers and the digitally-enabled consumer audience writ large (‘the village.’) The global ecosystem will take time to evolve but the time to build the foundation is now.
Cloud capabilities are driving automation approaches that will upend traditional, linear templates for Identity Governance service delivery. This extends to everything from application/service on-boarding, provisioning and user lifecycle management workflows. In this session, Manoj will share his experience of working on automation approaches for cloud workloads and discuss what this means for the future of IGA in the era of continuous integration and delivery.
In this session Thomas Müller-Martin, Global Technical Lead at Omada will share his insights about the evolving IGA market and why companies today choose an enterprise IGA SAAS platform over an on-premise solution. Learn in this session how to transform your legacy or home-grown solution to a modern IGA solution without the hassle of long and cumbersome implementation and high maintenance costs. Based on best practices, we will demonstrate to you how organizations today can deliver fast value to their business to mitigate risk and increase efficiency. Join this interesting speech by Omada, a global market leader in Identity Governance and Administration (IGA).
Most of the companies today are handling all external users with HR processes using HR systems, which can cause friction and inefficiency when managing external users' lifecycle.
Most enterprise infrastructure and software are in the later stages of cloud transformation. However Identity Management and Governance has lagged behind. First generation monolithic IAM solutions and providers do not provide agility into entitlement and risks in a cloud first world. The complexity of diverse infrastructure, security policies, and development velocity make it virtually impossible to provision, analyze and remediate at scale.
Identity Lifecycle automation project in Swedbank lasted for 4 years. During all those years I fulfilled business analyst role in IAM area. I collected requirements, draw process models, and did detailed analysis. I also defined minimum viable scope of the project and drove the team to reach the goal. Finally, I did acceptance testing. I can share key activities for business analyst throughout different phases of the project. |
Key takeaways: |
|
* Everything is possible but |
Do you want to launch or expand your identity-related business in the Asia-Pacific region but don’t know where to start?
Non-human identities are crucial for managing access risk with IGA, especially for non-standard accounts that provide the most access risk for organizations.
As organizations expand their cloud footprint to accelerate innovation and digital transformation, increased security risks pose an imminent and elevated threat to their growing cloud presence. The market is overwhelmed with numerous security technologies, approaches and frameworks for securing an organization’s cloud adoption journey, but security leaders and architects must meticulously assess the security risks associated with their cloud usage, migration patterns and digital interactions with customers, employees and partners to suite their business requirements and cloud security priorities.
Identity and Access Management (IAM) remains one of the key security disciplines to support digital transformation and cloud adoption objectives, by not only providing a secure identity and access foundation for the user, device and cloud-service types but also by offering additional cloud-specific security provisions that include cloud access management, cloud entitlement management, cloud privileged access and cloud access governance to its evolving technology portfolio.
In this session, we will discuss the important security tenets of an organization's cloud adoption program and how effective IAM architecture and planning can help navigate CISOs and security leaders through their cloud adoption journey.
This presentation combines the findings of a doctoral study into security automation in the financial sector with real-world experiences in implementing security automation. The research focused on strategies financial institutions need to reduce the gap between the attacker's time to compromise and the defender's time to detect and respond. Learn from the experiences of companies that have implemented or are implementing security automation. This session will look at what to expect from security automation (and what not to expect), how to decide what to automate, strategies to help ensure a successful security automation program, and lessons learned from success and failure.
The harm that the misuse of AI/ML can have is obvious, from the ProPublica Recidivism piece from 2016 to the latest discovery of bias in facial recognition classifiers by Joy Buolamwini.
The need for tools to use AI/ML ethically is concentrated in two particular areas: transparency and fairness. Transparency involves knowing why an ML system came to the conclusion that it did—something that is essential if we are to identity bias. In some forms of ML, this is difficult. We’ll cover two tools to assist with transparency: LIME and SHAP. We’ll highlight where each of these tools performs well and poorly, and provide recommendations for utilizing them in unison where appropriate.
Once transparency is established, we’ll pause to evaluate potential sources of bias that would affect the fairness of a particular algorithm. Here the number of tools available is far-reaching. We’ll start with an explanation of bias metrics, explaining the roles that true/false positives and true/false negatives play in calculating various accuracy metrics. The basics of fairness established, then we will explore various tools used against a few, publicly available sample ML implementations. Tools in this review will include: Aequitas, AIF360, Audit-AI, FairML, Fairness Comparison, Fairness Measures, FairTest, Themis™, and Themis-ML. We’ll compare these tools, providing recommendations on their usage and profiling their strengths and weaknesses.
The Ethical Part of AI Governance – my personal learning journey
This talk is about my personal learning journey in AI and AI Ethics together with Bosch. I want to share what brought me to AI and AI Ethics personally and professionally and what instrument is used at Bosch to bring AI Ethics to life.
CIEM (Cloud Infrastructure Entitlement Management) is a SAAS delivered, converged approach to next generation, ideally AI driven multi-cloud security, managing access and privileges in the cloud. It is playing across the disciplines Identity Management & Governance, Access, Privilege Management and Authentication, addressing the complexity of multi-cloud adoption with privilege & access management working differently for each provider.
Cloud services have enabled organizations to exploit leading edge technologies without the need for large capital expenditure. In addition, to survive the COVID pandemic, organizations have had to accelerate their use of these services. The market for these services is forecast to grow significantly as organizations complete their digital transformation and move, migrate, or modernize their IT systems. However, according to some estimates only around 4% of enterprise workloads have currently been moved to the public cloud. The factors limiting this growth are the challenges faced by organizations of managing the security and compliance of this new complex hybrid IT environment. This presentation will describe how we expect the market for cloud services to evolve and the key changes needed to help organizations to manage these challenges.
Artificial Intelligence is a little bit like sex: Everyone talks about it, very few people actually do it and if you don't do it safely, the consequences can be devastating. This session will give you a basic understanding of what you (yes, you!) can do to implement "ethical" AI systems in your organization and enjoy the promising opportunities this new tool offers while being aware of its limitations and risks.
During the last couple of years, hybrid and multi-cloud solutions are becoming very popular. With the emerging cloud options, modern enterprises increasingly rely on hybrid cloud solutions to meet their computational demands by acquiring additional resources from public clouds dynamically as per their needs.
The debate on Customer External Digital Identity has reached fever pitch. This session takes a step back and looks at how Customer External Digital Identity can enable Trust between individuals and organisations in many sectors, what that allows organisations and individuals to do and also looks at the different roles that you might choose for your organisation.
Hybrid IT environments are full of secrets, like tokens, passwords, certificates and encryption keys that open access to mission-critical information. The emergence of concepts like Zero Trust authentication, Just-in-Time access and Zero Standing Privileges suggests that these access secrets don’t need to be permanent. Instead they can be created on the fly and made to expire automatically, paving way for the future where secrets or passwords no longer need to be managed and vaulted at all.
SSH.COM's CTO, Miikka Sainio, explores how reducing the number of permanent secrets enterprises manage in dynamic environments improves security, operational velocity cost-efficiency. He also discusses why managing and vaulting secrets is still a necessary phase in many cases when companies adopt modern and future-proof methods.
Miikka Sainio, CTO, SSH
Our approach to security across all aspects of our lives has changed considerably over the last 20 years. From firewalls to the cloud, Max Faun explores how security technology has evolved since the start of the millennium.
One size no longer fits all but everything does come down to trust, or lack of it! Is Zero Trust the way forward for an identity-centric secure future? Max looks at four pillars that businesses and individuals can apply to gain trust back and reap the benefits.
Identity on AWS may be well trodden ground, but that doesn’t necessarily make it any more inviting for enterprise practitioners who may not have had occasion to yet dive into the topic when tasked with an implementation.
When we traditionally think of vaults, we expect them to be in the close vicinity of a user. In our rapidly digitising world, the nature of such vaults have transformed as well. Data *(or Password, whichever word you think is correct)* vaults which are expected to be located on premises are now digital, making ownership of these vaults and access to these vaults critical functions for an organisation. The Cloud hosts a lot of secrets and this journey of vaults becoming digital and part of Cloud Environments is nothing but fascinating.
Picos (persistent compute objects) are an actor-model programming system with long-term persistent state. Each pico also has persistent identity and availability for a cloud-native developer experience. Picos are DIDComm-enabled agents supporting SSI. Consequently, picos are capable of running specialized application protocols for any given workflow in a secure, cryptographic environment. The architecture of picos makes them independent of the runtime they executed on, holding out hope of a decentralized SSI agency. This talk introduces picos, demonstrates their DIDComm capabilities, and presents a roadmap for building a decentralized SSI agency, independent of any particular organization.
Looking at the digital transformation in the industries and the relevance Blockchain / DLT will have.
Access Management is a crucial capability in the IT infrastructure of any Enterprise. But it is even further crucial, when the whole application landscape is integrated, i.e., more than 1,800 applications used by millions of users. Back in 2017 we modernized the existing access infrastructure and set up ForgeRock as its successor on-premises in our data center. With rising demands regarding availability, scalability, and support for market-specific customizations, as well as more products and applications are going to the cloud, it became increasingly clear that project will have to cloudify its infrastructure and application stack. The future setup should follow modern paradigms like GitOps, Everything as Code and making use of highly automated processes based on Service Layers, all whilst keeping the integrated applications up and running and migrating the product stack to the AWS (Amazon Web Services) cloud. Key Takeaways: |
- How does a target architecture look like |
A lot of innovation around physical products is created by connectivity, allowing them to become part of the consumer's larger digital ecosystem and the providing enterprise. Gartner says in its megatrends for the next decade: "Anything costing more than a few USD will be "intelligent and networked". Examples are electronic wall boxes to charge cars or remote-control for dishwashers, cars, etc. Key Takeaways: |
- What are the essential protocols to bring identity and IoT together |
The trend toward adopting multiple cloud providers means identity is now distributed, rendering traditional, centralized access policies and perimeters obsolete. As a result, the way we think about identity and access management (IAM) has to change. This session will present Identity Query Language (IDQL), a new standard for identity and access policy orchestration across distributed and multi-cloud environments.
To date, Digital Identity Trust Frameworks have generally been light touch regarding the specification of fraud controls, relying on the theoretical protection a Digital ID offers through more robust authentication. It is true that improvements in authentication methods, such as soft tokens and biometrics, mean the ID theft vector of phishing for a user’s password may be removed. However, ID fraudsters will continue to use stolen ID information to create an ID in the victim’s name. They will continue to create synthetic IDs. They will also continue to try and take over victim’s accounts, using online account recovery and voice helpdesk channels to replace a strong authentication method with one that the fraudster controls.
In recognition of this ongoing threat from fraudsters, the Open Identity Exchange (OIX) has produced a comprehensive Guide to Fraud Controls for Digital ID Ecosystems.
The guide covers the processes and channels that need to be considered from a fraud risk point of view. It identifies the different types of fraud controls that should be applied in each channel, including ecosystem wide syndicated fraud controls, such as shared signals. The process of dealing with a suspected fraud is examined: how should these be prioritised, what investigation process should be followed, and how should victims be informed. Finally, it covers legal considerations when implementing fraud controls, in particular when sharing information and collaborating across the ecosystem to act as a joined-up defence against fraud attack.
This presentation / panel session will provide discuss these topics and how the guide can help those implementing Digital ID and provide the audience a chance to speak about their own fraud challenges with the authors and how the recommendations in the guide might be applied to help
The presentation explains how institutions can establish relationships with clients and manage their data. Adrian Doerk, Business Development Manager, Main Incubator GmbH
|
In a 2018 study by Onus & Ponemon on data risk in the third-party ecosystem, more than 75% of companies surveyed said they believe third-party cybersecurity incidents are increasing. Those companies were right to believe that.
As our world becomes more digitized, and thus more interconnected, it becomes increasingly more difficult to safeguard organizations from cybercrime. Tack on to that challenge a global pandemic that all but forced organizations to become “perimeter-less,” if they weren’t already, and the potential access points for bad actors through third-party access increases exponentially.
The problem is two-fold.
The landscape of third-party users is vast and continues to grow. From third-party non-employees like vendors, contractors and affiliates to non-human third parties like IoT devices, service accounts and bots, more organizations are engaging third parties to assist with their business operations and help them to innovate, grow faster, improve profitability, and ultimately create greater customer value – faster. On average, companies share confidential and sensitive information with more than 580 third parties and in many cases, an organization's third-party workers can actually outnumber their regular, full-time workforce.
Yet, despite the increased use of third-party workers in business, most organizations lack the proper third-party risk culture, processes, and technologies to protect themselves against the long list of third parties with access to their sensitive data and systems. Organizations have these systems in place to manage their full-time employees but lack the same level of rigor to manage these higher-risk third-parties. As a result, many third-party users are provided with more access than needed for their roles, and most disturbingly, that access is frequently not terminated when the third party no longer needs it.
Without the right third-party identity lifecycle management procedures in place, businesses unwittingly expand their attack surface, unnecessarily put sensitive information at risk, and create additional access points for hackers.
Recent years have seen significant Artificial Intelligence (AI) development across all domains of business and society. This panel aims to bring attention to societal impacts of AI – benefits and challenges, by bringing thought leaders and practitioners from different parts of the world to leverage diverse viewpoints around AI governance that continue to drive AI development across borders.
Identity is a fundamental element in the traditional world to associate information to the same individuals. As we leave more and more digital footprints in the world of Internet, these information are giving birth to our digital profiles, raising issues of privacy protection, monetization of data, identity theft and more. While in this presentation, we revisit the manifestation and formation of identity in the incoming world of Web 3.0, and discover how the native citizens of Web 3.0 are forming their own identities and reputations with native behavior data that are distributed, interoperable, and self-sovereign.
How to future proof a national eID scheme where 13 registered commercial IdPs, 1 government IdP and several brokers operate?
As processing power becomes cheaper, smaller, and more accessible, the issues of Identity in this automated space become increasingly relevant. We will discuss how machine learning (ML) can perform many traditional governance tasks previously the responsibility of managers – from ensuring appropriate access controls to automating the processing of access requests. We will also examine how intelligent devices are acting as agents for other identities and the challenges this brings to traditional identity management. Real-world examples will be presented of ML identifying security concerns and other vulnerabilities.
Disclaimer: The speaker at this session has not been involved either directly or indirectly in the work in the aftermath of any of the Ransomware attacks described in this session. All of the information from the cases is based solely on data that is in public domain.
As more and more organizations go multi-cloud, the question arises how to integrate existing and compliance-proven enterprise IAM processes with the upcoming requirements of managing identity in the clouds. |
The dynamic nature of cloud environments requires a frictionless user experience when it comes to providing and retrieving access
There is no one size fits all - the best solution for your organization depends on your positioning within a large spectrum between agility and control
Implementing a declarative approach for your multi-cloud IAM is a essential when aiming for continuous compliance
I considered myself quite an experienced programmer and having some expertise in Identity management when I was hired by Swedbank to work as full time Identity engineer. Besides projects, I had assignment to describe an architecture of the IAM as a service from my manager. Honestly, I had no clue about how to envision it. I tried to assemble standards and squeeze something out from practices and papers. But these were not really all my ideas and I did not feel much confident. But something started to happen in few last years when we had a very hard time implementing our IAM project (believe or not, it was successful). We had to answer hundred times to questions "why", "what" and "how". And finally the blueprint of the architecture of IAM as a service appeared from the mist. It is not one and only, because same size does not fit for all. Still, I do not agree that there are indefinite number of possible solutions. I think similar enterprises and engineers may find this presentation useful to draw their own blueprints. |
IAM projects start usually from implementing baseline IAM processes - joiners, leavers, movers. Because this is what is usually most needed. But then you will get asked for more - identity data, events, other services. This is what makes up IAM as a service. Neeme Vool, Software Engineer, Swedbank
|
In this lecture I present a reference architecture covering CIAM, API and PAM thinking about closing the main attack possibilities in modern contexts
Over the past decade significant advancements have been made towards decentralised, self-sovereign and tokenised identity. Now that we can tokenise a unique value what is the new value we can enable?
In an attempt to protect users from excessive tracking and surveillance, the last couple of years have witnessed major browser vendors introducing increasingly restrictive anti-tracking measures. Identity protocols and features got caught in the crossfire, however, forcing identity software vendors and developers to hastily introduce changes to restore functionality that browser changes broke. Is this the new normal? What will we do when a change will break an identity feature beyond repair?
This session will review the main browser changes that have affected identity over the last few years – Chrome’s SameSite and Safari’s ITP2 in particular, interpreting them as part of a larger trend and attempting to predict what the future will look like for identity customers and practitioners.
For most companies, privileged access management is associated with creating borders or limitations. Often organizations are forced to implement PAM due to the legal regulations and do not see it as an investment but rather consider cybersecurity as a cost center. Moreover, most employees think of it as another layer of control and make an assumption that the company does not trust them.
Research from 2020 has shown a phonemonal growth in the access management market.
The pandemic, for all its impact, has enabled organisations to re-evaluate their working strategies and practices. But at what cost? Cybercrime on corporate applications has risen exponentially from the dispersed workforce and rapid cloud adoption has left organisations vulnerable to ransomware, malicious activity and internal subterfuge.
Danna Bethlehem, Director Product Marketing Authentication at Thales discusses how organisations can accelerate their business with the right approach to their IAM strategy. For 2021 and beyond, enterprises need to leave survival mode behind and adopt a drive to thrive.
Drawing on recently released research into the EMEA IAM market, she will highlight:
Artificial Intelligence (AI) has been boosting innovation and creating a whole new wave of business models. With its rapid expansion into most use cases in many industries, a new threat landscape is evolving and as such presenting tough challenges to cybersecurity teams. With its huge impact on the way we interact with technology, the need for good practices and high standards in securing AI infrastructures is becoming a priority. In this panel session, we will
Organisations perceive their users through data. In the world of fewer and fewer opportunities for physical contact, identity verification is going all remote. All online service providers need to model the risks related to user impersonation and user manipulation attacks. |
Static data can be easily spoofed. Dynamic data analysis (mainly in a time series manner) is the way to go. |
Ever since, Identity Management Environments do belong to the ‘more complex’ solution stacks in the world of IT. As a central
component and the ‘spider in the web’, it must adopt to any evolutionary change made in connected applications and systems.
Furthermore, new or modified business requirements or procedures do drive constant changes to IDM-Systems itself.
Depending on traditional, agile or ‘mixed’ service delivery and maintenance approaches in conjunction with multi-tier
environments for development, staging, pre- production and production (or even more), it becomes quite challenging to
appropriately integrate new functionality with the expected level of quantity and quality.
Most likely, its not only code and configuration which needs to be staged between the different system tiers, but also digital
identities and entitlement information.
In this talk, we will investigate different approaches to release and change management techniques specifically for IDM-Systems
and the benefits of integrated Multi-Tier environments. We discuss Good- Practice approaches from several Identity Management
projects from the past two decades, do’s and dont’s and how to deal with pseudonymization in staging environments which can
be used by any team for their ‘real-world’ acceptance tests, demo or lab work.
Key takeaways
• Get an overview of common mult-tier staging environments in IDM/IAM Landscapes
• Learn about good-practice approaches to establish staging functionalities
• anonymization and pseudo-anonymization for entity staging
There is a common theme for many of the mega breaches of recent years – a neglect of basic cybersecurity hygiene that has resulted in a backlog of unpatched apps, misapplied configurations and overlooked tasks. This debt compounds over time and, as with financial debt can snowball to reach a point, where it becomes insurmountable. As organizations become increasingly cloud first, the risk profile from security debt further increases.
Many companies from diverse industries increasingly rely on AI for strengthening their efficiency by automating jobs. Many of these advanced automation tools, however, currently become standard applications. Consequently, an isolated use of these tools will not enable companies to gain a competitive advantage. This presentation builds on an intelligence-based view of firm performance and the ‘Integrated Intelligence’ approach, which highlights the need to integrate AI with specific human expertise to outperform competitors and to transform a firm’s intelligence architecture. It further discusses the leadership implications for general managers and offers a systematic framework for generating growth and innovation beyond automation and efficiency. The ‘I3 – Integrated Intelligence Incubator’ provides executives with a toolset for developing appropriate strategic initiatives for intelligence-based future competition.
The majority of crimes in our industry are initiated with cyber-attacks on people - however, our people can also be our most valuable assets. This presentation start with a walkthrough of multiple "bank robbery" scenarios to focus on a real event from 2016, when in one of the largest cyber heist ever, $1 billion were at stake being stolen from a bank. And how human vigilance (as well as human mistakes by the criminals) finally prevented the worst.
During this presentation, I'll show how the effects can bring in inside the Cloud environment if was exploitable by Malware using PDF file, explaining how each session works within a binary, what are the techniques used such as packers, obfuscation with JavaScript (PDF) and more, explaining too about some anti-desassembly techniques, demonstrating as a is the action of these malwares and where it would be possible to "include" a malicious code.
Join Peter Dulay, Symantec Identity Management Adoption Advisor, Broadcom, as he introduces One PAM, which brings together traditional proxy-based (credential vaulting) with agent-based (granular access controls) capabilities into one consolidated solution and approach, and how One PAM is better positioned to help customers shift to a Zero Trust model.
The hybrid mix of remote and office work combined with digital transformation initiatives is driving the rapid adoption of cloud. This trend is also prompting organizations to rethink requirements for authenticating employees and other members of an organization supply chain. Companies are now exploring how to significantly improve both security and the end user experience. Unfortunately traditional multi-factor authentication is lacking in both areas.
Discussion topics include:
As a leader in innovative aerospace manufacturing with locations across the world, Airbus recognized the need to fortify its third-party identity management processes to better meet the operational efficiency and security needs of its evolving business and supply chain. Specifically, Airbus wanted to upgrade its identity management capabilities around lifecycle management, data quality, and obsolescence management for its third-party, non-employee users.
I today's digital world (post EU DMA, DSA, DGA regulation proposals (now tabled in EU Parliament for legislative approval by 2023), GAIAx birth in Europe and eprivacy new regulations adoption, the hard line separation between personal and non personal data is blurring and companies have yet understood what this means for them. While they thought that only personal data needed to be consented, now it's all the data that need the consent log prof for each digital identity they get associated to. Europeans have also created a new "notion" of cloud (GaiaX). A cloud where data can circulate freely, can be shared and mutualised (upon consent). This will have implications. Huge implications as GaiaX carries the option to "import/acquire" data also originated from other entities (including from outside Europe). The transfer mechanism will only be possible upon user express consent, voluntarily. User will need to be incentivised to agree to share. Since transfer can only be performed by users, and with consent, that will in fact open up to a secondary data market which sees the consent log representing a "transaction event'. Hence privacy will exit the framework compliance to enter the framework of "strategy and business development'. The contextual "data" hunt can begin (vs big data paradigm which fades aways). The de-monopolisation of consumer data, too. |
Insights in how the new european digital policy opens to new business (data driven) opportunities; Isabella de Michelis di Slonghello, CEO and founder, ErnieApp
|
|
Guardianship is a condition of life in human societies. When we are young we may be looked after by parents until we become adults. When we are adults we on occasions need others to look after us, and sometimes we may need increasing levels of care as we age.
|
Disciples of decentralized identity have preached for years that DIDs are the only true path to giving users control over their identity, AKA self sovereign identity. The lack of widespread adoption is evidence that a more pragmatic approach is needed.
As organisations continue to adopt and embrace new technology platforms, it also brings with it the requirement to reassess how these new environments are secured. The Assume Breach mindset, a key aspect of a Zero Trust, shifts the risk posture to that of applying defense against the concept that the perimeter has already been breached.
In this session, we run through the Tactics, Techniques, and Procedures used in recent breaches and highlight the commonality across them; identity compromise and privilege elevation. This analysis will highlight the importance of taking an assume breach mindset to defense and that Identity becomes central to this strategy. Further, we will then position recommendations on how to protect against Credential Theft, Lateral Movement, and Privileged Escalation across hybrid and cloud environments
Identity and privileged access management have existed in silos for decades. But cloud adoption and the rise in remote workers have introduced new vulnerabilities, and cybercriminals have noticed. As ransomware, breaches, and credential theft continue to make headlines, one thing is clear: We need to treat all access as privileged access and understand the context — and risk — of that access.
In this session, Chris Owen, Saviynt Director of Product Management, will discuss how identity worlds collide through Saviynt Enterprise Identity Cloud. He will show how this converged platform brings intelligence, visibility, and context together so you can manage the entire identity lifecycle, including governance, privileged access, application access, and third-party access.
Based on our research about critical privacy areas in Social CRM I could present solutions and discuss further potentials provided by upcoming technologies and resulting requirement on privacy management systems.
Social CRM is a bit special as indeed many applications and processes areas are still in legally grey area, without established and accepted standards. Users tend to ignore this fact as many applications and process provide a value for them and/or are comfortable. Based on this specific setup I could build up the discussion and presentation.
This presentation would be more a discussion to show potential solutions and not the presentation of a specific solution
Self-Sovereign Identity – or SSI in brief – is now a major thing. Germany has become one of the world’s key SSI accelerators. Countless people and organizations – small and large – are getting excited and actively involved. Now de facto driving forces are: 1. SSI Pilots by the German Federal Chancellery as first demonstrations of the Digital Identity Ecosystem. 2. IDunion – a solution-oriented research project co-funded by the German Federal Ministry of Economic Affairs and Energy in the cluster of showcases in Secure Digital Identity. This presentation provides a brief SSI introduction and an update on these two major German SSI initiatives.
Mobility-as-a-service is changing the way people move. From mobility based on driving your own car, it is converging to the consuming of various services using multiple modes of transportation. Ranging from eScooters, bicycles, ride-sharing to car-sharing, ride-hailing and public transport.
The Internet and consequently the Internet of Things were built without a trust layer. Decentralized Digital Identities as basis for Connected Mobility may be one of the needed missing components to implement real data sovereignty and a trusted Economy of Things in future Connected Vehicles scenarios.
Zero trust requires an enterprise to identify and monitor all the network identities used in the enterprise. NIST SP 800-207 refers to a zero trust deployment pattern called “enhanced identity governance”. The National Cybersecurity Center of Excellence (NCCoE) has a project on implementing a zero trust architecture that will include enhanced identity governance. This talk will be an overview of the role of network identities in zero trust and the current status of the NCCoE project.
The pandemic has dramatically changed how we work, shop, meet and learn. Simple username and password credentials can no longer be part of this new world. They have become every user’s and every IT departments’ nightmare. Connected IoT things are for the first time outnumbering non IoT connections such as Tablet, Phones and PCs and many emerging business models will drive more revenue through IoT-enabled services than the products through which they’re delivered. Applying zero trust thinking to all identities including connected things and not just employees and their PCs is therefore a concept organisations will need look into to ensure adequate security measures for their employees and things.
In this session we’ll talk about:
Many services across the web today allow users to consume the service without explicitly signing up. They generally identify users by a cookie containing a unique browser-id and store user data against it.
Do people really care about data privacy?
In an insurance sector not yet impacted by uberisation, AXA is moving toward its digital transformation. To achieve its key targets, including reduced time to market and improved user experience, AXA has launched several major programs: network, datacenter, workspace, .., and Identity and Access Management. Come discover how AXA leads the IAM program to support its digital transformation though improved agility, automation & business partnership capacity, both external and internal, while maintaining a high level of security. |
– Adapt your IAM program to your context |
Now more than ever, the world is operating online. Governments and enterprises need a way of securely verifying an individual’s identity whilst providing an inclusive and positive customer experience. iProov is a world leader in cloud-based face biometric authentication technology. Our Genuine Presence Assurance™ technology, powered by flashmark, ensures that the individual is: the right person, a real person, and also confirms that they are authenticating right now.
IAM programs in organizations have a reputation for difficulty and high failure rates. Through education and later through experience, professionals learn that communication is the most critical success factor in all human undertakings. We may have cutting-edge technology, generous budgets, and a competent team and still fail our project miserably. High-quality communication about IAM with our stakeholders is insufficient to succeed, but it is a necessary condition.
And what is the building block of communication? Words and concepts.
Improving the IAM vocabulary's accuracy is the idea behind the TOME (The Open-Measure Encyclopedia) project - an open-source encyclopedia specialized in IAM, authored by volunteer IAM professionals for their peers. Its goal is to become the industry reference dictionary. It is free of charge and licensed under Creative Commons to facilitate its widespread adoption. It is rooted in science with a solid methodology and pervasive references to stand on the shoulders of giants.
In this session, I will present and define a series of IAM concepts, both frequently used and rare but often misunderstood
After applying an agile way of working for the last three years the Rabobank Identity & Access Management service has gone through a transformation. The increased autonomy of teams, using backlogs with prioritized epics, applying agile rituals in order to create space for growth in applying agile principles, all of these have affected how IAM services are developed and delivered. Where the arena is uncertain and customers have a somewhat-defined request the agile, iterative approach works. Yet where the arena is regulatory governed and compliance driven an agile approach works less. The impact of incidents in a 24x7 security service immediately reflects itself on the development of the service when a devops team is used. The strain between waterfall project management and this agile approach is not instrumental but conceptual. Aligning expectations with the wider organization is a challenge in itself. This presentation will demonstrate the pros and cons of agile on IAM. |
Agile pitfalls Henk Marsman, Lead Product Manager IAM, Rabobank
|
Siemens AG drives the comprehensive Zero Trust program enabling most areas of Cyber Security, Enterprise and Product IT. In the presentation we are going to share our architecture vision as well as the implementation road map. We are going to share some lessons learned, which we gained on the way we passed so far.
Companies across the globe are undergoing digital transformation. The main challenge with this approach is the ability to securely manage access for on-premise, cloud and SaaS applications. Entitlement Management across this hybrid landscape requires management of cloud assets, IAM profiles, groups, roles and entitlements in support of Identity Lifecycle Management, Access Management, and Access Governance. |
1. Provide visibility over hybrid-cloud assets |
Deployment of IoT installations are accelerating as organisations seek to expand their business by adding IoT functionality to their products/service, or reduce their costs by automating processes. Unfortunately, in many cases these initiatives are not adequately executed and, as a result, do not meet expectations.
In this session we will look at 5 pillars of an IoT deployment: the Device pillar ensures we select the appropriate sensors and actuators, the Control pillar guides our decisions on controller functionality, the Communications pillar ensures we consider which options fit our required functionality and budget, the IT pillar determines the level of integration between our IT and OT environments, and the Security pillar guides our protection strategy.
A holistic approach is a success-indicator for our IoT projects.
Applying the principles of self-sovereign identity to financial and social media sourced data points will enable businesses to make better and informed decisions about retention, acquisition and eligibility whilst relieving them of most of their obligations under GDPR. |
The paradox of simplicity is that making things simpler is hard work. - Bill Jensen
Building strong passwordless authentication from scratch can be very time-consuming. Integrating the necessary infrastructure into a typical password-centric identity code base increases code complexity exponentially. Taking into consideration that well-known user flows have to be changed and enhanced with new authentication options may also pose significant challenges for developers. They have to get it right - and make it as simple as possible for the end user.
In this talk, we highlight possible pitfalls and necessary considerations when implementing passwordless FIDO and WebAuthn protocols. You will recognize how a cloud-native approach can simplify the integration of passwordless authentication and smoothen the requirements for developers and product owners of any online service. You’ll also learn how to gradually migrate existing users to the new authentication methods in a frictionless manner.
Join us to explore three possible abstraction layers we’ve identified to take the complexity away when dealing with FIDO and passwordless multi-factor authentication. Ranging from utilizing a managed FIDO API and SDKs up to a fully-fledged passwordless-native identity provider that can be integrated with OpenID Connect. We also will share some secrets on useful extensions of the FIDO standards we’ve identified when building our passwordless user experiences.
Felix Magedanz, founder and CEO, Hanko.io
Zero Trust Use Cases: a pragmatic look from well-known use cases to lesser known ones. Focus will be on real world examples and situations proven in practice rather than on formal compliance. Further on we will have some critical thoughts on this topic.
Key Topics:
* What is Zero Trust?
* Some appliances for Zero Trust
- Well-known use case: Web shop
- Current use cases: Bring-your-own-device, Bring-your-own-account
- Further use cases: Micro-segmentation, cloudification
* Some critical thoughts on non-deterministic systems
There are various ways that client applications may need to log in when going beyond passwords. With a username and password, client development is easy -- just collect a couple of inputs from the user and match them on the server. When going beyond these though, how can client applications be deployed and maintained in a way that the server still dictates what the client should present and obtain from the user when authenticating them?
The transformation of the IAM landscape of a Multi Service Provider is taking shape.
Keeping up with the changes in our industry is no simple task. The rate of change for identity technologies, their applications, and their roles in the enterprise is simply too great. Since 2018, IDPro has conducted an industry survey to call attention to the skills that identity practitioners possess and employee to be successful. In 2019, the survey was expanded to explore enterprise priorities to highlight which areas of the identity industry were garning more attention and investment. And in 2021, IDPro expanded the survey again to include questions about diversity and inclusion. Join Ian Glazer, Founder and Vice-President of IDPro, as he explores the results of this year’s survey and the implications for you, your employer, and the industry as a whole.
Distributed Identity (DI) is less known to many and even less in connection with the pandemic. The concept that DI delivers is an excellent starting point for creating a digital vaccination record.
Why DI is generally a good idea and what a digital vaccination record based on it can look like, is shown in this lecture. If you want to explain to your family in practical terms what IAM, IGA and PAM do: get vaccinated and (hopefully soon) apply for a digital vaccination certificate!
Four simple steps to the perfect PAM.
Digital life is a replication of the physical world in a digital ecosystem. As a result, people and things have an equal digital representation, which we call a digital double. Your digital double is active and involved in various activities, even when you take a nap. Therefore, securing the digital double is critical.
Well-designed multi-factor authentication technologies, especially when paired with a mobile device or other token, mitigate security risks from single factor username/password authentication while still providing a positive user experience.
The age of conversational banking represents a transformation of how and when banks interact with their users.
The onslaught of account takeover attacks from insecure passwords is driving the rapid adoption of passwordless solutions. While the risk reduction benefits are substantial, eliminating passwords is just the first step on the path to fundamentally strong authentication. In the “new normal” era of work from anywhere, and rapidly increasing cloud adoption, organizations are moving to a new risk-based authentication model. Advanced organizations are validating users, their devices, and inspecting the security posture of the device for each login. Strong and continuous authentication is a fundamental building block of Zero Trust. Learn how you can make it happen without making the user experience miserable.
Discussion topics include:
Takeaways:
Identity management is critical for digital transformation and continues to evolve and gain importance as the business environment changes in today's hyperconnected world, where employees, business partners, devices, and things are all tightly interwoven. Deploying an identity security solution – regardless of your business size or industry is a fundamental requirement today to facilitate secure communications and reliable transactions.
This panel explores identity security strategies that enable your business to take full advantage of your solution’s capabilities.
Traditional IAM models have focused on users, policies, and roles, which met the needs of web applications in years past but as application development has evolved to APIs, an innovative approach to identity management is required. It is no longer just users, roles, and permissions. APIs must be integrated into the identity and access management framework to ensure adequate governance and security. |
- Why API security requires more than traffic policy management and course-grained enforcement. |
Balancing usability and security is a well-known challenge in the field of identity. With increasing threats to personal and critical business data posed by nation-states and other bad actors, organizations are moving to a default posture of Zero Trust with more and more technology vendors and service providers delivering solutions in the form of complex monitoring and policies designed to keep the bad guys out. Knowledge workers, including an increasing population of frontline workers, require and expect seamless collaboration and productivity without barriers that waste time and require technical expertise. And businesses of all sizes are looking for solutions that can be operated by managers and program owners who are not necessarily identity and security experts. At the same time, individuals are drowning in a sea of passwords and clamoring to maintain their privacy and preventing compromise in their personal lives. With more signals, potentially come more annoyances, and with more annoyances come to the proliferation of unsafe practices. As vendors and enterprises dedicated to secure and seamless identity, it is our responsibility to invest in a more secure future while remaining dedicated to solutions that guarantee higher security but are even easier and more delightful to use than today's conventional solutions. FIDO2 and the move towards passwordless solutions are getting more adoption, but still carry with them some experience challenges in onboarding and recovery. Innovations like distributed identity show promise in decentralizing ownership of personal data and putting control back in the hands of end-users but are in very early days. EIC represents the industry and our commitment to creating trustworthy frameworks that protect organizations and people. Join a panel of experts to share their thoughts on how we can continue on a pace of innovation in zero-trust while maintaining trust and usability for everyday people in a digital world. |
- innovation requires investment across security, privacy, and usability Paul Fisher, Senior Analyst, KuppingerCole
Robin Goldstein, Partner Group Program Manager, Microsoft
Alexander Koch, VP Sales DACH & CEE, Yubico
|
With the merger of AOL+Yahoo, the newly formed Enterprise Identity team had the challenges of planning to support the cloud-first future of the new company Oath (which would become Verizon Media), building a new Identity ecosystem with Zero-Trust methodologies, and supporting a security-minded culture.
Is your IGA strategy keeping up with modern threats? Novel attack methods are revealed daily, compliance requirements never stop evolving, and how and where we work has forever escaped the traditional office. As a result, organizations require more flexibility than ever to protect what matters most. You shouldn’t have to compromise functionality nor security levels because your IT resources and people operate on-premises, in the cloud or in a hybrid environment. The point is that you don’t need to.
Don’t miss this 20-minute keynote address by One Identity’s Rima Pawar, VP of Product Management, as she discusses the secret fears of many CISOs and other senior IT leadership and how an identity-centric security strategy can mitigate modern threats and help IT executives sleep at night. Topics will include best practices to extend security beyond the traditional perimeter; how to take an identity-centric approach to security; as well as hear how your peers are pursuing Zero Trust strategies.
"Act quickly; allow me to think less; protect me from risk." These incongruent objectives are being asked of IT departments and their staff. We are living through a great digital transformation that is rewriting our way of working and means of producing goods and services. Underlying and enabling this transformation is an increasingly complex, obscure, and challenging myriad of interwoven software systems spanning organizational and technological boundaries. IT complexity is no longer isolated to back-office nerds conversing in technobabble and pushing us aside to remedy our newb problems. All portions of the workforce are more exposed and dependent on technology to complete their day-to-day duties.
User recognition and authentication is becoming the central element of companies' digitalisation strategy. Not only are user registration and login the first experiences users make, Identity and Access management will ultimately determine which company recognises and serves the needs of its users best and will be successful in the market. What you can expect
|
Digital ID and Authentication Council of Canada (DIACC) research finds that three-quarters of Canadians feel that it’s important to have a secure, trusted, and privacy-enhancing digital ID to safely and securely make transactions online. As federal governments focus on post-pandemic recovery, investing in digital ID makes strong economic sense, especially for small and medium-sized businesses (SMEs). For SMEs, the impact of digital identity could be used to improve processes that are difficult today.
This is especially true in situations where businesses need to provide proof of identity to another business. Considering SMEs account for approximately 30 percent of Canada’s overall GDP ($450 billion), if we assume that the average SME could be just one percent more efficient with access to trusted digital identity, this results in a potential $4.5 billion of added value to SMEs and reinvestments in the Canadian economy. This presentation will provide a detailed overview of research performed over the course of 2 years to quantify public perception and demand for secure, interoperable, digital identity that works across the whole of the economy.
Join Vadim Lander, Symantec Identity Management Security Chief Architect and CTO, Broadcom as he discusses the new realities that are driving the evolution of Identity and Access Management (IAM) and how organizations use IAM as a key pillar in the architecture for Zero Trust. Vadim will also highlight the future of the Symantec’s IAM suite of solutions and how they will help our customers build their own Identity Fabric.
Everything is famously code today—cars are computers with wheels, appliances have Internet access, smart doors and houses are controlled from mobile phone apps. With all this code around, security is more of a challenge than ever. A central pillar of security is identity management: the technology that protects logins and controls access. This, too, is becoming code to work with all the other code. Libraries for developers are essential, including ID controls in mobile and Web applications for initial sign on, single sign-on, federated sign-on, biometric authentication systems, and controlling access to sensitive data. And code itself is becoming code: automation systems for producing code, deploying code, updating code, configuring resources and access controls. IAM code has to be wherever it’s needed, when it’s needed, and automated, just like any other code. The better we do this, the more secure we all are with our ubiquitous computers.
Blue is the world’s most popular color.
But this was not always the case. Originally, it was little used in art and clothing, and in turn, had little symbolic cultural value. In the course of a few key decades, however, blue overcame obstacles of sourcing and production, and its popularity exploded—rising to represent some of the highest values of society. Subsequently, a wave of innovation democratized the color, placing it in the hands of “normal people” and cementing its cultural legacy.
Identity finds itself on a similar path. After a period of relative obscurity, identity has begun its rise over the past decade—but the journey is just beginning. Like blue, it faces challenges to its ascendancy—both practical and ethical. We’ll extract lessons from the trajectory of the world’s most popular hue and seek to apply them to the arc of identity.
The color of the world is changing once more.
As we emerge from the first wave of digital transformation, most organizations have embraced multi-cloud and hybrid environments. Companies increasingly use digital technologies to transform the actual products and services they sell to their customers, while modern service and app architectures drive adoption of containers and micro-services. These trends pose new challenges and opportunities for security. The number of machine-to-machine interactions is growing, as is the need to establish trust in real time across many distributed systems. In this thought-provoking session, Joy Chik will explore trends that are making identity even more central to modern security.
As organizations are recovering from the pandemic, the need to adapt to rapid technology, organization and social changes makes many of them embark on a digital transformation at high speed. Investments to drive online business, powered by customer insights and an attractive user experience, yet secure and compliant to rules and regulations, have never been bigger.
Integrating Marketing and Customer Relationship Management (CRM) functions with Customer Identity & Access Management (CIAM), if done well, can help business owners achieve the ROI they are looking for.
Join Gerald Horst, who leads PwC's Digital Identity team in EMEA, as he explains how powerful Customer Identity & Access Management can be when you are transforming your organization to become successful in doing business online. Gerald will share relevant client experiences, demonstrate some key capabilities and give his view on future client demands in this context.
Key takeaways:
In recent years, we have seen quite a few transatlantic policy issues with regards to Cybersecurity and the way how personal information is being treated by private and public organizations. The main areas where we see these differences are data protection/privacy, standards & certification and last but not least private-public information sharing.
New technology is often seen as a total replacement for whatever came before. This is evident in the “Move to Cloud”! However, we are almost never in a greenfield position: we must interoperate with legacy systems and the demands of the business drive towards different and competing solutions for different problems. We will discuss the challenges of a hybrid deployment, addressing multi-cloud as well as on-premises components, and how a hybrid approach to identity is required to competently address these often conflicting requirements. We will use real-world examples of hybrid solutions to demonstrate the solutions.
The first era of SaaS is ending, and we are entering a new era of convergence. This new era will result in new kinds of enterprise platforms that converge discrete functionalities into new systems of delivery. Best of breed solutions will all but disappear. Point solutions will fade away. The identity industry will fundamentally shift. The traditional IAM vendors you know are going to face competition from Salesforce, ServiceNow, Workday and others. You, the customer, are going to be influenced more and more by these players and their new systems of delivery. In this session, I will explore what is driving this trend and how it may shape the future of the identity industry.
IT has changed fundamentally in the past years. Multi-cloud environments mixed with private clouds and on-premises infrastructures (multi-hybrid) are the new normal.
The high pace in transformation, modernization, and innovation required for success in the digital age requires these environments to work smooth and secure.
In his talk, Martin Kuppinger will discuss where and how IT, IT Security, and IAM need to evolve to make the digital business fly.
Martin Kuppinger and Matthias discuss the high-priority topic of how to achieve automation of management and security across the entire multi-hybrid, multi-cloud IT infrastructure based on well-defined policies.
When thinking about what SSI means for enterprises and providers of services to enterprises, it's easy to forget that SSI is about each of our sovereign selves. This means SSI should give us each a clear sense of independence, agency, and obvious freedom from the old centralized Identity Provider Relying Party model, and the federated one that followed from it. But we aren't there yet. What will it take to get us there—for our sovereign selves, and not just for hot new SSI businesses?
Cybersecurity is one of the areas where virtually every business will need to invest because of ever-growing cyber risks and ever-tightening regulations, and in the post-Covid era, the cybsersecurity market continues to evolve and grow, having gained even greater importance. Warwick Ashford joins Matthias to discuss the factors driving the trends in this market and what businesses should be considering when making cybersecurity investments.
Tune in to this episode to explore ways to navigate tradeoffs between privacy and accessibility in decentralized identity and learn about interesting user-centric approaches that can be applied to modern identity protocols.
P.S.: You do not want to miss out on our little surprise at the end of this episode 😉
Christopher Schütze provides the fundamentals for a pivotal topic in cybersecurity, namely how to create processes and systems for comprehensive and continuously improving vulnerability management. Together with Matthias, he provides an overview of elementary aspects that need to be considered.
The market segment of products and services that are designed to manage and secure APIs as essential resources in a multitude of different environments is constantly evolving. On the occasion of the publication of the latest edition of his Leadership Compass "API Management and Security", Alexei Balaganski explains the fundamentals and current developments of these products and services.
Raj Hegde sits down with Peter Busch, DLT Product Owner at Bosch, to discuss how decentralization is enabling a wide range of exciting use cases across industries. Tune in to this episode to explore the concept of machine economy, understand the needs of machines and dive deep into the intersection of decentralized identity and the Internet of Things.
Business Intelligence is the discipline of deriving business insights from raw enterprise data to inform decision making. Although this is a mature market, new trends are stirring up this market sector. Annie Bailey joins Matthias to explain what is changing and what 'Next-generation BI platforms' are.
Graham Williamson, Senior Analyst at KuppingerCole, is to deliver a presentation entitled Meeting Expectations – 5 pillars for IoT project success on Tuesday, September 14 starting at 7:20 pm. at EIC 2021.
To give you sneak preview of what to expect, we asked Graham some questions about his planned presentation.
Paul Fisher has researched the topic of Data Governance Platforms extensively, and he published a Market Compass on this topic at KuppingerCole Analysts just a few weeks ago. In the current episode of Analyst Chat, he explains this market segment to Matthias and provides insight into current developments.
The path toward a Zero Trust architecture to improve cybersecurity for modern enterprises in a hybrid IT landscape often seems overly complex and burdensome. Alexei Balaganski is this week's chat partner for Matthias and he draws attention to an often overlooked benefit of such an infrastructure. One key idea of Zero Trust is to actually reduce complexity and unnecessary effort and instead focus on what really needs to be protected.
In his talk, Martin Kuppinger will deconstruct the term Access Management and look at the various elements and concepts behind. Access Management is multi-facted and includes many concepts. On the other hand, many of the areas we should find being supported in Access Management are still missing in most implementations. So: What does it need for a modern, comprehensive Access Management? How will this look differently from now? Will we get rid of the burden of annoying authentication procedures or reviewing static entitlements we don’t understand? Which roles should policies play? Could we move forward to just-in-time entitlements? And will we finally get rid of passwords.
Martin Kuppinger will cover trends that are already visible, options you can take today, but also evolutions that are just visible at the horizon and innovations vendors should focus on today.
He will deliver you a high-level playbook for tactical and strategic steps for evolving what you have in Access Management towards a broader, future-proof solution.
How do you protect secret information from sabotage? You should consider two possible scenarios when answering this question: Sabotage can be caused from the outside as well as from the inside. In principle, a potential threat can also come from people within your own company.
An essential step is therefore to make sensitive documents and directories accessible only to employees who really need them for their work: Following the need-to-know principle.
In the case of facilities that are vital to life or defense, these employees must also be instructed in how to protect themselves against sabotage.
Consistent checks to ensure that protection instructions have been given are therefore part of the administrator's duties, which in turn requires additional time and organizational capacities.
In this practical presentation, you will learn how automated permission management can relieve IT administrators and at the same time reduce errors caused by manual processes while ensuring compliance with special requirements for the assignment of rights, e.g. through separate data protection instructions.
We're on track towards a world where everything that can be, will be tokenized. Tokenization plays a critical part in enabling more equitable value creation for people, organisations and things. Providing the means to issue and store value, trace provenance, and most importantly achieve consensus to instantly trust.
However, in order for this tokenized world to emerge we first need the infrastructure for people and their digital twins to participate in equitable and fair ways. This will include digital identity, verifiable credentials and payments.
This session will feature some of the use-cases, practical steps, insights and learning along the way.
This episode concludes the four-part series on hybrid IT. To wrap things up, Mike Small and Matthias focus on the latest developments in hybrid infrastructures, between containers, hyperconverged, edge and cloud in a box.
"Progress is the process by which the miraculous becomes mundane.” says Doc Searls, the next guest on our popular podcast series - Frontier Talk. In this episode, Raj Hegde sits down with one of the most prolific technology thinkers of our generation to understand the problems of the identity status quo and to determine the boundary conditions required to usher in a new era in identity - one that gives individuals independence and better ways to engage with businesses.
Part three of the four-part series on hybrid IT looks at approaches to appropriately manage and evolve hybrid architectures. Mike Small and Matthias put the focus not only on technical management, but also on appropriate governance in particular.
The knowledge and skills gap in the cybersecurity industry is a problem that has been identified and discussed for the past 20 years. However, with the rapid acceleration of technology development, the skills gap seems to worsen as time goes by and may soon become a systemic deficiency. In this presentation, I will talk about the first-ever, technical, vendor-neutral credential for cloud auditing. It fills a gap in the industry for vendor neutral, technical education for competent professionals to help their organizations reap the full benefits of cloud environments.
Even though the pandemic has been the main driver for digital workplace productivity as a strategic requirement, this topic will not go away after it is over. The Digital Business workforce needs to be “anywhere-enabled”. In order to support this Secure & Flexible Infrastructures for the Digitally Transformed Enterprise is necessary.
Developing a digital workplace strategy contains several layers:
In this KC live event, we will discuss the future workplace trends such as De-Materialization & Anywhere Computing, Workplace-Consumerization, KyE (Know Your Employee), How to balance Zero Trust requirements with easy access and more.
Our expert speakers will share insights on how a solid digital workforce strategy, incorporating technologies like automation, collaboration, and artificial intelligence, can help propel your business forward.
Modern cloud apps are built using CI/CD and run as containerized microservices. Do you have effective security and compliance controls in place? Legacy tools can't shift security left, validate configurations and compliance, or provide detection and response for production workloads.
This session will share:
Attendees will learn what steps to take to build collaboration in the software development lifecycle - and it goes far beyond tools. How to put in place a strategy that fosters continuous improvement of the security posture. A guide for how any organisation can get started, improve, and how to be able to adapt to changing technologies and security threats.
Mike Small and Matthias continue their four-part series on hybrid IT, looking at the increasing complexity: they look at multiple dimensions of the challenges that come with deploying and operating hybrid IT architectures.
This is the kickoff of a four-part series of podcast episodes around hybrid IT. Mike Small and Matthias explore the fundamentals of modern architectures between the cloud and the traditional data center.
Panel Discussion on Best Practices for Managing Digital Workflows on ServiceNow.
David Izon takes us through how Finning International utilized ServiceNow's capabilities.
The last 14 month with the pandemic have been extremely challenging for all kind of organisations, but especially for the IT departments. They had and will continue to make the impossible possible, enabling a remote workforce without any significant interruption and often with a reduced manpower. This talk will focus on how this was made possible with ServiceNow and how organisations can prepare and embrace the new normal with standard features of the ServiceNow platform.
Clear Skye shares how organizations benefit from digital workflows and identity on the Application as-a-Service delivery platform ServiceNow. Learn how organizations can use an identity workflow strategy to improve their business agility by making more informed decisions while reducing effort and total spend.
Christopher provides a deep-dive on the intersection of ITSM and ServiceNow
Expert Chat Interview Series with Martin Kuppinger
In episode seven of this podcast, John Tolbert and Matthias first looked at Fraud Reduction Intelligence Platforms more than a year ago. Much has happened in this market segment since then, and on the occasion of the release of the updated Leadership Compass, they look at the latest innovations.
Anne Bailey has just completed extensive research into the new market segment of AI Service Clouds. In this episode, she explains this innovative concept, which aims to overcome the lack of qualified personnel and bring artificial intelligence and machine learning to more companies.
Viele Unternehmen nutzen heute mehrere Cloud-Dienste, wobei ihre Enduser regelmäßig Dutzende oder sogar Hunderte verschiedener SaaS-Anwendungen verwenden. Diese große Cloud-Migration hat erfolgreich eine Ausweitung des mobilen Arbeitens ermöglicht und beschleunigt Initiativen zur digitalen Transformation. Eine steigende Anzahl an Cloud-Diensten bedeutet allerdings ebenso einen Anstieg an IT-Sicherheitsherausforderungen. Neben den grundlegenden Cloud-Sicherheitsaspekten entsteht eine zusätzliche Komplexität sowie Interoperabilitätsprobleme, die sich aus siloartigen Identity Stores, nativen Toolsets und einem Konflikt aufgrund der geteilten Verantwortlichkeiten der Cloud-Anbieter ergeben. All das schafft eine erweiterte Angriffsfläche und muss von Unternehmen adressiert werden.
Die Identity Challenge ist die wichtigste Sicherheitsherausforderung die es für Unternehmen zu lösen gilt und wird primär durch die Standardisierung des Managements und der Sicherheitskontrollen im gesamten IT-Ökosystem bewältigt. Nehmen Sie an dieser Sitzung teil und erfahren Sie mehr über:
Im „New Normal“ und mit dem Anstieg von Remote-Work hat sich Vieles geändert. Ganz oben auf der Liste: IT-Sicherheit. IT-Abteilungen haben die Herausforderung, den gestiegenen Sicherheitsanforderungen gerecht zu werden und trotzdem für ein gutes Nutzererlebnis – auch im Home-Office – zu sorgen. Die wachsende Bedrohungslage für Unternehmen hat dabei nachvollziehbar sehr oft mit Engpässen bei der IT zu tun. Hier einige Lösungsansätze:
Sie kennen das Sprichwort mit dem Tier, das durch das Dorf getrieben wird. Zero Trust könnte mal wieder dieses Tier sein.
Doch Zero Trust gehört nicht in diese Kategorie und ist ein absolut notwendiges Sicherheitskonzept in Zeiten, in denen Unternehmen mit extrem kostenintensiven Angriffen wie Ransomware konfrontiert werden. Daher beleuchten wir in diesem Vortrag ganz aktuelle Szenarien und was es braucht, um derer Herr zu werden.
Customer Identity and Access Management (CIAM), die Verwaltung und Kontrolle der Kunden-Identitäten, hilft Firmen, die Nutzung der Kundendaten sicher und datenschutzkonform zu gestalten, ohne den Blick auf ihr Business zu verlieren.
Erfahren Sie von Auth0 wie man einfach, schnell, und sicher eine Identity Plattform integrieren kann und sparen Sie wertvolle Zeit um Ihr Kern-Geschäft weiter zu entwickeln und zu innovieren.
IAM (Identity und Access Management) ist ein Kernelement jeder Strategie im Bereich der Cybersicherheit. Kontext- und risikobasierte Zugriffssteuerung und adaptive Authentifizierung sind Kernelemente jeder funktionierenden Sicherheitsstrategie. Gerade für Zero Trust mit seinem Grundsatz „Nicht vertrauen – überprüfen!“ ist ein gutes, modernes IAM essentiell, um eben diese Überprüfung durchführen und Zugriffe in Abhängigkeit vom Risiko steuern zu können.
Martin Kuppinger wird in seinem Vortrag auf die Bedeutung von Zero Trust-Strategien ebenso wie für SASE (Secure Access Service Edge) eingehen, aber auch für die Möglichkeiten, IT insgesamt zu modernisieren. Dabei wird er aufzeigen, wie ein modernes IAM die heutigen Anforderungen unterstützen kann und dabei hilft, eine IT zu schaffen, in der Zusammenarbeitsmodelle mit Partnern und Kunden ebenso wie neue Arbeitsformen für Mitarbeiter flexibel und sicher unterstützt werden und die bereit für alle Varianten von Deployment-Modellen ist.
Im Expertengespräch unterhalten sich Dominik Achleitner und Daniel Holzinger über Passwörter und Passwort-Gewohnheiten. Darüber hinaus werden aktuelle Fragestellungen thematisiert, wie beispielsweise die Passwortsicherheit gemessen werden kann und wie es mit der grundsätzlichen Zukunft von Passwörtern aussieht. Grundlage des Gesprächs ist ein starker Praxisbezug unter Einbindung der TeilnehmerInnen.
In einer Welt, in der Sie Kund/innen oder Mitarbeiter/innen nie persönlich treffen, ist es entscheidend realen Identitäten mit digitalen zu verankern. Nur so können Sie als Unternehmen sicher online Zugriff gewähren, Aktionen mit hohem Risiko verifizieren und ein Nutzererlebnis bieten, das ihre Kund/innen begeistert. In dieser Session wird Olli Krebs (VP Central EMEA bei Onfido) erläutern, wie Dokumenten- und biometrische Verifikation nahtlos Vertrauen über den gesamten Identitäts-Lebenszyklus ermöglichen kann.
Der Vortrag geht auf die mögliche Weiterentwicklung ein, die Sicherheitsorganisationen durchlaufen müssten, um mit der modernen Welt und den daraus resultierenden Anforderungen Schritt zu halten. Als Ausgangspunkt werden die IAM-Methoden genommen, aber auch wichtige Aspekte eines Sicherheitsprogramms durchgespielt. Die treibende Kraft für diese Veränderungen wird in der Digitalisierung gesehen. (Kürzung: Es werden kurze Einblicke in moderne Ansätze des IAM, des Risikomanagements, der Organisation von Sicherheit, der Sicherheitsarchitektur und weiterer Automatisierungen gegeben
Identity im Bereich Digitalen Arbeitsplatz am Beispiel von Microsoft 365.
Distributed Identity ist vielen eher weniger bekannt und noch weniger in Verbindung mit der Pandemie. Die Konzepte, welche DI liefert, sind aber ein hervorragender Ausgangspunkt einen digitalen Impfpass zu erstellen. Warum DI generell eine gute Idee ist und wie darauf basierend ein digitaler Impfpass aussehen kann, wird in diesem Vortrag dargestellt. Wer seiner Familie mal praktisch erklären möchte was IAM, IGA und PAM so machen: impfen lassen und (hoffentlich bald) einen digitalen Impfpass beantragen können!
Your DNS server knows what websites you use, what the name of your mail server is, and which corporate services you use while working from your home office. And there are even broader challenges when it comes to protecting sensitive personal data in that context. Alexei Balaganski and Matthias continue their conversation about a fundamental Internet resource, the Domain Name System, this time walking the fine line between technology and trust.
Some internet services are so deeply woven into the core infrastructure, that they are just taken for granted or even ignored in our daily digital life. One example is the Domain Name System. Alexei and Matthias discuss the basics of DNS, look at current cybersecurity threats targeted at it, and explain how they can be mitigated.
In today’s digital environment, the bar has been reset when it comes to remote working, e-commerce, e-learning, e-health and streaming services. The demand for simple and secure digital experiences for customers has never been higher. And while logging in is such a common process, it’s easy to take for granted. However, that entry point to your application or service is also when organisations become responsible for the user’s digital identity. Combined with the current, fast evolving landscape and the continuous innovation in, and use of technology to deliver products and services, there is an explosion in the number of sources from which users can gain that access. Overlaying all of that, is the constant evolution of the threat landscape and regulations that inevitably follow.
For leaders who are managing changes in revenue-generating business models, while still working to grow their position in the market, they must balance two goals: delivering security and customer experience.
Join Auth0 as we discuss, and provide some insights on how to utilise a strategic approach to digital identities, that has helped customers such as Siemens, GrandVision and The Economist to:
Maintain and improve the user experience
Provide an innovative - and differentiated - product or service, that can adapt and scale as the business grows
Achieve the above two points, while still ensuring security and trust for their customers’ digital identities
Inspired by this quote from Mark Carney, the former Governor of the Bank of Canada (2008-2013) and the Governor of the Bank of England (2013 -2020), we will take a look at how identity and trust are intimately connected, yet how fragile they are in the digital world. And, using two customer examples, we’ll show you how critical identity is to establishing trust and enabling seamless digital experiences in our daily lives.
Identity and access management is evolving. Originating in centralized enterprise systems, IAM must now reflect the complex realities of modern organizations and our post-pandemic society. It is driven by the need for a seamless user experience for all types of identities with all types of devices while maintaining security, compliance and governance. Matthias Reinwarth, Director of KuppingerCole's IAM Practice, exemplifies the path to a big picture for IAM that combines federated and decentralized IAM with traditional IAM and promotes trust through verifiable credentials and the concept of an autonomous, sovereign user.
Maintaining finer grained access by administering AD groups through dedicated and delegated application administrators is the reality in many organizations. Martin Kuppinger and Matthias discuss these types of indirect authorization management and why they are no good choice, even more when AD becomes legacy.
CIEM is one of the latest entries to the set of 3- and 4-letter acronyms in IAM technology. Martin Kuppinger and Matthias take a look at the functionality behind it and its role within an Identity Fabric.
Attend this session to learn how One Identity’s cloud-first solutions portfolio enables organizations to let business needs, not IT capabilities; drive how they implement their Identity Governance and Administration strategy. There is no single right way to do cloud-based Identity and Access Management services. Not only is every organization at a different place in their journey, and each will prioritize cloud benefits differently. So, no matter where you are on your cloud journey, modular and integrated solutions can strengthen your identity security, help you achieve governance and a Zero Trust model, and get compliant. Join this session, led by One Identity Field Strategist Rob Byrne. He’s worked with clients from many different industries with a wide array of Identity Security challenges and helped them successfully implement a secure and efficient IGA program.
In this episode, Raj Hegde sits down with Dr. Carsten Stöcker, Founder & CEO of Spherity to understand how #decentralized identity is transforming the end-to-end supply chain lifecycle.
Tune in to this episode to explore the increasingly important role of provenance in helping build a better world and learn about the intersection of exciting concepts such as non-fungible tokens (NFTs) and decentralized identifiers (DIDs).
Martin Kuppinger joins Matthias for a first hybrid audio plus video episode of the Analyst Chat. They talk about horizontal (capabilities like AM, IGA, and PAM) and vertical siloes (identities like things, robots, customers, partners, or employees). And they lay out a proper approach to strategically get rid of these siloes in the long run.
Building on the first three podcast episodes of this series with Annie and Shikha, Paul Fisher and Matthias turn their attention to the Privileged Access Management aspect in the context of WfH and its Cybersecurity Threat Landscape. They look at the role PAM plays in the particular WfH use cases for administrators, as well as for business users. And they look at the potential changes that this will bring for the further development of PAM in the future.
Often missed as a niche part of IT, “admin” access is the holy grail for the bad-guys attacking your business. Thus, its crucial to understand why a strategic approach to PAM and Credential management will improve your corporate security posture.
This talk will look at:
In this keynote address, Senior KuppingerCole Analyst Paul Fisher will explain how PAM will further develop to become a central component of modern IT infrastructures and enable frictionless but secure access to data and services. Included in this talk:
Privileged Access Management (PAM) continues to be a top priority for many organisations throughout the world. It is one of the most important solutions to help organisations reduce the risk from cyberattacks that target their privileged accounts and help move passwords into the background reducing cyber fatigue. A compromised privileged account enables an attacker to move around the network undetected, download malicious payloads, stage compromised servers and cause significant financial losses to their victims.
Almost all users are now privileged users. With 80% of breaches involving the compromise of IT and business user credentials you must create a plan to reduce the risks posed by “overprivileged access” users, applications, and services. When users are over-privileged it only takes attackers a few easy steps to become a full domain administrator. We must make it more difficult that force attackers to take more risks increasing the chance of detecting them early before serious damage is done.
One question for all organizations is how to get started. Where is the best place to begin for managing and protecting privileged access? It’s vital that you have have a solid strategy. Whether you’re starting a new PAM project or strengthening an existing Privileged Access Solution, Joseph Carson, Thycotic’s Chief Security Scientist and Advisory CISO will guide you step-by-step through planning your journey to privileged access security and introduce you to the PAM checklist that will help guide you to both maturity and success.
The Internet of Things is everywhere around us. Almost every device we use is connected to the internet. But are they really smart or intelligent? An most important – what are we and will we be doing about their security?
Join Thom from SentinelOne and Alexei as they discuss what AI and IoT really are to learn how many IoT devices Alexei has at home and how long we have to wait until "The Terminator" will be al real thing.
Shikha Porwal and Matthias Reinwarth have a coffee conversation over the security risks of working remotely. They talk through the vulnerabilities of a home network, and touch base with the pandemic related end point security threats, employee behavior and finally, Zero trust.
Annie and Matthias continue their conversation on the COVID-related trends in 2021. They conversate about different technology and internet usage trends, and also mention some potential topics that will become more prominent in the future as a learning from these trends.
With 77 percent of the world’s transaction revenue touching SAP ERP systems, these crown jewels have long been the prime target for cybercrime and internal threats due to Separation of Duties (SOD) risks, weak access controls and lack of identity management and governance. Today, a holistic approach to security in SAP—and other business systems—is not a nice-to-have but a must-have. This session will give attendees a deep understanding of the current threat landscape and a 3600 perspective on what is needed for not only integrated security but also audit and compliance in the complex SAP environment.
In order to effectively protect organizations, the constantly changing threat landscape needs to be understood. Threats could initiate from inside or outside of the organization, targeting the infrastructure, applications or users to obtain business critical data. Our panel discussion will focus on the most recent SAP threats, what’s different with the move to S/4, and valuable lessons learned on the importance of an integrated approach. We will talk with Dr. Rene Driessel – SAP Security Lead DACH at Accenture and Frederik Weidemann – Chief Technical Evangelist at Onapsis, to dive deep into today’s SAP security landscape.
Companies are under attack. More and more attacks result in costly and/or high-profile security breaches.
The world is currently experiencing a wave of digital transformation, that brings with it not only new levels of complexities such as these, but also offers opportunities for organizations to strengthen their cyber resiliency. Accenture, together with strategic partner Onapsis, have developed an integrated approach to deliver security by design to our clients, at any phase of their digital SAP transformation journeys. This Accenture methodology has embedded security concepts as an integral part of the overarching solution – therefore enabling clients to better understand their respective security implications and opportunities in order to effectively “transform”.
In this keynote, Accenture leader Britta Simms, responsible for SAP Platform Security in Europe, will present this joint approach to achieving integrated security by design, as part of the S/4 transformation lifecycle.
Cyber-attacks can have severe consequences when it comes to SAP S/4HANA applications.
These attacks increasingly focus on the company’s application layer and use privileged user accounts. Unfortunately, many security departments see the SAP application layer as a “black box,” and they view the security of SAP applications as the responsibility of their Basis or SAP application colleagues, leaving these applications at risk. Securing an SAP S/4HANA business application environment involves more than roles and authorizations.
The loss of sensitive data can lead to severe penalties, damages reputation, and endanger the overall business of businesses within minutes.
This session helps SAP decision makers (CIOs, CFOs, and CISOs) and IT operations managers successfully meet these challenges and secure their SAP landscapes.
Defining strategies on governance, risk management, compliance, security, and identity beyond the SAP silo
Business applications are under change. While some remain on-premises and in traditional architectures, others have shifted to the cloud – and several of these being provided by specialist vendors such as Workday or Salesforce. The established vendors such as SAP also are changing their platforms, applications, and delivery models, while also acquiring SaaS vendors such as SuccessFactors and Ariba. The days of homogeneous, vendor-focused, one-stop-shopping business applications are past. Most organizations are dealing with a heterogeneous landscape of business applications, regarding both vendors and deployment models. While this raises the more fundamental questions whether IT organizations that still have a SAP unit are still reflecting today’s reality, or should undergo fundamental change, there is an ever more pressing need for delivering governance, risk management, compliance, security, and identity for all types of business applications and beyond to other parts of the IT services such as ESM/ITSM (Enterprise/IT Service Management) and newly born digital services.
Martin Kuppinger will look at this evolution and discuss what to change and how to balance depth of capabilities for certain environments with the need for a broad support of heterogeneous (business) applications
While the world tries to cope up with the on-going pandemic, cybercriminals have got their hands on a gold mine. Annie and Matthias sit down again to chat about the overall picture of cyberattacks, including COVID-related lures.
Raj Hegde sits down with Dr. Harry Behrens, Head of Blockchain Factory at Daimler Mobility, to discuss how decentralization is transforming the fragmented mobility industry. Tune in to this exciting episode for a deep dive on decentralized identity, explore the rise of the platform economy and access the playbook required to kick start decentralization initiatives at your organization.
Annie Bailey and Matthias continue their conversation around privacy, targeted marketing and the end of the era of the 3rd party cookie, that they started two weeks ago. They discuss the characteristics and the pros and cons of upcoming approaches, while this technology area is still continuing to evolve.
Frontier Talk goes beyond technical jargon to stimulate conversations that matter. In this series, we take you inside the minds of influential leaders, innovators, and practitioners from eclectic areas (enterprise, startups, academia, venture capital, etc.) to extract their experience working with emerging technologies such as Blockchain and AI.
Join Raj Hegde on this journey to redefine the ‘I’ in Identity!
Dr. Phillip Messerschmidt is an experienced practitioner with extensive background knowledge in all things IAM. He helps us to take a step back and look at IAM in daily life. Drawing on simple, understandable definitions, he provides practical recommendations for successful and efficient identity and access management.
The traditional paradigm of investing in protection of known threats alone has been declining over recent years, as attackers become more adaptable and capable. Combine this with increased threats and attacker ingenuity it is small wonder that a CISO’s role has become more complex. This leads to the inevitability of a security incident where the complex environments and inventive attacks collide.
This presentation looks at three fundamentals:
Why traditional protective approaches are no longer effective enough.
How complexity has made the CISO’s ability to respond more difficult.
The importance of automation in the response process to address this paradigm shift CISOs now face
Tracking of users via 3rd party cookies has been a constant issue regarding compliance and user privacy. This is about to change, as 3rd party cookies are being more and more blocked in browsers like Firefox and Safari. And Google has announced the same step for Chrome in upcoming versions. What does this mean for the ad business, what are new approaches for addressing targeted marketing in a potentially more privacy preserving manner? Annie Bailey joins Matthias to discuss recent developments in this field.
How can PAM technologies fit into a Zero Trust architecture and model? How could a PAM technology help us sleep better at night, as many are anxious about falling victim to an attack similar to the Solar Winds attack? Is there a future in deploying PAM in DevOps environments? And how can PAM technologies help to address regulatory compliance? Join Paul and Jim as they talk about different current topics around PAM - Privileged Access Management.
Recent forensic evidence shows that IAM solutions and infrastructure are a strategic attack vector. In today’s complex and highly distributed enterprise security supply chain, are you adequately protecting the identity and access administration capabilities at the center of your security architecture?
In this session, former CTO and CISO Darran Rolls will provide a unique perspective on the critical steps required to secure your Identity Governance and Administration infrastructure. Whether you employ on-prem or SaaS technology to meet your provisioning and governance needs, this session will highlight the obligations and best practices for securing your processes and your infrastructure. IGA holds the keys to your kingdom – do you know who has access to it?
We will give you a sneak peek on Telia Company’s current journey towards IGA system modernization. After the presentation you will have a good overview and some insight in what is cooking right now and where we are going with focus on Cloud strategy VS National Security which is the next challenge after our Phase 1 Go-live this year.
IGA (Identity Governance & Administration) is an established area within IAM. Since the early days of Identity Provisioning some 20 years ago, more and more vendors have entered that market, and technologies have matured. However, 20 years of maturity are a lot for IT, also indicating that some concepts may benefit from modernization.
In his talk, Martin Kuppinger will look at four areas:
As organizations go through digital transformation, they increasingly turn to using cloud services. One aspect of the digital transformation plan that is often forgotten is ensuring business continuity. Mike Small joins Matthias to explain why business continuity is essential for cloud services, especially in light of current events.
Logging in is such a common process, it’s easy to take for granted. However, that entry point to your application or service is also when organizations become responsible for the user’s digital identity. And with the increase in innovation, and use of technology to deliver products and services, there is an explosion in the number of sources from which users can gain access. Overlaying all of that is the constant evolution of the threat landscape and regulations that inevitably follow.
Tech leaders who want to grow their position in the market must balance two goals: delivering security and customer experience.
Join Auth0 as we discuss, and provide some insights on how to utilize a strategic approach to digital identities, that has helped customers such as Siemens, HolidayCheck, and EnBW to:
An organization’s Identity and access management have always been a busy scene, even if the economy is growing or shrinking. IAM operations- the lifecycle management and maintenance of Identities is a resource intensive and costly process. By leveraging the right automation technology, CISOs can bring down the risk involved in IAM operations; Robotic Process Automation (RPA) being one among them.
In the early years of this millennia Finland was already at the forefront in utilizing strong authentication for online services. Banks had been issuing two-factor authenticators to their customers already in the '90s. These means of strong authentication were quickly adopted by public and private sector services that required more than passwords. Mobile network operators began to offer PKI based SIM authentication. These two solutions and their somewhat legacy protocols conquered the strong authentication market and were the de-facto methods subscribing to or accessing services. Advances in technology, eIDAS, PSD2, and user expectations required a complete overhaul of the strong authentication landscape for the whole country. What happened and why? What were the lessons learned?
In a world where you never meet our customers or employees face to face, it’s critical to anchor their real identity to their digital one.
It’s only by doing this that you can securely provision access, verify high-risk actions, and deliver on an experience that keeps them engaged. In this session, Olli Krebs (VP Central EMEA at Onfido) will examine how document and biometric verification can seamlessly enable trust throughout the identity lifecycle.
We all know that communication is the most critical success factor of any human undertakings, and IAM initiatives are no exception. However, whether you are:
…the one critical thing we are all missing is a consistent and accurate vocabulary. Throughout decades of academic work, many authors proposed definitions for IAM terms and concepts. Yet, as a discipline, as an industry, as a career specialization, and as a research field, we failed to consolidate this and build a reference IAM dictionary, allowing us to communicate with precision and clarity.
In this session, I will present you with the TOME community project. Its goal is to become that reference dictionary. It is built as an open wiki to allow all experts to contribute. It is free of charge and licensed under Creative Commons to facilitate its widespread adoption. It is rooted in science with pervasive references from the literature to stand on the shoulders of giants.
Organizations are in a constant race when it comes to cybersecurity. Identity and Access Management has a more relevant role than ever in this ruthless fight against cyber enemies that may cause fatal operational, monetary and reputational damage to organizations. IAM teams must offer a set of security solutions and processes to safeguard and protect the business, and nowadays the teams are expected to deploy those faster and more efficiently than ever. The presentation will go through how to implement an efficient, centralized IAM approach that makes no compromises and shows no mercy for any attempt to unauthorized access outside the IAM solution. It will also be explained how the approach can be implemented in an agile manner during an on-going IAM project.
Many organizations are undergoing new modes of operation, which is enabling them to develop a "digital instinct" for their customer's needs. A correctly designed consumer identity management platform allows those organizations to excel, in an agile, secure, and business-enabling way. What does success look like in the CIAM world and how do identity fabrics enable it?
Cloud is here to fundamentally change the way Identity and Access Management services are delivered. It is an imperative but also an opportunity to re-visit and challenge a few tried and tested approaches to delivering core IAM capabilities. It also provides an important pause to design the IAM capability of the future. The speaker will share his experiences in deploying a native cloud-based IAM solution at scale, the challenges, pitfalls, and the watch-outs.
Leveraging what you have and extending it by new services and architectures to support today’s and tomorrow’s business demand on IAM.
IAM (Identity and Access Management) is no longer just an administrative tool or a solution supporting your regulatory compliance requirements. It is a business enabler, as well as an IT enabler. It is a central element of every cybersecurity strategy. It enables managing and access control for everyone from employees to consumers and everything from things to software robots. It is a foundation for your success in digital transformation. It also enables IT transformation, by managing access to all the clouds and services you have to deal with.
But: How to get to a modern IAM form where you may be today? What to preserve, what to extend, what to add, what to retire? And how to do such a migration in a way that you can serve the business demand rapidly, while gaining the time you need for more complex migrations – and while preserving investments in times of tight budgets?
Martin Kuppinger, Principal Analyst at KuppingerCole, will discuss these aspects and explain how the paradigm of an Identity Fabric can help you in successfully modernizing your IAM, at your own pace. He also will shed a light on the state of the market and the maturity of offerings serving the Identity Fabrics model.
Alexei Balaganski covers a broad range of security-related topics: from database, application and API security to information protection, cryptography and AI-based security automation. He joins Matthias to give a first insight into a fascinating new approach towards access encrypted data "in use", while maintaining privacy and security of data and processing. He explains the concepts behind homomorphic encryption, the current status, the technology required and he talks about first pioneering use cases.
Martin Kuppinger is one of the founders and the principal analyst of KuppingerCole and he is steering the overall development of the topics covered in KC's research, events and advisory. He joins Matthias to talk about the importance of extending Zero Trust to cover software security, for software in any form (embedded, COTS, as-a-service) and regardless of whether it’s home-grown or externally procured.
Join us to understand how Zero Trust transforms your security strategy and makes you more resilient to a range of attacks. We will share a roadmap for leaders, architects, and practitioners, as well as talk about some quick wins and incremental progress on this journey.
Privileged user accounts are significant targets for attacks as they have elevated permission, access to confidential data and the ability to change settings. And if compromised, the amount of damage to an organization can be disastrous. No wonder that this is on the mind of our chief information security officers. Join our CEO Berthold and Rob Edmondson, Technology Strategist at Thycotic in this conversation!
Many enterprises are nowadays dealing with the modernization of their Identity & Access Management. Modernizing Identity Governance and Administration (IGA) and well as Access Management at the same time can become too complex.
In this video blog post, Martin gives practical advice on how enterprises can get their priorities straight.
The press, security vendors, politicians and analysts alike currently often focus only on the recent SolarWinds security incident and its exceptional features and effects While this is in fact an extremely important topic to learn from and to clean up, the shadow of this hype causes that at the same time it is often neglected that even very basic cybersecurity aspects are poorly addressed in many organizations. Alexei and Matthias look beyond the hype and discuss the need for new initiatives to achieve an actual adoption of proper measures to improve basic cybersecurity hygiene in essentially all organizations.
The Security Operations Center-as-a-Service (SOCaaS) market has emerged and continues to develop in response to demand for security monitoring, analysis, detection, response, and improvement recommendations either instead of or as a supplement to permanent on-premises SOCs. KuppingerCole Analyst Warwick Ashford joins Matthias for this week's episode and shares some insights into this evolving market segment he gained during his recent research.
There are several external drivers that are putting pressure on the way we manage identity, made especially clear over the last year: digitalization, privacy, user-centricity, and reuse.
Rather than resist the change, let us consider what would happen to identity if we translated these pressures into requirements. Which capabilities are accelerated from the sidelines to being star players? What approaches best fit these future requirements? And how does decentralized identity come into play?
In this talk, Anne Bailey will pull from the insights of the upcoming Market Compass Providers of Verified Identity and consider where identity is going in 2021 and beyond.
More than a month into the post-SolarWinds-incident era Alexei joins Matthias to discuss further lessons learned and strategic approaches towards improving security in organizations depending on diverse cyber supply chains and their imminent threats. But they go beyond and look at the necessary changes between management awareness and software development security.
Although not really brand new, there are still a lot of interesting developments around DevOps when it comes to cybersecurity and more. Paul Fisher shares some trends and insights with Matthias and tells us what to expect in this rapidly evolving segment.
The SolarWinds incident made the news in December 2020 and continues to impact many organizations. John Tolbert joins Matthias to give a short introduction of what decision makers need to know at this stage and which measures to look at first.