KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
Every year the number of cyber attacks is increasing. The types of targets include just about everyone, ranging from Fortune 500 companies, small and medium-sized businesses, critical infrastructure, and government agencies.
Cyber-attacks are becoming more sophisticated as well as growing in frequency. Up to a million new malware variants are created every day. Each new threat group can be significantly different from previous ones and can be used in damaging attacks around the world.
The Cybersecurity Innovation Night will focus on cutting-edge approaches and advanced solutions in the various areas of cybersecurity by utilizing Machine Learning (ML) and Deep Learning (DL) technologies. ML and DL have had many successful applications in image recognition and language processing, and now these techniques are the fastest growing trends in cybersecurity. These tools are gaining more traction in cybersecurity because they facilitate more efficient analysis and allow faster, automated responses to various threats.
The slam-style talks will present various approaches of combating cyber attacks and cybercrime using ML and DL techniques. Slammers will entertain and at the same time, try to convince the crowd that the world will be a safer place with their contribution.
This session explores what UBA is and the value it brings to enterprise security in context of other common controls and tools. Chris will give some history of how user activity monitoring has changed, and its challenges, and the state today. Finally, we will discuss how this is changing and what to look out for as organisations are consuming more cloud-based services.
The digital development spurts have captured all areas of life. Industry 4.0 is on everyone's lips. The digitization of all areas of work and life requires integrated and robust strategies and processes at all levels.
Consequently, this poses many questions: How well prepared are economies and politics as well as the society as a whole with regard to cyber safety aspects? How do people react to change processes? Basically, what is the significance of the human factor in the overall context of digital safety and cybersecurity? Of course, there have been prior leaps in developments within the industry. This time, however, there has been a significant change not only in technology, but also within the fundamental business model of companies
There is a tremendous amount of business value that you can get from “the cloud”. But, there are a lot of challenges in adopting these services securely. The real question is how we can approach “the cloud” from a security perspective in order to really get that full benefit of the offerings.
Modern software development for cloud-native world requires continuous application security to go along with continuous integration, continuous delivery, and continuous deployment. Sadly, even well-established application security programmes often can’t operate at the speed and scale required. We will look into the ways of rethinking legacy security infrastructure and processes and how to adapt in the complex world of digital business and advanced attacks.
In this discussion the panellists will speak about the types of attacks which enterprises should expect in coming years. The ways of DevOps integration into an enterprise security program will also be discussed together with best practice highlights.
The aim of this presentation is to map the comprehensive human factor and cybercrime landscape categories (Motivations, the category of the perpetrator, category of the targets and victims, opportunistic and targeted attacks, the jurisdiction of the target, technology versus social engineering). Mapping these two pillars provides indicators that can be integrated in AI cybercrime predictive analysis, construct a model of the man-cognitive system and a cyber leadership network based on the deduction of cyber policy challenges.
Advanced analytical technologies will help organizations in their fight against cyber-attacks. These technologies assist in detecting potential attacks at an earlier stage, as well as enabling the identification of complex attack patterns that span various systems. In this panel we will discuss the role of AI in the future of cybersecurity, possibilities of using it as a weapon by adversaries and the possibility of developing preventing techniques using Machine Learning and Deep Learning.
To handle the digital identities of customers efficiently is key to deliver valuable digital services. This entails a change of the core infrastructure, leading to a critical operation for many stakeholders and raising challenges in different domains. These challenges not only affect technical architecture and implementation, but also processes, communication and even organizational structures.
In this talk, we will give an overview of how Steinbergapproached those challenges. This includes topics like: - How to handle the huge complexity of such a project, technically and organizationally? - What is the impact and what are possible pitfalls of choosing a DevSecOps approach for such a project? - How to keep cost and development speed in balance? - How to handle shared responsibilities?
We will go into detail about the lessons learned: what went well, what went wrong, and what we would do differently, if we could start over again.
In the past years, a CISO would mainly be chosen among the IT staff who expressed his interest for information security or by arbitrarily promoting someone from the inside to please the auditors with filling a headcount gap. Tasks and skills were mainly technical, focusing on patching, administering firewalls and installing antiviruses. With the years though, companies have made their IT systems the backbone of their businesses. Similarly, criminality has shifted to exploit online systems. Combination of both realities now requires that CISOs possess and demonstrate core competencies that allow them transforming the essence of their job from infrastructure protector to business enabler. In this keynote, we will explore how and why CISOs should now focus on value creation instead of value protection, getting from a defensive to a proactive approach.
Zero Trust Security assumes that nothing in a companies ITinfrastructure like including users, endpoint devices, networks, and resources, is ever trusted. All interactions must be verified to decrease the chance of a security breach. Zero Trust Security ensures secure access to resources while significantly reducing the possibility of access by bad actors. In this paneldiscussion we will discuss the considerations companies should make before implementing Zero Trust Security and Zero Trust Security by Design.
For many years now, the management of incidents has been a challenging, dynamic and somewhat accidental in response. Today, whatever the threat we face, there is zero margin for errors if affected and excuses are certainly a thing of the past. Planning for the worst-case scenario is now commonplace, yet is it tested? and who is involved? Developing the right strategy for your organisation and its operations is key to continued success and minimising the impact of any incident. This presentation intends to encourage the consideration of different approaches, thinking, and conversations upon your return to your organisation.
IAM products are highly configurable systems tailored to the diverse needs of customer environments and applications. Modern applications require short development cycles and IAM systems that can be adjusted at the same pace. Modern data centers are configuration-driven, resilient environments designed to meet rapidly changing application needs, and modern IAM solutions must be in line with this paradigm.
Introducing traditional IAM products into cloud containers is not a simple "lift and shift" operation, as it once was with the virtual machine infrastructure. Today's micro-service-enabled, service-mesh-oriented infrastructure expects simple, resilient, self-discovery services instead of brittle monoliths that rely on manual configuration.
Operating IAM products with a DevOps setting in terms of automation, repeatability, and continuous improvement is possible through close collaboration between IAM, application, and infrastructure experts.
The Internet of Things has already become an integral part of our daily lives, whether we like it or not. In the office, at home, and even in the street, we are surrounded by a multitude of smart devices ranging from smart TVs and fridges to network routers, voice assistants and parking meters. No matter how different their functionality is, however, all these “things” share two major common traits: they are all connected to the public Internet and they lack the most basic security controls.
For decades, security was never a priority for embedded device manufacturers. Modern companies selling smart consumer devices still lack both expertise and budgets for making their products Secure by Design. Lack of regulation in this area doesn’t help either. As a result, vulnerabilities in consumer IoT products have already led to a number of security breaches on a massive scale: ranging from DDoS attack using huge botnets of hijacked cameras and routers to targeted attacks on corporate data using fish tank pumps.
As the number of consumer-grade IoT devices used by enterprises continues to grow, we can only brace for even larger attacks in the future. Or, instead of waiting for vendors or governments to do their job, we could start acting on our own. In this session, we are going to discuss the enterprise IT risks caused by consumer IoT devices and look into potential ways to incorporate them into existing enterprise security and identity infrastructures.
We got security wrong. Enterprise security is failing with two-thirds of organizations experiencing an average of five or more security breaches in the past two years, according to Forrester. Adding to the fervor is the impact of Cloud, Mobile, DevSecOps, Access. The entire experience of developing, deploying and protecting applications has forever changed. In today’s network perimeter-free world, organizations must adopt a Zero Trust Security model – and shift from ‘trust but verify; to assume users inside a network are no more trustworthy than those outside. And with the digital economy in full swing, the adoption of continuous integration and deployment brings with it new challenges, including greater attack surfaces as well as increased, complex compliance.
In this session, Dr. Torsten George, cybersecurity evangelist, will explain how the velocity of DevSecOps, security breaches, access to applications is creating the mandate for Zero Trust, and in doing so ushering in a new era of experiences – everything from how we securely develop and deploy apps, to how we authorize access for consumers and privileged users. Dr. George will outline how to enforce risk-based policy in real time, at the point of access. He’ll also provide tips on how to speed up analysis and greatly minimize the effort required to assess risk across today’s hybrid IT environments through the use of machine learning.
Internet content providers rely on fast, modern webapps and feature-rich web frameworks to drive customers to their sites. In a landscape of accelerating change and continuous code deployment, my keynote will discuss how a company’s cybersecurity program must evolve to remain effective in such fast-paced environments.
An increasing number of attacks, both external cyber-attacks and internal attacks, are well-thought-out and long-running. Particularly external, targeted attacks rely on the use of zero-day-exploits, which factually are yet unknown exploits. Thus, standard approaches such as signature-based analysis don’t help – you can’t detect what you don’t know. On the other hand, malicious behavior of internal users is hard to detect. Commonly, existing entitlements are used, but not as they should be used. Both challenges can be addressed by analyzing the user behavior and identifying anomalies and outliers. There are various technologies for doing so, focusing on network traffic, privileged user behavior, or access to unstructured data. All of these deliver to the one target: Mitigating risk of attacks.
In today’s cloud-connected world, the way we work has changed. But security has not. When over half of the PCs in most organisations are mobile, you need to protect your workforce wherever they access the internet – not just when they are in the office. You need to identify attacks as they are staged on the internet, so you can block them before they launch.
Join us as Dr. Michael von der Horst, Senior Director for Cybersecurity Germany at Cisco, takes us through what we see out there “in the wild”. He will present effective defence and remediation strategies based on an integrated security architecture. Learn how you can gain the intelligence to uncover current and emerging threats, the visibility of activity across all devices and ports, anywhere, and stop phishing, malware, and ransomware earlier.
"Zero Trust" is the latest security buzzword from the vendors marketing department; but what it actually means for you means should vary depending on your business requirements.
Properly aligning security architecture to enable the business strategy of the organisation is the key to deliver a Zero Trust architecture. But the solution could be anything from implementing identity-aware firewalls to the extremes of "BeyondCorp"; Google's firewall-less global network when the security posture is identical whether you are in Starbucks or on the Google campus.
Businesses are more data-driven than ever, but inaccurate and manipulated information threatens to compromise the insights that companies rely on to plan, operate, and grow. Unverified digital resource is a new type of vulnerability - one that is
chronically overlooked by digital enterprises. With autonomous, data-driven decision making, the potential harm from unverified digital resources become an enterprise-level existential threat. And then, there's a wider cybersecurity aspect and how to address the following:
- Data provenance verification - the history of data from its origin throughout its lifecycle (cradle to grave)
- Data Integrity verification - continually maintain good health and predictable state of data
- Data context usage - keep an eye on behaviour and context around data's use
User Behavior Analytics (UBA) or UEBA (User & Entity Behavior Analytics) is an important capability of a variety of products: Specialized solutions for UBA; IAM tools with built-in UBA capabilities; and various cyber-security products that also come with built-in UBA capabilities.
The question to start with is: What is UBA really and how does it differ from e.g. Threat Analytics, SIEM, Access Governance, and other capabilities? Where is the benefit of UBA? Is it a nice-to-have or must-have in these days of ever-increasing cyber-threats? And if we go for UBA: How do we do it right? As a separate tool or built-in capability? As an IAM capability, where identities and user accounts are managed, or as a SOC (Security Operations Center) capability? And what about privacy?
This session will look at the state of UBA and how to do it right to leverage the potential of UBA for increasing your cyber-attack resilience in your Enterprise Security initiative.
The promise of every security solution is to detect the next attack, but verifying that claim is almost impossible. Attacks are extremely rare and tend to change: the ability to catch attacks that happened in the past say little about the ability to find things that will happen in the future and those breached are unlikely to share information and data about how that happened. In this presentation I will show the different approaches and metrics we found to measure the efficiency of the unsupervised machine learning algorithms commonly used in UBA products.
Die Identitätslandschaft ist voll von IAM-Systemen, Identifikations- und Authentifizierungsanbietern, verschiedenen Technologiestandards und wird durch nationale sowie branchenspezifische Normen geregelt.
Die Lösung für dieses Problem ist die Interoperabilität der Lösungen indem der Markt vereint wird und die Integration bestehender Identitätsanbieter vereinfacht wird. Obwohl Blockchain neue ID-Lösungen liefern kann, löst sie nicht die Kernproblematik des Identitätsmarktes. Revolution wird durch die Evolution des bestehenden Marktes erreicht, nicht durch einen Big Bang.
Viele der neuen DID und Self-Sovereign Identitäts-Konzepten verlangen weitreichende neue Strukturen und Verfahren. Ihr Schwerpunkt ist der Austausch maschinell lesbarer Identitäts-Unterlagen zwischen Behörden und vertrauenden Geschäftspartnern. Anstatt Zwischenhändler abzuschaffen, so wie von den Blockchain Propheten versprochen, werden neue Führungsnetzwerke aufgebaut um technische Neuigkeiten traditionell zu verwalten.
Um den Dschungel von Authentifizierungsverfahren und digitalen Identitäten zu bändigen, werden oftmals Single Sign-on (SSO) Strukturen geschaffen. Dadurch wird es Nutzern ermöglicht viele Logins mit nur einer digitalen Identität zu verwalten und Authentifizierungsverfahren je nach Bedarf einer Applikation anzupassen. SSO-Applikationen haben jedoch einen entscheidenden Nachteil: Sie setzen ein Vertrauen in nur eine Instanz, z. B. den Entwickler der Applikationen, oder mehrere Instanzen voraus. Was wäre, wenn wir für jeden Onlinedienst oder berufliche Anwendungen nur einen einzigen Account bräuchten, der zudem noch ohne zentrale kontrollierende Instanz auskommt und ein hohes Maß an Sicherheit bietet? Blockchains erlauben mit inhärenter Sicherheit und Kryptographie die Entwicklung völlig neuartiger Identitätsstandards, die durch andere Lösungen wohl nur schwer zu realisieren sind. In diesem Vortag werden die Vorzüge der Blockchain Technologie dargestellt.
Wenn es um die Integration von Mobile Apps in die Single Sign-On-Umgebung geht, dann entstehen oft Interessenskonflikte zwischen Designern, der IT-Sicherheit und dem, was der Kunde wirklich möchte.
Welchen Einfluss hat das gewählte Login-Verfahren auf die Sicherheit und welche Ansätze haben sich in der Praxis bewährt? Wie kann ein Kompromiss aussehen, der sowohl den Kunden zufriedenstellt, aber trotzdem ein ausreichendes Sicherheitsniveau bietet? Erfahren Sie, welche Best Practices es gibt und welche Rolle OAuth 2.0 dabei spielt.
Customer Identity & Access Management und API Management sind als Business Enabler bekannt. Aber in Kombination sind sie sogar mehr als die Summe ihrer Teile.
Erfahren Sie, wie digitale Identitäten Ihrer Kunden und Ihrer APIs das digitale Ökosystem Ihrer Kunden infiltrieren, um sie noch stärker an Ihr Unternehmen zu binden. Verstehen Sie, warum die Weitergabe von Kontrolle an Dritte und externe Entwickler der Schlüssel zum Erfolg dieses Ansatzes ist und dass die Einhaltung von Standards Voraussetzung dafür ist.
How are companies, consumers and authorities taking the new regulation?
Blockchain, Identity and Privacy: Three words that buzz, fade and mature.
The blockchain is currently one of the most-hyped technologies. In this panel, we will explore how security and privacy can be enhanced by blockchain technology and outline the challenges ahead. Further, we discuss If and when blockchain-based identity projects reach critical mass in terms of user adoption, they could help get more decentralized services off the ground.
When dealing with consumers and customers directly the most important asset for any forward-thinking organization is the data provided and collected for these new type of identities. The appropriate management of consumer identities is of utmost importance. Handing over personal data to a commercial organization the consumer typically does this with two contrasting expectations. On the one hand, the consumer wants to benefit from the organization as a contract partner for goods or services. Customer-facing organizations get into direct contact with their customers today as they are accessing their products and services through various channels and deploying various types of devices. It is essential to know the relevant attributes of that customer at the right time: An improved user experience leads to customer satisfaction and thus to returning customers.
Privacy has become a global concern, with regulations such as GDPR coming into effect. In this context, e-commerce businesses that operate globally cannot simply adopt data protection regulations of a single country/region. Supporting each and every regulation as they emerge is challenging and greatly increases the maintenance cost. Furthermore, these kinds of regular modifications can lead to poor customer experiences.
Leveraging well-known privacy by design principles into your system design strategy is a long-term and sustainable solution for most of these privacy challenges. Once these principles are adopted, it is possible to achieve each individual privacy regulation compliance easily with minimum time and effort. This talk introduces a number of well-known privacy by design principles and explores how they implemented in real-world scenarios. This talk also highlights the benefits of each of these principles with potential implications.
In the digitalized world, passwords are not sufficient anymore to protect digital logins and transactions. What’s even worse: In 81 percent of all cases, they are the main reason for a hack. Once a password is stolen, it opens the doors to fraudulent use and data theft. Furthermore, since most consumers link their online accounts at Amazon, eBay or Twitter to their Facebook or Google account, attackers only have to hack one password in order to gain access to the entire range of applications. This also enables them to easily compromise the complete digital identity of a user. All these examples show, that passwords are outdated. Their single application for the protection of digital identities is not only careless, but very harmful. However, there is a remedy, which is reliable and widely available today: the 2- or multi-factor authentication (2FA/MFA). Providers of online portals and services can offer their users a broad range of easy-to-use tokens, which relieve consumers of the burden to remember another password – from push tokens that only have to be confirmed by tapping the “OK” field on the smartphone’s touchscreen to scanning a QR code with the smartphone’s camera. In his presentation, Dr. Amir Alsbih explains the latest challenges and solutions in the protection of digital identities and illustrates how consumers can benefit of new MFA technologies.
This panel will explore contemporary means of protecting identities to lower cyber risk while safeguarding the privacy of users. Learn best practices from data protection & privacy experts on how to use the latest defenses to secure your organization against the latest threats and to offer your customer a smooth customer journey without fears.
In an ever-changing and rapidly evolving world, the fight about the customer is getting tougher. Companies that can offer a customer-centric approach have the advantage. With new technologies such as mobile, internet of things, social media, and big data, the approach towards customers is getting redefined.
During this presentation, TrustBuilder’s Sales Director for Benelux Kurt Berghs will give some industry-based examples of how policy-based Customer Identity and Access Management (CIAM) can help with these new challenges.
For different markets such as finance, insurance, HR and retail, a secure CIAM provides better and more flexible services to consumers such as using social media accounts, adaptive authentication, single sign-on or even customer onboarding. Attribute-based access control helps to put your customer’s expectations first in an automated business landscape.
Customer Experience (CX) is the central starting point when it comes to the strategic definition of your CIAM. The management of millions of identities and the handling of several millions of interactions per day is a technical challenge that changes every day. However, ease of use, efficiency and joy of use by the customer are indispensable prerequisites. At the same time, it is imperative that every consumer can control access to his personal data.
Managing customer information in a digitally changing economy with many business partners in need of access is one of today's biggest challenges and will continue to evolve rapidly. Understanding the wishes and requirements of customers and mapping them successfully in CIAM processes is a key to successful online business. The customer has a constantly growing selection of service providers online, your CIAM is one of the levers with which you can inspire customers for your business, and to achieve a lasting customer loyalty to your company
In this session, we will examine use of blockchain tech and smart contracts
When dealing with consumers and customers directly the most important asset for any forward-thinking organization is the data provided and collected for these new type of identities. The appropriate management of consumer identities is of utmost importance. Handing over personal data to a commercial organization the consumer typically does this with two contrasting expectations. On the one hand, the consumer wants to benefit from the organization as a contract partner for goods or services. Customer-facing organizations get into direct contact with their customers today as they are accessing their products and services through various channels and deploying various types of devices. It is essential to know the relevant attributes of that customer at the right time: An improved user experience leads to customer satisfaction and thus to returning customers.
Learn best practices from data protection experts on how to use the latest defenses to secure your organization against the latest threats and to offer your customer a smooth customer journey without fears.
Most of us know that Facebook, Google, Amazon and million others are collecting vast troves of demographic and behavioral data about us — sometimes even if you aren't on Facebook. That’s bad, right? But do we really care? If we don't care — that is excellent news for advertisers and every other data mining company. But if we do care, what are the implications for marketers? What does it mean for the generation of products and services we develop?
This session will highlight how we rationalize or perceive data-privacy, why we care, and what we expect from companies when it comes to our own data. This session will explore and explain how understanding individuals’ expectation about privacy, and the principle of behavioral economics will have an enormous impact on how companies conduct business today and more importantly, tomorrow.
Transforming the customer experience is at the heart of digital transformation. Digital technologies are changing the game of customer interactions, with new rules and possibilities that were unimaginable only a few years back. Customer Identity and Access Management (CIAM) is a whole emerging area in the IAM, which is essentially an ingredient for digital customer experience. Today’s increasingly sophisticated consumers now view digital interactions as the primary mechanism for interacting with brands and, consequently, expect deeper online relationships delivered simply and unobtrusively. CIAM turns customer data into Gold! Strong/Adaptive Authentication, Privacy, Scalability, APIs and Analytics are the five pillars of CIAM.
Consumer Identity and Access Management (CIAM) is many things. For some it’s all about streamlining the user experience through technologies and practices that make it easier for them to securely logon. For others, IAM is all about identity lifecycle management – ensuring that accounts are set up, modified, and retired in a timely, accurate, and secure manner. And for still others it’s focused on security and compliance through technologies and practices that make governance activities such as attestations easy and complete, or adding a layer of control and visibility to privileged accounts and“superuser” access. The reality is CIAM is all of this, and more.
Today’s customers, beset with endless choices, expect brands to understand their needs and deliver contextual experiences that reduce stress and increase convenience. But, these same customers don’t want this kind of personalization at any cost. Unfortunately, many businesses still employ “creepy” tactics when marketing to customers, breaking their trust. This, in turn, has led to the GDPR and a slew of newer data protection regulations.
How do you win back the trust of customers and steer clear of regulatory punishment? Join us to learn best practices from CX leaders who have successfully integrated their customer identity solutions with enterprise preference and consent management capabilities. And, how this has enabled them to deliver personalized digital experiences using permission-based, first-party data to build trusted relationships with their customers.
Learn all you need to know about the future of information security today!
An Expert Stage presentation at the European Identity and Cloud Conference 2018
An Expert Stage presentation at the European Identity and Cloud Conference 2018
Some of the most common causes of cloud security breaches include system misconfiguration, dynamic system updating and patching, unmanaged and leaked access credentials. The industry is applying different methods to overcome these challenges. These methods include dynamic system monitoring and alerting, automated deployment pipelines, and access management including credential and key management and rotation. But what if we could overcome all of these challenges with an immutable cloud infrastructure that could be accessed without any credentials which could be leaked or compromised?
Around the world topics related to Digital Identity are becoming more and more critical. The world is beginning to recognize that Digital Identity lays the foundation needed for trust to perform myriad transactions in both the public and private sectors. Canada is moving rapidly toward the next Digital Identity Revolution. In this new model, capabilities from both the public and private sectors come together to deliver value to businesses, customers, citizens, and governments.
This Digital Economy focused model prioritizes privacy and security by design as well as convenience delivered through user-centred design. Solving for Digital Identity that secures Canada's participation in the Digital Economy requires the significant and sustained efforts of experts and influencers from every sector. To ensure that business, legal, and technical decisions makers across Canada are well informed, DIACC has taken a closer look at the economics of Digital Identity. In this presentation DIACC will share our findings with the world.
British Columbia is a digital identity leader in Canada with the development of the BC Services Card and associated digital identity services. Building upon our experience in providing digital identity services for all British Columbians, the Province of BC is now collaborating with the Canadian Federal government and the Province of Ontario in establishing the Org Book for businesses. The Org Book provides verified digital claims about businesses and their representatives to enable streamlined government service delivery to businesses and to enable digital transactions in the broader economy. Imagine a new business owner incorporating their business, establishing business licenses and permits, and opening banks accounts in a seamless and secure manner using mobile and distributed identity blockchain technology.
In a world where everyone has a large amount of different personas and credentials stored and managed by government, banks, socials and other, we call for consolidation and control while preserving privacy and security. With DLT a lot of that call can be answered, but how do we roll-out. There are some major challenges to adoption such as usability, network economics, governance, privacy and recoverability. How do we approach these challenges to reach a global self-sovereign identity platform?
An interview during the European Identity & Cloud Conference 2018
Privileged accounts, credentials and secrets are everywhere— on premises, in the cloud, on endpoints, and across DevOps environments. From personally identifiable customer information to critical intellectual property, they provide access to your enterprise’s most valuable assets. And attackers are after them. Right now.
As one of the winning presentations from the pre-conference Blockchain ID Innovation Night, Dr. Torsten Lodderstedt will continue his presentation about the limits of Blockchain Identity and the challenges that still need to be solved.
In recent times, an increasing number of vendors announced a migration of their products towards microservices architectures. Some renovate their existing on premises IAM tools, others build new solutions with a new architectural approach. Factually, the idea isn’t that new, but the evolution in the field of microservices and containerization now enables flexible architectures that allow to distribute and scale components better than in the past. Furthermore, such architectures build the foundation for simplified hybrid cloud deployments, but also increased customization using APIs exposed by these microservices
GDPR obligates organizations to provide data subjects with access to their personal data. To comply, companies must be able to answer a seemingly innocuous but frighteningly difficult question: What do we know about the data subject? Further, organizations must respond to Data Subject Access Requests (DSARs) in a privacy-preserving, Privacy by Design-embedded manner. This is going to be problem as organizations are not going to be able to reliably find the data – as there are too many places look, data variability (Elizabeth vs. Liz) and other problems. In this keynote these identity challenges will be explored and remedies will be suggested.
IAM products are highly configurable systems tailored to the diverse needs of customer environments and applications. Modern applications require short development cycles and IAM systems that can be adjusted at the same pace. Modern data centers are configuration-driven, resilient environments designed to meet rapidly changing application needs, and modern IAM solutions must be in line with this paradigm.
Introducing traditional IAM products into cloud containers is not a simple "lift and shift" operation, as it once was with the virtual machine infrastructure. Today's micro-service-enabled, service-mesh-oriented infrastructure expects simple, resilient, self-discovery services instead of brittle monoliths that rely on manual configuration.
Operating IAM products with a DevOps setting in terms of automation, repeatability, and continuous improvement is possible through close collaboration between IAM, application, and infrastructure experts.
Social, economic and technological changes are creating urgent new requirements for enterprise identity that enable interconnected digital systems. These new use cases require a governance framework that is consistent, integrated and efficiently managed. It also needs to provide increased security, privacy and reliability while being open. Learn how to respond holistically to these growing and evolving identity needs.
Although companies are constantly increasing their cybersecurity budgets, this does not seem to help much: each day we learn about new large-scale data breaches. Considering that over 80% of hacking-related breaches leverage compromised user credentials, it’s mindboggling why so many organizations are still focusing on securing their network perimeters.
This keynote outlines an entirely new approach — Zero Trust Security. This paradigm assumes that nothing in your corporate IT infrastructure — including users, endpoints, networks, and resources — is ever trusted, and each interaction must be verified to decrease the chance of a security breach. Zero Trust Security ensures secure access to resources while significantly reducing the possibility of access by bad actors.
The focus of digital identity for consumers and enterprise is to remove silos, minimize redundant effort, enable better collaboration and provide a foundation for regulatory compliance. The challenge is that shared credentials for both commercial and public-sector organizations will require organizations to innovate to address requirements for physical access, protecting PII, delivering cross-agency services and re-thinking how digital consumers interact. In this session, we will discuss best practices across the industry that can be applied to enable interoperable credentials, we will explore architectural practices to manage identity assurance levels, and identity verification for both logical and physical access.
The real problem behind the recent Facebook scandal is not primarily that a company like Cambridge Analytica has "gained" access to the personal information of millions of Facebook users and misused them for political manipulation. It is the business model of social networks itself: Letting their users deal privacy for some kind of communication convenience, without letting them at any point opt for both: the convenience of using social network services to digitally interact with others as well as control over the usage of their personal information.
Will such business models survive? Is privacy a disclaimable option or is it a constituent element of our personality?
European Identity & Cloud Awards Ceremony
Identity is as old as mankind and adapted very well to its changing environments. From a simple look that determines who you are to a high frequency of multi-factor vehicle-to-vehicle authentication in autonomous driving - with Digital Transformation, Identity in digital form has become the enabler of complex horizontal value chains and ecosystems. Without authentication, authorization, and consent, those digital ecosystems of our every-day journeys will be less secure, less convenient, and less beneficial. The “consent" part most especially needs new thinking - from pure protectionism to enabling benefits for both individuals and service providers.
Distributed Ledger Technologies ("Blockchain") are the foundation for the most disruptive changes to business we are either already observing or that are on the road to becoming a reality. Based on these technologies, both new business models and fundamental changes to established models become possible – and what is technically feasible and economical beneficial will happen.
However, there is still one missing element for fully leveraging the Blockchain potential: Identity. Identity in that context is far more than just identification, authentication, or authorization. It is about linking people, transactions, and digital assets. It is about managing properties, rights, agreements, and contracts – linked to persistent, reliable identities. This is where Blockchain ID comes into play, because it is the only way to enable many of the business scenarios of tomorrow. There is still some way to go for Blockchain ID, starting from making it more than an ID for identification, authentication, or authorization.
It takes most businesses over 6 months to detect a breach on their network. And while smoke detectors are proven to halve the death rate by fire, saving thousands of lives each year, detection is sometimes too late to prevent many buildings from burning to the ground.
So imagine if it were possible to reduce the risk of a cyber-security fire starting in the first place. We are all familiar with the elements needed to start a fire: heat, oxygen and fuel. For data breaches, one key element of risk is abnormally high access entitlements. Detecting these abnormalities early, across your enterprise, enables you to remove them entirely from the equation. Couple this insight with sophisticated smoke detection equipment and you have an increased chance of limiting the damage wrought by any fire to your business.
In this keynote, we will talk about the importance of fire prevention in your enterprise and how, through the use of identity analytics and User and Entity Behavior Analytics (UEBA), you can install the perfect fire prevention and fire detection tools to get fire safety right.
Keynote at the European Identity & Cloud Conference 2018
We will Disrupt You - Are AI, Blockchain, IoT a Blessing or Curse for an Insurance Company?
ABNAMRO runs over 30 blockchain experiments, also involving digital identity capabilities. Co-operation has been set –up across various coalitions, and use cases are running a lot wider than just the banking and payments industry. Academia, building-, and shipping industries are also involved. What are the typical problems to solve with blockchain technology, and why? Some of the practical use cases and scenarios ABNAMRO is involved in today.
The AI and Robotic Process Automation revolutions are in full swing with record growth in both sectors as well as an explosion of new startups in this space. Not to be left behind, existing vendors are rushing to heed the call of AI and automation by sprucing up there existing product suites with conversational interfaces and smart AI-driven assistants. This session will cover the impact of these emerging technologies on the IAM product space and what can be expected in the near future.
Nearly all advice on GDPR compliance is about what companies can do for other companies, or companies can do for themselves. There isn't much on what customers can do for companies, which may turn out to be the biggest help of all. That’s because customers are going to get more power all the time, and that’s exactly what the GDPR was made to encourage, whether regulators knew that or not. Doc Searls has been on this case for over a decade, leading ProjectVRM, which encourages development of tools and services that empower customers. (And which won a KuppingerCole award in 2008.) Doc will talk about how the best of those new tools will open easy and low-cost paths to corporate compliance with both the GDPR and ePrivacy regulations, while opening new market frontiers as well.
Presentation at the Digital Finance World 2018 in Frankfurt, Germany
On January 13th, 2018 a new set of rules for banking came into force that open up the market by allowing new companies to offer electronic payment services. On November 27th, 2017 the European Union published and press release and a draft Regulatory Technical Standard (RTS) on strong authentication.
On the one hand the press release says that – “thanks to PSD2 consumers will be better protected when they make electronic payments or transactions because the RTS makes strong customer authentication (SCA) the basis for accessing one's payment account, as well as for making payments online”. However, the RTS explicitly excludes preventing Payment Service Providers (PSP) from using the customer account credentials or imposing redirection to the Account Service Provider for authentication.
This session will discuss the security implications of this RTS on the use of proven industry standards such as OpenID and SAML as part secure authentication for open banking.
Presentation at the Digital Finance World 2018 in Frankfurt, Germany
|
|
Everyone has been talking about how PSD2 will unlock retail banking, opening up the market to new entrants and decrease banks’ power on the market. But if you are looking at the future of finance, look no further than Sweden. |
The consumer experience is changing radically, and globally. Today, AI-powered bots in the form of chatbots, voice assistants, and avatars, are responsible for the majority of traffic on the web and conversational systems. And CPA chatbots or accountant avatars are now telling us what to do with our money – what to buy, where to buy it, and where to invest. How can we trust these bots? After all, they are made by humans, and sadly not all humans have your best interest at heart.
These bots need license plates. Bots and AI need authentication. They need regulation, transparency, and systems we can trust. Luckily Blockchain solves many of the problems that AI presents. This keynote looks at how this is authentication implemented and the implications for the coming decade from know-your-customer to anti-money laundering to new economic models around the democratization of AI.
The year 2018 brings major changes to the financial industry. Two disruptive regulations (PSD2 and GDPR) come into effect early in the year and will have a far-reaching impact. Their implementation can be a challenge, but through these directives new opportunities will be created. Furthermore, the blockchain technology is becoming increasingly relevant and influential in the financial sector through its practical use. This Keynote will discuss the three game-changers, PSD2, GDPR and Blockchain impacting the industry and will give recommendations for the necessary actions.
PSD2 will require 2 major technology thrusts: exposing and securing APIs for banking functions, and presenting strong authentication options for financial customers. Banks have to open up many of their core banking functions to enable the PSD2 ecosystem where Third Party Providers (TPPs) can directly initiate payment transfers and aggregate account information. Urs Zurbuchen will present how important a combined approach of web application security and identity access management is to fulfill the necessary compliance requirements. Especially for strong customer authentication the market is in a constant change for the perfect second factor, fulfilling all security needs but also offering highest usability.
