Identity is touching many aspects of cybersecurity from authentication to zero trust. Advances are being made in the areas of ease for customers and users, achieving better ROI and meeting new regulatory and compliance requirements. Infosec World has partnered with our sister event Identiverse to create an Identity Summit to focus on this important topic. Sessions will include:

Practical Steps for Modernizing IAM and Evolving Towards Zero Trust for Large Enterprises - Dan Higham, Managing Partner, Hybrid Pathways

Modernizing Identity and Access Management (IAM) is a basic tenant in the ongoing evolution towards Zero Trust, especially for ensuring business resilience. Enterprises are evolving their IAM programs along with changes to the identity threat landscape, available tools, and cloud adoption.

We will discuss practical and technical steps for improving IAM programs including:

• Understanding Business Value for IAM Investments

• Credential Hygiene

• Modern Authentication and Insecure Authentication Protocol Remediation

• Least-Privilege Access Policies

• Centralized Control Point with a SASE lens and How Zero Trust Enables Finer-Grained Logical Network Segmentation

• Modern Device Security (e.g., MFA, OTP)

. Getting Deeper on Passkeys as a Password Replacement - Andrew Shikiar, Executive Director and CMO, FIDO Alliance

While there is little debate about the risk and headache associated with passwords, the path towards a password-independent future may be less clear than we’d all like.  This session will provide workshop attendees with insights on the imperative and opportunity for moving towards standards-based passwordless authentication and will share some success stories from companies that have eliminated passwords in favor of standards-based passkeys in their workforce and customer identity & access management implementations.   

Thinking Differently About Passkeys - New Threats Require a New Threat Model - Dean Saxe, Senior Security Engineer, AWS Identity

Passkeys are promoted as the password killer to minimize phishing, password reuse, and customer frustrations with passwords. While passkeys create significant usability and security improvements over passwords, we are still early in the passkey journey. In this talk, we’ll explore how passkeys require users and services to think differently about managing credentials, and the new risks that arise with passkeys, enabling attendees to threat model their passkey deployment scenarios.

Specific issues we’ll cover include:

• Breaking out of the one credential per relying party (RP) paradigm of credential management for users and RPs

• Modeling the impact of passkeys on account recovery

• Shared passwords vs. shared passkeys

• Differential security controls between passkey providers including authentication, account recovery, passkey generation, synchronization, and storage at rest

Identity Security: From Carbon to Silicon. Are We Making the Same Mistakes? -  Jeff Reich – Executive Director, Identity Defined Security Alliance

For 20 years we've focused on implementing processes and technologies to secure employees. This foundation has been tested with the introduction of third-party identities. The recent explosion in internet-connected devices means we’ve already surpassed the tipping point where devices outnumber people. IoT Analytics’ latest State of IoT research found there were 12.2 billion active endpoints in 2021 and predicts that figure will grow to 27 billion by 2025. It’s critical for organizations and individuals to secure this growing mass of devices and data. The latest evolution, silicon-based identities (bots and service accounts), is challenging our identity security paradigm even further. How will we define identity in the future and more importantly, how will we protect them?

PAM as a Culture, Not a Product - John Carnes, Global Head of Privileged Access Management, Corebridge Financial

PAM has often been looked at as a tool to implement in an enterprise. On the contrary, PAM is a culture within the enterprise of how access is utilized, how it is handled, and how your users interact with the environment. Very often policies and procedures must be written more around behavior than function. Creating an enterprise that is secure and implements PAM will take a cultural shift as much as a technological shift.

You Can’t Spell “Authentication” Without “AI” - Eve Maler, CTO, ForgeRock

Digital transformation and remote work have opened the door to increasingly frequent and relentless cyberattacks. We’re experiencing data and information overload daily, but when combined with the one-two punch of unauthorized access threats and attacks during authentication, it’s clear that organizations need a better way to protect themselves from threats so they can focus on their business. AI-driven solutions have the ability to do exactly that. In this session, Eve Maler, CTO of ForgeRock, will explore how AI can transform authentication and identity management through automating the provisioning of identities and eliminating fraud in real-time.