Name: Shifting your IAM Program from Compliance-Driven to Security-Driven
Start: 2021-08-19T16:00:00Z
End: 2021-08-19T17:00:51.000Z
Location: BrightTALK
Rating: 4.1

This channel brings together the leading identity and security vendors and industry experts to regularly educate security leaders on how to reduce risk through identity-centric strategies. For more resources and education on identity-centric security strategies, visit www.idsalliance.org.

If 61% of cloud applications don’t support single sign-on, how will you include them in your Zero Trust strategy? Everyone is talking about Zero Trust because it works when fully deployed across all your applications. IBM recently found when Zero Trust is deployed holistically, the cost of a breach is reduced by 43%!
In this session, you’ll learn from the latest threat research what unmanageable applications are, how to quantify the risk they are adding to your business, and how to apply Zero Trust principles to them.

Attendees Will Learn To:
– Understand what unmanageable applications are and how they already add risk to your business.
– Recognize how COVID permanently impacted employee perceptions around application choice. This is not a temporary shift but a generational one. This will require a different approach to dealing with employee application choice.
– Learn how to apply Zero Trust principles, without vendor FUD, to anything, including unmanageable applications that don’t support identity standards.

The Hole in Your Zero Trust Strategy: Unmanageable Applications

We know identity attacks, fueled by the massive expansion in identity attack surfaces, are on the rise. But IAM and security leaders are largely unaware of the security risks that stem from this identity sprawl. In this webinar, we provide our latest research into the attackers targeting identities and current trends in identity posture.

Attendees will learn about:
• Brute-forcing trends
• Session-hijacking
• MFA challenges. 
• What IAM hygiene looks like for the average company, including the number of dormant accounts, guest accounts, unused applications, and groups.

2023 State of Identity Security: What's Leaving Your Organization at Risk?

It's more important than ever for security leaders to make informed, risk-based decisions when building their information security programs and evaluating potential investments. In this 40-minute webinar, Larry Burke, a leader in CDW’s Global Security Strategy Office, will cover the latest cyber risk trends, thought patterns around risk quantification, and discuss the must-haves for a comprehensive, risk-based information security program. We will also explore board expectations and provide actionable insights for security leaders looking to effectively communicate cybersecurity risks to boards and other stakeholders. The webinar will be followed by a short Q&A session.

Attendees will learn to:
• Identify key cyber risk trends and understand how to stay ahead of the curve in a rapidly evolving cybersecurity landscape.
• Learn about today’s must-haves for a comprehensive, risk-based information security program.
• Understand board expectations for security and IT leaders and learn how to effectively communicate risk to executives and other stakeholders.

Who should attend?
• Security leaders and practitioners
• Identity leaders
• IT leaders
• Business and Risk leaders

Cyber Risk Trends and Strategies for Building a Resilient Security Program

Cybersecurity incidents involving compromised credentials continue to be the most common cause of a data breach for enterprises, and account takeover for individuals. The need to secure our digital identities remains one of the most urgent tasks facing our digital ecosystem.

Established in 2021 in partnership with the National Cybersecurity Alliance, Identity Management Day, held on the second Tuesday of April, is a day to educate business leaders, IT decision makers, and the general public about the importance of identity management. If you are passionate about securing digital identities, there are lots of ways to get involved this April 11th. 
During this webinar featuring members of the Identity Management Day Committee, you'll hear about: 
- Why do we need an Identity Management Day?
- What can you do as an individual, an SMB or an enterprise to #BeIdentitySmart?
- How to Become an Identity Management Champion and the resources available.
- Others ways to get involved in Identity Management Day.

Identity Management Day: How to Get Involved

While the discipline of identity and access management has been around for over 20 years, most have fallen into the field of identity and had to learn along the way. Only with the alarming number of breaches related to compromised identities, the profession has matured and become a critical need in security organizations. In the last 5 years, two organizations have emerged to address the changing identity industry - the Identity Defined Security Alliance with a focus on educating IT professionals on the importance of securing digital identities, and IDPro the first and only professional organization for identity practitioners.

In this webinar featuring IDPro Executive Director Heather Vescent and Target Sr. Director of Cybersecurity Tom Sheffield, you’ll hear how IDPro is supporting the growing, global community of professionals and how enterprises can leverage these two organizations – IDSA and IDPro – to improve their strategy and execution.

Helping Organizations Succeed in an Identity-Centric Security World

In 2023, the Zero Trust concept permeates cybersecurity departments across private and public organizations alike. When it comes to identity access management (IAM) and privilege access management (PAM), Zero Trust initiatives can strengthen security defenses against cyber threats that utilize social engineering techniques, credential-stealing malware, privilege sprawl, and lateral movement.

This webinar performs a quick survey of the efficacy of established privilege access management approaches, compares them to advanced PAM technologies, and outlines how different IAM and PAM strategies can be leveraged on the Zero Trust journey.

You will learn:
- Zero Trust concepts in the IAM/PAM context, such as Zero Standing Privilege
- TTPs that circumvent commonly used security toolsets
- Best practices to adopt as part of Zero Trust initiatives

Zero Trust Initiatives For Identity-First Cyber Resiliency

Static and inflexible policies through traditional access control methods have failed to address security risk in real-time. Enterprises are expanding on an identity-first security strategy to better support Zero Trust initiatives and address their complex, distributed environments. In this session we cover how enterprises can deliver dynamic controls for Identity-First Security in a consistent, continuous, and contextual manner by externalizing authorization. 

Learn how a centralizing authorization and distributing enforcement:

* Applies Identity context to access controls for enterprise services and systems
* Standardizes authorization across applications, API gateways, microservices and data layers
* Ensures continuous, risk-based access throughout the user journey by drawing from multiple sources for identity, threat signals, and data context
* Simplifies the way access policies are created, managed, and enforced by security and business stakeholders

The Role of Authorization in Driving Zero Trust and Identity-First Security

With the dramatic increase in the occurrence of sophisticated and high-profile cyberattacks
evidencing an evolving threatscape that is both sprawling beyond its former perimeters and
leading to the emergence of new, malicious threat tactics, the push to revamp cybersecurity
processes and re-focus security beyond the perimeter has become imperative. In their Special
Publication, 800-207, Zero Trust Architecture, NIST points to identity as the critical first step to
regaining control over the perimeter, and to Zero Trust as the best security architecture for
meeting the requirements of hybrid, cloud, and often multi-cloud network infrastructures.

NIST characterizes Zero Trust as an evolving collection of cybersecurity paradigms and concepts that allow security defenses to shift from functioning as static, network-based perimeters to functioning as parameterless defenses that work to continuously authenticate and verify users, devices, and applications. Guided by the two core mantras of “Assume breach” and “Never trust, always verify”, and built on a foundation of cybersecurity paradigms that include enforcing continuous authentication, eliminating persistent trust, implementing the least privilege, enforcing segmentation and microsegmentation, and ensuring visibility, Zero Trust can help organizations reduce the attack surface, prevent unauthorized access to data and services, and control the impact threshold of any threat that does present itself to the network.

Join this session with BeyondTrust's Chief Security Officer, Morey Haber to learn:
• Why Zero Trust is more than a buzzword when it comes to preventing a cyberattack
• What organizations need to know to distinguish Zero Trust as a concept from a
functional Zero Trust Architecture
• How to build a strategic and achievable pathway to Zero Trust

Countering the Attack: How Zero Trust is Pushing Back Against New Cyberthreats

With cybercrime on the rise, more organizations are implementing best practices such as multi-factor authentication (MFA) to protect their users from credential theft, phishing attempts and brute-force password guessing. To get around this layer of protection, hackers have developed a new tactic: MFA fatigue or MFA bombing.  It relies on spamming victims with endless authentication prompts until they grant the attacker access by accident or out of sheer frustration.  

Traditional MFA tactics have been around since the late ‘80’s.  New techniques are long overdue to solve the underlying security challenges.  Watch this webcast to learn from a cyber security veteran on how you can fight MFA fatigue with a 2-pronged strategy:  significantly improve user experience while enhancing security via a new approach to passwordless continuous authentication.   

Frictionless user experience by reducing MFA prompts by 75% (without sacrificing security) 
Comprehensive device trust with transparent and dynamic level of assurance risk scores 
Overall improved security posture by empowering users to unlock, lock, or logout using their mobile devices

MFA Fatigue – Fighting a 2-Front War

As organizations migrate to the cloud, securing human and machine identities in production environments is critical, but cloud complexity and necessary skills make it extremely difficult. To address these challenges the Cloud Infrastructure Entitlement (CIEM) Working Group subcommittee within the Identity Defined Security Alliance has introduced a new set of Best Practices. The latest cloud entitlements best practices outline how enterprises should manage their identities and privileges in cloud environments.

Join us on November 17 at 9:00 am PT, as Lior Zatlavi, Ermetic Senior Cloud Architect, who chairs the IDSA CIEM Technical Working Group - delves into the recent additions. During the webinar, Lior will explain how to jumpstart your CIEM by implementing relevant best practices such as gaining visibility through the steps to effectively manage entitlements and reduce access risk in cloud infrastructure by creating a categorized list of inventory resources, listing human and service identities, and more.

What You Will Learn:

How to apply the latest Best Practices from the CIEM TWG subcommittee, including:
    – Listing and tracking all identity relationships in your cloud infrastructure.
    – Processing logs to profile the activity of identities and detecting anomalous behavior patterns.
    – Integrating the remediation of excessive permissions to existing workflows.
    – Managing Just-in-Time access to reduce standing privilege.

Best Practices for Cloud Infrastructure Entitlement Management (CIEM)

B2B identities are an often-undetected threat to every organization – these identities frequently lurk in the shadows unnoticed, even intentionally ignored in some cases. What makes B2B identity challenges so interesting? And why is the solution elusive to most organizations? We think we have all the right tools, yet most can’t seem to put the pieces together in the right way to solve this prevalent identity challenge.

During this discussion we'll scrape away layers of misconception to expose the truth about B2B Identity and how the mystery can be solved:

- Why aren’t traditional workforce identity approaches successful?
- What lessons can we learn from the CIAM space?
- What important considerations are we mistakenly disregarding?
- Discover the answer to these questions, and more, to solve this unsolved mystery.

Unsolved Mysteries

In this increasingly digital era, identity involves more than satisfying compliance mandates. It has rapidly become an organization’s first line of defense, a business enabler, and often a board-level topic. Having strong identity management practices is now paramount for enterprises as they defend against cybersecurity threats and enable digital transformation.

But let’s face it: most Identity and Access Management (IAM) programs stay in the shadows until something goes wrong – an identity-related breach, damage to brand reputation, an audit failure, and so on. So how do you project the value of an IAM program, seek buy-in from executives and LoBs, and ensure strong identity management practices are followed? During this Cybersecurity Awareness month, let’s discuss the strategies for driving home the value of Identity Management.

Join us for this webinar to hear directly from a seasoned CSO as we discuss:

- The drivers for a strong IAM program
- What resonates with the board and the executive team
- How to get buy-in and support from the stakeholders and LoBs
- Key ingredients of a strong Identity Management program
- Successful strategies to consider

Identity as the First Line of Digital Defense for Cybersecurity

The lack of interoperability in zero-trust products is hurting adoption and is a big factor in organizations not being able to achieve their security goals through existing products. Those who claim success have cobbled together solutions using proprietary protocols and niche implementations that only address a small spectrum of the problem space. Open standards that enable continuously monitored context based access to online resources can help existing products interoperate.

In this joint webinar hosted by the IDSA and OpenID Foundation, we'll discuss a new standard that is being developed in the OpenID Foundation SSE (Shared Signals and Events) working group. CAEP (Continuous Access and Evaluation Profile) is a drastically new approach to cybersecurity that utilizes a user’s complete online footprint collected through a collaborative exchange of events and signals between multiple participating parties. Recognized by Gartner as an "innovation trigger" technology in their 2022 Digital Identity Hype Cycle, CAEP has been adopted by companies like Microsoft, exchanging millions of SSE events every day.

What You Will Learn:
How CAEP can increase the level of online security for users, identity providers, and service providers alike.
How CAEP can help achieve identity security best practices and outcomes.
What you can do to help accelerate the adoption of CAEP.

A Guide to Securing Cloud Access with CAEP

The spate of damaging cyber-attacks over the past year and efforts to reduce the risk of breach from credential compromise has led to doubts about whether OTP Push meets today’s authentication needs. In this session, we’ll assess the efficacy of Push OTP within the context of current authentication needs and trends.

In this session, we’ll assess the efficacy of Push OTP within the context of current authentication needs and trends.

Whether phishing-resistant hardware is necessary in all use cases
What are the choices for expanding authentication coverage to additional users and apps given the need to protect hybrid and more complex environments
How to achieve this with a range of modern authentication options

OTP Push: The Lame Duck of Authentication?

Organizations continue to face threats that are increasingly sophisticated, making the job of protecting and securing critical data and information more challenging. A key question that remains is how are enterprises determining the IAM vision and its role in enabling the success of a security program.

In this session, we will share insight on what is driving the need for a IAM vision and other key insights on areas like

Determining the IAM vision
Bringing in stakeholders’ engagement
Enterprise IAM Vision – where are enterprises now and how does the future look.
Hurdles around transforming vision into reality.

Enterprise IAM Vision -  Are organizations there yet?

PKI and machine identities are essential building blocks to digital trust as organizations accelerate their path to multi-cloud, zero-trust, and DevOps strategies. According to research from the Identity Defined Security Alliance, 2022 Trends in Securing Digital Identities, 98% of organizations indicated that they are experiencing a growth in identities with 43% attributing the growth to machine identities.  Organizations are struggling with the expansion of identity types and specifically the expansion in the machine identity landscape, and the challenges are getting more complex.

In this webinar we will cover:
- State of IoT Market 
- Security Considerations with IoT
- Security Oversight in Product Development
- Moving from Risk Mitigation to Rev Generation
- Security Expectations: A Moving Target

Securing IoT Device Identities from the Start

Once upon a time, infrastructure and the way it was accessed was straightforward. Then came the cloud. Infrastructure evolved to include multiple protocols, networking layers, permissions, credentials, containers and clusters, and multiple clouds - on top of existing on-prem environments.

Coupled with remote work, these trends have exposed the fragility of today’s access management paradigms and pushes us towards a reimagining of how people connect to the resources they need - all without compromising security and compliance postures.  

In this webinar, you’ll learn:
* What access management challenges organizations face as they scale
* The security and compliance challenges a modern stack presents
* The key considerations when devising a strategy spanning legacy and modern stacks
* The importance of identity in managing access to infrastructure

Best Practices for Managing Access to Modern Stacks

As the most broadly deployed identity service in the world, Active Directory is a lucrative target for cyberattackers. Ransomware-as-a-service groups including Conti and LockBit 2.0 have become increasingly adept at finding and exploiting security gaps in Active Directory. In this session, Alexandra Weaver, Semperis Solutions Architect, discusses the most common AD security vulnerabilities she encounters in her work with customers, how attackers take advantage of those gaps with examples from recent attacks, and how you can harden your AD security posture to prevent attacks. 
Key takeaways:
• Common AD vulnerabilities that attackers exploit, grouped into five categories: account security, AD infrastructure, Group Policy, Kerberos, and AD delegation 
• How malicious actors compromised AD in well-known attacks such as Colonial Pipeline
• How you can identify and proactively close security gaps in your AD environment

Top Active Directory Attacks and How to Prevent Them

No end in sight…regulatory mandates continue to increase. In response, many organizations create compliance-driven IAM programs with the assumption that security measures are inherently addressed.  While compliance is still a key driver in IAM initiatives, IAM is evolving into a security and risk-based program with capabilities focused on entitlement management and enforcement of logical access controls.

Building a security and risk driven IAM program allows organizations to adopt broader, enterprise-based solutions that are adaptable to usage trends, such a as cloud, mobile and remote office.  User demand will continue to drive program disciplines to transform from a compliance-based program into a true secure business enabler, helping reduce overall risks created by emerging technologies and threats.
While compliance and security intersect, they are not considered equal. Join us for a live webinar on the key aspects and benefits of security-driven IAM programs. In this session you'll hear about:

* Considerations to building a security-driven IAM program
* Key indicators to determine if your IAM program is compliance-driven or security-driven
* Benefits of security-driven IAM programs

Shifting your IAM Program from Compliance-Driven to Security-Driven

Compliance

Cyber Security

Identity Access Management?

Cloud computing has exploded over the past few years, delivering a previously unimagined level of workplace mobility and flexibility. The cloud computing community on BrightTALK is made up of thousands of engaged professionals learning from the latest cloud computing research and resources. Join the community to expand your cloud computing knowledge and have your questions answered in live sessions with industry experts and vendor representatives.

Cloud Computing

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

The application development community features top thought leadership focusing on optimal practices in software development, SDLC methodology, mobile app development and application development platforms and tools. Join top software engineers and coders as they cover emerging trends in everything from enterprise app development to developing for mobile platforms such as Android and iOS.

Application Development

Enterprise applications have become a crucial piece of infrastructure for many businesses. The enterprise applications community on BrightTALK features the latest insights in enterprise application integration, enterprise application architecture and EAS software. Join the community to gain access to thousands of videos and webinars presented by recognized enterprise information systems experts and arm yourself with the knowledge you need to succeed.

Enterprise Applications

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Shifting your IAM Program from Compliance-Driven to Security-Driven

Presented by

About this talk

More from this channel