Name: Reeling in the Greatest Security Risk to Your Cloud Infrastructure – Identities
Start: 2021-10-07T16:00:00Z
End: 2021-10-07T16:45:34.000Z
Location: BrightTALK
Rating: 5

This channel brings together the leading identity and security vendors and industry experts to regularly educate security leaders on how to reduce risk through identity-centric strategies. For more resources and education on identity-centric security strategies, visit www.idsalliance.org.

Optimizing IAM infrastructure through program maturity involves continuously improving IAM program to better align with your organization's security goals and needs. In this webinar, Asif Savvas, CPO, Simeio and Aubrey Turner, Executive Advisor, Ping Identity will share best practices and steps IAM leaders can take, from setting clear goals that are meaningful, to leveraging automation and analytics to improve efficiency and effectiveness.

Attendees Will Learn: 
·  The relevance of setting goals and roadmap for your IAM journey to achieve maturity.
·  Case studies where enterprises started with a foundational program and achieved maturity resulting in optimizing their IAM infrastructure.
·  Identifying KPIs that are relevant for business stakeholders
·  The role of automation and analytics in achieving KPIs
·  Assessing and measuring key IAM domain performance

Optimizing IAM Infrastructure Through Program Maturity

Comprehensive IAM frameworks are crucial for safeguarding user identity and access privilege. Human vulnerabilities, like errors and social engineering attacks, can compromise IAM systems. Join us to explore proactive and adaptive approaches for managing IAM, integrating technology and user education. We'll discuss the human aspects of a security framework and balancing user convenience with security. Learn how to achieve adaptability while protecting against threats.

Attendees Will Learn How To:
• Identify and address vulnerabilities posed by human errors and social engineering attacks in IAM systems through thorough training and awareness programs for employees.
• Implement proactive and adaptive approaches to effectively manage IAM and stay ahead of potential security threats.
• Integrate technology solutions with comprehensive user education programs to enhance the overall security posture of IAM systems.
• Develop and implement strategies that strike the right balance between user convenience and security measures without overly burdening users.
• Learn from adversaries and adopt adaptability in IAM management to align with evolving threats and industry best practices.

Identity: Humans are the Problem

Balancing security and usability is crucial—especially in fast-paced environments where an organization’s frontline workers often need to authenticate quickly, manage complex workflows, and handle customer interactions. However, many businesses struggle with outdated and inefficient authentication processes that can create significant user friction, high costs, and gaps that can be exploited by bad actors.

Avoid these pitfalls with modern approaches that can meet you where you are today—regardless of your underlying IT complexity—and find out how organizations like CarMax are moving away from legacy approaches to authentication and toward the foundations of a Zero Trust and passwordless future.

How CarMax Empowers Their Workforce with Modern Authentication

Identity is the new perimeter has been the industry mantra for a while now. But is that enough? With the new normal of remote workers and the increased risk that comes along with that, it is no longer the new perimeter, but is now the ONLY perimeter that matters. Learn how managing and strengthening your identity core is critical to the success of any organization

Attendees Will Learn:
• Why Identity is important to the overall security of an organization.
• How organizations approach must be different.
• How the context of an identity is key.

Identity is the ONLY Perimeter

If 61% of cloud applications don’t support single sign-on, how will you include them in your Zero Trust strategy? Everyone is talking about Zero Trust because it works when fully deployed across all your applications. IBM recently found when Zero Trust is deployed holistically, the cost of a breach is reduced by 43%!
In this session, you’ll learn from the latest threat research what unmanageable applications are, how to quantify the risk they are adding to your business, and how to apply Zero Trust principles to them.

Attendees Will Learn To:
– Understand what unmanageable applications are and how they already add risk to your business.
– Recognize how COVID permanently impacted employee perceptions around application choice. This is not a temporary shift but a generational one. This will require a different approach to dealing with employee application choice.
– Learn how to apply Zero Trust principles, without vendor FUD, to anything, including unmanageable applications that don’t support identity standards.

The Hole in Your Zero Trust Strategy: Unmanageable Applications

We know identity attacks, fueled by the massive expansion in identity attack surfaces, are on the rise. But IAM and security leaders are largely unaware of the security risks that stem from this identity sprawl. In this webinar, we provide our latest research into the attackers targeting identities and current trends in identity posture.

Attendees will learn about:
• Brute-forcing trends
• Session-hijacking
• MFA challenges. 
• What IAM hygiene looks like for the average company, including the number of dormant accounts, guest accounts, unused applications, and groups.

2023 State of Identity Security: What's Leaving Your Organization at Risk?

It's more important than ever for security leaders to make informed, risk-based decisions when building their information security programs and evaluating potential investments. In this 40-minute webinar, Larry Burke, a leader in CDW’s Global Security Strategy Office, will cover the latest cyber risk trends, thought patterns around risk quantification, and discuss the must-haves for a comprehensive, risk-based information security program. We will also explore board expectations and provide actionable insights for security leaders looking to effectively communicate cybersecurity risks to boards and other stakeholders. The webinar will be followed by a short Q&A session.

Attendees will learn to:
• Identify key cyber risk trends and understand how to stay ahead of the curve in a rapidly evolving cybersecurity landscape.
• Learn about today’s must-haves for a comprehensive, risk-based information security program.
• Understand board expectations for security and IT leaders and learn how to effectively communicate risk to executives and other stakeholders.

Who should attend?
• Security leaders and practitioners
• Identity leaders
• IT leaders
• Business and Risk leaders

Cyber Risk Trends and Strategies for Building a Resilient Security Program

Cybersecurity incidents involving compromised credentials continue to be the most common cause of a data breach for enterprises, and account takeover for individuals. The need to secure our digital identities remains one of the most urgent tasks facing our digital ecosystem.

Established in 2021 in partnership with the National Cybersecurity Alliance, Identity Management Day, held on the second Tuesday of April, is a day to educate business leaders, IT decision makers, and the general public about the importance of identity management. If you are passionate about securing digital identities, there are lots of ways to get involved this April 11th. 
During this webinar featuring members of the Identity Management Day Committee, you'll hear about: 
- Why do we need an Identity Management Day?
- What can you do as an individual, an SMB or an enterprise to #BeIdentitySmart?
- How to Become an Identity Management Champion and the resources available.
- Others ways to get involved in Identity Management Day.

Identity Management Day: How to Get Involved

While the discipline of identity and access management has been around for over 20 years, most have fallen into the field of identity and had to learn along the way. Only with the alarming number of breaches related to compromised identities, the profession has matured and become a critical need in security organizations. In the last 5 years, two organizations have emerged to address the changing identity industry - the Identity Defined Security Alliance with a focus on educating IT professionals on the importance of securing digital identities, and IDPro the first and only professional organization for identity practitioners.

In this webinar featuring IDPro Executive Director Heather Vescent and Target Sr. Director of Cybersecurity Tom Sheffield, you’ll hear how IDPro is supporting the growing, global community of professionals and how enterprises can leverage these two organizations – IDSA and IDPro – to improve their strategy and execution.

Helping Organizations Succeed in an Identity-Centric Security World

In 2023, the Zero Trust concept permeates cybersecurity departments across private and public organizations alike. When it comes to identity access management (IAM) and privilege access management (PAM), Zero Trust initiatives can strengthen security defenses against cyber threats that utilize social engineering techniques, credential-stealing malware, privilege sprawl, and lateral movement.

This webinar performs a quick survey of the efficacy of established privilege access management approaches, compares them to advanced PAM technologies, and outlines how different IAM and PAM strategies can be leveraged on the Zero Trust journey.

You will learn:
- Zero Trust concepts in the IAM/PAM context, such as Zero Standing Privilege
- TTPs that circumvent commonly used security toolsets
- Best practices to adopt as part of Zero Trust initiatives

Zero Trust Initiatives For Identity-First Cyber Resiliency

Static and inflexible policies through traditional access control methods have failed to address security risk in real-time. Enterprises are expanding on an identity-first security strategy to better support Zero Trust initiatives and address their complex, distributed environments. In this session we cover how enterprises can deliver dynamic controls for Identity-First Security in a consistent, continuous, and contextual manner by externalizing authorization. 

Learn how a centralizing authorization and distributing enforcement:

* Applies Identity context to access controls for enterprise services and systems
* Standardizes authorization across applications, API gateways, microservices and data layers
* Ensures continuous, risk-based access throughout the user journey by drawing from multiple sources for identity, threat signals, and data context
* Simplifies the way access policies are created, managed, and enforced by security and business stakeholders

The Role of Authorization in Driving Zero Trust and Identity-First Security

With the dramatic increase in the occurrence of sophisticated and high-profile cyberattacks
evidencing an evolving threatscape that is both sprawling beyond its former perimeters and
leading to the emergence of new, malicious threat tactics, the push to revamp cybersecurity
processes and re-focus security beyond the perimeter has become imperative. In their Special
Publication, 800-207, Zero Trust Architecture, NIST points to identity as the critical first step to
regaining control over the perimeter, and to Zero Trust as the best security architecture for
meeting the requirements of hybrid, cloud, and often multi-cloud network infrastructures.

NIST characterizes Zero Trust as an evolving collection of cybersecurity paradigms and concepts that allow security defenses to shift from functioning as static, network-based perimeters to functioning as parameterless defenses that work to continuously authenticate and verify users, devices, and applications. Guided by the two core mantras of “Assume breach” and “Never trust, always verify”, and built on a foundation of cybersecurity paradigms that include enforcing continuous authentication, eliminating persistent trust, implementing the least privilege, enforcing segmentation and microsegmentation, and ensuring visibility, Zero Trust can help organizations reduce the attack surface, prevent unauthorized access to data and services, and control the impact threshold of any threat that does present itself to the network.

Join this session with BeyondTrust's Chief Security Officer, Morey Haber to learn:
• Why Zero Trust is more than a buzzword when it comes to preventing a cyberattack
• What organizations need to know to distinguish Zero Trust as a concept from a
functional Zero Trust Architecture
• How to build a strategic and achievable pathway to Zero Trust

Countering the Attack: How Zero Trust is Pushing Back Against New Cyberthreats

With cybercrime on the rise, more organizations are implementing best practices such as multi-factor authentication (MFA) to protect their users from credential theft, phishing attempts and brute-force password guessing. To get around this layer of protection, hackers have developed a new tactic: MFA fatigue or MFA bombing.  It relies on spamming victims with endless authentication prompts until they grant the attacker access by accident or out of sheer frustration.  

Traditional MFA tactics have been around since the late ‘80’s.  New techniques are long overdue to solve the underlying security challenges.  Watch this webcast to learn from a cyber security veteran on how you can fight MFA fatigue with a 2-pronged strategy:  significantly improve user experience while enhancing security via a new approach to passwordless continuous authentication.   

Frictionless user experience by reducing MFA prompts by 75% (without sacrificing security) 
Comprehensive device trust with transparent and dynamic level of assurance risk scores 
Overall improved security posture by empowering users to unlock, lock, or logout using their mobile devices

MFA Fatigue – Fighting a 2-Front War

As organizations migrate to the cloud, securing human and machine identities in production environments is critical, but cloud complexity and necessary skills make it extremely difficult. To address these challenges the Cloud Infrastructure Entitlement (CIEM) Working Group subcommittee within the Identity Defined Security Alliance has introduced a new set of Best Practices. The latest cloud entitlements best practices outline how enterprises should manage their identities and privileges in cloud environments.

Join us on November 17 at 9:00 am PT, as Lior Zatlavi, Ermetic Senior Cloud Architect, who chairs the IDSA CIEM Technical Working Group - delves into the recent additions. During the webinar, Lior will explain how to jumpstart your CIEM by implementing relevant best practices such as gaining visibility through the steps to effectively manage entitlements and reduce access risk in cloud infrastructure by creating a categorized list of inventory resources, listing human and service identities, and more.

What You Will Learn:

How to apply the latest Best Practices from the CIEM TWG subcommittee, including:
    – Listing and tracking all identity relationships in your cloud infrastructure.
    – Processing logs to profile the activity of identities and detecting anomalous behavior patterns.
    – Integrating the remediation of excessive permissions to existing workflows.
    – Managing Just-in-Time access to reduce standing privilege.

Best Practices for Cloud Infrastructure Entitlement Management (CIEM)

B2B identities are an often-undetected threat to every organization – these identities frequently lurk in the shadows unnoticed, even intentionally ignored in some cases. What makes B2B identity challenges so interesting? And why is the solution elusive to most organizations? We think we have all the right tools, yet most can’t seem to put the pieces together in the right way to solve this prevalent identity challenge.

During this discussion we'll scrape away layers of misconception to expose the truth about B2B Identity and how the mystery can be solved:

- Why aren’t traditional workforce identity approaches successful?
- What lessons can we learn from the CIAM space?
- What important considerations are we mistakenly disregarding?
- Discover the answer to these questions, and more, to solve this unsolved mystery.

Unsolved Mysteries

In this increasingly digital era, identity involves more than satisfying compliance mandates. It has rapidly become an organization’s first line of defense, a business enabler, and often a board-level topic. Having strong identity management practices is now paramount for enterprises as they defend against cybersecurity threats and enable digital transformation.

But let’s face it: most Identity and Access Management (IAM) programs stay in the shadows until something goes wrong – an identity-related breach, damage to brand reputation, an audit failure, and so on. So how do you project the value of an IAM program, seek buy-in from executives and LoBs, and ensure strong identity management practices are followed? During this Cybersecurity Awareness month, let’s discuss the strategies for driving home the value of Identity Management.

Join us for this webinar to hear directly from a seasoned CSO as we discuss:

- The drivers for a strong IAM program
- What resonates with the board and the executive team
- How to get buy-in and support from the stakeholders and LoBs
- Key ingredients of a strong Identity Management program
- Successful strategies to consider

Identity as the First Line of Digital Defense for Cybersecurity

The lack of interoperability in zero-trust products is hurting adoption and is a big factor in organizations not being able to achieve their security goals through existing products. Those who claim success have cobbled together solutions using proprietary protocols and niche implementations that only address a small spectrum of the problem space. Open standards that enable continuously monitored context based access to online resources can help existing products interoperate.

In this joint webinar hosted by the IDSA and OpenID Foundation, we'll discuss a new standard that is being developed in the OpenID Foundation SSE (Shared Signals and Events) working group. CAEP (Continuous Access and Evaluation Profile) is a drastically new approach to cybersecurity that utilizes a user’s complete online footprint collected through a collaborative exchange of events and signals between multiple participating parties. Recognized by Gartner as an "innovation trigger" technology in their 2022 Digital Identity Hype Cycle, CAEP has been adopted by companies like Microsoft, exchanging millions of SSE events every day.

What You Will Learn:
How CAEP can increase the level of online security for users, identity providers, and service providers alike.
How CAEP can help achieve identity security best practices and outcomes.
What you can do to help accelerate the adoption of CAEP.

A Guide to Securing Cloud Access with CAEP

The spate of damaging cyber-attacks over the past year and efforts to reduce the risk of breach from credential compromise has led to doubts about whether OTP Push meets today’s authentication needs. In this session, we’ll assess the efficacy of Push OTP within the context of current authentication needs and trends.

In this session, we’ll assess the efficacy of Push OTP within the context of current authentication needs and trends.

Whether phishing-resistant hardware is necessary in all use cases
What are the choices for expanding authentication coverage to additional users and apps given the need to protect hybrid and more complex environments
How to achieve this with a range of modern authentication options

OTP Push: The Lame Duck of Authentication?

The number of human and service identities in an organization’s cloud/multicloud accounts is
exploding. The permissions enabling those identities to access cloud resources and applications
pose a huge risk. Excessive entitlements, defined intentionally or unwittingly, can lead to
accidental or malicious use, network exposure of resources and other ills that plague an
organization’s cloud security upon a data breach. Detecting, prioritizing and mitigating these risks
is typically hampered by lack of visibility, lack of manpower, lack of coordination and an inability
to scale protective measures.

Cloud identities and their entitlements can’t be ignored. Attend our panel of cloud security
experts to learn why identities are the new security beast to reel in, why governing access must
be core to every security program and for fresh views on using automation to remediate risk.

Reeling in the Greatest Security Risk to Your Cloud Infrastructure – Identities

CIEM

Cloud Infrastructure

Identity Management

Multi Cloud

Cloud Security

Cloud computing has exploded over the past few years, delivering a previously unimagined level of workplace mobility and flexibility. The cloud computing community on BrightTALK is made up of thousands of engaged professionals learning from the latest cloud computing research and resources. Join the community to expand your cloud computing knowledge and have your questions answered in live sessions with industry experts and vendor representatives.

Cloud Computing

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

The application development community features top thought leadership focusing on optimal practices in software development, SDLC methodology, mobile app development and application development platforms and tools. Join top software engineers and coders as they cover emerging trends in everything from enterprise app development to developing for mobile platforms such as Android and iOS.

Application Development

Enterprise applications have become a crucial piece of infrastructure for many businesses. The enterprise applications community on BrightTALK features the latest insights in enterprise application integration, enterprise application architecture and EAS software. Join the community to gain access to thousands of videos and webinars presented by recognized enterprise information systems experts and arm yourself with the knowledge you need to succeed.

Enterprise Applications

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

Reeling in the Greatest Security Risk to Your Cloud Infrastructure – Identities

Presented by

About this talk

More from this channel