Name: MFA for Machines: Bringing Zero Trust to Workload and Non-Human Identity
Start: 2025-04-08T18:59:00Z
End: 2025-04-08T18:59:30.000Z
Location: BrightTALK

This channel brings together the leading identity and security vendors and industry experts to regularly educate security leaders on how to reduce risk through identity-centric strategies. For more resources and education on identity-centric security strategies, visit www.idsalliance.org.

Every major breach headline today shares a common flaw—authentication that trusts too much. Attackers don’t need advanced exploits, they simply log in using social engineering, phishing sites, or real-time relays that manipulate human behavior. Employees feel protected by MFA apps and codes, yet those same tools are being turned against them. The weak point isn’t technology failure—it’s misplaced trust. MFA methods that depend on user judgment, shared secrets, or remote approvals are now the open door into the enterprise. In this session, we’ll expose why the tools once considered secure have become the attacker’s favorite weapon.

What Is Causing MFA and Auth Apps to be Compromised?

The IDSA Machine and Agent Identity Working Group will preview the initial work, including the Threat Analysis, Use Cases, and the Maturity Model. This is an opportunity to see the framework firsthand and gain the tools necessary to operate securely in a machine-driven world.

Attendees will learn:
-Actionable Use Cases & Threat Analysis: Real-world scenarios to guide your strategy.
-Maturity Model & Success Metrics: A defined path to measure progress and demonstrate value to stakeholders.
-Reference Architecture & AI Agent Framework: Blueprints for securing the next generation of digital entities.

Blueprint for Machine and Agent Identity

Hybrid IT has pushed traditional SSPR to its limits. Users still get locked out, systems fall out of sync, and identity teams burn time fixing the same issues on repeat. According to the Identity Defined Security Alliance’s 2025 report, hybrid complexity is now the biggest obstacle to securing identities, and inconsistent credential control is a major source of user friction.

This session explores what comes next: enterprise-controlled credential management that delivers predictable access for users, reduces operational load for IT, and finally moves password recovery and governance into a modern, scalable model.

Attendees will learn:
- How Passwords as a Service centralizes creation, rotation, sync, and recovery across Microsoft, SaaS, on-prem, and legacy systems
- How modern mass password reset works and why it matters for baseline credential health
- Practical steps to reduce password noise and improve user experience immediately
- How to standardize governance and maintain reliable access across complex environments

What Comes After SSPR: Reducing Password Friction and Re-Establishing Control in Hybrid Environments

Providing developers and operators with timely and secure access to production servers is critical. Yet legacy approaches like jump hosts and static SSH keys, create standing privilege, developer friction and compliance gaps. In this session, we’ll explore how modern identity-native approaches can deliver just-in-time SSH and sudo access to virtual machines across cloud and on-prem servers and databases.

Attendees will learn how to eliminate standing access, tie every session to your organization’s IdP, and deliver a seamless developer experience - all without relying on the complexity or maintenance of vaults, static credentials or bastions. Walk away with practical strategies for securing privileged access while keeping teams productive.

Eliminate Static Credentials: Just-in-Time SSH/Sudo Access to Virtual Machines

Zero Trust started as a way to protect human users logging into applications. Over the past decade, it has expanded to workloads, cloud services, and machine identities. Now, with the rise of agentic AI, enterprises must confront a new challenge: how do you apply identity-driven security to autonomous systems that act, decide, and interact on their own?

In this session, Chris Owen (dotNext Europe) and Apurva Dave (Aembit) trace the evolution of Zero Trust through the lens of identity. From workforce IAM to PAM, from service accounts to non-human identities, and now to AI agents, they’ll map the journey — and the pitfalls. They’ll show how legacy approaches break down, and how organizations can evolve toward policy-driven, workload-centric, AI-ready identity models.

Attendees Will Learn:

– How Zero Trust has evolved—from securing humans and workforce IAM to workloads, APIs, service accounts, and now autonomous AI agents.

– Real-world patterns and pitfalls organizations face when adapting Zero Trust to non-human identities.

– A practical framework for “AI-ready Identity & Access” and how policies can govern machine-to-machine and agent-to-agent access.

Zero Trust and Identity: Evolving from Humans to AI

As AI agents grow more autonomous, from initiating workflows, accessing sensitive data, to making decisions in real time, they challenge the core assumptions of traditional identity and access governance. In this session, Miguel Furtado explores how AI shifts the perimeter from identity to intent, and why modern IAM strategies must evolve to continuously evaluate agent behavior, authorization scope, and data access patterns. We’ll discuss what defines a true agentic AI, how intent-aware governance can fill today’s visibility and control gaps, and what practical steps can be taken to secure non-human identities and AI agents today. If identity is the control plane of the modern enterprise, intent is its next policy layer.

Rethinking IAM with Intent:  Identity Governance in the Age of AI

Standing access is a time bomb—and yet, in most orgs, it’s still the default. Developers are over-permissioned just to avoid ticket delays. Access reviews live in spreadsheets. Security teams are buried in manual cleanup and audit prep. And the patchwork of point tools meant to help? They rarely scale—or align with how your teams actually work. This session is for the teams who are asking: Is what we’re doing even working anymore? We’ll walk through a practical, field-tested approach to implementing Just-in-Time (JIT) access—starting with what you already have, proving value with one team, and scaling without creating friction.

From Tickets to Trust: How to Roll Out Just-in-Time Access without Slowing Down Engineers

Credential theft, malicious insiders, orphaned accounts—identity-based attacks have become the leading cause of breaches, while regulatory pressures demand continuous proof of security controls.

Modern Identity Governance and Administration (IGA) has evolved from cumbersome, compliance-driven implementations into streamlined, automated defense systems that safeguard enterprises at scale.

In this webinar, Omada Field Strategist Thomas Müller-Martin will reveal the 5 IGA Essentials to Strengthen Your Cybersecurity Strategy, a proven framework for transforming identity governance from reactive compliance to proactive threat prevention.

What you’ll learn:
-Recognize today’s most critical identity threats and their real-world impact on regulated enterprises
-Master the 5 IGA Essentials that enhance cybersecurity posture while simplifying operations
-See how modern IGA solutions automate threat detection, enforce least privilege, and scale across complex global environments

Join us to discover how leading organizations leverage these essentials to prevent breaches, maintain continuous compliance, and protect their most critical assets without sacrificing business agility.

The Cybersecurity Fast Track: 5 IGA Essentials to Reduce Risk

As AI adoption accelerates across organizations, traditional security approaches focused solely on license management and non-human identities are missing the bigger picture. This webinar explores a comprehensive framework for AI security that recognizes the full spectrum of AI identities in your environment, from AI users and builders to AI agents, and provides actionable strategies for discovery, protection, and defense.
We'll examine how AI security can be looked at through an identity security lens and demonstrate how runtime intelligence reveals dramatically more AI usage than static configuration approaches. Attendees will learn practical methodologies for inventorying their complete AI footprint, identifying risky access patterns, and implementing high-fidelity detection capabilities that enable faster SOC response.

AI Users, Builders, and Agents: Securing the Next Generation of Identities

By March 2026, public TLS certificate lifespans will halve—and eventually shrink to just 47 days by 2029—driving urgent change in how organizations manage certificate renewals, and ultimately, digital trust. TLS certificates are the machine identities that underpin secure communication on the internet. Manual certificate tracking at the scale demanded by 47-day renewals simply won’t be feasible. And without automation, shortened lifecycles increase the risk of outages and compliance failures. Now is the time to implement a modern, automated certificate management strategy to safeguard trust, ensure compliance, and keep pace with the internet’s accelerating demands. You'll leave the session with practical guidance on how to:
- Modernize your certificate lifecycle management with scalable automation
- Align risk communication across technical teams, leadership, and the board
- Budget for the transition and articulate the cost of inaction
- Prepare your infrastructure for continuous 47-day renewal cycles, essential for public PKI and increasingly valuable for internal systems

From Chaos to Control: Automating Machine Identity Security Before the 47-Day Certificate Deadline

Salt Typhoon proved that attackers are exploiting identity blind spots in the network layer to bypass controls and move laterally. This session explores how traditional PAM and NAC tools leave routers, switches, and firewalls exposed, and why identity-first security must extend beyond IT systems. We’ll break down the attack path, highlight key lessons from Salt Typhoon, and show how applying Zero Trust principles at the network layer can stop similar breaches before they start.

Zero Trust Falls Short Without Network Identity: Lessons from Salt Typhoon

A single stolen password can bring your business to its knees — unless you can recover in hours, not days. The first 72 hours after a credential breach determine whether you contain the incident or face a full-scale crisis. Regulatory mandates, cyber insurance requirements, and customer trust all demand rapid recovery, yet many enterprises still rely on password management processes that take days. This session introduces a vendor-neutral, identity-first framework for 72-hour recovery, covering detection, containment, and large-scale access restoration while ensuring compliance. You’ll leave with a clear, adaptable roadmap to strengthen resilience, minimize downtime, and align identity practices with today’s threats. Identify the compliance, insurance, and business pressures driving the 72-hour identity recovery window. Master the critical steps for rapid detection, containment, and large-scale credential restoration. Avoid the hidden process and technology gaps that turn hours into days. Measure your organization’s recovery readiness against industry best practices — and know how to close the gap.

72-Hour Recovery Plan for Enterprise Password Management

Learn how your organization can join Cybersecurity Awareness Month this October. This webinar will walk you through the 2025 campaign theme, key messages, and the suite of free resources available to help you raise awareness within your organization and beyond. From simple social media posts to full-scale internal awareness campaigns, this session will equip you with the knowledge and materials you need to make an impact in your organization.

Attendees will learn:
• The ready-to-use tools and templates available to support your campaign
• Creative ideas for engaging employees and building a culture of cybersecurity
• Tips for aligning your campaign with the broader national effort

How to Get Involved in Cybersecurity Awareness Month

As identity becomes the new security perimeter, the urgency to modernize identity governance is growing but evaluating IGA solutions can be complex, especially with evolving cloud architectures, regulatory demands, and rising security expectations.

In this practical session, Omada will walk through a framework for evaluating Identity Governance & Administration (IGA) solutions, grounded in real-world RFP guidance. You’ll learn how to frame your requirements, identify deal-breakers early, and ask the right questions to avoid costly missteps.

Attendees Will Learn:
• Key considerations for choosing a modern IGA solution (scalability, integration capabilities, usability etc.)
• Practical insights for comparing vendors
• Must-ask evaluation questions to uncover platform maturity and vendor fit
• Tips for selecting the right solution for your organization

Whether you're planning a formal RFP or assessing your current solution, this session will help you take a structured, security-aligned approach to choosing a modern IGA platform.

Evaluating IGA Solutions: Questions to Ask in Your RFP

Since we always lack budget and resources then what's the strategy? We can't do it all but there is an approach that will help you meet today’s security challenges whether you have a team or not.

This session digs into this security strategies, both practical and controversial, and a lot more as Den Jones, Founder & CEO at 909Cyber, provides some proven tested strategies that help thwart today's attacks.

What's Your Security Strategy?

Machine identities—from service accounts to cloud secrets—are exploding in number. Yet most compliance programs can’t keep up. In this hands-on walkthrough, you'll see how Segura provides complete visibility, policy-based automation, and audit-ready reporting for machine identities. Watch a live demo, hear expert commentary, and leave with a roadmap to protect non-human access and simplify compliance.

Attendees Will Learn:
– How to identify and inventory machine identities across hybrid and multi-cloud environments
– How to apply privileged access and secrets management to control non-human identities
– Real-world examples of how to automate discovery, policy enforcement, and auditing
– How to bridge the gap between DevOps, security, and compliance for continuous oversight
– Which metrics and tools are essential for aligning machine access with SOX, ISO 27001, PCI-DSS, and NIST compliance requirements

Simplifying Machine Identity Compliance - Live Walkthrough

It’s no surprise tech investments in Artificial Intelligence (AI) and cybersecurity are on the rise. The top priority for C-Suite (52%) is to speed up digital transformation, and now security leaders must tackle a new, exploding attack surface – machine identities & AI agents – while breaking silos and doing more with less.

Identity is at the center of this rapid change. Today, machine identities outpace humans by a ratio of 82:1. Join us live as CyberArk Chief Strategy Officer Clarence Hinton explores trends, market dynamics and other pressing issues shaping the 2025 identity security landscape.

Identity Security in 2025: Top Trends from 2,600 Security Decision-Makers

Disconnected applications pose a significant challenge to identity lifecycle management, often operating beyond the reach of traditional identity governance platforms. This results in risks like orphaned accounts and compliance gaps. In this webinar, Henrique Teixeira (SVP of Strategy at Saviynt) and Belsasar Lepe (CEO of Cerby) will explore why addressing this “last mile” is crucial. They will demonstrate how integrating Saviynt’s governance framework with Cerby’s automation platform enables end-to-end access governance—without the need for APIs or SCIM.

Attendees Will Learn:
-Why disconnected applications create critical identity governance challenges
-How automation addresses the “last mile” in identity lifecycle management
-The benefits of integrating Saviynt’s governance with Cerby’s automation platform
-A demonstration of a joint solution enabling access governance without APIs or SCIM
-Insights into the future direction of identity governance

Solving the Last Mile in Identity Lifecycle Management: Why Automation Is the Future

IAM Program owners must deal with the fact that identities are the most dispersed set of artifacts to manage and the most exploitable attack vector to secure. But fragmented identity systems lead to siloed identity sprawl, making it hard to reign in daily operations. Join Axonius to learn how aggregated asset data and intelligence across the entire identity fabric enables unified lifecycle actions, governance, posture, and hygiene operations in one place.

Take Action With Consolidated Identity Operations

There is an ever-widening gap between the threats to identities and access control and our ability to defend against those threats. Bad actors know it, and they exploit gaps in traditional, outdated security controls. Without a new identity security paradigm to meet new challenges, defense will fall behind and risk will increase. This new paradigm must protect a full spectrum of identities, break silos with unified discovery, policy creation and management across environments, grant privileges based upon context and risk, include ITDR and pre and post authentication projection. Learn how organizations build comprehensive security programs to meet today’s threats.

Securing the Future: The New Identity Security Paradigm for Cyber Leaders

Attackers are targeting identity like never before, and many companies are still relying on tools that can’t keep up. With AI powered threats, exploding SaaS use, and supply chain risks, defenses are under serious strain. In this fast moving 45 minute session, we’ll cut through the noise to show how identity attacks are evolving and what leading CISOs are doing about it. You’ll get real world lessons, a look at why legacy strategies fall short, and practical ways to help you strengthen identity security before an attacker makes the choice for you.

Modern Identity Threats: What CISOs Need to Know and Act On in 2025

Identity attacks have officially reached the SMB market, bringing new challenges for businesses that often lack the knowledge, resources, or scale to effectively defend against them. As a result, Managed Services Providers (MSPs) have stepped in to bridge the gap. However, securing identity across hundreds or even thousands of companies comes with its own set of complexities. Learn how MSPs are tackling this evolving threat—and what it takes to safeguard identities at scale.

IAM isn’t just for Enterprises – How MSPs are Helping SMBs Secure the #1 Attack Vector

Agentic AI is emerging as the next big shift in identity security, but what’s hype and what’s real? Today’s tools still rely on manual work and standards-based integrations, leaving gaps that attackers exploit and IT teams struggle to manage. This is where AI-driven solutions step in to automate workflows, secure access to any app, and adapt to threats in real time. But where can it add the most value, and what should IT and security leaders be watching for? In this session, we’ll break it down in clear, practical terms—what’s possible today, what’s coming next, and how to prepare for the future of identity security.

Agentic AI for Identity: Smarter, Faster, and More Secure

During the past 10 years I’ve participated in many security incidents, received confidential readouts of other company incidents, collaborated with top well-known incident response firms as well as government agencies. It’s with these experiences and learnings I’ve applied an overlay of Zero Trust to the problem. Having also delivered Zero Trust strategies at two globally-recognized enterprises we can speak to the reality of the problem and solution.

In 2022 I presented how my Enterprise Security teams delivered Zero Trust at Adobe and Cisco. So, let’s talk about why we prioritized the initiative;a forward thinking strategy that really defended against the attacks we were seeing. During this session we’ll discuss some high-profile security incidents from the past year, reviewing the themes, kill chain, and how or where a Zero Trust strategy might help prevent the attack, slow them down, or reduce risk.

As an example, many high profile hacks all started similarly. Related to an employee or contractor credential theft (or purchase) and an MFA fatigue or bypass. These are NOT highly sophisticated attacks and there are strategies that can save your bacon.

Today's Attacks Deserve Better. Stop using Yesterday's Strategies

Identity is no longer just about humans. With non-human identities (NHIs) - service accounts, API keys, and bots - outnumbering users, enterprises face an existential identity crisis. Traditional IAM can’t keep up with identity sprawl, new attack vectors, and machine-driven access.

Join Oasis Security as we share frontline stories on how security leaders are adapting to IAM 2.0 - a shift beyond human-centric identity. Learn how to secure non-human identities, close critical gaps, and embrace the future of identity security.

IAM 2.0: Tales from the Frontline

Discover simple yet effective strategies to protect your online identity. Presented in partnership with the National Cybersecurity Alliance, this talk addresses today's identity challenges, including virtual, machine, and remote-work identities. Learn practical cyber behaviors anyone can adopt—like strong passwords, multi-factor authentication, and least privilege principles—highlighted by real-world anecdotes and the latest insights on generational differences and increasing cybersecurity dependence. Perfect for non-technical managers seeking easy-to-implement solutions, you'll leave equipped with clear guidance and actionable steps to enhance online safety for yourself and your organization.

Easy Ways to Stay Safe Online: Practical Identity Management Anyone Can Follow

Zero Trust has become a cornerstone of modern cybersecurity, but without a strong Identity Governance and Administration (IGA) foundation, organizations risk leaving critical gaps in their security strategy. In this session, we’ll explore why Identity is at the core of Zero Trust and how IGA enables key principles like least privilege, continuous verification, and policy-based access control.
We’ll break down how IGA extends beyond Zero Trust, delivering value in compliance, risk reduction, and operational efficiency. Finally, we’ll discuss Omada’s best practice approach to IGA, offering practical insights on how organizations can integrate Identity Governance into their Zero Trust framework for a more resilient security posture.

Zero Trust Without IGA is Not Zero Trust

In a world where AI singularity is within reach, the line between human and machine is increasingly blurred. More Human than Human explores the profound impact of artificial intelligence and automation on our understanding of the future of identity and cybersecurity. This session takes you on a compelling journey through the evolving landscape of identity management and identity security, where the interactions with human and non-human identities create unprecedented challenges, and opportunities for organizations.

More Human than Human: A Riveting Story About Machines, AI, and Identity

Here we have welcoming remarks and the Awards sponsor, CyberArk will present the four Identity Management Day awards:

- Enterprise Project of the Year
- SMB Project of the Year
- Innovative Use of New Technologies
- Identity Management Leader of the Year

Welcome and Awards Presentations

The Asia-Pacific region is home to 4.78 billion people, 36 countries, 3000+ languages, and 11 major religions. It’s hard to have a unified identity. This session will share the experience of collaborating with partners in Japan, Singapore, and Korea to build real-world use cases on digital ID and micro-credentials and establish industry standards and governance models.

Overcoming Barriers to Inclusion: Cross-border Ecosystem of Trust and Innovation in Digital Identity

Splitting an active company into two distinct entities raises numerous challenges in IT, compliance, HR, and Legal. Learn from my firsthand experience of keeping access active and processes flowing while inserting compliance barriers, bringing up new tenants of existing tools, and communicating all this to a busy workforce. If you’ve navigated or anticipate organizational splits, learn how identity management can either smooth the transition or amplify confusion, and discover how proactive coordination can prevent costly mistakes.

Split Happens: Navigating Identity Pitfalls When a Company Divides

Who is truly behind the access in your environment? What identities are operating unchecked? Where are they hiding? When do they become a risk? And why are traditional identity approaches failing to secure them?
In most organizations, non-human identities (NHIs) outnumber human users. Yet, security teams continue to rely on static inventories that provide a false sense of control. Discovery isn't just about knowing what exists—it’s about understanding context, behavior, and risk.
Join us as we redefine what identity means in an automated world and show you how to uncover and control the NHIs shaping your security landscape.

When Machines Become Users: Are You in Control?

Artificial intelligence (AI) is transforming identity management, enhancing security, authentication, and fraud prevention for businesses. AI-driven systems streamline user verification, improve compliance, and reduce human errors. However, these advancements come with risks, including biased algorithms, data privacy concerns, and cybersecurity threats. While AI strengthens identity protection, businesses must address ethical and security challenges to prevent misuse. Understanding both the benefits and risks of AI in identity management is crucial for organizations aiming to balance efficiency and security in a rapidly evolving digital world.

AI in Identity Management for Businesses: Risks and Benefits

Effective Identity Governance and Administration (IGA) demands stakeholder engagement beyond IT. This session articulates how executive sponsorship aligns IGA with the Digital Operational Resilience Act (DORA) and the NIS2 Directive, transforming what’s often seen as a technical function into a strategic, enterprise-wide initiative. Attendees will learn how to:

Secure C-level endorsement to foster a culture of shared responsibility and drive business value
Implement modern, AI-enabled solutions that automate access reviews, accelerate provisioning, and ensure compliance
By focusing on tangible, regulatory-driven use cases, this talk reveals how IGA can strengthen cybersecurity, streamline operations, and help meet evolving regulatory obligations.

Driving Stakeholder Engagement for DORA and NIS2 Compliance

As organizations navigate a rapidly evolving threat landscape, identity is no longer a backend IT function—it's a core element of cybersecurity strategy. This session will focus on how to translate strategic identity governance frameworks into real-world, practical security outcomes.

Bridging Strategy and Reality: Practical Identity Governance in an Evolving Threat Landscape

Welcome to the second of the three regions in Identity Management Day 2025

Welcome to the EMEA Region Identity Management Day Remarks

This presentation explores the evolving career paths of identity and access management professionals, highlighting key skill development trends from the annual IDPro Skills Survey. It will show how community-led initiatives like IDPro and the CIDPRO certification can support practitioners at all stages—from early-career to leadership—by helping define roles, share knowledge, and build confidence in a fast-changing field.

Level Up: Why IDPro & CIDPRO Matter for Your Identity Career

Journeys Into Passkeys – A Fireside Chat discusses the introduction of passkeys at UniSuper, highlighting the motivations behind this decision, the challenges faced, and the collaborative efforts across various teams to ensure a smooth delivery and rollout.

Journeys Into Passkeys – A Fireside Chat

This session explores how identity has become the cornerstone of modern security, with traditional tools like SSO and MFA no longer sufficient to protect against evolving threats. We’ll discuss the importance of adopting a unified identity security strategy that goes beyond authentication, focusing on preventing identity-based attacks, enforcing least privilege access, and quickly identifying potential threats. Gain insights into building a comprehensive identity security posture to strengthen defenses and achieve secure outcomes across the organization.

The Power of Unified Identity

Our industry recognises that Passkeys are the most secure method to protect a user's digital identity today. This begs the question, "Why is this taking so long?" - This session will provide you with real world messaging and examples for use as an Identity Practitioner to address the question posed. The session will discuss hardware and software backed Passkeys and how each can help accelerate the adoption of phishing resistant authentication and therefore reduce the number 1 security challenge we face today.

Protecting the "Digital You" - Simplifying Passwordless Adoption

A short, sharp and to the point presentation on the top threats and trends in the identity management space today.

It’s the Identity, Stupid: Top threats & trends in Identity Security

Implementing identity solutions is challenging enough — but what happens when you’re working with limited resources and low organizational awareness?

Identity Implementation in Low-Security-Aware Organisations on Budget

Human and non-human identities are now core components of the access control perimeter. To effectively protect them, an understanding of their unique security challenges is crucial.

This talk will delve into those challenges and explore practical strategies for securing these critical identities.

Controlling the Silent Threat: Mechanisms for protecting Human and Non-Human Identities

Identity and Access Management (IAM) is on the cusp of transformation as AI assistants redefine how organizations manage permissions, access controls, and security policies. 

Join Merill Fernando for an illuminating session that bridges theory and practice through live demonstrations of AI-powered IAM workflows. Learn how Large Language Models combined with the Model Context Protocol are enabling natural language interactions with complex IAM systems, automating routine tasks, and enhancing security decision-making. 

Discover how these technologies will simplify administrator workflows. This session will showcase practical implementations using open-source components and open standards that you can begin exploring immediately.

Beyond Permissions: How AI Assistants Will Revolutionize Identity Management

As digital identities become more complex, securing customer identity requires an adaptive, AI-driven approach that goes beyond static authentication.

Securing the Existential Identity: Adaptive AI-Driven Protection Beyond Authentication

Non-human identities—such as service accounts, application identities, bots, and workload identities—are multiplying rapidly, creating a hidden attack surface in modern enterprises. As automation and cloud adoption surge, so too does the sprawl of unmanaged non-human identities, exposing organizations to serious risks.

Join us for an in-person session as we unpack findings from a recent global survey on non-human identity security. With 69% of organisations now managing more non-human identities than human ones, the research highlights a major shift in the identity landscape—underscoring the scale, complexity, and urgency of the challenge. We’ll explore emerging trends and discuss how to bring structure to the chaos through stronger governance and control.

If you’re an IT leader, security professional, or risk manager, this session will equip you with practical insights to help secure your enterprise

Rise of the Machines: How to Rein in the Non-Human Identity Chaos

This session dives into the crucial role Multi-Factor Authentication (MFA) plays in strengthening security by requiring multiple layers of user identification—such as passwords, tokens, biometrics, and even behavioural signals. We explore the key drivers fuelling the widespread adoption of MFA, including the need to stay ahead of growing cyber threats, meet regulatory requirements, and address the challenges posed by an ever-expanding tech landscape. 

The session highlights the importance of effective MFA implementation, stressing the need for comprehensive risk assessments, threat modelling, and continuous improvements. We also tackle the key technology considerations, including cost, compliance, and the shift toward standards-based solutions, while emphasizing the need for ongoing monitoring and strategy evolution. Lastly, we discuss the exciting trends in security, such as passwordless authentication and AI-powered adaptive authentication, which dynamically adjust security levels based on user behaviour and context.

Empowering Authentication with MFA

Welcome to the Oceania/Asia Region Identity Management Day Remarks. Jeff will share some observations on Existential Identity in 2025.

IDSA Identity Management Day Remarks - Existential Identity

Welcome to the first of the three regions in Identity Management Day 2025

Oceania/Asia Region Identity Management Day Kickoff

Identity Management Day 2025

We enforce MFA for human users because we know passwords alone aren’t enough. So why are workloads—APIs, services, containers—still authenticating with static secrets that rarely change? Attackers know this gap exists, and they exploit it constantly.

David Goldschlag, CEO of Aembit, introduces the next step in Zero Trust: MFA for machines.

Zero Trust shouldn’t stop at human users. It’s time to hold workloads to the same security standards, and we now have the technology to do it.

MFA for Machines: Bringing Zero Trust to Workload and Non-Human Identity

Identity Management

Identity Management Day

Cloud computing has exploded over the past few years, delivering a previously unimagined level of workplace mobility and flexibility. The cloud computing community on BrightTALK is made up of thousands of engaged professionals learning from the latest cloud computing research and resources. Join the community to expand your cloud computing knowledge and have your questions answered in live sessions with industry experts and vendor representatives.

Cloud Computing

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

Increasing expectations for good governance, effective risk management and complex demands for corporate compliance are presenting a growing challenge for organizations of all sizes. Join industry thought leaders as they provide you with practical advice on how to implement successful risk and compliance management strategies across your organization. Browse risk management resources in the form of interactive webinars and videos and ask questions of expert GRC professionals.

IT Governance, Risk and Compliance

The application development community features top thought leadership focusing on optimal practices in software development, SDLC methodology, mobile app development and application development platforms and tools. Join top software engineers and coders as they cover emerging trends in everything from enterprise app development to developing for mobile platforms such as Android and iOS.

Application Development

Enterprise applications have become a crucial piece of infrastructure for many businesses. The enterprise applications community on BrightTALK features the latest insights in enterprise application integration, enterprise application architecture and EAS software. Join the community to gain access to thousands of videos and webinars presented by recognized enterprise information systems experts and arm yourself with the knowledge you need to succeed.

Enterprise Applications

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

MFA for Machines: Bringing Zero Trust to Workload and Non-Human Identity

Presented by

About this talk

Identity Defined Security Alliance