This week saw the 13th European Identity & Cloud Conference hit Munich. The five-day spectacle brought over 200 expert speakers, 50 vendors, and numerous expert implementation partners, all discussing the current trends in the digital identity and access management space.
Good News in Digital Identity
A really refreshing part of many corridor discussions was a general consensus around how some of today’s largest identity, privacy and security problems, are being solved (if you squint a little!).
One of the topics that certainly occurred in several of my conversations with customers and vendors alike, was the need to correctly apply context to the authentication and authorization processes. We know concepts such as intelligent driven authentication are now the main foundation for how projects deliver simple to use yet secure user experiences, but more is needed!
The Journey Continues
The next part of that journey is the ability to collect, store, and analyze context throughout entire user login and resource access journey. Steve Hutchinson, a board member of IDPro organization, gave a great real world account of how modern organizations can work towards this, followed by a great panel, where we mulled over the prospect of how machine learning can contribute to the analysis and attempt to get organizations closer to a trusted access design model based on Zero Trust or CARTA.
Switching gears, privacy remains as hot a topic as ever. Not just from a compliance perspective - aka GDPR - but more from an end user viewpoint. How can the end user be empowered to have better visibility over who accesses their data - and more importantly, how that data is used? A person may want to “control” their data, but it is generally the role of the application owner to decide what attributes they need to describe a user of their service.
The vehicle for those data process flows is typically APIs and some interesting panel discussions around modern API security. OAuth2 has a huge role to play here, along with MTLS, microsegmentation, edge enforcement and new transaction and performance demands. It all made some for some great chats over excellent KuppingerCole logo printed cappuccinos and the evening’s weissbier.
Cloud automation of identity platforms and the integration of machine learning were two other areas where real world examples and use cases where exchanged. Digital IAM is a complex beast and having the ability to outsource the build-run-operate component was a consistent theme for many CISOs.
The 14th KC EIC event has already been announced for 2020. Will be great to return, to see the progress the industry makes towards a more continually secure and privacy enabled future.
Until next time Munich, Auf wiedersehen!
For more info on these digital identity topics and ForgeRock in general, visit us here.