Identity Management Day 2023: StrataNorth’s Experience at the IMD 2023 Virtual Conference
Last week, StrataNorth, had the honor of being a silver sponsor at the Identity Management Day (IMD) 2023 Virtual Conference. Hosted by the Identity Defined Security Alliance, this event brought together experts from various industries to discuss the challenges and advancements in identity management and security. In this blog post, we will share our experience at the event, the value we gained, and our thoughts on the insightful presentations delivered by other sponsors and presenters.
But first.
Before we get started, we want to send a big thank you to all of the people running the event. The event was exceptionally smooth, and being a virtual event can sometimes be an extreme challenge. So we extend our deepest gratitude to everyone who helped this event become a reality.
Keynote Presentations
Identifying What’s Wrong with Identity
The conference began with a thought-provoking keynote panel that delved into the challenges and issues surrounding identity management in today’s digital world. Panelists from various backgrounds shared their insights on the need for robust and effective identity management systems to prevent security breaches and ensure data privacy.
The keynote panel explored the reasons behind persistent identity-related breaches despite the ubiquity of identity usage in our digital lives. Panelists highlighted that every online activity we engage in is dictated by our identity, authentication, and access authorizations. The discussion delved into key aspects that need improvement to better support and manage identities and prevent the issues arising from identity compromises. Some of the main topics covered in the panel included Privacy, Zero Trust, Passwordless, Artificial Intelligence, and Security 101.
Key Learnings from the Panel:
Identify the key components for your strategy on identity management and protection
The panel emphasized the importance of understanding and incorporating essential elements into an effective identity management and protection strategy tailored to an organization’s unique needs and challenges.
Look for the latest in processes and technologies in identity management
As the field of identity management continues to evolve, panelists encouraged attendees to stay informed about cutting-edge processes and technologies that can help bolster their identity management systems.
Go back to the basics and employ fundamental security practices
Despite advancements in technology, the panelists reminded attendees not to overlook the basics of security practices, as they form the foundation for any successful identity management strategy.
Know where to look for new trends in identity and identity management
The experts shared valuable insights on how to keep up with emerging trends in the realm of identity management, which can play a crucial role in staying ahead of the curve and addressing potential vulnerabilities. Events like this are a perfect place to keep up.
The keynote panel provided the audience with a comprehensive understanding of the current challenges in identity management and offered actionable insights to help prevent identity-related breaches.
Unlocking the Potential of Identity Management
The next session focused on how businesses can fully leverage the potential of identity management. Attendees learned about the benefits of implementing advanced identity management systems, including improved security, streamlined user experiences, and reduced operational costs.
This session provided a comprehensive overview of the current state of digital identity management across the globe, focusing on government-led digital recognition and ID systems in the European Union. Panelists discussed the challenges and opportunities in implementing similar systems in the United States while balancing the need to safeguard privacy, prosperity, and liberty.
Drawing from international examples and case studies, the discussion highlighted the growing wave of identity management innovation and the collaborative efforts required to build a more secure and interconnected world.
Key Learnings from the Session:
Understand the international digital identity landscape
The panel provided an in-depth analysis of the current global digital identity landscape, showcasing various approaches adopted by countries and regions to manage and secure digital identities.
Safeguard privacy while securing digital identities
A primary concern raised during the session was the need to protect individual privacy while implementing robust digital identity systems. Panelists shared best practices and strategies to strike the right balance between security and privacy.
Envision the future of digital identity systems in the U.S.
The session explored the potential development and implementation of digital identity systems in the United States, considering factors such as public sentiment, existing infrastructure, and potential challenges.
Anticipate public reaction to digital identity systems
Panelists emphasized the importance of understanding and addressing potential public reactions to implementing digital identity systems. This includes fostering open communication, transparency, and education to ensure public buy-in and trust in the new systems.
The session offered valuable insights into the future of identity management and the necessary steps to create a more secure digital environment while respecting individual privacy and fostering global cooperation.
Establishing Digital Identity Security Best Practices with IDPro
In this session, IDPro representatives shared their expertise on best practices for digital identity security. Participants gained valuable insights into building a comprehensive identity management strategy that addresses the ever-evolving security landscape.
The session brought together identity professionals to share their experiences and insights on effective Identity and Access Management (IAM) practices for protecting and securing digital identities. IDPro, an organization dedicated to helping its members collaborate on best practices for developing and maintaining digital identity management tools, facilitated the session.
Heather Vescent, IDPro President and Executive Director, hosted the session and welcomed several guests who shared their IAM best practices and addressed identity challenges within their organizations.
Key Learnings from the Session:
Best practices to build your IAM team
The panelists shared their experiences and recommendations for assembling a strong IAM team, emphasizing the importance of diverse skill sets, experience, and backgrounds to create a well-rounded and effective team.
Growing your IAM talent pipeline
Developing and nurturing a robust talent pipeline is crucial for the ongoing success of any IAM program. The experts discussed strategies for attracting and retaining top talent, including mentorship programs, employee development initiatives, and fostering a robust organizational culture.
How to address typical organizational challenges
Panelists acknowledged that organizations often face various challenges when implementing IAM best practices. These may include resource constraints, competing priorities, and resistance to change. The session offered practical advice on navigating these challenges, emphasizing the importance of clear communication, collaboration, and executive buy-in.
The IDPro-led session provided valuable insights and best practices for establishing effective digital identity security, offering attendees a roadmap for achieving IAM excellence within their organizations.
Breakout Sessions and Presentations
SecureAuth Presents: MFA is so 80’s
With a creative touch of 1980’s references and retro-style slides, the “MFA is so 80’s” session presented by SecureAuthexplored the evolution of Multi-Factor Authentication (MFA) and the transition to invisible MFA as part of passwordless continuous authentication. The session acknowledged the drawbacks of traditional MFA, such as poor user experience and increased MFA bombing attacks, despite its enhanced security compared to Single Sign-On (SSO) and Two-Factor Authentication (2FA).
Invisible MFA, the session explained, offers all the security benefits without the friction experienced with legacy MFA methods. Attendees learned the differences between traditional MFA and the latest invisible MFA technology and how to deploy it quickly and cost-effectively.
Key Learnings from the Session:
The differences between legacy MFA and the latest invisible MFA technology
The presentation highlighted the advancements in MFA technology, emphasizing the benefits of adopting invisible MFA, including improved user experience and reduced vulnerability to MFA bombing attacks.
Best practices on how to evaluate Authentication vendors
The session provided valuable guidance on selecting the right authentication vendors by comparing features, implementation capabilities, and support for invisible MFA technology.
Balancing security and user experience with intelligent MFA
The experts demonstrated how intelligent MFA can help organizations effectively address the dual challenges of maintaining robust security while optimizing user experience.
Customer tips and tricks on deploying invisible MFA quickly and cost-effectively
The session shared practical advice from customers who have successfully implemented invisible MFA as part of passwordless continuous authentication. These insights will help attendees achieve rapid deployment, save money, and attain high user adoption rates.
The engaging “MFA is so 80’s” session offered a fresh perspective on the future of MFA and how organizations can transition to invisible MFA for improved security and user experience.
Stronger Authentication, Stronger Identities
The “Stronger Authentication, Stronger Identities” session delved into the growing consensus that the time has come to move beyond passwords to improve the overall identity ecosystem. The challenge lies in determining the right alternative to replace them. FIDO Authentication standards have emerged as a leading contender, garnering public and private sector support.
The session explored the importance of authentication in the identity management landscape, offering insights into the latest trends and standards for simpler and stronger authentication methods. It also highlighted the collective efforts required to reduce global reliance on passwords.
Key Learnings from the Session:
The Significance of Authentication in the identity ecosystem
The panelists emphasized the critical role of authentication in ensuring secure and seamless digital experiences, highlighting its potential to strengthen the overall identity management process.
Latest trends and standards for simpler and stronger authentication
The session provided an overview of the emerging trends and standards in authentication, including FIDO Authentication, which aims to offer user-friendly and secure alternatives to traditional passwords.
Collaborative efforts to reduce global reliance on passwords
The experts discussed the need for a collective approach to transition away from password-based systems on a global scale. This includes fostering widespread adoption of advanced authentication methods and raising awareness about their benefits.
Implementing FIDO Authentication standards
The session offered practical guidance on adopting FIDO Authentication standards within organizations, showcasing their potential to enhance security and simplify user experiences.
The “Stronger Authentication, Stronger Identities” session presented a compelling case for moving beyond passwords and embracing advanced authentication methods, such as FIDO Authentication, to fortify digital identities and improve the overall identity ecosystem.
OpenID Shared Signals, CAEP, and RISC: Real-World Use Cases
The “Open ID Shared Signals, CAEP, and RISC: Real World Use Cases” session focused on the growing importance of zero-trust architectures and their demand for better session control across distributed cloud services. Open standards, such as OpenID Shared Signals and CAEP, enable companies to enhance session control by facilitating the exchange of asynchronous events between services. The session provided an in-depth look at real-world use cases drawn from existing and planned implementations of these protocol standards.
Key Learnings from the Session:
Standards-based solutions for zero-trust use cases
The panelists discussed how adopting standards-based solutions, such as OpenID Shared Signals and CAEP, can help organizations effectively address the challenges presented by zero-trust architectures.
Features of existing standards: SSF, CAEP, and RISC
The session provided a comprehensive overview of the features and benefits of existing standards like SSF, CAEP, and RISC. It explained their role in improving session control and security in cloud services.
Industry adoption of open standards
The experts shed light on the current state of industry adoption of these open standards, highlighting the increasing interest in and implementation of these protocols to enhance security and session control in distributed cloud environments.
How to adopt or implement open standards
The session offered practical guidance on adopting and implementing open standards like OpenID Shared Signals and CAEP within organizations, outlining the steps required to integrate these protocols into existing systems and processes.
By examining real-world use cases, the “Open ID Shared Signals, CAEP, and RISC” session demonstrated the potential of open standards to improve session control and security in distributed cloud services, offering valuable insights to organizations looking to enhance their zero-trust architectures.
Identity as a Key Enabler of Zero Trust
The day’s final session focused on the role of identity in implementing Zero Trust security models. Experts discussed the importance of establishing a strong identity foundation to enable effective Zero Trust strategies.
The “Identity As a Key Enabler of Zero Trust” session emphasized the critical role of modern Identity Management in the implementation of Zero Trust architectures. It highlighted the need to move beyond the traditional approach of managing access within a safe perimeter, recognizing that identity is now on the front lines of infrastructure security.
The session explored the steps taken by CISA to develop a defensible security foundation through investments in identity management and how it fits into their broader vision of creating a more secure-by-design technology fabric.
Key Learnings from the Session:
The Importance of Modern Identity Management in Zero Trust
The panelists stressed the need for a modern approach to Identity Management that focuses on securing access across various environments, making it a vital enabler of Zero Trust architectures.
Evolving from traditional to modern Identity Management
The session underscored the importance of transitioning from the traditional perimeter-based approach to a more dynamic, identity-centric security model that addresses the challenges presented by today’s distributed and interconnected digital landscape.
CISA’s efforts to develop a defensible security foundation
The experts discussed the steps taken by CISA in developing a resilient security foundation through strategic investments in Identity Management, showcasing their commitment to fostering a more secure digital ecosystem.
Integrating Identity Management into a secure-by-design technology fabric
The session highlighted the crucial role of Identity Management in CISA’s broader vision of creating a secure-by-design technology fabric, emphasizing the need for comprehensive, integrated security solutions that enable Zero Trust.
The “Identity As a Key Enabler of Zero Trust” session provided attendees with valuable insights into the essential role of modern Identity Management in establishing Zero Trust architectures and fostering a secure digital environment.
Conclusion
Identity Management Day 2023 was an enlightening and valuable experience for us here at StrataNorth. As identity experts, our event sponsorship demonstrates our commitment to staying at the forefront of identity and security, ensuring we can continue providing top-notch solutions for our clients. We are grateful for the opportunity to sponsor and participate in the event. We look forward to applying the knowledge and insights gained to help our clients achieve their identity management and security goals. We would like to thank the Identity Defined Security Alliance for hosting the conference and all the sponsors, presenters, and attendees who contributed to its success.
Sponsors
Thank you to all of our fellow sponsors and exhibitors!
How StrataNorth Can Help.
If you are ready to transform your business’s Identity and Access Management and are looking for experts to guide you, StrataNorth has Identity and Access Management consultants with decades of experience. We can help you reach Identity and Access Management nirvana and give you a roadmap for success. Reach out for a no-cost, no-obligation chat with an Identity and Access Management expert today.