On May 28, 2024, the first Innovation Workshop was held at Identiverse. In a packed room, participants held a lively discussion focused on overcoming obstacles to empower innovators to advance identity and security.

Dr. Tina P. Srivastava, Co-Founder of Badge Inc., and Bob Blakley, Co-Founder of Mimic and former Global Director of Information Security Innovation at Citi, two identity leaders, led the workshop. Pam Dingle, Director of Identity Standards at Microsoft, acted as the facilitator.

Why a Workshop?

Identity is becoming a cornerstone of modern IT infrastructure, serving as a new perimeter. Therefore, the need for cutting-edge innovation is not just a nice-to-have but a need-to-have as identity solutions are safeguarding access to the most important networks, information, systems, and our personal data. Teams tackling identity and security, whether in organizations or companies, need to innovate and draw from a diversity of ideas and include new people in identity projects, and yet there are challenges in bringing in and empowering these innovators. Innovating in the context of intellectual property constraints, national security restrictions, and tight budgets is challenging. Yet it is imperative.

Dr. Srivastava shared research from her book Innovating in a Secret World: The Future of National Security and Global Leadership, including examples from the pharmaceutical industry, an industry cloaked in secrecy given the high costs of R&D and need for intellectual property protection.

Identity Innovation is Essential

Identity is essential to access healthcare services, financial systems, and the economy, so innovation must account for the whole spectrum of user experiences. Pam Dingle brought the audience into the conversation. Drawing on their respective experiences from national security defense and financial institutions, two of the most high-security fields, Dr. Srivastava and Dr. Blakley shared practical guidance on navigating these hurdles. During this interactive workshop, Tina and Bob led a discussion about the importance of bringing in new voices, the challenges we’re facing in today’s hybrid work environment, and how to overcome them. Tina shared specific use cases from her research at MIT about how certain classes of innovators are unintentionally excluded, and Bob discussed challenges and strategies to overcome them.

Dr. Blakley shared some key lessons learned as an Innovation leader at Citi. For example, he noted that the system has to want to change and highlighted the importance of working in a diverse team. Bob discussed that innovative solutions arise from conversations with others, not solo meditation.

Bob noted the importance of the conversation about innovation given that the environment is changing as fast as any in his decades of working in identity and security. Discussions from the Innovation Workshop carried into the break and even continued at the IDPro booth later on during Identiverse. Pictured below, Sarah Cecchetti, Mat Hamlin, and Dr. Tina Srivastava share information about IDPro, including about CIDPRO certification, with Identiverse attendees.

Author

Dr. Tina P. Srivastava is an entrepreneur, author, inventor of more than 15 patents, and an MIT-trained rocket scientist. She served as Chief Engineer of electronic warfare programs at Raytheon before founding a cybersecurity startup that was acquired by a public company and global leader in network security. She is an FAA-certified pilot and is a Lecturer at MIT in Aeronautics and Astronautics.

When her identity was stolen in a data breach in 2015, Dr. Srivastava teamed up with a group of MIT cryptography PhDs to crack the code on one of the most common reasons for modern data breaches: stored credentials. Together, they solved a decades-old cryptography problem to remove PII, biometrics and other stored credentials from the authentication equation, eliminating highly vulnerable storage systems as points of attack for hackers. Badge Inc. is the award-winning privacy company enabling Identity without Secrets.

The post Highlights from the first Identiverse Innovation Workshop appeared first on IDPro.

Together with fellow IDPro member Lorrayne Auld (recently retired from MITRE), I’m excited to be co-leading the Deployments and Leading Practices (D&LP) topic once again. In this blog, we’ll take a look at some of the upcoming highlights for our track.

D&LP Track Highlights

Come to the Identiverse D&LP sessions to learn how IAM practitioners are dealing with identity at scale. These sessions frequently involve large, global enterprises facing challenging implementations with lots of complexity. We’ll have sessions about both workforce and customer identity. Our speakers come to us from multiple countries, multiple industries, and varied backgrounds. They represent higher education, manufacturing, retail, consulting firms, finance, and various identity-related organizations.

Identiverse’s theme this year is “Identity Everywhere,” which offers plenty of latitude for our topics. You’ll hear from companies like General Motors, Otis Worldwide, and McDonald’s with real-world stories of challenges they’ve solved. You’ll also be hearing from experts hailing from Wavestone, Amazon Web Services, UberEther, and ProofID.

This year, D&LP has two panels:

• 2023 Trends in Securing Digital Identities featuring Jeff Reich, Diane Hagglund, Tom Sheffield, Rajnish Bhatia, and Bernard Diwakar
• Passkey Early Adopters Fireside Chat moderated by Andrew Shikiar from the FIDO Alliance

Thirteen Great D&LP Sessions

Let’s review some of the sessions:

• Learn how Ebony Love and her team at McDonald’s accelerated crew onboarding
• Explore Andrew Cameron’s Zero Trust Architecture for B2C Identity at GM
• Discover the challenges Alyson Ruff and her team at Otis Worldwide encountered when implementing their passwordless program
• There will be two more sessions on passwordless journeys shared by Michal Kepkowski, Maciej Machulak, Nathan Macrides, and Chintan Jain
• We have three sessions on passkeys (the new hotness) from Huan Liu (Block Inc.), Dean Saxe (AWS), and Rolf Lindermann (Nok Nok Labs)
• Join Bertrand Carlier from Wavestone for what is bound to be an entertaining and informative session on mission-critical SSO for millions of users
• Did you ever wish you could bring continual dynamic authorization to COTS applications? Join Paul Heaney from ProofID to find out how!
• We’ll hear from Matt Connors, CISO at Southern New Hampshire University, and Robert Block from Strivacity on customer IAM lessons learned from their students
• Sarah Villarmarzo from Easy Dynamics will help us learn to trust the process when it comes to Zero Trust
• Tabitha Hancock from UberEther will walk us through the not-so-obvious parts of application onboarding
• Ken Robertson from Fifth Third Bank will help you jumpstart your privileged account management program
• Integrating custom applications to MFA can be a major challenge. Sandeep Talwar from Accenture Federal will share the story of their approach
• Jim Routh of Jimmer Advisory Services LLC will discuss the road to continuous authentication

Content review for these sessions is already underway, and the early drafts are looking good. I can’t wait to see the finished product, and I hope to see you at Identiverse in Las Vegas! If you haven’t already registered to attend, what are you waiting for?

Author

Greg Smith

Chair, IDPro Editorial

Radiant Logic

Greg Smith is a Senior Solution Consultant with Radiant Logic, where he serves as a trusted advisor for new and existing customers. He has been implementing Identity & Access Management solutions for over 35 years. He holds BSEG and MSBA degrees from Bucknell University, where he also began his professional career before moving into the pharmaceutical industry in 1996. Following a 25-year career there, he retired in November 2021 from Johnson & Johnson, where he led the engineering team for J&J’s single sign-on, risk-based authentication, multi-factor authentication, access governance, directory synchronization and virtualization, provisioning automation, and PKI services. He has spoken at Identiverse® and other industry events on numerous occasions. He was CIDPRO certified in October 2021 and is also a founding member of IDPro, where he currently chairs the editorial committee.

The post Identiverse 2023 Preview: D&LP appeared first on IDPro.

Only three months to go! Identiverse is IDPro’s home event, and it will be taking place in Denver as an in-person conference on June 21-24, 2022. The content committee has been busy reviewing and selecting proposals. It’s shaping up to be another excellent agenda. Together with fellow IDPro member Lorrayne Auld at MITRE, I’m excited to be co-leading the Deployments and Leading Practices (D&LP) topic once again. In this blog, I’d like to share some of the upcoming highlights for our track.

D&LP is the place where you can come to learn how some of our larger enterprises deal with identity at scale, how they manage large rollouts, and the challenges they face. These could be workforce identity implementations, CIAM programs, or any combination thereof. In short, expect some war stories from the real world, and some great advice for avoiding some of the pitfalls of large IAM programs.

Our speakers in this track will be coming from a healthy mix of global enterprise identity practitioners, international government agencies, consulting companies, financial institutions, and identity solution vendors. And more than a few of our fellow IDPro members!

This year’s theme is “Trust”, which offers plenty of latitude for our topics. You’ll hear from companies like Target and J&J about their trust journeys with FIDO2 adoption and managing Single Sign-On at scale. We’ll hear from PayPal about the frameworks they developed for Connected Identity across the PayPal ecosystem. HSBC will be talking about building trusted identity frameworks using open-source software. The Norwegian Labour and Welfare Administration will explain why agility should be considered when evaluating identity products for your organization.

Our Trust theme wouldn’t be complete without a session on Zero Trust. We have at least four, from Uberether, ProofID, Ping Identity, and Easy Dynamics. And two of those are real-world deployments for the US federal government and the US Department of Agriculture. The ProofID session will dive into customer experience from an omni-channel perspective, which can be immensely challenging. Nok Nok will be sharing five real-world deployment stories for passwordless authentication, and our speaker from Gluu will remind us that the password isn’t quite dead yet. Microsoft will share advice on getting to strong authentication on your passwordless journey while showing a positive ROI to your senior leadership. Customer experience is trending and gaining attention, not only within the Federal Government, but also here in our track where the FIDO Alliance will provide an update on optimizing the user experience for FIDO security keys.

We’ll learn more about verifiable credentials from Avast. Curity’s speaker will explain how applying OIDC profiles for Open Banking can benefit the financial services industry as well as the rest of us. We’ll hear from Authlete about real-world examples of configuring OAuth and OIDC correctly to avoid data breaches. Last, but certainly not least, Wavestone will provide invaluable advice on how not to fail at your IAM project.

Over the next couple of months, our speakers have a lot of work to do to turn those topics into full-fledged sessions. I am really looking forward to seeing what they come up with, and then sharing it with all of you at Identiverse in Denver! If you haven’t already registered to attend, what are you waiting for?

Stay tuned for more Identiverse updates in the weeks to come.

Greg Smith

Chair, IDPro Editorial

Radiant Logic

Greg Smith is a Solutions Architect with Radiant Logic. He has been implementing Identity & Access Management solutions for over 35 years. He holds BSEG and MSBA degrees from Bucknell University, where he also began his professional career before moving into the Pharmaceutical industry in 1996. After a 25 year career there, he recently retired from Johnson & Johnson, where he led the engineering team for J&J’s single sign-on, risk based authentication, multi-factor authentication, access governance, directory synchronization and virtualization, provisioning automation, and PKI services. He has spoken at Identiverse® and other industry events on numerous occasions. He was recently CIDPRO certified and is also a founding member of IDPro, where he currently chairs the editorial committee.

The post Identiverse Preview: Deployments & Leading Practices appeared first on IDPro.