Demand more from your identity stack: How to build identity systems that measuredly drive down security incidents


Session Details

We now agree that in modern enterprise authentication, relying on shared secrets for authentication is no longer enough. It’s also becoming increasingly clear that identity systems must evolve to find ways to provide stronger security guarantees beyond the time of access.

This talk will explore five key points that should be considered when designing and architecting authentication infrastructure: the move away from shared secrets, ensuring private keys can’t move, avoiding using humans to solve computational problems, verifying security controls are present at the time of access, and continuously re-evaluating decisions around state changes.