Description

ID:Talks are bonus presentations in the exhibit hall and are not components of the formal agenda produced by the FedID Planning Committee.

Achieving Continuous Compliance and Zero Trust with a strong Identity strategy rooted in AI Continuous Compliance and Zero Trust have become a common theme among cyber security vendors and practitioners that involves several layers of security disciplines, processes and technologies. The identity has become the new perimeter, and the continuous governance processes to determine “who has access”, “is the user suitable for access”, “is the access toxic”, “how was the access granted”, “when was the access last certified”, and most importantly “what is the user doing with that access” is more critical than ever. Establishing a Zero Trust and least privileged access model requires the authoritative sources of identity data, access profiles, and usage to be continuously monitored and audited. Coupled with activity monitoring, we can provide deep insight to the identity governance process and entitlement usage. This presentation will establish and articulate crucial points about the concept of Continuous Compliance and Zero Trust. Zero Trust is a way of thinking, or perhaps even better stated, an approach. The entire concept is to challenge you to think differently about how you build your applications, networks, and security controls. You begin with the statement that you don't trust any user. You don't depend on a single attribute to determine your level of trust; instead, you continually build that trust with the user by asking questions. Who are you, where are you coming from, what are you trying to do, when are you trying to do it, etc.? The common component for all these questions is that you are trying to establish the person's identity so the more you establish their identity, the more you trust them, the more you trust them, the more access you give them. Identity remains central to good security posture, and in this Zero Trust world that doesn't change, in fact, it enhances the need for it. Key takeaways of this session will address:

• Concepts for using AI-driven recommendations to enable autonomous identity by prioritizing high risk access and automating low risk
• Using predictive modeling to surface abnormal access that is hard to identify with a manual approach and ensure access policies are always up to date with current business needs.
• How to support a continuous state of compliance by evolving compliance policies with AI-suggested policies and making risky or non-compliant access actionable by triggering automated controls to re-validate user access.