Experts discuss the future of Identity Management

Published by IDVKM on

BIC Conference 2024

Experts discuss the future of Identity Management

BIC Conference 2024

Bulgarian Identity Conference was held on October 10, 2024, at the INTERPRED Conference Center in Sofia. The event was organized by IDVKM and ESCOM Bulgaria and brought together industry experts, business leaders, and professionals from Bulgaria, Czech Republic, Germany, Poland, and Romania to discuss the latest trends, challenges, and solutions in the field of Identity Management

Bulgarian Identity Conference is the first event of its kind in Bulgaria, focusing on the multifaceted aspects of identity in the digital era, including cybersecurity and compliance with various legal frameworks such as GDPR, HIPAA, DORA, PCI DSS  and  NIS2 Directive .

KEY HIGHTLIGHTS from the program
The conference began with opening presentations by Ivan Pepelov, CEO of IDVKM and Alexander Zhekov, General Manager of ESCOM Bulgaria. The agenda covered a wide range of topics important to the modern business and technology world, and was divided into two tracks – business and technical. The business track featured three panels – The Voice of the Customer, Legal Changes and Initiatives, Strategy and Cybersecurity.
BUSINESS TRACK: PANEL 1 - The Voice of the Customer

In the business panel, speakers like Lilia Toncheva from Coca-Cola HBC and Vasil Mihaylov from Schwarz IT highlighted how customer expectations and new technologies are shaping the future of identity management.

Toncheva emphasized that cybersecurity is not just a technical issue but also a matter of trust and effective communication between various stakeholders.

Mihaylov, on the other hand, demonstrated how the Zero Trust strategy, which includes solutions like Multi-Factor Authentication (MFA) and Single Sign-On (SSO), can minimize risk for large organizations and ensure greater security.

BIC Conference 2024
BUSINESS TRACK: PANEL 2 - Regulatory Environment

The regulatory panel delved into the new rules imposed by NIS2 Directive and DORAwhich will come into effect in the coming months. These new frameworks impose stricter requirements on risk management, network security, and incident reporting, impacting sectors such as energy, transport, and finance.

In the panel discussion titled “Regulations – curse or blessing”, Sven Hübner, Christian Timm, and Alexander discussed the impact of regulations on business and society. What are the benefits and challenges of their implementation? Do regulations act as an obstacle or a useful framework for businesses and organizations? Ivan Pepelov moderated the discussion.

BUSINESS TRACK: PANEL 3 - Strategy and Cybersecurity

The principles of building secure design were discussed in the topic “Security Design”, not just as technical recommendations but as the foundation for creating secure systems from the design phase to implementation.

Ivan Pepelov presented the 11 principles of Secure Design, including Threat Modelling, Least Privilege, Defense in Depth, Secure Defaults, Fail Securely, Separation of Duties, Keep it Simple, Zero Trust, Trust but Verify, Privacy by Design, and Shared Responsibility. These principles of secure design are a non-functional requirement for creating reliable systems—from the early stages of design to deployment. They help organizations build systems that are resilient to attacks and ensure that their data and resources are protected throughout the entire lifecycle of the systems.

Miroslav Naydenov from Amatas emphasized the importance of protection against specific threats in cloud environments, such as token hijacking, and encouraged the adoption of modern authentication methods like FIDO2. Additionally, Marcin Michalewicz from Quest highlighted the increasing vulnerability of Active Directory and presented strategies for effectively detecting and responding to threats such as DCSync and Golden Ticket.

The current threats to AD include DCSync, DCShadow, Golden Ticket attacks, and service account abuse. Marcin outlined strategies for detecting and responding to these threats.

Plamen Mandadzhiev, Director of Software Engineering at Denshi, shared his expertise in information and cybersecurity. He discussed both the positive aspects and the challenges of implementing regulations, such as the slow adoption and outdated requirements. However, these regulations aim to create a unified approach to combating cybercrime.

Cybersecurity threads
CYBER THREATS AND THE ROLE of Identity Management

During the panel discussion on “Cybersecurity Threats – IAM at the frontline,” participants Miroslav Naydenov, Plamen Mandadzhiev, and Marcin Michalewicz discussed the increasing complexity of cyberattacks and the critical role of secure Identity Management systems in protecting digital identities.

“Organizations need efficiency, compliance, and enhanced security. Identity Management (IDM) is essential for medium and large enterprises,” said Ivan Pepelov, CEO of IDVKM, during his presentation “Which product is the right for you” and emphasized the important questions every IT manager should ask before deciding which solution is best—IGA, AM, PAM, or all together—and which provider to choose.

THE END OF SAP Identity Manager:
What are the business options after 2027?

SAP Identity Manager (IDM) will be discontinued in 2027, with extended support available until 2030. Migration to a new solution is necessary. The market offers various Identity Governance and Administration (IGA) products, each with different features and capabilities.

Traditional IGA tools often have good SAP connectors but may differ in logic and architecture.

The challenges for businesses include costly migration, involving licensing and implementation expenses. In the final presentation of the panel “Life after SAP IDM – quo vadis,” Ivan Pepelov explored potential paths and strategies for organizations that currently use SAP IDM.

Developing an IDM strategy is critical for the success of modern organizations. The importance of security and efficiency in Identity Management (IM) requires collaboration between different departments and specialists.

For a successful IDM strategy, it is essential to understand the project lifecycle, clearly define goals and scope, involve all stakeholders, and assign precise responsibilities and roles to the participants.

Bulgarian Identity Conference tech track
TECHNOLOGICAL INNOVATIONS and Practical Application

The technical panel presented the latest solutions for managing privileged access and protecting sensitive information.

One of the key highlights was Unified Identity Security – an innovative platform by One Identity by Quest, which integrates various components for better identity management and data security. This platform not only enhances security but also simplifies IT process management while reducing costs.

One of the speakers was Ales Roman from the Czech company IdStory, which has extensive experience in identity management and has completed over 200 successful projects. His presentation provided practical guidance on how organizations can personalize and scale their identity management solutions. He emphasized the importance of continuous monitoring and auditing to ensure compliance with regulations such as NIS2 and SOX.

LOOKING AHEAD

Bulgarian Identity Conference provided a unique opportunity for professionals in the fields of cybersecurity and identity management to exchange experiences and discover new ways to improve security within their organizations.

The event laid the groundwork for future partnerships that will help companies tackle new challenges in the digital era.

For those who were unable to attend the conference, the organizers offer a range of upcoming events, including the monthly IdentiBeerwhich is held every last Thursday of the month.

ABOUT THE ORGANIZERS of Bulgarian Identity Conference

IDVKM has more than 15 years of experience in Near Shore, international projects (both classic and agile) with a client focus in Germany and teams from over 10 nationalities. IDVKM offers consulting services in the fields of Identity Management, Custom Software Development, Agile/Traditional Project Management, as well as training in soft skills, project management, and team development.

ESCOM Bulgaria is a value-added distributor of the entire portfolio of Quest and One Identity solutions for Bulgaria. The company is B2B-oriented, serving end users exclusively through a network of qualified, expert partners, system integrators, and managed service providers (MSPs).

Categories: Events

0 Comments

Leave a Reply

Avatar placeholder

Your email address will not be published. Required fields are marked *