This page is fully or partially automatically translated.

Your message has been sent

You can find the message in your personal profile at "My messages".

An error occured

Please try again.

Make an appointment with

So that you can make an appointment, the calendar will open in a new tab on the personal profile of your contact person.

Create an onsite appointment with

So that you can make an onsite appointment, the appointment request will open in a new tab.

Make onsite appointment

Forums it-sa Expo 2023 Knowledge Forum C

Implement Zero Trust successfully

We provide tips for expanding the IAM and transforming existing security systems on the way to a functioning ZTA.

Buy trade fair ticket

You can register for this action soon.

You can register for the digital action soon.

Please come back at the scheduled date and time.

The action is currently live. Please scroll down to watch.

This action is only available onsite: Forums it-sa Expo 2023

Add action to bookmarks and download as iCal

Join now

Note: If you continue, the contact data you provided during registration may be transmitted to the respective provider in accordance with our General Terms and Conditions.

Please log in or register in advance so that you can take part in actions or watch the action videos!

This action has already taken place. This action will soon be available as a video.

This action has already taken place. Please scroll down to watch the video.

This action has already taken place. Please login or register to watch the video.

This action has already taken place. It's not available any more.

You are in!

Your ticket / access to the action was sent to you by email.

There is a problem with the action at the moment. Please come back later or contact support.

calendar_today Tue, 10.10.2023, 12:00 - 12:15

event_available On site

place Hall 7, Booth 7-631

Action Video

south_east

Action description

south_east

Speaker

south_east

Themes

Identity and access management Governance, Riskmanagement and Compliance

Key Facts

from perimeter security to a continuous protection concept
clear and uniform rule & authorisation structures
granular context-based policies & their enforcement

Event

This action is part of the event Forums it-sa Expo 2023

Action Video

Action description

Setting up a functioning zero trust architecture (ZTA) and integrating it into the existing IT landscape poses many challenges. And although zero trust is now a firmly established IT security model and there is an almost immeasurable choice of technology available for the respective implementation, the practical introduction in many companies is often difficult. Many projects already get stuck in the conception phase or repeatedly falter at characteristic points of the implementation.

The reasons for this often include design weaknesses or lack of expansion of existing security systems and protection mechanisms, which in many cases still need to be adapted or improved to reach the required level. However, supplementing existing security solutions with new components and innovative processes can also help to further increase the level of maturity.

The use of modern protocols and passwordless procedures for the authentication and authorisation of users and their access not only increases security, but can also improve the user experience when using services and exchanging data. Single sign-on and mandatory end-to-end encryption are among the implicit benefits of such solutions. The special focus here rests on identity and access management, which on the one hand forms the basis for the verification of persons and accesses and on the other hand strengthens cyber security in its entirety with new control and monitoring functions.

This means a change from a perimeter-based security architecture to an environment-independent and continuous protection concept that can protect both the applications in one's own data centre and the services in the cloud across the board. However, this in turn requires clear and uniform rule and authorisation structures, which should be set up according to the least privilege principle. Granular and context-based policies are needed. If possible, these should be designed adaptively and dynamically. This way, not only the identity of the user, but also the broader context - for example, client, location, type of request and the criticality of the requested data - can be included when assessing the risk of access.

Implementing and enforcing these policies requires the combination of all security components to work together in a common zero-trust architecture. In this context, a well-staggered rollout plan and a perspective-designed transformation of existing security solutions can help to ease transitions and achieve initial improvements for operational security at an early stage.