While the bright neon glow of Sin City’s lights is starting to fade, the SGNL team’s excitement from our time at Identiverse has yet to dim.
One of the largest identity conferences in the world, Identiverse 2023 brought together more than 2,500 identity practitioners and security leaders. Across four packed days in Las Vegas, we discussed best practices, trends and learnings from teams at various stages in their identity program growth.
Identiverse is one of our founding team’s favorite events to connect with fellow identity innovators, and hear directly from identity practitioners and executives. SGNL was proud to be a Gold Sponsor at this year’s event.
Given the great conversations we were able to identify, we figured we’d centralize the biggest themes of Identiverse in one blog to help you access this great information (forgive us, too many great puns!).
Our top takeaways from Identiverse 2023:
- Passkeys feel like the next investment. The need for enhanced authentication is validated by this week’s release of the 2023 Verizon Data Breach Investigations Report, which states that stolen credentials are used in about half of the breaches by external actors. Generative AI is making it incredibly hard for employees to discern phishing emails from authentic ones. Passkeys provide a great way to overcome password authentication issues, including phishing. Various versions of passkeys (from small hardware that plugs into your laptop to wearable passkeys) were prevalent across the expo hall. The interest in passkeys as the next frontier of authentication carried over into sessions as vendors and customers alike spoke about the process of implementing passkeys to create additional barriers to hackers, especially in hybrid working environments.
- Continuous Access Evaluation Protocol (CAEP) captures the attention of identity innovators. Thanks to amazing working group partners and the OpenID Foundation, CAEP has gained momentum as a protocol to address much-needed interoperability in access management. It was wonderful to see a massive turnout for an end-of-day session on Thursday called, “CAEP Deep Dive,” held by our CTO, Atul Tulshibagwale, and fellow OpenID Foundation working group co-chair, Tim Cappalli, an Identity Standards Architect at Microsoft. In this session Atul and Tim explained what CAEP and the Shared Signals Framework (SSF) are, addressed recent developments in CAEP and did a demo of the free CAEP.dev Transmitter launched in April. Given how robust the Q&A of this session was, and the interest in CAEP from our conversations in the expo hall, we’ll continue to expand on our coverage of CAEP as a solution to improving access management systems.
- Practitioners realizing the need of run-time access management. “It feels like everyone is talking about authorization this year,” was the conversation happening behind me on the escalator down to the Identiverse Expo Hall last Wednesday in Las Vegas. Where even a few months ago at the Gartner IAM Summit, teams were debating where authorization fit into their near-term roadmap, teams at Identiverse had realized that admin-time access management is insufficient in combating the modern hacker or compromised insider and run-time access decisions are required to ensure the safety of all data. Furthermore, in protecting your most sensitive or valuable data like health, financial or intellectual property assets, run-time access management affords the greatest protection, especially when access decisions are made using real-time and often dynamic business context.
After launching SGNL in-market at Identiverse 2022, Identiverse will always hold a special place in the SGNL team’s heart, but this year’s event reinforced that this is one of the best events to keep apprised of the identity markets trends and evolution. We’ll be back in 2024!