Cloud Security

There is no need to insist on the benefits of passkeys in terms of UX, security and even cost reduction. Together with their widespread availability on all kinds of platforms, it is a no brainer that any digital service provider should jump on to implement support for them.

A different question is how.

For financial service providers, this question is particularly relevant. Among the many things to consider are:

• the critical nature of the assets they protect
• financial regulations they need to comply with
• legacy authentication solution that passkeys will have to replace or coexist with
• the scale of their deployments
• diversity of their user base in terms of approach to technology and channels available to access their services
• their adjacent technologies for fraud reduction
• integration with their CIAM infrastructure

Financial institutions (FIs) should embrace passkeys wholeheartedly, but there are many legitimate questions on how to do so. Based on our talks with FIs of all sizes worldwide since passkeys were announced mid last year, this session aims to address some of these questions.

From what used to be a purely technical concept created to make developers’ lives easier, Application Programming Interfaces (APIs) have evolved into one of the foundations of modern digital business. APIs are now powering the logistics of delivering digital products to partners and customers. Almost every software product or cloud service now comes with a set of APIs for management, integration, monitoring, or a multitude of other purposes.

This evolution only continues to accelerate. As new digital transformation initiatives across various industries emerge, diverse business models are reshaping the technical requirements for API development and operations dramatically. New standards, technologies, and development methodologies introduced by the need to support numerous use cases have also introduced additional complexity to existing API management platforms.
REST APIs are still commonly used today, but they are increasingly augmented or displaced with a variety of alternative protocols and standards, such as GraphQL or gRPC. In fact, the industry is evolving so fast that API management solutions in their traditional sense, like API gateways, can already be considered IT legacy products.

In a sense, API security has long become an industry of its own; with the scope of risks and challenges the industry confronts growing exponentially, API security solutions have to expand their coverage and grow in complexity themselves. Providing comprehensive protection against the broad range of API-specific threats and doing it consistently throughout the whole lifecycle of an API is complex. In this session, the results of our latest market research will be presented, helping you to understand the critical capabilities and to select the right solution for your specific problems and requirements.

Is securing your cloud security different from securing other forms of IT? You would think so from the alphabet soup of acronyms around the subject.
Organizations are exploiting cloud because they help to accelerate business changes without the need for capital expenditure or lengthy procurement delays to obtain hardware. However, the dynamic nature of cloud services creates new security challenges that need a dynamic approach to governance and security controls.
In addition, the responsibilities for security and compliance are shared between the CSP (Cloud Service Providers) and the cloud customer and it is up to the customer to ensure that they use the cloud in a secure and compliant manner. On top of that each cloud service provides its own proprietary tools for security. KuppingerCole Leadership Compass on CNAPP will help you to make sense of this.

How can an organization be sure that it is using cloud services securely and in a way that meet its compliance obligations and its appetite for risk? This presentation will provide an overview of the risks and how these tools can help.
After attending this presentation, you will be able to:

• Describe the major risks related to the way organizations use cloud services.
• Explain why cloud services need dynamic rather than static controls.
• List the different kinds of tools (and their acronyms) that claim to manage these risks.
• Describe the main functionality that a CNAPP solution should provide.