Governance in Enterprise Security

With nearly three in four organizations worldwide operating in hybrid IT environments, the systems’ interconnections introduce unique security challenges. A breach in one area—whether on-premises or in the cloud—can quickly ripple across the entire infrastructure. For example, a compromised on-premises privileged account could provide a gateway for attackers to exploit cloud environments like Entra ID.

Misconfigurations, overly permissive service accounts, and exposed credentials are common entry points for these attacks, enabling lateral movement and potentially leading to a data breach. Threat actors often exploit simple oversights, such as privileged accounts with excessive permissions or poorly secured local admin accounts tied to cloud identities.

This discussion will explore how these attacks unfold and practical steps to mitigate risks. We'll dive into strategies like just-in-time access and zero-standing privilege to help reduce attack paths and strengthen overall security in hybrid IT environments.

Join this session to learn how to:

- Mitigate the Entra ID / On-Prem hybrid attack path.

- Leverage just in time orchestration to prevent lateral movement.

- Dynamically delegate just-enough access (JEA) for administrators.

- Move to a Zero Standing Privilege (ZSP) strategy for your organization.

- Deploy friction-free tools to facilitate access.

As organizations move to implement generative AI solutions, securing these applications with proper access controls remains a critical challenge. In this session, we will demonstrate how to design and implement enterprise-grade generative AI applications that maintain stringent security standards. Through a real-world insurance claims processing example, we'll explore how to implement fine-grained access controls for AI agent workflows, combine role-based and attribute-based access control, and seamlessly integrate authentication flows. Attendees will learn practical patterns for building secure AI applications that respect user permissions and data access boundaries, while maintaining the integration of agent frameworks that make generative AI so powerful. This technical deep-dive will include building block fundamentals, architecture patterns, and lessons learned from real customer implementations.