Thanks so much for being until this time here with us at the eac. We were really pleasure to have you and to have these great speakers with us. I would like to give at this time a special thanks to our sponsors. Without our sponsors and without our partners, this great EAC would not have been possible. So thank you so much. I would like to thank to all the moderators who did a great job introducing the speakers and welcoming you in all the sessions. Thanks to all the speakers, those who were here, those who were online.
I know that in some cases we had the speakers who had the time difference, you know, and they log in at four in the morning or, or at 11 in the night. So thank you so much for that. Thanks to Audi Luma, our technical team, they, they've done a fantastic job and they took care of us and of all the speakers and thank you so much as well for the team here from the bcc.
It is our second time in Berlin and we are actually pleasured and I'm very grateful for all your help and well, so we know further say we would like to show you a video with the highlights of the eac and I am sure that most of you already know like the best positive things about this event. But I let you with the video and I come back in a moment.
I am here for everything about digital identity authentication,
But more specifically about digital wallets, verifiable credentials and communication and establishing trusted relationships.
And then yeah, government.
I will say in general,
First, Neal very interested into AI and all the deep learning, which has been going on now as well. It's very much of a trend.
I'm super interested in digital wallets. What's going on? Basically go, it's about the people. It's
Quite exciting. Lot of topics being around that area.
The first piece around chat g PT was fantastic, actually.
Really, really great presenter. The,
I know about the Open Waller foundation, I really
Actually like the open sections
And in general, all topics that relate to ethics, biases in identity management.
And there are several super interesting sessions about how we can use verifiable credentials in the future within the European AI regulation
Topics that are useful even if you're not here for the mechanics. So identity platforms,
Infrastructure security platforms with the key highlights.
I would say
It's very well organized,
Thought-provoking,
I would say
Good networking
Located in a very good place,
Innovative
Universe for cyber geeks.
Speaker 10 00:03:51 Super excited to have all in one place.
I will recommend that confidence to any of my colleagues.
It's a place to be really need to be at this conference. It's a must path for your calendar every year.
It's
Really a great one-way program to make the asper in the industries
Because these are the tech experts and I think there needs to be more exchange on ideas on these topics.
I'm really happy to come here next year as well and can recommend it. Certainly.
Definitely. I think it's a good platform to collaborate together and understand what's going on.
It's a good place to catch up on what's going on and to meet new people. So I think I'll be back.
Thank you so much.
Well, the last thing that I would like to mention before bringing our principal Analyst to the stage is that the gamification winners will receive an email on Monday. So with no further say, let me bring back to the stage Martin. Kuppinger.
Speaker 12 00:05:20 Thank you Marina, thank you to all that have been here or have joined in virtually. It was a intense week. I've learned a lot before. I talk a bit about some of the, the bigger learnings. I wanted to extend the thank you on one hand to my fellow analysts, which did an exceptional chop in their presentations and their moderations.
And specifically last, not least to our events team who works a full year hard on making this event what it is. So thank you very much. Thank you very much Betina, and thank you very much to all of the team. So as usual, I will wrap up some of the things I've seen. So focusing a bit on three trends, and I think the good news this year is my, my train is departing at 5 0 4. I'll need 30 minutes probably to the railway station, so it gives us two full hours for the wrap up. Isn't that great?
Speaker 12 00:06:34 No worries, no worries.
I, I won't do two hours. I will keep it shorter.
So three, three themes I, I'll, I'll like to talk about the one is AI and I am and beyond or AI and digital identity and beyond. The second is authorization policies, et cetera. And the third one is wallets, decentralized identity, ssi, d i d, verified credentials, verifiable credentials, et cetera. But by the way, this already illustrates a bit of the problem, different names for sometimes the same or different things and I think also very different perspectives on how to make this work.
One, one of the important takeaways for me around this is there's a huge potential for doing a lot of things based on, I call it decentralized identity. And we can make it work.
It's most, is there some things will come like open wallet foundation. I today even had a talk with someone who said, we already will know what we will contribute in code.
Speaker 12 00:07:52 We will be the first one.
They said, I hope that a lot of will contribute code to make this work. But I think the most important thing around that is to think from the user, to think from a perspective where a citizen is a customer of the government and not the government tells the people how they have to act and so don't create roadblocks. I think the cool thing is here at this conference, the people who are here want to make it work. I have to say if you go physically a bit around here, then you surely will find some more who think a bit in roadblocks making complex.
You know, honestly, I use my phone regularly for financial transactions. Eric asked a question, he said, you know, how, how frequently do you interact with your government a few times a year. How frequently do you interact with others?
Speaker 12 00:09:03 Many, many times a day. And we have a lot of use cases also a lot of use cases which have some risk involved where we feel confident with that. We have secure elements on the phone, we know how to create apps that are secure.
We, we know a lot about this thing. So honestly, I say what is the maximum level of of inconvenience I would accept for very few high risk use cases, it would be taking my e i d card, putting it here, having NFC saying, okay, Martin really has that card and going through verification process that says, okay, this is Martin, this is the proof for Martin. Going through that exactly once, no extra pins, no extra hardware, nothing that all are roadblocks and that is the stone age of it. So people who bring up these ideas have probably missed a couple of years here.
Speaker 12 00:10:05 We must not make security a roadblock because we can do a lot of security sensitive things here. And this is the way of thinking we must bring forward. We have the tools, we can get enough security and there's never 100% security and most of the use cases work. And notably even even voting, you know, if my phone is hacked and my board is faked as one of 80 million Germans, what is the statistical impact of that? And hacking 10 million phones would be a big issue to solve.
So, so even there, we need to be a realistic MR risk and to be realistic about what we can achieve. So don't make it more complicated than it is needed. Make it work. Leverage the potential we have here. And I think this, we had so many cool talks, so many good talks about it, so many good ideas. Let's continue working on that because this is a, a huge potential for, and we had these talks doing a lot of things we can't do well yet. Like I'm a German, like a digital government, so I I I trust brought up my, my e i d card by the way, the German one, which has some digital functions as I believe.
Speaker 12 00:11:32 Do I use them? No, I not even know exactly what I could use. And it's me.
I, I have a bit, bit of a knowledge around digital identities on these things, but it's so complicated and so useless in the way it's made that we must not repeat the same mistakes. We must make it work global. Very important, you know, a dig a wallet, which I can use within the U, but not for a digital transaction with someone in the us What is the value of it? I would say I can define a number for it, which is exactly zero. Exactly.
Only if we think global and think from the customer, from the user, we will win and we can make this, we have to think in hand, we can make it work and we should work hard on that to make it work. And we also talked about it also can make a lot of things better in the enterprises onboarding of people, authorization, all these things.
Speaker 12 00:12:41 So you, you've, you've, you see, I, I get a bit emotional on this object, but, but it's, it's to my heart, you know, I want to make this, yeah, make these things work and we can do it. We should do it.
And I think we had a lot of discussions which hopefully help to move things forward, including the announcement of the open wallet foundation, which is definitely one of the elements that can be very valuable in driving this forward. So coming toward the second topic where I'm also a bit emotional, but not as emotional as in, as in the first one, authorization I already touched. We can do a lot of things better with proofs, wallets, decentralized identity.
We can't use policies, look at proofs and say, okay, Martin has to prove that he's Martin at Analyst, the principal Analyst working this project at that customer.
Speaker 12 00:13:41 We can authorize him for project data without static entitlements and all that stuff. So there's a potential, the thing I always find a bit funny is, so there, there was, was a thing announced or released in 1976, a software product, which is, which was I, which is IBM rf.
So we, we must not say that the idea of policy-based authorizations is new, 90 76, that's 47 years. And yes, you can argue, oh, that was in the mainframe and the mainframe is that, isn't that on one hand. And it was, yes, it was a bit more limited environment, et cetera, et cetera. It was surely not perfect from our ideas of policy based association, but it's not new. So maybe after 47, 47 years, it's time to make really a big step forward with that. And I saw a lot of conversations that were around, we talked a lot about authentication.
We also, he talked a lot about authentication and yes, there was a lot of talk about task keys in the last months, et cetera. But it's, I think time to, to expand our focus towards authorization and to make things work better. And there's a, again, there's a lot there. There's a lot we can do. There's a lot of technology there.
And we, we should move forward here because, and I I talked about this in the morning.
Speaker 12 00:15:25 Role modeling projects tend to be complex, lengthy, and have a slight risk of stalling at a certain point. And recertification definitely doesn't count amongst the favorite tasks of departmental managers. So we need to overcome this, we need to do certain things better.
And yes, there are the audits and the auditors saying, oh, you must prove that you're following the least privileged principle, but has, it may, it may exist in a certain country, but has anyone of you ever read in a regulation, you must walk your departmental managers through recertification campaigns where they need to approve entitlements where they don't have any clue what they are about. Is there any regulation saying you should do it that way and push it rubber stamping, which doesn't help with security, but only in compliance. So security is something different than passing an audit.
And passing audit is something different than compliance.
Speaker 12 00:16:41 No, there is no research regulation. The regulation says, yeah, reduce risk in further least privileged principle, this is what regulations are talking about. Surely auditors then also need to change a bit what they are looking for. But I think the interesting point is, I had a couple of talks with a couple of auditors, frequently very high ranked people in the audit firms and they all appeared to be open regarding accepting different approaches.
So it's not that this is the always the province, some told me, oh, but the auditors, no auditors tend, you not always observed it, but they usually are very smart people and they are open to good ideas. That's my experience. And so don't, don't, don't say, oh, but the auditor because it's also creating a roadblock artificially get rid of this in a way and say, Hey, we need to make things better and this is a call, call to everyone.
Speaker 12 00:17:51 So the short topic, I I, yes, that's it.
I just thought about what it is, but, but my, my, my my, my avatar didn't respond quickly enough to my thought. So with the small block in the ear or so, yeah, so what I like is that I think the perception of, of half of AI is, is really increasingly not artificial, but augmenting AI or whichever term you use, something which helps us.
And, and there's a huge potential in that. I had some very interesting panels around AI regulations, around AI governance, at least in these panels, there was a common sense that we must not go over the top, but we, that we need to, to understand where our risks, how to deal this risk and for which use cases we may need to, to have a bit of sort of a closer look at and some be a bit more careful and we're not, and I think we need to be, we must avoid again, creating roadblocks by, by hindering innovation.
So saying, okay, the next six months we stop developing new stuff in ai.
Speaker 12 00:19:13 I I wouldn't rate it too high on my list of smartest ideas of the year, really.
No, it's probably down there, not even here on the floor, but even further down on that list because that is not what we need. We need to, to, to come up with smart solutions. And I trusted a panel with Sylvia Ni or PWC and Scott David, where, where we talked about some, I think very, very good ideas, very good concepts to look at, very verse to listen to the recording. I believe you can always do a bit of fast forward when Scott starts talking because after five minutes he come will come to the point. He has been a lawyer, so it's a bit different.
No, but he, he had some, some fantastic insights. And I laugh, I laugh Scott, Scott is doing great things. Sometimes the lawyer comes through repeat by words.
Speaker 12 00:20:15 Anyway, I, I think what we have is a, is a fantastic potential for me. The biggest potential honestly is not in coming up with better proposals for roles. The biggest potential is in augmenting.
So we, we have mentioned frequency situation that end users, a lot of things end users where end users have touchpoint with identity or digital identity happen. Rarely. There are some things they do permanently like authenticating or looking camera or using finger.
I'm, I'm old school, I use the fingerprint still most use more, more face recognition. But anyway, this is something which happens permanently. But other things like whatever, changing some attributes, requesting access, if we're not a policy based access happen rarely. So augmenting people in, walking them through how to do, do it, et cetera. So that could be something where, where we use AI to really augment people and to augment administrators.
Speaker 12 00:21:21 We have this skills gap thing in cybersecurity and digital identity.
And this is definitely one area where conversational AI or chatty AI can help us in doing things better. And a sec we see more and more examples coming in the cybersecurity, in the broader cybersecurity space on how to walk through malware analysis et cetera by guided prompt books, et cetera that help to, to understand this. And I think this is a huge potential.
And so we, we should, we must find a good balance here, but I think we, we clearly need to be also look at the bright side of it. So yes, there, there are things that can go wrong, there are things that will go wrong. We need to understand what we need to do here, but more importantly, there are a lot of things where AI can help us. It'll change a lot in for many, for for many types of work including our Analyst work.
Speaker 12 00:22:35 It'll change a lot but change and change, there's always little change means, okay, new things, but there's always an opportunity and I look at the opportunities of it and use what we can do with ai. And I think this is, this was a third very big scene. We had a ton of other topics we were talking about at DSE and I hope that all of you were able to to, yeah guys are some takeaways that help you in your daily Chopped already say, okay, this, this is a great idea, I need to think it through, but this could be something which really helps me.
If you have some of these takeaways you take back home, then it is what we want to achieve to help you. So in, in that sense, E i C is a bit ai see in augmenting you in your work and that's what I hope you did and I hope you enjoy it that week and I hope that you will i'll that we will see you back.
Speaker 12 00:23:48 So it's time that I stop, so when I start mangling words, then it's latest time that I stop. So that's a good thing.
It's not, not five or not four 30, but I already start mangling things. So I stop here, say, have a safe grip back. It was a pleasure having you here. Hope to see you in here again next year and have fun with digital identity in your chop over the next 12 months. And then we'll tell, all the speakers will tell you a lot of new things for the next 12 months. Safe travels and bye.
Thanks Martin, and again, thank you so much for staying with us until this point of the event. We are looking forward to meeting you next year and in our next event in Cyber Revolution. So thank you so much.
Have a safe trip to home and we hope to see you again.
Speaker 12 00:24:56 Thank.