Analyst: Dr. Doreen Galli
Photographer: Dr. Doreen Galli
ABSTRACT
After over 1500 minutes of recording and 14 escalator rides, and some 35 factchecks, our coverage of 2024 Identiverse comes to a close. Identiverse was at Aria Hostel in Las Vegas from May 28-31. It is the premier event for identity professionals. It spans 4 days, 250 speakers on over 100 topics, 150 exhibitors and 3000 onsite attendees. Attendees witnessed endless examples of identity and privacy solutions including many jokes about SAML (it is NOT dead), examples of passwordless as well as talks about the value of identity.
After over 1500 minutes of recording and 14 escalator rides, and some 35 factchecks, our coverage of 2024 Identiverse comes to a close. Registration for the four-day event kicked off after the long holiday weekend. The event featured 250 speakers on over 100 topics, 150 exhibitors and 3000 onsite attendees. There was so much packed in it was impossible to catch all of the exhibits. They had sessions in the Joshua rooms as well as Marisopa rooms. Opening day was then capped by a mighty keynote featuring John Whelan, President of the Cyber Risk Alliance and Andre Durand, CEO of Ping Identity and Founder of the Identiverse Conference. The event provided food for the attendees. We were able to capture breakfast Wednesday. The attendees did explicitly find me to let me know they were disappointed with the breakfast due to the lack of protein. I do understand the Microsoft Breakfast did feature sufficient protein. Many attendees complimented the lunch which was served Wednesday as well as on Thursday. The exhibits* were open on Wednesday after the opening keynote. They were spread between two large rooms across from each other.
Our entire playlist of video research at Identiverse is available at our YouTube Channel. Save the list to capture related shorts when they are released.
Digital Identities
As one might expect, Identiverse is all about identity. Much to my delight, an entire panel was presented on confidential computing. Confidential computing strength lies in multiparty computations among untrusted parties – something that occurs in the identity space quite often. The session immediately following was on digital identity where they pondered how one could achieve such an exchange – unfortunately those panelists did not attend the Confidential session. On the digital ID panel, it was exciting to see that California is live with a digital driver’s license. Many are still trying to get their real id into their wallet! Australian Bank was on stage for a keynote making the case for the Bank ID. Admittedly this talk created a bit of déjà vu to the days in the bid to become primary certificate authorities. There is no shortage of information to make the business case to adopt passwordless for your organization.
More than Passwords
Thursday morning’s keynote concluded with the Power of Passwordless sign-on. This session includes a number of guest speakers from the FIDO Alliance, Clarkson University, Bank of America and Amazon. The net result is that companies love it, their customers are more engaged, and the security posture is improved. Numerous examples of passwordless solutions were shown in the exhibits. AllAUthenticate shared their passwordless solution. Bringing blue collar workers who need to punch in and out into this century, Bio-Key displayed their product leveraging MFA Mellon RFID. If you would prefer your identity solution to eliminate any and all standing privileges, SGNL can get you there and help you stay in that security posture. Zluri is available to handle access control for all SaaS solutions. Aserto is an identity service that considers policy and relationship-based access control. If your service accounts are your pain point or you don’t even know how many you have of what – a start-up just out of stealth mode called Anetac may be someone you want to evaluate. If your organization’s problem is more about non-human identity issue, Natoma can assist in provisioning, deprovisioning and maintenance of non-human IDs. The word of the conference was service and non-human IDs is an area exploding with a reported over a dozen just announced at RSA.
Google hosted an entire detailed workshop on Google Sign-On, Passkey and the use of FedFCM to deal with 3rd party cookies. It was exciting to see they are working to push privacy forward with browser.
Identity in Practice
An attention-grabbing keynote Thursday morning alerted to the Darkside of identity. Reminding all that identity is the most common entrance point for the uninvited. Another keynote reminded all attempting to forge a path in identity, that the most important thing is to just get going! Furthermore, pay attention to the point of no return. Identity and security are all about depth of defense, spend the effort when there is a big payout. Do not insist on 100% for each program as the last percentages take resources without improving security posture. It is far better to find a new program that will affect the remaining identities with the remaining resources.
One often too difficult aspect of identity is customer onboarding. To that end, Strivacity specializes in the end user aspect of identity. If you challenge is too many identity services and you are having difficulty getting a complete picture, TenableOne provides a unified dashboard to see the entire threat attack surface. If your difficulty is all about connecting identity platforms to other sources and targets, Aquera Platform provides identity connector along with automation and governance in their solution. Saviynt provided a demonstration of their identity cloud with a visual display. RSA Shared their Unified Identity platform that is available on prem or in cloud for SAS saps as well as supporting SAML. Radiant Logic also provides an identity middleware heavily focusing on the data and metadata of identity. This point was also shared during John Pritchard of Radiant Logic’s keynote.
There were options if one is seeking assistance with their identity solutions. AOH offers identity consulting spanning assessment, architecture, execution and maintenance. ProofID offers global managed identity services and are key partners with many of the top identity technology providers such as PING Identity.
Cisco provided an in-depth workshop on defining and building an identity graph. It was very insightful, and the audience was glued to the screen. What caught our eye was the end when they said, “look at that picture – you know what that means. You know what that means you are supposed to do” Even in 2019 when I was at Gartner, augmented intelligence was present so hearing, “look at the picture” was surprising. More commonly is generative AI incorporated so it suggested actions based upon what is seen. Fortunately, Microsoft was there to bring it all back to 2024. There was an Microsoft Entra deep-dive by Nichole Peterson as well as a Microsoft Entra with Co-pilot demo that allowed attendees to zoom back to 2024.
Next Year’s Conference
Next year’s Identiverse is held June 3-6, 205. Furthermore, next year’s conference will be at Mandalay Bay.
*When vendors’ names are shared as examples in this document, it is to provide a concrete example of what was on display at the conference, not an evaluation or recommendation. Evaluation and recommendation of these vendors are beyond the scope of this specific research document. Other examples products in the same category may have also been on display.
©2019-2024 TBW Advisors LLC. All rights reserved. TBW, Conference Whispers, Industry Whispers, Vendor Whispers, Technical Business Whispers, Whisper Reports, Whisper Studies, Whisper Ranking, The Answer is always in the Whispers, and Fact-based Research and Advisory are trademarks or registered trademarks of TBW Advisors LLC. This publication may not be reproduced or distributed in any form without TBW’s prior written permission. It consists of the opinions of TBW’s research organization which should not be construed as statements of fact. While the information contained in this publication has been obtained from sources believed to be reliable, TBW disclaims all warranties as to the accuracy, completeness, or adequacy of such information. TBW does not provide legal, or investment advice and its research should not be construed or used as such. Your access and use of this publication are governed by the TBW Usage Policy. TBW research is produced independently by its research organization without influence or input from a third party. For further information, see Fact-based research publications on our website for more details.