Identity and access management as a crucial factor for security-by-default
“Why is identity and access management key to ensure the security of the default configuration settings of assets?" This is the issue that high-level speakers from IBM, NXP, TÜV SÜD and ATOS discussed during the Principle 3 “Security by Default” taskforce’s webinar, on 16 February 2022.
Identified as one of the baseline requirements outlined by the Taskforce, identity and access management means that access to assets must be limited to authorized identities only and managed based on risk and the principle of least privilege. This principle refers to requirements that would only allow access to necessary information and resources.
Find the webinar’s key findings from our speakers below or watch the recorded session if you missed it !
• “Identity and Access management at information system level is fundamental to ensure integrity of the asset during its development and manufacturing” – Security Certification Expert Thomas Ben, NXP
• “ Risk based appropriateness is key when our baseline requirements, in particular Identity and Access Management, are supposed to be applied” – Senior Expert IT Security Josef Gunter, TÜVSÜD
• “A unique identification of an asset or person is mandatory for authentication. It is then leveraged when applying the authorization policy. Unique identities are paramount for asset management” – Thierry Winter, CTO Evidian IAM Products, Atos
• Sudhir Ethiraj, Global Head of Cybersecurity Office (CSO),
• Angelika Steinacker, CTO Identity & Access Management, IBM
• Josef Güntner, Senior Expert IT Security, TÜV SÜD
• Thomas Ben, Security Certification Expert, NXP
• Thierry Winter, CTO Evidian IAM Products, Atos