- il y a 2 jours
Trust Through Security: Reinventing Digital Identity Protection
Catégorie
🤖
TechnologieTranscription
00:00Hello, hello audience. It's such a pleasure to be joining you here on the Purple Stage.
00:05Is everyone having a good time at Viva Tech? Yeah?
00:11Okay, well, please everyone sit down.
00:16Okay, so I've been on the Blue Stage for most of the day, but I'm really happy to be switching
00:19over now to your stage.
00:22And we're talking about global cybercrime, which costs the economy $10.5 trillion annually.
00:28And this is where digital identity protection is really key.
00:33We don't just need to stand up technology.
00:35We also need to train people and stand them up so they can also understand the risk.
00:39Now, I think one of my panelists said to me in a call that we were having earlier on that
00:43trust is fragile.
00:44It's robust until it's not.
00:46So how then do we safeguard businesses, individuals, and ensure a system of trust through robust strategies?
00:52Well, that's what the panelists are here for.
00:54It's my pleasure to introduce everyone in the audience to Nathalie Gauzet, Philippe Poutinet, and Matthias Reinwart.
01:00Guys, pleasure to have you.
01:02If I go down the line and ask you to introduce yourselves to the audience and tell us all a
01:06little bit about what you do.
01:09Thank you very much.
01:10Hi, everyone.
01:10My name is Philippe Poutinet.
01:12I lead the product and customer marketing organization at DocuSign.
01:17And I'm really responsible to make sure that, you know, we are listening to our customers and just really give
01:24them exactly what they want.
01:25And for us, trust is at the core of everything that we do.
01:30Nathalie?
01:30Hello, everyone.
01:32Good afternoon and very happy to be here.
01:35I'm Nathalie Gauzet.
01:36I'm responsible for the identity and biomimetic solutions at Thales.
01:40So like all businesses in Thales, what we do is to make sure that we build a world in which
01:46every citizen can trust.
01:48And in my business in particular, we design, develop, deploy identity management solutions in which we believe all citizens can
01:57trust.
01:58So this is where cyber risk is indeed very important.
02:02Thank you so much.
02:03And Matthias?
02:04Thank you.
02:05My name is Matthias Reinwart.
02:06I'm the director of the practice identity and access management at Kupinger Coal Analysts.
02:11So we are an analyst company, not a vendor, not a consultant company.
02:15We are neutral and we help our customers, and that can be vendors and that can be end users, in
02:21navigating the area of cyber security and identity and access management in projects, but also in designing the products.
02:28And that's what we do.
02:29For us, cyber security is mainly identity because I think the really important part within cyber security is protecting identity.
02:39And I love the sentence, hackers don't crack your system, they log in.
02:45And I think that is important.
02:47And so I hear all of you talking about this idea of trust.
02:51And so Philippe, I'll come to you first.
02:52Obviously, there needs to be huge trust in the product, in the brand itself.
02:56So when someone sends, obviously, through DocuSign, a contract or a document, there is that instant trust that is attached
03:03to it.
03:03You believe it and you trust it.
03:06How have you really been able, you know, through DocuSign, been able to ensure that trust and to build that
03:12trust, build that relationship also with the person that's using your products?
03:18Yeah.
03:19So at DocuSign, what we say is trust is not given.
03:24You have to build the trust.
03:25I think this is something that is extremely important.
03:29To set the context here a little bit, we run a survey in partnership with Entrust.
03:36And when it comes to fraud, you know, we realize in this survey that a lot of European companies, like
03:42some of the respondents,
03:44they lose up to 1 million euros every year, you know, due to the fact that, you know, there are
03:49some breaches.
03:51But the good news here is 70% of them decide that they're going to have to invest heavily in
03:58technologies just to make sure they avoid, you know, having all those issues.
04:02So with that said, trust is number one priority for DocuSign.
04:07And, you know, it shows because we're very lucky to have 100% of the CAC 40, you know, companies,
04:14CAC 40 companies, you know, working with us.
04:16And, you know, really, we want to play a crucial role, you know, really in Europe.
04:22And we've been kind of one of the main driver in Europe of the, you know, trust, one of the
04:28main trust players, designing, implementing all the three layers of e-signature across Europe.
04:35And this is really at the core of everything we do.
04:37But not only we do that, we work across Europe to be able to provide interability between the seven, you
04:44know, countries, you know, that are in Europe.
04:46And trust to make sure we really build this trust.
04:49And lastly, what I would say with AI, which is really the, like, the new things which we need to
04:57all need to just come and build is how do we work more and more closely with local agencies and
05:03local regulation there to help build this trust and make sure we get as close as possible, you know, to
05:09the companies in this country.
05:11Recently, in the UK, we work with, you know, right to work, you know, to just really, you know, help
05:16them and implement the solution in Germany, you know, with the anti-money laundering initiative just to be able to
05:23understand.
05:23So, I think what I'm trying to say is, going back to my point at the beginning, we have to
05:28earn that trust.
05:30And that trust is, you know, going through a lot of technology, working with a lot of our vendors and
05:36really being there to make sure we keep it.
05:39Because, as you know, trust is lost very, very quickly.
05:42But when you bring up the right to work, I mean, obviously, people are sending their most important documents, their
05:47passports, their IDs.
05:49So, how have you been able to really ensure that, you know, the system itself works so there isn't a
05:54backdoor that can be manipulated?
05:57Yeah, this is, I'm not going to go into the detail of all the technology here.
06:01But I think this is where, working very closely with local regulators and local systems, that we know also exactly
06:10where are the problems.
06:11And we run surveys, we know that the weakest link are username and password.
06:17Still a lot of people use 1234 as a password.
06:20We know phishing.
06:21So, there's just a lot of training that we do also internally.
06:25And also, we just convey to a lot of our customers that they just need to make sure that, you
06:30know, we fight very hard.
06:31And, of course, identity verification is the core of everything, you know, we are doing, you know, to ensure the
06:37trust, you know, that we can provide for our password.
06:41But, good question.
06:42And so, Natalie, then, I mean, obviously, we're continuing this thread of trust.
06:46But there also needs to be a simplicity attached to the digital product.
06:50So, take us through how you've been able to build that into the products that you use, especially wallets.
06:55Yes, obviously, managing the right balance between security, privacy, and user convenience is at the core of the trust we
07:05need to build.
07:06Because, of course, all the citizens need to be confident that their data is safe.
07:12But one of the big risks would be that they don't use these ID solutions because they are not easy
07:19to use.
07:19So, we need to find this balance between that.
07:23And we at Thales, we believe that there are several answers to that.
07:27First, in the design phase, meaning that we need to mix both the design of the UX, managing the user
07:35experience, with the security by design.
07:38And here, it's about embedded strong encryption into the system, data encryption, managing cyber security in a holistic manner.
07:49So, making sure that we embed cyber security from the core to the edge.
07:54And integrated privacy protecting technologies such as user consent management or data minimization so that, indeed, the citizen can make
08:05sure its data is protected.
08:07We believe, in that matter, that using biometrics, in particular, is the right mix because it provides both the security,
08:16embedding and involving the unique link between an individual and its identity, but also being very easy to use.
08:25Indeed, digital wallets are a solution into that being and becoming a one-stop shop for identities and for use
08:36in both public and private services.
08:39So, it's one of the initiatives that we see growing, in particular in Europe, where the European digital wallet is
08:47a very interesting initiative from this perspective.
08:51So, at the end of the day, all that is making sure that we'll build identities which are all secure,
09:00modular, and scalable, interoperable, and inclusive.
09:06And what that means, at the end of the day, is to build that, we need the right collaboration between
09:12all entities, governments, citizens, local regulators, as you were saying, Philippe.
09:20But also, private sectors.
09:22One of the examples we have developed at Thales around that is deploying such a solution for the state of
09:30Queensland in Australia, for the Department of Transportation in Queensland,
09:35where we have seen all these key success factors being involved, so bringing both the citizens, the technoprovider, and the
09:45government, as well as the local regulators, from the very early stages of the design to the pilot phases and
09:53then to the go-live,
09:54making sure that they design the security from end to end in a holistic manner, and following that in the
10:02field, and the result is there, with one of the highest adoption rates of a digital technology, more than one
10:09million users in one year.
10:11So, that's one of the good experiences that we have.
10:16So, Matthias, coming to you then, Matthias, you know, all of this sounds really good.
10:21I mean, both of them are talking about, you know, these digital products that they have, that they say, you
10:25know, work completely, there's trust.
10:27But where, perhaps, are the back doors where these things can be manipulated?
10:33Perhaps not, obviously, your products, but perhaps, you know, where can we see this protection, digital protection falling apart, perhaps?
10:40Maybe one example that we've seen, although we don't know whether it's been a breach or not, and it actually
10:47doesn't matter, was the breakdown of the power infrastructure in the Iberian Peninsula.
10:53So, that was really something that shown us how fragile these digital physical infrastructures are, and that not much is
11:02needed to break them and to interrupt them.
11:06And if you think of how many different types of identities and how many identities are involved in such a
11:13system, that goes far beyond these approaches that we've heard when it comes to citizens, to people, to customers, to
11:22consumers.
11:23Or to employees, it goes far beyond that.
11:25We have identities, and that's a growing field that represent APIs, that represent bots, autonomous systems that act in such
11:34a complex systems.
11:36And all they need the same kind of proper protection while understanding their life cycle.
11:42So, a bot is different from a person.
11:44An employee is different from a partner, from a consultant that is working for you.
11:49And you need to manage all of these identities properly, otherwise you have your own homemade, yeah, as you said,
11:59your own homemade gap, your own homemade problem when you have no proper governance, no proper insight into what's going
12:08on.
12:08And one less, or one least managed good identity could be the access point for such a breach.
12:18But it is quite fascinating, because obviously, you know, when it comes to the incident in Spain and Portugal, you
12:24know, they said it wasn't a cyber-related threat.
12:26They said it was something else.
12:28But it really gives you an insight into what could happen.
12:32And when we look at the U.S., their national grid is one of the most protected things of their
12:37infrastructure in the world.
12:38And they always say that if you take over the national grid, you can take over America.
12:42So, was this perhaps a moment where it gave, you know, people like yourself or perhaps, I don't know, governments
12:48an idea that we need to rebuild or rethink our infrastructure and the processes in place?
12:54Absolutely. And I think we talk about cyber security right now, but actually, if there is a breach within the
13:02grid, it's not really about cyber security.
13:05It's about resilience. Just because you have a breach, you cannot shut down the system and try to find the
13:10error.
13:11You want to make sure that the system continues to run while you are cleaning it up in parallel.
13:17And that is a different approach. And that is something that we need to prepare for.
13:21And that is something that is somewhat awkward to cyber security professionals because they need to learn still what resilience
13:30means in that context.
13:32And that's something that we need to teach them. And I think all of us.
13:36Yeah, I totally agree with you. I think this is all the element or the weakness, you know, across the
13:42entire, you know, life cycle of everything.
13:44I think this is something that, you know, comes a responsibility between, you know, us as a software vendor, but
13:51also, you know, working very closely with the government, with the local entity, which, you know, we take very seriously.
13:57As I just mentioned at DocuSign, it's like understanding what is happening really in the region and not basically one
14:06size fits all.
14:07I mean, this is this is as simple as it is just like what is the specificity that we can
14:11give to each and every one of you in France, in the UK, in Germany or in the US, but
14:16just don't treat it as like everybody's get the same treatment.
14:20But, I mean, you know, nowadays people, it seems as if governments really do understand the risk, but do they
14:27have the resources and perhaps the infrastructure to really, you know, manage against any, you know, future risks, Philippe?
14:36I mean, it's interesting to look at it from from the DocuSign perspective, because I'm based in the US and
14:43I see what, you know, the US would do and how we work in the US.
14:47Some governments actually lean in more than other ones.
14:50I mean, this is really exciting here, for example, to see all the French tech, all the sovereignty, all the
14:56local effort that actually a country, not even, you know, a continent, but just a country is actually putting into
15:03such a serious matter.
15:06And some other ones don't really, you know, look at it this way.
15:09They just kind of like potentially, you know, just leave you to actually work with what exists out there and
15:14just adapt your solution with what it is.
15:17So, it's a country per country basis, unfortunately.
15:22Let me ask both, perhaps, from what you've seen at VivaTech so far, are you seeing any sort of innovation
15:29that you think is kind of cool as well when it comes to digital protection?
15:32Well, first of all, if you look at the future and future of the risks, obviously, to start with, what
15:41we can see is that the risk and the cyber frauds are more and more sophisticated, faster, and also more
15:49coordinated.
15:50So, we need to fight against that.
15:53And obviously, digital identity being at the cornerstone of the digital transformation, it becomes both the gateway to access the
16:03digital services, but also the target.
16:06So, indeed, going into the protection of these digital identities is what we need to start with.
16:13And not only, just to rebound on what you were saying, not only in a reactive manner, but really preventing
16:20that.
16:21So, we're working ahead, anticipating, and integrating all the possible future technologies that we can see arriving.
16:30So, obviously, in the domain of security, you have a lot of things which emerge.
16:37I think there was a session before on post-quantum cryptography at Thales.
16:42This is an area which, obviously, we start being in, so implementing in our products.
16:49I talked earlier about biometrics.
16:52I really see the emergence of biometrics as being one good way of managing security and user convenience.
17:00And here, it's all about implementing behavioral biometrics as well.
17:06And, obviously, going into more end-to-end cybersecurity and moving to cybersecurity cloud-based identity platforms from end-to
17:17-end.
17:17So, that's for the security front.
17:20For the user convenience front, I talked about the use of biometrics.
17:26Using digital wallets will probably emerge and become the reference.
17:32And here, we can see a lot of standards which are emerging, both in Europe and also in the rest
17:38of the world.
17:39So, working with all local regulators will be key in order to implement those.
17:45And here, it's all about implementing verifiable credentials, which the citizen can decide to share part of the data, part
17:55of their identity, part of their attributes.
17:58So, keeping the data at the control of the citizen.
18:05And this is linked to the concept of self-sovereign identities, which we can see also occurring very much, which
18:13is all about user empowerment.
18:15But I would say that, on top of all the good technologies that we can see here at VivaTech, and
18:22all of them being progressively implemented,
18:26what I strongly believe is that there will be the need, if we look at future digital identities, two big
18:33needs.
18:34The first one is, again, the need for collaboration between all these entities that are working across identities.
18:43Be there governments, local regulators, again, private sectors, finance or mobile companies, mobile telcos in particular, but also the citizen.
18:56So, bridging the gap and making sure this collaboration occurs will be key.
19:03The second one is about managing the societal challenges that will come with it.
19:08And I believe you have all heard about some of the questions that the use of biometrics in particular can
19:15raise.
19:17Managing the balance between security and user convenience will be a key question for the society, and the management of
19:25this will become key for the future of digital identities.
19:30Okay, so, Maticus, then, perhaps...
19:32Oh, yeah.
19:34So, from what Natalie was saying, do you think there is that balance that is understood with the end user,
19:40then, the everyday user?
19:41Do they understand the need for, you know, obviously, these are great ways for, you know, for technology to advance,
19:47but also that they need the built-in protection as well.
19:50Is the right balance being found right now?
19:54Simple answer, no.
19:56So, first of all, we need everything that Natalie said when it comes to privacy-preserving technologies that help you
20:02in only disclosing what you actually need to disclose.
20:06And nobody knows how old I am when I try to buy cigarettes.
20:10It's just enough that I'm F, of legal age.
20:13That is minimal disclosure to say, yeah, this is Matthias, and he is allowed.
20:17So, there, we can get much better.
20:19People are still very reluctant to give away too much data.
20:23Who has his passport copied when they checked into their hotel?
20:29I think most of us.
20:30Why?
20:31So, this is something where we still need to work on.
20:34So, this is convenience on the one hand side.
20:36On the other hand, it's really protecting my data when it's not needed.
20:40That is something that we need to understand.
20:42And I think, yeah, I hope that answers the question.
20:45So, we're really not yet there.
20:47But would you say that there's a general buy-in from the end user then, that they're understanding it?
20:53And perhaps, is it also a generational thing?
20:55Because someone who is from older generations, they may not necessarily want to start using these wallets and apps or
21:01DocuSign, etc.
21:03So, is it by generation?
21:05Where is the trust?
21:07I don't think it's a generational problem because if you look at kids you have in access, ask them how
21:14many of them have activated multi-factor authentication.
21:17I don't know.
21:20Is it also a country thing?
21:22Different countries, different nationalities, sometimes things.
21:25I mean, I got a lot of people I work with.
21:27And depending where you're coming from, you potentially have a tendency to be willing to share more or to share
21:32less.
21:33It's, I mean, we see cultural.
21:36I mean, you see it here.
21:37I think Europe is really big on protecting.
21:42And there's a reason why, actually, we are our engineering team for identity verification, actually, based here in Paris.
21:51You know, that's, I think Europe definitely just goes higher in the threshold that they can.
21:56Maybe the U.S. go a little bit lower.
21:58And there's some countries in Asia that are actually just, you have my data.
22:01Well, it's okay.
22:03Would you agree?
22:03I think, yeah, if I may.
22:05So what we have seen is that, yes, that there can be trends, local trends, regional trends.
22:11Bridging the gap across generation is also all about making sure that you provoke this user experience, bringing them up
22:20front and testing it.
22:21What we've seen in Australia in particular, the example I was giving before, is that the way the adoption has
22:29been made is really having user groups involving a lot of different users from all ages, also making sure that
22:39this was inclusive.
22:40So involving disabled persons, for instance, in this user group is one of the reason why the adoption rate has
22:48now reached 20% of the population in the state of Queensland.
22:52It's really having these user groups being involved up front and being able to test it prior to the go
23:00live.
23:02And perhaps you would like to comment on that.
23:04I mean, how important is it from the diversity element?
23:08Yeah, I think the most important thing we need to understand is that we are building solutions not for the
23:14attendance of this conference, because these are tech-savvy people.
23:19They know that.
23:19We need to involve everybody, and that has to be a grandma, that has to be disabled people.
23:26You've mentioned the inclusivity problem, and it should work for everybody.
23:31Maybe when it comes back to the national or regional topic, if you look into the Nordics, where they have
23:37reliable digital identities for quite a while, and bank IDs or whatever, they are used to using that because they
23:45have to.
23:45And it's an experience process, and you need to educate people, and they are educated because they need to.
23:53The less good a company is, and I'm German, I know how bad you can be when it comes to
24:00enforcing digital identity to the end user.
24:04The less good you are, the more you trust the typical social media platforms with managing your main identity, which
24:11is bad.
24:12So we're talking about digital literacy then, essentially?
24:16Absolutely, and I think we need to get better there, and of course we need to provide solutions that help
24:22the citizens, the people, everybody, in protecting themselves.
24:27So why does a password leak?
24:30Yeah, because I have a password.
24:32Please prevent the password, so then it cannot leak.
24:35Implement technologies that help you protect your identity, and that is something that we can do, you do.
24:41And people should learn that there are ways around that, and that they get better.
24:47Yeah, I mean, I was like, you were like that from an analyst perspective.
24:51I was reading an analyst report that says, like, still 90% of the incidents are due to human error,
25:019-0.
25:02That's a big number.
25:03And also, like, we, you know, because we have to do it, so we run a lot of research and
25:08trying to understand, you know, where all the issues are coming from.
25:11So we know at DocuSign, everybody else also knows where it's coming from.
25:17Password, bad password, bad username, like phishing attack.
25:21We know exactly the human is the one making the mistake, and we know also where the bad actor is
25:28actually acting.
25:29So we've got the data, we've got it all.
25:31Now it's basically our responsibility to just work on both sides.
25:36You know, number one, we need to make sure we work with the humans, and we need to train them,
25:41and we need to help them, educate them.
25:43And the other one is, yeah, we need to make technology better.
25:45And so when you talk about training, do you mean the end user as well, but also perhaps the people
25:49within your workforce?
25:52Great question.
25:55Yeah, actually, let me give you an example.
25:58We have a tool internally, I'm not really sure, actually, it's a vendor, it's called Fox Hunt.
26:02It's a gamification of, you know, trying to find phishing attack.
26:08So we basically, all the employees basically participate in this concept of gamification and recognizing a phishing attack and putting
26:15it in a little folder and receiving points.
26:17But that way, we just incentivize our entire workforce to be on the lookup, to learn, and also, you know,
26:26to be able to just increase their skills, because the human is at the core of everything.
26:31So, yeah, gamifying the learning experience.
26:34Just for us, it's been working.
26:36Yeah, go ahead.
26:36Yeah, you're right.
26:38It's not only about training, I would say, the external environment.
26:42It's also training our staff, our teams.
26:45And we at Thales, it's very recognized.
26:48We are a business, a company of engineers.
26:52And so we like very nice solutions.
26:55And in particular, security is at the core of everything we do.
26:59So it's not something on which there is, I would say, a specific need to train our people, because it's
27:05really embedded in the DNA of our people.
27:08When it comes to user experience, still, here we have a step to climb.
27:15And it's part of the training that we want our teams to follow, making sure that, indeed, we design solutions
27:22which are easy to use, easy to deploy as well.
27:26So that's part of the training path.
27:30The second one is also making sure that we develop responsible solutions.
27:35And so it's something which is also very important for us at Thales, making sure that all the things that
27:43we do are developed in a responsible way, making sure that we develop it on a netical way.
27:50We use data following GDPR and so on.
27:54And that's where we also need to train our staff.
27:58Well, you brought up regulation.
28:00So I'm going to come to you for this question then.
28:02I mean, in order, you know, for companies to obviously, you know, have a basic level of critical protection of
28:10their critical infrastructure, is regulation a hindrance or is it a support?
28:15I mean, if you look at new sort of incoming legislations like DORA, I think I read a stat that
28:20says studies suggest that only 29% of financial entities have a roadmap in place.
28:25So even though you've got the EU, you know, putting through, pushing through all of this legislation, the uptick is
28:31still really, really slow.
28:34Yeah, first of all, not every regulation really helps.
28:38But NIST 2 and DORA are some that I really think are of importance.
28:42And they introduce concepts and responsibilities for the companies that are really important because they address what's going wrong.
28:50And that includes identity management for your supply chain.
28:54That includes having insight into your risk posture at runtime and not once a year.
28:59And this is something that is really important.
29:02Having said that, yes, unfortunately, many organizations are not yet there.
29:08Either they think, oh, it's not yet translated into national law, I'm thinking of NIST 2, Germany as well, not
29:14yet.
29:15So this is something that we have still some time and we can start when it becomes a law, which
29:21is not true.
29:22But spending the money for something that is not immediately productive is something that usually falls through the cracks and
29:32really is forgotten,
29:33which is ridiculous because of the importance and the liability that goes with NIST 2 and DORA.
29:41So these are really requirements that need to be used.
29:44And I would really recommend starting today to do it properly.
29:51We are not implementing that.
29:52I don't get any money out of that.
29:54But improving the security posture and the resilience of these organizations, that is really important.
30:00Would you like to comment on that about resilience in organizations generally?
30:03Because I'm sure that you guys at DocuSign are following all of the regulations and all of the stipulations you
30:07need under the regulations.
30:08Yeah, this is a big topic.
30:10I think, you know, the way we look at it is there's organization and technology needs to evolve.
30:17And we need to just continue to push there.
30:19But there's also a responsibility at the human level.
30:23The way we combine all of those and we basically, you know, evolve and just get what's in front is
30:30just going to take just a lot of effort, focus, and just being done the right way.
30:36I think sometimes we have a tendency to just try to tackle them all and just try to go very,
30:41very fast.
30:42And I think it just needs to be fundamentally at the core of what you want to do and just
30:47go one another.
30:48And that's really what I think you're saying we focus is like, how do you take one specific problem, wherever
30:54it's security, trust, governance, and how do you tackle them?
30:59And then how do you deploy them, you know, for your user where they are?
31:03The problem of Morgan Stanley in the U.S. are totally different than Crédit Agricole in France.
31:09And this is where we just need to be really, really close to our customers to just really understand and
31:13serve them with what they need to provide them with the local problem.
31:18Like, this is not even a, you know, it's based on their needs and the local needs.
31:24Yeah, what we believe at TELES is that, first of all, following the local regulation is a must.
31:31It's a must because it's the way to guarantee that the identities we are developing are interoperable and that the
31:40identities that you are using can be used in a country or in another one and access the same type
31:47of services in one country or in another.
31:51That's exactly the principle of European digital wallet, where indeed the goal is to have, like, students being able to
31:59travel from France to Spain, open a bank account there using their identity.
32:04So it's exactly the goal.
32:06And the standards will allow for that.
32:08But we also believe that we need to go one step beyond, and in particular in two domains, the first
32:14one being security.
32:16We believe that, indeed, making sure that the citizen can trust the identity and trust that they are secure means
32:23also to manage the security at a higher level.
32:26And here, it's from the core to the edge, again, from the mobile phone to the infrastructure, and making sure
32:34that the security is embedded everywhere.
32:37And the second one is in the domain of the data privacy.
32:41And, again, it's a matter of making sure that you go beyond in terms of ethics, making sure that the
32:48algorithm you use, for instance, the biometric algorithms you use, are using protected data, that they use data which are
32:56non-biased, to make sure that it respects the whole population, making sure that you manage user consent in all
33:05the applications that you deliver.
33:06So, here, again, there are many, many things where you need to go beyond the existing regulations to build the
33:13trust.
33:14Okay, Mathias, I'll give you the final question, then.
33:17So, I mean, obviously, AI is so sophisticated.
33:20The scam is becoming so elite.
33:22So, what should companies be looking out for, and how should they be safeguarding themselves?
33:27I think the first starting point, and it's just 30 seconds, is understanding what you have.
33:33I think many organizations do not understand which type of identities they have, and how many they are, and how
33:38well they are governed.
33:39I think that is the main issue.
33:41We at Cooping & Coal have a concept that's called the identity fabric.
33:45It's just mainly mapping identities to the types of systems that they need to access, and managing them through their
33:51life cycle and in their access.
33:52This is something that everybody should exercise, and starting from that, understanding, okay, I have bots, I have employees, I
34:00have partners.
34:01Let's deal with them properly for each and every identity as it is appropriate to them.
34:07That would be something that I would recommend, really making sure that you understand your identities.
34:12You cannot secure what you don't know of.
34:15Indeed, well, listen, it's been amazing to chat to the three of you.
34:19Audience, a round of applause, please, for the panelists.
34:22Thank you all so much.
Commentaires