State of Trust - Americas On Demand

Americas
Keynote Sessions

Trust in an Age of Geopolitical Upheaval

Beth Sanner

Former Deputy Director of National Intelligence

Join Beth Sanner for a thought-provoking discussion on how trust is both a weapon and a vulnerability in an era of AI-driven deception, cyber threats, and global instability.

Live Q&A with Beth Sanner: Insights from a National Security Expert

In this live Q&A session, Beth will share her insights and answer your most pressing questions. Expect a dynamic and thought-provoking discussion that will leave you informed and inspired.

State of Trust Keynote

Andre Durand

CEO & Founder, Ping Identity

Join Andre Durand as he explores the rapid evolution of trust, it's impact on your business, and the paradigms that must shift to exist in this new reality.

Architecting Tomorrow's Trust-Based Identity

Peter Barker

Chief Product Officer, Ping Identity

Join Peter as he explores how Ping and real-world businesses are reimagining how to make trust a foundational pillar.

Evolution of Trust

The Future of Identity: Trends, Challenges, and Innovations

An exclusive conversation with Forrester’s Geoff Cairns to help future-proof your IAM strategy.

AI, Partners, & Humans: How Trusted Relationships Protect Your Business

Learn how to architect trust to ensure secure, seamless collaboration in an era of uncertainty.

AI and the Trust Dilemma: Balancing Innovation and Risk

Explore how to harness AI for secure identity automation while defending against AI-powered threats.

Implementing Trust

Building Trust into Exceptional Customer Experiences

Learn how to seamlessly leverage adaptive access, orchestration, and progressive profiling to create secure, frictionless user journeys.

Blueprint for Trust: Securing Third-Party Relationships for the Modern Enterprise

This session explores how to secure third-party ecosystems, delegate admin access, and manage identities at scale while driving business growth.

Empowering Your Workforce with Verified Trust

This session explores how to secure seamless access, adapt controls, and manage identities—boosting efficiency without compromising security.

Our Mission of Trust In Federal Identity: Flexible and Compliant Solutions

Learn how agencies can combat threats, ensure compliance, and enable seamless collaboration across agencies, contractors, and supply chains.

Welcome Beth, thank you very much for that wonderful presentation.
Um, I very much enjoyed it.
Um, so we are live, I've just, it's just been confirmed, so, Uh, and so Beth has joined us to really take some questions from the audience.
Um, and give us some more insight based on, you know, whatever we, We, we come back from, from what's gone on just now, and what the, The, the, the people on the, on the call are interested in learning about.
But before we do that, I'm gonna start.
Off with a quick question from myself.
And going back really to the, the first half of your presentation, I'm very interested in understanding, um, how do intelligent professionals, Um, assess the trustworthiness of a source in high-stakes situations, And are there parallels we can, um, join together with business and apply in this, In this context, in this world we live in.
And certainly the mantra of any intelligence community person is to have Verification of a source.
We call it corroboration.
Right?
So, we don't ever want to have one.
Piece of intelligence or one source telling us um that something is Right or wrong, or giving us a line.
We always have a process in place where we Assess the credibility of that source, and then we try to also corroborate it by checking it against other pieces of information.
You know, so if, um, if somebody is telling me that, you know, They believe in, in the sky is blue, OK, well, you know, That sounds right, but we'll still, if they said it wasn't blue anymore, We would definitely be checking.
Excellent, yeah, so the parallel in our world is all about context and signals.
So as we, um, take information in through the digital, you know, Digital methods we have, it's corroborating that that Beth is Beth, Beth is where she should be, Beth is doing what we expect her to be doing, And so it's building that context around that interaction.
Um, so that's the, the, the parallel I think with, with, with between business and espionage, which is, it's a strange conversation to be having This morning, um.
So, uh, uh, the, the other thing is, you know, we always talk about, Um, how the humans are actually the weakest link, and that, That's, that's certainly something that from The, the, The security, um, industry, but, you know, on our side, but also from, from your world and your experience.
Um, and so what do we do inside an organization?
What are the practical sessions we can do to Build trust, um, but with humans, but also like continuously monitor it.
Right.
I do think that there has to be kind of this Contract with the people who work in any organization to say, This is why we're doing this.
And I think that the example with the deep Fakes and so much going on, I think people can understand now a little bit more.
Clearly, this isn't just you spying on me to try to, like, track what I'm doing, But this is because if you don't, someone could be pretending to be me, and that could have, um Equally bad consequences for the business and also for the individual.
Um, because sometimes the individual themselves then is compromised with their own personal, Um, information and, and so that's, uh, you know, obviously no one wants that.
And so I think that there needs to be transparency around these initiatives, and there Also needs to be a lot less finger-pointing when people mess up because humans are Humans, and you know, only by the grace of God Go thee or whatever phrase you want to work.
Glass houses, all of that, right?
It could happen to anyone.
And so I think we need to be very careful to be Um, not so much about like, You know, people always checking up and, you know, scolding and, Um, you know, threatening.
I think that we need to be much more gentle, and this kind of we're in this together kind of Idea that it could happen to the CEO.
We know that we've got to work on these things.
Together and continuous monitoring is one of those things that will help all of us.
Excellent, thank you.
Um, so I, I know you have an opinion on, On the next, uh, question because we, we actually covered it again this morning.
So, um, really the, the, the concept of going beyond, uh, Zero Trust, right, so we have the concept of Zero Trust, It's something that we use across industry.
But, um, one of the, the, the elements of the question is, Is, is combining with Zero Proof Knowledge, uh, 00 Knowledge Proofs important, Or is there something beyond Zero Trust where, um, you think we should be going?
Yeah, I kind of feel like Zero Trust has more of a slogan than an actual thing in a way.
I mean, yes, we have these protocols that are called Zero Trust, But they're not really.
And so I, I don't think they work as kind of airtight as what people purport that they Are.
And so what you want is, you want to have Multiple systems where you have high trust process and clarity on process where process That is more complex and, um, and can evolve can evolve with threats And so, you know, I, I just think this is such a changing, um, atmosphere, Uh, the threat space with AI developments that, you know, You just can't sit around and say, "Well, this is how we do things." It has to be constantly evolving, and this double-checking, um, Of the identity in particular is very key.
Yeah, so, and again, so moving beyond that, so um, so if, If the identity is breached, what's next level can we do?
Is it just, um, you know, closing the door after the horse has bolted, and, And just, you know, doing post-incident analysis, or are there other things we can do Deeper within our systems if the identity is breached?
Well, I think that you have to really pay attention to what absolutely is the information that you as your company need to protect.
And that shouldn't be something that anybody's uh identity can get access to.
So a lot of this is about compartmentalizing the systems.
I mean, this is a very intelligent idea, right?
Compartmentation, and what we mean by that, is, You know, only a small group of people could ever even have access to something, and, And so that there are ways of hiding off um accesses, and you know, Making sure you have all of these kinds of things built in where you've truly identified What's important and what, you know, what cannot leak out.
And then, you know, you have kind of a relative level of, Of stress in your system where you can accept some risk, You know, uh lower down in, in the system, but there has to be firewalls and breaks and UM controls within that.
That's one thing.
And I think that the whole idea of resilience is so important, like we're really not Practicing.
Um, you know, when you say, well, we can do, you know, After actions and see what's going on, you know, I mean, I think that people who really work in this space talk about, You know, the percentage that you should be focusing on: What would you do after an attack?
In terms of the resilience of how you shut things down, What do you do and make sure that you have each part of your system, Each person has a very clear role, so everybody's not running after the, You know, the CISO's job, but actually the People Officer.
Needs to be reaching out to everyone and telling them that now, OK, they need to go in right now and redo this.
They need to reset this, or, You know, somebody else is reaching out, you know, Making sure you're checking your reputational things.
Um, there's a whole like everybody on the team needs to have this reaction, Resilience and the rebuilding.
Um, process and even the idea of what, what would you do if something really did get Destroyed, how would you, how would you build it back, and how would you build it back better?
Yeah, so I mean it's an interesting topic, I think, uh something that I talk about regularly In front of, um, uh, customers and, and, and audiences.
Um, it's, it's something that's transitioned from Government, Especially military, uh, organizations as, as those people have left those organizations and Gone into business, the sort of disaster recovery planning, Scenario planning.
Um, that's become a really important topic, um, and I think more businesses, You know, if we wanted to be prepared, it's, it's be prepared for the pre, The during, and the after, and, and war game Those out.
The, the other, the point you made at the beginning is, Um, in our industry we call it least privileged access, and I think it's a really important Concept to, to, and that is directly.
Taken from your world, um, you know, the top secret eyes only type documentation and, You know, who has access to what and impact levels.
So it's, it's fascinating to try and join those two things together.
And I think Alex, that we're not always thinking about the right information being that Most important to protect.
Right, that we might think that it is the formula.
OK.
Well, that formula for whatever, you know, actual property you have is really, Really crucial.
But maybe it's your, maybe it's your billing.
Information, maybe it is in the business that you have protecting your customers' data.
I don't know what it is, but like you, you know, we really need to think a little bit Sometimes differently about what is the, what is the essence of this business and what is Important.
What must we preserve and not risk?
Losing.
And, and that may not be the kind of Obvious technical thing.
Yeah, that's a very good point.
I think, um, to sort of step up again, um, to more the geopolitical thing, And it's, it's, it, I think it, there's a question from the audience, Um, are nation-state actors using AI to send out more severe, impactful attacks currently or In the near future?
And I think we know the answer's yes.
But the question is, you know, in, in, in your world, what are you, What are you seeing?
I, yeah, I mean, I think we're seeing more Of that, um.
But in some ways, Alex, I wonder whether businesses care where it comes from.
You know, I mean, in a way, do you, do, does it matter?
It might matter in how they, in, in what they are doing.
Um, but if you can prevent that from happening in the first place, And you know, as I was saying in my talk, um, you're seeing such a, An adoption by, um, criminal groups of the kinds of things that only nation-states could Have done before.
So, if it's about sophistication, you know, that.
That, that's, you know, we're having this democratization of the AI, Um, input.
So, in some ways, yeah, I think it's important To know in terms of who might be targeted.
But what we're also seeing, for example, with China is that the collateral damage because They don't care about the collateral damage.
You know, Unpredictable in many ways to any business.
Like I'm not gonna know that China's going After something, you know, related to, to me.
And so it doesn't really matter.
Again, so what really matters is that we've got Our systems in place, and then we've got that We're actually exercising.
On critical worst cases like the UK, um, threat matrix and then that we really have a Resilience plan in place, but we've done everything we can to prevent that from Happening in the first place regardless of where it comes from.
So it's kind of, I'm sorry, I'm kind of dodging the question a little bit.
No, that's OK.
And so we've got time for one more question.
I think, um, that we did a good job of it this morning.
I think it's a really important question.
If you could give one piece of advice to CEOs and business leaders about navigating today's Volatile landscape, what would it be?
Yeah, I think that the main thing right now is that we have to understand that our world is Changing.
And it has changed already.
That in the last 60 days, we've had an acceleration of changes that already in many Cases were underway, but in other cases, we are really a reordering of the way that we think About the world.
And, in, you know, my world, we talk about Mental maps—that you have this idea, we all operate on mental maps.
It's how I get from here to the grocery store.
I have a mental map of how to do that.
But all of a sudden, the roads are different.
The stop signs are in different places, and There's this gaping hole in the middle of the road that I'm approaching.
How do I get, how do I redirect myself?
We have to understand that we can no longer Operate on yesterday's logic.
It's a quote from Peter Drucker that I really like and that, That will get us in trouble operating on yesterday's logic.
That will get us in trouble more than just the turbulence itself of our world.
Yeah, so the turbulence of our world, to, to another question that's been asked in, In, in the chat was, um, the erosion of the, the trust in the US government.
Um, effectively that's the turbulence, we just have to live in our moment and be good in our Moments.
Um, and so just one, an, an additional sort of, Uh, uh, probing question really, well, not a probing question.
Uh, nudge, um, we.
We talked earlier on about how we can partner, um, cross-industry and cross-agency, And I think it's in, you know, if we're gonna sort of leave the, The viewers of this, uh, call with, you know, and, and a bit of advice, I think something that you talk about regularly: interaction with agencies would Be very beneficial for everyone here.
Yeah, I just think that um when something bad goes wrong, Uh, you.
You know, uh, keeping it, hiding it under a Bushel is kind of the most common response, right?
Because we're worried about our share prices, we're worried about our reputational damage.
Um, we're afraid to tell anyone, but in fact, Um, we have seen such a collaboration between Our governments in trying to get money back, ransomware back in helping, Uh, the next victim potentially not be attacked.
Uh, LockBit was just taken down, right?
So we really need to have more openness and and Figure out how we can have a conversation with our equivalents of the FBI, Um, in our different, if in our different governments and figure out how do we have those Conversations in a way that protects our business proprietary information, Our customers, all of those things.
And I absolutely believe that people need to be having these conversations before you are Attacked.
So you know what sharing means and that you're comfortable with that.
And that is really so important, and it's why um the amount collected for ransomware is down This past year is, I think, you know, in large part because of the effects Of some of the big takedowns that have happened.
Um, and so I really just encourage people to uh find their government partners.
And to make friends.
Excellent, awesome, thank you very much, Beth, I really appreciate it.
Thanks, Alex, and thanks to everyone for having me.