The ItaliaSec: IT Security Summit is an annual gathering of IT Security leaders from across Italy. The event is an opportunity for them to come together in one space with the focus on how to best protect their organisations from cyber attack.
Ahead of the summit, we sat down with Fabio Grasso, Associate Solutions Engineer at Okta, to hear his thoughts on the state of cyber security in Italy today, as well as some context around his presentation session at ItaliaSec next month (4th – 5th April, Rome).
Read on below for the full interview!
Let’s take a look at the IT security threat landscape in early 2023: what are we witnessing?
The landscape is evolving rapidly, both from security but also from the attacks/threats side. Ransomware, and related extortion, will stay at the top list of the threats list in 2023. Attack tactics evolve, and companies need to be prepared.
Most companies run protection systems, such as antivirus, antispam, endpoint manager, and MFA. All these services collect logs and information that can help you estimate the risk of each login.
As attacks become more complex, all our platforms need to communicate with each other.
Adaptive policies and behavioral analysis need to be a focus point.
When a user clicks on a phishing link, our identity system needs to consider the risk and increase the security before the user makes their next step. For example, it should ask for a strong MFA or even a password reset and user sessions.
Based on your answer, what would you identify as the 3 key priorities for IT Security leaders this year?
Identity and Access Management means that the right people have the right access to the right resources at the right time. But this scope must not create friction for users and should be as easy and seamless as possible.
From my point of view, the top 3 priorities are:
- Understand their company’s ecosystem
- Secure everything in a seamless way
- Never stop improving your security system
Let me explain it in more detail:
- Understand their company’s ecosystem
Think about how you manage identities for your workforce, collaborators, contractors, but also customers. Try to find out the weakness of your identity management and create a roadmap for fixing them. This can involve the usage of an IAM platform or even just clarifying your processes. - Secure everything in a seamless way
Secure the access of your users by implementing Adaptive SSO/MFA functionality. We need to enforce security when users access from a high-risk endpoint (i.e., changing of country, missing security patches, old OS version). Still, in the meantime, we need to make access easy and with the right security conditions in place, so that one doesn’t need to ask for an MFA.
Passwordless access with biometric authentication can help in that sense, using a standard protocol like FIDO2/WebAuthn and the new Passkey. - Never stop improving your security system
Improve (or implement if you don’t have one) an automation system for user Lifecycle Management. Provisioning, de-provisioning, and change operations should be automatic to save your IT resources’ precious time and ensure that no one has unnecessary access by mistake.
A further level can be introducing a Governance system, which adds approval processes, reports, and recertification campaigns.
What are your recommendations for making security an integral component of organizations’ trust and value proposition? Can you share a success story of one of your clients who have embarked on this journey?
As I always say to my clients and partners, Security and Identity Management should stay at the top of your mind. Hence, creating a plan and defining a timeline for your roadmap is necessary.
During my speech, I will talk about the story of a customer that followed a similar approach. Of course, we have a lot of other examples. I’m thinking about a customer in the insurance sector that is starting now to change their identity system, introducing Lifecycle Management, using their HR platform as a source of truth, and automating all the processes with a “DevOps” approach, using automation tools like Terraform. They need to manage different types of users (employees, agents, partners, suppliers), and Okta is helping them integrate different systems and give the proper access to everyone in a short time, optimizing the TCO.
As the conference’s plenary sponsor, what are you going to be addressing in your talk this year?
During my talk, I would like our audience to understand how you can build a complex but seamless secure system step by step. I will tell you the story of a customer who has begun managing identities differently, gradually introducing SSO and MFA.
They started with VPNs, then integrated other applications, up to user lifecycle management. This was made following their times and with the necessary adaptation of the users.
We have many stories of customers who have managed access to thousands of applications for millions of users in just a few months. We know this is possible, but we also know that not all companies have the right amount of resources to dedicate to this kind of project.
Many companies, especially “PMI” or family industries typical of the Italian territory, fear the implementation of IAM Solutions because of the lack of the right resources or to avoid changes in users’ habits.
But there’s no need to go “all-in” right away. Our message is that all companies can (and should) manage identities and access, starting with core applications and then expanding to others, at their own pace and timeline.
What can people expect from ItaliaSec?
ItaliaSec is a great opportunity to understand better the security landscape, to hear the latest news in the industry and the best practice directly from the leading vendors and companies. All this with a particular focus on the local market and its peculiarities.
It will also be an important opportunity for networking and the exchange of views among the many speakers and participants.
I am thrilled to be present and cannot wait to hear stories from all the companies that will join us!
Catch Fabio at ItaliaSec Summit on 4th – 5th April for his presentation: ‘IAM Made in Italy: il Viaggio di un’Azienda Tessile nell’Identity’! Join us for her session and enjoy live Q&As throughout the summit by registering for FREE online with code: CYBER-VIP at italy.cyberseries.io/register/.
