Bulgarian Identity Conference was held on October 10, 2024, at the INTERPRED Conference Center in Sofia. The event brought together industry experts, business leaders, and professionals from Bulgaria, Czech Republic, Germany, Poland, and Romania to discuss the latest trends, challenges, and solutions in the field of Identity Management. The conference was held as the first of its kind event in Bulgaria, focusing on the multifaceted aspects of identity in the digital era, including cybersecurity and compliance with various regulatory frameworks such as GDPR, HIPAA, DORA, PCI-DSS, and the NIS 2 Directive. The Bulgarian Identity Conference was organized by IDVKM and Escom Bulgaria, in partnership with Quest Software, One Identity, and IdStory.
Agenda Highlights BIC 2024
The conference began with opening presentations by Ivan Pepelov, CEO, IDVKM and Alexander Zhekov, General Manager, Escom Bulgaria. The agenda covered a wide range of topics important to the modern business and technology world, and was divided into two tracks – business and technical. The business track featured three panels – The Voice of the Customer, Legal Changes and Initiatives, Strategy and Cybersecurity.
BUSINESS TRACK: PANEL 1 - The Voice of the Customer
In the modern business context, the voice of the customer plays a key role in the development and improvement of products and services. Liliya Toncheva, IAM & CIAM Product Manager at Coca-Cola HBC, and Vasil Mihaylov, Department Lead at Schwarz IT, are examples of professionals who understand this dynamic and actively participate in the dialogue between business and consumers. Identity and Access Management (IAM) is essential for cybersecurity, especially in the face of increasing threats and data protection requirements. During her presentation “How to get friends at cyber security“, Ms. Toncheva emphasized the importance of building good relationships and trust in the cybersecurity sector.
Mr. Mihaylov presented the topic “Implementing Zero Trust in large organizations“. The “Zero Trust” approach is an innovative and necessary element in the security strategy of any organization, as it provides a framework for minimizing risks and enhancing security, including: Multi-Factor Authentication (MFA), passwordless authentication, Single Sign-On (SSO), and adaptive risk-based policies.
Especially for the conference in Bulgaria arrived Ales Roman, Board Member at IdStory. IdStory is a Czech company specializing in identity and access management solutions. The company boasts a 15-year presence in the industry and has completed over 200 IAM projects and is committed to ensuring customer satisfaction and fostering lasting relationships. Ales Roman has extensive experience with projects in companies of various sizes and backgrounds – from banks and international corporations, to government institutions and ministries. In his presentation “From plan to success: IdStory platform case study“, Ales Roman presented key concepts in managing complex IDM systems, such as customization, scalability and process automation. He also stressed the importance of thorough auditing, accountability and system integration in response to stringent legislative regulations such as the NIS 2 Directive, SOX and ISO.
Unified Identity Security is changing the identity management landscape by offering a
a comprehensive platform that integrates identities, applications, and data. This approach streamlines security protocols and improves the overall IT infrastructure. One Identity‘s market leadership in areas such as Privileged Access Management (PAM) and Identity Governance and Administration (IGA) highlights the vendor’s key role in this sector. Yevhen Soliarzh, Presales Manager, CEE Region at One Identity presented “One Identity’s Mission and Customer Success Stories” in his panel. He demonstrated the key benefits of implementing One Identity’s solutions, including reduced manual processes and consolidated identity management, resulting in significant efficiency gains and cost savings for organizations.
The “Voice of the Customer” business stream ended with the panel discussion “Navigating between customers and vendors” with participants Lilia Toncheva, Vasil Mikhailov, Yevhen Soliarzh, Ales Roman, and moderator Ivan Pepelov. The panelists shared best practices and insights from their experiences, providing participants with actionable strategies to use in their professional environments and discussing the complex dynamics of customer-supplier relationships deeper into the art of balancing the expectations and needs of both parties, without compromising the quality of service. Effective communication strategies were highlighted as the basis for promoting transparency.
BUSINESS TRACK: PANEL 2 - Regulatory Environment
The NIS 2 Directive is an important step towards enhancing the security of critical infrastructures that are essential for the functioning of society and the economy. The NIS 2 Directive introduces stricter requirements on risk management, network security and incident reporting. This demonstrates the European Union’s dedication to upholding a high level of cybersecurity across its Member States, guaranteeing that both public and private entities are equipped to handle the complex cyber threats of the modern world. The NIS 2 starts to apply on 18 October 2024 and covers a wide range of sectors considered critical, including energy, transport, banking, Healthcare, etc.
The introductory topic in the regulatory panel was presented by Ivan Pepelov, CEO and co-founder of IDVKM. The company specializes in IDM projects, Agile project management and software development. Mr. Pepelov is an expert in all three dimensions of IDM (Identity Governance and Administration (IGA), Access Management (AM) and Privileged Access Management (PAM). During his presentation “Be NIS2 compliant using Identity Management“, Mr. Pepelov emphasized the importance of Identity Management (IDM) systems in implementing NIS 2 compliance measures. The need for organisations to adapt to the changing regulatory landscape is covered by the key components of IDM, such as risk analysis, incident response and business continuity assurance.
This was followed by a presentation of Dr. Sven Hübner, Principal Consultant, Head of Consulting at KOGIT GmbH. KOGIT GmbH is an independent consulting firm located in Darmstadt, Germany. It specializes in comprehensive IT security solutions, mainly in the areas of Identity and Access Management (IAM) and regulatory compliance. During the panel “Dual Stream model for your NIS2 Compliance with an use case“, Dr. Sven Hübner Presented a “DUAL STREAM” model for the implementation of the NIS 2, which covers both legal and technical assessments. The methodology includes pre-workshops, impact assessments, gap analyses and the development of a strategic plan to ensure NIS2 compliance and achieve cyber resilience for businesses.
The Digital Operational Resilience Act (DORA) was the focus of a presentation by Christian Timm, Principal at Horvath. Horvath is a global consulting company with over 1,400 employees in Europe, the US and other markets. It is a leader in transformation, performance management and digitalization. Christian Timm presented the key requirements of DORA, including end-to-end ICT risk management, third party risk management, operational resilience, incident reporting and data sharing. The law highlights the importance of Identity Management systems by requiring unique user accounts, access control policies and secure authentication methods. DORA was published on January 16, 2023 and will go into effect on January 17, 2025 for financial institutions.
The last speaker from the regulatory panel was Alexander Zhekov, Managing Director at ESCOM BULGARIA. He is a professional with over 10 years of experience in cybersecurity, including project management, business analysis, and IT security audits. Mr. Zhekov presented One Identity’s concept for compliance with NIS 2 and ensuring secure access to information systems in the topic “Embracing Regulatory Compliance“. One Identity’s Unified Identity Security enables access to critical systems only for authorized individuals (AM), applying a security model that assumes no trust by default (Zero Trust), promoting best practices and regular employee training (Cybersecurity Hygiene and Training), implementing strong password policies and practices (Password Management), controlling and monitoring privileged access to systems (PAM), and conducting regular risk assessments and maintaining comprehensive information security policies (Risk Assessments and Security Policies).
During the panel discussion on “Regulations – curse or blessing“, Sven Hübner, Christian Timm and Alexander Zhekov discussed the impact of regulations on business and society. What are the benefits and challenges of introducing them? How do regulations work – as an obstacle or as a useful framework for businesses and organisations? Mr. Pepelov moderated the panel.
BUSINESS TRACK: PANEL 3 - Strategy and Cybersecurity
Ivan Pepelov, CEO, IDVKM, opened the panel with the topic “Security Design” and presented the 11 principles for building Secure Design, including Threat Modelling, Least Privilege, Defense in Depth, Secure Defaults, Fail Securely, Separation of Duties, Keep it Simple, Zero Trust, Trust but Verify, Privacy by Design, and Shared Responsibility. Secure by Design principles are a non-functional requirement for creating trustworthy systems – from the early design stages to deployment. These principles help organizations create systems that are resilient to attack and ensure that their data and resources are protected throughout the systems lifecycle.
Miroslav Naydenov, MXDR Service Lead at Amatas took part in the Bulgarian Identity Conference with the topic “Token Hijacking in the Cloud: Revisiting Microsoft Entra ID Attack Vectors“. In early 2023, Microsoft is seeing a sharp increase in password-based attacks. Although multi-factor authentication (MFA) helps, attackers can still bypass it through social engineering and token theft. Common attack vectors include misconfigured hybrid systems, overprivileged accounts, and OAuth phishing for consent. Mr. Naydenov stressed the importance of adopting more secure authentication methods such as Fast Identity Online 2 (FIDO2) and of permanently securing sessions and data.
Plamen Mandadzhiev, Director of Software Engineering at Denshi, shared his expertise in information and cybersecurity. He has over 20 years of experience in the IT sector, covering both Fortune 500 organizations and start-ups. He focuses on building and managing IT services aligned with a vision of technology as a key partner in business strategy. Mr. Mandadzhiev is also a speaker on topics such as cybersecurity trends, challenges in the local IT ecosystem, and IT services competitiveness. During the conference, he presented the positive aspects and disadvantages of implementing and enforcing regulations, such as slow implementation and outdated requirements. However, they aim to create a unified approach in the fight against cybercrime. “Global Trends in CyberSecurity and the implications for the IAM discipline” was the topic covered by Mr Mandadzhiev.
Organisations need efficiency, compliance and increased security. Identity management (IDM) is essential for medium and large enterprises. But which solution is best for them – IGA, AM, PAM or all together? SaaS or on-prem? And which vendor should I choose? In his presentation “Which product is the right for you“, Ivan Pepelov, CEO, IDVKM highlighted the important questions every IT manager should ask themselves before making a decision.
SAP Identity Manager (IDM) will be discontinued in 2027 with extended support through 2030. Migration to a new solution is required. Various Identity Management and Administration (IGA) products are available on the market, each with different features and capabilities. Traditional IGA tools often have good SAP connectors but may differ in logic and architecture. The challenges for businesses are costly migrations involving licensing and implementation costs. In the final presentation of the panel e “Life after SAP IDM – quo vadis” Ivan Pepelov explores potential paths and strategies for organizations using SAP IDM.
The following presentation on “How do you sleep, when Active Directory threats don’t” by Marcin Michalewicz, Solutions Engineer, CEE at Quest. Quest Software has been delivering enterprise software solutions for more than 30 years, with offices in more than 100 countries and a customer base that includes more than 95% of Fortune 500 companies. Quest’s range of solutions and services include migration tools, security and compliance solutions, authentication process automation, user and user group management, and backup and recovery solutions; Andreea Gutan, Regional Sales Manager SEE at Quest & One Identity, is also live in Sofia.
Marcin Michalewicz stressed the importance of Active Directory (AD) security due to its role as the primary provider of certificates and access. AD’s attack surface is growing due to common mistakes made by organizations, such as the lack of multi-factor authentication (MFA), failure to adopt a zero-trust model, failure to implement threat detection and response strategies, dynamic system changes, migration to cloud services, and insufficient privileged access controls. Current threats to AD include DCSync, DCShadow, Golden Ticket attacks, and misuse of service accounts. Marcin presented strategies for detecting and responding to these threats.
The program continued with a panel discussion on “Cybersecurity Threats – IAM at the frontline“, panelists discussed the increasing sophistication of cyber attacks and the critical role of secure Identity Management systems in protecting digital identities. Miroslav Naydenov, Plamen Madadzhiev and Marcin Mihalevic took part in the discussion. Moderator Ivan Pepelov, CEO of IDVKM, contributed to the deep understanding of the topic among the attendees. The Q&A session provided an opportunity for direct dialogue with the experts, which is essential for developing strategies to protect against cyber threats.
Developing an IDM strategy is critical for the success of modern organizations. The importance of security and efficiency in identity management (IM) necessitates collaboration between different departments and specialists. In the panel discussion “IDM strategy as a team work – how can we play together“, Liliya Toncheva, Sven Hübner, Christian Timm, Ales Roman, Vasil Mihaylov, and Yevhen Soliarzh emphasized the need for cooperation between various departments and specialists. For a successful IDM strategy, it is important to understand the project lifecycle, clearly define goals and scope, involve all stakeholders, and determine the exact responsibilities and roles of participants. Ivan Pepelov, CEO, IDVKM, moderated the final panel discussion of the day.
TECHNOLOGICAL INNOVATIONS and Practical Application
The technical stream in turn covered two parts – Identity Governance and Administration and Unified Identity Security. In the rapidly evolving world of technology, managing digital identities and ensuring secure access to information systems is paramount. Tech Track‘s sessions focused on Identity Governance and Administration (IGA) and Unified Identity Security offer an in-depth look at the strategies and tools today’s businesses need to protect their digital assets and streamline their IT operations.
The first demonstration “Don`t lose money on licenses“, led by Vasil Buhov, Identity Management Consultant at IDVKM, addressed the critical issue of license management and highlighted the importance of optimizing software costs, ensuring compliance and avoiding costs associated with unused or underused licenses. Vasil Buhov continued with a demonstration on “Does this employee still need the access“. He presented the dynamic nature of employee roles, and the need for regular workplace access audits to maintain security and operational efficiency.
In the second technical stream Unified Identity Security, Valentin Hristov, Head of Identity Management at IDVKM presented the topic “Privileged Account Governance/ Take control of your privileged accounts” in two consecutive sessions. He emphasized the governance aspect of privileged accounts, advocating a structured approach to managing and monitoring these high-risk assets.
Ivaylo Tashkov, Identity Management Consultant at IDVKM emphasized the need for multi-factor authentication (MFA) and advanced security measures to protect against unauthorized access and potential breaches during the “Adding an extra layer of security” demo panel.
Yevhen Soliarzh, Presales Manager, CEE Region at One Identity introduced the audience to Privileged Access Management (PAM) solutions in the panel “Revoking instantly unauthorised access with PAM“. PAM solutions are designed to provide real-time control over privileged accounts that are often subject to cyber threats due to their elevated access rights.
Vasil Buhov discussed the often overlooked aspect of access lifecycle management in “Leave no access behind“. This session aimed to ensure that access rights of former employees are revoked and thus potential security vulnerabilities are eliminated.
In the last demo panel “How to transition employees smoothly“, Bozhidar Navchev, Identity Management Consultant at IDVKM presented the challenges and best practices for transferring employees between different roles or outside the organization without disrupting business processes or compromising security.
For those who missed the live demos, keep an eye out for upcoming IDVKM and Escom Bulgaria events and posts on LinkedIn and Eventbrite.ългария в LinkedIn и Eventbrite.
LOOKING AHEAD
We are grateful to all the speakers, sponsors and participants who contributed to the success of the Bulgarian Identity Conference. This event reinforced our commitment to foster the development of the Identity Management community, and to walk the path of innovation!
You don’t have to wait a year to see each other again or listen to interesting topics.
You can join the LinkedIn group where interesting information is exchanged and upcoming events are announced – Identity Management Bulgaria.
Every month (except summer and December), on the last Thursday of the month, the IdentiBeer event is held, organized by IDVKM.
ORGANIZERS OF THE BULGARIAN IDENTITY CONFERENCE 2024
IDVKM has more than 15 years of experience in Near Shore, international projects (classic and agile) with a client focus in Germany, and teams from over 10 nationalities. IDVKM offers consulting services in the areas of Identity Management, Custom Software Development, Agile/Traditional Project Management, personal skills training, as well as project management and team development.
Escom Bulgaria is a Value Added Distributor of Quest and One Identity solutions for Bulgaria. The company is B2B oriented, serving end users exclusively, through a network of qualified, expert partners, system integrators, and service providers (MSP).
