Agenda @

IDM DACH

Identity Management

7 March 2024

Steigenberger Airport Hotel, Frankfurt

Agenda @ IDM DACH

Morning Session

Building back better with a robust, reliable and flexible IAM strategy

  • Building blocks for your Zero Trust journey
  • The Future of Access Management
  • The importance of identity in securing your business
  • Defend the perimeter!
  • How SASE supports the new way of working
  • Integrating PAM and IAM into your Identity Security Strategy

09:00

Introduction from the Conference Chair - Navigating the Evolving IAM Landscape

Bharat Thakrar, CISO and Principal Security Lead, Information Security Forum

The past couple of years have seen some of the most daring and costly breaches in data history, with many of these being identity and credential-based. How well IDM professionals understand the implications and respond with effective IAM solutions will determine the degree of their organisation’s resilience. The keynote will provide the backdrop for the major trends and the new advances IDM professionals need to adopt, including:

  • Revamping identity management to include machine identities;
    Integrating identity governance and PAM into hybrid/multicloud environments;
    Zero trust as a driver for continuous ID verification & effective entitlement management

09:15

Best Practises in Access Management

Rasa Siegberg, Business Owner (IAM), Fujitsu Finland

While access management is perhaps the easiest or most straightforward aspect of IAM, it does present its own and particular challenges. Efficient practises in design, deployment and management are very much a key to success. As a long-term security service provider, Fujitsu discusses best practises to consider in access management.

09:30

Service Account Management

Abhinav Bajaj, IAM Lead, Delivery Hero SE

In this presentation we will discuss the current state of (non-human) service accounts, the challenges we face related to governance, accountability, and management.

  • How can we leverage IAM core technologies like IGA and PAM to overcome the service accounts management challenges?
  • How do we provide better security controls?

09:45

How to Derive a Sensible SoD-Ruleset for Your IdAM.Framework

Stefan Bosnjakovic
External IAM & GRC Architect, Glencore International AG
view profile

Stefan Bosnjakovic, External IAM & GRC Architect at Glencore International AG

Glencore was forced to implement UKCR (UK Company Reform, essentially the UK version of SoX) due to regulatory requirements and already owns a usable business process taxonomy, so we use this as a basis for the required SoD-framework:

Finding a suitable taxonomy for your enterprise (Finance, Industry, Pharma, etc.) – done. Glencore already defined a usable business process for industry and the following points are in progress:

  • Classify business processes and match to taxonomy values
    Specify regulatory requirements
    Derive basic SoD-ruleset
    Find maker-checker-pairs
    Specify board requirements
    Derive extended SoD-ruleset
    Analyse violation result set

10:00

It’s All About Your Wallet

Drs Jacoba C Sieders, Independent Digital identity Expert, Member Of The Board Of Advisors, EU SSIF-lab

In this presentation, Jacoba will be giving you a high-level overview of the background, current state, challenges, and future for the European digital identity wallets, as aimed for by the e-IDAS 2.0 legislation.

  • Within a few years, every EU citizen is entitled to have this privacy-friendly, secure, and seamless magic data-sharing agent on their device.
  • What is it?
  • Will it work?
  • And where are we today?

10:30

Questions to the Panel of Speakers

11:00

Refreshment Break Served in the Exhibition Area

11:25

Welcome to Session Two

Bharat Thakrar, CISO and Principal Security Lead, Information Security Forum

11:30

Making a choice of CIAM tool for growing enterprises

Amol Sawarkar, Enterprise Architecture – Global IT Planning and Project Management, International Federation of Red Cross and Red Crescent Societies (IFRC)

Increased digitalisation creates the need for applications to be available beyond corporate users like partners and consumers. A case study will be used from IFRC for building a scalable external identity platform for memberships and volunteers. The idea is to use cloud services at its disposal, allowing the organisation to start with minimal operational investment and scale-up/scale-out with the success of the business model. Let’s try exploring how to set an approach to move in steps and widen the scope to increase adoption and expansion opportunities.

  • Extranet with single sign-on for external users
  • Based on Industry standards and scale to needs approach
  • Lower initial investment, low operational cost. Customise when needed.

11:45

Case Study: Identity Governance Implementation: from bottleneck to enablement

Edina Dobos, Head of Identity and Access Management, Diageo

This presentation aims to be practical, showcase dilemmas and concerns faced and how to overcome (and avoid future pitfalls).

The key themes will include:

  • Why we need mature identity governance (the business case
  • Journey and business value creation
  • Key learnings and takeaways

12:00

Successfully moving from off-prem to SaaS

Philip Schwabe, Vice President – IAM Expert, Bank J Safra Sarasin

SASE has become a noticeably more prominent feature of the enterprise network security space.

Whilst the trend in recent years towards off-prem solutions such as SaaS, IaaS, and DaaS, has driven much of its popularisation, it is the pandemic that has brought its importance to the forefront.

This importance is being driven by the need to run applications outside of traditional data centres and support employees working remotely.

Still, as the world continues to slowly reopen, it’s important that security leaders factor in the need to not only support hybrid working but also maintain a working model which is secure, agile, and successful.

We address how this can be achieved:

  • How SASE will support the new way of working
  • What defines the perimeter as the world begins to open up again
  • The shift to and importance of a focus on protecting people, not places, wherever they work
  • How protection of data is paramount to the success of business as a whole
  • How SASE architecture enables a good user experience while keeping the business secure

12:15

Questions to the Panel of Speakers and Delegates move to the Seminar Rooms

12:20

Seminar Sessions

13:00

Networking Lunch in the Exhibition Area

Afternoon Session

Moving forward with the right tools, technologies and people in place

  • Mobile worker security or user experience – how about both?
  • How to better manage device-based access
  • The Four Pillars of Certificate Automation
  • Adapt to the new normal with adaptive access policies
  • AIOps as the new enterprise perimeter
  • Unite the tribes: MIM + DevSecOps = digital business enabler
  • Why machine identities matter: MI’s as your networks weakest link

13:55

Conference Chair’s Afternoon Address

Bharat Thakrar, CISO and Principal Security Lead, Information Security Forum

14:00

3rd Party Identity Risk - the enemy in my house(?)

Klaus Hild, Principal Identity Strategist, SailPoint

Organisations today manage a multitude of identities beyond their own workforce. Contractors, partners, seasonal workers, suppliers, and even non-human workers such as RPAs and service accounts make up a large percentage of an organisation’s identities. Managing these identities and the access they receive is complex and it is important to keep them under control.

Find out about these topics:

  • Not all identities are the same: Silicon vs. Carbon
  • The supply chain as the weakest link
  • How do I manage a multitude of identities, even in external corporate units?
  • How do I ensure secure remote access for people and machines?

14:15

Securing the Future of Digital Identity

David Baier, Solution Architect, Ping Identity

Today’s identity systems are a centralized collection of user data, and have become the #1 target for attackers. According to the Verizon DBIR, more than 80% of breaches start with compromised credentials. Decentralized identity represents a massive paradigm shift to a safer, more secure future by making the user’s device the transport mechanism for that single user’s data. In other words, no more “trusted” third parties. Decentralized identity eliminates the need to build connections into federation systems, and reduces the amount of personally identifiable information organizations must collect.

In short, we’ll discuss how shifting to a decentralized identity model reduces risk for organizations while simultaneously improving users privacy.

14:30

Addressing The Emerging Threat Landscape With Modern Digital Identity

Adam Preis, Director, Solution Marketing, ForgeRock

Advances in generative AI continue to drive risks and uncertainty across today’s threat landscape. Malicious actors are becoming more effective at exploiting blindspots across consumer, workforce, and partner access journeys.

Find out how modern identity can mitigate emerging threat vectors by:

  • Reducing reliance on weak credentials
  • Modernising outdated identity and access management infrastructure
  • Leveraging context-driven AI countermeasures

14:45

Questions to the Panel of Speakers

15:00

Afternoon Networking and Refreshments served in the Exhibition Area

15:25

Welcome to Session Five

Bharat Thakrar, CISO and Principal Security Lead, Information Security Forum

15:30

The Identity Security Blind Spot : MFA for Legacy Systems and Service Account protection

Mike King, Sales Engineer, Silverfort

In this presentation we will:

  • Introduce Silverfort’s platform and its ability to extend MFA to AD environments, as well as its automated service account discovery and protection.
  • Walk through a customer case study that has successfully use Silverfort to block a ransomware’s lateral movement attack in his environment.
  • See the initial policies the customer set in place and understand their reasoning.
  • Gain insight the attack as it was reflected in Silverfort’s screens, and realize the potential impact of the damage that was prevented.

15:45

Modernizing Identity Governance: Why Now & How To Get There

Thomas Müller-Martin, Lead Architect, Omada

80% People & Process, 20% Technology – that’s the split when looking at good Identity Governance. So, when it comes to modernizing your approach to Identity Governance, it’s more than just picking a new solution to deploy.

Join this session with Omada where we will explore the drivers for modernization and share knowledge and experience of successful deployments and migrations of modern IGA – including how to avoid some of the most common pitfalls that identity programs face.

16:00

Managing secure customer identification for the leader in money transfer services

Frank Reboiras, Director of Solutions Engineering, TrustCloud Inc.

The recent pandemic had greatly accelerated the need for remote identity verification world wide. Learn how through a two-minute video call, a biometric analysis, the verification of official ID documents and the proof of life demonstrate in real time if the customer is who they say they are, and if the person verified is the same person who appears on the session.

During this session we will examine how some of the largest banking, online payments and insurance firms can verify the identity of their clients with all the guarantees, remotely, in real time, through a safe and guarded system of intelligent video calls, both automated or assisted.

Via a real life customer success story with one of the world’s largest money transfer services, you will understand how with the use of video technology, the true identity of the customer can be recorded, with simultaneous “layers” of authentication in a single, frictionless process, thanks to the easy and seamless usability with which it is developed for both customer and business.

Join this session to discover how remote identification technology, governed by a powerful orchestration layer, can help to achieve effective, regulatory compliant and secure customer identification.

16:15

Questions to the Panel of Speakers

16:30

Closing Remarks from the Conference Chair

Bharat Thakrar, CISO and Principal Security Lead, Information Security Forum

16:45

Conference Closes

Please note:
Whitehall Media reserve the right to change the programme without prior notice.

Follow us on social

Keep up to date with what's going on by following us on social media.

Featured blogs

Read the latest news and views from key industry figures and thought leaders.

Maintenance – the vital defense longtail of any IAM solution
Blog By: Ductus  Increasing IAM complexity The need for effective Identity Access Management (IAM) has never been greater, whether for humans trying to log in via a frontend client or machine-to-machine identities. And, with such a broad spectrum of gateways, APIs, SOAP interfaces, direct point-to-point integrations, or other transfer protocols, the challenge of authenticating identities...
How to Manage Non-Employee Access
Blog by: Saviynt  The world of third party access governance  is – and isn’t – like identity governance and administration (IGA). The motivations may be the same but the risks are very different. Recently, Anirudh Sen (AS), Saviynt VP of Products, and Nitish Deshpande (ND), Research Analyst with  KuppingerCole, sat down to discuss third-party lifecycle management, process challenges, and...
Uniting large-scale, complex businesses with PowerSyncPro
Blog by: PowerSyncPro Mergers and acquisitions involving tens – or even hundreds – of thousands of users require complex tenant-to-tenant migrations. Traditionally, those migrations have been fraught with problems. Problems that impact your people, your productivity and your profit. Combining solid preparation with the right software solution can dramatically reduce the pain involved. Enter PowerSyncPro:...