Programme @ IDM DACH

Delegates will collect their badge on arrival and refreshments will be served.

The past couple of years have seen some of the most daring and costly breaches in data history, with many of these being identity and credential-based. How well IDM professionals understand the implications and respond with effective IAM solutions will determine the degree of their organisation’s resilience.

The keynote will provide the backdrop for the major trends and the new advances IDM professionals need to adopt, including:

• Revamping identity management to include machine identities;
• Integrating identity governance and PAM into hybrid/multicloud environments;
• Zero trust as a driver for continuous ID verification & effective entitlement management

Organisations today manage a multitude of identities beyond their own workforce. Contractors, partners, seasonal workers, suppliers, and even non-human workers such as RPAs and service accounts make up a large percentage of an organisation’s identities. Managing these identities and the access they receive is complex and it is important to keep them under control.

Point of interest in the discussion:

• Not all identities are the same: Silicon vs. Carbon
• The supply chain as the weakest link
• How do I manage a multitude of identities, even in external corporate units?
• How do I ensure secure remote access for people and machines

While access management is perhaps the easiest or most straightforward aspect of IAM, it does present its own and particular challenges. Efficient practices in design, deployment, and management are very much a key to success. As a long-term security service provider, Fujitsu discusses best practices to consider in access management.

Today’s identity systems are a centralized collection of user data, and have become the #1 target for attackers. According to the Verizon DBIR, more than 80% of breaches start with compromised credentials. Decentralized identity represents a massive paradigm shift to a safer, more secure future by making the user’s device the transport mechanism for that single user’s data. In other words, no more “trusted” third parties. Decentralized identity eliminates the need to build connections into federation systems, and reduces the amount of personally identifiable information organizations must collect.

In short, we’ll discuss how shifting to a decentralized identity model reduces risk for organizations while simultaneously improving users privacy.

In this presentation, we will discuss the current state of (non-human) service accounts, and the challenges we face related to governance, accountability, and management.

• How can we leverage IAM core technologies like IGA and PAM to overcome the service accounts management challenges?
• How do we provide better security controls?

Advances in generative AI continue to drive risks and uncertainty across today’s threat landscape. Malicious actors are becoming more effective at exploiting blindspots across consumer, workforce, and partner access journeys.

Find out how modern identity can mitigate emerging threat vectors by:

• Reducing reliance on weak credentials
• Modernising outdated identity and access management infrastructure
• Leveraging context-driven AI countermeasures

Understand how to protect against the 4 key stages of lateral movement.

1. INITIAL ACCESS: compromised credentials of inactive VPN account with no MFA
2. LATERAL MOVEMENT: utilizing PsExec and RDP until gaining domain dominance
3. RANSOMWARE PROPAGATION: using a DC network share to spread the ransomware to multiple machines in the network
4. RANSOMWARE EXECUTION: on all infected machine

The enterprise perimeter is now its data objects, APIs, applications, and its users are now the workforce, customers, partners, and in many cases, machines. In this new, decentralized, and highly segmented world, CISOs and IAM leaders find themselves struggling with multiple systems and interfaces that control the most basic question: Who has access to what and when?

In this session, we will present a new architecture for Identity First Security based on centralized Access and Authorization Policy Management Platform, and discuss pro and cons, specific real-world implementations and more.

80% People & Process, 20% Technology – that’s the split when looking at good Identity Governance. So, when it comes to modernizing your approach to Identity Governance, it’s more than just picking a new solution to deploy.

Join this session we will explore the drivers for modernization and share knowledge and experience of successful deployments and migrations of modern IGA – including how to avoid some of the most common pitfalls that identity programs face.

View Seminar Sessions

Benefits of IAM

• Discuss several reasons why IAM is important
• What IAM is and how it compliments an organisation. What different toolings are available for business

Issues with IAM

• Why businesses are still having problems with IAM
• Highlight issues like out-of-date policies and procedures which do not get reviewed regularly
• Businesses not investing with IAM and then trying to patch up errors
• Still using password control and no investments into authentication i.e., as in 2FA or MFA

The future of effortless IAM

• What is the way forward?
• What is the end goal?
• What do we all want in the world of IAM?

Recent cloud trends have made classic perimeter-based security design obsolete. Identity is the new perimeter and must be the central element for today’s access policies.

With more and more digital adoption we are connecting our physical and digital worlds in ways previously unimagined. Whilst this presents us with the space to create increasing degrees of convenience, it also enhances the likelihood of privacy being compromised.

The fundamental question is, how do we balance these trade-offs? And will the companies that find this balance foster greater loyalty? Alongside the need for enterprises to adapt, the distributed world is becoming more and more mainstream.

Can we challenge ourselves to find the middle road, where we create great customer experiences that are also private and secure by design?

• The creation and maintenance of customer/citizen trust is critical for the evolution of digital services, digital wallets, eIDAS2 etc
• Customer/citizen experience is a high focus for any organisation & the ability to balance strong security with strong CX is an ongoing challenge for organisations

While working in some major Financial Organizations and consulting companies around the world, several doubts have been voiced that CISOs, CTOs, and stakeholders have in regard to Zero Trust.

In this presentation we will discuss:

• What Zero Trust is (and what is not)
• User experience
• Key elements of Zero Trust Architecture/design