Identity Management

12 March 2020

Steigenberger Airport Hotel Frankfurt




Session one- Policy, privacy and business

  • Bottom-up migration IAM project management
  • Self-sovereign identity: a user-centric initiative
  • Overcoming solution bias and limitations
  • Securing identities in an age of peak inter-connectivity
  • Common Tools and governance to overcome IAM challenges
  • Cryptography and identity: hype or reality?
  • Why Security Awareness Training for Developers matters
Conference Chair’s Opening Address

Ruth Puente, Director of Kantara Europe, Kantara Initiative 

Using the strangler pattern for bottom-up migration in an international company

Dr. Frank Simon, Head of IT Security & IAM, Zurich Insurance

All IAM projects are migration projects; being innovative while keeping old systems running.

In this presentation, we will address:

  • Big Bang Approaches are very risky; doing it step-by-step by using the strangler pattern reduces risks and supports agile approaches
  • Sometimes it is better to innovate bottom-up: Innovate internal technique while keeping old processes, GUIs and features
  • International enterprises can decide between one central IAM system and federated IAM repositories
Self-sovereign identity: the evolution of user-centric solutions

Self-sovereign identity is fast emerging as a tool by which identities can be created, managed, disclosed and destroyed by the owner without having to engage with a third actor or centralised authority.

SSI is considered as the next stage in user-centric identity initiatives. We will address:

  • Origins, principles and the current climate for SSI
  • Existing projects and initiatives that have implemented SSI
  • SSI and its relationship with existing IAM infrastructures
Overcoming solution bias and limitations: addressing IAM project failure

Andrea van der Ham, Identity & Access Management Technical Specialist, Ministry of Economic Affairs and Climate, Dutch Government

When initiating an identity and access management project, business users need to balance differing business needs, technological constraints and the complex nature of enterprise-wide IAM systems which interact with every element of an organisations IT infrastructure.

We address, the ways you can approach IAM project management to ensure success.

The identity of things: securing identities in an age of peak interconnectivity

In today’s hyper device-led interconnected world, the ability for companies to safeguard consumer information has become even more difficult. Enterprises, both small, medium and large, across all industry sectors are all under near-constant attack from subversive forces.

In response, patches are devised but then quickly circumvented as the hacker industry moves at a seemingly faster rate than enterprises can manage.

We address:

  • The ‘always-on’ reality of IoT
  • Increasing risk of theft and fraud
  • The evolution of things into agents
  • AI automation
  • The logging of transactions and data
  • New forms of identity relationship management
Common Tools and governance to overcome IAM challenges: Is IAM transposable from Higher Education to Industry and beyond?

Mehdi Hached, IAM Architect, Airbus

From Higher Education and Research to Industry, different sectors have different constraints and requirements in the IAM field and hence do things differently whilst facing the same challenges even when they often share the same tools. So, could they benefit from core IAM principles?

This presentation will demonstrate how we can overcome different challenges through a solid IAM governance and clever usage of common tools and services.

  • Identity management and Directories
  • Federation and MFA
  • IAM in applications
    • Authentication and authorisation
    • APIs
  • How to domesticate Cloud platforms’ IAM
Questions to the Panel of Speakers
Refreshment Break Served in the Exhibition Area
Cryptography and identity: hype or reality?

As technologies like AI, virtual reality and bio-metrics seep deeper into the way we perceive the world and interact with others, digital and real identity will also adapt and change.

We explore the ways digital identity may change, and how we as practitioners can meet the challenges and demands this will bring.

  • Developing technologies mount pressure to augment our strategies to be increasingly socially responsible
  • Emerging methods of Authentication mandate that we develop future technologies with a global view of identity
  • Data minimization, pseudonymisation, unlinkability, transparency, and privacy
The needs of the few - Why Security Awareness Training for Developers matters

Klaus-E. Klingner, Divisional Security Officer-Customer Platforms, Allianz Technology SE

Security awareness training for employees has become more or less the norm in modern companies. Users are taught about document classification, passwords, phishing, and many other topics. However, the needs of one user group in particular are often forgotten; the developers.

The developers create the basis of the business model in many companies; the application, the code. A small mistake here can have massive consequences both reputationally and legally. As a result, the requirements for Developer Security Awareness Training need to be different from the “normal” user.

In this presentation we will take a closer look at what is required to make developers think and develop securely.

  • Security Awareness for developers needs improvement
  • Developers have special training needs
  • Awareness training must be integrated into the daily work
  • A gamified approach makes the training more attractive
Questions to the Panel of Speakers and Delegates move to the Seminar Rooms
Seminar Sessions
Networking Lunch Served in the Exhibition Area

Session two – Concepts, tools and techniques

  • IAM Delivery with DevOps
  • Successful procurement and deployment
  • Identity data types for access management
  • Privileged Access Management & Cyber Security Baseline
  • your human firewall: an answer to the ongoing cyber-security problem
  • End user satisfaction following conversion to a new authorisation concept
Conference Chair's Afternoon Address
IAM Delivery with DevOps

Vilma Blomberg, IAM Solution Design Owner, KONE

IAM programmes are traditionally slow and expensive multi-year investments for organisations. Today organisations must be able to adapt fast to changes in the IAM environment and implement IAM solutions faster with lower cost.

Organisations could accelerate and automate delivery of value from IAM by using DevOps principles and mechanisms… but how?

A solution to this challenge will be presented by using a case study on how to adopt DevOps in IDM (SailPoint IIQ) delivery in a large corporation.

  • IAM is a business-critical area of IT that is heavily driven by security risk management
  • IDM system must be highly configured and customised to meet organisations’ requirements and to become an IAM solution that brings value to the organisation
  • Today organisations must deliver these solutions faster and cheaper than ever to meet business, security and regulatory requirements
  • Automated DevOps pipeline can be built to automate IAM deployments, shorten the release cycles and speed up the resolution time of incidents
A guide to AI in IAM: successful procurement and deployment

An emerging trend within the IAM space is the propensity of solution providers to popularise the use of AI in automating the analysis of behavioural and device usage in order to make machine led security decisions.

This presentation is designed to evaluate the many claims made by solution providers whilst posing helpful questions and setting out practical examples of how you can successfully procure and deploy the right technology for the right task.

  • Progress and challenges in AI
  • How to assess vendors selling you AI and ML solutions
  • How to make build vs buy decisions in matters of data analytics
  • Some cautionary tales and real-world case studies
Identity data types for access management: transforming identity management at the BBC

Ros Smith – Executive Product Manager – Identity & Access Management, BBC

Carlos Trigoso – Lead Architect – Identity & Access Management, BBC

The BBC has a relatively advanced Identity and Access Management programme covering all user types within the corporation’s business ecosystem.

Carlos Trigoso and Ros Smith will present a compact history of this programme and then will focus on the results obtained in the past three years.

The presentation highlights the close correlation and interdependence between Identity Management and Organisational Transformation.

Details will include:

  • The Four-layer model
  • The BBC ecosystem
  • An outline of the current BBC Enterprise IAM Products
  • What’s next
Questions to the Panel of Speakers
Afternoon Networking and Refreshments served in the Exhibition Area
Privileged Access Management & Cyber Security Baseline

Martin Ofori-Atta Williams, Privileged Access Management Subject Matter Expert, AP Moller Maersk

PAM Critical Success factors-

Cyber Security Baseline (Cyber Security Framework)


  1. Provisioning
  2. Deprovisioning
  3. Review

Key Security Framework- Any security framework design should depend on the following

  • Insider threat
  • External
  • Supplier
Your human firewall: an answer to the ongoing cyber-security problem

There are three types of organisations, those that have suffered a cyber-attack, those that will, and those that do not know that they have. This added feature of the nature of cyber-attacks has changed the cyber-security landscape entirely.

Cyber-criminals today are infiltrating our lives and workplaces and residing within online systems for weeks, months and even years without our knowledge. The time spent undetected is used to analyse you and your employer in order to assess what information they require to successfully steal your identity.

We address:

  • The limitations of traditional security infrastructure
  • How cyber-criminals circumvent high-level security technology
  • How to build your human firewall
  • Proactive business security policy instruction and guidance
  • Ensuring security is everyone’s responsibility within the business pipeline
Examination of end user satisfaction following conversion to a new authorisation concept in the context of SAP ERP

Kevin Loncsarszky, SAP Project Manager Identity & Access Management, Kostal Group

Effects on end-user satisfaction after the authorisation conversion

  • Structure of the new SAP authorisation concept
  • Case study using the Expectation Disconfirmation Theory
  • Opportunities and risks of the conversation
Questions to the Panel of Speakers
Closing Remarks from the Conference Chair
Conference Closes

Please note:
Whitehall Media reserve the right to change the programme without prior notice.