Session one- Policy, privacy and business
- Bottom-up migration IAM project management
- Self-sovereign identity: a user-centric initiative
- Overcoming solution bias and limitations
- Securing identities in an age of peak inter-connectivity
- Common Tools and governance to overcome IAM challenges
- Cryptography and identity: hype or reality?
- Why Security Awareness Training for Developers matters
Conference Chair’s Opening Address
Migrating to a Modern IAM Platform: Long-term Value and Risks
What is the value of replacing a legacy IAM system with a modern, flexible, and open platform? Why make the investment when everything seems manageable as it is now?
In this presentation, you’ll learn how much value a modern IAM platform can bring to your organisation, and how much time, money and resources it will save you in the long run.
We will also cover different migration strategies and areas of consideration to ensure a successful and efficient migration.
Legacy IAM vs. Modern IAM – Should you stay, or should you go?
- Capabilities comparison
- Keeping pace with current market demands
- Preview of what a modern IAM deployment looks like
- Short-term and long-term benefits of modernising IAM
- Potential roadblocks to consider and how to overcome them
Using the strangler pattern for bottom-up migration in an international company
All IAM projects are migration projects; being innovative while keeping old systems running.
In this presentation, we will address:
- Big Bang Approaches are very risky; doing it step-by-step by using the strangler pattern reduces risks and supports agile approaches
- Sometimes it is better to innovate bottom-up: Innovate internal technique while keeping old processes, GUIs and features
- International enterprises can decide between one central IAM system and federated IAM repositories
A Manageable Approach to a Zero Trust Framework
The threat landscape in our world of hybrid multi-cloud and with the mobile workforce is dramatically expanding in number and sophistication. Traditional approaches to security are not effectively addressing these challenges to minimize the attack surface for an organization. Single products or siloed solutions even less. Various initiatives have provided approaches to tackle these challenges; those approaches are often subsumed under the term “Zero Trust”.
In this session, you will see how an organization can find their path towards a suitable Zero Trust framework.
Overcoming solution bias and limitations: addressing IAM project failure
When initiating an identity and access management project, business users need to balance differing business needs, technological constraints and the complex nature of enterprise-wide IAM systems which interact with every element of an organisations IT infrastructure.
We address, the ways you can approach IAM project management to ensure success.
Non-Employees: Sponsor but Never Trust
Today, organisations face a growing challenge to interact with partners and suppliers. On average, non-employees make up 40% of the total workforce, and in some industries, they can be as much as 10x the number of employees. Given the dispersed nature of working with non-employees and that no single department is responsible for defining and managing a centralised process, they wind up being the riskiest people to an organisation. This situation makes companies struggle to control grant and governance access. Without good people’s data, you can’t have a proper identity and access management. Failure to implement a business process for the complexities of non-employees results in business and IT staff preoccupations. They must deal with manual processes, loss of productivity and an increased likelihood of former non-employees maintaining access to highly sensitive systems or physical locations.
In this presentation, Chris will discuss:
- Understanding the challenges and gaps in most non-employee business processes
- The inefficiencies and security consequences of not addressing an outdated business process
- Managing business process and people data effectively to deliver actionable decisions to the organisation
- The benefits gained from an identity and business process first approach to managing non-employees
Every Breath You Take: How AI Can Make Identity Sing
- How to make identity successful within your organization
- How to use the same tactics to breakthrough implementation barriers as The Police overcame obstacles to creating a musical masterpiece
- How to eventually protect key resources and create new business opportunities
Modernize Your Identity Governance to Enable Digital Transformation
Many organizations are challenged by the gap between the rapidly evolving business requirements and the current state of their Identity Governance processes, or lack of it. Identity Governance has come to play a central role in the digital transformation, and it requires adoption of modern Identity Governance technologies that are more scalable, agile and intelligent to meet the ever-evolving digital business requirements of today.
In this presentation, Alfons will introduce a holistic approach using best practice processes, to address your organizations Identity Governance needs, helping you to navigate the perceived complexity of the IGA domain avoiding pitfalls and heavy customizations.
Questions to the Panel of Speakers
Refreshment Break Served in the Exhibition Area
Protect Every Privilege, Every Time Across your Enterprise
Companies are experiencing a privilege explosion, yet this proliferation of privileges is often inadequately managed. Many organizations use a password management-centric approach to solve the privilege problem, but it’s only a partial solution.
In this session, learn how the Universal Privilege Management model is used to secure every user, session, and asset across your IT environment.
Identity Driven Smart Cyber Defence Center
Cyber security needs attention and therefore an effective governance function which coordinates related efforts from strategy to execution, and as part of the execution efforts, companies start discussing the feasibility of so-called Security Operations Centres (SOC). As per Wikipedia “A security operations centre is a centralized unit that deals with security issues on an organizational and technical level.” But is it really so easy? We believe that cybersecurity needs to shift from a reactive to a proactive state. Therefore, a state of the art SOC needs highly standardized processes to enable as much automation as possible and put the greatest risk factor, the Identity, in focus.
Case Study: Duo for Day & Zimmermann
The audience will get an overview of why Day & Zimmermann (D&Z), which specializes in construction, engineering, staffing and defense solutions for governments and leading corporations, has used Duo since 2014. D&Z originally deployed to secure user remote access over Cisco VPN, and Duo now protects many of its systems, including Outlook Web Access, Citrix XenApp, Thycotic, Passwordstate and Windows servers through Remote Desktop Protocol (RDP).
Questions to the Panel of Speakers and Delegates move to the Seminar Rooms
Networking Lunch Served in the Exhibition Area
Session two – Concepts, tools and techniques
- IAM Delivery with DevOps
- Successful procurement and deployment
- Identity data types for access management
- Privileged Access Management & Cyber Security Baseline
- your human firewall: an answer to the ongoing cyber-security problem
- End user satisfaction following conversion to a new authorisation concept
Conference Chair's Afternoon Address
Common Tools and governance to overcome IAM challenges: Is IAM transposable from Higher Education to Industry and beyond?
From Higher Education and Research to Industry, different sectors have different constraints and requirements in the IAM field and hence do things differently whilst facing the same challenges even when they often share the same tools. So, could they benefit from core IAM principles?
This presentation will demonstrate how we can overcome different challenges through a solid IAM governance and clever usage of common tools and services.
- Identity management and Directories
- Federation and MFA
- IAM in applications
- Authentication and authorisation
- How to domesticate Cloud platforms’ IAM
The Needs of the Few - Why Security Awareness Training for Developers Matters
Security awareness training for employees has become more or less the norm in modern companies. Users are taught about document classification, passwords, phishing, and many other topics. However, the needs of one user group in particular are often forgotten; the developers.
The developers create the basis of the business model in many companies; the application, the code. A small mistake here can have massive consequences both reputationally and legally. As a result, the requirements for Developer Security Awareness Training need to be different from the “normal” user.
In this presentation we will take a closer look at what is required to make developers think and develop securely.
- Security Awareness for developers needs improvement
- Developers have special training needs
- Awareness training must be integrated into the daily work
- A gamified approach makes the training more attractive
Secure Digitization Of IDAAS – IAM Designed for the Seamless Integration of Consumers, Partners and Employees
OneLogin Case Study presented by Lars-Thorsten Sudmann, Founder & Managing Director, bloola
Dormakaba is a market leader in the area of innovative access management and security solutions. They operate on a global scale, and a core part of their innovation is to embrace new opportunities emerging through digital transformation. As in many sectors, so too is their world becoming an increasingly connected network of employees, partners, customers and indeed, things.
In this session, Lars-Thorsten will provide you with insight into how Dormakaba are providing secure access to information assets to a wide variety of user profiles in a highly secure and automated way.
He will also touch on overall strategy for the secure connectivity of people and things:
- Illustrate the Multi-tenant architecture of user and access management to digital services
- How to address regulation…and indeed support it
- Delivering these services across distributed organizations and brands
IAM Delivery with DevOps
IAM programmes are traditionally slow and expensive multi-year investments for organisations. Today organisations must be able to adapt fast to changes in the IAM environment and implement IAM solutions faster with lower cost.
Organisations could accelerate and automate delivery of value from IAM by using DevOps principles and mechanisms… but how?
A solution to this challenge will be presented by using a case study on how to adopt DevOps in IDM (SailPoint IIQ) delivery in a large corporation.
- IAM is a business-critical area of IT that is heavily driven by security risk management
- IDM system must be highly configured and customised to meet organisations’ requirements and to become an IAM solution that brings value to the organisation
- Today organisations must deliver these solutions faster and cheaper than ever to meet business, security and regulatory requirements
- Automated DevOps pipeline can be built to automate IAM deployments, shorten the release cycles and speed up the resolution time of incidents
Questions to the Panel of Speakers
Afternoon Networking and Refreshments served in the Exhibition Area
Privileged Access Management & Cyber Security Baseline
A Lack of visibility and control over privileged accounts, users and assets could lead to critical data being compromised and networks of organisations being hacked.
- Why provisioning and de-provisioning of accounts must be a top priority for all organisations
- Reviewing the PAM processes to ensure that the high risk of malicious use of data by the employees, contractors and suppliers is minimised
Kiwi´s Journey to Securely Managing Their Identities with Okta
Okta Case Study presented by David Pavlik, Chief Information Officer/Executive Board Member, Kiwi.com
Kiwi.com allows travellers to build consolidated travel plans across airlines, bus companies, rail companies, and more. When the company was founded seven years ago, its IT infrastructure—a collection of cloud-based apps plus a couple of small servers—mirrored that flexibility. As the company grew, however, the loosely connected infrastructure, which worked well for a start-up, began to cause friction. After rapidly growing to more than 3,200 active international users, the company struggled with the costs and labour involved in managing all of these user identities.
During this session, the CIO of Kiwi.com, David Pavlik, is going to explain how the company overcame their identity challenges by improving on-boarding of new employees, securing all their apps and allowing their employees to easily access application with SSO.
Examination of end user satisfaction following conversion to a new authorisation concept in the context of SAP ERP
Effects on end-user satisfaction after the authorisation conversion
- Structure of the new SAP authorisation concept
- Case study using the Expectation Disconfirmation Theory
- Opportunities and risks of the conversation
Questions to the Panel of Speakers
Closing Remarks from the Conference Chair
Whitehall Media reserve the right to change the programme without prior notice.