Session one- Policy, privacy and business
- Europe’s digital agenda: business and consumer impact
- Self-sovereign identity: a user-centric initiative
- Linking CIAM and SSID: personalisation without risk
- The identity of things: the age of peak connectivity
- Privileged access management: cyber security baseline
- Cryptography and identity: hype or reality?
- IAM Delivery with DevOps
Conference Chair’s Opening Address
Europe’s digital agenda: business and consumer impact
In response to the growing challenge of managing digital identities and verifying access demands for both business and end-users, the EU has established a legal and regulatory framework for the handling of personal and identity data. This framework is designed to build upon existing regulations, ranging from the GDPR to the recently established EPrivacy regulation.
The European digital identity agenda is designed to support the use and processing of data and ensure it is driven towards economic drivers with a recognisably positive socio-economic impact.
In our opening address, we discuss:
- Digital identity and the single market
- Identifying commonalities in identity regulations
- Building the European data economy
- Ethical data monetisation
- Emerging business models for data
Self-sovereign identity: the evolution of user-centric solutions
Self-sovereign identity is fast emerging as a tool by which identities can be created, managed, disclosed and destroyed by the owner without having to engage with a third actor or centralised authority.
SSI is considered as the next stage in user-centric identity initiatives. We will address:
- Origins, principles and the current climate for SSI
- Existing projects and initiatives that have implemented SSI
- SSI and its relationship with existing IAM infrastructures
The needs of the few - Why Security Awareness Training for Developers matters
Klaus-E. Klingner, Divisional Security Officer-Customer Platforms, Allianz Technology SE
Security awareness training for employees has become more or less the norm in modern companies. Users are taught about document classification, passwords, phishing, and many other topics. However, the needs of one user group in particular are often forgotten; the developers.
The developers create the basis of the business model in many companies; the application, the code. A small mistake here can have massive consequences both reputationally and legally. As a result, the requirements for Developer Security Awareness Training need to be different from the “normal” user.
In this presentation we will take a closer look at what is required to make developers think and develop securely.
- Security Awareness for developers needs improvement
- Developers have special training needs
- Awareness training must be integrated into the daily work
- A gamified approach makes the training more attractive
The identity of things: securing identities in an age of peak interconnectivity
In today’s hyper device-led interconnected world, the ability for companies to safeguard consumer information has become even more difficult. Enterprises, both small, medium and large, across all industry sectors are all under near-constant attack from subversive forces.
In response, patches are devised but then quickly circumvented as the hacker industry moves at a seemingly faster rate than enterprises can manage.
- The ‘always-on’ reality of IoT
- Increasing risk of theft and fraud
- The evolution of things into agents
- AI automation
- The logging of transactions and data
- New forms of identity relationship management
Privileged Access Management & Cyber Security Baseline
Martin Ofori-Atta Williams, Privileged Access Management Subject Matter Expert, AP Moller Maersk
PAM Critical Success factors-Cyber Security Baseline (Cyber Security Framework)
Key Security Framework- Any security framework design should depend on the following
- Insider threat
Questions to the Panel of Speakers
Refreshment Break Served in the Exhibition Area
Cryptography and identity: hype or reality?
As technologies like AI, virtual reality and bio-metrics seep deeper into the way we perceive the world and interact with others, digital and real identity will also adapt and change.
We explore the ways digital identity may change, and how we as practitioners can meet the challenges and demands this will bring.
- Developing technologies mount pressure to augment our strategies to be increasingly socially responsible
- Emerging methods of Authentication mandate that we develop future technologies with a global view of identity
- Data minimization, pseudonymisation, unlinkability, transparency, and privacy
IAM Delivery with DevOps
Vilma Blomberg, IAM Solution Design Owner, KONE
IAM programs are traditionally slow and expensive multi-year investments to the organizations. Today organizations must be able to adapt fast to changes in the IAM environment and implement IAM solutions faster with lower cost.
Organizations could accelerate and automate delivery of value from IAM by using DevOps principles and mechanisms… but how?
A solution to this challenge will be presented by using a case study on how to adopt DevOps in IDM (SailPoint IIQ) delivery in a large corporation.
- IAM is a business-critical area of IT that is heavily driven by security risk management
- IDM system must be highly configured and customized to meet organizations’ requirements and to become an IAM solution that brings value to the organization
- Today organizations must deliver these solutions faster and cheaper than ever to meet business, security and regulatory requirements
- Automated DevOps pipeline can be built to automate IAM deployments, shorten the release cycles and speed up the resolution time of incidents
Questions to the Panel of Speakers and Delegates move to the Seminar Rooms
Networking Lunch Served in the Exhibition Area
Session two – Concepts, tools and techniques
- Addressing IAM project failure: pitfalls to avoid
- A guide to AI in IAM: successful procurement and deployment
- Social engineering: against traditional security solutions
- Your human firewall: securing your business pipeline
- Responding to a data breach: the four pillars
- IAM market 2020: the evolution of IAM
Conference Chair's Afternoon Address
Overcoming solution bias and limitations: addressing IAM project failure
Andrea van der Ham, Identity & Access Management Technical Specialist, Ministry of Economic Affairs and Climate, Dutch Government
When initiating an identity and access management project, business users need to balance differing business needs, technological constraints and the complex nature of enterprise-wide IAM systems which interact with every element of an organisations IT infrastructure.
We address, the ways you can approach IAM project management to ensure success.
A guide to AI in IAM: successful procurement and deployment
An emerging trend within the IAM space is the propensity of solution providers to popularise the use of AI in automating the analysis of behavioural and device usage in order to make machine led security decisions.
This presentation is designed to evaluate the many claims made by solution providers whilst posing helpful questions and setting out practical examples of how you can successfully procure and deploy the right technology for the right task.
- Progress and challenges in AI
- How to assess vendors selling you AI and ML solutions
- How to make build vs buy decisions in matters of data analytics
- Some cautionary tales and real-world case studies
Social engineering: circumventing traditional security solutions
Beyond business user issues related to vendor-led solutions, and beyond issues related to the deployment of disruptive technologies across IAM platforms, we have a human-led attack vector which circumvents all such parameters by exploiting people rather than systems.
In this talk, we will address the concept of trust and how it is exploited, the most common techniques deployed by social engineers, the cost to business and some of the most famous examples of successful attacks.
Questions to the Panel of Speakers
Afternoon Networking and Refreshments served in the Exhibition Area
Your human firewall: an answer to the ongoing cyber-security problem
There are three types of organisations, those that have suffered a cyber-attack, those that will, and those that do not know that they have. This added feature of the nature of cyber-attacks has changed the cyber-security landscape entirely.
Cyber-criminals today are infiltrating our lives and workplaces and residing within online systems for weeks, months and even years without our knowledge. The time spent undetected is used to analyse you and your employer in order to assess what information they require to successfully steal your identity.
- The limitations of traditional security infrastructure
- How cyber-criminals circumvent high-level security technology
- How to build your human firewall
- Proactive business security policy instruction and guidance
- Ensuring security is everyone’s responsibility within the business pipeline
Responding to a data breach: The four pillars
It is the call that every security team dread – that an attacker has seriously compromised your organisation and gained widespread access to sensitive data. But how prepared are you for this eventual scenario?
While most organisations have some frameworks in place to manage and respond to limited attacks, few feel confident that each person situated within the business pipeline fully appreciates their role in ensuring that each key business element is tied to the other in a complementary way.
There are four key questions you must ask yourself when assessing your organisational capabilities:
- WHY? what’s the issue or problem?
- WHAT can I do to resolve the issue?
- HOW am I going to implement the what?
IAM Market: 2020 and beyond
In recent years the business world has produced an environment in which a more robust regulatory environment has developed in response to the growing uncertainty around securing identities and managing access. Twinned with this development is the increase in the adoption of advanced technologies such as cloud computing, AI and IoT.
In our closing address, we explore how the IAM market will evolve, its changing relationship with new and emerging technologies and the extent to which consumer insight drives solution innovation at the provider level.
Questions to the Panel of Speakers
Closing Remarks from the Conference Chair
Whitehall Media reserve the right to change the programme without prior notice.