Session one- Policy, privacy and business
- Bottom-up migration IAM project management
- Self-sovereign identity: a user-centric initiative
- Overcoming solution bias and limitations
- Securing identities in an age of peak inter-connectivity
- Common Tools and governance to overcome IAM challenges
- Cryptography and identity: hype or reality?
- Why Security Awareness Training for Developers matters
Conference Chair’s Opening Address
Using the strangler pattern for bottom-up migration in an international company
Dr. Frank Simon, Head of IT Security & IAM, Zurich Insurance
All IAM projects are migration projects; being innovative while keeping old systems running.
In this presentation, we will address:
- Big Bang Approaches are very risky; doing it step-by-step by using the strangler pattern reduces risks and supports agile approaches
- Sometimes it is better to innovate bottom-up: Innovate internal technique while keeping old processes, GUIs and features
- International enterprises can decide between one central IAM system and federated IAM repositories
Self-sovereign identity: the evolution of user-centric solutions
Self-sovereign identity is fast emerging as a tool by which identities can be created, managed, disclosed and destroyed by the owner without having to engage with a third actor or centralised authority.
SSI is considered as the next stage in user-centric identity initiatives. We will address:
- Origins, principles and the current climate for SSI
- Existing projects and initiatives that have implemented SSI
- SSI and its relationship with existing IAM infrastructures
Overcoming solution bias and limitations: addressing IAM project failure
Andrea van der Ham, Identity & Access Management Technical Specialist, Ministry of Economic Affairs and Climate, Dutch Government
When initiating an identity and access management project, business users need to balance differing business needs, technological constraints and the complex nature of enterprise-wide IAM systems which interact with every element of an organisations IT infrastructure.
We address, the ways you can approach IAM project management to ensure success.
The identity of things: securing identities in an age of peak interconnectivity
In today’s hyper device-led interconnected world, the ability for companies to safeguard consumer information has become even more difficult. Enterprises, both small, medium and large, across all industry sectors are all under near-constant attack from subversive forces.
In response, patches are devised but then quickly circumvented as the hacker industry moves at a seemingly faster rate than enterprises can manage.
- The ‘always-on’ reality of IoT
- Increasing risk of theft and fraud
- The evolution of things into agents
- AI automation
- The logging of transactions and data
- New forms of identity relationship management
Common Tools and governance to overcome IAM challenges: Is IAM transposable from Higher Education to Industry and beyond?
Mehdi Hached, IAM Architect, Airbus
From Higher Education and Research to Industry, different sectors have different constraints and requirements in the IAM field and hence do things differently whilst facing the same challenges even when they often share the same tools. So, could they benefit from core IAM principles?
This presentation will demonstrate how we can overcome different challenges through a solid IAM governance and clever usage of common tools and services.
- Identity management and Directories
- Federation and MFA
- IAM in applications
- Authentication and authorisation
- How to domesticate Cloud platforms’ IAM
Questions to the Panel of Speakers
Refreshment Break Served in the Exhibition Area
Cryptography and identity: hype or reality?
As technologies like AI, virtual reality and bio-metrics seep deeper into the way we perceive the world and interact with others, digital and real identity will also adapt and change.
We explore the ways digital identity may change, and how we as practitioners can meet the challenges and demands this will bring.
- Developing technologies mount pressure to augment our strategies to be increasingly socially responsible
- Emerging methods of Authentication mandate that we develop future technologies with a global view of identity
- Data minimization, pseudonymisation, unlinkability, transparency, and privacy
The needs of the few - Why Security Awareness Training for Developers matters
Klaus-E. Klingner, Divisional Security Officer-Customer Platforms, Allianz Technology SE
Security awareness training for employees has become more or less the norm in modern companies. Users are taught about document classification, passwords, phishing, and many other topics. However, the needs of one user group in particular are often forgotten; the developers.
The developers create the basis of the business model in many companies; the application, the code. A small mistake here can have massive consequences both reputationally and legally. As a result, the requirements for Developer Security Awareness Training need to be different from the “normal” user.
In this presentation we will take a closer look at what is required to make developers think and develop securely.
- Security Awareness for developers needs improvement
- Developers have special training needs
- Awareness training must be integrated into the daily work
- A gamified approach makes the training more attractive
Questions to the Panel of Speakers and Delegates move to the Seminar Rooms
Networking Lunch Served in the Exhibition Area
Session two – Concepts, tools and techniques
- IAM Delivery with DevOps
- Successful procurement and deployment
- Identity data types for access management
- Privileged Access Management & Cyber Security Baseline
- your human firewall: an answer to the ongoing cyber-security problem
- End user satisfaction following conversion to a new authorisation concept
Conference Chair's Afternoon Address
IAM Delivery with DevOps
Vilma Blomberg, IAM Solution Design Owner, KONE
IAM programmes are traditionally slow and expensive multi-year investments for organisations. Today organisations must be able to adapt fast to changes in the IAM environment and implement IAM solutions faster with lower cost.
Organisations could accelerate and automate delivery of value from IAM by using DevOps principles and mechanisms… but how?
A solution to this challenge will be presented by using a case study on how to adopt DevOps in IDM (SailPoint IIQ) delivery in a large corporation.
- IAM is a business-critical area of IT that is heavily driven by security risk management
- IDM system must be highly configured and customised to meet organisations’ requirements and to become an IAM solution that brings value to the organisation
- Today organisations must deliver these solutions faster and cheaper than ever to meet business, security and regulatory requirements
- Automated DevOps pipeline can be built to automate IAM deployments, shorten the release cycles and speed up the resolution time of incidents
A guide to AI in IAM: successful procurement and deployment
An emerging trend within the IAM space is the propensity of solution providers to popularise the use of AI in automating the analysis of behavioural and device usage in order to make machine led security decisions.
This presentation is designed to evaluate the many claims made by solution providers whilst posing helpful questions and setting out practical examples of how you can successfully procure and deploy the right technology for the right task.
- Progress and challenges in AI
- How to assess vendors selling you AI and ML solutions
- How to make build vs buy decisions in matters of data analytics
- Some cautionary tales and real-world case studies
Identity data types for access management: transforming identity management at the BBC
Ros Smith – Executive Product Manager – Identity & Access Management, BBC
Carlos Trigoso – Lead Architect – Identity & Access Management, BBC
The BBC has a relatively advanced Identity and Access Management programme covering all user types within the corporation’s business ecosystem.
Carlos Trigoso and Ros Smith will present a compact history of this programme and then will focus on the results obtained in the past three years.
The presentation highlights the close correlation and interdependence between Identity Management and Organisational Transformation.
Details will include:
- The Four-layer model
- The BBC ecosystem
- An outline of the current BBC Enterprise IAM Products
- What’s next
Questions to the Panel of Speakers
Afternoon Networking and Refreshments served in the Exhibition Area
Privileged Access Management & Cyber Security Baseline
Martin Ofori-Atta Williams, Privileged Access Management Subject Matter Expert, AP Moller Maersk
PAM Critical Success factors-
Cyber Security Baseline (Cyber Security Framework)
Key Security Framework- Any security framework design should depend on the following
- Insider threat
Your human firewall: an answer to the ongoing cyber-security problem
There are three types of organisations, those that have suffered a cyber-attack, those that will, and those that do not know that they have. This added feature of the nature of cyber-attacks has changed the cyber-security landscape entirely.
Cyber-criminals today are infiltrating our lives and workplaces and residing within online systems for weeks, months and even years without our knowledge. The time spent undetected is used to analyse you and your employer in order to assess what information they require to successfully steal your identity.
- The limitations of traditional security infrastructure
- How cyber-criminals circumvent high-level security technology
- How to build your human firewall
- Proactive business security policy instruction and guidance
- Ensuring security is everyone’s responsibility within the business pipeline
Examination of end user satisfaction following conversion to a new authorisation concept in the context of SAP ERP
Kevin Loncsarszky, SAP Project Manager Identity & Access Management, Kostal Group
Effects on end-user satisfaction after the authorisation conversion
- Structure of the new SAP authorisation concept
- Case study using the Expectation Disconfirmation Theory
- Opportunities and risks of the conversation
Questions to the Panel of Speakers
Closing Remarks from the Conference Chair
Whitehall Media reserve the right to change the programme without prior notice.