Identity Management

17 September 2019

Van Der Valk Hotel, Utrecht




Conference Chair’s Opening Address
Identity Insights on the Privacy-Personalisation Paradox

Nick Caley, Global VP of Financial Services & Regulatory, ForgeRock

Delivering digital experiences that meet customer expectations is critical to digital transformation, but opportunities to get up close and personal with customers intersects with risk, security and a lack of trust.

In this talk, Nick Caley, Global VP of Financial Services & Regulatory will share ForgeRock’s approach to:

  • Engagement based on transparency, choice and control
  • Data as a shared asset in a true value exchange
  • Consent and Lifecycle Management
  • Profile and Privacy Management Dashboard
Centralising Access Control: Addressing the challenge of an increasingly distributed workforce

Angelos Varthalitis, CIO, Transdev Nederland

The globalised nature in which organisations are structured and operate means that the ways in which products are developed, information shared and collaboration achieved is via digital means. One of the ways in which global enterprises are addressing this is by developing a centralised IAM solution.

The issue is how to implement a comprehensive, centrally managed IAM solution that centralises the visibility and control needed for a distributed workforce to an enterprise IT security team.

Will Decentralized Identity be the Solution to Everything?

Patrik Horemans, Subject Matter Expert – Identity and Access Management, IBM Security Europe

Decentralized Identities build on distributed ledger technologies such as BlockChain promises to be the answer to many consumer identity related challenges today. It promises to make life easier for people, deliver trusted identities and save organizations lots of money.

Analysts say it will be widely accepted and established within a couple of years and many companies, including IBM, are investing and building platforms. But will Decentralized Identity really be the solution to everything? Won’t it be a factor for exclusion in the society? Can the trusted parties be trusted? Who should be responsible for the implementation? Who will pay for it? Will it really be totally secure?

Today we will talk about the opportunities Decentralized Identities will bring but we will also talk about the limitations it has and considerations to think about.


David Pignolet, CEO, SecZetta

Organisations today face a growing challenge around how they interact with partners and suppliers. On average, non-employees make up 40% of the total workforce and in some industries non-employees can be as much as 10x the number of employees. Given the dispersed nature of working with non-employees and the fact that they are being brought in by the different lines of business with no single department responsible for defining and managing a centralized process, they wind up potentially being the riskiest people to an organization. Given the nature of non-employees being a distributed workforce and the lack of a well-defined business process, companies struggle to get control of how they grant and govern access. Without good people data, you can’t have good identity and access management. Failure to implement a business process designed to address the complexities of non-employees results in the lines of business and enterprise IT staff being preoccupied with manual processes, a loss of productivity for the business seeking access for non-employees to key business applications, and an increased likelihood of former non-employees maintaining access to highly sensitive systems or physical locations. In this presentation, David will discuss:

  • Understanding the challenges and gaps in most non-employee business processes
  • The inefficiencies and security consequences of not addressing an outdated business process
  • Managing business process and people data effectively to deliver actionable decisions to the organisation
  • The benefits gained from an identity and business process first approach to managing non-employees
How to securely manage identities at scale in the cloud

Sébastien Stormacq, Technical Evangelist, AWS

Managing identities and authorisations is a core requirement for all apps. Modern applications are required to securely manage hundreds of thousands or millions of identities.

In this talk, you will learn how you can leverage fully managed, serverless services in the cloud to securely manage your user pools. During this talk, we will address common challenges of identity management and identity federation and show how cloud-based solutions can simplify and secure your applications.

Presentation by Okta
Modern Access Management for Hybrid and Multi-Cloud Environments

Markku Rossi, Chief Technology Officer, SSH.COM

Today’s dynamic hybrid and cloud environments encompass many different privileged user types – both internal and outsourced – who need to access shifting target servers. While cloud environments can be complex and ever-changing, many legacy solutions are built on yesterday’s architecture and tend to cause huge operational and business friction. It is time to introduce unified, scalable and nimble management tools.

Join Markku to learn how modern methods for user authentication and authorization along with rules enforcement enable access at the speed of business and operations. Visibility and session recording into access management traffic also help meet best practices and security standards.

Questions To The Panel Of Speakers
Morning Networking and Refreshments served in the Exhibition Area
How to Reduce your Total Cost of Identity and Increase Return on eXperience

Hugo Löwinger, Principal Identity Strategist, PwC

Customer facing organisations, just like all organisations, have gone through tremendous change over the past 15 years. Going from:

  • Bricks to clicks
  • Web to app
  • Single-channel to omnichannel
  • Waterfall to agile
  • On-prem to cloud

Just to name a few, and we are not ‘there’ yet.

What does all of this mean for digital identity? Well, in many cases it means that organisations have tied themselves into a very expensive knot, hurting user experience, security and efficiency (I.e.: the bottom line).

During this session, we look at how to reduce Total Cost of Identity (TCI), while increasing Return on eXperience (ROX) by leveraging:

  • Gamification to get key business, technical and security stakeholders aligned
  • Identity orchestration to create architectural agility
On the state and future of standards based SSO

Hans Zandbelt, IAM Architect, OpenID Foundation

This presentation will provide an overview of the current state of standards-based digital identity and Single Sign-On (SSO). We’ll take a look at the market adoption of standards such as SAML and OpenID Connect and discuss the future of those standards and internet identity in general. We’ll highlight protocols, standardization bodies and certification processes and why these matter to your business.

• What is the market adoption of open standards for cross-domain SSO?
• How do identity standards emerge and how do they develop over time?
• What does the future of standards-based SSO hold?

Presentation by OneLogin
Questions to the Panel of Speakers and Delegates move to the Seminar Rooms
Seminar Sessions
Networking Lunch Served in the Exhibition Area
Conference Chair’s Afternoon Address
CIAM: The Booster for Digital Transformation

Darshana Gunawardana, Senior Technical Lead, WSO2

Digital transformation has led to a new generation of products and services offered by businesses which integrate customers, employees and all other entities together. Integration with several systems with customer identities involving different stakeholders lead to the need of properly governed digital identities of an enterprise.

Having a well thought out CIAM solution in an enterprise can provide this, along with a seamless experience for customers while ensuring their privacy and enforcing security guidelines mandated by the industry. Utilizing Customer IAM correctly will act as a catalyst in your digital transformation story boosting its progress.

In this session we will look at:

  • How CIAM enables digital transformation
  • What are the requirements in CIAM perspective in a digital transformation journey
  • Best practices to follow and pitfalls to avoid in your CIAM strategy
From Traditional IAM to Next-Gen Identity Governance Using Best-Practices

Mark Vermeulen, Director for Sales in Benelux, Omada

Most organizations today are operating in a hybrid IT environment of on-premises and cloud-based applications, which make it difficult to get transparency on who has access to which IT systems and applications in an organization and why. Identity governance and administration (IGA) has become a cornerstone of solid IT security and in ensuring compliance with external regulations like GDPR, allowing organizations to implement automated processes for controlling, managing, and auditing access to systems and data. An important prerequisite to reduce the security risk and ensure compliance.
In this presentation, you get an insight into best practice processes based on almost two decades experience in implementing IGA solutions in enterprises worldwide.
Key takeaways:

  • Why do best practice processes work for IGA?
  • What does the best practice IGA process framework cover?
  • How can you use the argument for best practices to move standards and alignment in your own company?
IdentityAI: Current Value and Demo of AI and Machine Learning in Relation to Identity Management

Edwin Grimminck, Identity Governance Specialist, SailPoint

Everybody is talking about AI and machine learning and we hear more and more of this in the IGA market as well. SailPoint has recognized this trend several years ago and has released their first production version of their IdentityAI solution in a true SaaS offering to their US customers. Before the end of 2019 this solution will be available in EMEA as well.

This session will show you what everybody is talking about and what’s possible now. It will focus on:

  • Access history
  • Explore
  • Peer group analyses
  • Governance Recommender
Questions to the Panel of Speakers
Afternoon Networking and Refreshments served in the Exhibition Area
Diageo case study: a journey towards the simplification and automation of the overall control environment

Edina Dobos, Head of Technology Compliance, Diageo

At Diageo, we embarked on a journey to simplify and automate the overall control environment, which has also included investing in access controls.

This case study describes the end-to-end access risk evaluation process from identification of risks through balanced remediation and mitigation.

  • Internal and external business complexities driving the need for change
  • Approach and best practices applied across the programme phases to maximize business return
  • Enablers for sustainable results
The Future of Access Control is Distributed and Open

Jan Winus van Roode, Innovation Manager, Nsecure b.v.

The current generation of physical access control systems (PACS) function by placing people’s information into them. PACS and their complementary systems have become vaults for personal data; walled repositories that require continual updates to maintain and is costly to secure. Overall, the administration is time-consuming, while usage has little focus on the experience. Is there an alternative?

Self-sovereign identity concepts have the potential to provide an alternate way forward. By letting a person own their identity and being able to trust the records that person brings to you, it’s possible for a business to move away from the collection of personal information and pre-registration into an access system.

  • Challenges of the current generation of physical access control systems (PACS
  • How Self-sovereign identity (SSI) concepts can help solve these challenges
  • What does an access control solution based on SSI look like?
  • What are typical uses cases?
The Entitlement Management Journey - from spreadsheets to AI
Questions to the Panel of Speakers
Closing Remarks from the Conference Chair
Conference Closes

Please note:
Whitehall Media reserve the right to change the programme without prior notice.