Session One: Identity and Access Management for Enterprise
We explore how IAM can become a key enabler to organisations. Through cross-sector case studies and industry perspectives we charter key IAM imperatives including accountability, transparency, user experience and managing trust, privileges and entitlements. The early morning session will also explore:
- Why businesses require identity governance
- Examples of successful deployments of comprehensive, customer focused identity management infrastructures
- The impact of identity management investment on top-line revenue
- How to use IAM to achieve business goals and empower digital business
- The changing security landscape and disruptive technologies
- Operationalising identity intelligence for efficiency and risk mitigation
- Identifying future trends in the IAM space
Conference Chair’s Opening Address
Sarb Sembhi, Past President, ISACA London
IAM and Digital Transformation
Digital transformation brings a whole host of new security challenges and risks; we focus on exploring the relationship between human capital and the use of IAM technologies, the extent to which they complement one another and drive your business strategy, with the ultimate aim of enabling organisations to become more agile and secure.
- Aligning enterprise business strategies and objectives with technologies
- Breaking down silos and bridging the gap between business and technology with a focus on IAM
AI identity management: Are enterprises ready?
We explore how artificial intelligence and machine learning are poised to reshape the identity and access management enterprise landscape.
- How to implement privileged identity management that uses algorithmic intelligence to analyse activity and usage patterns
- Using AI for conditional access and authorisation
- Overcoming potential challenges – avoiding errors and bias
How Privacy changes traditional approaches to digital identity in CIAM deployments
Colin Wallis, Executive Director, Kantara Initiative
As the digital identity domain of CIAM grows, not only does it require strong identity skills, but professionals need to have sharp privacy skills as well. This presentation will build out from the better-known requirements of security and data protection, to cover the more humanistic values around personal data privacy. These elements are key to CIAM deployments and fast becoming required knowledge for successful and GDPR identity management practice.
- CIAM needs a different approach than the traditional approach to enterprise IAM
- Customer enrolment into online services offers a great example as a case in point
- Selected emerging best practice, standards and regulations that should apply in the context of CIAM
The IoT security challenge
The Internet of Things is a complex web of relationships encompassing people, services, applications and devices, all of which must have an identity.
Such identities need to be protected in order for the IoT to develop to its full potential.
This session explores the disruptive new trend of IoT and how IAM is scaling up to meet its complex needs so users can be truly connected.
- Businesses need to strategically evolve their processes in managing and defining relationships
- Scaling IAM to match the complexity of IoT to secure all devices
- Public Key Infrastructure- To reduce the complexity of IAM when utilising M2M and IoT through encryption keys and public key certificates
“Works With” Won’t Help You – How to Reliably Crash any IAM Project
Stefan Bosnjakovic, IAM and Corporate IT-Security Architect, Deutsche Kredit Bank
Embarking on and completing an Identity and Access Management project can be a tricky task that has to juggle differing business needs, technological constraints and a complexity arising from IAM systems which must span the entirety of a global enterprise’s IT infrastructure.
Finding the Right Balance between Security and Usability
One of the main challenges of Identity Management is finding the right software which will allow easy navigation and better usability for consumers.
We look at:
- Designing a UX of Security and other factors that will contribute to a safer customer journey
- More complex passwords don’t always make users secure – are they redundant?
- Examining the benefits and implementation challenges of SSO
Questions To The Panel Of Speakers
Refreshment Break Served in the Exhibition Area
Cloud Security and Access Management: Meeting the Challenges
Cloud assets are increasingly becoming a favoured target for nefarious actors.
In this presentation, we tackle some of the key challenges associated with cloud security and IAM, looking at:
• Meeting identity provisioning challenges
• Ensuring system resources are allocated in a sustainable way
• Managing privileged cloud users through strong authentication, conditional access and administrative overview
• Frameworks to support tracking user access
Getting the IAM Basics Right
David Doret, IAM & Data Protection Manager, BNP Paribas
The IAM industry is innovating at a steady pace and we all feel excited about fancy buzzwords and new products reaching the market with great promises.
Meanwhile, we – CISOs / IAM managers – must confront a tough reality. That reality is made of elusive and fragmented information systems, workforce and business processes. Still, as each day goes by, we protect our companies with our IAM processes and deliver productivity, compliance and security.
How do we accomplish that? First and foremost, by getting the IAM basics right. Again, again, and again.
In this talk, we will review what the IAM basics are and the foundational principles on which they are based.
• Key principles
• Key processes
• Key practices
Questions to the Panel of Speakers
Delegates move to the Seminar Rooms
Networking Lunch Served in the Exhibition Area
Session Two: Case Studies and Best Practice for IAM in Large Enterprise Organisations
- Exploring privileged access management: What happens when you add new technology to traditional or legacy security software
- Creating a threat-centric IAM to secure your intelligent assets and becoming proactive to a breach not reactive
- Embracing CIAM as a key driver for customer identity security
- Security talent and skills, learn exactly why there is a shortage of security professionals and how to break away from the standard talent pool to acquire new IAM talent
- Keeping ahead of the curve: Defining the future of IAM, trends for 2019 and beyond
Conference Chair’s Afternoon Address
Certification for the OIDF Financial-Grade API profile
Hans Zandbelt, IAM Architect, OpenID Foundation
• Enable applications to utilize the data stored in the financial account
• Enable applications to interact with the financial account, and
• Enable users to control the security and privacy settings
Establishing a Threat-Centric IAM Technology - A Capability Model
- Defining the key elements of the IAM- Threat Centric Strategy, the core elements including policy and new IAM technologies
- Analysing various integration methods for threat intelligence into the IAM Stack to improve design, provision, run and access times
- IAM maturation and becoming ready to embrace new disruptive technologies like IoT
How to determine the security of a mobile authentication app
Petteri Ihalainen, Senior Specialist, National Cyber Security Centre, Finland
The market is littered with mobile authentication apps from simple OTP generators to sophisticated PKI & biometrics applications. But they all share the same challenge – how can they prove that they are actually secure?
This presentation takes a look at the unique challenge in evaluating the security of mobile authentication apps in the context of national regulation and eIDAS. We will present a global proposal for proving the security of a mobile authentication app. The proposal can be adopted by e.g. governments, organisations deploying app-based authentication solutions or by app vendors to evaluate their systems on how they can resist the various types of attacks.
Questions to the Panel of Speakers
Afternoon Networking and Refreshments served in the Exhibition Area
Hype, lies and statistics: a buyer’s guide to AI in cybersecurity
Jon Hawes, Head of Detect & Security Innovation, Photobox
Lots of claims are being made in cybersecurity about the capabilities that behavioural user or device analytics can deliver to automate security decisions and actions in a dynamic way.
This talk will provide a ‘buyers guide’ on how to evaluate the claims that vendors make, presenting helpful question sets and practical examples that can help avoid making costly mistakes in purchasing, or operationalizing, the technology that uses Machine Learnings in a confusing market-place.
• Progress and challenges in AI: why all are not quite what it seems
• How to assess vendors selling you AI and ML solutions to avoid costly mistakes
• How to make build vs buy decisions in matters of data analytics
• Some cautionary tales and real-world case studies about getting value from AI / ML ‘solutions’
Is there a shortage of security talent?
(ISC)2 estimates that “by 2019 there will be a need for 6 million security professionals, but only 4.5 million will have the necessary qualifications for those jobs”.
We look to understand the disconnect in the above figures:
- Is there a shortage of skills? What can businesses and universities do to plug the gaps?
- Training and upskilling your existing security and IT teams
- Venturing outside the existing talent pool, recruiting from other industries
- Retaining your security staff
Closing Keynote: The Future of Digital Identity
Aisling Connolly, Cryptography and Privacy Researcher, Information Security, École Normale Superieure
In communities, forums, workspaces and every conceivable online corner, people are already able to hold numerous, ephemeral digital identities that transform depending on their environment and usage.
As technologies like AI, virtual reality and biometrics seep deeper into the way we perceive the world and interact with others, digital and real identity will also adapt and change.
In this closing keynote, we explore the ways digital identity may change, and how we as practitioners can meet the challenges and demands this will bring.
• Responsibility – Developing technologies mount pressure to augment our strategies to be increasingly societally responsible
• Diversity – Emerging methods of Authentication mandate that we develop future technologies with a global view of identity.
• Emerging Technologies – data minimization, pseudonymisation, unlinkability, transparency, and privacy.
Questions to the Panel of Speakers
Closing Remarks from the Conference Chair
Whitehall Media reserve the right to change the programme without prior notice.