Conference Chair’s Opening Address
Dr Gilad L. Rosner, Founder: IoT Privacy Forum; Expert in Public Policy of IoT & Identity Management; Privacy and Technology Policy Researcher
Customer Personalisation: Bridging CIAM and SSID
Katryna Dow, Founder & CEO, Meeco
With the rapid fusion of physical, biological and digital, identity is now more personal than ever. At the same time, data breaches, hacking and centralised honey pots mean that customers are more vulnerable than ever before.
How we collect and process data in order to personalise services may be the difference between gaining trust or getting fined.
A distributed ledger, Self-Sovereign Identity and Zero Knowledge Proofs offer new opportunities to build trusted data and identity stack. Taking the best of CIAM together with increasing the rights and protections for customers will drive connected use-cases, lower costs and enable new business models.
This session will focus on how incorporating SSID, ZKP and progressive disclosure enables an enterprise to personalise products and services without putting customers at risk.
Bridging CIAM and SSID means fewer data and more insight.
Thinking Outside the Perimeter: Principles of Zero Trust
Vinny Sagar, Solution Architect, Ping Identity
Ping Identity’s Vinny Sagar will present on how you can use the principles of Zero Trust. Security is improved where network perimeters shift and shrink to become resource perimeters (micro-perimeters), and where network-based trust is replaced by confidence from verifying the risk profile of users, devices, applications and data flows. The guiding principle behind Zero Trust is a methodology where this confidence is used to improve access decisions.
Come find out how the principles of Zero Trust will enable you to increase security, agility, productivity across your organisation and how Ping Identity can help.
How Privacy changes traditional approaches to digital identity in CIAM deployments
Colin Wallis, Executive Director, Kantara Initiative
As the digital identity domain of CIAM grows, not only does it require strong identity skills, but professionals need to have sharp privacy skills as well. This presentation will build out from the better-known requirements of security and data protection, to cover the more humanistic values around personal data privacy. These elements are key to CIAM deployments and fast becoming required knowledge for successful and GDPR identity management practice.
- CIAM needs a different approach than the traditional approach to enterprise IAM
- Customer enrolment into online services offers a great example as a case in point
- Selected emerging best practice, standards and regulations that should apply in the context of CIAM
Enterprise IAM: The Booster for Digital Transformation
Darshana Gunawardana, Senior Technical Lead, WSO2
Digital Transformation has led to a new generation of products and services offered by businesses which integrates customers, employees and all other entities together. Integration with several systems with different identities involving different stakeholders lead to the need of properly governed digital identities of an enterprise. Having a well thought out IAM solution in an enterprise can provide this, along with a seamless experience for customers while ensuring their privacy and enforcing security guidelines mandated by the industry. Utilizing Enterprise IAM correctly will act as a catalyst in your digital transformation story boosting its progress.
In this session we will look at:
- What are the requirements in an IAM perspective in a digital transformation journey?
- Best practices to follow and pitfalls to avoid in your Enterprise IAM strategy
Getting the IAM Basics Right
David Doret, IAM & Data Protection Manager, BNP Paribas
The IAM industry is innovating at a steady pace and we all feel excited about fancy buzzwords and new products reaching the market with great promises.
Meanwhile, we – CISOs / IAM managers – must confront a tough reality. That reality is made of elusive and fragmented information systems, workforce and business processes. Still, as each day goes by, we protect our companies with our IAM processes and deliver productivity, compliance and security.
How do we accomplish that? First and foremost, by getting the IAM basics right. Again, again, and again.
In this talk, we will review what the IAM basics are and the foundational principles on which they are based.
• Key principles
• Key processes
• Key practices
More than Insider Threats: What Incident Response teaches us about Identity and Access Management
Richard Horne, Cyber Security Partner, PwC UK
Derek Gordon, UK IAM territory leader, PwC UK
Richard Horne, who has represented the UK on Cyber Security for the OECD and worked with the UK Cabinet office to help shape the national plan for Cyber Security, discusses the unique perspective of dealing with global clients in their hour of need. Sharing insight of the correlation between breach impact and IDM/PAM maturity, time and the role of IDM/PAM to recovery and how organisations can better prepare.
Richard will be joined by Derek Gordon, the UK IAM territory leader to discuss how identity and privileged access management, governance and management all make a real difference in reducing the risk and impact of Cyber breaches.
Questions To The Panel Of Speakers
Morning Networking and Refreshments served in the Exhibition Area
Trust the Machines: Using AI and ML to Future-Proof Identity Governance
Paul Squires, Sales Engineer, SailPoint
Why is it that we inherently distrust machines? Is it lack of evidence or proof that they can do the job, fear of losing control or is the value they’re providing questionable? Trust is foundational for machine learning (ML) to be successful. Together, let us explore how trust can be established for successful identity governance. And, where convenient, how that trust can propel the adoption of ML to transform how you perform identity governance in the future.
Best Practice Processes for Identity Management and Access Governance
Govind Yadav, Senior Sales Engineer, Omada
Most organizations today are operating in a hybrid IT environment of on-premises and cloud-based applications, which make it difficult to get transparency on who has access to which IT systems and applications in an organization and why. Identity governance and administration (IGA) has become a cornerstone of solid IT security and in ensuring compliance with external regulations like GDPR, allowing organizations to implement automated processes for controlling, managing, and auditing access to systems and data. An important prerequisite to reduce the security risk and ensure compliance.
In this presentation you get an insight into best practice processes based on almost two decades experience in implementing IGA solutions in enterprises worldwide.
Unified Access Management – Complexity, Inefficiency and Risk
Charles James, Account Director, OneLogin
Learn how the technology landscape is evolving for businesses, how that shift translates into challenges from an Access Management perspective, and how OneLogin is uniquely positioned to solve these challenges.
Questions to the Panel of Speakers
Networking Lunch Served in the Exhibition Area
Conference Chair’s Afternoon Address
UK Parliamentary Digital Service
Cherry O’Donnell, Product Service Owner – Identity and Access Management, UK Parliament Digital Service
PDS had an existing Active Roles installation that had essentially become shelfware. The system provided very basic AD object control via a very customized web front end. All creation and management of objects were completed outside of AD / ARS via a number of PowerShell scripts.
We explore the initial response, the lessons learned, progress made and future developments.
Certification for the OIDF Financial-Grade API profile
Hans Zandbelt, IAM Architect, OpenID Foundation
• Enable applications to utilize the data stored in the financial account
• Enable applications to interact with the financial account, and
• Enable users to control the security and privacy settings
How to determine the security of a mobile authentication app
Petteri Ihalainen, Senior Specialist, National Cyber Security Centre, Finland
The market is littered with mobile authentication apps from simple OTP generators to sophisticated PKI & biometrics applications. But they all share the same challenge – how can they prove that they are actually secure?
This presentation takes a look at the unique challenge in evaluating the security of mobile authentication apps in the context of national regulation and eIDAS. We will present a global proposal for proving the security of a mobile authentication app. The proposal can be adopted by e.g. governments, organisations deploying app-based authentication solutions or by app vendors to evaluate their systems on how they can resist the various types of attacks.
Questions to the Panel of Speakers
Afternoon Networking and Refreshments served in the Exhibition Area
“Works With” Won’t Help You – How to Reliably Crash any IAM Project
Stefan Bosnjakovic, IAM and Corporate IT-Security Architect, Deutsche Kredit Bank
Embarking on and completing an Identity and Access Management project can be a tricky task that has to juggle differing business needs, technological constraints and a complexity arising from IAM systems which must span the entirety of a global enterprise’s IT infrastructure.
In this presentation, we examine the ways you can approach IAM project management to ensure success through:
• How to read between the lines of product brochures
• How to set up a sensible Proof-of-Concept
• Instead of becoming a vendor’s Guinea Pig during the project implementation phase
Hype, lies and statistics: a buyer’s guide to AI in cybersecurity
Jon Hawes, Head of Detect & Security Innovation, Photobox
Lots of claims are being made in cybersecurity about the capabilities that behavioural user or device analytics can deliver to automate security decisions and actions in a dynamic way.
This talk will provide a ‘buyers guide’ on how to evaluate the claims that vendors make, presenting helpful question sets and practical examples that can help avoid making costly mistakes in purchasing, or operationalizing, the technology that uses Machine Learnings in a confusing market-place.
• Progress and challenges in AI: why all are not quite what it seems
• How to assess vendors selling you AI and ML solutions to avoid costly mistakes
• How to make build vs buy decisions in matters of data analytics
• Some cautionary tales and real-world case studies about getting value from AI / ML ‘solutions’
Closing Keynote: The Future of Digital Identity
Aisling Connolly, Cryptography and Privacy Researcher, Information Security, École Normale Superieure
In communities, forums, workspaces and every conceivable online corner, people are already able to hold numerous, ephemeral digital identities that transform depending on their environment and usage.
As technologies like AI, virtual reality and biometrics seep deeper into the way we perceive the world and interact with others, digital and real identity will also adapt and change.
In this closing keynote, we explore the ways digital identity may change, and how we as practitioners can meet the challenges and demands this will bring.
• Responsibility – Developing technologies mount pressure to augment our strategies to be increasingly societally responsible
• Diversity – Emerging methods of Authentication mandate that we develop future technologies with a global view of identity
• Emerging Technologies – data minimization, pseudonymisation, unlinkability, transparency, and privacy
Questions to the Panel of Speakers
Closing Remarks from the Conference Chair
Whitehall Media reserve the right to change the programme without prior notice.