Session one – IAM as a Business Enabler
Through cross-sector case studies and industry perspectives, we charter key IAM imperatives including accountability, transparency, user experience and managing trust, privileges and entitlements. The early morning session will also explore:
- Identity governance and data access controls
- Privileged Access Management and user authentication methods
- Innovation and future-proofing your IAM programme
- IAM security architecture
- Digital transformation and your IAM platforms
- How to utilise IAM to achieve business goals and empower digital business
- Operationalising identity intelligence for risk mitigation
- Future trends in the IAM space
Conference Chair’s Opening Address
Implementing a Full Lifecycle Incident Management Solution
The IT Ecosystem is becoming increasingly complex to manage and secure. We explore the intricacies of a robust incident management system, discussing:
- Cyber Attack Lifecycle Steps
- Automation and detection of unusual behaviours
- A how-to guide – for reducing teams Mean Time to Detect (MTTD) and Mean Time to Respond (MTTR)
- A toolkit – disaster recovery post-security breach
How to convince your organisation that effective IAM is its top priority
Ian Evans, IAM Subject Matter Specialist, Hargreaves Lansdown
You know that effective IAM is crucial for your organisation’s survival. But how do you convince others? Ian draws on his dual experience of client-side IAM and influencing/ presenting/ negotiating to propose approaches that could prove useful:
- Structuring an IAM proposal
- Real-world examples of good and bad IAM outcomes
- The benefits and costs of IAM – and the alternatives
- Likely questions and objections to an IAM proposal
IDAAS: WHAT CAN IT DO FOR YOUR ENTERPRISE?
It has been predicted that by 2021, IDaaS will become the dominant delivery model for new IGA deployments. By 2020, 40% of the global larger and midsize enterprises will use IDaaS capabilities to fulfil most of their IAM needs. An IDaaS will be the chosen delivery model for more than 80% of new access management solution purchases.
While only native cloud companies can quickly adopt IDaaS, for most companies migrating to the cloud is a big concern.
This session will explore:
- Is a hybrid system the answer for your enterprise?
- What are the benefits of using IDaaS to give you the speed and agility while deploying on-premise IAM to deliver flexibility?
- Comparing challenges and concerns of cloud migration versus hybrid identity systems
Why junior roles in IAM are imperative to your structure
Joe Matthewson, Senior Identity Access Manager, Sky Betting and Gaming
Presentation on my journey and why I think it is so important to bring young individuals into the IAM world and help mould them into an IAM specialist.
Discuss topics such as
- New ideas
- Fresh outlook on access control
- Simplicity is key
- Building bridges
IAM IN THE CLOUD
What is the biggest concern when it comes to securing the cloud? Most people would claim data loss, malicious outsiders —or careless insiders— but what about implementing adequate IAM practices? This seems not to be a top concern when, paradoxically, IAM practices can help mitigate both insider and outsider cyber risks.
- How we can increase the awareness of the benefits of implementing a robust IAM programme, especially a
- Discussing the state of the art technologies to tackle IAM/PAM cyberattacks
- Options to meet the standards of PAM cloud security
Questions To The Panel Of Speakers
Refreshment Break Served in the Exhibition Area
Case study – GDPR and Compliance Practices within IAM
Norbert Eschle, Enterprise Data Architect, Direct Line Group
The GDPR is a crucial driver within the IAM landscape. Enterprises are required to maintain high levels of compliance and data governance practices, transforming IAM into a critical aspect of their data and cybersecurity strategies.
- The impact of GDPR and new compliance practices on global business strategies
- Moving to the cloud, GDPR territorial scope and data sovereignty
- Enforcing compliance based on the business need for data
Case Study – Leveraging Third-Party IAM
Granting full or even partial access to third-party subcontractors can pose a severe risk to the corporate cybersecurity, thus increasing need to strictly control or monitor third-party vendor access, especially in the cloud.
We discuss how to achieve full visibility of subcontractor’s actions, granular access management for different groups of vendors, or vendor monitoring to avoid misuse of granted privileges.
We also discuss how to federate your third party IAM to coordinate your own authentication with the authentication efforts of your partners, allowing you to ensure your own security by utilising the protection tools of others.
Questions to the Panel of Speakers and Delegates move to the Seminar Rooms
Networking Lunch Served in the Exhibition Area
Session two: technology, threats and security
- Machine identity capabilities
- User managed access
- Enterprise application integration
- Adaptive authentication analysis in behavioural patterns
- Risk based authentication
- CIAM landscape
- IAM and PAM integration
Conference Chair’s Afternoon Address
User Behaviour Analytics: Protecting the Enterprise from the Inside
Most companies spurn the term monitoring and prefer the widely used term, behaviour analytics, which ultimately relates to employee monitoring. Despite the dislike for this word, monitoring, keeping track of malicious behaviour or unconscious risky actions is vital for an enterprise’s security.
- Configuring machine learning algorithms to ingest log data from IAM tools
- Implementing behaviour analytics that detects distinctive user characteristics
- How far behaviour analytics can go – from the way a person types and moves their mouse to data access and more
Going Passwordless: Is it just a matter of time?
Tirlok Rajora, Security Solutions Architect, HM Revenue & Customs
For many years, online authentication systems have worked with a required password – however simple or complex. Two-factor authentication and multi-factor authentication have granted enterprises further confidence in the security of their accounts. Yet, insecure passwords are still one of the easiest ways for hackers to break into multiple accounts. It is estimated that 81% of major data breaches are traced back to a single compromised identity.
In 2004, Bill Gates foretold announced that it was the end of the password era and yet, 15 years later, passwords are still with us.
- Just how prepared are we to embrace a password-less future?
- What are the alternatives, and can they offer us security?
- Exploring different solutions: biometric authentication, facial-recognition, FEDO2 security keys
MULTIFACTOR AUTHENTICATION VS SINGLE-SIGN-ON – OR BOTH?
Most security officers often deal with having to choose between SSO or MFA. While MFA provides high-quality IAM solutions, SSO provides a user-friendly strategy. Combining the best of both worlds seems the best solution to provide users with safe authentication systems without compromising user experience – if you can afford it. In turn, this combined system may offer fewer password resets and fewer help-desk calls.
It all comes down to a question of whether the time and money allocated are worth it and whether the outcome outgrows the investment. This session looks at the benefits of a combined system and how to go about implementing it.
Questions to the Panel of Speakers
Afternoon Networking and Refreshments served in the Exhibition Area
The Identity of Things
Is IoT a problem for security? The massive proliferation of connected devices has been a challenge to traditional authentications system.
- How to implement robust Software Asset Management systems (SAM) to secure the IoT
- How to focus on user experience while not compromising on security
- Tackling the most significant problem: achieving system flexibility
Blockchain and Self-Sovereign Digital Identity
While our dependence on Social Media and API increases, so does the user information they store, which makes managing our digital identity a big issue. With users’ personal details, behaviours and likes spread all over the Internet, the chances of reaching self-sovereign seem like a distant dream. However, blockchain may bring us closer to that desired utopic situation where we are in control of our digital identity.
- The problems associated with self-sovereign identity. Do users manage their own keys? Will they recover their own identity?
- Governance and compliance issues
- Real-world cases of early applications with public blockchains (e.g. Civil and Po.et)
Trashing the cluttered gadget drawer
“More of everything” seems to be the rule to mitigate the fear of being outdated. Identity governance is not impermeable to this rule. Enterprises add additional solutions when becoming anxious about not having all the new tools to protect the valuable assets of the enterprise.
- How to tidy up your IGA/IAM systems: getting rid of the outdated software and learning how to let go
- Exploring ad-hoc and holistic tools to declutter the system
- Future-proofing your IAM investment and dealing with legacy
Questions to the Panel of Speakers
Closing Remarks from the Conference Chair
Whitehall Media reserve the right to change the programme without prior notice.