Session one – IAM as a Business Enabler
Through cross-sector case studies and industry perspectives, we charter key IAM imperatives including accountability, transparency, user experience and managing trust, privileges and entitlements. The early morning session will also explore:
- Identity governance and data access controls
- Privileged Access Management and user authentication methods
- Innovation and future-proofing your IAM programme
- IAM security architecture
- Digital transformation and your IAM platforms
- How to utilise IAM to achieve business goals and empower digital business
- Operationalising identity intelligence for risk mitigation
- Future trends in the IAM space
Conference Chair’s Opening Address
Implementing a Full Lifecycle Incident Management Solution
The IT Ecosystem is becoming increasingly complex to manage and secure. We explore the intricacies of a robust incident management system, discussing:
- Cyber Attack Lifecycle Steps
- Automation and detection of unusual behaviours
- A how-to guide – for reducing teams Mean Time to Detect (MTTD) and Mean Time to Respond (MTTR)
- Disaster recovery post-security breach – the toolkit and expertise all enterprises must have
IAM in the Cloud
What is the biggest concern when it comes to securing the cloud? Most people would claim data loss, malicious outsiders —or careless insiders— but what about implementing adequate IAM practices? This seems not to be a top concern when, paradoxically, IAM practices, such as access control and multi-factor authentication, can help mitigate both insider and outsider cyber risks.
- How can we increase the awareness of the benefits of implementing a robust IAM programme, especially a
- Discussing state of the art technologies to tackle IAM/PAM cyberattacks
- PAM awareness is increasing, but most companies don’t meet the standards in terms of PAM cloud security. What are the options?
IDaaS: What can it do for your enterprise?
It has been predicted that by 2021 IDaaS will become the dominant delivery model for new IGA deployments. By 2020,
40% of the global larger and midsize enterprises will use IDaaS capabilities to fulfil most of their IAM needs and IDaaS will be the chosen delivery model for more than 80% of new access management solution purchases by enterprises.
While only native cloud companies can quickly adopt IDaaS, for most companies migrating to the cloud is a big concern.
This session will explore:
- Is a hybrid system the answer for your enterprise?
- What are the benefits of using IDaaS to give you the speed and agility while deploying on-premise IAM to deliver flexibility?
- Comparing challenges and concerns of cloud migration versus hybrid identity systems
Weighing up the benefits of DevOps
DevOps is thriving. It doesn’t take too much to see why given the automation and flexibility it offers. However, no system is without flaws, and over-privileged users can introduce new risks. In this session, we consider:
- How, and whether we should even implement DevOps strategies
- Continually test and monitor performance
- Solutions we can use to debug and how to extend DevOps performance and problem-solving strategies to the debugging process?
- Tackling the human side: training comes first
- How to avoid falling for the shiny-object-syndrome
GDPR and compliance practices
The GDPR is a crucial driver of growth within the IAM landscape. Many enterprises strive to maintain high levels of compliance and data governance practices, transforming IAM into a critical aspect of their cybersecurity strategies.
- The impact of GDPR and new compliance practices on global business strategies
- Further spending increases to meet data sovereignty requirements
- The vital need to ensure that the compliance required to access the data is maintained at a high level
Questions To The Panel Of Speakers
Refreshment Break Served in the Exhibition Area
Case Study – Leveraging Third-Party IAM
Granting full or even partial access to third-party subcontractors can pose a severe risk to the corporate cybersecurity, thus the increasing need to strictly control or monitor third-party vendor access, especially in the cloud.
We discuss how to achieve full visibility of subcontractor’s actions granular access management for different groups of vendors, or vendor monitoring to ensure there’s no misuse of granted privileges.
We also discuss how to federate your third party IAM to coordinate your own authentication with the authentication
efforts of your partners – allowing you to ensure your own security by utilising the protection tools of others.
Case Study – PAM implementation in the cloud
Large enterprises are at a high risk of losing track of privileged accounts, mainly when third-party or SaaS applications are involved.
- How to design a PAM tailored for the cloud to centrally control critical privileged accounts and keep sensitive data secured
- The benefits of a cloud-ready PAM which allows rapid authentication, password rotation and sophisticated management such as Secure Authentication Mark-up Language (SAML)
Questions to the Panel of Speakers and Delegates move to the Seminar Rooms
Networking Lunch Served in the Exhibition Area
Session two: technology, threats and security
- Machine identity capabilities
- User managed access
- Enterprise application integration
- Adaptive authentication analysis in behavioural patterns
- Risk based authentication
- CIAM landscape
- IAM and PAM integration
Conference Chair’s Afternoon Address
User Behaviour Analytics: Protecting the Enterprise from the Inside
Most companies spurn the term monitoring and prefer the widely used term, behaviour analytics, which ultimately relates to employee monitoring. Despite the dislike for this word, monitoring, keeping track of malicious behaviour or unconscious risky actions is vital for an enterprise’s security.
- Configuring machine learning algorithms to ingest log data from IAM tools
- Implementing behaviour analytics that detects distinctive user characteristics
- How far behaviour analytics can go – from the way a person types and moves their mouse to data access and more
Multifactor authentication Vs Single-Sign-On – or both?
Most security officers often deal with having to choose between SSO or MFA. While MFA provides high-quality IAM solutions, SSO provides a user-friendly strategy. Combining the best of both worlds seems the best solution to provide users with safe authentication systems without compromising user experience – if you can afford it. In turn, this combined system may offer fewer password resets and fewer help-desk calls.
It all comes down to a question of whether the time and money allocated are worth it and whether the outcome outgrows the investment. This session looks at the benefits of a combined system and how to go about implementing it.
Going Passwordless: Is it just a matter of time?
For many years, online authentication systems have worked with a required password – however simple or complex. Two-factor authentication and multi-factor authentication have granted enterprises further confidence in the security of their accounts. Yet, insecure passwords are still one of the easiest ways for hackers to break into multiple accounts; it is estimated that 81% of major data breaches are traced back to a single compromised identity.
In 2004, Bill Gates foretold announced that it was the end of the password era and yet, 14 years later, passwords are still with us.
- Just how prepared are we to embrace a passwordless future?
- What are the alternatives, and can they offer us security?
- Exploring different solutions: biometric authentication, facial-recognition, FEDO2 security keys
Questions to the Panel of Speakers
Afternoon Networking and Refreshments served in the Exhibition Area
The Identity of Things
Is IoT a problem for security? The massive proliferation of connected devices has been a challenge to traditional authentications system.
- How to implement robust Software Asset Management systems (SAM) to secure the IoT
- How to focus on user experience while not compromising on security
- Tackling the most significant problem: achieving system flexibility
Blockchain and Self-Sovereign Digital Identity
While our dependence on Social Media and API increases, so does the user information they store, which makes managing our digital identity a big issue. With users’ personal details, behaviours and likes, spread all over the Internet, the chances of reaching self-sovereign seem like a distant dream. However, blockchain may bring us closer to that desired utopic situation where we are in control of our digital identity.
- The problems associated with self-sovereign identity: do users manage their own keys? Will they recover their own identity?
- Governance and compliance issues
- Real-world cases of early applications with public blockchains (e.g. Civil and Po.et)
Trashing the cluttered gadget drawer
More of everything, seems to be the rule to mitigate the fear of being outdated. Identity governance is not impermeable to this rule; enterprises add more solutions when becoming anxious about not having all the new tools to protect the valuable assets of the enterprise.
- How to tidy up your IGA/IAM systems: getting rid of the outdated software and learning how to let go
- Exploring ad-hoc and holistic tools to declutter the system
- Future-proofing your IAM investment and dealing with legacy
Questions to the Panel of Speakers
Closing Remarks from the Conference Chair
Whitehall Media reserve the right to change the programme without prior notice.