Session One
the people, principles and processes which make up a successful IAM enterprise
- How to become a better communicator: collaboration is key
- Starting an IAM programme: how to succeed in project management
- Accounting for the privacy-personalisation conundrum
- Scoring your IAM maturity against your business needs
- Understanding the value of PAM: protecting every privilege in every setting
- IAM for the people! How to govern in the digital age
TO VIEW THE SESSION CLICK HERE
09:15 (BST)
Conference Chair's Opening Address
David Terrar, Director and Chair, Cloud Industry Forum
09:25 (BST)
Why On Premise IGA is the New Legacy
Craig Ramsay, Senior Solution Engineer, Omada
In this session Craig Ramsay, Senior Solution Engineer at Omada, will share his insights about the evolving IGA market and why companies today choose an enterprise IGA SAAS platform over an on-premise solution.
Learn in this session how to transform your legacy or home-grown solution to a modern IGA solution without the hassle of long and cumbersome implementation and high maintenance costs. Based on best practices, we will demonstrate to you how organizations today can deliver fast value to their business to mitigate risk and increase efficiency.
Join this interesting speech by Omada, a global market leader in Identity Governance and Administration (IGA).
09:40 (BST)
Digital Identity: the time is coming
Nick Mothershaw, Chief Identity Strategist, Open Identity Exchange
What is Digital Identity? Why is now the time for Digital Identity?
As we move to a new Digital-first world post-pandemic, the presentation will explore how Digital ID has come of age and how new trust frameworks and schemes will make it a reality across many sectors over the next 2 years.
But why should you adopt Digital ID? What are the benefits? What should you be looking for?
10:00 (BST)
The Dangers of the over provisioned User and how to identify them
Ben Bulpett, EMEA Marketing Platform Director, SailPoint Technologies
For many organisations, COVID-19 has prompted an unexpected and sudden migration to cloud and remote technologies. But the pandemic has accelerated everything both good and bad – leading to elevated risk for organisations trying to maintain business continuity amongst changing regulations and restrictions.
As 80% of employees continue to work remotely, organisations are facing increasing pressure to provision in a matter of days and weeks, as well as manage and control access to their systems so as to avoid over provisioning and the dangers that this presents to companies.
In this presentation, SailPoint will discuss how Identity Security is the foundation to regaining control and managing the new way of working.
10:15 (BST)
Questions to the Panel of Speakers
10:30 (BST)
Networking Break
Session Two
10:45 (BST)
Introduction to Session Two
David Terrar, Director and Chair, Cloud Industry Forum
10:50 (BST)
Universal Privilege Management – A Modern Approach to PAM
George Rogers, Enterpise Account Manager, BeyondTrust
Enterprises of all sizes have experienced a privilege explosion, driven by trends like cloud computing, DevOps, and edge computing, and the proliferation of non-human identities and accounts. As a result, privileged access is pervasive across the modern IT environment yet it is often inadequately managed and monitored In this session, learn the key steps to achieving Universal Privilege Management, and how it is used to secure every user, session, and asset across your IT environment.
Topics covered include:
• Why relying on password management alone leaves dangerous gaps in protection
• Disrupting the cyberattack chain with privileged access security controls
• Essential steps to achieving rapid leaps in risk reduction
• Keys to a frictionless PAM solution that is invisible to end users
11:05 (BST)
Supporting your mobile workforce: mobile identity platforms
Kumud Dubey, Senior ASIC Verification Engineer, Boeing
2020 was the year in which mobile working became much more established for businesses, with many now having chosen to either keep most of their workforce remote or to move away from the office entirely.
This development, for all its positives, has also made the job of IAM leaders more difficult as the enterprise ecosystem has taken on a more complex, varied, and layered outlook.
We address:
• Identifying users and devices in a mobile landscape
• Convergence of mobility management and IAM technologies
• Implications of this ‘new normal’ for the digital workplace
11:20 (BST)
To Trust or Not to Trust the Cloud; That is Your Compliance and Risk Management Question
Niamh Muldoon, Global Data Protection Officer and EMEA Trust & Security Leader, OneLogin
Many organizations struggle with digital transformation and cloud computing particularly when implementing a framework to meet their compliance and risk requirements equally. In this session, we will discuss a framework and operational approach to support you to move your business forward delivering quality services balancing cost and risk. This framework not only addresses legal and eCrime requirements but leads to developing and fostering trust with your end-users. As your organization transforms it is imperative to establish clear access control guidelines and maintain the trusted relationship with your end-user communities.
Takeaways:
Understanding your business requirement/s for digital transformation
Having a single view of your data from legal, regulatory and compliance perspective
How external factors influence how you operate your data management processes
Access control is the core of your digital transformation success
How independent identity and access management provides trust assurance
11:35 (BST)
Questions to the Panel of Speakers
11:50 (BST)
Networking break
Session Three
12:05 (BST)
Introduction to Session Three
David Terrar, Director and Chair, Cloud Industry Forum
12:10 (BST)
Composing Easy & Effective Consumer Onboarding Workflows
Johann Dilantha Nallathamby, Head of Solutions Architecture for IAM, WSO2
Consumer onboarding is one of the, if not the most, important functions of a Customer Identity & Access Management (CIAM) solution. An overly complicated onboarding workflow can significantly detract from the consumer experience. Providing a simple, user-friendly, efficient and effective onboarding workflow without compromising security has always been a challenge amongst security and risk professionals.
In this session we will review:
-The 3 most common consumer onboarding workflows
-The components that make up an onboarding workflow
– What are “verifiers”? And how do you use them?
12:25 (BST)
Is your PKI a POS?
Jon Lehtinen, Director, Identity & Access Management, Board Member, IDPro
Public Key Infrastructure (PKI) plays a crucial role in your organization’s IAM & infosec programs.
Despite its criticality, PKI is frequently treated as a second-class citizen, failing to get the resources, executive sponsorship, or focus that other technologies do. However, PKI is so much more than ensuring your web TLS certs don’t expire. The SolarWinds incident and its mitigations highlight the criticality of a rigorous certificate management program in securing your organization.
But what does a “good” PKI program look like?
In this talk, Jon Lehtinen walks you through the steps you can take to improve your PKI program’s maturity & secure your certificate estate through a comprehensive PKI program- including tips on creating and driving adoption of PKI policy & governance, and technical controls.
12:40 (BST)
Zero Trust the No-Compromise Way
Eve Maler, Chief Technology Officer, ForgeRock
Zero Trust is becoming an imperative everywhere for good reason. Digital identity is a key part of the equation, and luckily you no longer have to decide “security, privacy, experience — pick two”.
Join us to learn how powerful Zero Trust can be when you apply usernameless login and machine learning for identity governance along with a wide range of risk signals silently assessing users.
12:55 (BST)
Questions to the Panel of Speakers
13:10 (BST)
Networking Break
Session Four
Session Five
Session Six
15:45 (BST)
Introduction to session six
David Terrar, Director and Chair, Cloud Industry Forum
15:50 (BST)
Make privacy matter: adopting an always-on approach

Lydia Payne-Johnson
Director, Information Security, Identity & Access Management and Risk, The George Washington University
view profileLydia Payne-Johnson, JD, CIPP, Director, Information Security, Identity & Access Management and Risk, The George Washington University
Organisations like Cambridge Analytica once boasted of their capability to mine, link, and exploit the data of billions of Facebook users in the service of a premium customer with devious motivations. Today, with public knowledge of this type of exploitation growing, customers are demanding businesses limit the possibility of their digital identities being subject to misuse.
We address:
- Implementing a zero-trust approach to IT security
- Adopting a CARTA strategic approach to security and risk
- Continuous security assessments
- Prevent internal fraud from insider threats
- Achieve a more private space for customer interaction
16:05 (BST)
Decentralized Identity deployed: a 12-month collaboration for a vendor-agnostic solution
Chris Eckl, Chief Technical Officer, Condatis
Part of the NHS’s long-term plan is to enable staff to move between NHS Trusts to respond to urgent care requirements across regions. The NHS Digital Staff Passport (DSP) is a self-sovereign identity solution based on the following foundations and concepts formulated by UK healthcare physician, Manreet Nijjar, the founder of Truu:
– Right to work checks
– Barring and disclosure checks which the home office issues
– Moving training records and certification to work with vulnerable groups
– Movement of staff credentials from one employer to another
– Licenses to practice
– Specialisations
– Bank checks
– The clinician’s end-user experience.
The DSP project is a collaboration between Condatis, Sitekit, Evernym and Truu, all aligned with the same vision to deliver a system that empowers clinicians and enables them to move swiftly between locations and NHS Trusts without having to re-prove their identity and credentials. As the largest healthcare organisation globally and an incredibly complex multi-organisational system with nearly 400 organisations across the UK, this is a substantial commercial collaboration for the healthcare service, pushing to provide a vendor-agnostic solution.
This solution is currently the world’s most significant ongoing deployment of Self-Sovereign Identity with 81 different agents within a trusted ecosystem.
Summary of the solution:
– Drastically reduces the time it takes to move staff records from one employer to another.
– Based on Evernym stack on Hyperledger Aries with Verity agents.
– One issuer and one verified deployed for every organisation.
– Run-on Microsoft Azure Active Directory.
– Reuse of existing Staff Identity.
– Issuance of DSP to moving consultants.
16:20 (BST)
Building Governance to Support Successful Auditing
Sara Farmer, Identity & Access Management Governance Lead / Risk Manager, Thomson Reuters
Enterprises are responding to cybersecurity threats and concerns of their boards by making substantial investments into their Identity Governance programs. This is often done without factoring in downstream impacts to control management and audit requirements. IAM program owners are often surprised by their new responsibilities to internal and external auditors.
This discussion aims to address this common issue and provide guidance on setting expectations of what audit will require program owners. Building governance from the onset of the roll-out of new services will enable successful outcomes in the long term.
IAM program owners are responsible for understanding the audit landscape as it relates to the implemented solutions out and the associated responsibilities. All too often, tools are deployed without thought on how the operations will be evidenced. When investing in IAM solutions, ensure you are not trading one set of audit deficiencies for another.
• With centralizing of identity governance processes often comes control ownership and related responsibilities
• Build monitoring to ensure systematic processes are operating as designed
• Plan for how identity teams will demonstrate the effectiveness of systematic solutions
16:35 (BST)
Questions to the Panel of Speakers
16:50 (BST)
Closing Remarks from the Conference Chair
17:00 (BST)
Conference Closes
Please note:
Whitehall Media reserve the right to change the programme without prior notice.
Follow us on social
Keep up to date with what's going on by following us on social media.