Programme @ IDM uk

David Terrar, Director and Chair, Cloud Industry Forum

Craig Ramsay, Senior Solution Engineer, Omada

In this session Craig Ramsay, Senior Solution Engineer at Omada, will share his insights about the evolving IGA market and why companies today choose an enterprise IGA SAAS platform over an on-premise solution.

Learn in this session how to transform your legacy or home-grown solution to a modern IGA solution without the hassle of long and cumbersome implementation and high maintenance costs. Based on best practices, we will demonstrate to you how organizations today can deliver fast value to their business to mitigate risk and increase efficiency.

Join this interesting speech by Omada, a global market leader in Identity Governance and Administration (IGA).

Nick Mothershaw, Chief Identity Strategist, Open Identity Exchange

What is Digital Identity? Why is now the time for Digital Identity?

As we move to a new Digital-first world post-pandemic, the presentation will explore how Digital ID has come of age and how new trust frameworks and schemes will make it a reality across many sectors over the next 2 years.

But why should you adopt Digital ID? What are the benefits? What should you be looking for?

Ben Bulpett, EMEA Marketing Platform Director, SailPoint Technologies

For many organisations, COVID-19 has prompted an unexpected and sudden migration to cloud and remote technologies. But the pandemic has accelerated everything both good and bad – leading to elevated risk for organisations trying to maintain business continuity amongst changing regulations and restrictions.

As 80% of employees continue to work remotely, organisations are facing increasing pressure to provision in a matter of days and weeks, as well as manage and control access to their systems so as to avoid over provisioning and the dangers that this presents to companies.

In this presentation, SailPoint will discuss how Identity Security is the foundation to regaining control and managing the new way of working.

David Terrar, Director and Chair, Cloud Industry Forum

George Rogers, Enterpise Account Manager, BeyondTrust

Enterprises of all sizes have experienced a privilege explosion, driven by trends like cloud computing, DevOps, and edge computing, and the proliferation of non-human identities and accounts. As a result, privileged access is pervasive across the modern IT environment yet it is often inadequately managed and monitored In this session, learn the key steps to achieving Universal Privilege Management, and how it is used to secure every user, session, and asset across your IT environment.
Topics covered include:
• Why relying on password management alone leaves dangerous gaps in protection
• Disrupting the cyberattack chain with privileged access security controls
• Essential steps to achieving rapid leaps in risk reduction
• Keys to a frictionless PAM solution that is invisible to end users

Kumud Dubey, Senior ASIC Verification Engineer, Boeing

2020 was the year in which mobile working became much more established for businesses, with many now having chosen to either keep most of their workforce remote or to move away from the office entirely.

This development, for all its positives, has also made the job of IAM leaders more difficult as the enterprise ecosystem has taken on a more complex, varied, and layered outlook.

We address:

• Identifying users and devices in a mobile landscape
• Convergence of mobility management and IAM technologies
• Implications of this ‘new normal’ for the digital workplace

Niamh Muldoon, Global Data Protection Officer and EMEA Trust & Security Leader, OneLogin

Many organizations struggle with digital transformation and cloud computing particularly when implementing a framework to meet their compliance and risk requirements equally. In this session, we will discuss a framework and operational approach to support you to move your business forward delivering quality services balancing cost and risk. This framework not only addresses legal and eCrime requirements but leads to developing and fostering trust with your end-users. As your organization transforms it is imperative to establish clear access control guidelines and maintain the trusted relationship with your end-user communities.

Takeaways:

Understanding your business requirement/s for digital transformation
Having a single view of your data from legal, regulatory and compliance perspective
How external factors influence how you operate your data management processes
Access control is the core of your digital transformation success
How independent identity and access management provides trust assurance

David Terrar, Director and Chair, Cloud Industry Forum

Johann Dilantha Nallathamby, Head of Solutions Architecture for IAM, WSO2

Consumer onboarding is one of the, if not the most, important functions of a Customer Identity & Access Management (CIAM) solution. An overly complicated onboarding workflow can significantly detract from the consumer experience. Providing a simple, user-friendly, efficient and effective onboarding workflow without compromising security has always been a challenge amongst security and risk professionals.

In this session we will review:
-The 3 most common consumer onboarding workflows
-The components that make up an onboarding workflow
– What are “verifiers”? And how do you use them?

Jon Lehtinen, Director, Identity & Access Management, Board Member, IDPro

Public Key Infrastructure (PKI) plays a crucial role in your organization’s IAM & infosec programs.

Despite its criticality, PKI is frequently treated as a second-class citizen, failing to get the resources, executive sponsorship, or focus that other technologies do. However, PKI is so much more than ensuring your web TLS certs don’t expire. The SolarWinds incident and its mitigations highlight the criticality of a rigorous certificate management program in securing your organization.

But what does a “good” PKI program look like?

In this talk, Jon Lehtinen walks you through the steps you can take to improve your PKI program’s maturity & secure your certificate estate through a comprehensive PKI program- including tips on creating and driving adoption of PKI policy & governance, and technical controls.

Eve Maler, Chief Technology Officer, ForgeRock

Zero Trust is becoming an imperative everywhere for good reason. Digital identity is a key part of the equation, and luckily you no longer have to decide “security, privacy, experience — pick two”.

Join us to learn how powerful Zero Trust can be when you apply usernameless login and machine learning for identity governance along with a wide range of risk signals silently assessing users.

Click here to view the seminar sessions

Click here to view the seminar sessions

David Terrar, Director and Chair, Cloud Industry Forum

Lydia Payne-Johnson, JD, CIPP, Director, Information Security, Identity & Access Management and Risk, The George Washington University 

Organisations like Cambridge Analytica once boasted of their capability to mine, link, and exploit the data of billions of Facebook users in the service of a premium customer with devious motivations. Today, with public knowledge of this type of exploitation growing, customers are demanding businesses limit the possibility of their digital identities being subject to misuse.

We address:

• Implementing a zero-trust approach to IT security
• Adopting a CARTA strategic approach to security and risk
• Continuous security assessments
• Prevent internal fraud from insider threats
• Achieve a more private space for customer interaction

Chris Eckl, Chief Technical Officer, Condatis

Part of the NHS’s long-term plan is to enable staff to move between NHS Trusts to respond to urgent care requirements across regions. The NHS Digital Staff Passport (DSP) is a self-sovereign identity solution based on the following foundations and concepts formulated by UK healthcare physician, Manreet Nijjar, the founder of Truu:

– Right to work checks
– Barring and disclosure checks which the home office issues
– Moving training records and certification to work with vulnerable groups
– Movement of staff credentials from one employer to another
– Licenses to practice
– Specialisations
– Bank checks
– The clinician’s end-user experience.

The DSP project is a collaboration between Condatis, Sitekit, Evernym and Truu, all aligned with the same vision to deliver a system that empowers clinicians and enables them to move swiftly between locations and NHS Trusts without having to re-prove their identity and credentials. As the largest healthcare organisation globally and an incredibly complex multi-organisational system with nearly 400 organisations across the UK, this is a substantial commercial collaboration for the healthcare service, pushing to provide a vendor-agnostic solution.

This solution is currently the world’s most significant ongoing deployment of Self-Sovereign Identity with 81 different agents within a trusted ecosystem.

Summary of the solution:
– Drastically reduces the time it takes to move staff records from one employer to another.
– Based on Evernym stack on Hyperledger Aries with Verity agents.
– One issuer and one verified deployed for every organisation.
– Run-on Microsoft Azure Active Directory.
– Reuse of existing Staff Identity.
– Issuance of DSP to moving consultants.

Sara Farmer, Identity & Access Management Governance Lead / Risk Manager, Thomson Reuters

Enterprises are responding to cybersecurity threats and concerns of their boards by making substantial investments into their Identity Governance programs. This is often done without factoring in downstream impacts to control management and audit requirements. IAM program owners are often surprised by their new responsibilities to internal and external auditors.

This discussion aims to address this common issue and provide guidance on setting expectations of what audit will require program owners. Building governance from the onset of the roll-out of new services will enable successful outcomes in the long term.

IAM program owners are responsible for understanding the audit landscape as it relates to the implemented solutions out and the associated responsibilities. All too often, tools are deployed without thought on how the operations will be evidenced. When investing in IAM solutions, ensure you are not trading one set of audit deficiencies for another.

• With centralizing of identity governance processes often comes control ownership and related responsibilities
• Build monitoring to ensure systematic processes are operating as designed
• Plan for how identity teams will demonstrate the effectiveness of systematic solutions