Programme @

IDM uk


15 June 2021

Brought to you by Whitehall Media

Programme @ IDM uk

Session One

the people, principles and processes which make up a successful IAM enterprise

  • How to become a better communicator: collaboration is key
  • Starting an IAM programme: how to succeed in project management
  • Accounting for the privacy-personalisation conundrum
  • Scoring your IAM maturity against your business needs
  • Understanding the value of PAM: protecting every privilege in every setting
  • IAM for the people! How to govern in the digital age



view presentation

09:15 (BST)

Conference Chair's Opening Address

David Terrar
Director and Chair, Cloud Industry Forum
view profile

David Terrar, Director and Chair, Cloud Industry Forum

09:25 (BST)

Why On Premise IGA is the New Legacy

Craig Ramsay
Senior Solution Engineer, Omada
view profile

Craig Ramsay, Senior Solution Engineer, Omada

In this session Craig Ramsay, Senior Solution Engineer at Omada, will share his insights about the evolving IGA market and why companies today choose an enterprise IGA SAAS platform over an on-premise solution.

Learn in this session how to transform your legacy or home-grown solution to a modern IGA solution without the hassle of long and cumbersome implementation and high maintenance costs. Based on best practices, we will demonstrate to you how organizations today can deliver fast value to their business to mitigate risk and increase efficiency.

Join this interesting speech by Omada, a global market leader in Identity Governance and Administration (IGA).

09:40 (BST)

Digital Identity: the time is coming

Nick Mothershaw
Chief Identity Strategist, Open Identity Exchange
view profile

Nick Mothershaw, Chief Identity Strategist, Open Identity Exchange

What is Digital Identity? Why is now the time for Digital Identity?

As we move to a new Digital-first world post-pandemic, the presentation will explore how Digital ID has come of age and how new trust frameworks and schemes will make it a reality across many sectors over the next 2 years.

But why should you adopt Digital ID? What are the benefits? What should you be looking for?

10:00 (BST)

The Dangers of the over provisioned User and how to identify them

Ben Bulpett
EMEA Marketing Platform Director SailPoint Technologies
view profile

Ben Bulpett, EMEA Marketing Platform Director, SailPoint Technologies

For many organisations, COVID-19 has prompted an unexpected and sudden migration to cloud and remote technologies. But the pandemic has accelerated everything both good and bad – leading to elevated risk for organisations trying to maintain business continuity amongst changing regulations and restrictions.

As 80% of employees continue to work remotely, organisations are facing increasing pressure to provision in a matter of days and weeks, as well as manage and control access to their systems so as to avoid over provisioning and the dangers that this presents to companies.

In this presentation, SailPoint will discuss how Identity Security is the foundation to regaining control and managing the new way of working.

10:15 (BST)

Questions to the Panel of Speakers

10:30 (BST)

Networking Break

10:45 (BST)

Introduction to Session Two

David Terrar
Director and Chair, Cloud Industry Forum
view profile

David Terrar, Director and Chair, Cloud Industry Forum

10:50 (BST)

Universal Privilege Management – A Modern Approach to PAM

George Rogers
Enterpise Account Manager, BeyondTrust
view profile

George Rogers, Enterpise Account Manager, BeyondTrust

Enterprises of all sizes have experienced a privilege explosion, driven by trends like cloud computing, DevOps, and edge computing, and the proliferation of non-human identities and accounts. As a result, privileged access is pervasive across the modern IT environment yet it is often inadequately managed and monitored In this session, learn the key steps to achieving Universal Privilege Management, and how it is used to secure every user, session, and asset across your IT environment.
Topics covered include:
• Why relying on password management alone leaves dangerous gaps in protection
• Disrupting the cyberattack chain with privileged access security controls
• Essential steps to achieving rapid leaps in risk reduction
• Keys to a frictionless PAM solution that is invisible to end users

11:05 (BST)

Supporting your mobile workforce: mobile identity platforms

Kumud Dubey
Senior ASIC verification Engineer, Boeing
view profile

Kumud Dubey, Senior ASIC Verification Engineer, Boeing

2020 was the year in which mobile working became much more established for businesses, with many now having chosen to either keep most of their workforce remote or to move away from the office entirely.

This development, for all its positives, has also made the job of IAM leaders more difficult as the enterprise ecosystem has taken on a more complex, varied, and layered outlook.

We address:

• Identifying users and devices in a mobile landscape
• Convergence of mobility management and IAM technologies
• Implications of this ‘new normal’ for the digital workplace

11:20 (BST)

To Trust or Not to Trust the Cloud; That is Your Compliance and Risk Management Question

Niamh Muldoon
Global Data Protection Officer and EMEA Trust & Security Leader, OneLogin
view profile

Niamh Muldoon, Global Data Protection Officer and EMEA Trust & Security Leader, OneLogin

Many organizations struggle with digital transformation and cloud computing particularly when implementing a framework to meet their compliance and risk requirements equally. In this session, we will discuss a framework and operational approach to support you to move your business forward delivering quality services balancing cost and risk. This framework not only addresses legal and eCrime requirements but leads to developing and fostering trust with your end-users. As your organization transforms it is imperative to establish clear access control guidelines and maintain the trusted relationship with your end-user communities.


Understanding your business requirement/s for digital transformation
Having a single view of your data from legal, regulatory and compliance perspective
How external factors influence how you operate your data management processes
Access control is the core of your digital transformation success
How independent identity and access management provides trust assurance

11:35 (BST)

Questions to the Panel of Speakers

11:50 (BST)

Networking break

12:05 (BST)

Introduction to Session Three

David Terrar
Director and Chair, Cloud Industry Forum
view profile

David Terrar, Director and Chair, Cloud Industry Forum

12:10 (BST)

Composing Easy & Effective Consumer Onboarding Workflows

Johann Dilantha Nallathamby
Head of Solutions Architecture for IAM, WSO2
view profile

Johann Dilantha Nallathamby, Head of Solutions Architecture for IAM, WSO2

Consumer onboarding is one of the, if not the most, important functions of a Customer Identity & Access Management (CIAM) solution. An overly complicated onboarding workflow can significantly detract from the consumer experience. Providing a simple, user-friendly, efficient and effective onboarding workflow without compromising security has always been a challenge amongst security and risk professionals.

In this session we will review:
-The 3 most common consumer onboarding workflows
-The components that make up an onboarding workflow
– What are “verifiers”? And how do you use them?

12:25 (BST)

Is your PKI a POS?

Jon Lehtinen
Director, Identity & Access Management, Board Member, IDPro
view profile

Jon Lehtinen, Director, Identity & Access Management, Board Member, IDPro

Public Key Infrastructure (PKI) plays a crucial role in your organization’s IAM & infosec programs.

Despite its criticality, PKI is frequently treated as a second-class citizen, failing to get the resources, executive sponsorship, or focus that other technologies do. However, PKI is so much more than ensuring your web TLS certs don’t expire. The SolarWinds incident and its mitigations highlight the criticality of a rigorous certificate management program in securing your organization.

But what does a “good” PKI program look like?

In this talk, Jon Lehtinen walks you through the steps you can take to improve your PKI program’s maturity & secure your certificate estate through a comprehensive PKI program- including tips on creating and driving adoption of PKI policy & governance, and technical controls.

12:40 (BST)

Zero Trust the No-Compromise Way

Eve Maler
Chief Technology Officer, ForgeRock
view profile

Eve Maler, Chief Technology Officer, ForgeRock

Zero Trust is becoming an imperative everywhere for good reason. Digital identity is a key part of the equation, and luckily you no longer have to decide “security, privacy, experience — pick two”.

Join us to learn how powerful Zero Trust can be when you apply usernameless login and machine learning for identity governance along with a wide range of risk signals silently assessing users.

12:55 (BST)

Questions to the Panel of Speakers

13:10 (BST)

Networking Break

Session Four

13:45 (BST)

Seminar Sessions

14:30 (BST)

Networking break

Session Five

14:45 (BST)

Seminar Sessions

15:30 (BST)

Networking Break

15:45 (BST)

Introduction to session six

David Terrar
Director and Chair, Cloud Industry Forum
view profile

David Terrar, Director and Chair, Cloud Industry Forum

15:50 (BST)

Make privacy matter: adopting an always-on approach

Lydia Payne-Johnson
Director, Information Security, Identity & Access Management and Risk, The George Washington University
view profile

Lydia Payne-Johnson, JD, CIPP, Director, Information Security, Identity & Access Management and Risk, The George Washington University 

Organisations like Cambridge Analytica once boasted of their capability to mine, link, and exploit the data of billions of Facebook users in the service of a premium customer with devious motivations. Today, with public knowledge of this type of exploitation growing, customers are demanding businesses limit the possibility of their digital identities being subject to misuse.

We address:

  • Implementing a zero-trust approach to IT security
  • Adopting a CARTA strategic approach to security and risk
  • Continuous security assessments
  • Prevent internal fraud from insider threats
  • Achieve a more private space for customer interaction

16:05 (BST)

Decentralized Identity deployed: a 12-month collaboration for a vendor-agnostic solution

Chris Eckl
Chief Technical Officer Condatis
view profile

Chris Eckl, Chief Technical Officer, Condatis

Part of the NHS’s long-term plan is to enable staff to move between NHS Trusts to respond to urgent care requirements across regions. The NHS Digital Staff Passport (DSP) is a self-sovereign identity solution based on the following foundations and concepts formulated by UK healthcare physician, Manreet Nijjar, the founder of Truu:

– Right to work checks
– Barring and disclosure checks which the home office issues
– Moving training records and certification to work with vulnerable groups
– Movement of staff credentials from one employer to another
– Licenses to practice
– Specialisations
– Bank checks
– The clinician’s end-user experience.

The DSP project is a collaboration between Condatis, Sitekit, Evernym and Truu, all aligned with the same vision to deliver a system that empowers clinicians and enables them to move swiftly between locations and NHS Trusts without having to re-prove their identity and credentials. As the largest healthcare organisation globally and an incredibly complex multi-organisational system with nearly 400 organisations across the UK, this is a substantial commercial collaboration for the healthcare service, pushing to provide a vendor-agnostic solution.

This solution is currently the world’s most significant ongoing deployment of Self-Sovereign Identity with 81 different agents within a trusted ecosystem.

Summary of the solution:
– Drastically reduces the time it takes to move staff records from one employer to another.
– Based on Evernym stack on Hyperledger Aries with Verity agents.
– One issuer and one verified deployed for every organisation.
– Run-on Microsoft Azure Active Directory.
– Reuse of existing Staff Identity.
– Issuance of DSP to moving consultants.

16:20 (BST)

Building Governance to Support Successful Auditing

Sara Farmer
Identity & Access Management Governance Lead / Risk Manager, Thomson Reuters
view profile

Sara Farmer, Identity & Access Management Governance Lead / Risk Manager, Thomson Reuters

Enterprises are responding to cybersecurity threats and concerns of their boards by making substantial investments into their Identity Governance programs. This is often done without factoring in downstream impacts to control management and audit requirements. IAM program owners are often surprised by their new responsibilities to internal and external auditors.

This discussion aims to address this common issue and provide guidance on setting expectations of what audit will require program owners. Building governance from the onset of the roll-out of new services will enable successful outcomes in the long term.

IAM program owners are responsible for understanding the audit landscape as it relates to the implemented solutions out and the associated responsibilities. All too often, tools are deployed without thought on how the operations will be evidenced. When investing in IAM solutions, ensure you are not trading one set of audit deficiencies for another.

• With centralizing of identity governance processes often comes control ownership and related responsibilities
• Build monitoring to ensure systematic processes are operating as designed
• Plan for how identity teams will demonstrate the effectiveness of systematic solutions

16:35 (BST)

Questions to the Panel of Speakers

16:50 (BST)

Closing Remarks from the Conference Chair

17:00 (BST)

Conference Closes

Please note:
Whitehall Media reserve the right to change the programme without prior notice.

Follow us on social

Keep up to date with what's going on by following us on social media.

Featured blogs

Read the latest news and views from key industry figures and thought leaders.

Passwords are the problem!
By Frederic Klat | OneWelcome For companies in regulated industries, offering a flawless online experience for your customers is more important than ever. Once a customer sets up an account on your site, you must do everything you can to make sure they can easily access their information. It all starts with a smooth yet...
Sneak Preview of Omada at IDM UK
Blog by: Craig Ramsay | Omada Next week, we will be at IDM UK, speaking with attendees about what modern Identity Governance and Administration (IGA) means to us, and why more and more organizations are choosing to deploy IGA as a Service. The IDM event has a great agenda, and we are slotted to speak...
IAM workflows and how they benefit you
Blog By: Sidsel Loyche | neweratech To be effective, an IAM solution must faithfully model an organisation’s people, policies and processes. ​What does this look like for your organisation? A modern IAM solution achieves this using workflows. These manage your users’ identity lifecycles; provisions and deprovisions their access to the ever-growing list of IT resources; as well...