Programme @ IDM uk

David Terrar, Director and Chair, Cloud Industry Forum

A significant issue for IAM leaders is effectively communicating security concerns and establishing sustainable lines of communication.

In place of clear, accessible, and business relevant information, cyber security professionals often fall back on terminologies which fail to align with business goals situated outside of the IT function.

We address, the benefits of communication, the consequences of miscommunication, and how to bring together IAM practitioners and other business elements.

Many organisations still rely on manual forms of IAM process management despite the availability of technology-assisted tools which enable project progression and create the space for human-led technical innovation.

One of the primary reasons for a lack of initiative is an inability to envisage how to move from the identification of an inefficiency to its resolution through the deployment of the right technology and the empowerment of the right people.

We address:

• What you need to initiate
• Taking that initial step
• Real-world examples of best practice
• What a well-run programme looks like

Sara Farmer, Identity & Access Management Governance Lead / Risk Manager, Thomson Reuters

Enterprises are responding to cybersecurity threats and concerns of their boards by making substantial investments into their Identity Governance programs. This is often done without factoring in downstream impacts to control management and audit requirements. IAM program owners are often surprised by their new responsibilities to internal and external auditors.

This discussion aims to address this common issue and provide guidance on setting expectations of what audit will require program owners. Building governance from the onset of the roll-out of new services will enable successful outcomes in the long term.

IAM program owners are responsible for understanding the audit landscape as it relates to the implemented solutions out and the associated responsibilities. All too often, tools are deployed without thought on how the operations will be evidenced. When investing in IAM solutions, ensure you are not trading one set of audit deficiencies for another.

3 Key Points:

• With centralizing of identity governance processes often comes control ownership and related responsibilities
• Build monitoring to ensure systematic processes are operating as designed
• Plan for how identity teams will demonstrate the effectiveness of systematic solutions

As IAM competencies mature, businesses are looking to enhance the means by which practitioners and the business stakeholders are able to better identify and optimise alignment with IT and business goals and needs.

We address, how to help IAM leaders to develop maturity roadmaps and action plans.

Today, the vast majority of breaches are conducted through the successful exploitation of privileged access. Once an enterprise has been breached, it is then playing host to any number of hostile actors who are then able to operate within your network, access sensitive data, install malware and funnel out business critical information to a wider audience.

Reducing your security risk means fully appreciating and understanding the value that PAM brings to your organisation.

We address:

• The pervasiveness of PAM across the enterprise
• Accounting for PAM technology trends
• Advancing your managing and monitoring techniques
• Deploying universal privilege management

As the IAM market continues to evolve at a rapid rate, extra demands are being placed on IAM governance models lacking in sustainability.

The driving force behind the need to amend existing IAM governance frameworks  is increased demand for cloud enabled IGA solutions, a quicker time to value expectation and enterprise migration away from on-prem software to the cloud.

We address, how SaaS delivered IGA can automate processes and reports which deliver on your governance and compliance needs and respond in real time to protocol violations with built-in automated workflow management.

Click here to view the seminar sessions

One of the ways in which businesses can better manage customer identity and access demands and consolidate their identifiers is with the deployment of an architected data warehouse which takes account of the many points of contact that customer digital identities have within the enterprise network and the digital prints they leave behind.

We address:

• Deploying an identity graph
• Identity as a multi-faceted asset
• Privacy-compliant identification
• Creating greater linkage between business and customers
• Establishing a universal ID

2020 was the year in which mobile working became much more established for businesses, with many now having chosen to either keep the majority of its workforce remote or to move away from the office entirely.

This development, for all its positives, has also made the job of IAM leaders more difficult as the enterprise ecosystem has taken on a more complex, varied, and layered outlook.

We address:

• Identifying users and devices in a mobile landscape
• Convergence of mobility management and IAM technologies
• Implications of this ‘new normal’ for the digital workplace

Passwords are increasingly faced with either becoming a component of an MFA strategy or being eliminated from the IAM process entirely.

The driving force behind the effort to create a truly passwordless platform is to improve user and customer experience, add security layers and address the fact that users have still not improved how we manage our password portfolios.

We address, how to adopt a universal approach to passwordless authentication, better manage the technology constraints you will encounter, and understand what the best model for your business is in order to derive the most value.

Lydia Payne-Johnson, JD, CIPP, Director, Information Security, Identity & Access Management and Risk, The George Washington University 

Organisations like Cambridge Analytica once boasted of their capability to mine, link, and exploit the data of billions of Facebook users in the service of a premium customer with devious motivations. Today, with public knowledge of this type of exploitation growing, customers are demanding businesses limit the possibility of their digital identities being subject to misuse.

We address:

• Implementing a zero-trust approach to IT security
• Adopting a CARTA strategic approach to security and risk
• Continuous security assessments
• Prevent internal fraud from insider threats
• Achieve a more private space for customer interaction

As authorisation architecture evolves at an impressive rate in response to the trend towards greater digitisation of workloads in hybrid IT environments, IAM leaders are having to design and orchestrate greater linkage between their RBAC and ABAC hierarchy.

We address, how to create a dynamic authorisation environment which will support the ever-expanding need to facilitate fine grain access.

Our online identity is, in many respects, a multi-dimensional entity which is stored across a myriad of platforms. Where exactly our digital personas are stored is for most of us a mystery.

Not knowing where our identity is and who has access to it makes our data highly vulnerable as hackers are constantly on the hunt for honey pots to exploit personal information.

We address:

• The vulnerabilities of aggregated online systems
• Rethinking how identity solutions interact with one another
• Embedding digital identities in modern transactions
• Removing identity mediators
• Moving control points to the edge of the network
• Blockchain identity as a trust enabler