Future Proofing your IAM Programme
We explore how IAM can become a key enabler to organisations. Through cross-sector case studies and industry perspectives we charter key IAM imperatives including accountability, transparency, user experience and managing trust, privileges and entitlements. The early morning session will also explore:
- Why businesses require identity governance
- Examples of successful deployments of comprehensive, customer focused identity management infrastructures
- The impact of identity management investment on top-line revenue
- How to use IAM to achieve business goals and empower digital business
- The changing security landscape and disruptive technologies
- Operationalising identity intelligence for efficiency and risk mitigation
- Identifying future trends in the IAM space
- Developing DISP strategies that support innovation
The Conference Chair's Opening Remarks
Sarb Sembhi, Past President, ISACA London
Securing (Against) Your Most Powerful Users
Sonal Balachandran, Senior VP leading regulatory remediation of privileged access, Deutsche Bank
As Identity and Access management matures, this focus has now shifted to your privileged and powerful users. In this presentation we talk about some of the challenges large financial institutions face in protecting against malicious and unauthorised access by privileged users and discuss some lessons learnt.
Token Binding: The Next Vital Step in Securing Distributed Identity
Rob Otto, EMEA Field CTO/Solutions Architect, Ping Identity
Whether they’re used to secure access to traditional web applications or to authorise access to APIs, security tokens are everywhere. And they play a critical role in allowing distributed identity verification and authorisation to services and data. Come hear Rob Otto, EMEA representative for the CTO Office at Ping Identity, discuss a number of inherent security concerns related to the usage of bearer tokens for security. He’ll explain how the new Token Binding standards can address these concerns and help make token-based security fit for a growing set of real-world purposes.
Remote Identity Proofing – Challenges in Healthcare
Emma Harvey, Head of Product Management, NHS Digital
We have a number of unique challenges in health, such as the need to match an in-use identity with associated healthcare records rather than proving a ‘true’ identity; the need to reduce the burden on clinical and other healthcare workers in facilitating access to services without shifting too much burden onto vulnerable patients; and the discomfort when we remove or redesign processes that are more security theatre than truly secure. This talk will explore these topics.
Why Secure Access Technology needs a Revolution in DevOps Toolchain?
Markku Rossi, Chief Technology Officer, SSH
Continuous Integration and DevOps have changed the development and operations processes. We are moving from physical servers to multiple virtualized servers inside that physical server – and now to clusters of instances within those virtual servers. You also don’t have just developers – you have permanent employees, temps, 3rd parties and their 3rd parties. All require different levels of access that should be valid for various periods of time. How do you then manage secure access in a super-elastic cloud infrastructure and support new ways of working – when the only constant is change?
Working together to evolve the Identity Ecosystem
Nick Mothershaw, Co-Chair, Open Identity Exchange (OIX)
OIX is a membership organisation whose members are working together to create the environment for service providers and consumers to leverage the next generation of identity solutions. Dealing with identity is currently a challenge for service providers and consumers alike. The costs are too high, not just in terms of the management of identities themselves, but more importantly the lost business caused by subjecting consumers to difficult and repeated ID verification and clumsy logon processes. Nick will talk about OIX’s future vision for the identity landscape, and the 8 key areas that OIX has identified that need to be driven forward to achieve this vision. He will explain now OIX members are working on various project that seek to progress this vision, step by step.
Questions To The Panel Of Speakers
Morning Networking and Refreshments Served in the Exhibition Area
Security Secrets: Why Admin Rights Must Go
Chris Clarkson, Senior Solutions Engineer, Bomgar
In this session, we’ll reveal why removing access to local admin rights is one of the best things you can do to improve security on the endpoint. We’ll reveal the dangers of unchecked privileges and their role in cyber-attacks and demonstrate how creating an environment without admin rights is easier and quicker than you think.
• Uncover the hidden dangers of admin rights, with 10 powers of an admin user that put your organization at risk
• Learn how to drastically reduce the attack surface on the endpoint in hours, not months
• See how end users can still perform all their usual tasks by elevating tasks and applications, never users
Passwords: Nurture not Nature
Professor Steven Furnell, Professor of Information Security, University of Plymouth
Despite decades of password usage by many generations of users, good password practices are no closer to being our natural instincts and behaviours. Users consequently need guidance and support to use them properly, but are frequently left to work it out for themselves . . . leading to the sort of uniformed choices that then get users blamed for being the weakest link in security! This talk presents research findings to show the lack of guidance and enforcement on some of the leading websites, as well as evidence to show the positive effect of doing it differently.
Questions to the Panel of Speakers and Delegates move to the Seminar Rooms
Networking Lunch Served in the Exhibition Area
Session 2 – The Future of IAM in Enterprise
- Defining an IAM strategy, Benchmarking Performance, Identifying and Overcoming Challenges
- Exploring how to maintain, monitor, improve, optimise and govern IAM infrastructure
The Conference Chair Opens the Afternoon Session
Re-inventing Identity Management at the BBC
Ros Smith, Senior Product Owner, BBC
You don’t need to go to many Identity Management conferences to realise that Identity and Access Management projects are hard to implement and also that IAM is one of the least “technological” of the Security disciplines, with it being 10% technology and 90% business change.
The BBC is currently meeting the challenge of IAM transformation head on. As one of the 90% Ros Smith will explain the approach being taken, what has happened so far and where they are going next.
Lessons Learned Migrating a Major UK Retailers Substantial Application Estate to OneLogin
Stephen Williams, Managing Director, Atlas Identity
This presentation will discuss a recent large-scale migration from Microsoft AD-FS to OneLogin at a major UK retailer, and the associated processes that were used to achieve success in light of a diverse application estate of on-premises and SaaS applications. We will also cover how we created a ‘factory’ application on-boarding process, and the associated lessons learned.
The Human Factor – Peoples Behaviours a Risk or an Asset?
Barrie Millett, Group Head of Security, Wesleyan
This session explores human risk factor with particular reference to essential service providers – finance, energy etc.
- How employees can become a valuable asset in the IAM environment rather than a risk
- The gig economy and how this introduces the need for new ways of identifying and managing IAM risks
- Assumed breach environment, how defence in depth and a converged people focus can assist in your ability to prevent, respond, recover and learn from operational disruptions
Questions to the Panel of Speakers
Afternoon Networking and Refreshments served in the Exhibition Area
Case Study: From Thousands to Hundreds: How a Policy Based (PBAC) Approach Dramatically Improved Access Control and Authorization
Gal Helemski, Co-founder & Chief Innovation & Product Officer (CIPO), PlainID
Hear how a leading multinational financial institution was able to evolve from Role Based Access Control (RBAC) to the new paradigm, Policy Based Access Control (PBAC), and learn what challenges this solved, and the ROI they were able to see from using PBAC.
Martin Ingram, Product Owner, Royal Bank of Scotland
A few years ago an IAM session on Federation would have been a well understood and limited area for discussion. The adoption of public standard protocols plus enabling work such as Open Banking and PSD2 has changed the field completely. Together they open up the possibility of a wide range of additional Identity Services that could be provided by either traditional players or by new organisations. This session covers:
- What is federation and what have federation strategies looked like in the past?
- What has changed to make Federation now such an active subject area, both technically and commercially?
- Some possibilities unlocked through greater flexibility provided by federation now
The Power of Technology to Transform Identity Governance
Manoj Kumar, Lead for Identity & Access Management, KPMG
The session explores pitfalls, learnings and ways in which you can accelerate the delivery of Identity Governance initiatives in a constantly evolving landscape of Digital, Regulatory change and Technology disruption.
It covers the today as well as the future of Identity Management programmes and considers a template for delivering accelerated outcomes powered by technology and business transformation.
Questions to the Panel of Speakers
Closing Remarks from the Conference Chair
Conference Closes, Delegates Depart
Sarb Sembhi, Past President, ISACA London
Whitehall Media reserve the right to change the programme without prior notice.