Identity Management

6 November 2019

Business Design Centre




Session one- IAM for the Modern Enterprise

We explore how IAM can become a key enabler to organisations. Through cross-sector case studies and industry perspectives, we charter key IAM imperatives including accountability, transparency, user experience and managing trust, privileges and entitlements. The early morning session will also explore:

  • IAM implementation within enterprise environments
  • Identity administration and governance
  • Risk metrics and trends around privacy
  • The impact of identity management investment on top-line revenue
  • How to use IAM to achieve business goals and empower digital business
  • Operationalising identity intelligence for efficiency and risk mitigation
  • Identifying future trends in the IAM space
  • Cloud management models and IDaaS
  • Privileged Access Management – benefits and challenges
  • Disruptive technologies and IAM
  • Future-proofing IAM investment
  • Digital transformation and IAM
Conference Chair’s Opening Address

Dr Gilad L. Rosner – Founder: IoT Privacy Forum; Expert in Public Policy of IoT & Identity Management; Privacy and Technology Policy Researcher

Opening Keynote: The Entitlement Management Journey – from spreadsheets to AI

Faisal Syed – Global Head of Access Management, UBS

Access Management started with dumping data into spreadsheets, and it progressed to tools with nice UIs showing how to review data and certify in a nice package for auditors. Trends demonstrate that we are moving from manual to automated provisioning and centralising tools. The highly regulated and complex businesses of the future do not seem to embrace manual tools nor recertifications.

We explore the shift towards automated approvals and rejection of access via AI analytics.

Creating a responsive identity-aware ecosystem in the age of the identity platform

Identity-aware infrastructure aims to establish an environment in which identity and data have a contextual relationship which allows for identity policies to become more security aware and for security policies to become more identity-aware. This results in the captured context, which occurs during identity and security exchanges, being used to influence the enterprise ecosystem and lessen the need to rely on raw data.

We explore the shift from IAM to Identity Relationship Management, its impact on infrastructure technologies, the future direction and prescriptive recommendations.

  • The reality for the enterprise
  • The context-based identity management ecosystem
  • Five steps the enterprise must take to position for context-based identity management
Digital transformation in the context of Identity Management

Martin Ingram – Identity & Access Management Product Owner, Royal Bank of Scotland

Organisations must be able to use IDM the right way to survive and thrive in this digital transformation wave. Thus, we will address:

  • What becomes of Identity Management post-Digital?
  • How does the Digital Transformation change how we deliver Identity Management?
  • How can Identity Management deliver on the promise of digital transformation?
Measuring IAM governance for business benefit

Measuring the risk of data breaches is not only of fundamental importance, but it is also an indirect way of assessing the strength of existing governance structures.

To move beyond viewing compliance as the only important element of IAG, enterprises must see it as a platform that offers a seamless operating environment, business growth, increase security and better risk assessment.

We address the steps required to measure governance performance indicators:

  • Organisational IAG maturity
  • Determining your key risk factors
  • Mapping your status quo
  • Defining and implementing controls
  • Establishing and monitoring goal and performance indicators
  • Monitoring and reviewing your approach with risk management
Dropping the silo mentality in cloud management

While the service-based delivery of cloud services allows enterprises to acquire and deploy new applications with great ease, it does not consider the impact this on enterprise-wide legacy applications. Such applications tend to be superseded without appropriate migration of data and the reconfiguring of users who require access to new platforms. This results in minimising resource utilisation and reducing the overall efficiency of the enterprise.

We explore cloud integration, iPaaS {integration platform as a service}, and how you can integrate data and applications from various sources in real-time without losing the ability to reuse and manage services and data.

Questions To The Panel Of Speakers
Morning Networking and Refreshments served in the Exhibition Area
Building Identity Professionals

As IAM has become a lynchpin in digital transformation initiatives, IAM leaders find themselves in a conundrum. It’s never been more important to build identity systems that are fit for purpose and sufficiently robust – but adaptable – to face the ever-changing challenges. But, at the same time, there is an increasing pressure to cut operational IT costs and investment areas.

How do we build a top-notch IAM team able to contract and expand at will that also matches the business needs?

Join this session to discover how identity professionals are coming together to help nurture talent when pressured to reduce IAM investment.

On the state and future of standards based SSO

Hans Zandbelt – CTO/IAM Architect, OpenID Foundation

This presentation will provide an overview of the current state of standards-based digital identity and Single Sign-On (SSO). We’ll take a look at the market adoption of standards such as SAML and OpenID Connect and discuss the future of those standards and internet identity in general. We’ll highlight protocols, standardisation bodies and certification processes and why these matter to your business.

  • What is the market adoption of open standards for cross-domain SSO?
  • How do identity standards emerge and how do they develop over time?
  • What does the future of standard-based SSO hold?
Future proofing your IDM security posture

An overly rigid security architecture prevents your infrastructure from increasing in scale and adaptability, which in turn diminishes your potential for growth security.

To future proof your security operations, you must strategically align your people, processes and technology. By doing so, you will produce an adaptable and cohesive operational posture that can positively react to change, technology adoption and new and emerging threats.

This presentation will address the strategy required to adopt a future proof security culture.

Questions to the Panel of Speakers
Delegates move to the Seminar Rooms
Seminar Sessions
Networking Lunch Served in the Exhibition Area

Session Two: Benchmarking your IAM Programme for Success

  • Machine identity capabilities
  • User managed access
  • Enterprise application integration
  • Adaptive authentication analysis in behavioural patterns
  • Risk-based authentication
  • CIAM landscape
  • IAM and PAM integration
Conference Chair’s Afternoon Address

Dr Gilad L. Rosner – Founder: IoT Privacy Forum; Expert in Public Policy of IoT & Identity Management; Privacy and Technology Policy Researcher

Drawing an IAM Roadmap

Tim Purkiss – Senior Identity Management Analyst, University of London

Tim will look at the process, benefits and drawbacks of developing an IAM roadmap for an organisation, with reference to the approach the University of London is taking and the challenges of supporting a “cloud-first” strategy. The talk will cover how to incorporate user, device, and data security principles into the roadmap and how to highlight the business benefits of good IAM so that the roadmap can be turned into tangible improvements to support digital transformation.

How to detect deviation from implemented IAM solutions: The value of risk-based authentication

Being able to detect when a user deviates from the norm is a critical tool in maintaining network security. When an actor requests access, you need to have the flexibility to determine how typical the device, location and address from which the request has originated is for the purported user.

Many enterprises are unsure of how a balance can be struck between a user-dependent system and a transaction-dependent one without hindering customer satisfaction. Here is where the importance of an intelligently designed autonomous risk-based authentication process can help determine the right model for your business.

We address:

  • How to monitor the connection profile of users including behaviours, favoured devices and IP geolocation
  • How to solve the threats to both the user and the system
  • Creating a scale of the risk potential of the user’s action
  • The importance of balancing security with usability
Identity data types for Access Management: Transforming Identity Management at the BBC

Carlos Trigoso – Lead Architect. Identity & Access Management, BBC

The BBC has a relatively advanced Identity and Access Management programme covering all user types within the corporation’s business ecosystem. Carlos Trigoso will present a compact history of this programme and then will focus on the results obtained in the past three years. The presentation highlights the close correlation and interdependence between Identity Management and Organisational Transformation.

How you can support good governance and steer the technology required to support IAM

While ensuring that your organisation is continuously looking to the future, you must also develop your understanding of maximising the value of your existing IAM architecture and infrastructure.

Inability to grasp what constitutes a meaningful IAM system, its core functions and critical characteristics, results in project failure, serious cost implications, and even organisational fragmentation and disintegration.

We explore:

  • The challenge of diverse environments and disparate systems
  • Differentiating tactics from processes in IAM hierarchy
  • Combining the right technology, internal policies and people to achieve governance
  • Unifying access, authorisation, administration and authentication
Questions to the Panel of Speakers
Afternoon Networking and Refreshments served in the Exhibition Area
Adaptive authentication in behavioural pattern analysis

Despite its apparent flaws and easily identifiable shortcomings, 62% of UK businesses still have no plans to move beyond using passwords as the primary source of authentication.

While the simplicity of password-protected authentication is user-friendly and modern, technologically innovative solutions are intimidating to the less technically minded. However, adaptive technology works with the users rather than alienating them from the process.

Whether it’s an employee or a customer looking to access an online platform, adaptive authentication works in the background gathering granular attributes designed to determine the appropriateness of users’ identification activity.

In today’s cyber climate, attackers can access user credentials with relative ease; what they can not do is mimic user behaviour which. An appropriate adoption of behavioural pattern analytics can measure truly unique micro-behaviours to ensure identity security.

Managing machine identity: Machine identity protection capabilities

Given that 80% of enterprises are currently struggling to protect machine identities, and 96% of companies believe that the protection of machine and human identities are of equal importance, there is an apparent disconnection in concern and action.

Enterprises currently spend billions annually on protecting human identities but almost nothing protecting the machines deployed to carry out vital business functions.

While managing user identity has historically been human-centric, the substantial increase in machines on enterprise networks, the shifts in enterprises’ technology engagement and new computing capabilities which support such technological innovation, the need to protect machine identities has never been more urgent.

Closing Keynote: Future projections for the IAM market

The need to connect and manage complex structures of joined digital identities, which include compatibility, integration, and interoperability of data, is one of the significant challenges obstructing the growth of the global identity and access management market.

This challenge is only made greater when we require increasing levels of IAM sophistication to combat the threat while seeking to achieve competitive advantage from such advancements in network security.

In our closing address, we explore the emerging trends within the IDM landscape and its implications for both suppliers and buyers.

Questions to the Panel of Speakers
Closing Remarks from the Conference Chair

Dr Gilad L. Rosner – Founder: IoT Privacy Forum; Expert in Public Policy of IoT & Identity Management; Privacy and Technology Policy Researcher

Conference Closes

Please note:
Whitehall Media reserve the right to change the programme without prior notice.