the people, principles and processes which make up a successful IAM enterprise
- How to become a better communicator: collaboration is key
- Starting an IAM programme: how to succeed in project management
- Accounting for the privacy-personalisation conundrum
- Scoring your IAM maturity against your business needs
- Understanding the value of PAM: protecting every privilege in every setting
- IAM for the people! How to govern in the digital age
Conference Chair's Opening Address
Dr Gilad Rosner
Founder, IoT Privacy Forum; Expert in Public Policy of IoT & Identity Management; Privacy and Technology Policy Researcherview profile
Dr Gilad Rosner, Founder, IoT Privacy Forum; Expert in Public Policy of IoT & Identity Management; Privacy and Technology Policy Researcher
5 Trends in CIAM to watch
CIAM Product Manager, Beyond Identityview profile
Jamie Hughes, CIAM Product Manager, Beyond Identity
- Customer experience has been identified as the top competitive differentiator across all industries, if customers reject transactions because of forgotten passwords you can be losing revenue
- 57% of consumers polled have identified a passwordless process as being preferred
- 35% of respondents polled said they have experienced difficulties with multi-factor authentication when a second device was required and that this made them cancel their transaction
- Beyond Identity can proceed a seamless, frictionless and secure passwordless MFA experience
Quo Vadis Identity Management? We are moving into the cloud and abandoning data centres - now what?
External IAG architect, Hilti AGview profile
Stefan Bosnjakovic, External IAG architect, Hilti AG
Many big international enterprises are moving into the cloud and shutting down their traditional data centres to reduce complexity and get rid of expensive international MPLS lines – and so is Hilti.
This poses a big problem for companies as cloud services like Microsoft Azure/Office365 or Amazon AWS cover pretty much basic IT needs, but IAM vendors do not/cannot keep up with the rest of the industry and IAG vendors even more so.
Most of the established vendors also offer cloud/SaaS/IaaS solutions, but these are quite stripped down compared to their on-prem counterparts and pure IaaS solutions customizability.
So, vendors are not there yet, but customers are. consequently, we need temporary solutions to allow a smooth transition.
I try to describe a possible way forward in this presentation.
What can Modern IGA do for you?
Senior Solution Consultant, Omadaview profile
Craig Ramsay, Senior Solution Consultant, Omada
In this session, Craig Ramsay, Senior Solution Consultant at Omada, will share his insights about the evolving IGA market and how modern IGA solutions help organizations optimize their identity security strategies without sacrificing productivity.
In this session you will learn how a modern IGA solution:
- Helps organizations implement identity governance with fast time to value
- Mitigates risk and increases efficiency through an identity-centric approach to security.
- Automates business processes from a centralized identity source to help maximize internal resources
- Supports organizations to effectively meet a wide variety of audit and compliance measures
Questions to the Panel of Speakers
Introduction to session two
Universal Privilege Management – A Modern Approach to PAM
RVP Solutions Engineering, BeyondTrustview profile
Karl Lankford, RVP Solutions Engineering, BeyondTrust
Virtually every cybersecurity breach today involves the exploitation of privileged access. Privileges are initially exploited to infiltrate an IT environment; once compromised by threat actors, privileges are further leveraged to move laterally, access assets, install malware, and inflict damage.
In this session, learn the key steps involved in achieving Universal Privilege Management, and how it is used to secure every user, session, and asset across your IT environment.
Topics covered include:
– Why relying on password management alone leaves dangerous gaps in protection
– Disrupting the cyberattack chain with privileged access security controls
– Essential steps to achieving rapid leaps in risk reduction
– Keys to a frictionless PAM solution that is invisible to end users
We will also share how the BeyondTrust Privileged Access Management (PAM) platform enables absolute control over every privilege in your environment to drastically reduce your attack surface and windows of exposure, while boosting business productivity.
Biometrics - A revolution in waiting
Professor of Cyber Security, University of Nottinghamview profile
Steve Furnell, Professor of Cyber Security, University of Nottingham
For many years, biometrics held a steady position as the ‘next big thing’ in user authentication. However, the last decade has seen them become commonplace technologies, particularly due to their increasingly standard integration into mobile devices.
Despite this, however, passwords still remain the dominant form of user authentication in more general activity. Have biometrics failed to fully deliver on their promise, or is the real revolution yet to come?
This presentation will examine these issues, with attention toward:
• the desirability of biometric authentication for both end-user and enterprise usability
• the uptake and impact of biometrics to date
• underlying differences in current deployments
• future potential within our device ecosystem
Maximise Zero Trust with AI-driven Role Management
Senior Product Marketing Director, ForgeRockview profile
Tim Bedard, Senior Product Marketing Director, ForgeRock
With growing cyber threats, organisations face mounting pressure to enforce Zero Trust principles, like least privilege access. But traditional Identity Governance and Administration (IGA) solutions rely on manual, labour-intensive processes that can no longer scale to meet today’s dynamic security requirements. It’s time for a better solution.
Find out how organizations can address these challenges through Role-based Access Control (RBAC) by:
– Leveraging artificial intelligence (AI) and machine learning (ML) to manage and enforce least privilege access
– Enforcing and enabling your organisation to quickly scale Zero Trust across your ecosystem
– Modernising your RBAC capabilities and processes to help you achieve regulatory compliance, mitigate risks, and reduce costs
Questions to the Panel of Speakers
- Mapping your customer base: architecting an identity graph
- Supporting your mobile workforce: mobile identity platforms
- Password-less authentication: achieving the required distribution
- Make privacy matter: adopting an always-on approach
- Adopting a hierarchical order of system control: ABAC and RBAC
- Accelerate the adoption of a decentralised identity platform
Introduction to session three
Why provisioning gives you a false sense of security
Identity Strategist, SailPointview profile
Hans-Robert Vermeulen, Identity Strategist , SailPoint
Companies have invested in solutions to automate access assignment. Although this often covers only basic provisioning, they feel well protected. This is a false sense of security. Enforcing a least privileged access model is not achieved by “fire and forget” provisioning or account creation. Least privileged stands no chance if we do not see and review changes being made inside applications, if we do not incorporate new access rights and new applications into our existing role model and increasingly important, if we have no clue if access is actually being used.
Come and listen to SailPoint where we will bring you on a journey to show you how to protect with certainty.
• How to get better insight and make smarter decisions with Artificial Intelligence & usage data
• Reduce overall risk exposure by only assigning access people actually need and use
• Not only report and analyze (SAP) SoD policies but overlay this with utilization data
Why machine identities matter: MI’s as your network weakest link
Senior ASIC Verification Engineer, Boeingview profile
Kumud Dubey, Senior ASIC Verification Engineer, Boeing
Machine identity attacks grew 400% between 2018 and 2019, increasing by over 700% between 2014 and 2019.
The primary method of attack is through the production of malware which is specifically designed to compromise the already vulnerable MI attack surface.
With this type of malware has witnessed a 300% growth in the last year 5 years, it is clear there needs to be a priority shift in what the industry regards as an integral part of its suite of defence capabilities.
• Why 81% of businesses have to deal with malicious bots
• One in four have suffered significant financial loss as a result
• The lack of visibility as to the number of bots and machines operating within the enterprise network
• The role of threat actors in creating hundreds of malicious bots
Driving CX Innovation with CIAM to Deliver Competitive Advantage
Chief Customer Information Officer, Ping Identityview profile
Richard Bird, Chief Customer Information Officer, Ping Identity
In today’s digital-first world, customer experience (CX) is the new battleground. Is your brand’s CX original enough to generate business value? In this session, we will talk through the requirements of what makes a customer experience “innovative” and how you can evaluate your brand’s CX. It will also address the next steps to take in your organisation’s journey, to enhance digital experiences with identity to provide business impact.
Questions to the Panel of Speakers
Networking Lunch and Refreshments served in the Exhibition Area
Seminars A - D
Seminars E - I
Introduction to session six
Ahold Delhaize Case study
Martin Sandren, IAM Business Analyses Manager, Ahold Delhaize
When the rubber meets the road - how to tackle CIAM without sacrificing security for convenience
Head of Marketing, IAM, WSO2view profile
Michael Bunyard, Head of Marketing, IAM, WSO2
In the past few years businesses have had to accelerate their digital transformation initiatives in order to meet the evolving needs of their customers. A strong customer-centric IAM strategy has become a focal point for businesses to gain competitive advantage, and in doing so it has provided a strong foundation to deliver simple, seamless and secure digital experiences for end users.
In this session we will cover:
- Common challenges that customers have faced and why IAM helps resolve those issues
- Case studies that showcase WSO2’s unique approach
- Outcomes of a recent Forrester TEI Report on our Identity Server
- Guidance on considerations before embarking on an IAM project
The impact of AI and ML on IAM
India Ambassador, Women in Identityview profile
Saru Tumuluri, India Ambassador, Women in Identity
83% of organisations do not have a mature approach to IAM, resulting in two times more breaches on average.
We explore how AI and ML can improve this situation by:
• Combining analytics and AI to contextual insights so that both technical and non-technical employees can work more time-efficient
• Drastically speeding up the existing IAM compliance controls
• Reviewing historical user access reports to comply with auditor requests
• Autonomously detecting anomalies and potential threats
• Paving the way between reactive to preventive/corrective access management
Questions to the Panel of Speakers
Closing Remarks from the Conference Chair
Whitehall Media reserve the right to change the programme without prior notice.