Programme @

IDM uk

Identity Management

9 November 2021

Brought to you by Whitehall Media

Programme @ IDM uk

Session One

the people, principles and processes which make up a successful IAM enterprise

  • How to become a better communicator: collaboration is key
  • Starting an IAM programme: how to succeed in project management
  • Accounting for the privacy-personalisation conundrum
  • Scoring your IAM maturity against your business needs
  • Understanding the value of PAM: protecting every privilege in every setting
  • IAM for the people! How to govern in the digital age

09:15 (GMT)

Conference Chair's Opening Address

Dr Gilad Rosner
Founder, IoT Privacy Forum; Expert in Public Policy of IoT & Identity Management; Privacy and Technology Policy Researcher
view profile

Dr Gilad Rosner, Founder, IoT Privacy Forum; Expert in Public Policy of IoT & Identity Management; Privacy and Technology Policy Researcher

09:25 (GMT)

5 Trends in CIAM to watch

Jamie Hughes
CIAM Product Manager, Beyond Identity
view profile

Jamie Hughes, CIAM Product Manager, Beyond Identity

  • Customer experience has been identified as the top competitive differentiator across all industries, if customers reject transactions because of forgotten passwords you can be losing revenue
  • 57% of consumers polled have identified a passwordless process as being preferred
  • 35% of respondents polled said they have experienced difficulties with multi-factor authentication when a second device was required and that this made them cancel their transaction
  • Beyond Identity can proceed a seamless, frictionless and secure passwordless MFA experience

09:40 (GMT)

Quo Vadis Identity Management? We are moving into the cloud and abandoning data centres - now what?

Stefan Bosnjakovic
External IAG architect, Hilti AG
view profile

Stefan Bosnjakovic, External IAG architect, Hilti AG

Many big international enterprises are moving into the cloud and shutting down their traditional data centres to reduce complexity and get rid of expensive international MPLS lines – and so is Hilti.

This poses a big problem for companies as cloud services like Microsoft Azure/Office365 or Amazon AWS cover pretty much basic IT needs, but IAM vendors do not/cannot keep up with the rest of the industry and IAG vendors even more so.

Most of the established vendors also offer cloud/SaaS/IaaS solutions, but these are quite stripped down compared to their on-prem counterparts and pure IaaS solutions customizability.

So, vendors are not there yet, but customers are. consequently, we need temporary solutions to allow a smooth transition.

I try to describe a possible way forward in this presentation.

10:00 (GMT)

What can Modern IGA do for you?

Craig Ramsay
Senior Solution Consultant, Omada
view profile

Craig Ramsay, Senior Solution Consultant, Omada

In this session, Craig Ramsay, Senior Solution Consultant at Omada, will share his insights about the evolving IGA market and how modern IGA solutions help organizations optimize their identity security strategies without sacrificing productivity.

In this session you will learn how a modern IGA solution:

  • Helps organizations implement identity governance with fast time to value
  • Mitigates risk and increases efficiency through an identity-centric approach to security.
  • Automates business processes from a centralized identity source to help maximize internal resources
  • Supports organizations to effectively meet a wide variety of audit and compliance measures

10:15 (GMT)

Questions to the Panel of Speakers

10:30 (GMT)

Networking Break

Session Two

10:45 (GMT)

Introduction to session two

10:50 (GMT)

Universal Privilege Management – A Modern Approach to PAM

Karl Lankford
RVP Solutions Engineering, BeyondTrust
view profile

Karl Lankford, RVP Solutions Engineering, BeyondTrust

Virtually every cybersecurity breach today involves the exploitation of privileged access. Privileges are initially exploited to infiltrate an IT environment; once compromised by threat actors, privileges are further leveraged to move laterally, access assets, install malware, and inflict damage.

In this session, learn the key steps involved in achieving Universal Privilege Management, and how it is used to secure every user, session, and asset across your IT environment.

Topics covered include:

– Why relying on password management alone leaves dangerous gaps in protection

– Disrupting the cyberattack chain with privileged access security controls

– Essential steps to achieving rapid leaps in risk reduction

– Keys to a frictionless PAM solution that is invisible to end users

We will also share how the BeyondTrust Privileged Access Management (PAM) platform enables absolute control over every privilege in your environment to drastically reduce your attack surface and windows of exposure, while boosting business productivity.

11:05 (GMT)

Biometrics - A revolution in waiting

Steve Furnell
Professor of Cyber Security, University of Nottingham
view profile

Steve Furnell, Professor of Cyber Security, University of Nottingham

For many years, biometrics held a steady position as the ‘next big thing’ in user authentication. However, the last decade has seen them become commonplace technologies, particularly due to their increasingly standard integration into mobile devices.

Despite this, however, passwords still remain the dominant form of user authentication in more general activity. Have biometrics failed to fully deliver on their promise, or is the real revolution yet to come?

This presentation will examine these issues, with attention toward:

• the desirability of biometric authentication for both end-user and enterprise usability
• the uptake and impact of biometrics to date
• underlying differences in current deployments
• future potential within our device ecosystem

11:20 (GMT)

Maximise Zero Trust with AI-driven Role Management

Tim Bedard
Senior Product Marketing Director, ForgeRock
view profile

Tim Bedard, Senior Product Marketing Director, ForgeRock

With growing cyber threats, organisations face mounting pressure to enforce Zero Trust principles, like least privilege access. But traditional Identity Governance and Administration (IGA) solutions rely on manual, labour-intensive processes that can no longer scale to meet today’s dynamic security requirements. It’s time for a better solution.

Find out how organizations can address these challenges through Role-based Access Control (RBAC) by:

– Leveraging artificial intelligence (AI) and machine learning (ML) to manage and enforce least privilege access

– Enforcing and enabling your organisation to quickly scale Zero Trust across your ecosystem

– Modernising your RBAC capabilities and processes to help you achieve regulatory compliance, mitigate risks, and reduce costs

11:35 (GMT)

Questions to the Panel of Speakers

11:50 (GMT)

Networking break

Session Three

  • Mapping your customer base: architecting an identity graph
  • Supporting your mobile workforce: mobile identity platforms
  • Password-less authentication: achieving the required distribution
  • Make privacy matter: adopting an always-on approach
  • Adopting a hierarchical order of system control: ABAC and RBAC
  • Accelerate the adoption of a decentralised identity platform

12:05 (GMT)

Introduction to session three

12:10 (GMT)

Why provisioning gives you a false sense of security

Hans-Robert Vermeulen
Identity Strategist, SailPoint
view profile

Hans-Robert Vermeulen, Identity Strategist , SailPoint

Companies have invested in solutions to automate access assignment. Although this often covers only basic provisioning, they feel well protected. This is a false sense of security. Enforcing a least privileged access model is not achieved by “fire and forget” provisioning or account creation. Least privileged stands no chance if we do not see and review changes being made inside applications, if we do not incorporate new access rights and new applications into our existing role model and increasingly important, if we have no clue if access is actually being used.

Come and listen to SailPoint where we will bring you on a journey to show you how to protect with certainty.

• How to get better insight and make smarter decisions with Artificial Intelligence & usage data

• Reduce overall risk exposure by only assigning access people actually need and use

• Not only report and analyze (SAP) SoD policies but overlay this with utilization data

12:25 (GMT)

Why machine identities matter: MI’s as your network weakest link

Kumud Dubey
Senior ASIC Verification Engineer, Boeing
view profile

Kumud Dubey, Senior ASIC Verification Engineer, Boeing

Machine identity attacks grew 400% between 2018 and 2019, increasing by over 700% between 2014 and 2019.

The primary method of attack is through the production of malware which is specifically designed to compromise the already vulnerable MI attack surface.

With this type of malware has witnessed a 300% growth in the last year 5 years, it is clear there needs to be a priority shift in what the industry regards as an integral part of its suite of defence capabilities.

We address:

• Why 81% of businesses have to deal with malicious bots
• One in four have suffered significant financial loss as a result
• The lack of visibility as to the number of bots and machines operating within the enterprise network
• The role of threat actors in creating hundreds of malicious bots

12:40 (GMT)

Driving CX Innovation with CIAM to Deliver Competitive Advantage

Richard Bird
Chief Customer Information Officer, Ping Identity
view profile

Richard Bird, Chief Customer Information Officer, Ping Identity

In today’s digital-first world, customer experience (CX) is the new battleground. Is your brand’s CX original enough to generate business value? In this session, we will talk through the requirements of what makes a customer experience “innovative” and how you can evaluate your brand’s CX. It will also address the next steps to take in your organisation’s journey, to enhance digital experiences with identity to provide business impact.

12:55 (GMT)

Questions to the Panel of Speakers

13:10 (GMT)

Networking Lunch and Refreshments served in the Exhibition Area

Session Four

13:45 (GMT)

Seminars A - D

14:30 (GMT)

Networking Break

Session Five

14:45 (GMT)

Seminars E - I

15:30 (GMT)

Networking Break

Session Six

15:45 (GMT)

Introduction to session six

15:50 (GMT)

Ahold Delhaize Case study

Martin Sandren, IAM Business Analyses Manager, Ahold Delhaize

16:05 (GMT)

When the rubber meets the road - how to tackle CIAM without sacrificing security for convenience

Michael Bunyard
Head of Marketing, IAM, WSO2
view profile

Michael Bunyard, Head of Marketing, IAM, WSO2

In the past few years businesses have had to accelerate their digital transformation initiatives in order to meet the evolving needs of their customers. A strong customer-centric IAM strategy has become a focal point for businesses to gain competitive advantage, and in doing so it has provided a strong foundation to deliver simple, seamless and secure digital experiences for end users.

In this session we will cover:

  • Common challenges that customers have faced and why IAM helps resolve those issues
  • Case studies that showcase WSO2’s unique approach
  • Outcomes of a recent Forrester TEI Report on our Identity Server
  • Guidance on considerations before embarking on an IAM project

16:20 (GMT)

The impact of AI and ML on IAM

Saru Tumuluri
India Ambassador, Women in Identity
view profile

Saru Tumuluri, India Ambassador, Women in Identity

83% of organisations do not have a mature approach to IAM, resulting in two times more breaches on average.

We explore how AI and ML can improve this situation by:

• Combining analytics and AI to contextual insights so that both technical and non-technical employees can work more time-efficient
• Drastically speeding up the existing IAM compliance controls
• Reviewing historical user access reports to comply with auditor requests
• Autonomously detecting anomalies and potential threats
• Paving the way between reactive to preventive/corrective access management

16:35 (GMT)

Questions to the Panel of Speakers

16:50 (GMT)

Closing Remarks from the Conference Chair

17:00 (GMT)

Conference Closes

Please note:
Whitehall Media reserve the right to change the programme without prior notice.

Follow us on social

Keep up to date with what's going on by following us on social media.

Featured blogs

Read the latest news and views from key industry figures and thought leaders.

Authentication v Authorisation
Authentication. Authorization. It’s all just logging in right? Are they essentially the same thing? Although some may use the terms interchangeably, they are actually very different concepts and understanding how they differ is important for anyone in the security space. In the most simplistic terms, authentication is the process of ensuring the user is who...
Introducing Code Commit Signing to Secure Your SDLC
In today’s model of distributed software in the cloud, engineering teams are developing, building, and delivering all the time. Plus, with continuous integration and continuous delivery (CI/CD) pipelines, there are no stopping points for manual security checks. Once the entire build is complete, it’s even more difficult, time-consuming, and resource-intensive to check the entire build...
The history and future of passwords
The inception of passwords in the 1960s changed the digital world as we know it. Passwords are now an unconscious standard practice in the lives of most, and from your first pet to the street you grew up on, they are deeply ingrained in our minds. The first passwords introduced the concept of authentication to cybersecurity, or...