1st November 2017

Privileged Access Management (PAM) and Identity & Access Management (IAM), they occupy the same space but have very different outcomes.

Why Identity and Access Management should be part of your GDPR plan

19th October 2017

It’s crucial to understand that the General Data Protection Regulation (GDPR) is not a technology issue alone. When it comes into effect on 25 May […]



Future Proofing your IAM Programme

We explore how IAM can become a key enabler to organisations. Through cross-sector case studies and industry perspectives we charter key IAM imperatives including accountability, transparency, user experience and managing trust, privileges and entitlements. The early morning session will also explore:

  • Why businesses require identity governance
  • Examples of successful deployments of comprehensive, customer focused identity management infrastructures
  • The impact of identity management investment on top-line revenue
  • How to use IAM to achieve business goals and empower digital business
  • The changing security landscape and disruptive technologies
  • Operationalising identity intelligence for efficiency and risk mitigation
  • Identifying future trends in the IAM space
The Conference Chair’s Opening Remarks

Sarb Sembhi, Past President, ISACA London

Open Banking with Ping Identity

Rob Otto, Senior Regional Solutions Architect, Ping Identity

See a demo of how Ping Identity’s open banking solution supports OAuth 2.0/OIDC and the Financial API. The demo will provide visibility into the secure construction and analysis of token contents consumed by the banking API’s necessary to complete secure transactions between entities. In addition, it will show how to enforce the user-driven consent, policies and scope required to enable and disable aggregation of transaction data exposed via API’s to AISP web and FinTech applications, for consolidation and presentation to the account owner.

Whilst specific to the finance industry, this showcase will highlight how Ping Identity can help customers large and small meet complex use-cases with a comprehensive Customer IAM suite.

Identity Systems at Scale: A Pragmatic Look at Standards, Certification, Trust Frameworks and Registration

Don Thibeau, Chairman and President, Open Identity Exchange

Open standards like HTTP, OAuth, and OpenID Connect allow competing organizations to add value to their services, platforms, and products by ensuring interoperability across commercial, banking and government ecosystems.

Open standards can be a powerful tool set for developers. But identity systems require rules that address liability as well as ensure technical conformance. This presentation is a pragmatic look at ensuring conformance to open standards via self-certification using the ground-breaking OpenID Certification Program as a case study. We’ll look at how technology tools like standards and self-certification can be fit for purpose with governance rules that define the business, legal and technical requirements of identity systems. We’ll pay particular attention to how trust frameworks assign and enforce liability in complex identity systems. We’ll outline how registering trust frameworks ensure the transparency needed to build and maintain the trust needed in identity systems at scale.

The presentation concludes with presenting current, real world use-cases of identity systems at scale. We’ll highlight how technology tools and governance rules are enabling global identity projects. We’ll overview the Open Banking initiative in the UK, the International Air Travel Association (IATA)’s “One Identity” Program and other global identity initiatives.

International Airlines Group (IAG) Case Study

Society, like the Internet, runs on trust. Trusting that our online identity is protected and not commercially exploited without our consent is complicated and interrelated. Following the keynote from Don Thibeau, OIX Chairman, this case study presentation takes a closer look at the work of OIX UK Europe with regards to the emerging cross border trust services market, through projects such as LIGHTest and others.

How to Overcome the Limitations of a Traditional IAM Approach with Identity Analytics

Cyril Gollain, Chief Executive Officer, Brainwave GRC

In a traditional IAM approach, one has to balance the operational effectiveness of the IAM initiative with the growing costs of deployment and maintenance. This is especially true for older bespoke systems or “tier-2” applications for which there is seldom any justification for full IAM automation.

• However, critical security and compliance risks can oftentimes be found in the dark corners of the Information System.
• A comprehensive approach should therefore provide the means to control and audit all resources while focusing IAM automation where justified. 
• Brainwave GRC provides innovative Identity Analytics technology embracing the breadth and depth of analysis which are required to effectively assess risks, detect inconsistencies and remediate issues across all resources.


Case Study: Segregation of Duties from Risk Identification to Remediation

Edina Dobos, DBS Governance & Controls Senior Manager – Global SoD and Application Controls, Diageo

This presentation will provide an overview of SoD risk assessment in the business and IT context and approaches to managing risks with specific reference to the balance between mitigation and remediation.

Questions To The Panel Of Speakers
Morning Networking and Refreshments Served in the Exhibition Area
Delivering Trusted Digital Relationships in a Connected Society

Nick Caley, Vice President, ForgeRock

In this session Nick will discuss the importance of harnessing identity across the entire digital ecosystem.  He will also give examples of how large organisations are using technology to secure the identity of people, devices and things in order to build trusted, personalised relationships with their customers.

Key Topics:
• Knowing Your Customer – how to create a seamless OmniChannel experience
• GDPR – Turning the new regulation into an opportunity
• Privacy by Design – The new ForgeRock Profile and Privacy Management Dashboard
• IoT and the Future of Identity

A Review of The Changing Landscape and How Identity & Access Management Solutions are Adapting to Meet These Challenges

Andy Bryars, Senior Customer Success Manager, Okta

Identity & Access Management is moving from being one of many components of the legacy IT infrastructure stack to being at the center of how enterprises manage IT and power digital transformation across all aspects of their business. Combined with latest trends towards mobile first, IoT and big data this is having an impact on the pivotal role of managing identities for employees, partners and customers. This session explores how Okta views this landscape and how we are uniquely placed to meet these challenges.

Questions to the Panel of Speakers and Delegates move to the Seminar Rooms
Seminar Sessions
Networking Lunch Served in the Exhibition Area

Session TWO – The Future of IAM in Enterprise

  • Defining an IAM strategy, Benchmarking Performance, Identifying and Overcoming Challenges
  • Exploring how to maintain, monitor, improve, optimise and govern IAM infrastructure
The Conference Chair Opens the Afternoon Session
What My IAM Looks Like

Tarun Sharma, Solutions Architect, Telegraph Media Group

This presentation will explore what an organisation should look for when selecting an IAM solution. It will discuss:

  • What aspects should be covered before starting to look for various IAM solutions in the market
  • What helps in defining business and technical requirements for IAM solutions
  • How important it is to select and execute a successful IAM implementation project
Consumable Access for the Enterprise

Colin Brown, Identity and Access Management Architect, BBC

The BBC is a huge collaborative endeavour, involving disparate groups of people in the creative delivery of entertainment and information. It is it no longer reasonable to expect people to put up with complex journeys and poor user interfaces or to assume an enterprise desktop. BBC Login has brought consumer standards to the enterprise to truly enable the vision of risk based access for globally mobile heterogeneous workforce.

In this presentation Colin Brown, Lead IAM Architect, will describe how the BBC has gone from concept to reality in under 12 months, describing the objectives, the outcomes and the challenges along the path to delivery.

A Privileged Customer Journey

Andy Harris, Chief Technology Officer, Osirium

• The Driving Forces
• Implementation
• Steady State ROI

Questions to the Panel of Speakers
Afternoon Networking and Refreshments served in the Exhibition Area
British Standards in Digital Identification and Authentication in a Regulatory Context

Andrew Churchill, MIDAS Alliance and Lead Author, British Standard PAS499

The British Standards Institution’s Publicly Available Specification in Digital Identification and Authentication, Code of Practice will have closed the public consultation a few days before conference. Andrew, lead author on the PAS, will provide an overview of the standard and how it is expected to fit in with the evolving regulatory backdrop.

An innovative approach to defining and modelling Identities across your Organisation

Ian Johns, Head of Architecture, King’s College London
Prakash Manickam, Senior BI Analyst, King’s College London

King’s College London has a population of thousands of academics and professional staff on a variety of contracts and affiliations, tens of thousands of students and distance learners and millions of visitors, guests and alumni.

In this presentation you will hear about an innovative approach King’s have taken in modelling these personas, in order to implement improvements to Identity and Data Management. Applying the concepts of Object Oriented Data Modelling, King’s have developed a simple and innovative Business Glossary that helps organisations define and manage their Identity master data.

Mobile-Enabled Digital Identity: Improving Birth Registration in Pakistan

Ceri Greenland, Senior Market Engagement Manager, Digital Identity, GSMA

It is estimated that globally, one in three children under the age of five has not had their birth officially registered, and every year more than 50 million children are added to this state of invisibility. In Pakistan, it is estimated that only 33.6% of children have had their birth registered. To try and address this challenge, countries such as Pakistan have started looking at new ways to improve the birth registration process using new technologies and innovative approaches. One such solution has been to develop platforms and systems which utilise mobile phones in the registration process, resulting in registration rates improving in some regions by as much as 300%. This presentation will provide more detail on the collaboration between Telenor Pakistan, UNICEF and the Government of Pakistan and will examine the project’s key success factors and associated challenges.

Questions to the Panel of Speakers
Closing Remarks from the Conference Chair
Conference Closes with a Drinks Reception sponsored by One Identity

Please note:
Whitehall Media reserve the right to change the programme without prior notice.