Session ONE – Future Proofing your IAM Programme
We explore how IAM can become a key enabler to organisations. Through cross-sector case studies and industry perspectives we charter key IAM imperatives including accountability, transparency, user experience and managing trust, privileges and entitlements. The early morning session will also explore:
- Why businesses require identity governance
- Examples of successful deployments of comprehensive, customer focused identity management infrastructures
- The impact of identity management investment on top-line revenue
- How to use IAM to achieve business goals and empower digital business
- The changing security landscape and disruptive technologies
- Operationalising identity intelligence for efficiency and risk mitigation
- Identifying future trends in the IAM space
PLEASE NOTE: The Conference will close with a Drinks Reception sponsored by One Identity.
The Conference Chair’s Opening Remarks
Sarb Sembhi, Past President, ISACA London
A Smarter Way to Manage Identity in a Changing Security Landscape
This session will look to elaborate on key elements of successful IAM deployment by exploring:
- The cyber threat landscape and trends
- Identifying challenges of large scale enterprise IAM
- Guidelines for success – letting the right people and devices in the network and keeping the wrong ones out
- The relationship between IDM and Infosec
- Regaining access control over resources you don’t control
- Scaling and growing according to your needs and capability
- Future proofing IAM investment
Alice Vasilescu, IT Project Officer – Connecting Europe Facility (CEF) eID at European Commission
The eIDAS Regulation provides a predictable legal framework and ensures the cross-border mutual recognition of eID means in the EU.
Since 29 September 2015, following the adoption of the implementing acts on cooperation between Member States on eID, on interoperability framework, on assurance levels for eID means and on notification, EU Member States may, on a voluntary basis, notify and recognise national eID means that citizens and companies could use across borders to access online public services. As of 29 September 2018 the recognition of notified eID will become mandatory. And though the regulation is primarily focused on online public services, the private sector could benefit from the use of the eIDAS eID services. Additionally, it is worth exploring whether this regulation could bring together key stakeholders of the eID landscape and bring benefits beyond the cross-border use cases envisaged by eIDAS, in particular at the national level.
In this context, the presentation will try to address the following three questions.
• What does this mean for the Member States? What is the status of eIDAS eID?
• What are the benefits for private service providers (IDPs and Relying Party)?
• How can eIDAS stimulate the electronic identification landscape alongside the cross-border use case?
Getting ready for a Digital Future – Secure and Compliant
Michael Whittlestone, Security Architect, TDC
TDC, Denmark’s largest Telco , is taking the lead in ensuring that Denmark is ready for a digital future, featuring intelligent homes and smart cities linked together by world-class internet service. This presentation will highlight how Identity enables secure and seamless access to make this digital future come true. Identity is at the core in helping people to communicate safely and in a most compliant way whilst having convenient access to the best entertainment via TDC.
OIX Case Study
Sue Dawes, Program Manager, Open Identity Exchange (OIX)
Nick Mothershaw, Vice Chair & Director of OIX UK
Sarah Munro, Director of Information Propositions, Barclays and Director of OIX UK
Open Identity Exchange (OIX), is a non-profit, technology agnostic, organisation of global leaders from the private and public sectors – a test bed for business, legal and governance best practices and policies. Society, like the Internet, runs on trust. Trusting that our online identity is protected and not commercially exploited without our consent is complicated and interrelated. Trust is a powerful economic driver of the emerging identity ecosystem. Technology is rarely more than a small piece of the solution. This presentation takes a closer look at the work of OIX UK chapter, keeping with both the European and Financial conference themes, to look at a new project running under Connecting Europe Facility (CEF), a cross border banking pilot and the EU’s LIGHTest project to build on the DNS infrastructure to develop a new European trust infrastructure. We’ll also look at the International Air Travel Association’s One Identity project where airlines plan to create a streamlined, frictionless process while enabling improvements to operational efficiency and security to the overall travel experience.
GDPR, Trust and Data Privacy: The birth of the civilised Internet?
Tim Barber, VP, ForgeRock
Trust is the foundation for lasting business relationships. Encouraged by new regulations and the ongoing debate around online data sovereignty enlightened companies are embracing this age-old truth in the digital world. Inspired to replicate the principles of trust in the physical world in their day to digital interactions, they recognising that setting standards of behaviour is something they need to do with their customers, not something they can do to their customers.
In this session we will explore:
- Examples of companies that are embracing digital trust
- How understanding identity can enable trusted relationships.
- The role of User Managed Access (UMA) in a standard approach to Trust networks
- New tools to enable a shared approach to privacy and consent
Questions To The Panel Of Speakers
Morning Networking and Refreshments Served in the Exhibition Area
How to Overcome the Limitations of a Traditional IAM Approach with Identity Analytics
Cyril Gollain, Chief Executive Officer, Brainwave GRC
In a traditional IAM approach, one has to balance the operational effectiveness of the IAM initiative with the growing costs of deployment and maintenance. This is especially true for older bespoke systems or “tier-2” applications for which there is seldom any justification for full IAM automation.
•However, critical security and compliance risks can oftentimes be found in the dark corners of the Information System.
•A comprehensive approach should therefore provide the means to control and audit all resources while focusing IAM automation where justified.
•Brainwave GRC provides innovative Identity Analytics technology embracing the breadth and depth of analysis which are required to effectively assess risks, detect inconsistencies and remediate to issues across all resources.
Transformation of ID Management Process in the Big Organizations
Joanna Zdulska, Information Security Access Programs and Governance Manager, Citibank Europe PLC
The financial organizations remain top cybercrime targets. In this session we will present a well-defined strategy and governance model to align IAM programs with both business objectives and risk landscape. What are the key considerations for transformation and how to get started. We will also provide you with a few tips on how to effectively grant users the appropriate entitlements in a timely manner, or revoke access due to termination or transfer in the large-scale environment. Furthermore, we will talk about ways to implement single Identity Repository for employees/non-employees, and enforce Segregation of duties. We hope the best practices of the operational processes and the technical solutions will help manage access controls to your company information resources.
Questions to the Panel of Speakers
Networking Lunch Served in the Exhibition Area
Session TWO – The Future of IAM in Enterprise
- Defining an IAM strategy, Benchmarking Performance, Identifying and Overcoming Challenges
- Exploring how to maintain, monitor, improve, optimise and govern IAM infrastructure
The Conference Chair Opens the Afternoon Session
PSD2 RTSL: Transaction Risk Analysis - Architecture Walkthrough
Kannan Rasappan, IAM Architect and Developer, HSBC
This presentation will explore:
• RTS mandate on TRA to help in SCA exemption
• Relevance of fraud rate & SCA exemption
• Leveraging mobile authenticators & risk engines to tackle fraud
• Audit, Reporting & Compliance for enrolling into TRA exemption
Resurrecting Identity & Access Management with Graph Databases
Rik Van Bruggen, Sales VP EMEA, Neo Technology
After spending more than a decade working in the Identity and Access Management space, I was hugely disappointed in the industry. It felt like – even after having witnessed, sold and implemented dozens of IAM solutions for companies like Novell, Imprivata and Courion – the industry was not able to generate a comprehensive, easy, generic, and solid answer to some of the conceptual and architectural issues that it faced. Now, 5 years later, I’m seeing a new approach to IAM, as graph databases like Neo4j are being used frequently to solve some of these fundamental issues, successfully. This talk will explain why I think that is the case, and show you an example of a working solution that may benefit many.
Prospect Identity Management through Analytics
Hasan Al-Madfai, Application Fraud Consultant, Direct Line Group
Know Your Customer (KYC) has become an integral activity for many B2C operations in the insurance industry. However, depending on size of operations, post inception KYC may not be scalable and carries with it a significant element of risk due to exposure. By contrast, targeted use of analytics pre-inception often provides a scalable solution with very limited exposure and minimal opex. Key ideas around the use of advanced analytics will be discussed and illustrated using case studies in prospect selection in a high velocity environment.
Questions to the Panel of Speakers
Refreshments and Networking Served in the Exhibition Area
How to get ready for GDPR compliance with IDM - a practical approach
Niels von der Hude, Director Product Strategy, Beta Systems IAM Software AG
– Resulting obligations and how it affects your organization
– How to enforce the compliant use and restrict the access to personal data
– How to demonstrate the implementation of appropriate measures for ensuring compliance with the principles of GDPR
Principles on Identification for Sustainable Development: Towards the Digital Age
Dr. Louise Bennett, Chair of the Security Community of Expertise, British Computing Society
The World Bank Group and Centre for Global Development have recently published ten Principles on Identification on behalf of a large number of UN organisations and other International bodies. These principles cover inclusion, design and governance. Louise will focus on the governance principles that cover building trust by protecting privacy and user rights.
Louise hopes to convince delegates that these are global principles that all organisations should sign up to. Identification systems must be built on a legal and operational foundation of trust and accountability between government agencies, international organisations, private sector actors and individuals. People must be assured of the privacy and protection of their data, the ability to exercise control and oversight over its use, and processes for independent oversight and the redress of grievances. Only then will every individual and organisation both feel and be safe online.
SGN and Okta Lights Up the Country with Cloud Transformation
Mo Ahddoud, Chief Information Security Officer, SGN
Enterprises today are facing increasing challenges around security, meeting compliance and regulatory requirements and reducing cost. Mo will share how SGN successfully used Okta to underpin their IT Transformation Strategy to the Cloud: bringing Security, Durability, Agility and Cost benefits to the Business. In this period SGN also improved consumer satisfaction and exceeded regulatory requirements.
Questions to the Panel of Speakers
Closing Remarks from the Conference Chair
With a Drinks Reception sponsored by One Identity.
Whitehall Media reserve the right to change the programme without prior notice.