Identity & Access Management

 

 

AGENDA

 

 

Agenda

PrivSec Focus - Identity & Access Management

GMT Agenda
08:55

Opening Remarks
08:55 AM - 09:00 AM

Speakers

09:00

Implenting Identity and Access Management (IAM) Systems Post-Pandemic: What Does 2022 and Beyond Hold?
09:00 AM - 09:45 AM

1. Secure access: Opening networks to more employees, new contractors, customers, and partners offers greater efficiency and productivity, but it also increases the risk. An IAM solution enables businesses to extend access to their apps, networks, and systems on-premises and in the cloud without compromising security.

2. Reduced help desk requests: An IAM solution removes the need for users to submit password resets and help desk requests by automating them. This enables users to quickly and easily verify their identity without bothering system admins, who in turn are able to focus on tasks that add greater business value.

3. Reduced risk: Greater user access control means reduced risk of internal and external data breaches. This is vital as hackers increasingly target user credentials as a key method for gaining access to corporate networks and resources.

4. Meeting compliance: An effective IAM system helps a business meet their compliance needs amid a landscape of increasingly stringent data and privacy regulations.

Speakers

  • Paul Simmonds, CEO, The Global Identity Foundation
  • Stefan Bosnjakovic, External IAM&GRC-Architect, Contracting consultant/architect, currently primarily Hilti AG (Schaan, Liechtenstein)
09:15
09:30
09:45
10:00

Integrating Identity Access Management With Data Loss Prevention
10:00 AM - 10:45 AM

It’s common for security professionals to provide identity information from an IAM tool to a data loss prevention (DLP) solution that continuously monitors sensitive data and correlates events to minimize the risk of losing sensitive data. The events are also correlated with analytical artificial intelligence and machine learning tools that analyze historical access behaviors to detect potential fraud.

Both IAM and DLP solutions must be leveraged to address insider threats and emerging threat vectors. Behavioral analytics and incident forensics tools provide additional monitoring capabilities. By integrating both of these solutions, organizations can handle the fast pace of emerging IT trends and threats with mobile and cloud computing.

Speaker

  • André H. Paris, CIPM, CCEP-I, Managing Partner, Fakos – Data Privacy & Compliance Consultancy
10:15
10:30
10:45
11:00

Sponsor Session
11:00 AM - 11:30 AM

More information to follow

Speakers

11:15
11:30
11:45
12:00

What do practitioners need to pay attention to or need to understand when it comes to implementing cloud IAM?
12:00 AM - 12:45 AM

What kind of processes work and what kind of steps are required from a security team

Speakers

12:15
12:30
12:45
13:00

Why Effective Process and Governance is as Important as Technology When IAM issues arise
13:00 AM - 13:45 PM

When IAM issues arise, organizations often lean too heavily on implementing technology with the idea that it will solve all issues related to identity and access. This leads to short-term solutions with an incomplete understanding of the real business need and accompanying requirements, and issues often resurface. Organizations investing too heavily in technology often have a limited view on the overall business value of IAM initiatives and thus struggle to realize maximum gains. Successful IAM programs look to focus efforts on the strategy, process and governance of an IAM program first, then tackle technology with all the right requirements in place.

Effective process and governance helps remediate elements outside of technology, such as organizational structure, risk management, and standard procedures and processes. Complying with existing IAM standards, such as managing privileged accounts through an enterprise IAM tool, can be enforced without the use of technology by utilizing existing enterprise gates, like change management processes, release management or a system development lifecycle. Root problems often lie within the process and governance in place (or the lack thereof), which make up organizations’ IAM. Increasing the focus on establishing IAM methodologies and governance frameworks, reengineering processes, improving standards, and employing playbooks will have long-term benefits to organizations.

Speaker

  • Onur Korucu, M.Sc, LL.M, Sr. GRC, Data Protection, Cyber Security Manager, Avanade
  • George Schlosser, Lead Architect IAM, The New School
  • Suzanne ElHorr, Senior Risk and Identity Manager, American University of Beirut
13:15
13:30
13:40
14:00

To Manage or Not to Manage: Reconciling Bring Your Own Device (BYOD) with the Corporate Network
14:00 PM - 14:45 PM

To manage or not to manage—there really is no choice between the two for today’s enterprises. Employees, contractors, partners, and others are bringing in personal devices and connecting to the corporate network for professional and personal reasons. The challenge with BYOD is not whether outside devices are brought into the enterprise network, but whether IT can react quickly enough to protect the organization’s business assets—without disrupting employee productivity and while offering freedom of choice.

Nearly every company has some sort of BYOD policy that allows users to access secure resources from their own devices. However, accessing internal and SaaS applications on a mobile device can be more cumbersome than doing so from a networked laptop or desktop workstation. In addition, IT staff may struggle to manage who has access privileges to corporate data and which devices they’re using to access it.

Speakers

14:15
14:30
14:45
15:00

Sponsor Session
15:00 PM - 15:30 PM

More information to follow

Speakers

15:15
15:30
15:45
16:00

Identity and Access Management Challenges in the Era of Mobile and Cloud
16:00 PM - 16:45 PM

Organisations are flocking to cloud services and mobile devices to cut costs and boost productivity. Despite the benefits, these technologies exacerbate the challenge of verifying identities and managing access to applications and data by consumers, employees and business partners from multiple devices and locations.

This session takes a look at some of the most common identity and access management (IAM) challenges and how organisations can resolve them without compromising employee productivity.

Speakers

16:15
16:30
16:45
17:00

Integrating cloud IAM as a full component of the enterprise security landscape in order to provide business value and to prevent breaches
17:00 PM - 17:45 PM

A fundamental mistake for organisations when handling security needs is performing individual, one-off projects to address IAM concerns. Individual projects often lack centralised leadership and provide only temporary solutions to the issue at hand. While a one-off initiative may temporarily close a pointed gap for a specific business area, it may not always align with the enterprise IAM program vision. This session show how a successful covers the following core aspects -

1. Treating IAM as an ongoing internal service to the organisation by setting up an IAM operating model, along with a dedicated internal services team, to establish IAM as an ongoing service in order to manage demand from the business and IT, prioritize initiatives, and gauge IAM progress and maturity.

2. Formalising enterprise goals and control objectives;

3. Establishing procedures, policies and control gates to drive governance;

4. Formalising an enterprise service model;

5. Standardsing reporting of enterprise IAM management metrics.

Speakers

17:15
17:30
17:45
18:00
18:15
18:30
18:45
19:00

Closing Remarks
19:00 PM - 19:05 PM

More information to follow

Speakers

19:05

Topics

PrivSec Focus - Identity & Access Management

Implementing multifactor authentication through identity and access management solutions to solve IAM issues

Hard Tokens, Physiological Biometrics, Behavioural Biometrics, Geofencing, Time and Location Authentication, Universal Second Factor and Client Certificates.

Provisioning and Deprovisioning

How the key to proper provisioning and deprovisioning lies with identity governance and administration by helping your IT security team create clearly defined roles with set permissions for easy provisioning.

IAM as an ongoing service

Treating IAM as an ongoing internal service to the organisation by setting up an IAM operating model, along with a dedicated internal services team, to establish IAM as an ongoing service in order to manage demand from the business and IT, prioritize initiatives, and gauge IAM progress and maturity.

What do practitioners need to pay attention to or need to understand when it comes to implementing cloud IAM?

What kind of processes, what kind of steps that are required from a security team.

To manage or not to manage (BYOD)

Reconciling Bring your own device (BYOD) with the corporate network

IAM in the Era of Mobile and Cloud

Meeting Identity and Access Management Challenges in the Era of Mobile and Cloud

Integrating cloud IAM as a full component of the enterprise security landscape in order to provide business value and to prevent breaches

More information to be announced!

What has been the big challenge for the practitioners, the CISOs in particular, when they have attempted to integrate security with the cloud IAM and what is on the horizon in 2022?

More information to be announced!