Identity & Access Management / Governance is Key to Information Security

  •  TYPE: Track   DATES: May 14 - May 15, 2014
Conference Tracks

It never has been more obvious that Identity & Access Management/Governance (IAM/IAG) are the prerequisites for Information Security. Tax data theft in Swiss banks, with data being sold afterwards to the German state; the excessive access Edward Snowden had to documents; the excessive access Bradley Manning had to documents: these and many other incidents such as data loss, industrial espionage, or successful cyber-attacks stand for the need for better IAM/IAG. However, there is more: The daily trouble in many organizations when users do have access to systems and information they need; the ever-increasing audit pressure; the administrative costs of managing users and access entitlements manually; the need for managing access not only to on-premise applications but also the Cloud: It is about having IAM/IAG in place.

IAM/IAG is more than Directory Services, Identity Provisioning, or Access Governance. It is about a number of disciplines, with new hot topics emerging in these days, such as Privilege Management or Cloud IAM. It is about strong authentication of users and the ability to support BYOI (Bring Your Own Identity), enabling business partners and customers to rely on identities they already have. The new ABC (Agile Businesses: Connected) increases the IAM/IAG challenges. The “Identity Explosion”, a term Martin Kuppinger introduced back at EIC 2012, is a reality today. Organizations have to deal not only with their employees, but with business partners, customers, prospects, leads, etc. Instead of some Thousand or maybe some Hundred Thousands of users, it is about millions of users now. That all changes the IAM/IAG challenges and it changes the role of IAM/IAG for organizations. There is no way to open up your organization to deal with all these new users, without a strong IAM/IAG foundation. There is no way to become and stay compliant and secure (which not necessarily is 100% the same) without IAM/IAG in place. IAM/IAG is a key success factor within Information Security. It is a key success factor for today’s agile, connected businesses.

This track combines IAM/IAG technology-related sessions.

Moderators:

Tracks:

IAM Infrastructure Trends & Concepts

Sessions:

Killing Identity Management in Order to Save It

Date: Wednesday, May 14, 2014 Time: 11:00-12:00 Location: AMMERSEE II

Killing Identity Management in Order to Save It
IAM has not kept up with the time and has become less than optimal for modern business. In order to be invaluable, IAM has to radically adapt. This session will discuss: How current IAM is not well suited for the modern business What a truly modern IAM system would include What we as an industry can do to evolve.

Weaving Identity into Business Services - Is this the Future of Identity & Access Management?
The future of IAM is unwritten. Industry leaders will discuss, debate, and debunk potential approaches for IAM to evolve and its new relationship to business.

Dynamic Authorization Management: The Market and its Future

Date: Wednesday, May 14, 2014 Time: 12:00-13:00 Location: AMMERSEE II

Dynamic Authorization Management: The Market and its Future
In this session, Graham Williamson of KuppingerCole will present on the current state of the Dynamic Authorization Management market based on the brand-new KuppingerCole Leadership Compass document on the subject.  The session will discuss the direction of IAM solutions to externalise their authentication and authorisation decisions to a centrally managed decision point.  The presentation will advise on the direction various vendors have taken and the degree to which standards such...

RBAC, ABAC, or Both?
There is an ongoing discussion about terms such as RBAC (Role Based Access Control) and ABAC (Attribute Based Access Control). However, is it really about either-or? Or isn’t it that most role concepts take other attributes such as the Organizational Unit into account, while the role is a major attribute for most ABAC concepts? Shouldn’t the discussion be more about the question on how to make the shift from Static Access Management, based on pre-determined ACLs (Access Control...

OpenRBAC: Why using an LDAP based Backend for Role Based Access Control Information
OpenRBAC is an open source implementation of the ANSI standard RBAC. It uses OpenLDAP as backend for storing information on user, roles, resources, priviledges, etc. This has a number of advantages and only very few limitations. Access decisions can be retrieved by simple ldap searches so that a OpenRBAC based Policy Decison Point can answer ten thousands of such queries per seconds. Since two other RBAC software products use LDAP, currently work is being done...

IAM Infrastructure Trends & Concepts

Sessions:

Drivers and Lessons learned from a Recent ABAC Implementation at Generali

Date: Wednesday, May 14, 2014 Time: 14:30-15:30 Location: AMMERSEE II

Drivers and Lessons learned from a Recent ABAC Implementation at Generali
Manuel Schneider from Generali Deutschland Informatik Services will describe Generali´s drivers and lessons learned from a recent ABAC implementation project. Generali's objectives were to enable the organization to share IT resources among entities in a heavily regulated environment that demands precise and context-aware access controls. Based on this information we will highlight some conclusions that should be of value to attendees.

ABAC - Visions and Reality
NIST and the Federal Chief Information Officers Council explicitly name Attribute Based Access Control "as a recommended access control model for promoting information sharing between diverse and disparate organizations". In 2013, a Gartner analyst predicted that "by 2020, 70% of all businesses will use attribute-based access control". So there is wind elevating ABAC into the clouds but what happens on the ground?   In this session, the panelists will summarize findings from a large...

From Rogue IT to Strategy: Tying API Management into the Enterprise Infrastructure

Date: Wednesday, May 14, 2014 Time: 15:30-16:30 Location: AMMERSEE II

From Rogue IT to Strategy: Tying API Management into the Enterprise Infrastructure
API Management has often been an example of “Rogue IT”, used by line-of-business and to manage their Web APIs. These Web APIs are often tactical in nature, servicing a particular mobile app or a specific partner integration. As such, API Management most of the time is found outside of Enterprise IT. So how can API Management become Enterprise API Management? The answer lies in tying API Management into enterprise Identity Management, into existing network monitoring and...

An Ecosystem for API Security OAuth 2.0, OpenID Connect, UMA, SAML, SCIM and XACML
Enterprise API adoption has gone beyond predictions. It has become the ‘coolest’ way of exposing business functionalities to the outside world. Both your public and private APIs, need to be protected, monitored and managed. This talk focuses on API Security. There are so many options out there to make someone easily confused. When to select one over the other is always a question – and you need to deal with it quite carefully to identify and isolate the tradeoffs....

Mature, Well Established, Inevitable: Guiding you through the Current Enterprise Single Sign-On Market

Date: Wednesday, May 14, 2014 Time: 17:30-18:30 Location: AMMERSEE II

Mature, Well Established, Inevitable: Guiding you through the Current Enterprise Single Sign-On Market
The KuppingerCole Leadership Compass provides a thorough and comprehensive analysis of the product offerings in a particular market segment. KuppingerCole compares these offerings based and identifies the overall leaders, product leaders, market leaders, and innovation leaders. Furthermore, KuppingerCole provides in-depth analysis per product and additional analytics that show the strengths of products for various customer challenges. KuppingerCole Leadership Compass documents help customers...

Adaptive & Risk based Authentication

Sessions:

Authentication Trends – will Wearables take us _BAC to the Future?

Date: Thursday, May 15, 2014 Time: 11:00-12:00 Location: ALPSEE

Authentication Trends – will Wearables take us _BAC to the Future?
In the seemingly unending search to find the next generation of devices and methods to replace passwords as authentication mechanisms, the various x-Based Access Control (Rules, Roles, Attributes, Context, etc.) which had been projected by one pundit or another to be the “killer app” for secure access may be getting a run for their money from wearable, biometrics-based, token issuing devices. Join us to find out what’s new and what we recommend for today’s...

Do We Need To Put Secrecy Back In To Security? The Reinvention of Authentication
In this discussion we will all work together to re-invent authentication. Why? Because the industry has been adding more and more layers of complexity to the authentication process and rather than making our environments more secure it is having the opposite effect. Utopia is an authentication process that is simple, memorable and secure, but existing methods of identification used by the majority of organisations, all lack at least one of these vital components....

The Future of Authentication (is Now)

Date: Thursday, May 15, 2014 Time: 12:00-13:00 Location: ALPSEE

The Future of Authentication (is Now)

Cloud Security & Authentication

Quick Links

Stay Connected

Information

Congress

European Identity & Cloud Conference 2014

Language:
English
Registration fee:
€1980.00 $2475.00 S$3168.00 21780.00 kr
Mastercard Visa American Express PayPal INVOICE
Contact person:

Mr. Levent Kara
+49 211 23707710
lk@kuppingercole.com
  • May 13 - 16, 2014 Munich, Germany

Partners

The European Identity & Cloud Conference 2014 is proud to present a large number of partners
Learn more

How can we help you

Send an inquiry

Call Us +49 211 2370770

Mo – Fr 8:00 – 17:00