European Identity Conference (EIC) expands further

Munich, May 27th 2010 – The European Identity Conference 2010, which drew to a close on May 7th, 2010, has further solidified its position as the premier event for IAM (Identity and Access Management) and GRC (Governance, Risk Management and Compliance). At the same time, the topic of Cloud Computing—with special emphasis on Cloud Security and Governance—has shifted even more into the limelight, also as a result of the Cloud 2010 conference that ran parallel to the EIC.

The four conference tracks offered user presentations, expert panels, and presentations by analysts from Kuppinger Cole covering the most significant topics in these fields. Further program highlights were provided in the form of key note speeches from leading industry experts such as Kim Cameron (Microsoft) and Gerry Gebel (Axiomatics), as well as from CIOs such as Peter Ligezinski, representing the Allianz Investment Bank, and Dr Rainer Janßen, representing Munich Re. As always, the focus was on trends and developments, their feasibility, and how they influence decision-making and planning in IT. The EIC 2010 once again provided invaluable practical information for corporate users.

The field of Cloud Computing is currently focused on the development of a strategy for a hybrid Cloud, namely the strategic link between internal and external IT infrastructures and the changes this will require in service management. A roadmap is additionally needed for managing risks and for governance in the Cloud.

Increasing emphasis is being placed on privacy, namely the protection of personal information. Within the framework of information governance, this topic must be of the highest importance. The introduction of the new identity card (neuer Personalausweis, or “nPA”) in Germany this November additionally raises the question of how to integrate the nPA into authentication strategies, especially for customers. Businesses should consider how they can limit the amount of information they request from customers – including through the use of new technologies—and thereby increase customer trust. In this case, less is often more.

Businesses should also look into the development of an enterprise-wide GRC strategy, a comprehensive approach to governance, risk management, and compliance without artificially separating the operational standpoint from the IT standpoint. This requires taking a fresh look at the corporate organization and defining an enterprise-level GRC architecture. A solid technical foundation in IT-GRC, however, is likewise necessary to enable the reliable and comprehensive identification and analysis of risks.

Another topic discussed at the EIC was convergence, which qualifies as one of the most important trends of the coming years, but for which an increasing number of practical applications are already available today. In this case, businesses must focus on context-based authentication and authorization, providing differentiated decisions based on the user’s location, the equipment being used, and the activity being performed. Another topic increasing in importance is “versatile authentication”, an approach that flexibly combines and uses a variety of modular authentication mechanisms. The integration of technologies is even advancing in established areas such as Enterprise Single Sign-On and Privileged Access Management (PAM).

Optimization is key to achieving as much as possible from tight IT budgets. Therefore, the featured topics at the EIC 2010 included the integration of Identity and Access Management with Access Governance technologies and the relatively simple and inexpensive introduction of PAM technologies to reduce risks arising from privileged users such as administrators, as well as new and flexible architectural models for IAM.

Finally, businesses need to pay even more attention to information security. According to Martin Kuppinger, the founder of Kuppinger Cole, “from the standpoint of both the decision-maker and the user, it’s the I in Information Technology that matters, not the T.” This issue covers important topics such as Information Rights Management (IRM), a field that has achieved a higher level of maturity, and Authentication, Authorization, and Information Security strategies to replace investments in targeted DLP (Data Leakage Prevention) solutions.

Despite the continued difficult economic conditions, the conference still succeeded in becoming even more prominent in 2010. Particularly positive was the greater-than-average increase in the number of corporate users attending the event. The conference, which attracted around 150 speakers and welcomed attendees from over 20 different countries, has firmly established itself as a truly international event.