Lessons Learned

With great automation capability comes great responsibility! Come discuss and learn vital lessons gleaned from disasters in Identity Management.

Key Takeaway:

• Learn the importance of testing, consent and privacy

When did the acronym PEBKAC become a commonly accepted trope in security? Blaming users for security failures may be a convenient out, but it is also misguided. Identity and access management, at the center of bringing people into the security equation, should be making things better. But all too often we suffer from the same bad habit of thinking technology can solve all problems - if only the users would listen and do as told. But times, and expectations, are changing. Shifting from “users” to “people” requires us to move security away from being a dark art, and transform it into something more approachable, more human. Identity has a huge role to play in this. This session will examine the contradictions that exist in the way we, as technologists, approach identity, and how the changing role of identity is forcing a change in how we “do” identity.

Why Role-based SoD modeling has proven to be a train wreck in every Identity Governance Project. So what can be done?

Why do organizations continue to struggle with entitlement risk modeling? It boils down to risk being aligned to roles and role-based access. The irony is that roles were never intended to be risk models. They were once low-hanging fruit, a logical way to provide an early means of grouping users to entitlements and later associating risk to such groupings.