All too often IAM efforts are driven by technology, lead to suboptimal value for the actual users and do not meet business needs. This presentation looks at starting IAM with the business case instead, focusing on several essential elements and using real-life experiences and good practices (some learned the hard way) to provide an illustration.
The elements will include: getting to know your user, identifying a business strategy, uncovering business need and pain, and joining forces.
Key takeaways:
- How to set up for a service orientation of IAM
- Identifying the real users and getting clarity on their requirements and needs
- How to organizationally align to deliver a full service (and not just one component)
- Practical lessons learned (and painful examples of how not to do this)
IAM automation continues to progress as more and more organizations and vendors focus on making their security services consumable through self-service, APIs, and other low-cost/low-friction service delivery methods. But what is to be done about IAM infrastructure, deployments, and general operations tasks? Without paying for someone else to handle it via IDaaS? In this session Jon Lehtinen details how Thomson Reuters used containers, cloud services, & devops to build & launch a brand new, fully global, auto-scaling, & self-healing enterprise SSO service that is defined, deployed, and iterated entirely through code. This automation of SSO infrastructure & operations greatly reduced the time to deliver the new service, improves the organization’s security posture, & provides a superior authentication experience for users and application teams- all at a fraction of the run rate of comparable turnkey IDaaS solutions. Come and hear their experiences, and see how you too could automate away late-night outage calls.
Identity governance and administration is being re-envisioned in the adoption of identity-as-a-service. While its core capabilities for access requests, provisioning, reporting, recertification etc., remain familiar, the adoption mindset in enterprises has evolved, as their use cases have evolved beyond earlier regulatory compliance drivers. The increasing sophistication of attacks and the diversity of the threat landscape has highlighted to many organizations that they should evaluate radical new approaches for securing identity and understanding patterns of access at scale. In addition, business units look to IT as an enabler of bring-your-own-services, leveraging emerging technologies for cross-organization collaboration and cross-application data management, beyond what traditional identity governance projects had previously considered in scope. These trends are motivating enterprises to re-evaluate the identity governance scenarios that are critical to address, and how IT can most effectively maintain stewardship of their organization’s information assets.
In this session, we’ll discuss how organizations have been approaching identity governance and administration differently as they look to Identity as a service, how cloud delivered identity governance and identity management aligns with adjoining IT capabilities for information protection and user behavior analytics, and what are the best practice considerations for organizations when evaluating identity governance projects and IAM challenges to address next.