Best Practices
Facebook Twitter LinkedIn

Best Practices

Combined Session
Tuesday, September 14, 2021 15:30—16:30
Location: ALPSEE

The impact of agile on progressing Identity Security

After applying an agile way of working for the last three years the Rabobank Identity & Access Management service has gone through a transformation. The increased autonomy of teams, using backlogs with prioritized epics, applying agile rituals in order to create space for growth in applying agile principles, all of these have affected how IAM services are developed and delivered. Where the arena is uncertain and customers have a somewhat-defined request the agile, iterative approach works. Yet where the arena is regulatory governed and compliance driven an agile approach works less. The impact of incidents in a 24x7 security service immediately reflects itself on the development of the service when a devops team is used. The strain between waterfall project management and this agile approach is not instrumental but conceptual. Aligning expectations with the wider organization is a challenge in itself. This presentation will demonstrate the pros and cons of agile on IAM.

Agile pitfalls
Alignment with the wider organization (using waterfall and deadlines)
Where agile works well and where it does not
Countering the management drive for 'new and improved', whilst also applying agile

Drs. Henk Marsman
Drs. Henk Marsman
Henk Marsman is Lead Product Manager for Identity and Access Management at Rabobank, a top three bank in the Netherlands. He’s responsible for the cohesion and service orientation of the IAM...

Improving IAM Success Rates with Rigorous Concepts

IAM programs in organizations have a reputation for difficulty and high failure rates. Through education and later through experience, professionals learn that communication is the most critical success factor in all human undertakings. We may have cutting-edge technology, generous budgets, and a competent team and still fail our project miserably. High-quality communication about IAM with our stakeholders is insufficient to succeed, but it is a necessary condition. 

And what is the building block of communication? Words and concepts.

Improving the IAM vocabulary's accuracy is the idea behind the TOME (The Open-Measure Encyclopedia) project - an open-source encyclopedia specialized in IAM, authored by volunteer IAM professionals for their peers. Its goal is to become the industry reference dictionary. It is free of charge and licensed under Creative Commons to facilitate its widespread adoption. It is rooted in science with a solid methodology and pervasive references to stand on the shoulders of giants.

In this session, I will present and define a series of IAM concepts, both frequently used and rare but often misunderstood

David Doret
David Doret
David Doret is veteran cybersecurity and IAM expert. He held twice the CISO position, served as Corporate Risk Committee board member for financial institutions and spent several years leading a...

Journey from Enterprise Strategy to Identity Simplification

In an insurance sector not yet impacted by uberisation, AXA is moving toward its digital transformation. To achieve its key targets, including reduced time to market and improved user experience, AXA has launched several major programs: network, datacenter, workspace, .., and Identity and Access Management. Come discover how AXA leads the IAM program to support its digital transformation though improved agility, automation & business partnership capacity, both external and internal, while maintaining a high level of security.

– Adapt your IAM program to your context
– Define and maintain the key objectives of your program
– Accept that an IAM program is a transformation program, not a technical program

David Martinache
David Martinache
David is a consultant specialized in identity and access management for the last 8 years. He supports major companies in their digital transformation by helping them rethink their authentication...
Fabrice Perrin
Fabrice Perrin
Fabrice Perrin joined AXA in 2015. After having managed the GDPR compliance of the group, he is now in charge of the simplification of the identity management. Fabrice is also deputy director of...


On-Demand Access
Re-live EIC 2021
Watch more than 250 sessions on-demand
Download all available presentations
Subscribe for updates
Please provide your email address