Identity Governance & Security

Identity Lifecycle automation project in Swedbank lasted for 4 years. During all those years I fulfilled business analyst role in IAM area. I collected requirements, draw process models, and did detailed analysis. I also defined minimum viable scope of the project and drove the team to reach the goal. Finally, I did acceptance testing. I can share key activities for business analyst throughout different phases of the project.
Analysis
* Get descriptions or describe yourself HR-processes, which are related to identity area.
* Get descriptions/explanations of data feeds from HR-systems.
* Describe your needs to HR-system development team, such as future employment changes, deputies etc in advance.
* Trust but verify: ask for example files /data. Perform data analysis to makes sure, that previous descriptions and processes are valid.
* Just acknowledge that “roll-out” of new processes is not one day activity, this can last for multiple months and must be treated and described as a separate process.

Development
* Help developers with clarifying tiny details from stakeholders
* Document the details
* Control the scope and drive team to do correct prioritization
* Discuss alternative solutions to implement same business need

Testing
* Rehearse migration
* Rehearse roll-out
* If testing resource is limited – verify major business cases. Prolong pilot period to see rare business cases in production.

Roll-out
* Define different scopes and roll-out in smaller scopes (to keep incidents queue managed)
* Start roll-out from the process, that has smaller impact on acting employees (In our case we decided to start roll-out with leaver)
* Set up regular meetings with major stakeholders to inform them about changes in the processes. Good if you managed to agree on convenient communication channels (such as chat in Teams) between operational teams to be able to resolve incidents quickly.

Pilot
* Verify not only concrete cases, but also analyze the data.
* Agree on convenient way of communicating issues/bugs/questions to developers.
* Resolve incidents and fix bugs as quickly as possible, so that operating units don’t feel alone with software/data issues.

Key takeaways:

* Everything is possible but
* Define viable minimum
* Management team must be involved and work for your project. Your project must be a priority for all stakeholders / involved parties
* Start roll-out from the end
* Find a way to analyze your data to make sure, that everything is ok

What if we took the traditional way of thinking of Identity Governance and reversed it completely? Putting together a successful IGA program has commonly been a long haul,

A headache,

A mess,

A budget destroyer,

And an expectation disappointer.

There is a new way. Some call us crazy and some say its impossible. However, those who have experienced the new way call us visionaries. We have been presenting a modern ideology and process for IGA that drastically reduces the time to value, the total cost of ownership, and the economic impact of an Identity Governance Solution.

This panel will focus on strategic order of operations, calculating the economic return of the modern approach, how to optimize AI/ML in Identity Governance, and the ways simplicity expediates the path to stronger compliance and security postures.

The FIDO Alliance was launched in 2013 with the audacious goal: to change the very nature of authentication. To move the entire world away from usernames and passwords and traditional multi-factor authentication with an open and free web standard that makes authentication simpler and stronger. It’s 2021, so why are passwords still persisting? The session will answer that question, and detail the progress that has been made towards standardizing strong authentication and the opportunity for companies to start on a journey past passwords.

Join Andrew Shikiar, executive director of FIDO Alliance, as we look the past year from the FIDO standards lens, including:
-- The impacts of Covid-19 on digital transformation plans and securing remote workforces & where strong authentication has fit in
-- Progress global organizations have made toward going truly passwordless
-- Considerations for strong authentication when seeking compliance with regulation such as PSD2 SCA
-- What other areas, such as identity verification, that need to be strengthened to better secure the web

-- Attendees will understand how a global pandemic affected companies' digital transformation plans, including strong authentication projects

Key Takaways: 

-- Attendees will learn the status of efforts to standardize strong authentication, and where support stands today
-- Attendees will be able to analyze their strong authentication options for complying with regulation like PSD2 SCA
-- Attendees will be able to explain how identity verification and authentication relate, and efforts in motion to better secure both areas