Webinar Recording

European Identity & Cloud Conference 2013 Preview


KuppingerCole Webinar recording

Good afternoon, ladies and tr welcome to our Ko Cole webinar, European identity and cloud conference, ESC review webinar. My name is Martin Kuppinger. I am founder and principal Analyst of Ko Cole. During this webinar, we will talk about what we have planned for this year's European identity and large conference. Give you an overview about the drags about the content of this event. And also we'll dive a little bit into some of the topics a little bit deeper into some of the topics. Talk a little bit about some of the things we will then intensified during this transference. Okay. A call itself. We are Analyst company. All information is available. Www a call.com. We are providing enterprise it research advisory, decision support, networking for it professionals. We have three areas. We are looking at one as research services where we create reports, white papers, etcetera, including our leadership documents, which provide an overview about the vendors in the market and rate them.
We do provide advisory services for end user organizations and vendors. And we do events including the European identity and cloud conference, which is our leading one. This conference will take place this year, May 14th to 17th, again in Munich, it's the same location. Like the last two years we expect to have more than 600 delegates, 150 speakers, 50 plus partners and exhibitors. And we will have five session tracks. And it's, that's what I will talk about. So let's directly start. When we look at the, a trend layout of the European identity conference, we have like usual. So we started you stay, we have some preconference workshops. And I think one of these preconference workshops was a really high interest. It'll be the so called ESE preference. Getting started workshop in this workshop, we will specifically, it'll be me and my colleague, Peter Cummings. We will talk about the agenda and we will support you in identifying the sessions you should attend. So that's, I think an interesting start because it really gives you an opportunity to discuss with us where to spend your time during the next three and a half days done like every year in the afternoon of the first day, we have our afternoon keynotes, the opening keynotes, starting with my own keynote. So I will do the opening keynote like every year. And from our experience, the keynote sessions in this afternoon are really something you shouldn't miss. There are a lot of very interesting keynotes from different persons providing a lot of good
Ideas. And so that's really where you should start. Then next days always we'll start with keynotes afterwards. We will have our five tracks of sessions, which are split into different topics like access governments, like privacy, data protection, and like identities, access and social in cloud mobile, social etcetera. So I will go through the most important drag step by step. Within the next few minutes, we also have one thing which you call digital enlightenment forum. That's together with the digital enlightenment forum initiative, which are pushing standards and other things around privacy. And we will have a life management initiative forum there where we talk about and, and really dive deep into the life management things. We have one for the finance industry, one for the automotive industry. And so that's the two and a half main days of the conference and done on Friday, May 17th. We will have three workshops, one on access gala, one on cloud provider assurance.
In fact, it's about cloud provider selection and assurance, and one about real world IM in practice. So a lot of, I think very promising content. And what I want to do then is to dive deeper into what I also want to, to, to mention is in parallel, we have our EIC expo, like every year with all the sponsors and exhibitors, and there's plenty of room to visit this expo, to talk with the vendors to. And I think it's a good idea to sketch your talks with vendors before, so that you can really make maximum use of few time and have optimally prepared vendors to talk with. So I think that's something where, where several of our customers during their decision processes made a very positive experience because they have all the vendors in one place, okay, let's move forward. One of these drag drags, we are, we are providing them access governance, access governance is one of the key topics in these days.
It's really about how can I keep control about access? How can I manage all my access requests? What is the organization behind cetera? So it's about bridging the gap between business and it, we will talk about a key elements of your access governance strategy, the organization or framework. So what do you need in guidelines and processes, but also how does access governance fit into the enterprise tier C framework? So how do you make the step first to the high level dashboards, C level, et cetera, to have your access risk as a visible information up there, we will talk about architectures about the vendor landscape cetera. So one of the things which will, which will publish soon, I think within the next two or three, Weeks's our leadership compass on access governance. It's in the final review right now, and this is something which then also will be one of our topics we are, we will talk about.
We'll talk about approaches on how to, to manage govern access based on role based attribute based access controls, etcetera. And as I said, one of the things we will look at is for example, also how to build a complete tier CA ecosystem around access governance. So access governance is a very important part of the entire story, but it relates to other things to business GRC and to overall QRC framework for enterprise GRC. So talking about this relationship will be one of the hot topics at the co se. And for sure, also looking at the architecture. So what are the, the opportunities you have by architecting access governance, right into your it infrastructure, all these are things which will be part of our upcoming European identity conference. Another very important topic is then not only access governance, but cloud governance. And if you look at the cloud, I think it's a, it's a very interesting point because when we look out there, we have a lot of companies and a lot of standards and others which are focusing on how can I do cloud provider assurance.
So ensuring that I get, or that you get what you pay for. However, it's also about how do I select the right provider, which is in fact able to provide what I will need. What do I need to extend traditionally governance processes and how, what do I need to extend them to this new paradigm and how to manage the cloud risk, how to first end to end security in the cloud. So how to keep things under control. And again, this is I think, a very important and very hot topic, which will discuss in depth within this direct. So cloud governance is a key thing and we also will have something I will quickly touch later. We will also have this one day workshop on Friday where we really dive into details on how to select your cloud provider, how to in first cloud provider insurance, etcetera, etcetera.
And so things like really looking at processes, what are standard processes you can apply for the cloud service provider selection, what are your processes and your approaches for cloud provider assurance, which of the 35 or something standards out there really helps you and how to enhance your existing service management to the cloud to really have everything on the control in a consistent way. This will things which we also then go deep into. And especially during the workshop on Friday, another governance and security issue and a new topic on the E I C will be big data governance and stewardship. My colleagues, Mike Small and Dave current recently wrote a paper on information stewardship and information stewardship is I think a very important topic and you shouldn't miss to read this report. And if you look at big data stewardship, it's one very important piece of information.
How can we ensure that data doesn't leak that we know who is has access to the data that we have, know the access risks regarding data and all these other things. And we, when we look at big data, the point is just, things are getting bigger. It's more data it's mangled through. It's combined with other data it's getting increasingly complex. So big data governance, big data stewardship is an important topic. And I'm a hundred person convinced that big data security, big data governance will be one of the hot topics of 2013, just because there will be incidents that will go things wrong because companies start with big data and lack big data security and governance, and you will learn ESE how to deal with it. So what you do here now, how does big data stewardship and data stewardship in general relate to information stewardship, how to move from big data.
So buying a lot of hardware to smart data. So optimally combining data, which is out there, what is the potential of the API economy here? And for sure, the question of big data is more privacy and little security and big data. Stewardship is really about the next big thing. It's about bringing it, bringing it all together. So APIs to make it smart, how to access other data, open government data. And what on all the other sources, you have data governance knowing what happens, compliance, enforce regulations and privacy, data security, bigger data, higher risk. So these are topics we are looking at in that part of our conference. Then we have to direct topic of privacy or privacy data protection and it law. And we have just as one example, we have a new member in our team, which is cast and keen asked, who is a lawyer who really can look at these topics from an law perspective and a lawyer perspective. So we will have different perspectives such as the it perspective it's legal perspective. We will have a, I think a great combination there for sure. A lot of other speakers in there as well. So privacy needs business needs how to deal with this.
Yeah. How to find the balance between these two things. So then bring your own devices or whatever corporate out personally enable devices, whatever is it a loose, loose situation, a situation, or is it just the right thing to do? And if you do it, how to do it, how to avoid the liability risks in there, and they can be extremely big. We will look at the used general data protection regulation and the truths for any business. We we'll talk about set regulation, data protection, obligations, and liabilities of cloud providers and the draft you data protection regulation, storing data on the cloud and lead consequences and data breach, notification overview and practice. So a checklist of practical guidance. So there will be a lot of different topics. And I think again, a lot of very interesting and very important topics. And then we have a very intensive topic which is managing identities and access and cloud mobile and social it's about how to deal with identity and access management and traditional and evolving environments, how to really deal with these new challenges.
So how to control access to cloud services, how to manage access for mobile devices in the context. What about social logins and all that type of stuff. It's about preaching the gaps between internal and external. It's about cloud and on-premise internal, external privilege and normal users with their mobile and classical devices. So how to create an integrated infrastructure that manages access to information and context, instead of working on a lot of pieces, which don't fit together, it's about how does your information security infrastructure look like in the future? We also will talk about in the context about the it organization. So what does it mean for an it organization, which is really able to deal with this? It has to change away from silos towards a far more integrated approach, the future of cloud identity, where a lot of things are happening right now and how to provide identity management as a service for customer managed relationships and partner managed relationships.
There are so many things in there I trust can touch everything, but some of these challenges we are looking at are, for example, that we really are at the end of the parameter today. So when we go back to the early eighties or pre eighties, we had our mainframes. Then we had some communication. Also with auto mainframes, we had the first midrange and servers. We had the first PCs network, the PCs, we, the internet became popular. We expanded it. Cloud computing happened. And right now it's just a world where we don't have we the parameter anymore. We have so many communication channels between the cloud, between our customers, between our external priorities, between mobile devices, etcetera, etcetera, that we have to refine and redefine the way we handle identity and access and information security in landscape. It's not about network security. Only anymore. Network security might help mobile security might help, but we need to understand the bigger picture.
Otherwise we will fail. And we have situations in this context where we have our internal users, we have our external users, we have services externally. We have internal services and we have a mix of ways to access this. We have externals, which are authenticating to our internal systems. We have others which are external to cloud service, but at the end of the day, they go through to an internal application, everything is mixed and we have to understand how to manage authentication and authorization. That context. We have to look for worse tele syndication for risk and context based authentication or authorization, and how to move forward on that. That's what we will explain in the strike during EIC, we will go far deeper. And I think there's a lot of, again, very valuable information in that area. We touch bring your own device in the leading context.
And we will look at bring your own device in the sort of the IM architecture, et cetera, track I've just talked about. And we will look at it in a special track beyond bring your own device. It consumerization on mobile enterprise. So how to make these things really work. And, and if you look at bring your own device, I think the, the key aspect is that bring your own device is something which is easier to broader to narrow. If we look at the devices, many of them are not own devices. They are company owned, but we still, they are still mobile. Whatever. On the other hand, we have a lot of own devices. If we look at access from our customers, that might be their PC in the home office, the audience might come in with this notebook. Others might come in, externals might come in with their notebooks, which are not the classical mobile devices, but more traditional devices.
So it's really a, a bigger story. And it's broad to understand what it means to information security and mobile. No, the risks fight the threats, which role does mobile device management play in there and which role shouldn't mobile device management play, which things are better done with identity access management. So the maturity maturation process of enterprise mobility management towards really mobile security management or as part and as an integral part of information security. So since we, we will talk about here, and this is one of my, my traditional pictures, sort of one, which I have used quite a several times. And it's really about that. Our scope of information security is changing. So it's changing from the view on our internal deployment models, maybe a little bit of private cloud, our internal users, maybe some of the partners, the ones, the externals who are very tightly coupled, and the view on our traditional systems towards all systems, all types of uses and all types of logins and to all deployment models.
And within that model, it is about understanding how can we manage access of identities that might even be things. So think about the internet of things, etcetera, how can we manage access of identities to information that should be our core focus? How can we use different authentication mechanisms and how can we make decisions, not as a black or white decision, but as a decision, which takes the context and the risk into account. And if you do that, right, we have solved a lot of problems or we have at least delivered a big part of the solution of a lot of problems like mobile security. So we will go back to this then again, during our conference, another topic, how to build your IM I infrastructure the right way and support business today. That's where we will talk about our it paradigm defined by coopering a call.
So how should IM I and your overall it look in the future, our vision IM and I. So I am identity access management. I achieves identity access governance, how to shape your Infor infrastructure, future proof. We will talk about the future of authentication and authorization and touch things like also Sam stats, how, or how that assemble and what do you need to do? What are the next steps there? So it's really a little bit down to earth strike. I would say, where we really go into details on these things. And we will also, and we, our big picture, it's currently a draft and it's probably a little bit hard to read of what we see really as the most important it infrastructure building blocks, you should focus on what does it mean to your organization? So how should your it organization look like to deal with this?
And there's a lot of identity and there's a lot of access and there's API economy and there's network security to some degree and etcetera. And how do these things together? What do you need and how do they relate to each HR? That's something we will talk about far more intensively, as well as we will talk about call building blocks for your future. I am like, what do you need to do in identity management on premise and in the cloud? What about the cloud directories about access management with first versatile and special risk context based authentication and authorization at the core plus dynamic authorization management, we'll talk about information, rights management, access governance, etcetera, for all deployment models.
We will talk about the internet of things because it's not only about a person accessing our information systems and our information anymore. It's about more and more devices, cetera, et cetera. So connected objects, the real world, internet web of things. What are the visions of business model? How does this relate to information security to privacy concerns? How does this relate to things like our life management platform topics and the API economy? So it'll be sort of a really bigger story we will tell here. And that's, that's what we will focus there. So this is more the, I would say the solid leadership direct here, where we really go beyond the traditional scope of IM, but I think it's worse to attend because there is far more than what we are looking up on until now think about the smart metering thing in your home from your utility provider.
There's a lot of identity and a lot of access in this topic, think about your connected vehicle of the future. And if you don't solve these problems from an identity access management perspective, we will face massive challenges and threats. And one of these topics in there is the API economy, which is related to, we have more devices than ever in all these devices can expose something we need and do increasingly more fine train access via APIs instead of classic degrees. So if you look at numbers of sales, first.com, they have far more graphic through APIs than through their traditional graphical user interface. We are increasingly building new applications of apps by orchestrating different APIs for big data. It's extremely important because in the context of big data, it's about how can we use APIs to add and to access additional data which we use to let's say increase the value of the big data we have.
We have to M two M the machine to machine communications thing where applications, apps, etcetera communicate the internet of things, things, and the identity explosion, life management platforms, personal data customer managed relationships. It's about life management platforms. It's about status trends, standards in that area. It's about trusted identities and addressed frameworks about all the things we've started talking about last year. And so that's will be one of the, the major topics here. It's one of the important things we've stressed also at last year, started stressing at last year's the se, and it will change the world of using computers and dealing with our own data. And one of these concepts in there is, is really our life management platform, which are, will enable that people store their personal data and share it in a way which restricts the app use of information by using apps, which then act as intermediary intermediary between the individuals and organizations.
It's a very important topic. And there's also interesting report out there at our website on life management platforms, which you should read. I think it's very worthless to have a look at this report besides the sort of standard direct we have, like I've said, we have different round tables and workshops. Cetera. One of these round tables is the finance industry forum. It's really about identity management for financial services. It's targeted to users from financial services, which then can share their experience with the peers in other financial institutions. So it's an opportunity to really meet with your peers, to discuss what your issues around identity, access management, governance, et cetera, with your peers. It's also about leveraging cloud computing for the financial sector, which again is something which is tightly related to access and identity. And it's about a role of identity Federation for financial institutions.
Another round table will be the life management initiative where we will create a new initiative pushing forward life management platforms. So we will have a kickoff meeting to start implementation of life management, infrastructures and services. We will talk about the roadmap behind this. So it's really about how to start these things. We will talk about the market view. Who's doing, what's bringing different parties together that you really enable this, this scope use cases and best practices, standards, and initiatives, which, which existing standards and which initiatives are relevant to you. And I think that's very important for all the ones who think about becoming a provider in the area of life management platform and using in 2013 in our, during our European identity conference will be the, what we call beer garden torques. So it's a Munich, a Munich that's about beer. It's about braids cetera.
And what we will do is there's a location a little bit directly located at the expo area, but outdoors, which will allow us to have some really relaxed meetings. And you can challenge the vendors in a relaxed atmosphere. You can talk with them, they will deliver short, direct presentations, describing their approach on how to solve few critical business challenges you can direct and intensively discuss with them right after the presentation. This will be very short. It will be placed around the breaks of the main agenda tracks, and then later afternoon. So it doesn't prohibit you from attending other sessions. It just adds to your schedule and gives you the opportunity to make a maximum use of breaks. Etcetera, you can connect to vendors intensively and make maximum use of your time while still having the opportunity for some coffee and drinks. And even while they call it beer garden, it's during the day.
So it's a coffee and drink thing another, and maybe a bread thing, whatever will be there, but it's not a beer thing. It's only the beer garden. Then finally talking a little bit about the workshops we will have at the end of deference on Friday, and from our experience, especially from the last two, three years, it's you shouldn't miss the workshop days. They are extremely valuable. They provide a deep dive into topics. One of this is a real word I am in practice practice. So defining the IM program that fits best to your organization while taking Baal two. So two SOS and IM patterns into account account, taking IM to the next level with these patterns, achieving success with CR IM implementation. That's something you definitely shouldn't miss. It's about really moving forward from working to the audit and moving from one problem to the next and trust, trying to address and finances towards a strategic approach, which reduces your costs and which provides you a standard solution, which helps you to better deal with all the upcoming requirements. So sync strategic, not tactical, and how to do this. That's something you will learn a lot about during this workshop. There's a workshop on cloud provider assurance. I've touched this topic before. It's about how to select and how to govern your cloud provider, how to implement our providers assurance based on real life scenarios, leading you through the steps necessary to assure that cloud service, meet your business requirements, looking at what COVID five provides their government advice, et cetera. So it's, again, I think a very interesting and very important workshop here.
And that's a, as a first overview about what we will do during European identity and cloud conference 2013. And I think was only while we just had a very short look at different topics. Hopefully it gave you the impression that this is the conference you need to attend. It's the last attend conference in these topics in 2013. So we have room for questions. So if you have any questions, just enter them on the question of go to webinar. One other information until tomorrow we have our early, early bird. I think so the special early bird rate, which is very, very attractive, have a look at this rate.
I think it's very worse to book for that rate. It's welded until tomorrow. It's only 1,200, 1,200 euros. And don't miss to book for this rate. Now, for sure you can book later brings more money to us, but until tomorrow you have this special early be bird rate. Okay. If there are no further questions, sorry for the network issues, which caused a short break during the session, I think it's years ago that it happened last. So things happened. And if you have any further questions, just contact our team, talk with them, ask them their questions about a conference and them hope to see you in Munich in may this year. Thank you. Bye.

Stay Connected

KuppingerCole on social media

How can we help you

Send an inquiry

Call Us +49 211 2370770

Mo – Fr 8:00 – 17:00