| | |
Monday
09:30 AM - 10:30 AM | |
| The increased range and variety of authentication methods and platforms now available means that there that there is likely a “best fit” authentication solution for every enterprise use case. But it is difficult for IAM and information security leaders to find that solution among the myriad options.
- What are the characteristics of a good authentication method?
- How do different use cases influence and constrain enterprises’ choices?
- How can enterprises architect a sound authentication solution? |
Monday
09:30 AM - 10:30 AM | |
| An identity bridge is an on-premises appliance that solves problems across on-premises and SaaS environments. For most enterprises, the identity bridge is an essential tool. It can provide federation, synchronization, provisioning, mobile credential management and authorization services.
- What are some current examples of current identity bridges?
- What are successful road maps for multi-functional identity bridges?
- What are Gartner’s projections for cross-domain super bridges?
- What are Gartner’s recommendations for successful deployments? |
Monday
09:30 AM - 10:30 AM | |
| Enterprises must manage identity in an increasingly hybrid world in which legacy on-premises IAM infrastructures are extended or replaced to support SaaS and mobile endpoints. Identities established on social media platforms are also being leveraged for enterprise system access.
- What issues must be addressed when applications are moved to the cloud, when endpoints are mobile, and social identities are to be leveraged?
- What are the traditional and emerging methods for resolving these problems?
- What are the current and emerging standards that support IAM, the cloud, mobility and social?
|
Monday
09:30 AM - 10:30 AM | |
| The threat environment is evolving. Attacks are financially motivated and are supported by a sophisticated underground economy. To stay ahead of the “bad guys,” enterprises need to invest wisely in security tools and personnel. The right balance between too little and too much security is essential.
- What are the key trends in cybersecurity attacks?
- Which new tools and processes should enterprises adopt to defend against these attacks?
- What are the best practices for mitigating cyber threats?
|
Monday
01:45 PM - 02:45 PM | |
| A tools-based focus can result in failed projects, wasted resources and lack of business alignment. When IAM architecture is part of broader security and enterprise architecture program, enterprises can improve identity-oriented business processes, information flows and technology implementations.
- What are the most-effective contents and structures for security architecture?
- How should enterprises practically model IAM architectures to ensure linkage to the business strategy, and to adequately address risks?
- What are security architecture pitfalls and best practices? |
Monday
01:45 PM - 02:45 PM | |
| Externalized authorization has granted enterprise applications rich decision-making ability and ways of controlling who can do what with what kind of data. Although, identity management services have begun their inevitable migration to the cloud, authorization has lagged its peers.
• To what extent is externalized authorization becoming mainstream?
• What are the deployment patterns for externalized authorization with respect to cloud services?
• What are the challenges of federated authorization?
|
Monday
01:45 PM - 02:45 PM | |
| How do we measure the value of IAM? For many, justifying IAM has been elusive. It remains a horizontal concern in the vertical world of business services, something shared by all business functions but owned by none. How can an IAM project be reconciled with the budgets of business?
- How much does IAM cost today, and why?
- How does an enterprise cost-justify an IAM project—is it possible?
- How will the economics of IAM change in the era of cloud and mobility?
|
Monday
01:45 PM - 02:45 PM | |
| Many organizations protect data with no clear understanding of the data's associated value and risk. Step 1 is ensuring that the right people have the right access. This session analyzes the real drivers for data protection and provides a survey of some of the available tools to address the problem.
- Why the current approach to protecting data in technology silos doesn't work
- What steps can clients take to ensure that enterprise data is protected throughout its life cycle?
- What controls and tools are available to protect enterprise data in practice?
|
Monday
04:15 PM - 05:15 PM | |
| Effective governance provides accountability, responsibility, authority and assurance. Governance consists of a set of processes and activities executed and overseen by appropriate governance bodies. Success of governance initiatives depends on the effectiveness of the groups tasked with executing.
- What are current security and risk governance best practices?
- What processes, structures and forums constitute effective security and risk governance?
- How does IAM governance differ from risk and security governance?
|
Monday
04:15 PM - 05:15 PM | |
| Early detection of targeted attacks and security breaches has never been more important and more difficult to achieve. User activity monitoring is key to early detection of targeted attacks, and has become part of the standard of due care for a variety of regulations across all industry segments.
- What are the security and compliance drivers for user activity monitoring?
- How can SIEM and other monitoring technologies be deployed for early detection of internal and external threats?
- Which SIEM vendors are best suited to particular monitoring use cases?
|
Tuesday
09:30 AM - 10:30 AM | |
| Provisioning, directory, and identity access governance (IAG)technologies form the foundation of an identity management solution. In this session Gartner will provide a component description and architectural overview of these technologies. Gartner will also offer deployment considerations, insights, and best practices based on years of customer experience.
In this session participants will:
- Develop a basic understanding of provisioning, IAG, and directory technologies
- Gain insights into the integration touch points between provisioning, IAG, and directories
- Identify best practices for deploying these services
|
Tuesday
09:30 AM - 10:30 AM | |
| The classic data privacy problem is about two kinds of disclosure: active and passive. Mobile devices increase passive disclosure, often without our knowledge and sometimes without our consent. They are increasingly hooked into the Internet at the application level and may include several geolocation technologies.
- The potential for data leakage is ever greater, but is it all bad?
- Could all that data actually help protect us against identity theft?
- Is this yet another nail in the coffin of authentication? |
Tuesday
09:30 AM - 10:30 AM | |
| OTP hardware tokens have been a staple user authentication method for more than 25 years, but are increasingly losing out to alternative methods in new and refreshed implementations. This session explores this trend and asks if the demise of hardware tokens is inevitable … or not.
- Where are they used and what are the problems?
- What are viable alternative authentication methods?
- Will OTP hardware tokens make a comeback? |
Tuesday
09:30 AM - 10:30 AM | |
| Infosec's traditional mindset can’t keep up with technological and behavioral change. The result is policies and technologies that cause frustration and impede agility. It's time to recognize that the relationships among IT, the business, and individuals have been transformed irrevocably.
- Why are status quo approaches to information security untenable?
- Does a less controls-intensive, more people-centric strategy make sense?
- What are the elements of a potential people-centric approach?
|
Tuesday
09:30 AM - 10:30 AM | |
| IAM programs are targeted at ensuring the correct people have access the information they need to do their jobs. The big risk: Are they using that access appropriately and responsibly? Content-aware data loss prevention provides a great mechanism for the axiom, “Trust, but verify.”
- Is IAM the final answer in implementing an enterprise data security program?
- How can we use detective and preventative controls such as DLP to support the framework for access provided by IAM?
- What are best practices and pros and cons for implementing DLP to support data security initiatives? |
Tuesday
01:45 PM - 02:45 PM | |
|
Amazon Web Services(AWS) is pivotal for many organizations. But AWS is an umbrella for many services: virtualization(EC2), storage(S3) and relational databases(RDS, DynamoDB and SimpleDB). Managing IAM functions within AWS and via core enterprise IAM tools/processes remains a challenge and mystery.
- What are the native IAM capabilities within AWS?
- How can I integrate my existing processes into AWS for holistic IAM? |
Tuesday
01:45 PM - 02:45 PM | |
| In times of economic stress and uncertainty, organizations are being forced to be creative in delivering much needed solutions. IAM is no different. This session presents ideas on how to stretch your IAM dollar to make the best impact possible with what you have.
- How can I be creative with IAM and related technologies?
- What have other companies done?
- How can I avoid making the situation worse? |
Tuesday
01:45 PM - 02:45 PM | |
| Federation with business partners simplifies admin and access for their customers and workforce. But true generic identity providers have yet to emerge. Enterprises now seek to support user enrolment and login via social networks. Will these networks become the main identity providers of the future?
- How are enterprises using federation and social networks today?
- How will enterprises use social network identities in the future?
- What is needed for social networks to become the principle identity providers on the Internet?
|
Tuesday
01:45 PM - 02:45 PM | |
| Network Access Control burst on the scene in 2003 as the answer to Sasser, Blaster and other worms. For several years, it was derided as an overhyped concept. Now that BYOD has emerged as an unstoppable trend, NAC is back in favor again as a solution for gaining control of the network.
- Why is NAC a good solution for supporting BYOD?
- Which vendors are leading the way with NAC?
- What is the role of identity in implementing BYOD policies? |
Tuesday
01:45 PM - 02:45 PM | |
| Privileged accounts remain a significant threat to the enterprise because they can result in denial of service attacks, unauthorized transactions, and data breaches. Lori Rowland discusses the risks of these accounts and recommends approaches to keep your organization out of compliance “hot water.”
- What threats do privileged accounts pose?
- How can/should organizations control various types of privileged accounts?
- How can organizations keep auditors happy? |
Tuesday
03:45 PM - 04:45 PM | |
| Smart devices manage power grids, control traffic, automate assembly lines and collect health information in hospitals. Organizations relying on this operational technology (OT) are beginning to converge IT and OT planning, design and operations organizations to deal with a rapidly changing world.
- What is OT and why is it becoming so important to ALL enterprises?
- What impact do OT requirements have on IAM for an enterprise?
- How should enterprises prepare for the IT/OT convergence and its effect on IAM?
|
Tuesday
03:45 PM - 04:45 PM | |
| Ian Glazer will host this insightful panel, where industry-leading experts discuss the emerging use of these “new school” identity protocols and how they will forever alter enterprise IAM. Panelists will be representing new protocols including OAuth, OpenID Connect, and SCIM as well as old favorites including SAML and XACML.
|
Tuesday
03:45 PM - 04:45 PM | |
| Today’s attackers are getting better at finding and exploiting security weaknesses. We must provide hard targets to attackers. Extending vulnerability management will help deal with emerging threats. This presentation provides advice on extending vulnerability management to meet new requirements.
- What are the capabilities and limitations of vulnerability management?
- How can vulnerability management be extended to deal with emerging threats and cloud computing?
- What vendors deliver vulnerability management technologies to meet new requirements? |
Wednesday
08:00 AM - 09:00 AM | |
| The services market to aid IAM deployments is growing and expanding. Maturity of IAM products and services continues to make implementations easier, but complexity and compliance concerns continue to demand help in making IAM systems truly effective. IDaaS and outsourcing are also growth markets.
- What is the current state of IAM C&SI and managed/hosted service markets today?
- What are best practices in choosing these services?
- What is the future of IAM C&SI and managed/hosted services?
|
Wednesday
08:00 AM - 09:00 AM | |
| Integrating mobile devices into the existing IT fabric — particularly IAM — is challenging, due to product maturity and increased complexity. Join us to explore the authorization, credentialing, and authentication interactions among mobile devices, IAM components, and mobile device management. |
Wednesday
08:00 AM - 09:00 AM | |
| This session will look at internal and external threats against the enterprise and will delve into the layered security, fraud prevention and identity proofing approaches needed to mitigate these threats.
- What are the current and future attack vectors threatening the enterprise?
- What are the best practices for layered fraud prevention and identity proofing to protect account takeover and new account fraud? How do they fit into existing IAM processes?
- What type of layered security services are needed to stop external threats, such as phishing and malware based attacks, against employees and external users |
Wednesday
10:00 AM - 11:00 AM | |
| This session explores the intertwined requirements for security, data protection and IAM. The options for managing the risk associated with mobile devices’ storage of and access to sensitive information and applications is described and analyzed for their impact on the mobile strategy.
- Control options for sensitive data on mobile devices
- The extent to which identity controls can be incorporated into device protection
- The relationship between security, device management and application architecture
|
Wednesday
10:00 AM - 11:00 AM | |
| The quest for single sign-on is the result of disparate identity silos, increased password related support costs, and user frustration. This session helps attendees make decisions regarding strategies and tools to achieve SSO.
- What are the forces driving enterprises to require SSO?
- How should organizations plan for and choose SSO approaches and tools?
- What are the market solutions, and which vendors and open source solutions can support different SSO needs?
|
Wednesday
10:00 AM - 11:00 AM | |
| IAM risk-mitigating controls provide a view into the appropriateness of an account's access. Attestation (access certification) can help address this, but many organizations are struggling with the volume of entitlements and the frequency of the reviews that are needed on an ongoing basis.
- Should organizations continue to conduct attestation in a re-occurring, time-based fashion (yearly, quarterly, monthly, etc.)?
- What is a risk based approach to attestation?
- How can this approach be leveraged to control / contain an organization’s exposure to information security risks from an identity and access management perspective?
- What are the benefits and critical success factors of this approach? |