| | |
Sunday
03:00 PM - 04:00 PM | |
| Without accurate, up-to-date identity information from directories and identity databases, business users won’t have appropriate access. Identity and access governance uses an identity data model designed from identity repositories and logs to deliver business-driven IAM.
- What is an identity data model in IAM?
- What is identity and access governance, and how does it use an identity data model?
- How can enterprises ensure that their identity data models are effective? |
Sunday
04:15 PM - 05:15 PM | |
| The phrase “identity and access management” can raise feelings both of great hope and of great fear. Horror stories abound. At the same time, many people hold out great hope for the promises of what IAM can accomplish. Join us as we explore IAM's myths and monsters.
- What are the common IAM myths?
- What are the monsters and how can I defeat them?
- How can I make the most of this conference to help slay the monsters, defeat the dragon, and win the prize?
|
Monday
09:30 AM - 10:30 AM | |
| The increased range and variety of authentication methods and platforms now available means that there that there is likely a “best fit” authentication solution for every enterprise use case. But it is difficult for IAM and information security leaders to find that solution among the myriad options.
- What are the characteristics of a good authentication method?
- How do different use cases influence and constrain enterprises’ choices?
- How can enterprises architect a sound authentication solution? |
Monday
09:30 AM - 10:30 AM | |
| An identity bridge is an on-premises appliance that solves problems across on-premises and SaaS environments. For most enterprises, the identity bridge is an essential tool. It can provide federation, synchronization, provisioning, mobile credential management and authorization services.
- What are some current examples of current identity bridges?
- What are successful road maps for multi-functional identity bridges?
- What are Gartner’s projections for cross-domain super bridges?
- What are Gartner’s recommendations for successful deployments? |
Monday
09:30 AM - 10:30 AM | |
| Enterprises must manage identity in an increasingly hybrid world in which legacy on-premises IAM infrastructures are extended or replaced to support SaaS and mobile endpoints. Identities established on social media platforms are also being leveraged for enterprise system access.
- What issues must be addressed when applications are moved to the cloud, when endpoints are mobile, and social identities are to be leveraged?
- What are the traditional and emerging methods for resolving these problems?
- What are the current and emerging standards that support IAM, the cloud, mobility and social?
|
Monday
09:30 AM - 10:30 AM | |
| The threat environment is evolving. Attacks are financially motivated and are supported by a sophisticated underground economy. To stay ahead of the “bad guys,” enterprises need to invest wisely in security tools and personnel. The right balance between too little and too much security is essential.
- What are the key trends in cybersecurity attacks?
- Which new tools and processes should enterprises adopt to defend against these attacks?
- What are the best practices for mitigating cyber threats?
|
Monday
01:45 PM - 02:45 PM | |
| A tools-based focus can result in failed projects, wasted resources and lack of business alignment. When IAM architecture is part of broader security and enterprise architecture program, enterprises can improve identity-oriented business processes, information flows and technology implementations.
- What are the most-effective contents and structures for security architecture?
- How should enterprises practically model IAM architectures to ensure linkage to the business strategy, and to adequately address risks?
- What are security architecture pitfalls and best practices? |
Monday
01:45 PM - 02:45 PM | |
| How do we measure the value of IAM? For many, justifying IAM has been elusive. It remains a horizontal concern in the vertical world of business services, something shared by all business functions but owned by none. How can an IAM project be reconciled with the budgets of business?
- How much does IAM cost today, and why?
- How does an enterprise cost-justify an IAM project—is it possible?
- How will the economics of IAM change in the era of cloud and mobility?
|
Monday
01:45 PM - 02:45 PM | |
| Many organizations protect data with no clear understanding of the data's associated value and risk. Step 1 is ensuring that the right people have the right access. This session analyzes the real drivers for data protection and provides a survey of some of the available tools to address the problem.
- Why the current approach to protecting data in technology silos doesn't work
- What steps can clients take to ensure that enterprise data is protected throughout its life cycle?
- What controls and tools are available to protect enterprise data in practice?
|
Monday
01:45 PM - 03:15 PM | |
| IAM leaders use this Gartner assessment to evaluate their IAM efforts against key maturity indicators. This helps determine which aspects of a maturity level are most important and how to advance. Immature programs are likely to be inefficient, ineffective and unable to deliver full business value.
- What does maturity mean for an IAM program?
- How does ITScore measure maturity of the IAM program?
- How can enterprises use ITSCORE to assess the maturity of their IAM programs?
|
Monday
04:15 PM - 05:15 PM | |
| Effective governance provides accountability, responsibility, authority and assurance. Governance consists of a set of processes and activities executed and overseen by appropriate governance bodies. Success of governance initiatives depends on the effectiveness of the groups tasked with executing.
- What are current security and risk governance best practices?
- What processes, structures and forums constitute effective security and risk governance?
- How does IAM governance differ from risk and security governance?
|
Monday
04:15 PM - 05:15 PM | |
| Gartner analysts for the PAAM market present their thoughts related to the market and technology, and share use cases. The majority of the time will be open for attendee questions and comments. If you’ve been wondering where and how PAAM may fit into your strategy, then this is the session to attend. |
Monday
04:15 PM - 05:15 PM | |
| Early detection of targeted attacks and security breaches has never been more important and more difficult to achieve. User activity monitoring is key to early detection of targeted attacks, and has become part of the standard of due care for a variety of regulations across all industry segments.
- What are the security and compliance drivers for user activity monitoring?
- How can SIEM and other monitoring technologies be deployed for early detection of internal and external threats?
- Which SIEM vendors are best suited to particular monitoring use cases?
|
Tuesday
09:30 AM - 10:30 AM | |
| Provisioning, directory, and identity access governance (IAG)technologies form the foundation of an identity management solution. In this session Gartner will provide a component description and architectural overview of these technologies. Gartner will also offer deployment considerations, insights, and best practices based on years of customer experience.
In this session participants will:
- Develop a basic understanding of provisioning, IAG, and directory technologies
- Gain insights into the integration touch points between provisioning, IAG, and directories
- Identify best practices for deploying these services
|
Tuesday
09:30 AM - 10:30 AM | |
| Infosec's traditional mindset can’t keep up with technological and behavioral change. The result is policies and technologies that cause frustration and impede agility. It's time to recognize that the relationships among IT, the business, and individuals have been transformed irrevocably.
- Why are status quo approaches to information security untenable?
- Does a less controls-intensive, more people-centric strategy make sense?
- What are the elements of a potential people-centric approach?
|
Tuesday
09:30 AM - 11:00 AM | |
| An IAM-related RFP must evaluate many factors; such as business requirements; state of the solutions market; vendor relationships; and integrator skill. The right IAM solution can improve an enterprise’s chances for success and establish an enduring relationship for addressing future requirements.
- What is the best RFP process to ensure successful results?
- What are the questions everyone asks of IAM vendors in an RFP?
- What steps can enterprises take to leverage an RFP to be successful? |
Tuesday
03:45 PM - 04:45 PM | |
| One of the most elusive deliverables in IAM is the business justification for building IAM. How can IT create a coherent and believable story about why IAM is needed in the enterprise in language that the business can understand and accept? This is an interactive Q&A session.
- Is it possible to develop a return-on-investment statement for an IAM program?
- Who do I need to sell IAM to within the enterprise to increase chances of funding success?
- What should an IAM business justification have to be successful? |
Tuesday
03:45 PM - 04:45 PM | |
| Ian Glazer will host this insightful panel, where industry-leading experts discuss the emerging use of these “new school” identity protocols and how they will forever alter enterprise IAM. Panelists will be representing new protocols including OAuth, OpenID Connect, and SCIM as well as old favorites including SAML and XACML.
|
Tuesday
03:45 PM - 04:45 PM | |
| Today’s attackers are getting better at finding and exploiting security weaknesses. We must provide hard targets to attackers. Extending vulnerability management will help deal with emerging threats. This presentation provides advice on extending vulnerability management to meet new requirements.
- What are the capabilities and limitations of vulnerability management?
- How can vulnerability management be extended to deal with emerging threats and cloud computing?
- What vendors deliver vulnerability management technologies to meet new requirements? |
Wednesday
08:00 AM - 09:00 AM | |
| The services market to aid IAM deployments is growing and expanding. Maturity of IAM products and services continues to make implementations easier, but complexity and compliance concerns continue to demand help in making IAM systems truly effective. IDaaS and outsourcing are also growth markets.
- What is the current state of IAM C&SI and managed/hosted service markets today?
- What are best practices in choosing these services?
- What is the future of IAM C&SI and managed/hosted services?
|
Wednesday
08:00 AM - 09:00 AM | |
| This session will look at internal and external threats against the enterprise and will delve into the layered security, fraud prevention and identity proofing approaches needed to mitigate these threats.
- What are the current and future attack vectors threatening the enterprise?
- What are the best practices for layered fraud prevention and identity proofing to protect account takeover and new account fraud? How do they fit into existing IAM processes?
- What type of layered security services are needed to stop external threats, such as phishing and malware based attacks, against employees and external users |
Wednesday
08:00 AM - 09:30 AM | |
| CIOs, CISOs and IAM leaders struggle to link efforts in IAM to the value they provide at line-of-business and executive levels. A handful of companies have figured it out; these practical tips can help you solve this challenge. In this workshop we share and discuss best-practice approaches to these challenges:
- How can you develop a framework for linking IAM strategy to business strategies?
- How can you best articulate the business value of IAM programs?
- How do you link IAM indicators to IT key risk indicators and organizational key performance indicators? |
Wednesday
10:00 AM - 11:00 AM | |
| The quest for single sign-on is the result of disparate identity silos, increased password related support costs, and user frustration. This session helps attendees make decisions regarding strategies and tools to achieve SSO.
- What are the forces driving enterprises to require SSO?
- How should organizations plan for and choose SSO approaches and tools?
- What are the market solutions, and which vendors and open source solutions can support different SSO needs?
|
Wednesday
10:00 AM - 11:00 AM | |
| The goal of the panel is to introduce the works of some of the NSTIC pilot projects. Each project would receive a few minutes to talk about the nature of the project, the expected outcomes, and how the outcomes will impact the market. The audience will then get an opportunity to ask questions. |
Wednesday
10:00 AM - 11:00 AM | |
| IAM risk-mitigating controls provide a view into the appropriateness of an account's access. Attestation (access certification) can help address this, but many organizations are struggling with the volume of entitlements and the frequency of the reviews that are needed on an ongoing basis.
- Should organizations continue to conduct attestation in a re-occurring, time-based fashion (yearly, quarterly, monthly, etc.)?
- What is a risk based approach to attestation?
- How can this approach be leveraged to control / contain an organization’s exposure to information security risks from an identity and access management perspective?
- What are the benefits and critical success factors of this approach? |