Gartner Identity & Access Management Summit 2019 7 - 8 March / London, UK

IAM is an important component of an overall security and risk management plan and a key enabler of digital business. Attendees will learn how to evolve their IAM approach given the current best practices and industry trends. Key issues are:

● What are the architectural trends in IAM?

● What drivers and best practices are shaping the evolution of IAM in 2019?

Not sure which exhibitors to meet with or what sessions to attend? Let Gartner Event Concierge help you create a custom agenda and schedule meetings. Just email us at Brittany.Bilger@Gartner.com and we’ll be in touch soon.

As organisations move more data and infrastructure to private cloud, public cloud and as-a-Service offerings privileged access credentials must remain closely guarded. Privileged Access Management (PAM) as a Service is the next step for a move to cloud hosted business. This presentation will discuss the security questions an organisation should ask, and answer when considering cloud hosted PAM.

This session gives you an opportunity to ask questions about privileged access management (PAM), successful use cases and requirements needed to make your PAM efforts successful. Attendees should come prepared to ask questions.

Retailers and financial institutions typically add new technology to their payment fraud detection processes in the wake of a fraud attack, and fail to continually improve their capabilities on an ongoing basis. As a result, many organizations struggle with suboptimal processes. This workshop will help leaders to break out of this cycle by planning a considered payment fraud detection strategy.

The presentation will explore experiences that have worked and/or failed to protect employee and their business data when traveling internationally. Topics will include loss, theft, surrender of login and password credentials, export controls, encryption and masking, VPNs and other secured communications, and variations in workplace rights and expectations. Attendees will receive copies of Gartner's international travel advice and examples of travel rules and policies from real companies.

The privileged access threat landscape is growing with a higher risk of enabling cyberattacks and severe consequences. Technical professionals must architect privileged access control capabilities to defend against exploitation scenarios and to resist advance persistent attacks. In this session, we discuss how to develop overarching PAM requirements and architecture strategy.

IAM programs don't gain support without a common organizational goal and direction. Determining that requires more than promoting a shiny new object. It requires salesmanship, collaboration and commitment. After all, vision is something that is shared. Learn how to structure and communicate a vision and strategy that corresponds to organizational needs and expectations, and that can support the establishment of a new discipline.

Cloud computing has been around for more than 10 years but in many organizations, active directory is still unprepared to fully support cloud deployments. This session provides guidance on overcoming these deficiencies and on making AD more agile to better support cloud computing and mobility.

Is your organization in need of a Privileged Access Management (PAM) solution? If so, this session will serve as a good primer on the technology.
Key issues covered include:
* Introduction to privileged access management
* The PAM maturity model
* An overview of PAM tools and when and how to use them

Orthodox, credential-based authentication does not scale to the needs of digital business. Here, we discuss how new analytics-centric identity corroboration tools facilitate a CARTA (Continuous Adaptive Risk and Trust Assessment) approach to user authentication.
Key issues:
- What are the weaknesses of orthodox methods?
- How can IAM leaders evaluate and meet user authentication needs?
- How will enterprises benefit from taking a strategic CARTA approach?

Together, IAM and CASBs extend access control beyond the front door. In this session, we discuss how the two relate, integrate and how they rely and leverage each other to take back control of identities, services and data.

Regional and country-specific privacy mandates continue to increase. Mapping commonalities and managing risks for differences are crucial for security and risk leaders. This presentation offers a practical guide on reusing GDPR compliance investment for China’s privacy requirements.

Self-sovereign digital identity is the notion of an identity and related data that is controlled and owned by the individual or consumer. Leveraging decentralized self-sovereign identity has the potential to allow service providers to increase security and convenience of access for end users, all while reducing exposure to data breaches and potential privacy compliance violations. Join this discussion to explore a new and disruptive topic of self-sovereign identity!

No matter your opinion on customisation for identity, you can’t escape the need for it. This session will introduce a new identity strategy: Buy and Customise. Key takeaways will be: understand where ‘Buy and Customise’ fits in the SaaS ecosystem, how it helps get applications to market faster, help you create your own business case for ‘Buy and Customise’ and turn a identity into a profit centre.

Fraud prevention leaders have mastered the art of detecting and preventing fraudulent account activity and payment events in many verticals and use cases. But as customers change the way they interact with each other and their expectations of their service providers, banks, retailers, health care teams and governments, the old ways have failed to evolve.
Please Note: Preregistration required. Reserved for end-user organizations.

In this live demonstration environment, we will dig into best practices for user management, SSO, MFA, hybrid architecture and availability. Topics include: Azure AD Connect, Pass-through Authentication, Conditional access and third-party IDaaS/MFA/federation integration. As this is a limited-attendee format, you will work through prepared materials and leave with checklists that are specific to your organization.

Silver bullet solutions lure organizations with quick fixes but address a fraction of the requirements, leaving organizations vulnerable. This session will offer attendees insights and real-world examples on how a holistic approach to security is much more effective in addressing critical needs, like breach defense and DevSecOps.

Multifactor authentication (MFA) is now mainstream, and many organizations are looking for secure, user-friendly and easy-to-integrate implementation options. A new crop of cloud-based MFA services provides support for common authentication use cases, both within the enterprise and in hybrid access scenarios. In this session, we will discuss cloud-based MFA that can balance trust, user experience and cost.

IAM programs must deal with a variety of process and technology related opportunities and issues. Coordinating these to provide measurable progress and benefits is always a challenge, and it may not happen in the optimal or desired order. The challenge for IAM leaders is to fulfill expectations of stakeholders and organize activities to manage dependencies. Use the roadmap to manage outcomes.

The evolving OAuth 2.0 frameworks and OpenID Connect have proven hard to master when protecting enterprise applications with authentication and authorization. What's the latest enhancement of the framework and how should native and web apps, as well as services, implement and leverage the framework to balance security, privacy and convenience?

IGA deployment initiatives are a potential minefield for many organizations that risk costly delays, difficult integration and lower overall value. Gartner has identified common anti-patterns for IGA adoption that range from the planning phase to the actual deployment and integration. Learn how to identify and avoid these common mistakes and plan for a successful IGA deployment by focusing on value and using Gartner's IGA deployment model.

Swiss government agency Canton de Fribourg had the daunting task of providing digital information and protecting identities for all their different departments and citizens. The past strategy to integrate new applications and allow access was manually performed and required multiple repeated steps. Simon Ecoffey describes how Radiant Logic allowed his department to be a business enabler instead of a bottleneck. They enabled a simplified, repeatable deployment model that greatly decreased the timeline for new user integration, while increasing standardization. The solution is a flexible standards-based identity hub for integrating, storing, and delivering identity data.

Recognise the dynamics of identity intelligence, consumer preference and priorities and fraud attacks are converging to shape the definition of an identity in 2019 and the path to establishing and maintaining confidence in that relationship. Customer Identity (CIAM) can be a tool and channel to better engage and communicate with your customers or partner organisations.
In this session, understand how customers have used technology and CIAM as a tool to create digital channels to build better relationships with a customer. This session will lay out potential use cases and best practices during execution.

The promise of decentralized and self-sovereign identity is very appealing to any organization looking to reduce costs and risks.But how do you get started? As organizations start their journey to cloud,the idea of Identity & Blockchain may seem too futuristic.Moving to cloud-based IAM is the first step in the process, and with the right strategy, the next generation IAM is closer than you think.

Identity and Access Management lies at the core of any effective security strategy, but getting there is often easier said than done. The influx of complexity, change, and poor execution doom many IAM projects. It is possible to get IAM right – and we’ve brought together some successful IAM professionals to talk about it. In this session, Paul Walker of One Identity joins a panel of organizations that have achieved the elusive objective of IAM done right. See how these organizations succeeded where so many others failed, learn what they would do differently if they had to do it all again and get their real-world assessment of what it really takes to get IAM.

Four out of every five breaches involve privilege access abuse. The legacy approaches to privileged access management is inadequate to secure the new threatscape of the modern enterprise including cloud, DevOps, big data, microservices and containers, that all require a new approach to privilege access. Learn how Zero Trust Privilege helps organisations grant least privilege access for these critical use cases to minimise the attack surface and stop the leading cause of breaches.

Learn how global fast food chain Nando’s is building a global customer identity management ecosystem that supports its core business values of corporate responsibility and unmatched customer experience. Nando’s Head of IT Solutions Reg Meyer will share his team’s journey in building an identity management solution that eliminates data silos and enables omnichannel access across applications.

Moving Authentication and Access Management (AM) to the Cloud. As enterprises embrace cloud computing interest in adopting cloud-delivered IAM capabilities increases. But, is IAM as a service (IDaaS) a viable model? This session gives you an opportunity to ask questions such as: Can it support hybrid (cloud and on-premises) biz app architectures? Can AM vendors authentication capabilities displace incumbent tools or is there still a need for standalone authentication solutions?
(Registration Required, End Users Only)

Influencing and persuading other people is tricky. You want to change their minds but how do you do this successfully? In this interactive workshop, you’ll find out what makes people tick and understand the psychology behind how people make decisions. This workshop will help you to understand and adapt your style when influencing your stakeholders. Plus learn the 6 things that get people to say “yes” to your requests. These will create a formidable toolkit to help you influence far more effectively.

The University of Auckland has designed and executed a business-outcome-focused IAM program of work. The three-year program established a mature, strategically-aligned IAM business capability. This program was delivered successfully with effective stakeholder engagement, advocacy, and sponsorship. This session will explain:


● Challenges in establishing a business-outcome-focused and strategically-sponsored IAM program

● Identifying and engaging business-oriented advocates with the IAM program

● Developing IAM as a business enabler at the University of Auckland

API gateways play a key role in protecting APIs. They mediate identity and access management and provide basic features to reduce risk. This session discusses the features to look for and vendors to consider when choosing API gateways to protect microservices.

Blockchain has become a much-hyped technology with a lot of potential. Yet, with cyberthreats and data breaches, is this technology secure? As Blockchain starts to impact the world, CISOs must understand the security and privacy implications. This session aims to provide a CISOs with a framework that will help them identify and manage risks related to Blockchain.

Identity cannot be absolutely proven — merely corroborated to fall within transactional risk tolerance. Security and risk management leaders must discard flawed legacy methods and embrace analytics that evaluate multiple positive and negative signals.
In this presentation, we will address the following key issues:
- Knowledge-based authentication is dead, thanks to rampant data compromise and oversharing
on social media.
- High friction during enrollment leads to abandonment and does not reduce risk.
- The convergence between identity proofing and online fraud continues, with the online fraud engine acting as a risk arbitrator not only in authentication but in enrollment.

As your organisation evolves on its cloud transformation journey, your identity and access management (IAM) system must allow you to navigate multiple cloud environments, managing access to mobile, API and traditional applications. Modern identity services like multi-factor authentication (MFA) and identity intelligence help deliver secure and seamless access for any user, environment and use case. Come to this session to learn how to transform your IAM system to a modern, API and cloud-first hybrid solution, enabling developers, administrators and users with the self-service applications and tools they need to keep pace with the accelerating demand for mobile and cloud-based applications.

By 2020 75% of organisations will have multi- or hybrid cloud deployments (Gartner). Simon Whelband from Maersk offers advice from their recent multicloud deployment of Customer Identity. Peter Barker from ForgeRock will demonstrate how to deploy millions of identities in minutes. Together, they will share the value of rapid cloud deployment.

Explore broadcast giant Sky’s innovative PAM approach: A ground-up initiative centred on simplicity that balances speed and security, helping the organisation mitigate risks, streamline audits, and quickly adopt transformative technologies with confidence. This session will highlight controls implemented and lessons learned.

Join Christophe Vernant, Global Head Identity & Access Management at Sanofi to hear how security drove the birth of their identity program. He will discuss the business challenges for building an integrated identity program that secures the organization and enables their workforce. He will highlight the impact the program has had to date and his plans for growth using a governance-based approach.

The requirements for an effective Cybersecurity operation grow daily in both size and complexity, with ever increasing compliance demands. This session will take you through 5 core security practices that should form the foundation for your cybersecurity strategy. It will reduce the noise in your system, making it easier to identify and respond to malicious actors.

Most organizations today are looking for lean, flexible and standardized IT processes to help remove administrative overheads and to be able to respond quickly to business changes. At the same time, when operating in a hybrid IT environment delivering services to employees, partners and customers, it is increasingly difficult to get transparency on who has access to which IT systems and applications in an organization, and why.

IGA has become the cornerstone of solid IT security and compliance, allowing organizations to implement processes for controlling, managing, and auditing access to data - an important prerequisite for speeding up the business and reducing security risks. In this round table discussion we will discuss best practice processes that are based on almost two decades of experience implementing IGA solutions in enterprises worldwide, including:

● How do you enable your company to continue to grow and adapt while still handling identity governance and administration (IGA) challenges?
● How do you do this without repeating history and starting yet another protracted IT project with no ROI?

The access management market has evolved beyond supporting traditional web applications, and now there are more choices than ever. Attend this keynote presentation for an overview of the IAM-related Magic Quadrants and Critical Capabilities that have been published in the past year.

Passwords are a bane. Everyone struggles with multiple passwords. Passwords are notoriously weak, yet attempts to strengthen them only increase people’s frustration, while providing little respite from attacks. However, passwords require no new technology and are very familiar, even comforting. And while reducing friction is generally good, can passwordless methods show intent? Join this crossfire session for a thought-provoking discussion among Gartner analysts.

Zero Trust Privilege is redefining legacy Privileged Access Management (PAM) for the modern enterprise IT threatscape. Join Centrify and your peers over a relaxed dinner where we will discuss the path to Zero Trust Privilege and how organisations can minimise the attack surface and stop the leading cause of breaches.

Not sure which exhibitors to meet with or what sessions to attend? Let Gartner Event Concierge help you create a custom agenda and schedule meetings. Just email us at Brittany.Bilger@Gartner.com and we’ll be in touch soon.

Buying IAM solutions requires detailed analysis of vendors, solutions and alternatives. Learn to use this five-step approach to structure the evaluation process, derive your shortlist, choose a solution and negotiate the best price.

During this session, we will cover the different deception deployment models, the benefits and limitations of deception products and services and how do you need to have your deception technology managed. Attendees will better understand deception as part of a wider security strategy, availability of products on the market and how service providers are adopting this technology.

This roundtable discussion will cover what IT expects out of unified endpoint management (UEM) and if it is realistic to switch to UEM today from separate client management tools (CMT) and enterprise mobility management (EMM). What challenges are IT departments facing from the ever-exploding number of devices, and will they be going to UEM solve this?

When migrating applications to the cloud, teams may not properly account for IAM, leading to short-term solutions to IAM challenges and misalignment with the organization's overall IAM architecture. This session guides technical professionals on common approaches to IAM in application migrations.

As identity and access management activities align more with an organization's digital objectives, security and risk management leaders responsible for IAM recognize the need to manage IAM as a program in its own right. This session addresses:
* How to justify the IAM program
* Establishing program responsibilities
* Establishing program governance

Early promises of easy, secure and universal authentication through unique personal traits have been unfulfilled for decades, but in the past 10 years we have seen a surge in interest and adoption. Are biometric methods the way forward for every enterprise?

● How does biometric authentication differ from other orthodox methods?

● Where is biometric authentication most popular today — and what are the pitfalls?

● How does biometric technologies fit in an enterprise identity corroboration strategy?

In this workshop, we will discuss several of the more common authentication and authorization use cases that require OAuth/OIDC and the specific OAuth/OIDC extensions that are needed to properly implement them. We will also provide information on which vendor offerings support some of the newer, the less commonly available OAuth/OIDC extensions.

How can a better digital experience help build customer trust along every step of their journey with your brand? Join our experts from Franklin-Covey, PlainID, and SAP as they take on exciting topics and share their views on the evolution, best practices and the future trends in the Consumer-IAM landscape. Learn how organizations navigate the complex connections between privacy, trust and ethical data use. Find answers to complicated problems today’s organizations striving to overcome -- building trusted relationship with partners, managing millions of consumers/business users access across all digital properties, faster onboarding of partners. This panel will also cover advanced topics like policy-based authorization, fine-grained access control, and delegated user administration. Don’t miss this session as you will have a chance to ask questions to the experts and get their recommendations.

For years, the de facto standard for Identity has been to separate identities into three groups with Employees and Partners often lumped together. Almost universally, Customers are a segregated user population. The session explores taboos of breaking that mold, advantages of embracing the model and presents how Novacoast implements the model using a combination of Omada and Ping Identity products.

With an everchanging landscape of permissions and identities on-premise and in the Cloud - from apps and infrastructure to bots, APIs and devices - organizations face a challenge of tracking security for their stakeholders in this hybrid reality. Come listen to how our customers worked with us to manage this complexity and give you true, holistic Identity Governance and Access for your enterprise.

IAM is evolving from a security technology into a business enabler. As the foundation for the digital economy, identity is helping to modernize consumer, citizen and employee uses cases and drive bottom line results through increased efficiency and competitive differentiation. Join Mike Byrnes from Entrust Datacard and Petr Dolejsi, CTO from Sefira, a specialised IAM and electronic signature service provider as they explore the business value of digital identity.

Trusted digital identity is critical for enabling digital trust. To take advantage of digital business opportunities, IAM leaders must leverage various trusted digital identity models, including BYOI, to satisfy consumer needs, enabling simple, convenient and secure access. Audience members will learn why noninteroperable digital identities will not scale with digital business.

It's not your IT anymore. Whatever you think you know to maintain business information, security and integrity after moving to the cloud, is obsolete. This presentation takes a fresh look at the virtual workplace and provides you with a set of actionable risk-versus-trust choices that actually take advantage of the new levels of the IT diversity.

After ample preparation time in anticipation of the GDPR, Gartner has observed a few misconceptions on privacy as well as number of key functions for a mature privacy management program. We will address the lessons learned and the necessary capabilities to protect privacy, including the role of security, program ownership, and what the market is, and should be, doing.

No one can escape the wave of artificial intelligence marketing. The promise of increased security and better automation is appealing to security leaders, but sets the wrong expectations. Being too optimistic about artificial intelligence's impact could hurt the security organization. This session will provide answers to important questions such as:

● What should security leaders know about artificial intelligence?

● What are the expected impacts on security and risk management?

● Should security leaders search for a new job because they will be replaced with robots?

During this session, Didier Cohen will present how WALLIX delivers trusted technologies to help companies achieve compliance and optimal security with the Bastion PAM solution. He will illustrate this presentation with 3 case studies including a major European bank, an international manufacturing leader and an essential service operator.

DevOps methodologies use continuous integration/continuous deployment pipelines to speed up the time from inception to production. When credentials are copied, mishandled or exposed, this creates major security problems. Support for DevOps in PAM tools has been emerging to support these agile environments and to secure the DevOps toolchain.

In this workshop, we will assess how identity is provisioned to IoT devices and how identity is used to authenticate and authorize access to and from the device. We present a model for the identity of things (IDoT), different constraints and we will look at the current state of the art. You will work through prepared materials and leave with an IDoT design for your most challenging IoT effort.

If you are still struggling with getting beyond passwords, better times are coming. The conjunction of increasing online use cases, behavioral analytics and next-generation hardware are propelling opportunities for advanced authentication techniques. This presentation will chart a course for clever, subtle and transparent identity management.

In 2016 BP embarked on an ambitious programme to replace legacy solutions with new cloud-first services for application development, hosting, networks and workplace. Recognising the crucial role identity and access plays across this field BP set out an ambitious moonshot plan to transform these services to be fit for the digital era. Find out how BP did this by embracing products, services and agile delivery.

Identity management is arguably the most important discipline required for a successful Microsoft Office 365 deployment. Yet there are so many moving parts. And things change quickly: Best practices 12 months ago are now deprecated. This session will leverage a live Office 365 environment to illustrate the path to Office 365 success — from conditional access to Office 365 Groups to seamless SSO to third-party MFA/IDaaS.

When thinking of Customer IAM, handling digital identities in a compliant, secure and efficient way, while minimizing friction in terms of customer experience, has sometimes proven to be an overwhelming challenge for many organizations. Based in real life experiences and benchmarks across Santander worldwide, in this session we will walk you through the main issues of CIAM, identifying which are the real challenges (and how to overcome them) with a more holistic view of what is really behind “Technology”, “Efficiency”, “Regulation”, and… “User Experience”.

Decentralized identity and related evolving standards will be disruptive. Proof-of-concept projects have shown the potential benefits such as enhanced privacy, reduced security risk and cost-efficiency. However, there are still gaps and challenges that require more work. This session will demystify decentralized identity architecture, example offerings and current state of the market.

The fight for customer acquisition and retention is getting tougher. Companies that offer a seamless and secure digital journey have an advantage and will win out on the long run. Learn via some best practices how TrustBuilder clients have done the implementation to achieve such an environment. You’ll learn how policy and context-based CIAM provide a more flexible digital experience for customers.

AI, robotics & automation are gaining speed in the modern workplace, driving digital transformation for many enterprises. Estimates say that on our networks there'll soon be 10x more machine-identities than human ones - we need to prepare for it. In this session, we'll discuss the best ways to protect your machine identities and how to make that a priority in your future IAM design.

And then how do you scale the program as your company grows? In this live discussion between the LogMeIn CISO and the Head of Application Services at Close Brothers, attendees will hear firsthand about the challenges of creating a well-rounded identity program, get a comprehensive understanding.

As multiple devices, identities, assets and applications proliferate, CISOs’ ability to manage risk in a rapidly changing environment is critical to protecting key enterprise resources that extend beyond the enterprise boundary as we know it today. Join Gemalto to hear how the core concepts of risk discovery and risk containment provide CISOs with a powerful data protection approach for reducing the rapidly expanding attack surface of an organization’s critical resources.

Markku Rossi, CTO at SSH.COM, discusses why you can’t rely on 15-year-old technology to solve the challenges of the multi-cloud, multi-role and multi-technology world. Learn why ephemeral certificates paired with credentialess access for privileged users are a perfect fit for businesses and DevOps teams that operate at cloud speed.

Discuss how we are transforming the way that enterprises execute on identity-related use cases across both the customer facing and the enterprise employee environment.
Transmits platform abstracts all of the identity and decisioning logic that currently resides in application and brings it into the Transmit Identity Orchestration Platform. This eliminates the need for application development and reduces the cost of new account opening, authentication, authorization, compliance as well as fraud prevention-related initiatives.

As early as 2003 the Jericho Forum was created to tackle "de-perimeterisation" and later in 2014 Google released their "BeyondCorp" paper detailing how they made it happen. However, have Zero-Trust security models been adopted in the enterprise and what challenges do organisations face when considering de-perimeterisation and providing Trusted Access for users?
Join the discussion between Richard Archdeacon from Duo Security and Daniel Cuthbert from Banco Santander learn about Zero Trust deployments within the enterprise.

You don’t need to go to many Identity Management conferences to realise that Identity and Access Management projects are hard to implement and also that IAM is one of the least “technological” of the Security disciplines, with it being 10% technology and 90% business change. The BBC is currently meeting the challenge of IAM transformation head-on.

As one of the 90% Ros Smith will explain:


● The strategic approach being taken

● What has been achieved so far

● Where they are going next.

Employee monitoring is one of those topics that most IT leaders don’t like to talk about. Blandishments like “we trust our people” and “we have a culture of openness” are common. Yet, as Mark Twain said, “The difference between a man and a dog is that if you feed a dog and take care of it, it will not bite you.” We examine how employee monitoring contributes not only to prevention and detection of internal malfeasance, but can also be used to safeguard employees and ensure safe working environments.

Identifying the core features to call out to a potential managed security service provider (MSSP) when scoping the need for an outsourced service is critical for a successful engagement. This session will provide practical examples of how to establish effective requirements and use cases before engaging providers:

● What are the key service performance metrics to insist on from an MSSP?

● How can you define service customization requirements to ensure additional services charges are managed?

● How can you align internal processes with the providers' outputs?

● In 2017 the UK Parliament suffered a state-sponsored cyber attack leading the organisation to become a pro-active organisation in IAM. From this, an IAM team and strategy was developed to enable us to deliver what Parliament needs while maintaining the security for all of our user base. This has meant the organisation is now looking to passwordless as a means to combat organisational challenges around IAM.
This session will focus on:

● The catalyst for change

● Changing our mindset from reactive to a pro-active organisation built to better defend our organisation from our adversaries

● Our IAM strategy towards passwordless and considerations to the challenges to change within our organisation

● The ever-changing challenges in the IAM world and the continuous adaptations to our IAM strategy

In line with the trend of Office 365 adoption, many organizations are considering Microsoft’s native IAM and security offerings such as Azure Active Directory, Azure Information Protection, Intune, Exchange Online Protection and Advanced Threat Protection. Which of these are you using successfully? What challenges have you encountered? Where have you found the need to supplement or supplant these capabilities with a non-Microsoft product? Join us for a peer-driven discussion to address these and any other questions you may have.

This workshop will help IAM leaders develop metrics that can help them to communicate more effectively about the state of their IAM programs and, ultimately, manage those programs better.

IoT devices generate a huge amount of data, which may include sensitive personal data. As regulations and awareness of privacy has increased, security leaders require a consistent approach with data security and privacy. What are the concerns with IoT security? What are the legal implications of regional privacy laws such as GDPR? What approaches should be considered when embarking on IoT initiatives?

When building a security operation center, or trying to improve the visibility over threats, an abundance of new technologies overwhelm security leaders with too many options. This session will highlight the benefits and compare the use cases for the most useful security analytics tools. Technologies covered in this session include: SIEM, network traffic analysis, user behavior analytics, endpoint detection and response, intrusion detection, full packet capture and SOAR.

(TechDemo) We will evaluate the capabilities of Amazon Web Services (AWS), Microsoft Azure and Google Cloud Platform (GCP) to provide access control, authentication, SSO, active directory services and identity governance for IaaS. Via a custom single page application, we will provide guidance on best approaches for leveraging these capabilities as well as using them to integrate your applications and services across the three IaaS platforms.

The GDPR ups the ante and tilts the business case for compliance as of 2018. Typical questions that might be asked in this “Ask the Analyst” session include: How can I take a holistic view on the entire data life cycle? How do I make difficult decisions with regards to applicable security controls to apply? Can we still analyze data? Should we anonymize, pseudonymize, other options? Please note: Attendees should come prepared to ask questions and contribute to the discussion.

Users seem to be connecting to everything but their enterprise gateway these days and secure communications are in flux. Enterprises have lost integrity and control over endpoint communications. This presentation reviews your options for secure communications when the cloud has turned your network upside down, and considers several forms of mitigation including new uses for CASBs.