Gartner Identity and Access Management Summit 2018 December 3 - 5 / Las Vegas, NV

Registration and information hours for the day.

Not sure which exhibitors to meet with or what sessions to attend? Let Gartner Event Concierge help you create a custom agenda and schedule meetings. Just email us at ConciergeNA@gartner.com and we’ll be in touch soon.

Identity governance and administration (IGA) is the largest investment that most IAM programs will make. It is also the highest risk IAM technology to deploy. This tutorial presents a vision for how administering user access is best understood as a quality process, requiring transformation of existing processes to improve the effectiveness of IGA while simplifying deployment of the technology.

Attendees will learn the fundamentals of Access Management. For example, the differences between coarse, medium, and fine grained access; what are policy decision, enforcement, and administration points; and what are proxy and agent architectures.

As is the case with practically every domain, identity and access management (IAM) has its own jargon that can be difficult for newcomers to understand. This session provides newcomers to IAM with an introduction to the IAM territory and its vocabulary. Key Issues: • What is the definition and purpose of IAM? • How do IAM practitioners think about IAM? • What should newcomers to IAM know before they go?

Gartner recommends that organizations follow a program management approach for IAM and has produced a framework to assist organizations with establishing and running their programs. This session will walk attendees through the process of starting an IAM program and developing the artifacts that are necessary to successfully initiate and run a program and drive toward success. Key Issues: 1. Why is it important for organizations to approach IAM as a program? 2. What is the Gartner framework for IAM program management? 3. How should an organization leverage Gartner's IAM program management framework to initiate their programs?

Intuitive approaches to role management at an enterprise scale lead to the adoption of simplistic models that are usually ineffective and often counterproductive. IAM leaders should use Gartner's two-layer enterprise role framework to organize and scope role management across an entire organization with their IGA solutions. Key issues include: 1) Why is role management so difficult at an enterprise scale? 2) How should IAM leaders be thinking about enterprise role management? 3) What are the essential elements of a two-layer enterprise role management framework?

CIAM is key to enabling your digital transformation and the foundation of your customers' digital experiences. In this session, we will discuss trends in new CIAM capabilities and best practices. We will also provide guidance on which features and vendors to consider when making a CIAM vendor short list.

Registration and information hours for the day.

Network with your industry peers over breakfast

Join other attendees for breakfast before the day's sessions.

The CIO agenda highlights the changing role of the CIO. Security and risk management leaders must understand CIO priorities and adjust strategy and messaging accordingly. Key issues: • What are the main elements of the CIO agenda? • What are their implications for security and risk management leaders? • What must security and risk management leaders do in response?

Network with your industry peers over breakfast. Discuss with them issues that affect the energy and utlities sector: IoT and OT implications, how to create a better consumer experience, how to comply with shifting regulation and more. This session is reserved for end-users in the energy and utilities sector (electricity/water providers, oil/gas producers etc...)

Not sure which exhibitors to meet with or what sessions to attend? Let Gartner Event Concierge help you create a custom agenda and schedule meetings. Just email us at ConciergeNA@gartner.com and we’ll be in touch soon.

IAM is an important component of an overall security and risk management plan and a key enabler of digital business. Attendees will learn how to evolve their IAM approach given current best practices and industry trends. Key issues are: • What are the architectural trends in IAM? • What drivers and best practices are shaping the evolution of IAM in 2018?

You need to influence a wide range of stakeholders: executives, peers, your team and vendors. But how do you get them to listen to you? How do you boost your authority and credibility? This keynote will show you practical steps to help boost your standing with the people you need to influence. The techniques that we’ll share in this keynote as based on thousands of hours of coaching executives to deliver messages with more impact. Armed with these tools, you’ll become far more influential with your stakeholders and ensure that you are viewed as a trusted partner.

DevOps methodologies use continuous integration/continuous deployment pipelines to speed up the time from inception to production. When credentials are copied, mishandled or exposed, this creates major security problems. Support for DevOps in PAM tools has emerging to support these agile environments and to secure the DevOps toolchain.

TBD

Join us for refreshments in a brief break between sessions.

Implementing SSO alone, for secure access is not enough as SSO does not provide controls for data governance in your SaaS applications. Join Citrix to understand additional security controls you should be considering for a successful implementation of a secure access strategy. In this session we will discuss the pain points and challenges our customers are facing today, how they are solving their “access” related challenges and what outcomes have been realized.

Envisioned in 2011, the BeyondCorp security model leverages identity and context to evaluate trust for access decisions rather than using the corporate network as the perimeter. Join this session to understand what BeyondCorp is, why you should consider it, and how to implement it across your organization to achieve a stronger security posture, anywhere access, and more intuitive end user experiences.

Tangible use cases for a portable and reusable Digital Identity may seem limited but it holds great promise for wide adoption across consumer, business and enterprise use cases, without IT headaches or sacrificing user privacy. Manah Khalil from Verizon believes the technology and building blocks already exist for Digital Identity to unleash a wide range of possible use cases.

Join GE Digital’s Director of Risk and Compliance, Justin Behymer, and RSA’s Jim Ducharme as they explore the critical role that risk-based identity analytics will play in closing the security gaps spawned by digital transformation.

Hands-on Session: What are your biggest IAM challenges and how do they compare with peers? Come roll up your sleeves and explore how to build a better IAM program using Enterprise Design Thinking. Experience how the practices deliver immediate value and surface insights relevant to your business in this experiential, outcomes-focused introductory session. Walk away with new ways to look at your IAM challenges and how IBM can help solve them.

You’ve heard it before: more than 90% of cybersecurity attacks occur in software. Modernizing your company's endpoint security strategy is extremely important, and for cybersecurity, the way forward requires help from the hardware. This session will equip you with an understanding of one of the most promising approaches to enterprise security: hardware-enhanced identity protection, and ways to “harden” IT Policy Management, Data & Certificate Management, and more.

You’ve made the choice to pursue identity and access management. It’s proven to be an elusive goal. As we all know, IAM is difficult and that when you approach IAM as a project, you’re destined to be disappointed. Join this panel session to learn best practices and hard-won lessons from the battle to create a successful IAM program. Hear how the panelists’ organizations solved their toughest IAM challenges and got IAM right.

Self-sovereign digital identity is the notion of an identity and related data that is controlled and owned by the individual or consumer. Leveraging decentralized self-sovereign identity has the potential to allow service providers to increase security and convenience of access for end users, all while reducing exposure to data breaches and potential privacy compliance violations. Join this discussion to explore a new and disruptive topic of self-sovereign identity!

In this AUR, Analyst Jonathan Care asks what is the next step for fraud detection. With cross-channel integration, cross-customer immunisation, and historic analysis firmly part of the fraud fighter’s arsenal, what can we expect our adversaries to respond with? What countermeasures do we need to be planning for to address new channels of commerce, and new threats?

Cloud computing has been around for more than 10 years but Active Directory in many organizations is still unprepared to fully support cloud deployments. This session provides guidance on overcoming these deficiencies and on making AD more agile to better support cloud computing and mobility.

After ample preparation time in anticipation of the GDPR, Gartner has observed a few misconceptions on privacy as well as a number of key functions for a mature privacy management program. We will address the lessons learned and the necessary capabilities to protect privacy, including the role of security, program ownership, and what the market is, and should be, doing.

Access management provides an abstraction layer to provide consistent authentication, single sign-on and authorization for your applications. Today access management solutions must protect web and native mobile applications, which may be implemented on-premises, or in private and public clouds. They may need to leverage your own managed identities or those federated from partners and third-party providers such as social media sites. This session will help attendees make appropriate access management choices in the face of growing software and cloud market offerings.

The future of delivering modern IGA services will be in the cloud. Technical professionals dealing with identity solutions should consider cloud-delivered IGA as an alternative to on-premises solutions. In this session we discuss cloud IGA capabilities, their maturity, and deployment patterns to help organizations refactor their IGA architecture for enhanced agility.

Orthodox, credential-based authentication does not scale to the needs of digital business. Here, we discuss how new analytics-centric identity corroboration tools facilitate a CARTA (Continuous Adaptive Risk and Trust Assessment) approach to user authentication. Key issues: - What are the weaknesses of orthodox methods? - How can IAM leaders evaluate and meet user authentication needs? - How will enterprises benefit from taking a strategic CARTA approach?

IAM programs don't gain support without a common organizational goal and direction. Determining that requires more than promoting a shiny new object, it requires salesmanship, collaboration and commitment. After all, the vision is something that is shared. Learn how to structure and communicate a vision and strategy that corresponds to organizational needs and expectations, and that can support the establishment of a new discipline.

You probably hear every day of the risks associated with privileged accounts, but you also understand how costly and challenging it is to manage them. Make measurable progress towards a more effective PAM solution. Couple a phased approach that starts with a better understanding of your security goals with next-generation PAM capabilities including privileged elevation and delegation management, and privileged user behavioral analytics.

Join other attendees for lunch and take advantage of the opportunity to network and catch up on the day's activities so far.

This presentation will outline ongoing changes in security operations/policy/organization, technical migrations, shifts in security mindsets, societal changes, and modifications in adversarial tactics that CISOs and their direct reports should monitor. Attendees will learn strategic changes that aren't yet widely recognized but will have broad industry impact and significant potential for disruption. Through 2022, technologies related to these trends will reach a level of maturity that crosses a critical tipping point.

There are two actors on a network, people & machines. People rely on user names & passwords to identify themselves and gain access to machines. Machines use digital keys & certificates for authentication. But we’re not protecting these growing machine identities. We spend billions each year on user name & password security, but almost none on protecting keys & certificates. Learn about the steps you can take to get these risks under control.

Daily data breaches make some CISO’s and IAM Directors a little concerned with moving to a cloud based service, especially given that GDPR is now in effect. We will look at how shifting back to a private dedicated “cloud” solution for your SSO requirements offers better security and control. We will cover: • Cloud vs. On-Premises Comparison • Security concerns • Affordability of an IDaaS solution

Oft-overlooked impact from changes as a result of a migration to cloud services means a scramble to return controls, oversite & productivity in the way you manage users and groups. If you haven’t started your migration but plan to in the future, learn about strategies to ensure success & compliance. If you have already started or completed your migration, it's time to get your automation & delegation in place to enhance security & productivity.

This session will focus on how organizations can move their entire IGA Program to the cloud as well as providing a vision and strategy to secure your organization. Join us as we profile multiple, successful full-suite IGA cloud deployments across the financial, health care, manufacturing and higher education verticals with specific use cases including password, provisioning as a service, governance, single sign on, compliance, and more!

This session will solicit the experience of organizations that have used systems integrators for their IAM projects. Learn how to select and manage your integration partner.

As we continue to see daily data breaches due to weak credentials, moving away from and killing the password is finally upon us. Join this session to learn how FIDO2 and WebAuthn open authentication standards, in conjunction with YubiKeys, are solving the elimination of passwords at scale. Hear how organizations like Microsoft have implemented these standards for a true passwordless experience and find out how your organization can follow suit.

Gartner predicts that by 2022, API abuses will be the most-frequent attack vector resulting in data breaches for enterprise applications. Learn about the best practices to design and execute an effective API security strategy, including the complimentary roles of an Identity Provider and an API gateway.

Although many enterprises already use hundreds of cloud applications, some of their toughest identity challenges reside behind the firewall where aging legacy apps are being managed by rigid, dated on-prem IAM solutions. OneLogin will explore how enterprises can extend the flexibility and superior experience of IDaaS to manage legacy applications together with modern cloud apps in a single, unified solution.

Hybrid IT environments are powering the digital transformation, but failing to enforce governance and least privilege policies across a multi-cloud environment put an organization at risk. Learn how RapidIdentity makes it possible to holistically and centrally grant, revoke, and time-limit fine-grained access to the cloud applications, infrastructure services, and permissions needed to compete and win in today’s digital marketplace.

In this workshop we look at how you can boast your communication skills and get your message across more effectively. Successful communication is all based around tailoring your communication style but how do you do this? With video clips, and plenty of exercises, this workshop is hands-on with lots of group participation. How do you communicate the value of your program? How do you sell the benefits to your customers across the organisation? This workshop will show you how to do all of this and more.

Mobility brings constant chaos with users trying to access applications and data from new and potentially unknown devices and locations. This session will cover how this chaos impacts identity and what organizations should be doing as best practices to ensure proper authentication.

Products and services lacking consideration for privacy represent a clear liability to organizations that process personal information. Over the course of this session, we will outline how to embrace Privacy Engineering and transform your privacy program from a forced to an organic change. We will look at lessons learned from the mad rush to the GDPR and how small, strategic changes to the way you plan, design and acquire can make compliance a natural step in your progression.

Many organizations have adopted machine learning and data analytics to help them identify security anomalies. However, mere identification isn’t good enough in a world where Petya and other modern attacks can take down 15,000 servers in a single organization in under two minutes. To combat these new types of malware, organizations need to be looking at Model Driven Security Orchestration where the security responses to emerging threats and attacks are automated and driven at machine speed. Organizations also need to adopt emerging technologies such as UEBA and machine learning rather than relying on traditional IAM technologies. . In this presentation, Aetna will provide an overview of our security orchestration program, including what worked, what didn’t and lessons learned to help you develop a more secure IAM strategy.

Together IAM and CASBs extend access control beyond the front door. In this session, we discuss how the two relates, integrates and how they rely and leverage each other to take back control of identities, services and data.

Organizations are allocating funds for blockchain without defining use cases, putting security and risk management leaders in a bind. You need to support the adoption of blockchain, but manage the risks that result from relatively unproven tools. Come learn: ● How to trust distributed identity. ● How to trust unknown cryptographic service providers on blockchain and distributed ledgers. ● Recognize the can't-happen-don't-care state is more important than we think.

Is your organization in need of a Privileged Access Management (PAM) solution? If so, this session will serve as a good primer on the technology. Key issues covered include * Introduction to privileged access management * The PAM maturity model * An overview of PAM tools and when and how to use them

Managing bots identity and access has introduced a new set of IGA requirements that stretch the scope of identity governance. Also, cognitive RPA has shown potential to expand automation opportunities in IGA solutions. In this ask-the-analyst session, participants can discuss potential use cases of RPA in IGA and how IGA should adapt to manage bots identity.

Security and risk management leaders need to develop security strategies that treat data as a pervasive asset (and liability). New data privacy laws and the continued growth of data breaches are increasing business risks. Data security governance is an emerging risk-based framework that will help plan and orchestrate policies across data security products that are siloed and do not integrate.

EMM suites help organizations with mobile device, application and content management, and containment, but they increasingly interact with IAM systems and provide IAM functions such as certificate management, authentication and single sign-on. In this roundtable, participants will discuss how EMM suites and IAM solutions can play together to achieve organizations' security goals.

Organizations are rapidly focused on enabling a diverse workforce yet female leadership position still greatly lag that of males. Increasing your visibility is important for advancing your career. In this session, we will review 10 things that highly successful women say they do in order to increase their visibility throughout the company, industry and technical community. Participants will discuss how they have seen this play out in their organization and share additional ideas that have worked for them.

The speed in which a PAM solution achieves success and provides value relies upon how prepared your enterprise is for the new capability. Cognizant will share lessons learned from working with organizations who have launched successful PAM implementations.

Azure Active Directory empowers organizations to manage and secure identities for employees, partners, and customers to access the applications and services they need via a common identity across on-premises and cloud directories. Come get an overview of our capabilities and demos and learn about the latest investments in identity protection, conditional access, single sign-on, hybrid identity environments, managing partner and customer access, and password-less authentication.

Combining digital identity, sophisticated mobile apps, and powerful analytics changes what’s possible for any user experience. Join Station Digital Media and MicroStrategy, for a discussion on how delivering contextual insights changes operations and workflows as well as drives new opportunities for customer engagement. See how personalized interactions help deliver an exceptional experience for every employee, customer, vendor, and partner!

Whether your systems and applications are on-prem or in the cloud, the way toward future-proof digital transformation is agile, risk-aware and compliant. Join this session to hear how Saviynt customers adopted Cloud IGA solution to manage complex hybrid IT environments and address security requirements. You’ll learn how to achieve continuous compliance effectively and develop a roadmap to rapidly on-board applications and deliver business value.

As the explosion of data, applications, and human and nonhuman identities impacts organizations, businesses are addressing these challenges to ensure their identity program meets security and compliance requirements. Join us to hear from SailPoint customers from different industries and overseeing identity programs at various stages of maturity. We’ll discuss the strategy of their programs and their thoughts on the evolving identity market.

Today's advanced security threats require proactive and intelligent automation that can quickly scale with a rapidly changing IT environment. Learn how Oracle's Trust Fabric helps predict, prevent, detect, and respond to the overwhelming number of security events that challenge IT and security operations. Oracle's Trust Fabric is a comprehensive set of integrated solutions designed to help reduce the time required to respond to security threats.

Establishing Privileged Access Management (PAM) controls is essential to strengthening your security posture. Learn how one organization is taking a programmatic approach to prioritizing risk reduction and improving C-level communications associated with protecting investments in modern infrastructure to support digital transformation.

Leading companies move from "just" digital business to using technology to tackle society's larger issues. Fintech, healthtech, agritech, legaltech. "Identity" becomes about who you are in the digital society. "Access" becomes about being able to participate in, well, life. This provocative, fast-paced presentation argues that the Silicon Valley way of creating a better world is short-sighted and misguided. What will be your story? Let it be one of optimism and hope.

The access management market has evolved beyond supporting traditional web applications, and now there are more choices than ever. Attend this keynote presentation for an overview of the IAM-related Magic Quadrants and Critical Capabilities that have been published in the past year.

Global security management teams in enterprise IT organizations are being challenged to create security frameworks for product teams to provide for operational technologies to manage fleets of devices that are manufactured world and deploy on a global scale. Find out about the challenges and the exciting developments in device identity management that are providing solutions as IT and OT converge.

Are you letting users login without knowing the risks associated with their account activity and user behavior? If so, you’re likely missing indicators of compromise that could help you neutralize an attack in progress. Come see how RSA SecurID® Access and RSA NetWitness® Platform correlate identity analytics to reveal hidden anomalies and outliers, and automatically thwart identity-based attacks.

Silver bullet solutions lure organizations with quick fixes but address a fraction of the requirements, leaving organizations vulnerable. This session will offer attendees insights and real-world examples on how to approach security to address critical needs, like breach defense and DevSecOps. Attendees will leave this session knowing how to avoid the lure of a silver bullet by learning the benefits of taking a holistic approach to security that allows organizations to not only reduce their risk and better protect their assets, but also securely empower their businesses to take advantage of all that the promise of digital transformation has to offer.

A multi-national bank will share their experience eliminating passwords and implementing strong MFA for Citrix and Microsoft AD environments. The bank will describe the benefits of using Veridium’s platform with mobile biometrics including: · Reducing costs · Simplifying UX while increasing security · Creating consistent login experiences in or out of the office · Branding with integration to the bank’s self-service mobile app

Modern IT environments have three major challenges with traditional identity security products. IT organizations evolved and embraced hybrid IT deployments and cloud services, traditional identity security vendors failed to evolve with them. Organizations are left vulnerable to insider threats and external attackers. Find out if your organization is affected by these three challenges and learn how they can be prevented with OverWatchID.

Digital business challenges the conventions of digital risk and security management. Security and risk management leaders must develop a coherent digital security program based on a clear vision and strategy. This presentation will address: What constitutes an effective vision and strategy? What are the elements of a digital security program?

Network with your industry peers over breakfast. Discuss with them the most effective ways to fight fraud, protect privacy, or enable a low-friction, real time mobile and online banking experience. This session is reserved for endusers organizations in the financial services industry. (e.g Banks, Insurance, Credit Card companies etc...)

Network with your industry peers over breakfast and discuss issues specific to federal, local government and public sector, from public cloud migration challenges to creating a more seamless citizen experience. This session is reserved for enduser organizations in the government and public sector.

Join other attendees for breakfast before the day's sessions.

Registration and information hours for the day.

Not sure which exhibitors to meet with or what sessions to attend? Let Gartner Event Concierge help you create a custom agenda and schedule meetings. Just email us at ConciergeNA@gartner.com and we’ll be in touch soon.

There's an astronaut saying: In space, “there is no problem so bad that you can’t make it worse.” So how do you deal with the complexity, the sheer pressure, of dealing with dangerous and scary situations? Retired colonel Chris Hadfield paints a vivid portrait of how to be prepared for the worst in space (and life). Although CIOs aren’t operating in a vacuum, there are clear to parallels as to how they manage the ultra complex situations they find themselves in and how they manage the limited resources at their disposal. Be prepared for an out-of-this-world ride and to come away with a better vision as to how to adapt to your own ever changing universe.

Join us for refreshments in a brief break between sessions.

In this workshop, we will assess how identity is provisioned to IoT devices and how identity is used to authenticate and authorize access to and from the device. We present a model for the identity of things (IDoT), different constraints and we will look at the current state of the art. You will work through prepared materials and leave with an IDoT design for your most challenging IoT effort.

The privileged access threat landscape is growing with a higher risk of enabling cyberattacks and severe consequences. Technical professionals must architect privileged access control capabilities to defend against exploitation scenarios and to resist advance persistent attacks. In this session we discuss how to develop an overarching PAM requirements and architecture strategy.

Trusted digital identity is critical for enabling digital trust. To take advantage of digital business opportunities, IAM leaders must leverage various trusted digital identity models, including BYOI, to satisfy consumer needs, enabling simple, convenient and secure access. Audience members will learn why noninteroperable digital identities will not scale with the needs of digital business.

In this session, Gartner will explore how consumer IAM features such as registration, preference management, consent management, and access management help organizations comply with GDPR requirements.

Digital business opportunity and digital business risk are fundamentally intertwined — zero risk, zero opportunity. The key capability for IAM professionals over the next decade will be to continuously discover, assess and adapt to ever-changing risk and trust levels. We need access management decisions to become continuous and adaptive — enabling real-time decisions that balance risk, trust and opportunity at the speed of digital business.

In its 20 year existence, e-signature has become an integral part of B2B/B2C documents and business processes. In this presentation we'll cover how this technology continues to evolve and is now playing an increasingly significant role in organizations' digital business transformation as well as their participation in digital trust ecosystems.

As identity and access management activities align more with an organization's digital objectives, security and risk management leaders responsible for IAM recognize the need to manage IAM as a program in its own right. This session addresses: * How to justify the IAM program * Establishing program responsibilities * Establishing program governance

This roundtable will aim to address the challenges of motivating an organization to review and change business processes, clean up legacy data and implement a technology solution that governs the Identities and related entitlements against ever changing requirements needed to facilitate a compelling IAM Strategy for improved automation

Getting buy-in from the many stakeholders for an enterprise IAM program begins with having a clear, insightful, coherent strategy. Participants in this Roundtable will share experiences, lessons learned and insights on the elements they have used to successfully build a 3-year strategic plan.

This roundtable will address some of the mounting pressures caused by today’s compliance and IAM landscape, and how you can prepare and safeguard for the future by effective implementation and operationalization techniques.

The roundtable will focus on what we see next in both Identity and End User technology that will transform the space and create a frictionless yet secure environment.

Traditional role mining and role lifecycle management fails due to the fact that IAM vendor tools do not have mature capability to handle huge volume of application entitlements. HM Health Solution/Highmark went different approach to build roles and the business outcome/value realization on deploying a RBAP solution.

A successful IAM program begins at the top. Identifying the right advocate to sustain stakeholder interest in IAM is a key to program success. At this roundtable, learn how your peers are addressing this challenge.

Micro Focus Exec Tech Strategy Session

Organizations thrive in a competitive landscape that includes supporting a transformative marketplace, providing positive user experience, and reducing the threat surface with equal priority. Today, how to implement identity security is debated across the business. Join SecureAuth’s Robert Block and Scripps Health’s Christian Aboujaoude as they discuss the impact these changes have on organizations, and how organizations can prepare to succeed.

Organizations process and store huge volumes of sensitive information. Inadequate controls in IAM processes and technology can lead to breach, involuntary exposure of data, and non-compliance issues. But you cannot correct what you don't know, so the first step is assessment. We'll address the most common questions around designing IAM Assessments, Blueprints & Roadmaps - Why Should We Assess? What Should We Assess? and When Should We Reassess?

Authentication has become a critical part of security strategy. In 2016, over 81% of data breaches were perpetrated using compromised credentials. Traditional means of authenticating users are no longer sufficient. We’ll discuss the leading forms of frictionless and secure authentication including biometrics, PKI and behavioral analytics and explore ways to orchestrate these authenticators with risk-based adaptive authentication.

Join this panel of your CISO peers as they discuss their journeys and how they matured their PAM programs. Considering new use cases such as cloud, DevOps and IoT, organizations must transform their static PAM projects into dynamic PAM programs that enable agility, growth and innovation. This interactive panel discussion will be for everyone – from those just beginning their journey to leaders looking to fine tune a sophisticated deployment.

For many organizations, deploying a new application means spinning up a new project just to integrate into their existing directory infrastructure. Every acquisition or change in business requirements necessitates potential changes to every application. By virtualizing their directory infrastructure, Transamerica, General Electric and LinkedIn were able to more effectively leverage their existing directories for all their new business initiatives

Despite the benefits of the cloud, new challenges emerge around managing access across employees, partners, or contractors, and new security risks arise when embracing cloud productivity suites like Office 365. You’ll learn best practices for 1) Securely embracing the cloud, 2) Reducing complexity of managing separate password and authentication policies across on-prem and cloud resources and 3) Providing a consistent and seamless access experience for end users.

The University of California - San Francisco (UCSF) had to replace a 20+ year old, mainframe-based identity system, when the platform was phased out. Learn how UCSF addressed the challenges of replacing a system deeply entangled with core business processes, and expanded process automation to prepare for the future.

This workshop discusses real-world experiences on solving the challenges associated with identifying users and devices in a mobile landscape. It also discusses the convergence of mobility management and Identity management technologies and the implications this poses to the digital workplace. Key Issues: • Do I need to implement mobile identity? • If so, how? • What are the best practices in deploying it?

Identity governance and administration (IGA) systems have been on the market for years, but many IGA deployments are aging and struggle to meet new digital business demands. Organizations must rethink their identity management architecture and adopt next-generation technologies that support cloud, mobile, DevOps, AI, analytics, and cyber-security initiatives. In this session, Gartner will explore IGA technology trends including analytics, cloud delivery, UI modernization, service-based architecture and advanced integrations such as robotic process automation (RPA), privileged access management (PAM), and data access governance (DAG). This session will answer the following questions: What are the major market influencers that are driving innovation in the IGA market? What are the major technology trends? How do I architect an IGA solution that will withstand the digital movement?

With various privacy and data protection regulations establishing themselves, organizations face a challenge in quantifying and addressing the risk that comes from handling personal information. This session will allow attendees to find clarity and leave with clear, actionable advice on the management of privacy risk.

(TechDemo) We will evaluate the capabilities of Amazon Web Services (AWS), Microsoft Azure and Google Cloud Platform (GCP) to provide access control, authentication, SSO, Active Directory services and identity governance for IaaS. Via a custom single page application, we will provide guidance on best approaches for leveraging these capabilities as well as using them to integrate your applications and services across the three IaaS platforms.

Decentralized identity and related evolving standards will be disruptive. Proof-of-concept projects have shown the potential benefits such as enhanced privacy, reduced security risk and cost-efficiency. However, there are still gaps and challenges that require more work. This session will demystify decentralized identity architecture, example offerings and current state of the market.

IAM programs must deal with a variety of process and technology related opportunities and issues. Coordinating these in order to provide measurable progress and benefits is always a challenge, and may not happen in the optimal or desired order. The challenge to IAM leaders is to fulfill expectations of stakeholders and organize activities to manage dependencies. Use the roadmap to manage outcomes.

Good information security hygiene is a must, but many organizations lose focus on getting the basics right, leading to an unjustified level of confidence in risk posture. Join us and learn: • What are the key activities, capabilities and practices for organizations? • What are the activities that you can delay or even skip entirely? • Why doing the basics is more important than ever?

This session will focus on techniques and tools that organizations use to solve problems associated with users having to remember too many passwords and to give them the convenience of SSO.

In a hyper connected world driven by collaboration and access across clouds, resources and organizational boundaries, it is critical to balance your organization’s need for security and employee productivity, using the right processes and visibility to address the risks. Come learn how Azure Active Directory Identity Governance ensures the right users have the right access to the right resources, and protects, monitors and audits access to critical assets.

Join other attendees for lunch and take advantage of the opportunity to network and catch up on the day's activities so far.

This presentation outlines the top 10 security projects, based on a number of criteria: The emerging technologies that support the project are not yet mainstream; the project helps deliver against the CARTA (continuous adaptive risk and trust assessment) approach; and the project has high risk reduction versus resources required as compared to alternatives. Attend this session to get ideas and justification for specific security projects.

Join this luncheon to network with amazing women that are driving technology innovation into and throughout their companies. Regardless of where you are in your professional journey, there is something here for everyone. Build a strong support network to identify programs and resources to help you achieve your personal and professional goals.

Privileged accounts hold the keys to highly sensitive company information, and once these credentials are targeted, they can easily open the gate to a company’s most valuable assets. Most enterprises have implemented some form of Privileged Access Management but many find those initiative fail to live up to expectations. In this session, we'll discuss the common reasons why PAM projects fail to deliver with practical insights gained in the field.

The bad guys are proactively leveraging SSH to accomplish data breaches. This presentation will feature original threat research on SSH based attacks. We will discuss the different threats presented by hacked SSH and the shadow identities that can be tied to SSH. You will see how SSH can be managed within your policy framework and then look at current threat factors and emerging risks. We will define best practices that you can implement today. Concluding with questions on any topic from the audience and hot takes from our panel of experts.

With the advent of General Data Protection Regulation (GDPR) now months back, many businesses are still in the early stages of preparation, and some haven’t even begun. How can your business continue to win market share in this new reality, and who should lead the charge toward full compliance? Learn how Franklin Covey used the SAP Customer Data Cloud solution to explore the vital collaboration needed between marketing, security, and compliance stakeholders to turn GDPR from existential threat to market-differentiating advantage.

Any successful approach to advanced PAM involves continually managing risk by controlling administrative use, assignment and configuration, together with optimizing what’s known as the Principle of Least Privilege (POLP). CEO Tim Keeler shares his experiences in working with clients to help protect over 1M endpoints with Just In Time Administration. Learn how you can bring agentless privilege access management to your organization Just In Time!

Everyone is speaking about passwordless authentication, but how can you prove who you are? Verification of a person's identity is imminent is everday events such as buying alcohol, opening a bank account, going to the airport. An SSO like process across all of these events and locations would enable such an experience. Proving your identity once , developing a level of assurance and then carrying that with you across these authentication points.

In an attempt to counter a proliferation of breaches, organizations tend to secure the endpoint and perimeter, and governments enact compliance regulations, which do little more than add operational costs. As endpoints and perimeters give way, bad actors have free reign. Identity-centric security is the best way to address threats. Identity is the language of security. Speaking it can provide impactful change to an organization’s risk posture.

Broken algorithms, new hardware attacks, quantum computer breakthrough and the increasing use of PKI requires planning and well-structured processes for managing certificates. In this roundtable, we will discuss PKI, it's bread-and-butter use cases as well as its use within IoT, mobility and DevSecOps.

In line with the trend of Office 365 adoption, a large number of organizations are considering Microsoft's native IAM and security offerings such as Azure Active Directory, Azure Information Protection, Intune, Exchange Online Protection and Advanced Threat Protection. Which of these are you using successfully? What challenges have you encountered? Where have you found the need to supplement or supplant these capabilities with a non-Microsoft product? Join us for a peer-driven discussion to address these and any other questions you may have.

Witness the future of frictionless authentication as we reveal the results of a behavioral study conducted earlier this year. Experience the magic through case studies, demos and try it yourself. Discover - What people love about truly password-less 2FA. - Why leading organizations are raving about this next gen of authentication. - How you can easily integrate lovable 2FA into your organization's IAM platform for employees, consumers or both.

Enterprise identities can be prone to attacks if not protected properly. While identity has not been considered a foundation of most security architectures, it is emerging as the key to reducing the risk of a breach. Hear how a former CISO, leaders from Wells Fargo and Adobe are helping organizations by providing best practices and practical guidance for implementing identity-centric security strategies.

Digital risk management addresses the changes to traditional IT and operational risk management brought on by major changes from digital transformation— whether cloud-bases services, blockchain, artificial intelligence or the Internet of Things. This presentation explores the risks incurred by IAM professionals as they leverage next-generation digital capabilities.

Blockchain has become a much-hyped technology with a lot of potential. Yet, with cyberthreats and data breaches, is this technology secure? As Blockchain starts to impact the world, CISOs must understand the security and privacy implications. This session aims to provide a CISOs with a framework that will help them identify and manage risks related to Blockchain.

Identity management is arguably the most important discipline required for a successful Microsoft Office 365 deployment. Yet there are so many moving parts. And things change quickly: Best practices 12 months ago are now deprecated. This session will leverage a live Office 365 environment to illustrate the path to Office 365 success — from Conditional Access to Office 365 Groups to Seamless SSO to third-party MFA/IDaaS.

When migrating applications to the cloud, teams may not properly account for IAM, leading to short-term solutions to IAM challenges and misalignment with the organization's overall IAM architecture. This session guides technical professionals on common approaches to IAM in application migrations.

The early promises of easy, secure and universal authentication through unique personal traits has been unfulfilled for decades, but in the past 10 years we've seen an surge in interest and adoption. Are biometric methods now the way forward for every enterprise? • How does biometric authentication differ from other orthodox methods? • Where is biometric authentication most popular today — and what are the pitfalls? • How do biometric technologies fit in an enterprise identity corroboration strategy?

In just five years’ time, digital ethics has grown from an interesting future trend to a core business necessity. Organizations that are rounding out their digital businesses label it a top 3 priority. But the topic is shifting again. After the big data and privacy debate, ethics and artificial intelligence is on everyone's mind. A complex topic, but there are some emerging practices already. How to deal with ethics and AI before it is too late?

Buying IAM solutions requires detailed analysis of vendors, solutions and alternatives. Learn to use this five-step approach to structure the evaluation process, derive your shortlist, choose a solution and negotiate the best price.

This workshop will help IAM leaders develop metrics that can help them to communicate more effectively about the state of their IAM programs and, ultimately, manage those programs better.

In this workshop, we will discuss several of the more common authentication and authorization use cases that require OAuth/OIDC and the specific OAuth/OIDC extensions that are needed to properly implement them. We will also provide information on which vendor offerings support some of the newer, the less commonly available OAuth/OIDC extensions.

Cyber-attacks continue to increase in sophistication and volume. Central to almost all of these breaches are elements of privilege abuse and misuse. We'll discuss strategies for security professionals on how privileges, passwords, and vulnerabilities are being leveraged as attack vectors and how you can take measurable steps to defend against them. Come learn what PAM is and 12 key steps to mitigate the threats of unmanaged privileges.

IAM leaders are confronted with increasingly complex ecosystems. Hybrid solutions must address multiple use cases with a strategy-first approach for long-term success across on-premises, cloud, B2B, B2C and IoT implementations. Learn how to build your IAM program and connect it with GRC and Compliance capabilities to address key business drivers and support your current and future state policies and processes.

In the financial sector a poor customer experience means revenue losses of millions. The transition to a next-generation CIAM platform was THE critical first step to meeting ATB's digital transformation goals. Join ATB as they share their identity transformation story: - Creating a single, cross-organizational view of customer identity - Implementing SSO across all digital properties - Improving multi-factor security & experience

An examination of ongoing and emerging threats in the Cyber Security Threat Landscape and the role leadership will play in strengthening an enterprise to ensure cyber resiliency as espoused by the leader of the FBI’s Silicon Valley cyber security branch. The discussion is supported by current trend and case examination. Plus, guidelines and principles of leadership in the realm of information security will be proffered for consumption and use.

As organizations increase the pace and frequency of application releases, a more agile approach is needed to embed cloud-based identity services into applications. Application developers need self-service and agility, while enterprise IT teams need a platform to provide centralized security and control. Learn how a self-service IDaaS solution can help you overcome both of these challenges and speed up the process for developers and IT to launch and maintain customer applications.

Security leaders from Microsoft, Fortinet, HARMAN and NIST will candidly share how they balance security, speed, compliance and UX to simplify their IAM strategy and meet their security fears head-on. Walk away with pragmatic insights to modernize your approach to IAM.

In highly regulated industries compliance is an existential mandate, but increasing numbers of entitlements, systems and applications make it difficult to focus on those that present high risk. This session presents how IGA helps HealthEquity highlight entitlements and permissions that need regular scrutiny and oversight. Application onboarding process and policies organize entitlements to focus on exceptions and achieve intelligent compliance.

Join us for refreshments in a brief break between sessions.

Passwords are a bane. Everyone struggles with multiple passwords. Passwords are notoriously weak, yet attempts to strengthen them only increase people's frustration, while providing little respite from attacks. However, passwords require no new technology and are very familiar, even comforting. And while reducing friction is generally good, can passwordless methods show intent? Join this crossfire session for a thought-provoking discussion among Gartner analysts.

Privacy is considered a human right in most jurisdictions of the world. Yet, with multiple privacy laws globally being strengthened, privacy incidents keep happening. Is there an implied business case to ignore it? Is privacy overrated? Is it dead? Are there benefits to "get it right"? In this analyst debate, we intend to explore the benefits and disadvantages of privacy protection in the employment, government, and commercial interaction environment.

Enjoy some country-style fun at this lively mid-Summit shindig. Open bar with cocktails, beer and wine. Plenty of food to keep you energized. Classic country music that’ll fill the dance floor. Take a Texas two-step dance lesson so you can cut loose like a pro (cowboy boots optional!). Come on down, have a drink, hang out, and two-step the night away. All compliments of your friends at Edgile. Tuesday, December 4, 5:15pm-7:15pm, Pompeian I-II.

Join us by the fire at Camp BeyondTrust, where you'll enjoy fun games, camp songs, s'mores and more! Of course this is grown-up camp, so there will be adult beverages and a chance to win a cash prize of $2500! The more games you play, the better your chances to win! Be present for the live drawing at 7:00 PM. Do you have an upcoming PAM project? Talk to one of our Camp Counselors and receive a merit badge and another chance to win!

Are you Ready?

Security and risk management leaders struggle to hire and retain staff with the right skills, especially in the age of digital business. We discuss the outlook for security talent in digital businesses. What do organizations do to confront this shortage? What can you do to ensure your team's skill sets are developed for a digital world? What does the future of talent look like with technologies such as AI/ML, blockchain, IoT looming?

Network with your industry peers over breakfast. Discuss education specific IAM challenges and how to create better faculty, student and visitor access. This session is reserved for endusers from higher education and other educational institutions.

Join other attendees for breakfast before the day's sessions.

Registration and information hours for the day.

Not sure which exhibitors to meet with or what sessions to attend? Let Gartner Event Concierge help you create a custom agenda and schedule meetings. Just email us at ConciergeNA@gartner.com and we’ll be in touch soon.

Although many focus on the underlying technology of the digital revolution, some fail to focus on people and culture. Business leaders and cyber professionals speak different languages and review different metrics when measuring progress and success. Frequently, these two groups do not understand one another and talk past one another, putting at risk growth, speed, agility and resilience within the enterprise. Deborah Lee James, the 23rd Secretary of the Air Force and current independent director on multiple public and private boards, shares the business factors that drive the cyber conversation at the Board of Director and senior government level. She’ll offer perspectives on what IT leaders need to know to communicate more effectively, become better business partners for growth and mission accomplishment, and change culture for the good.

Join us for refreshments in a brief break between sessions.

This roundtable discussion will cover what IT expects out of unified endpoint management (UEM) and if it is realistic to switch to UEM today from separate client management tools (CMT) and enterprise mobility management (EMM) to a single solution. What challenges are IT departments facing from the ever-exploding number of devices, and will going to UEM solve this?

Advanced identity analytics based on machine learning is a major technology trend. In this session we discuss how enterprises can improve the success of their machine learning initiatives by better managing organizational issues.

In this live demonstration environment, we will dig into best practices for user management, SSO, MFA, hybrid architecture and availability. Topics include: Azure AD Connect, Pass-through Authentication, Conditional Access and third-party IDaaS/MFA/federation integration. As this is a limited-attendee format, you will work through prepared materials and leave with checklists that are specific to your organization.

The evolving OAuth 2.0 frameworks and OpenID Connect has been proven hard to master when protecting enterprise applications with authentication and authorization. What's the latest enhancement of the framework and how should native and web apps, as well as services, implement and leverage the framework to balance security, privacy and convenience?

IGA deployment initiatives are a potential minefield for many organizations that risk costly delays, difficult integration and lower overall value. Gartner has identified common anti-patterns for IGA adoption that range from the planning phase to the actual deployment and integration. Learn how to identify and avoid these common mistakes and plan for a successful IGA deployment by focusing on value and using Gartner's IGA deployment model. 1. Why Is IGA So Difficult to Get Right? 2. What IGA Deployment Strategy Will Work Best for You? 3. What Best Practices Should You Use When Deploying and Running IGA?

An identity and access management professional is more than just her knowledge of federation protocols, her ability to build user provisioning policies, or her ability to deploy social sign-up. Although we inherently know that is takes other skills to be a successful identity professional, we don’t often identify them nor do we talk about how to grow them. In this talk, Ian Glazer, Founder and President of IDPro, the professional association for identity management, will discuss the results of a recent IAM practitioners skills survey as well as: • How can we realistically think about skills development • What are things keeping us from using the skills we have and preventing us from learning new ones • What has made other practitioners successful • What areas have identity professionals work in • What technical and non-technical skills identity professionals identify as crucial to their careers

In today's digital environment we have more users, more applications, more devices and more relationships to manage than ever before. The ability to effectively govern identities and access controls in this increasingly complex digital environment is reaching beyond human capacity. Advancements in the field of identity analytics promise to help simplify and improve our identity governance and control activities. Identity analytics employee big data, machine-learning and AI techniques that are able to consume and analyze vast amounts of data which allows organizations to detect and respond to risk in a more timely fashion. In this session, peers will have the opportunity to discuss how identity analytics can help improve IAM processes.

Employee monitoring is one of those topics that most IT leaders don’t like to talk about. Blandishments like “we trust our people” and “we have a culture of openness” are common. Yet, as Mark Twain said, “The difference between a man and a dog is that if you feed a dog and take care of it, it will not bite you.” We examine how employee monitoring contributes not only to prevention and detection of internal malfeasance, but can also be used to safeguard employees and ensure safe working environments.

Moving Authentication and Access Management (AM) to the Cloud. As enterprises embrace cloud computing interest in adopting cloud-delivered IAM capabilities increases. But, is IAM as a service (IDaaS) a viable model? This session gives you an opportunity to ask questions such as: Can it support hybrid (cloud and on-premises) biz app architectures? Can AM vendors authentication capabilities displace incumbent tools or is there still a need for standalone authentication solutions?

As the GDPR establishes itself and new consumer privacy laws in California signal change across the U.S. landscape, this roundtable centers on the challenges and practical solutions in handling personal information.

In an increasingly mobile and cloud-driven workplace, nobody wants to be tied to a desk. So your security strategy must protect access from boardrooms and bars, cubicles and coffee shops alike. How can you ensure that users and their devices meet the same controls whether they’re outside or inside the network perimeter? Duo uses a zero-trust model, in which users and devices are treated as untrusted until proven otherwise. Join us to learn more.

3M/Deloitte, US Army/Accenture Federal, and NextLabs share their stories on leveraging externalized fine-grained authorization and ABAC to push the envelope on protecting and controlling access to sensitive data. They’ll explain how their ABAC implementations helped them address their data segregation and data leakage challenges – including best practices on using a policy-based platform as the foundation of an enterprise-wide security framework.

Learn how international energy and gas company Shell created a global CIAM architecture that transcends brands, channels, use cases and regions. Shell GM Digital Emerging Technologies / VP Innovation Lead Johan Krebbers will share how his team built a consumer-scale enterprise identity management ecosystem to meet the company’s goals for transformation, insights, privacy and security.

As traditional network perimeters dissolve, organizations must discard the old model of “trust but verify” which relied on well-defined boundaries. Zero Trust mandates a “never trust, always verify, enforce least privilege” approach to privileged access, from inside or outside the network. By implementing least privilege access, organizations minimize the attack surface, reduce risk, complexity and costs for the modern, hybrid enterprise.

It’s known that MFA is the most secure way to protect data and thwart attacks, but selecting a provider and implementing a solution brings a unique set of business challenges. Ed Lafferty of The Hartford will discuss best practices for selecting the right vendor and tips for implementation & maintenance to ensure the solution scales with your organization.

You've migrated all your software to the cloud except for your security solutions. What now? Join technology leadership from Intuit and Thycotic as they discuss the challenges and opportunities that arise from automating Privileged Account Management and migrating cyber security software to public and private clouds.

Remember when you were growing up and all you wanted to be was a rock star? But then reality hit and you realized that you could not sing or play the guitar? So you decided to pursue the second most desirable career that promised fame and fortune – IT Security! But unfortunately, the widespread data breaches are bringing us the limelight, but not the kind we want. How do we change this? How can we make our security infrastructure resilient and ready to actively respond to threats. In this session, you will learn about how Modern IAM, API management, and fraud prevention solutions from CA are helping to make security do the work that it must do – so that your company can stay out of the limelight.

Digital Risk Management is a discipline that seeks to expand current risk management to incorporate the rapid advances in technology that organizations face today. The roundtable seeks to answer such questions as (1) what does digital risk management add to ‘traditional’ risk management techniques? (2) How can organizations best prepare to absorb these additions quickly and efficiently? (3) How does this change your cyber and physical security practices?

Petri Heinälä of Fujitsu and Sami Ahvenniemi of SSH discuss why the approach by current generation of Privileged Access Management solutions just doesn’t work in dynamic and disposable multi-cloud and hybrid environments and what are the better alternatives for DevOpsSec. They also discuss the inevitable unification of IAM and PAM and what might lie ahead in the not-so-distant future with emerging paradigms such as containerization, immutable infrastructure, and serverless computing.

Every organization, regardless of where they reside on the IAM Maturity spectrum, benefits from perpetual access auditing. Our panel, comprised of Deloitte Audit, CISO veterans and IAM solution providers, will delve into how companies with end-to-end IAM solutions, hybrid programs or 100% manual processes leverage perpetual auditing to identify security policy violations, remediate process gaps and control access risks.

Join World Bank, Apiture, Dimensional, EY and PlainID as they share their views on why Authorization has taken a front seat in their corporate IAM environment. Hear about the business problems they overcame and the capabilities they used (e.g. data collaboration, the API economy, fine grained, controlled visibility...) including advanced ones like policy-based authorization. Panel will share their recommendations for your organization.

As multiple devices, identities, assets and applications proliferate, the CISOs’ ability to manage risk in a rapidly changing environment is critical to protecting key enterprise resources that extend beyond the enterprise boundary. Join Gemalto to hear how an adaptive policy-centric data protection approach offers a powerful framework for protecting the rapidly expanding attack surface of an organization’s critical resources.

Attendees will learn how device-based authentication is an important first step in transforming secure customer interactions, both strengthening authentication and enhancing customer trust. Discover how implementing this flexible and transparent solution also creates a path for new consumer-friendly MFA and additional assurance for higher-risk situations.

Many organizations seek to manage unstructured data with IAM to reduce risk, increase efficiency and simplify compliance. Often, organizations struggle to incorporate unstructured data because it needs some TLC before it can be managed: you need to deal with unique permissions, inconsistent inheritance, overexposed or stale data, and more. Join Varonis to learn how to overcome these issues and make your IAM unstructured data project successful.

This session gives you an opportunity to ask questions about privileged access management (PAM), successful use cases and requirements needed to make your PAM efforts successful. Attendees should come prepared to ask questions.

The University of Auckland has designed and executed a business-outcome-focused IAM program of work. The three-year program established a mature, strategically-aligned IAM business capability. This program was delivered successfully with effective stakeholder engagement, advocacy, and sponsorship. This session will explain: • Challenges in establishing a business-outcome-focused and strategically- sponsored IAM program • Identifying and engaging business-oriented advocates with the IAM program • Developing IAM as a business enabler at the University of Auckland

Fraudulent transactions result in lost revenue and can expose an organization to legal fines and regulatory non-compliance. In this landscape managing customer registration and enrollment rates against fraud risk requires intelligent verification tools which are adaptive to business needs. This case study covers the business case for developing an identity proofing function in your IAM stack and the best practices to develop a modern identity proofing capability.

API gateways play a key role in protecting APIs. They mediate identity and access management and provide basic features to reduce risk. This session discusses features to look for and select vendors to consider when choosing API gateways to protect microservices.

Multifactor authentication (MFA) is now mainstream, and many organizations are looking for secure, user-friendly and easy-to-integrate implementation options. A new crop of cloud-based MFA services provides support for common authentication use cases, both within the enterprise and in hybrid access scenarios. In this session, we will discuss cloud-based MFA that can balance trust, user experience and cost.

IoT devices generate a huge amount of data, which may include sensitive personal data. As regulations and awareness of privacy increase, security leaders require a consistent approach with data security and privacy. What are the concerns with IoT security? What are the legal implications of regional privacy laws such as GDPR? What approaches should be considered when embarking on IoT initiatives?

Over the past ten years, phone-as-a-token authentication methods have become the authentication method of choice for many enterprises. In this AUR, delegates can discuss their experience with these methods and the bright spots and the pitfalls of this approach.

Identity cannot be absolutely proven - merely corroborated to fall within transactional risk tolerance. Security and risk management leaders must discard flawed legacy methods and embrace analytics that evaluate multiple positive and negative signals. In this presentation, we will address the following key issues: - Knowledge based authentication is dead, thanks to rampant data compromise and oversharing on social media. - High friction during enrollment leads to abandonment and does not reduce risk. - The convergence between identity proofing and online fraud continues, with the online fraud engine acting as a risk arbitrator not only in authentication but in enrollment.

Enterprises have had a wake-up call over the last few years as their data assets have been increasingly plundered, with increasing financial liabilities. Users need access to data to do their jobs, but not all data. Data-centric audit and protection tools must be applied to detect potential malicious activity before it results in a breach.

There is a proliferation of privileged accounts, identities, and secrets in DevOps environments. This is not limited to Developers and IT administrators, but also machine identities. In a DevOps environment, privileged account credentials and secrets are hardcoded in executable files and scattered across machines and applications making them difficult to managed and track. In this session, we will explore best practices and technological approaches for managing privileged and machine identities in a DevOps environment.

Consultants and system integrators are essential contributors to the success of an IAM program. IAM leaders should follow the guidance in this session to successfully engage with professional services firms.