Considerations in Selecting an Identity & Access Governance Solution in Financial Institutions
Rosa’s presentation will outline the key considerations in selecting an enterprise IAM/IAG solution with focus an financial institutions. Areas to be covered include
- business requirements,
- roadmap alignment
and much more.
Mastering the Challenge: Making Access Governance a Part of IT GRC and IT GRC a part of Enterprise GRC
Many organizations are facing sort of a “GRC sprawl”. There are many disparate initiatives for GRC (Governance, Risk Management, Compliance) at various levels of the organization and in different divisions. On the other hand, it is all about enforcing governance, meeting regulatory compliance requirements, and managing and mitigating risks. Access Governance, for instance, is about Access Risk. The only reason to do Access Governance is that Access Risks might result in operational risks, reputational risks, and even strategic risks. Failure in managing access risks even might drive an organization out of business.
Thus, moving forward towards a more integrated view on GRC and cooperation and integration between the various levels and elements of GRC – such as Operational Risk Management, Business GRC, Continuous Controls Monitoring, IT GRC, Security Event Monitoring, or Access Governance – is a mandatory step. This is not about having only one team and solution in place, but it is about defining the interfaces between the various elements of GRC, both from an organizational and technical perspective. One approach on GRC, one approach on managing risk, etc.: Alignment is key to success in real Enterprise GRC.
The panelists will talk about their view on the need for such integration, the approaches to make progress on this, and their overall experience in mastering the challenge of moving forward from GRC sprawl to an enterprise-wide GRC concept.
Fighting Hydra – Strategies for Audit and Control of large Numbers of Applications
When setting up an access management and governance solution, large organizations often have to deal with hundreds of applications with different access control models. This creates various challenges on organizational and technical level, like for example: How should audit policies, attestation campaigns and request processes be set up across applications? How can reports and dashboards be tailored effectively? What is the most efficent approach with regards to connector technology?
This session will provide recommendations for setting up a comprehensive IAG/IAM solution for “many applications” scenarios.