IT is changing. Its role in the new ABC – the Agile Business, Connected – is even more that of a supplier to business demand than ever before. On the other hand, with Cloud services, IT has to change its role, from a mix of management and production towards splitting up management and governance tasks on the one hand and “production” tasks on the other. Corporate IT also has to become even better in at Risk Management and increase its alignment with Corporate Risk and Governance processes. There are many challenges traditional, siloed IT organizations are facing. This track provides insight into what to do to best to move your IT organization in general and your Information Security and IAM/IAG organizations in particular to the next level. It’s all about Hhow to get ready for the future of these agile, connected businesses.
Continuing Education Credits
Advance Preparation: None
Learning Level: Intermediate
Field: Computer Science
After attending this block of sessions you will be able to:
- Describe the risks of using Social Logins to access corporate data.
- Explain the options for securely enabling social and mobile logins in existing on premise IAM infrastructures and for adding Cloud-based services.
- Explain how enterprises need to ensure the security of corporate data as more employees use on mobile devices to access corporate data on the go.
- Explain how detective approach to access governance and the help of distributed control mechanisms can help enterprises to stay in control.
- Describe best practices and strategies to ensure global security and workforce enablement by leveraging enterprise mobility management (EMM) across the enterprise.
This block qualifies for up to 3 Group Learning based CPEs depending on the number of sessions you attend.
Strategic IT Planning: Foundations, Controls, Processes
The worst thing that can be done in IT is investing in “panic mode”. That typically happens when Information Security incidents happen. The second worst thing is having investments driven by specialists that are focused on a particular problem or system. That happens without well thought-out IT planning. The third worst thing is investing in the wrong technology because the business problem wasn’t understood. In this session, Prof. Dr. Sachar Paulus will share his knowledge on how to set up a strategic IT planning model in your IT organization. He will talk about foundations, controls, and processes for Strategic IT Planning.
Bridging the Gap between Business and IT: How to Translate IT Wording into Business Language
This panel is about discussing how to translate business wording such as technical resource names – “EX12FIN” – into business language: “Expense System for non-managers”. Many IAM/IAG projects struggle with doing that translation. The panelists will discuss
- the need for mapping IT wording and business language
- where to do it
- who has to do it
- how to do it efficiently
Bridging that gap means setting up an IAM/IAG organization that spans business and IT people. Thus, we expect the discussion not only being about the translation between business and IT, but talking about the organizational structure and prerequisites on both sides for this key success factor of any IAM/IAG project.
Identity Governance in Merge/Split Processes
In the financial sector, like in many other industries, change has become the new normal, with mergers and splits as a regular concern not only for modern banks. Successfully managing a merging or splitting project involves not only technology and processes, but also people and governance.
A well planned and properly managed identity governance plan could drive those changes in a cost and time effective project where technology supports decisions and gives dynamism. Merging and splitting challenges involve more than provisioning, role management and workflows; it requires business support aligning the project scope with corporate objectives while keeping efficiency,compliance and operations.
The IAM/IAG Organization that will Make your Project Succeed
How does the IAM/IAG organization look like that will make your project succeed? Do you need to split governance and execution? What about the business-facing layer of Access Governance and the technology-facing layer of Identity Provisioning – to you need to split your organization here as well? What about the management of users and access at the system level? How to handle this, how to integrate the Active Directory administrators and the SAP security professionals? Is IAM something that needs to be handled apart from the rest of Information or IT (Technology) Security?
Having the right organization in place is key to success. Defining responsibilities and accountabilities for guidelines, processes, and technology right will help you in succeeding. Having clear interfaces between various layers and to the business is as important as having a well-defined interface to IT Governance and Corporate Governance.
In this session, Martin Kuppinger will explain his view on the ideal IAM/IAG organization, based on his experience from a vast number of advisory projects and customer feedback.
Identity Management as Strategic Driver – A Bank�s Journey to the Cloud
Being one of the largest Google Apps customer and having integrated IT Risk, Fraud & Security in a single department has provided a new vision of how to leverage our experience to design and deploy new security services.
Security not only enable new digital services but propose and promote new solutions to the business.
Our view and experience in Inside and outside federation, Level of Assurance Authentication and related Authorization States, efficient Authentication of RESTful calls, tokenization, mobile security authorization app, risk based authentication, research on new detection algorithms applied to fraud and authentication risk.
2020 Vision – IAM for the Next Decade
As attacks become more difficult to detect and defend against, it is clear that no organization is immune from security breaches, and the threats will only continue to grow. In response, we anticipate a fundamental shift around identity and access management (IAM) as enterprises cope with increased regulatory compliance requirements, insider and external threats, cloud/SaaS integration, and other trends. We also see cloud and mobility changing the way organizations implement user protection, with threat-aware Identity and Access Management becoming the key line of defense of the organization´s multiple perimeters.
In this session, Ravi Srinivasan, Director, IBM Security Strategy and Product Management, and Martin Kuppinger will discuss these emerging security trends and approaches you should consider to improve your IAM security posture for the next decade.