Implementing IAM/IAG (Identity and Access Management/Governance) in large corporations imposes some challenges that smaller companies do not have. More complex, geographically dispersed IT infrastructures are one of these challenges. More complex IT organizations in complex organizations of corporates are another. Also, while M&A (Merger & Acquisition) is, if at all, a single incident in smaller organizations, it is regular business in large corporations. Thus, thinking about IAM and IAG with focus on single products is not adequate for large organizations. IAM in large corporations is about services first, not about a tool-centric view. This roundtable will discuss experiences, challenges, and solutions of successfully setting up IAM in large corporations.
The Risk and Governance View
Which are the relevant regulations and controls to look at for IAM? Is it CoBIT, is it ISO 27001? Or are there others? Which role do industry-specific regulations such as in the Finance Industry or in Utilities play? In this part of the workshop, the participants will look what to consider when it comes to risk and governance, how to identify information and access risks, and how to successfully set up a Governance framework.
The Legal View
What are the legal requirements for large organizations when it comes to IAM/IAG? Obviously, there are many different laws and regulations in place. In this part of the workshop, Dr. Karsten Kinast will provide an overview about relevant regulations and discuss these with the participants. This is the introductory part, providing the foundation for the subsequent parts of this workshop.
Growing Complexity and Business Relevance of Centralized IAM Platforms � A Balancing Act
Centralized IAM platforms are in continuous change. New requirements and technologies as well as scope enhancements lead to a permanent increase in complexity. Due to deep integration of IAM-Services in many business processes the business criticality of IAM-Platforms increases significantly. This evolution and the resulting challenges will be illustrated using the example of Daimler centralized IAM platform.
The Consumer Adoption & Information Security View
Finally, there is the information-centric view within IAM/IAG. Aside of services that allow managing users and their access, information must be managed and protected. This final part of the workshop will have a closer look at how to set up Secure Information Sharing as a service within the IAM strategy of large organizations.