WIXLIB

AGENDA AT A GLANCEMONDAY 11 MARCH07:30 – 20:00Registration, Information and Refreshments08:00 – 08:45Tutorial: IAM Myths and MonstersRay WagnerTutorial: Moving From Security Silos toEnterprise Security IntelligenceJoe Feiman09:00 – 10:00 Summit Opening and Welcome Presentation: The Socialization of Identity Ant Allan10:00 – 10:30Panel Discussion:10:30 – 11:00Refreshment Break in Solution ShowcaseAPlan, Manage and GovernYour IAM ProgramBTake a Pragmatic Approachto IAM TechnologiesGet to Grips with theNexus of Forces11:00 – 12:00Best Practices for IAM Program Managementand GovernanceAnt Allan12:00 – 13:15Lunch in the Solution Showcase13:15 – 14:15Ways to Achieve More With Less in Your IAMProgramRay WagnerFighting Threats with Layered Security andImproved Identity ProofingAvivah Litan14:30 – 15:00Solution Provider SessionSolution Provider Session15:15 – 15:45To-the-Point: Job Security in Cloud Era:Will Jobs Stay or Vaporize?Joe FeimanTo-the-Point: OTP Hardware Tokens:Going, Going Not Quite GoneAnt AllanTechnical Insights: To-the-Point:Privileged Account Management: GainingRelevance in the Age of VirtualizationIan Glazer15:45 – 16:15Refreshment Break in the Solution ShowcaseHow to Attack on Online ServicePete Armstrong Tech Director IdentityAssurance, CESG“Whose Account is it Anyway?”Mark Stirland, Head of Information Security,LVA Crisis of Identity: Technical Truths and Trialson the Journey to Data-centric SecurityAndrew Yeomans, Board of Management, JerichoForum; Group Security, Commerzbank AG17:15 – 18:15 Guest Keynote:16:15 – 17:0018:15 – 20:00Get the Plumbing Right! Directories for Internaland Cloud ServicesAndrew WallsCIAM At the Nexus of Cloud, Mobile, and SocialGregg Kreizman12:15 – 12:30 MQ1Technical Insights: A Magic 8 Ball in the Sky:Federated, Distributed, and Cloud ExternalizedAuthorizationIan GlazerSolution Provider SessionNetworking Reception in the Solution ShowcaseTUESDAY 12 MARCH07:30 – 17:15Registration, Information and Refreshments08:00 – 09:00Lessons Learnt (and Fingers Burnt) in IT RiskManagement PracticeTom ScholtzGetting to SSOGregg KreizmanTechnical Insights:Making It Work: Identity and MobilityTrent Henry09:15 – 09:45Solution Provider SessionSolution Provider SessionSolution Provider Session10:00 – 11:00Selling IAM to the BusinessRay Wagner, Earl PerkinsTechnical Insights: User Provisioningand Identity and Access GovernanceFundamentalsIan GlazerGood Authentication Choices for Smartphonesand TabletsJohn Girard, Eric Ahlm11:00 – 11:30Refreshment Break in the Solution Showcase11:30 – 12:15End-User Case StudyLuc SAUVAIN, Information Security / AccessRights Team, PictetIdentity Intelligence & BiometricsJulian Ashbourn, Biometrics Expert andBusiness Analyst, British Airways12:30 – 13:00Solution Provider SessionSocial Media and IAMBarbara Mandl, Global Daimler ITOrganization: CoC Identity and AccessManagementSolution Provider Session13:00 – 14:00Lunch in the Solution Showcase14:00 – 15:00Developing a Strategic Vision for UserAuthenticationAnt AllanConsulting and System Integration (C&SI) andManaged/Hosted ServicesEarl PerkinsIdentity Intelligence or Employee Surveillance?Andrew Walls15:00 – 15:30Refreshment Break in the Solution Showcase15:30 – 16:15Guest Keynote: Why it is Now Time for Legitimate Businesses to Learn from Transnational Organized Criminals Jeffrey Robinson, Inter17:00 – 17:15Gartner Closing Keynote: Maverick: Kill Off Security Controls to Reduce Risk17:156Solution Provider SessionTom ScholtzSummit closeGartner Identity & Access Management Summit 2013

Agenda correct as of 19 November 2012Gartner for Technical Professionals SessionAt the Summit, please refer to the agenda in the event guideprovided, for the most up to date session and location information10:35 – 10:55D“60 Sec or Bust” Summit Solution Snap ShotInteractiveWorkshopsRoundtables11:00 – 12:30Workshop: How an IAM RFPCan Help You Choose the BestSolution for your BusinessEarl Perkins, Eric Ahlm13:00 – 13:15 MQ211:15 – 12:15IAM and Security for FinancialServicesAvivah Litan, Ray WagnerEnabling Mobility Securely By ProtectingMobile Applications On Smart Phones andTabletsJohn Girard, Dionisio ZumerleSolution Provider Session13:15 – 14:45Workshop: The Gartner ITScoreMaturity Model for IAMEarl Perkins, Gregg Kreizman13:30 – 14:30Social Networks, Identity andSecurityAndrew Walls, Ant AllanTo-the-Point: Dealing with APTs — a BestPractice Review of Coping with AdvancedPersistent ThreatsEric Ahlm15:30 – 17:00Workshop: Reporting to theBoardTom Scholtz15:30 – 16:30Directory Strategy (andConsolidation) DirectoryMigration StrategiesAndrew WallsComplement IAM withSecurity & Risk ManagementDealing with Advanced Threats andTargeted AttacksMark NicolettAGENDA GUIDANCETo help you navigate thesummit agenda, we’veidentified track sessionsthat match your experiencelevel and information needs.Specific categories include:MATURITY LEVELFoundational: If you areat the early stages of yourinitiative, or are a newcomerto this space, these sessionswill give you the necessaryunderstanding and first steps.Advanced: If you are anadvanced practitioner, thesesessions are designed to takeyour initiative, or understanding,to the next level.FOCUSTactical: Sessions providingtactical information that canbe used straight away, with afocus on “how to”, dos anddon’ts, and best practices.Bring Your Own 4G: How Secure Are theMobile and Wireless Networks You Use forBusiness?Dionisio ZumerleSolution Provider Session08:00 – 09:30Workshop: Developing Identityand Access ManagementProcesses and ControlsAnt Allan, Earl Perkins08:00 – 09:00Monitoring and Fraud DetectionAvivah Litan, Mark NicolettUser Activity Monitoring for Early BreachDetectionMark Nicolett09:45 – 11:15Workshop: ProtectingApplications and Data beyondIAM: Technologies and ProcessesJoe Feiman, Dionisio Zumerle10:00 – 11:00Things You Always Wanted toKnow About Authentication butWere Afraid to AskAnt Allan, Trent Henry,Avivah LitanPerforming IAM is Only OnePrerequisite StepJules JEROME, Head of Inspection,Banque Internationale à LuxembourgSolution Provider Session11:30 – 13:00Workshop: IAM Intelligence — Howto Break Down the Myth AboutIdentity and Access IntelligenceDavid Lello11:30 – 12:30Identity and MobilityTrent Henry, John Girard,Dionisio ZumerleTechnical Insights: Identity and SecurityConsiderations for MobilityTrent Henry13:30 – 15:00TBC14:00 – 15:00Getting Access: SSO, Federationand Authorization ManagementGregg Kreizman, Ian Glazernational author and an expert on Organised Crime, Fraud, Identity Theft and Money LaunderingVisit gartner.com/eu/iam or call 44 20 8879 2430Strategic: Sessions focusingon the strategic insightsupporting the developmentand implementation of youraction plan.Visionary: Sessionsfocusing on emerging trends,concepts, or technologies thatwill help you with your futureplanning and decisions.PERSPECTIVEBusiness: Sessions gearedtoward business leaders, orIT professionals who need tounderstand the challengesand opportunities from abusiness, organizational, orcultural perspective.Technology: Sessions thataddress technical concepts,details, and analysis.7

TRACK A: Plan, Manage and Govern Your IAM ProgramBest Practices for IAM ProgramManagement and GovernanceIAM initiatives need good programmanagement and sound governance,but existing information securityprograms and governance frameworksmay be incomplete. This session setsout Gartner’s recommendations for IAMprogram management and governance,which typically build on and extendinformation security best practices inways that address the more intimaterelationship that IAM has with thebusiness. How best can you establish anongoing IAM program? What constitutes sound formalgovernance processes and functionsfor IAM? How can you ensure that the PMOand governance forums are made upof the right people?Ways to Achieve More With Less inYour IAM ProgramIn times of economic stress anduncertainty, organizations are beingforced to be creative in delivering muchneeded solutions. IAM is no different.This session presents ideas on how tostretch your IAM euro to make the bestimpact possible with what you have. How can I be creative with IAM andrelated technologies? What have other companies done? How can I avoid making the situationworse?Ray WagnerTo-the-Point: Job Security in CloudEra: Will Jobs Stay or Vaporize?Cloud is a transformational phenomenonthat changes our businesses and ourIT organizations. Will cloud transform ITworkforce? Will it threaten people’s jobsecurity? How cloud impacts IT jobs, securityjobs specifically? Are all security markets (andrespective jobs) created equally cloudenabled? Which jobs will fail, survive, or prosperin the cloud era? What shall individuals do to keep, orevolve, or change their jobs in thecloud era?Joe FeimanAnt AllanLessons Learnt (and Fingers Burnt)in IT Risk Management PracticeRisk management is more art thanscience. The best way to learn riskmanagement is to practice it. And therisk management approach must suitthe culture of the organization. ThisTown Hall session will allow delegatesto share experiences, pitfalls and bestpractices. What are the challenges and realitiesinherent in finding the productivity/protection sweet spot? What are the risk managementand assessment approaches andexperiences amongst Gartner’sclients? How to identify and avoid thecommon pitfalls?Selling IAM to the BusinessOne of the most elusive deliverablesin IAM is the business justification forbuilding IAM. How can IT create acoherent and believable story aboutwhy IAM is needed in the enterprisein language that the business canunderstand and accept? This is aninteractive Q&A session. Is it possible to develop a returnon-investment statement for an IAMprogram? Who do I need to sell IAM to withinthe enterprise to increase chances offunding success? What should an IAM businessjustification have to be successful?Developing a Strategic Vision forUser AuthenticationThe increased range and variety ofauthentication methods and platformsnow available means that there thatthere is likely a “best fit” authenticationsolution for every enterprise use case.But it is difficult for IAM and informationsecurity leaders to find that solutionamong the myriad options. What are the characteristics of a goodauthentication method? How do different use cases influenceand constrain enterprises’ choices? How can enterprises architect asound authentication solution?Ant AllanRay Wagner, Earl PerkinsTom ScholtzFoundationalAlumni8AdvancedIAM yGartner for Technical ProfessionalsGartner Identity & Access Management Summit 2013

TRACK B: Take a Pragmatic Approach to IAM TechnologiesGet the Plumbing Right! Directoriesfor Internal and Cloud ServicesBuildings and identity managementdon’t work well if the plumbing is notdesigned, deployed and maintained.Behind every shiny, new IAM program isa wilderness of directories, databases,synchronization events and trustrelationships. If you don’t sort out theplumbing your IAM system is doomedto failure. This presentation will dive intothe plumbing and identify what worksand what doesn’t work when it comesto directories, whether they are at homeor in the cloud. Why should we worry about theplumbing? How do I fix the plumbing withoutrenovating the entire building? How can I future proof my plumbing?Andrew WallsFighting Threats with LayeredSecurity and Improved IdentityProofingThis session will look at internal andexternal threats against the enterpriseand will delve into the layered security,fraud prevention and identity proofingapproaches needed to mitigate thesethreats. What are the current and future attackvectors threatening the enterprise? What are the best practices forlayered fraud prevention and identityproofing to protect account takeoverand new account fraud? How do theyfit into existing IAM processes? What type of layered security servicesare needed to stop external threats,such as phishing and malware basedattacks, against employees andexternal usersTo-the-Point: OTP Hardware Tokens:Going, Going Not Quite GoneOTP hardware tokens have been astaple user authentication method formore than 25 years, but are increasinglylosing out to alternative methods in newand refreshed implementations. Thissession explores this trend and asksif the demise of hardware tokens isinevitable or not. Where are they used and what are theproblems? What are viable alternativeauthentication methods? Will OTP hardware tokens make acomeback?Ant AllanAvivah LitanGetting to SSOThe quest for single sign-on is the resultof disparate identity silos, increasedpassword related support costs, anduser frustration. This session helpsattendees make decisions regardingstrategies and tools to achieve SSO. What are the forces driving enterprisesto require SSO? How should organizations plan for andchoose SSO approaches and tools? What are the market solutions, andwhich vendors and open sourcesolutions can support different SSOneeds?Gregg KreizmanTechnical Insights: User Provisioningand Identity and Access GovernanceFundamentalsUser provisioning and identity accessgovernance (IAG) technologies form thefoundation of an identity managementsolution. In this session Gartner willprovide a component descriptionand architectural overview of thesetechnologies. Gartner will also offerdeployment considerations, insights,and best practices based on years ofcustomer experience.In this session participants will: Develop a basic understanding ofprovisioning and IAG technologies Gain insights into the integration touchpoints between provisioning and IAG Identify best practices for deployingthese servicesConsulting and System Integration(C&SI) and Managed/HostedServicesThe services market to aid IAMdeployments is growing and expanding.Maturity of IAM products and servicescontinues to make implementationseasier, but complexity and complianceconcerns continue to demand help inmaking IAM systems truly effective.IDaaS and outsourcing are also growthmarkets. What is the current state of IAM C&SIand managed/hosted service marketstoday? What are best practices in choosingthese services? What is the future of IAM C&SI andmanaged/hosted services?Earl PerkinsIan GlazerVisit gartner.com/eu/iam or call 44 20 8879 24309

TRACK C: Get to Grips with the Nexus of ForcesIAM At the Nexus of Cloud, Mobile,and SocialEnterprises must manage identity inan increasingly hybrid world in whichlegacy on-premises IAM infrastructuresare extended or replaced to supportSaaS and mobile endpoints. Identitiesestablished on social media platformsare also being leveraged for enterprisesystem access. What issues must be addressed whenapplications are moved to the cloud,when endpoints are mobile, and socialidentities are to be leveraged? What are the traditional and emergingmethods for resolving theseproblems? What are the current and emergingstandards that support IAM, thecloud, mobility and social?Technical Insights: A Magic 8 Ball inthe Sky: Federated, Distributed, andCloud Externalized AuthorizationExternalized authorization has grantedenterprise applications rich decisionmaking ability and ways of controllingwho can do what with what kind ofdata. Although, identity managementservices have begun their inevitablemigration to the cloud, authorization haslagged its peers. To what extent is externalizedauthorization becoming mainstream? What are the deployment patterns forexternalized authorization with respectto cloud services? What are the challenges of federatedauthorization?Technical Insights: To-the-Point:Privileged Account Management:Gaining Relevance in the Age ofVirtualizationPrivileged accounts remain a significantthreat to the enterprise because theycan result in denial of service attacks,unauthorized transactions, and databreaches. This session will explore therisks of these accounts and recommendsapproaches to keep your organizationout of compliance “hot water”. What threats do privileged accountspose? How can/should organizations controlvarious types of privileged accounts? How can organizations keep auditorshappy?Ian GlazerIan GlazerGood Authentication Choices forSmartphones and TabletsThe price and complexity of traditionalauthentication methods for remoteaccess is more than just unpopularwith users of smartphones and tablets;in many cases the platforms simplydo not support robust methodologies.This presentation shows a path forwardfor making strategic decisions aboutmobile authentication and answersthe question “who benefits from goodauthentication?”. What security and privacy criteriaare most urgently at risk in mobilecomputing? Case Studies: What will goodauthentication method for smartphonesand tablets look like in 2017? Which vendors and technologies willprovide the best future for mobileidentity management?Identity Intelligence or EmployeeSurveillance?Expansion of identity into cloud platformsprovides enterprises with unparalleledopportunities to develop a morecomplete understanding of the servicestheir users access, where they are whenthey access a service, and how they usethose services. In other words, IAM givesus new abilities to spy on our users. Thispresentation will take a candid look at thepromises and perils of identity intelligencewith an aim to keeping you out of jail. What is identity intelligence and howdoes it relate to user monitoring andsurveillance? How can you derive benefits fromidentity intelligence without creatingmore risks for yourself and yourenterprise? Should I be worried? How can youuse identity intelligence and preventmalicious outsiders from gaining identityintelligence about your employees?Gregg KreizmanTechnical Insights: Making It Work:Identity and MobilityIntegrating mobile devices into theexisting IT fabric — particularly IAM — ischallenging, due to product maturityand increased complexity. Join us toexplore the authorization, credentialing,and authentication interactions amongmobile devices, IAM components, andmobile device management. What authentication methods are bestsuited to mobile computing? How can mobile computing bestintegrate with directory services? What opportunities will NFC (NearField Communication) provide?Trent HenryJohn Girard, Eric AhlmAndrew Walls10Gartner Identity & Access Management Summit 2013

TRACK D: Complement IAM with Security and Risk ManagementDealing with Advanced Threats andTargeted AttacksToday’s attacks are stealthy andtargeted to steal critical data orcompromise specific accounts.Organizations need to present ahard target to an attacker, implementshielding to protect systems andapplications and get better at threat andbreech detection What are the security risks andchallenges associated with advancedthreats, consumerization, andmobility? How can IT security organizations findand fix vulnerabilities before they areexploited and also detect targetedattacks and breeches? How can IT security organizationsprotect applications and data fromadvanced threats while meetingbusiness data access requirements?Enabling Mobility Securely ByProtecting Mobile Applications OnSmart Phones and TabletsOrganizations are implementing waysto protect mobile devices. Enablingapplications on corporate or employeeowned devices remains, nevertheless, amajor mobile security issue.The presentation will talk about themajor trends in mobile applicationsecurity. What are the major risks andchallenges concerning the use ofmobile applications? How will mobile identity be usedto determine access rights toapplications and data? How can corporate applicationsresiding on mobile devices beprotected and enabled?Dealing with APTs – a Best PracticeReview of Coping with AdvancedPersistent ThreatsAPTs can affect organizations of anysize. Hackers use social media andother readily available information aboutindividuals in order to make their oneoff attacks successful. Handling APTsin your organization requires more thanthe addition of new controls, it requires afocus on security and threat detection tobe added to the overall security program.This session will discuss the differentapproaches organizations are taking tohandle APTs and advice from Gartner onthe best practices in policy, operationsand technology selection to stop APTsfrom affecting your organization.Eric AhlmJohn Girard, Dionisio ZumerleMark NicolettBring Your Own 4G: How SecureAre the Mobile and WirelessNetworks Yo

2 Gartner Identity & Access Management Summit 2013 The Nexus of Forces - mobile, cloud, information and social - brings new challenges and new opportunities for IAM. CISOs and IAM leaders . Workshop: How an IAM RFP Can Help You Choose the Best Solution for your Business Earl Perkins, Eric Ahlm 11:15 - 12:15 IAM and Security for .