Agenda
| Wednesday, 05.05.2010 | ||
| 07:30-10:00 |
Check-in & Registration |
|
| 08:30-09:00 |
The Role as a Role Model Niels von der Hude, Beta Systems Software
In many enterprises, modeling the permissions for a new employee on those of a member of staff whose job description involves similar tasks is still the established practice. Our presentation not only points out the dangers of working in this way, but also describes the procedural method that is to be aimed for, especially with regard to compliance considerations. This method combines the functions involved in the creation of roles (role mining), the use of roles in provisioning, and the authorization of changes by means of workflow components, thus providing a homogeneous whole that describes the entire life cycles of roles. The presentation demonstrates how this procedural model takes the functional view of an employee's role and translates it into concrete technical permissions that are immediately usable in the day-to-day work environment, and whose logic is clear to all concerned. Based on our practical experience in role management projects, we will also present solutions for working with dynamic roles and handling the numerous dependencies that exist between roles. |
|
| 09:00-09:30 |
Extending the Principles of Service-Oriented Security to Cloud Computing John Aisien, Oracle Corporation
Cloud computing adoption is adversely affected by security and privacy concerns. Enterprises are often perplexed by the many challenges of cloud security and how to maintain compliance and governance in this new IT paradigm. This session will outline how to leverage existing identity and access management infrastructure, and how to extend Service-Oriented Security and standards-based interactions to successfully secure assets in the cloud; and will include customer examples. |
|
| 09:30-10:00 |
On Cloud 9 or Lost In (that) Space Prof. Dr. Eberhard von Faber, T-Systems
Cloud Computing has a variety of terrific characteristics. Some are really new. Some other are well known for years and just come in different form or flavour. Best situation to discover and learn from long-term trends, point at today’s critical issues or smoothly direct the discussion back on track. What processes do user organizations need to manage cloud security risks? Do our experts come across with issues which are considered fundamental five years from now? What impact have all-round cloud self-service for enterprise security management and consistency? The cloud scales. Will security and even identities scale, or do we get stuck in identity silos? Those are the type of questions which guide to new insides, point to discussions in other track sessions and maybe induce others. |
|
| 10:00-10:30 |
Coffee Break, Expo Area |
|
|
Linking IdM & GRC to Corporate Performance Moderator: Jörg Asma, KPMG
John Hermans, KPMG
|
|
| 10:30-11:30 |
Integrated Information Security, Risk and Compliance Management at Voith IT Rolf Strehle, Voith AG
Nishant Kaushik, Oracle
Alberto Ocello, Crossideas
Darran Rolls, SailPoint
Peter Weierich, Voelcker Informatik
Gerlinde Zibulski, SAP AG
User provisioning promised to streamline authorization processes and deliver cost benefits to IT departments. By shifting the focus from the authorization processes to access policies, the governance and compliance benefits begin to outweigh the technical benefits. This shift fundamentally changes the ROI calculation for an investment in IAM and the market will shift accordingly. |
|
| 11:30-12:30 |
Access Governance: Tales from the Trenches Drs. Dennis van Ham, KPMG Advisory N.V.
Getting in control with regard to users and their authorizations is probably one of the most mentioned goals of IAM projects in the last couple of years. It sounds good, it feels good and it fits the GRC business speak perfectly. But many IAM projects have been and probably are struggling. Execution requires perseverance and effective change management. Due to budget cuts, project scope changes and seemingly everlasting emerging technologies the desired business ability to prove being in control unfortunately remains a challenge. In his presentation Dennis will share key lessons learned of several Access Governance projects carried out in 2009 and of projects still in flight. Keith Grayson, SAP
When does Identity Risk become material to the business? How do we know when such risks become realized? Where do IT GRC controls appear in a multi-level risk strategy? These are some of the questions that large organizations are starting to ask. We present some answers for debate on this topic. Priska Altorfer, wikima4 AG
Jackson Shaw, Quest Software
Deepak Taneja, Aveksa
Ships that pass in the night, and speak each other in passing, only a signal shown, and a distant voice in the darkness; So on the ocean of life, we pass and speak one another, only a look and a voice, then darkness again and a silence." Is this an accurate description of identity management and GRC projects? Or, are identity management and GRC projects so closely related that there are no identity management projects but just GRC projects? In this session Jackson Shaw will discuss the business and technical drivers of GRC and IAM projects along with who are the “personas” in an organization who are driving these projects all to answer these questions: Is identity management dead? Is GRC the new identity management? |
|
| 12:30-14:00 |
Lunch Break, Expo Area |
|
|
|
Mitigating Risk Moderator: Jörg Asma, KPMG
John Hermans, KPMG
|
|
| 14:00-15:00 |
Implementation of Access Rights Management - Effectiveness Meets Efficiency Dr. Heinz-Dieter Schmelling, WestLB AG
Dr. Schelling will talk about his experiences with the implementation of a User Management Team at WestLB over the past years, focusing access governance and organizational, procedural and technical aspects of operations. He will describe the concept behind this implementation, as well as the approach chosen and lessons learned. Simplifying & Streamlining Access Delivery while Embedding Governance through Preventative Control.Dr. Martin Dehn, KOGIT GmbH
Darran Rolls, SailPoint
Deepak Taneja, Aveksa
|
|
| 15:00-16:00 |
Panel: Reducing the Risk of Information Leaks: DLP, IRM or both? John Aisien, Oracle Corporation
Prof. Dr. Eberhard von Faber, T-Systems
John Hermans, KPMG
Information Protection is at the core of what organizations want and have to achieve with their entire IT Security investments. But currently, it is mainly focused on protecting information in their siloes, like file servers, databases, enterprise applications, and so on. However, the target has to be to protect information at any point of its lifecycle: At rest, in move, in use - regardless of where it rests, moves, or is used. DLP (Data Leakage Prevention) claims to solve this issue but is mainly targeted on stopping data leaks at an increasingly perforated perimeter. IRM is said to be not mature enough yet. What should the solution for information protection look like? Which path should you take in your information security strategy? What role will DLP and IRM play? And is their any chance to provide information protection without a strong IAM foundation? These questions will be discussed by the panelists, to provide you insight on how to move forward in IAM, DLP, and IRM (and perhaps other areas) to better address your information security threats. Cris Merritt, Engiweb Security
|
|
| 16:00-16:30 |
Coffee Break, Expo Area |
|
| 16:30-17:30 |
The Role of IAM for Compliance Intelligence - The Siemens Case Volkhard Lorenz, Siemens IT Solutions and Services
Objectives of the Siemens Compliance Program
Matthias Fischer, BearingPoint GmbH
BearingPoint GmbH faced a big challenge: it had to centralize governance, risk, and compliance (GRC) processes across business units in 14 European countries, each with its own manual approval procedures for user access to SAP software and data. The consulting firm turned to the SAP BusinessObjects Access Control application to standardize and automate compliance-related processes for 3,250 users. BearingPoint has further streamlined its compliance reporting by implementing its "iGRC cockpit" solution. It creates user-friendly reports that are accessed via the BearingPoint Employee Portal. |
|
| 17:30-18:00 |
Identity in the Cloud – Finding Calm in the Storm André Durand, Ping Identity
|
|
| 18:00-18:30 |
Follow the Money: How Cloud Providers' Business Needs Drive Enterprise Identity & Security Dale Olds, Novell
Cloud computing has enabled new business models, and these business models, not cloud computing directly, are driving an upheaval in identity and security needs into the enterprise. A handful of new and old technologies have combined to produce cloud computing, which has enabled a seismic shift in the business models of services and applications. This shift in turn is driving new security and identity needs back to the enterprise. It is imperative that enterprises understand how hosters, MSPs, Iaas/PaaS vendors, and SaaS providers make their money -- and how this works with or against enterprise security needs. In this session we will identify types of cloud-based services, the monetary incentives for the service providers, and the resulting impacts on the enterprise security. We will detail steps enterprises can take to maximize effective identity and security policies in cloud services, as well as what to look for in service providers. We will also look at it from the perspective of the service provider -- how they can maximize their value and the loyalty of their enterprise customers. |
|
| 18:30-19:00 |
An Information Society Perspective on Electronic Identity Management Dr. Dirk van Rooy, European Commission, DG Information Society and Media
With the proliferation of networked electronic communication came daunting capabilities to collect, process, combine and store data, resulting in hitherto unseen transformational pressures on trust, security and privacy as we know it. The burgeoning development of the Information Society, particularly during the past fifteen years, transcended the societal readiness to respond to the transformational change evoked by ICT. The Future Internet will bring about a world that combines physical and digital elements. Technologies for pattern analysis and superpositioning, data linking, mining and collection will unleash unseen capabilities of access to personal data in a wide sense, and provide mechanisms for undesired privacy intrusion. In this context, the creation and management of identity related data and means to control their long-term use have emerged as some of the central challenges of digital life. In order to preserve trust in digital life, the European Commission recognizes that appropriate measures need to combine technology development with legal means, with user awareness and tools that support data controllers to comply with law in an accountable and transparent manner and that empower users with a controlling stake in managing their identity data. Activities are underway at many levels. European RTD programmes play their role in supporting research in trustworthy ICT, electronic identity management technologies, privacy-by-design in service layers as well as in networks, enabling technologies such as cryptography, and in generalized frameworks for trust and privacy-protective identity management. |
|
| 19:00-22:00 |
European Identity Awards Ceremony & Buffet Dinner |
|