Automotive

Although, Identity and Access Management (IAM) is the security backbone of an organization, it is often seen as a mere technical implementation. The four P’s comprise people, process, product and partner and are a main concept within IT service management. In this session the four P’s of IAM are applied to the context of extended enterprise. An extended enterprise is a network of firms which cover supply chains but also loosely coupled collaborations as for example arise in the context of cloud services. In such organizational forms IAM becomes rather a service building block than a technical solution. So the impacts of extended enterprises to IAM are illustrated using the 4 P-Concept.

The most pressing demand from business to the IAM departments today is about the “extended enterprise”. Business wants new services. They want to access services and systems of business partners. They want to onboard external partners. They want to use cloud services. All this has to be done quickly but still in a secure way. This session will explain how to move forward when it comes to supporting the enterprise and to deal with all types of third parties in a consistent way. It will show how a standardized infrastructure could look like. It will discuss what you need as a conceptual foundation, which steps to go next, and what a potential end-state could look like. It will talk about maturity levels for a standard infrastructure which allows to extend IAM/IAG beyond the core enterprise.

This is a real life case study about how CSS implemented the security for a customer and sales portal using a Federated Identity Provider, 2 factor SSO with SAML, and attribute based access control on the SOA mediator between portal and backend using XACML.

CSS has a well established SOA backend with Role Based Access Control: Employees are assigned to one or more roles, based upon which access to varying levels of customer data is granted. However, when opening up such an IT system to customers via an online portal, access control becomes a more delicate issue. If customers are to gain access to only their and their dependent family�s data, a new layer of security is required to protect sensitive data in the backend.

You�ll gain insight in to some of the implementation issues we had along the way and how we overcame them.

For organizations that deal with sensitive information on a daily basis, and work with people and organizations located around the world, preventing information leaks is a top priority. There are many ways that sensitive data can leak from organizations, however the insider threat remains the hardest to quantify and resolve.

G4S discovered that before they could improve their data loss prevention efforts and effectively protect sensitive information, they needed to be able to answer other significant questions about the data itself, including:

• What data needs to be protected?
• Who can best identify the sensitivity of the data?
• Where is our most important data residing?
• Where is our data going? Should our data be going there?

In this session, Boris Goncharov, CISO and CTO with G4S Bulgaria and TITUS Chief Technology Officer Stephane Charbonneau will discuss specific ways in which organizations can improve their DLP practices in order to help prevent both accidental and malicious losses of sensitive information.

IAM has to change. It has to support more and other users than ever. It has to support internal and external (Cloud) services. It has to support logins from social networks and the transition of these users to “regular” users once they become real customers. It has to support the move from traditional, system-centric and static approaches of identity and access management to flexible, distributed, and dynamic approaches.

However, instead of following a recent proposal made in public by a renowned Identity Expert, it is not about killing your IAM. It is about “embrace and extend”, it is about leveraging your investments and moving forward towards an IAM that supports both your traditional on-premise infrastructure and the new IT ecosystem. It is about a sustainable approach of moving forward to a future-proof IAM for both traditional and cloud-based IT ecosystems.

Martin Kuppinger will outline the major challenges and changes in this session and he will show how the Future IAM could and should look like. He also will propose steps for moving forward from your existing environment towards the future IAM, without killing what you have and without ignoring the need to support all your “legacy” IT systems and underlying infrastructure.

There are many ways to extend your existing IAM to the Cloud: Migrate to a cloud-based deployment model. Support simple sign-on to cloud services and provisioning of users for these services based on your existing on-premise environment. Complement the solution with new tools and features for the cloud. Add cloud-based strong authentication. And many more… But clearly there is neither the holy grail of cloud support for IAM nor the one and only approach of deploying IAM. In this panel, industry experts and vendors will discuss different options for supporting the cloud and the new challenges from mobile and social computing with IAM solutions. They will talk about different models for doing that, giving and overview and rating of the multitude of options available today.

Identity & Access Management has become a lot more than just single sign-on. There are real threats which effective IAM can solve. For example access certification can bring you in line with regulations while removing attack vectors. Controlling privileged account access can reduce insider threats and take the sting out of APTs that rely on sloppy admin access. And simply giving the business visibility into who has access to what at the right time can empower the business to control the security of its own data and systems.

Third party identity providers such as Facebook and Twitter make it easy to perform "Social Login", enabling users to log into third-party services using a Facebook ID or a Twitter ID. This is convenient for consumers, but it is a potential problem for businesses whose employees may now log into business services using third-party IDs, rather than using a corporate ID. This results in an "identity leak for the organization, where Cloud services begin to manage your employees identity. A possible solution to this problem could be that your company itself becomes an Identity Provider, allowing employees to use their enterprise login as a springboard to log into third-party business services. In this way, the business keeps control of identity, and allows for a more holistic identity management solution for Cloud services.

Big players like salesforce.com entering the market: Will this redefine the way we do IAM and solve our challenges in the days of Cloud Computing, Mobile Computing, and Social Computing?

Two identity behemoths—Microsoft and Salesforce—bucked the trend of cornering your identity in a silo and announced general purpose Identity Metasystems. Microsoft with its Azure Active Directory and Salesforce with its Salesforce Identity. Sounds too good to be true? This webinar brings Identity sage Craig Burton together with the architects of the two said Metasystems to explore just what each is planning. Kim Cameron and Chuck Mortimore will walk us through the Metasystem maze. Dope or Dupe? Either way, things are going to get interesting.

This roundtable will cover the experience of implementing PKI at Daimler AG. It will cover the motivation for embarking on the project including the business drivers. It will describe the challenges, both business and technical, that were encountered in realizing this highly complex piece of technical infrastructure. It will highlight the lessons that were learned by Daimler AG that could be useful to other automotive organizations attempting a similar project.

After attending this Roundtable you will be able to:

• Describe the business and technical reasons why PKI was implemented at Daimler AG.
• Describe the business and technical challenges that were met during this project and how they were solved.
• Describe the lessons that were learned during the project.

This Roundtable block qualifies for up to 2 Group Learning based CPEs depending on the number of sessions you attend.

1. Authentication: do we need single sign-on for vehicles, vehicle identifiers (like MAC addresses)? What authorisation schemes are used in cars? Even engine control systems seem to be fairly open so that different engineers can work on them, does this need to change as more electronic gadgetry is introduced to vehicles?
2. Communication: the main issue within cars seems to be that there are multiple networks meeting in a single interface. Are these recognised by the manufacturers? Are they kept separate, air-gapped? What about the driver, can they cause vulnerabilities in the communication stream? Are the communication streams really sensitive enough that a hacker could take control of the vehicle?
3. Data Encryption: What data do we have in our cars that could be sensitive to attack? Is this data prone to leaking?

• Use Cases & Approaches
• Benefits for users and service providers
• Security Analysis & Privacy Impact
• Solutions and R&D Roadmap
• Recommendations

In this session, we will try to complement the goals of the Life Management concept with some thoughts on the structure of the corresponding communication ecosystem.

The concept of "Life Management" was introduced by Martin Kuppinger defines the set of long-term goals for the current and ongoing development of numerous identification, authentication, and personal information protection systems. This concept places many new features, facilities, and situations under consideration.

The existing problems of authentication and privacy protection cannot be effectively solved without a clear definition of the overall architecture of the communications system for which these functions are intended. On the other hand, given the correlated architectural principles, a simple, unambiguous, and reliable solution can be found for these problems.

First and foremost, it is imperative to define the system’s purpose. We view it as a whole electronic communications ecosystem, which covers both the participants of electronic interaction and all the different kinds of communication problems, including the most complex and important ones. The need to solve problems of any complexity and importance gives rise to the requirement that communications be legally significant.

There are two component parts to any interaction between subscribers: information exchange and functional interaction, the subscribers’ joint implementation of a one-step or multistep procedure (sequence of actions). This means that a second step must be taken: add functional features to the resident information model that can perform the interactive procedures specified by the subscriber and his communication counterparties.

The resulting personal and procedural information model can be referred to as the subscriber’s electronic model, his electronic twin or personal communication robot and his resident representative in the communication space. From here on in we will use the term e-resident. In this case the subscriber can be viewed as the model prototype and the owner of the communication robot, the principal proxy of his e-resident. All other communication participants should have similar models.

By creating a communication network of e-residents, we are actually creating a complete meta-model of a community involved in electronic communications. This model will transfer all of the major communication processes into the electronic space. We will call this a "MetaSociety".

The MetaSociety model will allow us to structuralize the tools accumulated to date and integrate them into the system, as well as to solve the problems posed by the Life Management concept and prepare for the transition to the next level: Society Management.

When looking at the challenges the IT departments of organizations are faced with today, then the Computing Troika (Cloud Computing, Mobile Computing, Social Computing) and the related “Identity Explosion”, the need to deal with far more identities than ever before, are high on that list. Dealing with identities and their access is becoming increasingly complex in modern environments. On the other hand, Information Security is a major concern not only of IT but the Business, up to the CEO.

So which role can Social Media play therein? What can it catalyze with respect to the need for managing identities and access at an enterprise level, for all types of users including the customers, leads, prospects, and suspects? Will it catalyze a positive reaction or lead to an implosion of Information Security?

The panel will discuss how Social Media affects IAM and Information Security. As of now, it appears that Social Media and Privacy are an oxymoron. But must that remain? Is there a chance to move from Social Media as a risk to Social Media as a value, where employees and external parties can discuss and share information in a way that is compliant and that suits the Information Security needs of the organization? In a way that allows not only to manage information access but that supports IAM in managing all these new, external identities? How should a value-focused, risk-mitigated Social Media approach for an organization look like? What does it require from IAM, is there a benefit for IAM?

The panel will discuss these questions and provide insights in how the future Social Enterprise really can look like.

In this session, two different Life Management prototypes will be shown.

The first one is the combination of a personal data store (based on Windows Azure Graph Storage WAGS), some event-driven logic (Kynetx KRL) and a mobile device and be transformed into a system that is a harbinger of a Life Management Platform. We show the architecture and functionality of the EIC App. Key concepts of this prototype are that the WAGS and KRL components could be any vendors store of logic.

The second one is based on the Dutch Qiy Foundation´s infrastructure.

These are just examples. KuppingerCole advocates freedom of choice to the customer and does not promote vendor lock-in.