This event is history, please check out the List of Upcoming Seminars, or send us an email

Check out our related in-house workshops:

 Learning Objectives

Why do we organize this seminar ?

Identity & Access Management (IAM) has become a very unclear topic in the market these days. Many organizations, many stakeholders, and many suppliers & vendors understand very different things under the term IAM, so it is no wonder that 2 out of 3 IAM-projects fail. This seminar wants to give you a clear overview and understanding of this complex, but for most organizations quite essential solution to security, compliancy and risk management.

This seminar intends to:

• Give you a clear picture of what identity (and access) management can mean for you and what the different components of such an environment are.
• Make you understand which technical advantages and optimizations it can deliver, but also which business cases can justify the necessary (and often significant) budgets.
• Show you how IAM can be used to support your business in the context of B2E, B2C, B2B, G2C, G2G, G2B, ...
• Help you understand how to position identity management as a service within your enterprise architecture and how ERP, CRM and other systems can be integrated with it
• Explain you how IAM can help you to get into control and improve compliance with SOX, Basel II, AEO and others
• Give you an overall view on the actual situation with regards to Governance, Risk and Compliance (GRC).

The newest trend in IAM is called "entitlement management", which goes one step beyond authentication, leading to finer-grained access control. While authentication is about who is allowed on your network or in your application, entitlement management is about who is allowed to do what. Traditionally, such entitlements have been built into each of the applications your enterprise has. The new strategy is to remove access management from the applications, and to run it as a centralised shared service. Entitlement management can be used to strengthen the security of Web services, Web applications, legacy applications, documents and files, and physical security systems. This will lead to tighter, more granular security that is more specific to your set of users and their roles, easier to enforce and change policies, as well as better auditability and compliance.

Who should attend this seminar ?

This seminar wil help you to find your way in the IAM-jungle, to understand the issues to reckon with, and to bring your project/program towards a success. Therefore this seminar should be attended by:

• Business managers needing to understand and ask the correct questions
• B2B/B2C-project-leaders wanting a global picture and understand the issues
• Auditors / Governance wanting/needing to obtain assurance
• IT managers and Architects in search of a reality check

 Full Programme

Identity Management solutions have been around for some time. A lot of fairy tales are being told, but:

• What is the real market status of IAM today ?
• What can you expect from current solutions ?
• What is possible within a reasonable budget ?
• What are the approaches taken on by current and successful IAM-projects ? Here we will treat business drivers like:
• Business Facilitation,
• Cost Containment,
• Operational Efficiency,
• IT Risk Management, and
• Regulatory Compliance.
• What are the different components of an IAM-architecture ?

To build a good Identity Management environment, you need a solid understanding of its fundamentals: identities and entitlements. Here we will explain you:

• What are e-identities ?
• What are roles and group memberships ?
• What are entitlements and profiles ?
• What is the importance of delegations and mandates ?
• What is DAC (Discretionary Access Control), RBAC (Role-Based Access Control), RuBAC (Rule-Based Access Control), EDAC (Enterprise Dynamic Access Control), ... ?

No environment will survive as it does not have a governance model. It should be clear that next to e.g. ITIL-practice some specific IAM-issues need to be considered. It is important to have a clear view of roles & responsibilities and to draft the needed (exception) processes.

Every organization has to be in control and be compliant with its own (security) policy. In most organizations this has become an important topic due to regulations like Basel II, SOX, AEO, etc. But even in generally applicable law there are drivers for IAM to be compliant with. One clear example is the privacy legislation. Also we will make the link here between IAM and GRC (Governance, Risk and Compliance).

When you build an IAM-environment, how will you know it will pass the ever changing requirements of business ? The only way to survive is to have a clear IAM-architecture which answers to your requirements in short term and within available budgets but at the same time which are built for growth. To be able to do that, it is necessary to look at the reference architectures around, to look at the abilities of vendors, to look at the role of ERP- and CRM-packages and to look at upcoming new insights like e.g. federation.

Federation, Liberty, SAML, ADFS (Active Directory Federation Services), WS-Federation, CardSpace, OpenID, etc. Goal of this chapter is to have a look at these increasingly emerging technologies and to look at how these could impact or influence your IAM-strategy.

Knowing that 2 out of 3 IAM-projects fail, what are the projects and approaches which seem to gain sufficient budget within organizations ? Here we will run through some cases which were more IT-oriented, some which were more business-oriented, others which were more compliance-oriented.

 Speakers

Questions about this ? Interested but you can't attend ? Send us an email !