Earn up to 6.5 CPE credits by attending this virtual event.
A core component of zero-trust architecture, Identity & Access Management (IAM) is definitely having a moment right now. Yet to ensure a more secure future, certain strategic challenges must still be overcome.
Hybrid IT environments with multiple, disparate cloud platforms can make it difficult to manage employee identities across workspaces. And this becomes even more complicated when your employees require varying degrees of access privileges depending on whether they’re a freelance contractor, a full-time remote worker, or a high-ranking executive. Meanwhile, your customer base likely requires their own form of IAM to protect against consumer fraud and account takeovers.
SC Media hosted industry-leading practitioners and experts on March 22-23 who guide you on how to address these key IAM issues. Topics will include:
- Implementing identities in the cloud
- Managing the access of high-risk and highly privileged workers at all stages of employment
- The future of authentication (both credentials-based and passwordless) for employees and customers
FEATURED SPEAKERS
AGENDA
Please continue to check back as we add sessions and speakers to this eSummit
DAY 1 | MARCH 22
10:45 AM ET
Program Opens
11:00 AM ET
KEYNOTE | Apples, oranges and bananas: How to manage IAM in a multi-cloud environment
Thomas Malta, CEO & Principal, IAM Experts, LLC + Board Member, Identity Defined Security Alliance
No two cloud offerings are equal, delivering different advantages to serve specific needs of users, but also incorporating varying configuration standards. That translates to a complex web of requirements for security professionals to manage. In this session, CEO of IAM Experts, LLC and Identity Defined Security Alliance board member Tom Malta will connect the dots between multi-cloud environments and IAM and how to overcome such challenges to realize the potential.
11:30 AM ET
Securing Active Directory privileged users and groups
Derek Melber, Chief Technology & Security Strategist, Tenable
There are many users and groups within AD that need to have privileges. Ensuring that these accounts are secured is key to protecting AD and the entire network. It is also important to secure these accounts due to attackers trying to exploit these accounts. In this session, 17X Microsoft MVP Derek Melber will discuss the most important configurations around your privileged accounts to ensure they are as secure as possible and can’t be exploited by attackers.
12:00 PM ET
Identity resilience: The first response to ransomware
Bob Bobel, Founder & CEO, Cayosoft
Experts predict that a ransomware attack now occurs every 11 seconds. As cyberattacks continue to increase, it is no surprise establishing identity resilience has become a top priority for organizations. Protecting your company’s vital IT infrastructure begins with the cornerstone: your Microsoft identities and directories. Why? Your Active Directory (AD) or Azure Active Directory (Azure AD) are often the target of attackers and if your directories go down, employees aren’t able to access the tools and information they need to perform their jobs.
So, when disaster strikes, such as a ransomware or wiper attack, fast AD recovery is critical. Organizations need a comprehensive recovery solution, or else they will face significant business impacts such as costly downtime, damage to reputation, and loss of business. In this session, you’ll learn more about AD and Azure AD recovery and the crucial role it plays in strengthening your resilience. Join us as we discuss:
- The common types of AD outages and how to best avoid them
- Developing AD recovery plans to ensure the quickest, safest return to business as usual
- Strategies to increase your resilience and protect against both insider threats and malicious changes
- Best practices to prevent re-infection once your AD is restored
12:30 PM ET
BREAK | Visit Solutions Center
12:45 PM ET
THOUGHT LEADERSHIP PANEL | Getting your customers accustomed to IAM on the front end
Nathaniel Stone, Customer Identity & Access Management Product Manager, Square
Kyle Neuman, Director of Trust Framework Development & Chair of Individual Identity Technical Work Group, DirectTrust
Customer identity and access management (CIAM) shares many of the same principles and methodologies as workforce IAM, but by no means are the two practices exactly alike. As a discipline, CIAM requires its own unique approach. When it comes to the front-end of your business operations, consumers cannot be trained in authentication best practices, they want a quick and painless and unobtrusive customer experience, and they value their privacy. Moreover, your customer base is much larger than your payroll (one would hope), and new customers have little history upon which you can assess risk and build trust. This panel session will compare and contrast IAM with CIAM and explore the newest techniques and technologies to help organizations verify customers’ identities and secure their access.
1:30 PM ET
Prevent account takeovers with identity intelligence
Kelly Ahlers, Sr. Sales Engineer, Recorded Future
Account takeovers are one of the most dangerous threats to your environment because they subvert a company’s trust in its employees. And it usually starts in a simple place: an employee reuses a company email and password somewhere on the internet. Criminals have access to billions of credentials, and breach millions of other websites each year. Using these credentials, criminals can try to access your organization’s networks to implant ransomware, steal information, harvest credentials, or all the above.
Join this session to see how Intelligence is key to mitigating and even preventing this threat from surfacing on your network. In this demonstration, we will show you:
- How criminals collect millions of credentials a year
- Where Recorded Future’s Intelligence Graph identifies these credentials affecting your organization
- How Recorded Future automates the work of remediating these credentials with Identity Intelligence
2:00 PM ET
Establishing trusted identities within your zero trust strategy
Abby Guha, Vice President – Product Marketing, Yubico
Passwords no longer ensure secure login. SMS and mobile authentication are phishable. Strong authentication of any person or any device is critical—and validating that the device that is controlling the authentication is properly secured is critical to enabling zero trust. Mobile phone numbers are not uniquely tied to the user and can easily be usurped by malicious actors. Attend this session to learn why not all MFA is created equal, why strong authentication and phishing-resistant MFA should be an integral part of establishing trusted identities in support of zero trust initiatives, and the future of passwordless authentication.
2:30 PM ET
The future of authentication for employees and customers
Jameeka Green Aaron, Chief Information Security Officer, Okta
A strong customer identity foundation should empower businesses with simple, secure, and adaptable identity platforms to fit their unique needs while creating a seamless experience for employees and customers. Identity is much more than logging-in and signing-up; it provides a way to connect with the people who matter most to your brand, to establish trust, and increase conversion opportunities. Discover ways to balance security with friction and to create a safe authentication experience without compromising on privacy.
3:00 PM ET
KEYNOTE | Perfecting employee identity lifecycle management, from onboarding to separation
David Asekoff, Senior Business Analyst & Project Manager in IAM, Broadridge
At any given time, an individual employee’s access can and probably should change depending on their employment status with the company. This strategy is known as identity lifecycle management – and it can be a tricky one to perfect. This session will provide attendees with clear and concise advice for how to manage your worker’s identity and access through all phases of employment, including pre-hiring, onboarding, full-time status, freelance/contractor status, and termination/separation.
DAY 2 | MARCH 23
10:45 AM ET
Program Opens
11:00 AM ET
KEYNOTE | IAM workforce development: Skills, roles and the IT vs security debate
Lori Robinson, VP – Identity & Access Product Management, Salesforce
Who’s in charge of identity and access management in your organization? Some organizations place this responsibility in the hands of the security department, while others see it as an IT function. Some choose to hire dedicated IAM directors with specialized expertise to spearhead IAM projects, while others elect to fold IAM into the day-to-day responsibilities of their IT/security staff. Either way, the employees who execute these strategies need the right IAM skills, knowhow and policy guidance. This session will help you find the approach that’s best for your business, while also offering tips on how to recruit external IAM expertise, and how to assess and upskill IAM talent that’s already within your organization.
11:30 AM ET
PAM back to basics
Joseph Carson, Chief Security Scientist & Advisory CISO, Delinea
With so many high-profile breaches accomplished through compromising passwords on privileged accounts, PAM is a top priority for organizations of all sizes (Gartner puts it at the top of the security list for two years running). Join Delinea’s Chief Security Scientist Joseph Carson, as he takes you on a brief journey through the PAM lifecycle to get you quickly up to speed and understand the PAM matrix of all the different types of privileged accounts that exist across all your different IT domains, often referred to as your privileged account attack surface.
12:00 PM ET
Street cred: Increasing trust in user authentication
J. Wolfgang Goerlich, Advisory CiSO, Duo Security
Passwords don’t have a great reputation: between user complaints of friction adhering to complex password policies and admin complaints about how frequently lost or stolen passwords pose a risk of attack, few of us are fans. With these password problems and more, it raises the question: why would we still use passwords at all?
In this session, Duo Security Advisory CISO Wolfgang Goerlich will provide a walkthrough of why security leaders want to move past passwords, and the challenges of a truly universal passwordless future. Then, he’ll discuss advances in passwordless technology made to improve security and usability, as well as what to watch for next as passwordless solutions mature.
12:30 PM ET
BREAK | Visit Solutions Center
12:45 PM ET
THOUGHT LEADERSHIP PANEL | The latest advancements, innovations and trends in the IAM space
Andras Cser, VP & Principal Analyst Security and Risk Management, Forrester Research
Andrew Shikiar, Executive Director & CMO, FIDO Alliance
Identity and access management has become a very crowded and dynamic space, with a myriad of options that organizations can embrace to better protect their assets from imposters and fraudsters. In a short time, we’ve come a long way from generic passwords and basic 2FA. This panel session will seek to address some of the latest progress in the field, assessing the current popularity and viability of concepts such as decentralized digital identity, evolving passwordless technologies such as biometrics and physical authentication keys, and the latest strategies related to federated and self-sovereign identity.
1:30 PM ET
Zero trust – Replacing depth with logic
Blake Brown, Solutions Engineer, Teleport
Let Blake walk you through the typical access workflow he’s seen in the enterprise environment while discussing logical weaknesses & inefficiencies, then see how these can be addressed by rolling out zero trust access solutions to your environment. This session will dive deep into the pain points facing today’s enterprise organizations and the engineers who have to work with these legacy access workflows.
2:00 PM ET
Zero trust network access and identity & access management: Making both work for you
Kenny Johnson, Product Manager, Cloudflare
Derek Pitts, Enterprise Security Manager, Cloudflare
Zero Trust Network Access (ZTNA) and Identity & Access Management (IAM) are two mutually reinforcing technologies that are increasingly essential to securing the modern workforce. But there is overlap in ZTNA and IAM use cases when implementing a Zero Trust security model, sometimes in confusing ways.
In this session, we’ll share a new point of view on how IAM and ZTNA should work together, alongside other important contextual signals, to enforce default-deny, context-aware policies. You’ll leave with a clearer picture of the roles these technologies can play in your Zero Trust architecture. You will learn:
- What your IAM and ZTNA should deliver, and where IAM and ZTNA intersect
- How ZTNA can serve as a single control plane to aggregate multiple identity providers within an organization’s extended workforce
- How organizations are deploying IAM and ZTNA both to secure and to streamline access experiences
2:30 PM ET
Where are we on the journey to eliminating passwords?
Jay Roxe, Chief Marketing Officer, HYPR
Ryan Rowcliffe, Field CTO, HYPR
The second annual State of Passwordless Security report investigates the current state of conventional and passwordless authentication, key drivers and barriers to adoption as well as overarching technology preferences. Based on newly released research, we’ll discuss:
- What types of attacks are organizations seeing?
- Where are organizations falling short in authentication security?
- What are the key drivers of passwordless adoption?
3:00 PM ET
KEYNOTE | Marrying PAM with IAM to protect your highest-privileged employees
Steve Scherer, CSO – Americas, ic Consult
Archie Patrick, IAM Practice Lead, ic Consult
Not all employees carry with them the same amount of risk, nor do they all require the same level of access to systems and sensitive data. Executives, admins, developers, departmental heads and other high-level employees often require their own set of rules, policies and protections to safeguard the assets they need against user misuse, phishing schemes, and impersonation and account takeover attempts. This session will examine the core tenets of this strategy, with a particular focus on integrating privileged access management (PAM) functionality into your IAM capabilities.
