Agenda OverviewTuesday, 13.05.2014

08:00-18:00 Check-in & RegistrationRoom: EXPO AREA

09:00-13:00 OpenID Foundation Workshop

Enterprise Application ofOpenID Connect, Mobile AppsSSO, Account ChooserRonny Bjones, MicrosoftJohn Bradley, OpenIDFoundation, KantaraPamela Dingle, Ping IdentityPeter Mark Graham,Verizon Enterprise SolutionsDr. Michael B. Jones,MicrosoftDr. Torsten Lodderstedt,Deutsche Telekom AGAnthony Nadalin, MicrosoftNat Sakimura, NomuraResearch InstituteDon Thibeau, OpenIDFoundationRoom: ALPSEE

Identity & AccessManagement Crash Course

Get to know the IAMEssentials in 4 hoursMartin Kuppinger,KuppingerColeRoom: BEER GARDEN

OASIS Workshop

Designing Privacy into our"Smart" Systems andServicesDavid Brossard, AxiomaticsABMichelle Chibba, Office ofthe Information and PrivacyCommissioner OntarioGershon Janssen, OASISOpen Standards GroupProf. Dr. Dawn Jutla, SaintMary´s Univers ityJohn Sabo, OASIS IdtrustRoom: AMMERSEE I

Kantara Initiative Workshop

Consumer Identity -International Use Cases andApproachesJoni Brennan, KantaraInitiativeAllan Foster, ForgeRockRobert Labelle, IEEEDr. Maciej Machulak, CloudIdentity LimitedSandy Porter, AvocoMichel Prompt, RadiantLogicDavid Simonsen, WAYFMatthew Trigg, UK CabinetOfficeColin Wallis, Internal AffairsDept, New ZealandGovernmentMichelle Waugh, CATechnologiesRoom: AMMERSEE II

13:00-14:00 Lunch & NetworkingRoom: EXPO AREA

14:00-14:40 Opening KeynoteMartin Kuppinger, Principal Analyst, KuppingerCole

Room: AUDITORIUM14:40-15:00 In the Light of Snowden's Revelations: Do they Change the Way how we Decide on Information Security?

Heike Raab, CIO, German State of Rhineland-Palatinate15:00-15:20 NSA and Snowden - a Useful Contribution to Information Security Awareness?

Prof. Dr. Reinhard Posch, CIO for the Austrian Federal Government, Republic of Austria15:20-15:40 The Future of Email Privacy

Ladar Levison, Founder, Lavabit15:40-16:00 The Cyber Paradox

Dr. Andreas Knäbchen, Partner Cyber Risk Services, Deloitte16:00-17:00 Coffee & Networking

Room: EXPO AREA17:00-17:20 Why the Future of IDM Still Needs Us

Mike Neuenschwander, CEO, iC Consult Americas17:20-17:40 The Identity of Everything

Geoff Webb, Senior Director of Solution Strategy, NetIQ17:40-18:00 Endconsumerization Requires Agile Risk Management - Risk Mitigation Through a Consequent Cloud Strategy

Dr. Barbara Mandl, Senior Manager, Daimler AG18:00-18:20 Applied Information Stewardship: Protect your Jewelry

Kim Cameron, Creator of the Laws of Identity and Microsoft Identity Architect, Microsoft18:20-18:40 Mitigate Targeted Attacks with Privileged Account Analytics

Roy Adar, Vice President of Product Management, CyberArk18:40-19:00 Identity Governance in the Context of a Connected Security Strategy

Ramses Gallego, Security Strategist, Dell19:00-19:20 IAM Meat and Potatoes Best Practices

Patrick Parker, Founder and CEO, EmpowerID19:30-21:00 Snacks, Drinks & Networking / Evening Reception

Room: EXPO AREA

Wednesday, 14.05.201408:00-18:00 Check-in & Registration

Room: EXPO AREA

08:30-08:50 Developing a Strategy for Business-Aligned Information SecurityRoman Chaplygin, Director, Risk Assurance, PwC Russia

Room: AUDITORIUM08:50-09:10 Borderless Identity: Managing Identity in a Complex World

Paul Fremantle, WSO209:10-09:30 Authentication in 2020

Per Hägerö, CTO, neXus09:30-09:50 Mastering the IAG Challenge

Dirk Venzke, Director, Commerzbank AG09:50-11:00 Coffee & Networking

Room: EXPO AREAThe Future ofCorporate IT

Moderator:Prof. Dr. Sachar

Paulus, KuppingerColeRoom: AUDITORIUM

ABC: Agile Business– Connected

Moderator:Dr. Horst Walther,

KuppingerColeRoom: AMMERSEE I

Privacy &ComplianceModerator:

Dr. Karsten KinastLL.M., KuppingerCole

Room: ALPSEE

IAM InfrastructureTrends & Concepts

Moderator:Graham Williamson,

KuppingerColeRoom: AMMERSEE II

Roundtable: Cloud,Customer,

Community, CitizenIdentity

Moderator:Andrew Nash,KuppingerCole

Room: BODENSEE I11:00-12:00 Strategic IT Planning

Strategic IT Planning:Foundations, Controls ,ProcessesProf. Dr. SacharPaulus,KuppingerCole

Bridging the Gapbetween Business andIT: How to Translate ITWording into BusinessLanguageRoberto Baratta,Novagalicia BancoRoman Chaplygin,PwC RussiaSharon Farber, CATechnologiesPavlos Makridakis,Aurionpro Solutions plcDr. Barbara Mandl,Daimler AGMarco Venuti,CrossIdeas

Identity Governance inMerge/Split ProcessesRoberto Baratta,Novagalicia Banco

ABC: Agile Business –Connected

The new ABC forInformation Security:How to Support theNew Types ofBusinesses – and WhyMartin Kuppinger,KuppingerCole

The new ABC and therole of Cloud IAMRamses Gallego, DellJason Hart, SafeNetMarco Rohrer, IPG AGThierry Winter,Evidian

Privacy inCommunication

Discussion: HowStrong could Privacy inInternetCommunication be -and where are theLegal Barriers?Dr. Michael B. Jones,MicrosoftDr. Scott David,LL.M, KuppingerColeDr. Karsten KinastLL.M., KuppingerColeLadar Levison,LavabitAmar Singh,KuppingerCole

Killing IAM

Killing IdentityManagement in Order toSave ItIan Glazer,salesforce.com

Weaving Identity intoBusiness Services - Isthis the Future of Identity& Access Management?Kim Cameron,MicrosoftPamela Dingle, PingIdentityIan Glazer,salesforce.comMikeNeuenschwander, iCConsult AmericasChristian Patrascu,Oracle Corp.

BYOID is Stepping UpAndrew Nash,KuppingerCole

National IdentityInitiatives Compared -Convergence orDivergence?Colin Wallis, InternalAffairs Dept, NewZealand Government

The Challenges ofThird-party IdentityCredentials & How aTrusted IdentityRegistry May Help:Example Initiatives inthe UK and the USDon Thibeau, OpenIDFoundation

Belgian eID as TrustGenerator AccrossSectors, BankingIncludedFrank Leyman,FedICT Belgium

BYOI – Making Citizenand Consumer IdMEasy using Social IDs… and Secure usingAttribute Verifiers and2FADon Schmidt,Microsoft

Attribute-BasedCredentials (ABCs) forPrivacy-PreservingAuthenticationDr. Joerg Abendroth,Nokia Solutions andNetworks

12:00-13:00 IAM/IAG Organization

The IAM/IAGOrganization that willMake your ProjectSucceedMartin Kuppinger,KuppingerCole

Identity Managementas Strategic Driver - ABank´s Journey to theCloudLuis Saiz, BBVA

2020 Vis ion - IAM forthe Next DecadeMartin Kuppinger,KuppingerColeRavi Srinivasan, IBMSecurity Strategy

Identity in the ExtendedEnterprise

Identity RelationshipManagement: From IAMto IRMJoni Brennan,Kantara Initiative

Identity Challenges forthe ExtendedEnterpriseStuart Boardman,KPN

Big Data in Security vs.Privacy

Preventing yourEnterprise from CyberAttacks and Threats:Can this be Illegal?Dr. Karsten KinastLL.M., KuppingerCole

Deep SecurityMonitoring VersusPrivacy – Is There aMiddle Ground?Ramses Gallego, DellMatthew Gardiner,RSADr. Scott David,LL.M, KuppingerCole

Dynamic AuthorizationManagement

Dynamic AuthorizationManagement: TheMarket and its FutureGraham Williamson,KuppingerCole

RBAC, ABAC, or Both?Allan Foster, ForgeRockFinn Frisch, AxiomaticsPeter Gietz, DAASIInternational GmbHIan Glazer,salesforce.comPatrick Parker,EmpowerIDGeoff Webb, NetIQ

OpenRBAC: Why using anLDAP based Backend forRole Based AccessControl InformationPeter Gietz, DAASIInternational GmbH

13:00-14:30 Lunch & NetworkingRoom: EXPO AREA

IAM/IAG StrategicPlanningModerator:

Prof. Dr. SacharPaulus, KuppingerCole

Amar Singh,KuppingerCole

Room: AUDITORIUM

Mobile SecurityModerator:

Mike Small,KuppingerCole

Room: AMMERSEE I

InformationStewardship in

Practice: SecureInformation Sharing

Moderator:Martin Kuppinger,

KuppingerColeRoom: ALPSEE

IAM InfrastructureTrends & Concepts

Moderator:Graham Williamson,

KuppingerColeRoom: AMMERSEE II

Roundtable:Implementing Life

ManagementPlatformsModerator:

Dr. Scott David, LL.M,KuppingerColeAndrew Nash,KuppingerCole

Room: BODENSEE I14:30-15:30 Evolving your Existing

IAM/IAG Infrastrucure

IAM/IAG: BalancingExisting Investmentswith your Future NeedsProf. Dr. SacharPaulus, KuppingerCole

People, Processes,Solutions: MaturingIAM/IAG atCommerzbank AGDirk Venzke,Commerzbank AG

Social & Mobile Login

Evaluating the Risks ofSocial LoginMike Small,KuppingerCole

How to Enable Socialand Mobile Login – andBeyondIan Glazer,salesforce.comDr. Michael B. Jones,MicrosoftChristian Patrascu,Oracle Corp.Daniel Raskin,ForgeRockDon Schmidt,Microsoft

Information RightsManagement

Information RightsManagement: FinallyReady for Prime TimeMartin Kuppinger,KuppingerCole

UnderstandingInformation RightsManagementArchitecturesPhilippe Beraud,MicrosoftYuval Eldar, SecureIs landsTim Upton, TITUS Inc.

Dynamic AccessControl

Drivers and Lessonslearned from a RecentABAC Implementationat GeneraliManuel Schneider,Generali DeutschlandInformatik Services

ABAC - Vis ions andRealityFinn Frisch,AxiomaticsStephan Schweizer,AdNovum Informatik AGThierry Winter,Evidian

Standards BasedIdentity at Scale

OpenID Connect,OAuth, UMA, SCIM,SAML... - Standards foran Open LifeManagementInfrastructure

User-Managed Access:Key to LifeManagement PlatformsDomenico Catalano,OracleDr. Maciej Machulak,Cloud Identity Limited

A Life ManagementPlatform Goes Live:Launching the RespectNetwork in 2014Drummond Reed,Connect.Me

Social Networking 2.0:Privacy Designed SocialInteraction - TheMetaSociety ProjectMartin Kuppinger,KuppingerColeVladimirSamokhvalov,Metasociety

15:30-16:30 IAM/IAG VendorLandscape

Access GovernanceVendor PanelRamses Gallego, DellPervez Goiporia,OracleMorgan Holm,empowerIDSebastian Kornblueh,G+H Netzwerk-DesignRoy Peretz, WhiteboxSecurityMarco Venuti,CrossIdeas

The 5 Critical Tenets ofIdentity and AccessManagementMikeNeuenschwander, iCConsult AmericasDarran Rolls, SailPointAmar Singh,KuppingerCole

Secure Mobile Access& Identity

Extending Identity andAccess to the MobileWorldNiklas Brask,PointSharp ABBart Renard, VASCOData SecurityStephan Schweizer,AdNovum Informatik AGAvi Yehuda,NativeflowHans Zandbelt, PingIdentity

Grief Counseling:Coping With the Loss ofControl in the SocialMobile Cloud WorldPer Hägerö, neXusThomas van Vooren,Everett

Document BasedComplianceManagementThe Business Driversfor Information RightsManagementPhilippe Beraud,MicrosoftBorja Rosales, DruvaDon Schmidt,MicrosoftYoran Sirkis, Covertix

The LegalRequirements forProtecting Documents– the IRM Legal CaseDr. Karsten KinastLL.M., KuppingerCole

Enterprise APIManagement &SecurityFrom Rogue IT toStrategy: Tying APIManagement into theEnterpriseInfrastructureChris England, OktaMark O'Neill, Axway

An Ecosystem for APISecurity OAuth 2.0,OpenID Connect, UMA,SAML, SCIM and XACMLPrabathSiriwardena, WSO2

16:30-17:30 Coffee & NetworkingRoom: EXPO AREA

17:30-18:30 Access & DataGovernance

What Is the Level ofDetail, an IAM SolutionMust Cover?Niels von der Hude,Beta Systems SoftwareDarran Rolls, SailPointAndrea Rossi,CrossIdeasThomas van Vooren,Everett

Entitlement & AccessGovernance: How to doData GovernanceRight?Pervez Goiporia,OracleBorja Rosales, DruvaAmar Singh,KuppingerCole

Enterprise MobilityManagement

How to SecureCorporate Content inthe Cloud within aConnected MobileEcosystemChris England, OktaPavlos Makridakis,Aurionpro Solutions plcDominic Schmidt-Rieche, AirWatchDirk Wahlefeld,Centrify

Secure InformationSharing in Health Care

eHealthcare DoneRight: Strong Identities,Privacy, SecureInformation Access andSharingKim Cameron,MicrosoftMartin Kuppinger,KuppingerColeDon Schmidt,MicrosoftPeter Weierich, iCConsult GmbH

Leadership Compass:Enterprise Single Sign-OnMature, WellEstablished, Inevitable:Guiding you through theCurrent EnterpriseSingle Sign-On MarketRob Newby,KuppingerColeGraham Williamson,KuppingerCole

LMP Business Models

Life ManagementPlatforms - How toReach the Critical MassMarcel van Galen,Qiy FoundationPeter Mark Graham,Verizon EnterpriseSolutionsDr. Maciej Machulak,Cloud Identity LimitedDrummond Reed,Connect.Me

18:30-18:50 Governance and AwarenessStefan Van Gansbeke, CISO, CM/MC Health Insurance Fund Belgium

Room: AUDITORIUM

18:50-19:10 What do Moby, The Bushmen and The Cloud have in Common?Dragan Pendic, Chief Security Architect, Diageo

19:10-19:30 Heartbleed, NSA & TrustAmar Singh, Senior Analyst, KuppingerCole

19:30-22:00 European Identity Awards Gala & DinnerRoom: AUDITORIUM

Thursday, 15.05.201408:00-18:00 Check-in & Registration

Room: EXPO AREA08:30-08:50 Security as a Service - The New Normal?

Prof. Dr. Hartmut Pohl, CEO, softScheck GmbHRoom: AUDITORIUM

08:50-09:10 Reducing Identity Fragmentation in the New Digital EconomyChristian Patrascu, Director of Product Management – Oracle Fusion Middleware, Oracle Corp.

09:10-09:30 Future2: A Cloud of Emerging Risks in the Finance IndustryDr. Iordanis Chatziprodromou, Lead Data Analytics - P&C Business Management, Swiss Re

09:30-09:50 Defending Your Data in the Wild: Eliminating the Risks of Mobile DataMartin Edwards, Director of Sales Engineering – EMEA, Druva

Borja Rosales, Managing Director, Europe, Druva09:50-11:00 Coffee & Networking

Room: EXPO AREAAccess Governance

& PrivilegeManagement

Moderator:Dr. Horst Walther,

KuppingerColeRoom: AUDITORIUM

Cyber SecurityLeadershipModerator:

Prof. Dr. SacharPaulus, KuppingerCole

Prof. Dr. HartmutPohl, softScheck

GmbHRoom: AMMERSEE I

Adaptive & Riskbased Authentication

Moderator:Amar Singh,KuppingerCole

Room: ALPSEE

IAM InfrastructureTrends & Concepts

Moderator:Mike Small,

KuppingerColeRoom: AMMERSEE II

Roundtable: IAM inLarge Corporations

Moderator:Dr. Karsten KinastLL.M., KuppingerColeDr. Barbara Mandl,

Daimler AGRoom: BODENSEE I

11:00-12:00 IAG & PxM - IntegratedView

Securing ElevatedPrivileges: IntegratingAccess Governanceand PrivilegeManagementMartin Kuppinger,KuppingerColeErich Vogel,ComputacenterDr. Horst Walther,KuppingerCole

Early Check-in withIdentity and AccessGovernance BestPracticesIdita Israeli Sabag,El Al Israel Airlines

Cyber Security BestPractice

Cyber Security BestPractice in the Light ofSnowden's RevelationsProf. Dr. SacharPaulus, KuppingerColeProf. Dr. HartmutPohl, softScheckGmbH

Getting the BasicsRight: How we areProtecting BT AgainstToday´s andTomorrow´s CyberThreatsAernout Reymer, BT

Authentication Trendsand Timeline

Authentication Trends –will Wearables take us_BAC to the Future?Amar Singh,KuppingerCole

Do We Need To PutSecrecy Back In ToSecurity? TheReinvention ofAuthenticationJohn Bradley, OpenIDFoundation, KantaraSteven Hope,WinfrasoftAnthony Nadalin,MicrosoftMikeNeuenschwander, iCConsult AmericasBart Renard, VASCOData Security

IAM Best Practice

Best Practice: IAM @FrankeMartin Saeckel,Franke ManagementAG

Long Term SuccessFactors for IDMEleni Richter, EnBW

IAM as a Commodity

Agile IAM RiskManagement with largeCorporations and theImportance ofStandardsDr. Barbara Mandl,Daimler AGAndre Priebe, iCConsult

The Legal ViewDr. Karsten KinastLL.M., KuppingerCole

Growing Complexityand BusinessRelevance ofCentralized IAMPlatforms – ABalancing ActUdo Guenther,Daimler AG

The ConsumerAdoption & InformationSecurity ViewDon Schmidt,Microsoft

12:00-13:00 Leadership Compass:Privilege Management

Securely ManagingPrivileged Users:Selecting the Solutionthat fits to your NeedsMartin Kuppinger,KuppingerColeRob Newby,KuppingerCole

Privileged AccountAnalytics in the Contextof Realtime Analytics -Challenges andBenefitsRoy Adar, CyberArkMartin Kuppinger,KuppingerCole

Realtime SecurityIntelligence

Why SIEM failed - andwhy we need RealtimeSecurity IntelligenceProf. Dr. SacharPaulus, KuppingerCole

Prescription SecurityLenses for the 4AVis ion: Anywhere,Anytime, with Anyone,on Any DeviceDragan Pendic,Diageo

Big Data forInformation Security:Preventing yourEnterprise from CyberAttacks and ThreatsYuval Illuz, ECITelecom

FIDO Alliance

The Future ofAuthentication (is Now)Rolf Lindemann, NokNok LabsDr. Paul Madsen, PingIdentityJohn Salter, Yubico

Cloud Security &AuthenticationMichael Barrett, FIDOAllianceDaniele Catteddu,ENISAJason Hart, SafeNetSampath Srinivas,Google

Software DefinedInfrastructures -Compliance andSecurityDefining your PathTowards a SoftwareDefined DatacenterJason Hill, VMwareMike Small,KuppingerColeRon Williams, IBM

Keeping Control overyour Cloud Zoo: Multi-Cloud-Platforms foryour SDDCMike Small,KuppingerCole

13:00-14:30 Lunch & NetworkingRoom: EXPO AREA

IAM/IAG MaturityModerator:

Dr. Horst Walther,KuppingerCole

Room: AUDITORIUM

Cyber SecurityLeadershipModerator:

Prof. Dr. SacharPaulus, KuppingerColePeter J. Wirnsperger,

DeloitteRoom: AMMERSEE I

Internet of ThingsModerator:

Rob Newby,KuppingerCole

Room: ALPSEE

Secure CloudModerator:

Mike Small,KuppingerCole

Room: AMMERSEE II

Finance IndustryRound Table

Moderator:Andrew Nash,KuppingerCole

Room: BODENSEE I

14:30-15:30 Measuring IAM/IAGMaturity

IAM/IAG MaturityLevels: Introducing thenew KuppingerColeMaturity Level RatingsMartin Kuppinger,KuppingerCole

From Chaos toCollaboration –Orchestrating Identity& Access GovernanceProperlyJohn Barco,ForgeRockDr. MartinKuhlmann, OmadaDarran Rolls,SailPointMarco Venuti,CrossIdeasEdwin van der Wal,Everett

Beyond End-to-End-Encryption

The Next Generation ofPrivacy Tools: What canwe expect?Kim Cameron,MicrosoftDr. Scott David,LL.M, KuppingerColeLadar Levison,LavabitNat Sakimura,Nomura ResearchInstitute

Internet of Everything(IoE) - Promise &PotentialConnecting the RealWorld with the VirtualWorld: Use Cases,Application Categoriesand Business Modelsfor the IoERob Newby,KuppingerColeHans Zandbelt, PingIdentity

Challenges from theIdentities of ThingsIngo Friese, DeutscheTelekom AG

Cloud Identity

Cloud Identity &Access Management:Defining the MarketMike Small,KuppingerCole

One Identity for All –Efficient and Cost-Effective IdentityManagement in theCloud and for theCloudPer Hägerö, neXusDr. Paul Madsen,Ping IdentityBart Renard, VASCOData SecurityDon Schmidt,MicrosoftMax Waldherr, DellSoftware

The Future Model ofBankingRoberto Baratta,Novagalicia BancoRoman Chaplygin, PwCRussiaDr. IordanisChatziprodromou,Swiss ReLuis Saiz, BBVALewis Tam, Ping AnInsurance GroupDirk Venzke,Commerzbank AG

15:30-16:30 IAM/IAG MaturityAssesment

Maturity AssessmentDos and Dont´sDr. Horst Walther,KuppingerCole

IAM/IAG Vendor &Solution SelectionProcessMartin Waldbauer,E.ON GlobalCommodities SE

Application Security

Security Software as aRiskProf. Dr. HartmutPohl, softScheckGmbH

Application Security –Beyond SecureConfigurations andAccess Controls .Peter J. Wirnsperger,Deloitte

Protecting yourApplications Againstthe Threat of Attacksand Data BreachesProf. Dr. HartmutPohl, softScheckGmbHJuergen Vollmer,Security & QualitySoftware GmbHPeter J. Wirnsperger,Deloitte

Security in a M2M &IoT World

Security in a World of50 Billion ConnectedDevicesMichelle Chibba,Office of theInformation and PrivacyCommissioner OntarioGershon Janssen,OASIS Open StandardsGroupProf. Dr. Dawn Jutla,Saint Mary´s Univers ityAlex Kritikos,Software AGPeter Niblett, IBM

Cloud Encryption

Searching overEncrypted Data inCloud Database as aService EnvironmentsDr. Andreas Schaad,SAP AG

Cloud Encryption:Protecting Privacy,Preventing Data Lossin the Age of Snowdenand HeartbleedPaige Leidig,CipherCloudMike Small,KuppingerCole

16:30-17:00 Coffee & NetworkingRoom: EXPO AREA

17:00-18:00 IAM/IAG Maturity BestPractice

Do's and Don'ts for aSuccessful IdentityManagement Project(Manpower)Rainer Knorpp,Devoteam

A Practitioner´sRecommendations for aSuccessful IAM ProgramDr. Horst Walther,KuppingerCole

Security OperationsCenter

Building your SOC:Realtime SecurityIntelligence On-Premiseand/or as a Service?Prof. Dr. SacharPaulus, KuppingerCole

Plan, Build, run. WhatMakes up a Real SOC?Reto Bachmann, DellSoftwareJason Hill, VMwareAmar Singh,KuppingerCole

IoE Privacy & Security

Unexpected andComplex Implications ofthe Internet ofEverything (IoE)Dr. Karsten KinastLL.M., KuppingerColeJeff Stollman, SecureIdentity Consulting

Security and IdentityChallenges for theInternet of EverythingJohn Barco, ForgeRockPaul Fremantle,WSO2Jason Hart, SafeNetPer Hägerö, neXusRob Newby,KuppingerColeGeoff Webb, NetIQ

Cloud Best Practice

Efficiency Gains in theCloudVladislava Toukalek,WMO

Embracing CloudServices : Roadmap toRealityAmol Sawarkar,InternationalFederation of RedCross and RedCrescent Societies(IFRC)

Roundtable: The FutureModel of Banking(continued)

18:00-18:30 Closing KeynoteProf. Dr. Sachar Paulus, Senior Analyst, KuppingerCole

Room: AUDITORIUM

Friday, 16.05.2014

08:30-10:00 Check-in & RegistrationRoom: HOTEL

Workshop IRoom: AMMERSEE I

Workshop IIRoom: AMMERSEE II

Workshop IIIRoom: BODENSEE I & II

09:00-12:30 Understanding the Legal Framework forUsing Big Data Approaches in SecurityAnalyticsDr. Karsten Kinast LL.M.,KuppingerCole

Negotiating the Cloud Standards andAdvice JungleMike Small, KuppingerCole

FIDO Alliance Workshop - BusinessTrackMichael Barrett, FIDO AllianceRajiv Dholakia, Nok Nok LabsDr. Paul Madsen, Ping IdentityDr. Kim Nguyen, D-Trust

12:30-13:30 Lunch BreakRoom: HOTEL

13:30-16:00 Migrating Away from your CurrentIdentity Provis ioning SolutionMartin Kuppinger, KuppingerCole

Internet of Everything and Big Data:Benefits and how to Manage RiskMike Small, KuppingerCole

FIDO Alliance Workshop - TechnicalTutorialsDirk Balfanz, GoogleRolf Lindemann, Nok Nok Labs

Agenda DetailsTuesday, 13.05.2014

08:00-18:00 Check-in & RegistrationRoom: EXPO AREA

09:00-13:00 OpenID Foundation WorkshopEnterprise Application of OpenID Connect, Mobile Apps SSO, Account ChooserRonny Bjones, MicrosoftJohn Bradley, OpenID Foundation, KantaraPamela Dingle, Ping IdentityPeter Mark Graham, Verizon Enterprise SolutionsDr. Michael B. Jones, MicrosoftDr. Torsten Lodderstedt, Deutsche Telekom AGAnthony Nadalin, MicrosoftNat Sakimura, Nomura Research InstituteDon Thibeau, OpenID Foundation

Enterprise application of OpenID ConnectConnecting to the Cloud using Enterprise DirectoryAttribute Based Access Control and OpenID ConnectManaging virtual organizationsHigh Assurance IdentityApplying OpenID Connect to non-http protocolsDeutsche Telekom and Verizon Connect Implementation Case Studies

Mobile Apps SSOAccount Chooser: Choosing appropriate identity

Balancing private and business life: Same browser, different identity

09:00-13:00 Identity & Access Management Crash CourseGet to know the IAM Essentials in 4 hoursMartin Kuppinger, KuppingerCole

IAM is about guidelines, organization, processes – and technology. Or, correctly: A set of technologies.Understanding these technologies, their value for specific use cases, and their dependencies is mandatory forsuccessful investment decisions. Avoiding point solutions requires a good understanding of the overall IAM bigpicture.This session provides you with the information you need to understand the big picture. It explains the main terms. Itprovides ins ight into the relation of guidelines, organizations, processes, and technologies. It unveils the relationship ofIAM to other IT disciplines such as IT Service Management. It dives into the various elements of IAM, from DirectoryServices to Identity Provis ioning, Access Governance & Intelligence, Single Sign-On, Identity Federation, PrivilegeManagement and Cloud IAM. It discusses how to extend the on-premise IAM to cover all types of users, includingcustomers and business partners. It discusses the emerging Cloud IAM solutions and their role. It looks at how variousIAM disciplines are related.

It is a crash course that gives you ins ight into IAM and is the perfect preparation for all the following sessions of EIC 2014.

09:00-13:00 OASIS WorkshopDesigning Privacy into our "Smart" Systems and ServicesDavid Brossard, Axiomatics ABMichelle Chibba, Office of the Information and Privacy Commissioner OntarioGershon Janssen, OASIS Open Standards GroupProf. Dr. Dawn Jutla, Saint Mary´s Univers ityJohn Sabo, OASIS Idtrust

"Smart" technologies are helping to solve many modern day challenges: making our living space "smarter," our citiesmore efficient and livable, and bringing networked functionality to transportation, public facilities and services. But thenetworked storage and streams of data associated with these new technologies and their interaction with big datasystems create new risks for personal privacy. In this sense, privacy is not about having something to hide, it's abouttransparency and personal control. In the case of smart cities, privacy concerns arise in many ways: when there is thepossibility of unauthorized services or when third parties access sensitive information, such as habits and behaviors,personal relationships or account information and use this information without an individual's consent. The increasedintegration and inter-relationship of smart applications amplify the potential for systemic risks to personal privacy.

09:00-13:00 Kantara Initiative WorkshopConsumer Identity - International Use Cases and ApproachesJoni Brennan, Kantara InitiativeAllan Foster, ForgeRockRobert Labelle, IEEEDr. Maciej Machulak, Cloud Identity LimitedSandy Porter, AvocoMichel Prompt, Radiant LogicDavid Simonsen, WAYFMatthew Trigg, UK Cabinet OfficeColin Wallis, Internal Affairs Dept, New Zealand GovernmentMichelle Waugh, CA Technologies

Hear from industry leaders on the latest in international approaches with real world use cases. Learn how varyingcountries are approaching using agile and trustworthy approaches to enhance and drive adoption and market growth ofIdentity and Access Management.

Attendees will leave with knowledge of:

Varying National Programs toward Trusted Identity ManagementAgile Approach of Identity Relationship Management toward Market GrowthUser Managed Access as part of a Life Management Platform for Authorization ControlStandards Bodies and Consortia approaches toward Internet Technology Governance for trusted adoption of on-lineservices

Agenda:

09:00-10:00 Welcome, Overview, Update on International Programs (NSTIC, EU, Japan, etc)

10:00-11:00 Identity Relationship Management

11:00-12:00 AuthZ: UMA demo and latest implementation draft

12:00-12:45 Trust: Open Stand & Trust Initiatives

12:45-13:00 Calls To Action

13:00-14:00 Lunch & NetworkingRoom: EXPO AREA

14:00-14:40 Opening KeynoteMartin Kuppinger, Principal Analyst, KuppingerCole

Room: AUDITORIUM14:40-15:00 In the Light of Snowden's Revelations: Do they Change the Way how we Decide on Information Security?

Heike Raab, CIO, German State of Rhineland-Palatinate15:00-15:20 NSA and Snowden - a Useful Contribution to Information Security Awareness?

Prof. Dr. Reinhard Posch, CIO for the Austrian Federal Government, Republic of Austria15:20-15:40 The Future of Email Privacy

Ladar Levison, Founder, Lavabit15:40-16:00 The Cyber Paradox

Dr. Andreas Knäbchen, Partner Cyber Risk Services, Deloitte16:00-17:00 Coffee & Networking

Room: EXPO AREA17:00-17:20 Why the Future of IDM Still Needs Us

Mike Neuenschwander, CEO, iC Consult Americas17:20-17:40 The Identity of Everything

Geoff Webb, Senior Director of Solution Strategy, NetIQ17:40-18:00 Endconsumerization Requires Agile Risk Management - Risk Mitigation Through a Consequent Cloud Strategy

Dr. Barbara Mandl, Senior Manager, Daimler AG18:00-18:20 Applied Information Stewardship: Protect your Jewelry

Kim Cameron, Creator of the Laws of Identity and Microsoft Identity Architect, Microsoft18:20-18:40 Mitigate Targeted Attacks with Privileged Account Analytics

Roy Adar, Vice President of Product Management, CyberArk18:40-19:00 Identity Governance in the Context of a Connected Security Strategy

Ramses Gallego, Security Strategist, Dell19:00-19:20 IAM Meat and Potatoes Best Practices

Patrick Parker, Founder and CEO, EmpowerID19:30-21:00 Snacks, Drinks & Networking / Evening Reception

Room: EXPO AREA

Wednesday, 14.05.201408:00-18:00 Check-in & Registration

Room: EXPO AREA

08:30-08:50 Developing a Strategy for Business-Aligned Information SecurityRoman Chaplygin, Director, Risk Assurance, PwC Russia

Room: AUDITORIUM08:50-09:10 Borderless Identity: Managing Identity in a Complex World

Paul Fremantle, WSO209:10-09:30 Authentication in 2020

Per Hägerö, CTO, neXus09:30-09:50 Mastering the IAG Challenge

Dirk Venzke, Director, Commerzbank AG09:50-11:00 Coffee & Networking

Room: EXPO AREA11:00-12:00 Strategic IT Planning

Strategic IT Planning: Foundations, Controls, ProcessesProf. Dr. Sachar Paulus, KuppingerCole

The worst thing that can be done in IT is investing in “panic mode”. That typically happens when Information Securityincidents happen. The second worst thing is having investments driven by specialists that are focused on a particularproblem or system. That happens without well thought-out IT planning. The third worst thing is investing in the wrongtechnology because the business problem wasn’t understood. In this session, Prof. Dr. Sachar Paulus will share hisknowledge on how to set up a strategic IT planning model in your IT organization. He will talk about foundations, controls ,and processes for Strategic IT Planning.

Bridging the Gap between Business and IT: How to Translate IT Wording into BusinessLanguageRoberto Baratta, Novagalicia BancoRoman Chaplygin, PwC RussiaSharon Farber, CA TechnologiesPavlos Makridakis, Aurionpro Solutions plcDr. Barbara Mandl, Daimler AGMarco Venuti, CrossIdeas

This panel is about discussing how to translate business wording such as technical resource names - "EX12FIN" – intobusiness language: "Expense System for non-managers". Many IAM/IAG projects struggle with doing that translation. Thepanelists will discuss

the need for mapping IT wording and business languagewhere to do itwho has to do ithow to do it efficiently

Bridging that gap means setting up an IAM/IAG organization that spans business and IT people. Thus, we expect thediscussion not only being about the translation between business and IT, but talking about the organizational structure andprerequis ites on both s ides for this key success factor of any IAM/IAG project.

Identity Governance in Merge/Split ProcessesRoberto Baratta, Novagalicia Banco

In the financial sector, like in many other industries, change has become the new normal, with mergers and splits as aregular concern not only for modern banks. Successfully managing a merging or splitting project involves not onlytechnology and processes, but also people and governance.

A well planned and properly managed identity governance plan could drive those changes in a cost and time effectiveproject where technology supports decis ions and gives dynamism. Merging and splitting challenges involve more thanprovis ioning, role management and workflows; it requires business support aligning the project scope with corporateobjectives while keeping efficiency,compliance and operations.

11:00-12:00 ABC: Agile Business – ConnectedThe new ABC for Information Security: How to Support the New Types of Businesses – and WhyMartin Kuppinger, KuppingerCole

Agility is a key capability of successful organizations. Agility is the ability to quickly adapt the organization and the businessmodel to new customer demands, innovations, and a changing competitive landscape.

We live in a time where virtually all business relies on IT. Whether this is retail, finance, or life sciences – businessrequires IT. The consequence is , that IT has to support business agility. No IT agility = no business agility.

One of the biggest changes we are currently observing is the evolution from stand-alone to connected businesses. Newcollaborative business models, tighter and more flexible integration of customers and business partners, and theupcoming IoEE (Internet of Everything and Everyone) are driving the evolution of businesses.

Cloud Computing, Mobile Computing, and Social Computing, the so-called “Computing Troika”, are already consequencesof the business demand for agile and connected IT.

The challenge in this evolution is finding the balance between the business demand for agility and connectivity on the onehand and the IT and Information Security requirements on the other. Information Security can no longer think in terms ofperimeters, devices, and system security. Martin Kuppinger will talk about business demands, opportunities and what todo in IT in general and Information Security in particular to support the business perfectly well.

The new ABC and the role of Cloud IAMRamses Gallego, DellJason Hart, SafeNetMarco Rohrer, IPG AGThierry Winter, Evidian

Secure access to Cloud services, on-boarding of external partners, access to collaborative industry networks andbusiness partner applications: Securely enabling the “Computing Troika” of Cloud, Mobile and Social Computing is a mustfor any organization. Managing the identities and their access is a cornerstone therein. Is Cloud IAM the only answer onthat challenge? What does it then need in Cloud IAM? How to integrate with the IAM you run on premises? And what elsedoes it need for supporting the new ABC? Is this about an “API Economy”? And how to then secure machine-to-machinecommunication? Many questions. The panelists will provide answers.

11:00-12:00 Privacy in CommunicationDiscussion: How Strong could Privacy in Internet Communication be - and where are the LegalBarriers?Dr. Michael B. Jones, MicrosoftDr. Scott David, LL.M, KuppingerColeDr. Karsten Kinast LL.M., KuppingerColeLadar Levison, LavabitAmar Singh, KuppingerCole

In this session, we will discuss about the technical and infrastructural implications of privacy enhanced securecommunication on the one hand, and on possible legal barriers and political obstacles against real end-to-end security onthe other s ide. But first of all: What is "real" end-to-end security? And - is this kind of security usable anymore? LadarLevison will, for the first time in Europe, talk about the Dark Mail Alliance´s plans and status, which is a unique opportunityfor the audience to get first hand information of what we expect to have enough potential to change the way wecommunicate over the internet.

11:00-12:00 Killing IAMKilling Identity Management in Order to Save ItIan Glazer, salesforce.com

IAM has not kept up with the time and has become less than optimal for modern business. In order to be invaluable, IAMhas to radically adapt. This session will discuss:

How current IAM is not well suited for the modern businessWhat a truly modern IAM system would includeWhat we as an industry can do to evolve.

Weaving Identity into Business Services - Is this the Future of Identity & Access Management?Kim Cameron, MicrosoftPamela Dingle, Ping IdentityIan Glazer, salesforce.comMike Neuenschwander, iC Consult AmericasChristian Patrascu, Oracle Corp.

The future of IAM is unwritten. Industry leaders will discuss, debate, and debunk potential approaches for IAM to evolveand its new relationship to business.

11:00-12:00 BYOID is Stepping UpAndrew Nash, KuppingerCole

Identity Providers are becoming recognized as an interesting source of Authentication and Identification services. While thesecurity teams are reasonably suspicious of such new advances, the business people in may enterprises are waking upto the potential of customers and even employees and contractors bringing their own identity. Governments too areengaging in this area as the high cost of delivering citizen services is tackled in many different countries.

National Identity Initiatives Compared - Convergence or Divergence?Colin Wallis, Internal Affairs Dept, New Zealand Government

The presentation compares a group of national online identity initiatives against a set of wide ranging criteria,and explorestheir potential trajectory.

The Challenges of Third-party Identity Credentials & How a Trusted Identity Registry May Help:Example Initiatives in the UK and the USDon Thibeau, OpenID Foundation

Common law governments worldwide have begun to make commitments to adopt federated models for identityregistration and credential authentication for central government services. This approach requires close collaboration withindustry to create the needed schemes or trust frameworks that organize the business, legal, and technical standards,and policies and best practices needed to succeed.

As these countries architect and deploy their identity federations it’s important that such development does not becomesiloed by jurisdiction. Rather, for the successful operation of any market there needs to be trusted information sharing. Listings—like the yellow pages—leverage data. Directories—like the DNS—speed introductions. Exchanges—like theNASDAQ—grow markets. Registries s implify transactions – wedding registries are an example.

Today, there are no such forums for sharing information on trusted identity. OIX is building one.

Under the direction of the OIX Board of Directors, OIX is building OIXnet, an authoritative registry for online identity trustand a neutral exchange for sharing trusted identity data to enable global interoperability among identity federations in thecommercial, non-profit, and public sectors. The goal: a greater variety of trusted transactions at a greater velocity.

Belgian eID as Trust Generator Accross Sectors, Banking IncludedFrank Leyman, FedICT Belgium

Today more and more countries get involved in issuing National Online Identity schemes and solutions (e-ID). All e-Govofficials agree unanimously that this is the best way forward to implement authentication and s ignature for e-Govapplications in their own realm. The question whether the National e-ID schemes are fit to serve in commercialapplications as a genuine business enabler gains more and more importance. This presentation is a real business caseon how a government and a commercial partner in the finance industry joined forces to leverage a national eID solution.With unique wins for each partner like :

easier customer enrollment and verificationgeneric use of the e-ID schemeuse of legally binding s ignaturerespect for privacy

BYOI – Making Citizen and Consumer IdM Easy using Social IDs … and Secure using AttributeVerifiers and 2FADon Schmidt, Microsoft

Self-service portals are a universal "big bet"

Increase customer satis faction … Reduce operational costsRetail, Utilities, Education, Credit, Insurance, Banking, Healthcare, Government

For many organizations they are a losing bet!

Consumers:Hate creating new passwords & security questions for every s ite

Department heads, IT admins:Weak & re-used passwords neuter security & privacy defenses

Regulators, Law enforcement, TaxpayersIncreased fraud losses offset operational cost savings

Augmenting BYOI can make everyone a winner

Consumers:Hate creating new passwords & security questions for every s ite"Bring-your-own-identity" enables logon with existing social IDs

Department heads, IT admins:Weak & re-used passwords neuter security & privacy defenses"Step-up phone 2FA" delivers user-friendly strong authentication

Regulators, Law enforcement. TaxpayersIncreased fraud losses offset operational cost savings"Verified attributes" provide online identity assurance

Attribute-Based Credentials (ABCs) for Privacy-Preserving AuthenticationDr. Joerg Abendroth, Nokia Solutions and Networks

Privacy-ABCs are the (old) newcomer in the area of identity management. Being designed to protect the privacy ofconsumers in the internet ecosystem they include some concepts that are worth to be reviewed by enterprise identitymanagement practitioners. This presentation will provide a high-level background on the privacy-ABC technology andintroduce two pilots that had been run during ABC4Trust project. Additional typical privacy-ABC scenarios will be presentedand the differences to non privacy-ABC instantiations highlighted.

12:00-13:00 IAM/IAG OrganizationThe IAM/IAG Organization that will Make your Project SucceedMartin Kuppinger, KuppingerCole

How does the IAM/IAG organization look like that will make your project succeed? Do you need to split governance andexecution? What about the business-facing layer of Access Governance and the technology-facing layer of IdentityProvis ioning – to you need to split your organization here as well? What about the management of users and access at thesystem level? How to handle this , how to integrate the Active Directory administrators and the SAP security profess ionals?Is IAM something that needs to be handled apart from the rest of Information or IT (Technology) Security?

Having the right organization in place is key to success. Defining responsibilities and accountabilities for guidelines,processes, and technology right will help you in succeeding. Having clear interfaces between various layers and to thebusiness is as important as having a well-defined interface to IT Governance and Corporate Governance.

In this session, Martin Kuppinger will explain his view on the ideal IAM/IAG organization, based on his experience from avast number of advisory projects and customer feedback.

Identity Management as Strategic Driver - A Bank´s Journey to the CloudLuis Saiz, BBVA

Being one of the largest Google Apps customer and having integrated IT Risk, Fraud & Security in a s ingle department hasprovided a new vis ion of how to leverage our experience to design and deploy new security services.

Security not only enable new digital services but propose and promote new solutions to the business.

Our view and experience in Ins ide and outs ide federation, Level of Assurance Authentication and related AuthorizationStates, efficient Authentication of RESTful calls , tokenization, mobile security authorization app, risk based authentication,research on new detection algorithms applied to fraud and authentication risk.

2020 Vision - IAM for the Next DecadeMartin Kuppinger, KuppingerColeRavi Srinivasan, IBM Security Strategy

As attacks become more difficult to detect and defend against, it is clear that no organization is immune from securitybreaches, and the threats will only continue to grow. In response, we anticipate a fundamental shift around identity andaccess management (IAM) as enterprises cope with increased regulatory compliance requirements, ins ider and externalthreats, cloud/SaaS integration, and other trends. We also see cloud and mobility changing the way organizationsimplement user protection, with threat-aware Identity and Access Management becoming the key line of defense of theorganization´s multiple perimeters.

In this session, Ravi Srinivasan, Director, IBM Security Strategy and Product Management, and Martin Kuppinger willdiscuss these emerging security trends and approaches you should consider to improve your IAM security posture for thenext decade.

12:00-13:00 Big Data in Security vs. PrivacyPreventing your Enterprise from Cyber Attacks and Threats: Can this be Illegal?Dr. Karsten Kinast LL.M., KuppingerCole

With the evolution of new technologies and approaches to security, such as the application of big data tools to profoundlyanalyze network traffic in realtime, security profess ionals can have a high level of vis ibility into any type of information.These systems do not distinct between personal and "non-personal" information - they are just trained to detectsuspicious patterns and can do so only if all packets are inpected. But what does the law say? Do enterprises have a rightto process personal data in order to defend themselves against cyber attacks? KuppingerCole´s Senior Analyst andprivacy expert Dr. Karsten Kinast, LL.M. will give you an overview on how current and future legis lation is and will answerthis question. There is an additional workshop offered for this topic.

Deep Security Monitoring Versus Privacy – Is There a Middle Ground?Ramses Gallego, DellMatthew Gardiner, RSADr. Scott David, LL.M, KuppingerCole

The news is rife with the conflict of deep security monitoring versus personal privacy. Similar to the rise of sophisticatedglobal terrorists is the rapid rise of advanced IT security threats from hacktivists , cybercriminals , and nation states, andthe fast evolution of security technologies designed to defend against them. Security profess ionals now often findthemselves pushing the boundary of what is socially acceptable and even legal, while trying to keep up their organization’sdefenses.

With the evolution of security technologies such as network packet capture and big data security analytics, securityprofessionals can have an unprecedented level of vis ibility into what is happening in their enterprise. But can securityprofessionals use these monitoring oriented technologies without violating both laws and the monitored persons’ sense ofreasonableness?

Given the ins idious nature of many advanced threats and their associated malware, which have been known to hideamongst normal application traffic, detection often requires sophisticated anomaly detection leveraging the collection andanalys is of very large data sets, which often include the personal information and communications (email, IM, ftp). Even ifthe collection of this personal information is not the primary purpose of the security system, doing so can sometimes beillegal and often times raise objections from individuals , workers councils /unions, and data privacy officers.

After providing the background on today’s threats and why monitoring & big-data analytic defensive techniques are reallyrequired to defend against today’s most difficult threats, the presenters/panelists will provide some specific deploymentexamples that highlight the challenges from both a legal and cultural perspective. They will go on to discuss howorganizations in privacy sensitive regions can use advanced types of security monitoring technologies and will also reviewboth technical and non-technical controls which can help enable a balance between the needs of risk reduction for theorganization and the privacy expectations of the users and the laws. And they will also discuss with you the closely relatedissues of working with employees and data privacy officers to help smooth the deployment of security monitoringsystems.

12:00-13:00 Dynamic Authorization ManagementDynamic Authorization Management: The Market and its FutureGraham Williamson, KuppingerCole

In this session, Graham Williamson of KuppingerCole will present on the current state of the Dynamic AuthorizationManagement market based on the brand-new KuppingerCole Leadership Compass document on the subject. The sessionwill discuss the direction of IAM solutions to externalise their authentication and authorisation decis ions to a centrallymanaged decis ion point. The presentation will advise on the direction various vendors have taken and the degree to whichstandards such as XACML are supported. Graham will also advise on expectations for the future development of thismarket sector and the core requirements when selecting a product in this area. The presentation will position DynamicAuthorization Management in the context of a comprehensive IAM solution.

RBAC, ABAC, or Both?Allan Foster, ForgeRockFinn Frisch, AxiomaticsPeter Gietz, DAASI International GmbHIan Glazer, salesforce.comPatrick Parker, EmpowerIDGeoff Webb, NetIQ

There is an ongoing discussion about terms such as RBAC (Role Based Access Control) and ABAC (AttributeBased Access Control). However, is it really about either-or? Or isn’t it that most role concepts take otherattributes such as the Organizational Unit into account, while the role is a major attribute for most ABACconcepts? Shouldn’t the discussion be more about the question on how to make the shift from Static AccessManagement, based on pre-determined ACLs (Access Control Lists) etc., towards Dynamic Access Managementand especially Dynamic Authorization Management, where applications ask at runtime for authorizationdecisions? But how to make that shift, how to convince application architects and developers? The panelists willtalk about both RBAC and ABAC and how to make Dynamic Authorization Management a success, based on theirexperience.

OpenRBAC: Why using an LDAP based Backend for Role Based Access Control InformationPeter Gietz, DAASI International GmbH

OpenRBAC is an open source implementation of the ANSI standard RBAC. It uses OpenLDAP as backend for storinginformation on user, roles, resources, priviledges, etc. This has a number of advantages and only very few limitations.Access decis ions can be retrieved by s imple ldap searches so that a OpenRBAC based Policy Decison Point can answerten thousands of such queries per seconds. Since two other RBAC software products use LDAP, currently work is beingdone on an IETF Internet Draft to standardize the LDAP schema and a specific LDAP extended operation for interoparableimplementations. The talk will introduceRBAC, OpenRBAC and report on the LDAP standardisation work.

13:00-14:30 Lunch & NetworkingRoom: EXPO AREA

14:30-15:30 Evolving your Existing IAM/IAG InfrastrucureIAM/IAG: Balancing Existing Investments with your Future NeedsProf. Dr. Sachar Paulus, KuppingerCole

Balancing existing investments with future needs – this is a tough challenge to solve. This is even more true for IAM/IAG,where organizations face a number of new challenges such as onboarding business partners and customers,collaborating in industry networks, or managing access to Cloud services securely. Clearly, there is the need of having abig picture in mind, defining a roadmap, and executing this step-by-step, while regularly adjusting the vis ion, strategy, androadmap to new requirements.

Aside of the question, how a big picture should and could look like today for IAM/IAG, it is also about implementing a goodprogram management. This session will talk about how such a program management could look like. How to ensure thatdependencies between various components are known? How to build an infrastructure that avoids lock-in and allowsexchanging various components? How to work based on risk? How to implement controls for the program managementprocess itself? How to communicate with the business departments to balance their urging requirements with the ability ofIT to deliver and the need for risk mitigation? This session will provide answers and approaches on how to do that best.

People, Processes, Solutions: Maturing IAM/IAG at Commerzbank AGDirk Venzke, Commerzbank AG

Refering to the core message in the keynote ´Mastering the IAG Challenge´, the focus here is on the main steps to betaken in setting up and maturing an IAM/IAG program. What are the key lessons in such an approach? What does it mean indetail to focus on people, process and only finally on solutions and why is it critical for that focus to be exactly in thatorder?

14:30-15:30 Social & Mobile LoginEvaluating the Risks of Social LoginMike Small, KuppingerCole

While Information Security people have been rather reluctant regarding social logins, there always has been pressure fromMarketing, Sales, and Business Development departments. The reasons given by InfoSec people to be more careful havebeen aspects such as the authentication strength and assurance of these services. Marketing on the other hand has seenthis as a "must have" feature for customer convenience and to be "modern". There is a value in BYOI (Bring Your OwnIdentity), enabling the customer to use one ID for multiple services, avoiding redundant registration and the "passwordsprawl", requiring him keeping many passwords in mind. But unfortunately, social logins are not secure. New initiatives,such as the FIDO Alliance, are pushing more secure approaches for BYOI that can work with or without social logins.

Aside from information security aspects, there is another challenge, which so far has been widely ignored. It is the s implequestion: Is supporting social logins really good for business? Looking at the way the social networks operate and theirbusiness models, supporting social logins is about massively leaking information about your customers, leads andprospects to 3rd parties, like Facebook or Google, and through those possibly even to your competition. How does thisinfluence your benefits / risk equation?

In this talk, Mike Small will provide a deeper look on how social logins can create competitive disadvantages and what thealternatives are to provide BYOI without the risk of leaking information to competitors.

How to Enable Social and Mobile Login – and BeyondIan Glazer, salesforce.comDr. Michael B. Jones, MicrosoftChristian Patrascu, Oracle Corp.Daniel Raskin, ForgeRockDon Schmidt, Microsoft

In this thought leadership panel, the panelists will discuss the various options for securely enabling social and mobilelogins in existing on-premise IAM infrastructures and by adding Cloud-based services. Supporting these environments is acommon requirement and IT organizations have to be able to react on this . They especially must support mobile securityas part of this , in the context of secure access to information (and not only by protecting devices). However, today’sapproaches – namely the plumb support of social logins – will face change. Thus, the panel will also look at alternativesolutions on how to support BYOI – for mobile users and others. New features of mobile devices such as NFC orintegrated fingerprint readers provide new opportunities for mobile security and BYOI.

14:30-15:30 Information Rights ManagementInformation Rights Management: Finally Ready for Prime TimeMartin Kuppinger, KuppingerCole

It’s a perfect coincidence. On one hand, demand for Secure Information Sharing is not only growing but exploding in the„post Snowden era“. On the other hand, we see a number of new and improved solutions appearing in the market. Thus,Information Rights Management is finally becoming ready for widespread adoption. Information Rights Managementprotects documents by encrypting them and attaching access control. These access controls are enforced by theapplications that are used to read and edit the documents.

In his presentation, Martin Kuppinger will look at the various alternatives in the Information Rights Management. He willdescribe and compare concepts and provide a vendor overview. He then will look at the common requirements customershave for Information Rights Management and rate the readiness of approaches based on these requirements.

Understanding Information Rights Management ArchitecturesPhilippe Beraud, MicrosoftYuval Eldar, Secure Is landsTim Upton, TITUS Inc.

This session will have a look at the technical concepts behind IRM, based on the example of Microsoft’s Azure RMS. It looksat how encryption is done, the various options for managing keys, the integration with applications, and the managementof users. Given that IRM, despite all progress, still is a complex topic, this sessions provides background informationabout how IRM works, which helps designing own implementations.

14:30-15:30 Dynamic Access ControlDrivers and Lessons learned from a Recent ABAC Implementation at GeneraliManuel Schneider, Generali Deutschland Informatik Services

Manuel Schneider from Generali Deutschland Informatik Services will describe Generali´s drivers and lessons learnedfrom a recent ABAC implementation project. Generali's objectives were to enable the organization to share IT resourcesamong entities in a heavily regulated environment that demands precise and context-aware access controls .Based on this information we will highlight some conclusions that should be of value to attendees.

ABAC - Visions and RealityFinn Frisch, AxiomaticsStephan Schweizer, AdNovum Informatik AGThierry Winter, Evidian

NIST and the Federal Chief Information Officers Council explicitly name Attribute Based Access Control "as a recommendedaccess control model for promoting information sharing between diverse and disparate organizations". In 2013, a Gartneranalyst predicted that "by 2020, 70% of all businesses will use attribute-based access control". So there is wind elevatingABAC into the clouds but what happens on the ground? In this session, the panelists will summarize findings from a large number of projects to establish what business driversorganizations had for their ABAC initiative.

14:30-15:30 Standards Based Identity at ScaleOpenID Connect, OAuth, UMA, SCIM, SAML... - Standards for an Open Life ManagementInfrastructureUser-Managed Access: Key to Life Management PlatformsDomenico Catalano, OracleDr. Maciej Machulak, Cloud Identity Limited

The ability to access information anywhere and anytime changes the way people engage, communicate and interact witheach other. Personal information sharing is an emerging trend for online personal life activities and this trend is called theLife Management Platform (LMP). With LMP, individuals interact with other people, institutions, agencies, private companiesand organisations in order to get access to specific services such as car insurance, loans, healthcare, or public services,among many others. The LMP model, s imilarly to other concepts like Personal Cloud or Personal Data Stores, encouragesthe individual to be in control of their own data, and aims to provide a mechanism that allows individuals to meet privacyand security requirements, either those imposed by themselves or other authorities.

User-Managed Access (UMA) is a technology that provides an unique solution to central management of protecting andsharing distributed resources owned by an individual. It fits precisely to the Life Management Platform model. The UMAproposal can be used to manage secure information sharing with explicit consent of the individual and also to support thepolicy definition for requests for information from other interested parties. Furthermore, UMA allows to providesophisticated audit tools for control and vis ibility of the shared data, which satis fies the Privacy By Design principles.

This presentation will provide a detailed description of the UMA proposal, its architecture, protocol and the trust model. Wewill also show the benefits of UMA that can be applied to various LMP scenarios as well as a demo session related to apersonal information sharing scenario.

A Life Management Platform Goes Live: Launching the Respect Network in 2014Drummond Reed, Connect.Me

Kuppinger Cole has predicted that Life Management Platforms will be one of the most important developments in Internetinfrastructure this decade. In this panel, Respect Network co-founder and CEO Drummond Reed will be joined by executivesof several Founding Partners of the Respect Network to discuss the 2014 launch of this new global private network. Thepanel will cover the technical, legal, and business foundation of the Respect Network, the 2014 launch schedule, the firstapps that will be released for the network (including the new vers ion of Connect.Me, honored with the Privacy Award at the2011 European Identity Conference), the early use cases and value propositions for business members of the network,and growth plans through 2015 and beyond.

Social Networking 2.0: Privacy Designed Social Interaction - The MetaSociety ProjectMartin Kuppinger, KuppingerColeVladimir Samokhvalov, Metasociety

What is the result, if we merge the concept of Life Management Platforms with social networks, secure transactions,communication and information sharing? Yes, the result is a complete digital representation of social interaction like wehumans have been developing in thousands of years, with by the way not so much change. Now that the Internet ofEverything is coming along with technologies to provide secure frameworks which let us be represented by robot-like"software defined identities", Vladimir Samokhvalov founded MetaSociety to create the next generation of Social InteractionSystem (SIS). He will describe his concept together with Martin Kuppinger and open the discussion on his proposal.

15:30-16:30 IAM/IAG Vendor LandscapeAccess Governance Vendor PanelRamses Gallego, DellPervez Goiporia, OracleMorgan Holm, empowerIDSebastian Kornblueh, G+H Netzwerk-DesignRoy Peretz, Whitebox SecurityMarco Venuti, CrossIdeas

The Access Governance market is maturing – and changing. While there are many vendors now that have a strong offeringfor IAG (Identity and Access Governance), there are various new features provided by the one or other vendor. DataGovernance, Cloud Access Governance, integration of Privilege Management features, Access Inteliigence, etc. As ide ofthat, there is the more fundamental question of whether the better approach is integrating Identity Provis ioning andAccess Governance or keeping these functionalities separate. While the one better suits to customers looking for a s inglesolution, the other approach might work better for customers that already have various Identity Provis ioning tools in place– something that is not uncommon in large organizations. Aside of that, provis ioning approaches are becoming moreflexible, supporting ESBs (Enterprise Service Bus), Service Management tools , and other ways to provis ion, beyondtraditional Identity Provis ioning.

As always, customer requirements are differing and there is most likely not the s ingle right approach to do AccessGovernance. However, there are good arguments for all of these new features and architectural concepts. Theparticipants of this panel will discuss about this and provide you arguments that help you picking the Access Governanceapproach of choice for your organization.

The 5 Critical Tenets of Identity and Access ManagementMike Neuenschwander, iC Consult AmericasDarran Rolls, SailPointAmar Singh, KuppingerCole

The IAM market is experiencing a renaissance with the emergence of new options for how and where to deployIAM technology, both on-premises and as a service. At the same time most organizations are strugglingwith how to best utilize the IAM solutions they have to manage their changing world of IT infrastructure. New technologieslike cloud and mobile are being mixed with established mainstays like SAP, Oracle and RACF and all must be managed witha increasing focus on governance, compliance and automation. However, regardless of the delivery model selected,and whatever the mix of applications being managed, many best practices of IAM remain unchanged. During this session,SailPoint CTO, Darran Rolls will introduce the 5 Critical Tenets of Identity and Access Management. He will discuss themany and varied options now available to deliver IAM technology, and will provide a best-practice guide for defining,securing and managing Identity regardless of the IAM deployment technology, the application being managed, or the theinfrastructure it all runs upon.

15:30-16:30 Secure Mobile Access & IdentityExtending Identity and Access to the Mobile WorldNiklas Brask, PointSharp ABBart Renard, VASCO Data SecurityStephan Schweizer, AdNovum Informatik AGAvi Yehuda, NativeflowHans Zandbelt, Ping Identity

During this panel, we will take a deep dive into the world of mobile data security with an emphasis on how enterprisesdata need to ensure the security of corporate data as more employees are relying on mobile devices to get their workdone and access corporate data on the go.

Grief Counseling: Coping With the Loss of Control in the Social Mobile Cloud WorldPer Hägerö, neXusThomas van Vooren, Everett

In today’s world, more and more is moving beyond control of the enterprise. Apparent examples are the adoption of Cloudtechnologies, BYOD (bring your own device) and BYOI (bring your own identity). At the same time there is increasedregulatory pressure and a growing internal demand for better fraud prevention and protection of intellectual property. Adetective approach to access governance and the help of distributed control mechanisms can help enterprises to stay incontrol in this changing environment.

15:30-16:30 Document Based Compliance ManagementThe Business Drivers for Information Rights ManagementPhilippe Beraud, MicrosoftBorja Rosales, DruvaDon Schmidt, MicrosoftYoran Sirkis, Covertix

In this panel, experts from various organizations discuss about the business drivers they see for implementingInformation Rights Management solutions. They especially will focus on the arguments that help them sell this to thebusiness decis ion makers, but also on how to balance potential changes in user behavior due to Information RightsManagement and the demand of users for convenience.

Additionally, the question will be discussed whether full IRM is the right way to protect your information or whetherapproaches for Secure File Sharing are good enough for what customers need today.

The Legal Requirements for Protecting Documents – the IRM Legal CaseDr. Karsten Kinast LL.M., KuppingerCole

In this presentation, Karsten Kinast will talk about the legal case behind Information Rights Management. When must youuse such technologies? When should you use them? Or is it sufficient to send documents around unprotected?

15:30-16:30 Enterprise API Management & SecurityFrom Rogue IT to Strategy: Tying API Management into the Enterprise InfrastructureChris England, OktaMark O'Neill, Axway

API Management has often been an example of “Rogue IT”, used by line-of-business and to manage their Web APIs . TheseWeb APIs are often tactical in nature, servicing a particular mobile app or a specific partner integration. As such, APIManagement most of the time is found outs ide of Enterprise IT. So how can API Management become Enterprise APIManagement? The answer lies in tying API Management into enterprise Identity Management, into existing networkmonitoring and alerting, and tying API metrics into other enterprise metrics gathering. We discuss at particular customercase studies in which API Management is brought from being tactical to being strategic for the enterprise.

An Ecosystem for API Security OAuth 2.0, OpenID Connect, UMA, SAML, SCIM and XACMLPrabath Siriwardena, WSO2

Enterprise API adoption has gone beyond predictions. It has become the ‘coolest’ way of exposing business functionalitiesto the outs ide world. Both your public and private APIs , need to be protected, monitored and managed. This talk focuseson API Security. There are so many options out there to make someone easily confused. When to select one over the otheris always a question – and you need to deal with it quite carefully to identify and isolate the tradeoffs .

Security is not an afterthought. It has to be an integral part of any development project – so as for APIs . API security hasevolved a lot in last five years. The growth of standards, out there, has been exponential. The talk will elaborate how tobuild an ecosystem for API security around OAuth 2.0, OpenID Connect, UMA, SAML, SCIM and XACML.

16:30-17:30 Coffee & NetworkingRoom: EXPO AREA

17:30-18:30 Access & Data GovernanceWhat Is the Level of Detail, an IAM Solution Must Cover?Niels von der Hude, Beta Systems SoftwareDarran Rolls, SailPointAndrea Rossi, CrossIdeasThomas van Vooren, Everett

The question about the level of detail, an IAM solution must cover, has been around s ince some time. But more than everbefore, it is one of the most challenging questions in many IAM projects.

On the one hand, audits are requesting end-to-end coverage (from the user to the individual file, document, folder). On theother hand, the amount of data is growing disproportionately with each implemented level. Some implementations stopthe IAM administration at group-level in general in order to keep data in a range, that still can be managed. Others gofurther. What level of detail does make sense? Is it realistic, to run e.g. 10.000+ Windows folders by one central IAMsolution? Are there alternatives to a full implementation of ´User to Ressource´ relations? Is the growing number of dataaccess management systems an appropriate complement to IAM for this challenge?

However, this is not only – and maybe not even primarily – a technical issue. It is about organization. It is aboutaccountabilities and responsibilities. How to define the levels and how to ensure that cooperation works for instancebetween persons responsible for systems and others being responsible for the overarching IAM system?

Join this thought leadership panel session to get answers to your questions.

Entitlement & Access Governance: How to do Data Governance Right?Pervez Goiporia, OracleBorja Rosales, DruvaAmar Singh, KuppingerCole

Entitlement & Access Governance defines an approach that combines the cross-system view of Access Governance withsystem-level management of entitlements. However, there are various ways to keep your data under control. While somevendors address the challenge by expanding their Access Governance solutions, others tackle it from the system and datalevel. Which approach works better? And for whom? In this discussion, Borja Rosales of Druva and Pervez Goiporia ofOracle will discuss with KuppingerCole Analyst Amar Singh about the pros and cons of various approaches on Entitlement& Access Governance – or just Data Governance.

17:30-18:30 Enterprise Mobility ManagementHow to Secure Corporate Content in the Cloud within a Connected Mobile EcosystemChris England, OktaPavlos Makridakis, Aurionpro Solutions plcDominic Schmidt-Rieche, AirWatchDirk Wahlefeld, Centrify

The evolutionary nature of mobile presents a security-centric challenge for businesses with corporate content on thesedevices. Enterprises put themselves at risk when users access sensitive information through email and applicationsacross smartphones and tablets, while mobile. Organizations can choose to ignore this security threat or enhanceemployee productivity through secure access to sensitive corporate content.

The Panelists will discuss best practices and strategies to ensure global security and workforce enablement by leveragingenterprise mobility management (EMM) across the enterprise. This session will also provide attendees with a deeperunderstanding of enterprise mobility within the connected ecosystem, while ensuring security and compliance in the cloud.

17:30-18:30 Secure Information Sharing in Health CareeHealthcare Done Right: Strong Identities, Privacy, Secure Information Access and SharingKim Cameron, MicrosoftMartin Kuppinger, KuppingerColeDon Schmidt, MicrosoftPeter Weierich, iC Consult GmbH

There are few areas than eHealthcare, which are less regulated and less sensitive when it comes to Information Security.Patient records are highly sensitive. On the other hand, eHealthcare is a highly connected business, with hospitals ,doctors and nurses, insurance companies, and the patients themselves as important players – not to forget thepharmaceutical and life sciences industry, univers ities, and others. Strong authentication and strong identities are key.Flexibility for integration is key. Secure Information Sharing, flexible access to information, and privacy are mandatory.

In this panel, the participants will discuss what it needs for better eHealthcare solutions, beyond the point solutions forhospitals or doctors today:

How to increase user adoption? And how to onboard all relevant users?How to ensure privacy in such future systems?How to authenticate the various parties? How to build a system where different parties can strongly identifythemselves, without creating inhibitors and without inacceptable cost?How to save money with better eHealthcare?

17:30-18:30 Leadership Compass: Enterprise Single Sign-OnMature, Well Established, Inevitable: Guiding you through the Current Enterprise Single Sign-On MarketRob Newby, KuppingerColeGraham Williamson, KuppingerCole

The KuppingerCole Leadership Compass provides a thorough and comprehensive analys is of the product offerings in aparticular market segment. KuppingerCole compares these offerings based and identifies the overall leaders, productleaders, market leaders, and innovation leaders. Furthermore, KuppingerCole provides in-depth analys is per product andadditional analytics that show the strengths of products for various customer challenges. KuppingerCole LeadershipCompass documents help customers in finding their path through the markets and identifying the products they should puton their shortlists . In this session, Martin Kuppinger will provide an overview of the E-SSO market based on the currentKuppingerCole Leadership Compass.

Enterprise Single Sign-On (E-SSO) is a well-established technology. Despite all progress in the area of Identity Federation,E-SSO is also still a relevant technology. This is also true in the light of the growing number of Cloud-SSO solutions thatmanage access to cloud applications, both on-premise and cloud-based approaches but targeted on Single Sign-On toCloud apps. However, in most organizations there are still many legacy applications in on-premise installations in place.Providing s ingle s ign-on to all types of applications increases convenience for users and might also reduce help desk cost.In addition, there are many specific use cases such as hospitals or production environments that require E-SSO forsecurity and efficiency reasons.

Thus, E-SSO is one of the technologies that are of high importance for organizations. E-SSO provides centrally managedsolutions that grant access to various applications, both traditional “fat client” and browser-based applications.

The Leadership Compass shows that Enterprise Single Sign-On is a rather mature market. Especially in the areas ofProduct Leadership and Innovation Leadership, many vendors are leading-edge and competing head-to-head. This is goodnews for customers, allowing them to choose from a range of mature products that suit their needs. As always, however,it is about the details . Some solutions offer specific features that are relevant to specific use cases, such as unlockingmultiple systems for traders in the finance industry or in control rooms. Thus when selecting vendors, it is stronglyrecommended to thoroughly look at support for the more specific use cases – that is where even the Leaders differentiatesignificantly. In fact, there are no weak vendors in that analys is . All of the vendors show particular strength and provide agood foundation for addressing the E-SSO challenges of organizations.

17:30-18:30 LMP Business ModelsLife Management Platforms - How to Reach the Critical MassMarcel van Galen, Qiy FoundationPeter Mark Graham, Verizon Enterprise SolutionsDr. Maciej Machulak, Cloud Identity LimitedDrummond Reed, Connect.Me

18:30-18:50 Governance and AwarenessStefan Van Gansbeke, CISO, CM/MC Health Insurance Fund Belgium

Room: AUDITORIUM18:50-19:10 What do Moby, The Bushmen and The Cloud have in Common?

Dragan Pendic, Chief Security Architect, Diageo19:10-19:30 Heartbleed, NSA & Trust

Amar Singh, Senior Analyst, KuppingerCole19:30-22:00 European Identity Awards Gala & Dinner

Room: AUDITORIUM

Thursday, 15.05.201408:00-18:00 Check-in & Registration

Room: EXPO AREA08:30-08:50 Security as a Service - The New Normal?

Prof. Dr. Hartmut Pohl, CEO, softScheck GmbHRoom: AUDITORIUM

08:50-09:10 Reducing Identity Fragmentation in the New Digital EconomyChristian Patrascu, Director of Product Management – Oracle Fusion Middleware, Oracle Corp.

09:10-09:30 Future2: A Cloud of Emerging Risks in the Finance IndustryDr. Iordanis Chatziprodromou, Lead Data Analytics - P&C Business Management, Swiss Re

09:30-09:50 Defending Your Data in the Wild: Eliminating the Risks of Mobile DataMartin Edwards, Director of Sales Engineering – EMEA, Druva

Borja Rosales, Managing Director, Europe, Druva09:50-11:00 Coffee & Networking

Room: EXPO AREA11:00-12:00 IAG & PxM - Integrated View

Securing Elevated Privileges: Integrating Access Governance and Privilege ManagementMartin Kuppinger, KuppingerColeErich Vogel, ComputacenterDr. Horst Walther, KuppingerCole

Why these two areas can’t be handled separately. How to set up guidelines, processes, and organization to manageprivileged accounts through their whole life cycle. How to integrate technically.

Early Check-in with Identity and Access Governance Best PracticesIdita Israeli Sabag, El Al Israel Airlines

11:00-12:00 Cyber Security Best PracticeCyber Security Best Practice in the Light of Snowden's RevelationsProf. Dr. Sachar Paulus, KuppingerColeProf. Dr. Hartmut Pohl, softScheck GmbHGetting the Basics Right: How we are Protecting BT Against Today´s and Tomorrow´s CyberThreatsAernout Reymer, BT

Metcalfe's law is effectively at work when it comes to Cyber Security. By working together across industries we canemulate this law, just like the cyber bad guys do and have the law work in our favour, as it certainly is working against usthrough the combined forces of cyber criminals , nation estates and hacktivists . Aernout Reymer, Head of Security at BTGlobal Services discusses the latest trends and the future in cyber, and comes with ideas to collaborate, join forces andreduce costs and time in dealing with vulnerabilities.

11:00-12:00 Authentication Trends and TimelineAuthentication Trends – will Wearables take us _BAC to the Future?Amar Singh, KuppingerCole

In the seemingly unending search to find the next generation of devices and methods to replace passwords asauthentication mechanisms, the various x-Based Access Control (Rules, Roles, Attributes, Context, etc.) which had beenprojected by one pundit or another to be the “killer app”

for secure access may be getting a run for their money from wearable, biometrics-based, token issuing devices. Join us tofind out what’s new and what we recommend for today’s connected agile business.

Do We Need To Put Secrecy Back In To Security? The Reinvention of AuthenticationJohn Bradley, OpenID Foundation, KantaraSteven Hope, WinfrasoftAnthony Nadalin, MicrosoftMike Neuenschwander, iC Consult AmericasBart Renard, VASCO Data Security

In this discussion we will all work together to re-invent authentication.

Why? Because the industry has been adding more and more layers of complexity to the authentication process and ratherthan making our environments more secure it is having the opposite effect.

Utopia is an authentication process that is s imple, memorable and secure, but existing methods of identification used bythe majority of organisations, all lack at least one of these vital components.

So, with this in mind what should be the basis of our brave new world? Passwords offer s imple way to authenticate, butwith so many it is impossible to remember them all. So, we use the same password for multiple resources and rarely ifever change them, thus compromising their security. What is more, whilst password security is relatively low-cost toimplement the cost of managing password resets can be expensive, with one financial services business reporting anannual cost at £331,200.

What about hard-tokens? After all, millions of pounds have been invested in them by vendors and end-users over theyears, and the mighty Google has been recently touting the future of universal hard-token. Yes these deliver a higherstandard of security than a PIN or password, but they are cost prohibitive for the majority of organisations and they arefar from simple, especially for the user who will inevitably need to log on when they don’t have the device to hand.

The fundamental problem with all the vast majority of authentication methods being used today is that they ask you tokeep a secret, but each time you want to logon you need to give it away, which means it is no longer a secret! What ismore the company stores these secrets and if they are lost or stolen such as the recent Adobe incident, therepercussions can be lasting and severe.

So, if we are going to re-invent authentication here today we are going to need to use our brains, and I mean literally. Weneed to look at authentication with fresh eyes. How can we use the latest advances in pattern and image recognition forexample, to ensure that a secret remains a secret during the authentication process.

11:00-12:00 IAM Best PracticeBest Practice: IAM @ FrankeMartin Saeckel, Franke Management AG

Project summary IAM @ FrankeProject progressScope / ObjectivesGo-Live

Long Term Success Factors for IDMEleni Richter, EnBW

11:00-12:00 IAM as a CommodityAgile IAM Risk Management with large Corporations and the Importance of StandardsDr. Barbara Mandl, Daimler AGAndre Priebe, iC Consult

The first part highlights Risk Management as one of the key elements of the Identity and Access Management strategy ofDaimler. It illustrates multidisciplinary interaction of Business Units , IT and Legal. Furthermore, future prospects of IAM inlarge corporations and prerequis ites to obtain IAM as a Commodity are outlined.

The second part discusses the importance of standardized protocols for the commodification of IAM. It provides anoverview of the current protocol landscape, new challenges and deduces recommendations to corporations.

The Legal ViewDr. Karsten Kinast LL.M., KuppingerCole

What are the legal requirements for large organizations when it comes to IAM/IAG? Obviously, there are many differentlaws and regulations in place. In this part of the workshop, Dr. Karsten Kinast will provide an overview about relevantregulations and discuss these with the participants. This is the introductory part, providing the foundation for thesubsequent parts of this workshop.

Growing Complexity and Business Relevance of Centralized IAM Platforms – A Balancing ActUdo Guenther, Daimler AG

Centralized IAM platforms are in continuous change. New requirements and technologies as well as scope enhancementslead to a permanent increase in complexity. Due to deep integration of IAM-Services in many business processes thebusiness criticality of IAM-Platforms increases s ignificantly. This evolution and the resulting challenges will be illustratedusing the example of Daimler centralized IAM platform.

The Consumer Adoption & Information Security ViewDon Schmidt, Microsoft

Finally, there is the information-centric view within IAM/IAG. Aside of services that allow managing users and their access,information must be managed and protected. This final part of the workshop will have a closer look at how to set upSecure Information Sharing as a service within the IAM strategy of large organizations.

12:00-13:00 Leadership Compass: Privilege ManagementSecurely Managing Privileged Users: Selecting the Solution that fits to your NeedsMartin Kuppinger, KuppingerColeRob Newby, KuppingerCole

The KuppingerCole Leadership Compass provides a thorough and comprehensive analys is of the product offerings in aparticular market segment. KuppingerCole compares these offerings based and identifies the overall leaders, productleaders, market leaders, and innovation leaders. Furthermore, KuppingerCole provides in-depth analys is per product andadditional analytics that show the strengths of products for various customer challenges. KuppingerCole LeadershipCompass documents help customers in finding their path through the markets and identifying the products they should puton their shortlists . In this session, Martin Kuppinger and Rob Newby will provide an overview of the Privilege Managementmarket based on the current KuppingerCole Leadership Compass.

This Leadership Compass session will providean overview and analys is of the Privilege Management market segment,sometimes referred to as Privileged Identity Management, Privileged Account Management, etc1. Technologies typicallysupport Privilege Management as a password vault approach, with some form of proxy/gateway to record RDP Sessions,while logging key strokes for SSH based connections. This approach is regarded as standard, but we are now seeingmany vendors being more innovative due to the migration towards the new platforms (Cloud, Mobile, Social) whichrequires privilege management for many more environments.

The entire market segment is still evolving rapidly and we expect to see more changes within the next few years.However, given the surging demand of businesses, organizations now have to start with implementing a standardinfrastructure for Privilege Management. This KuppingerCole Leadership Compass provides an overview of the leadingvendors in that market segment.

Besides the established vendors providing complete Privilege Management product portfolios, there are some smallervendors with interesting offerings as well as specialists focusing purely on individual parts of the Privilege Managementmarket.

Privileged Account Analytics in the Context of Realtime Analytics - Challenges and BenefitsRoy Adar, CyberArkMartin Kuppinger, KuppingerCole

In this discussion between Roy Adar and Martin Kuppinger, we will look at the broader context of cyber-attacks,the structure of some of the known attack scenarios that have been identified, and ways to improve your cyber-attack resilience. Given that privileged accounts due to their highly elevated nature are a logical element insuch attacks, monitoring these can be an important element in security strategies. We will put such analytics inthe overall context of Realtime Security Analytics and cyber-attack resilience.

12:00-13:00 Realtime Security IntelligenceWhy SIEM failed - and why we need Realtime Security IntelligenceProf. Dr. Sachar Paulus, KuppingerCole

There is no doubt about the fact that SIEM (Security Incident/Information and Event Monitoring) failed in delivering on itspromises. Many projects failed entirely, while others started big and ended small. There are also success stories, butfinally it turned out that SIEM is a tool, not a solution. In a world of increasing security threats and advanced types ofcomplex attacks, there are too few people who can set up a working solution based on a tool only. This requires too muchknowledge.

With the event of a new generation of solution we call Realtime Security Analytics, things start to change. These solutionscombine big data techniques and advanced analytical capabilities, both rule-based and pattern-based, with realtimeinformation about new threats and – ideally – managed services. Such managed services allow to provide newconfigurations and analytics on the fly, constructed and delivered by a few experts. The required skill set in the customerorganizations are lower, because the complex understanding of relationships of incidents and events in a number ofsystems will be provided by the service providers. Such service providers also help handling the – ideally few – filteredevents that need manual supervis ion. Doing Realtime Security Analytics right not only helps customers to increase theircyber security and “cyber-attack res ilience”, it also allows software vendors to expand their business models. It makesSOC operations cheaper, by building on a good combination of own capabilities and managed services, while deliveringbetter results .

SIEM is reduced to just one data source in the new world of Realtime Security Intelligence. This allows customers toleverage their investments in SIEM, without relying on a limited toolset. Clearly, the evolution towards Realtime SecurityIntelligence will bring new players on board and shake out some of the SIEM vendors.

In this session, Prof. Dr. Sachar Paulus of KuppingerCole will explain the difference between traditional SIEM and RealtimeSecurity Intelligence. He will talk about the requirements on Realtime Security Intelligence (RSI) solutions, the criteria forproduct selection, and the organizational infrastructure RSI needs on both the vendor/provider and the customer s ide. Hewill talk about how RSI enables the SOC of the future and integrates with other sources of relevant information, beyondSIEM - for instance Access Governance and User Activity Monitoring.

Prescription Security Lenses for the 4A Vision: Anywhere, Anytime, with Anyone, on Any DeviceDragan Pendic, Diageo

Why the 4A Vis ion (Anywhere, Anytime, with Anyone, on Any device) has been a challengeUrgency for contex-aware security and security individuals with the equivalent mindsetDeficiencies and opportunities for improvement of traditional security technical measures

Big Data for Information Security: Preventing your Enterprise from Cyber Attacks and ThreatsYuval Illuz, ECI Telecom

A Cyber Intelligence Analytics layer, based on Big Data Analytics is something that is missed today in the InfoSec area.Those analytics provide organizations with deep ins ights into attacks and threats at a level which governments typicallyutilize. ´Under the radar´ attacks and threats can be translated into patterns and ins ights, only when utilizing a pro-activeapproach and analys is of Big Data - varied and historical, and unique algorithms and metrics. Cyber Analysts create quickand valuable ins ights.

12:00-13:00 FIDO AllianceThe Future of Authentication (is Now)Rolf Lindemann, Nok Nok LabsDr. Paul Madsen, Ping IdentityJohn Salter, YubicoCloud Security & AuthenticationMichael Barrett, FIDO AllianceDaniele Catteddu, ENISAJason Hart, SafeNetSampath Srinivas, Google

12:00-13:00 Software Defined Infrastructures - Compliance and SecurityDefining your Path Towards a Software Defined DatacenterJason Hill, VMwareMike Small, KuppingerColeRon Williams, IBM

The business needs for IT services are no longer s imply concerned with improving internal efficiency; they are changingrapidly becoming focussed on connecting with customers and partners to deliver new products and improve customerservice. These new requirements create challenges that the traditional model of IT service delivery cannot readily meet.This session will describe how the Software defined Datacenter approach allows IT services to respond to these changingneeds. The key to this approach is the automatic management and optimization of virtualized IT services. However themore the IT service becomes abstracted from the hardware the more important is the need to take an information-centricrather than a hardware-centric approach to security.

After attending this session you will be able to:

Describe what Software Defined Datacenters are.Describe the benefits of Software Defined Datacenters.Explain the difference between Software Defined Datacenters and Cloud ComputingDescribe the key components of a Software Defined DatacenterExplain the security implications of a Software Defined Datacenter.

Keeping Control over your Cloud Zoo: Multi-Cloud-Platforms for your SDDCMike Small, KuppingerCole

Organizations are increasingly adopting cloud based IT services from multiple providers as well as embarking on thevirtualization of internally delivered IT services. Both of these approaches need to co-exist with legacy IT services deliveredin a traditional manner. This panel session will lead you through the challenges of and the solutions to the managementand security issues following from this hybrid IT services environment.

After attending this session you will be able to:

Describe the challenges of managing a hybrid IT service environment which includes cloud, virtualization and legacy IT.Explain the difference between the hybrid cloud delivery model and a hybrid IT services environment.Explain the techniques available to orchestrate and automate the management of hybrid IT services environment.Describe the security challenges of a hybrid IT service environment.

13:00-14:30 Lunch & NetworkingRoom: EXPO AREA

14:30-15:30 Measuring IAM/IAG MaturityIAM/IAG Maturity Levels: Introducing the new KuppingerCole Maturity Level RatingsMartin Kuppinger, KuppingerCole

In this session, Martin Kuppinger will introduce the updated maturity levels for IAM/IAG. This define maturity levels foroverall IAM/IAG implementations, but also various disciplines such as Identity Provis ioning, Access Governance, PrivilegeManagement, Access Management&Federation&Cloud IAM, and others. He will describe the most important requirementsfor achieving higher maturity levels and what it needs to at least reach an acceptable maturity levels . You should attendthis session if you want to start rating the maturity of your own IAM/IAG organization.

From Chaos to Collaboration – Orchestrating Identity & Access Governance ProperlyJohn Barco, ForgeRockDr. Martin Kuhlmann, OmadaDarran Rolls, SailPointMarco Venuti, CrossIdeasEdwin van der Wal, Everett

Identity & Access Governance (IAG) objectives go beyond s imple re-certification of user entitlements, and they areinvolving various stakeholders ranging from business to IT. When dealing with identity data quality issues, riskassessments for resources, threat mitigation or role life-cycle management: Where can automated procedures relievebusiness officers, and how can responsible stakeholders collaborate in the best way? The panelists will make their proposals how IAG can be implemented as a really efficient and responsive solution. Theywill focus on discussing how to combine responsibilities and people’s expertise to make IAG a success.

14:30-15:30 Beyond End-to-End-EncryptionThe Next Generation of Privacy Tools: What can we expect?Kim Cameron, MicrosoftDr. Scott David, LL.M, KuppingerColeLadar Levison, LavabitNat Sakimura, Nomura Research Institute

Our current computing and communications infrastructure is fairly robust with regards to res iliency, but still very fragilewith regards to privacy, surveillance and espionage. Knowledge about vulnerabilities and the way to exploit them hasbecome widespread, and even less skilled individuals and organizations are able to spy on us.

Information Security has matured in the past years, with encrypted connections to routers and to servers becoming morefamiliar while end-to-end-encryption is emerging as, possibly, the highest level of security. What are the tools , protocolsand standards that lead us to a world where "secure" really means "secure"? In this panel discussion, a group of privacyand security thought leaders will talk about the future privacy tools and security infrastructures, better preventing us fromdata breaches, unexpected (mis)use, and government espionage.

What can we expect from the Dark mail Alliance and s imilar initiatives?What will be the contribution of large vendors to a privacy enabled digital world?When will we finally be able to take advantage of end-to-end security in our daily lives?

14:30-15:30 Internet of Everything (IoE) - Promise & PotentialConnecting the Real World with the Virtual World: Use Cases, Application Categories andBusiness Models for the IoERob Newby, KuppingerColeHans Zandbelt, Ping Identity

The IoE can be roughly categorized in 2 application areas: Information, Awareness & Analys is on the one s ide andAutomation, Control & Optimization on the other hand. In this session, we will talk about applications and business modelswithin those 2 areas, how they will evolve and how they will impact your infrastructure.

Challenges from the Identities of ThingsIngo Friese, Deutsche Telekom AG

The Internet of Things (IoT) is beginning to evolve and early solutions are now being implemented. We can findimplementations in areas like logistics, farming, home automation and many others. But its restrictions become obviousas we try to connect solutions of different vendors, communities or standard groups. Apart from communication protocolsnew identity management mechanisms are crucial for a growing Internet of Things. This presentation discusses realproject examples and introduces challenges coming from the Identities of Things as well as possible solutionsencompassing identifier, mapping, discovery, authentication, authorization and privacy.

14:30-15:30 Cloud IdentityCloud Identity & Access Management: Defining the MarketMike Small, KuppingerCole

The Cloud IAM market is currently driven by services that focus on providing Single Sign-On to various Cloud services astheir major feature and business benefit. This will change, with two distinct evolutions of more advanced services formingthe market: Cloud-based IAM/IAG (Identity Access Management/Governance) as an alternative to on-premise IAM suites,and Cloud IAM solutions that bring a combination of directory services, user management, and access management to theCloud.

There are many terms for what we call “Cloud IAM” for Cloud Identity and Access Management. IDMaaS (IdentityManagement as a Service), IDaaS (Identity as a Service), and various other names are used. However, there is nocommon understanding of what constitutes that market segment. Vendors have taken different paths to this marketsegment. One common denominator is Cloud Single Sign-On, which allows users to access a portal that links to “his” (or“her”) Cloud services and provides a seamless login, either based on passing through username and password or relyingon Identity Federation standards.

This will change, but there will be at least two distinct approaches to Cloud IAM that overlap in their core functionality. Oneis Cloud-based IAM/IAG that provides Identity Provis ioning and Access Governance capabilities as a Cloud service. Theseservices in fact are a direct counterpart to established on-premise Identity Provis ioning and Access Governance solutions.These types of solutions also provide good out-of-the-box integration with on-premise systems, allowing management andgovernance for identities and access to these services.

The second group of solutions primarily focuses on managing what we call the “new ABC: Agile Businesses: Connected”.They focus on managing external users, such as business partners and customers, and their access to Cloud servicesand on-premise web-based applications. Commonly, these services are a combination of identity federation, self-serviceregistration, directory services, and access management solutions, all provided as a Cloud service.

While both groups of solutions might converge in the long run, both provide far more functionality than just Cloud SingleSign-On, which will not remain sufficient for success in business.

In this session, Mike Small will explain the evolution and convergence of Cloud IAM, talk about selection criteria and look atvendors in that market segment.

One Identity for All – Efficient and Cost-Effective Identity Management in the Cloud and for theCloudPer Hägerö, neXusDr. Paul Madsen, Ping IdentityBart Renard, VASCO Data SecurityDon Schmidt, MicrosoftMax Waldherr, Dell Software

"To cloud or not to cloud?" - this is no longer the question. It is rather to what extent and depth enterprises leverage cloudcomputing. With identity and access management (IAM) solutions for their internal IT systems, enterprises have achieved ahigh level of security, transparency and compliance. They do not want to go back to the old days of erratic and insecureidentity management when they have to deal with multiple cloud providers and their proprietary user managementinterfaces.

Integrating and maintaining each cloud application individually within the enterprise IAM solution is no real alternative.Obviously, building a pure Cloud IAM besides the existing on-s ite IAM is also not the most elegant way to solve thechallenge. The target should be to use an approach that seamlessly connects the enterprise IAM solution with a multitudeof cloud services in a standardized, centralized way.

In this panel session, we will discuss about architectural approaches for extending IAM to the Cloud, in order to allowmanaging all identities and access in a consistent way.

14:30-15:30 The Future Model of BankingRoberto Baratta, Novagalicia BancoRoman Chaplygin, PwC RussiaDr. Iordanis Chatziprodromou, Swiss ReLuis Saiz, BBVALewis Tam, Ping An Insurance GroupDirk Venzke, Commerzbank AG

Banks, which were among the first industries to adopt computing technology on the back end, have always been late tobring technology to the front end, it would seem. But that’s all changing as traditional ideas of banking are falling by thewayside.

Besides the, now old-hat, 24-hour ATM/Cashpoint, many banks now allow you to pay bills , transfer funds – even makedeposits - with your mobile phone or tablet.

Next on that horizon is cryptocurrency (such as Bitcoin) so that mobile phone withdrawals become possible.

But beyond the electronic wallet, what can the banks do to attract, and keep, customers? Identity services, based on trustand reputation with secure protocols as part of an open API economy hold out the possibility that banks could find newvenues even as old ones disappear. Enabling secure transaction services via APIs on any device, everywhere, seamlessto use and keeping privacy in mind is one of the key success factors of the future banking business models. But thosebanks that don’t adjust, can’t adapt or refuse to see beyond their traditional market will be left in the dust of history.

In the Finance Industry, more than in any other industries, Information Security is becoming a #1 business enabler.Securely exposing APIs and moving to new service models; supporting and embracing crypto-currency evolution;combining trust, reputation, and privacy for these business models and innovative retail and private banking: All this isbased on making maximum use of what Information Security allows today. Information Security will not change banking.But it will banks enable to change themselves. Not to forget the fact that Information Security is a key element ofregulations and governance.

This roundtable discussion will explore those new avenues, which can revitalize banking and propel it to the forefront ofthe consumer revolution.

15:30-16:30 IAM/IAG Maturity AssesmentMaturity Assessment Dos and Dont´sDr. Horst Walther, KuppingerCole

Rating the maturity of IAM/IAG programs is not easy. Who is the right one to do such rating? Which input is required? Howto you ensure that the rating does not become more complex than the rest of the program? What to look at – what are theKey Performance Indicators (KPIs) and Key Risk Indicators (KRIs) to look at and how to do it without years-long collection ofsuch indicators? What are the right benchmarks you can use – and who can help you in benchmarking? And which lessonsto draw from the results? In this session, Dr. Horst Walther will talk about the Dos and Don’t’s of successful MaturityAssessments.

IAM/IAG Vendor & Solution Selection ProcessMartin Waldbauer, E.ON Global Commodities SE

Identity and access management software vendor selection is pervasive in corporations, living with the result of theacquis ition is no short term affair; you look for a lasting relationship.

Martin Waldbauer will describe in his best practice presentation, what the most important steps are to find a solution thatreally fits and have a productive vendor relationship.

15:30-16:30 Application SecuritySecurity Software as a RiskProf. Dr. Hartmut Pohl, softScheck GmbH

Successfully attacking an IT system requires exploitable vulnerabilities. Software always contains such vulnerabilities. Asall networking and security to some extent is based on software, such as firewalls , encryption, intrusion detection andprotection systems, security infrastructure should be seen as a threat in itself. This has been shown by multi-levelsystematic security tests on a wide range of security products. The need for patching after security products are deliveredis minimised by a comprehensive security test process.

In this talk, Prof. Dr. Pohl will guide you through the cases, of a Web Application Firewall (WAF) ModSecurity, showing thateven security software can contain vulnerabilities that might be exploited by attackers and thus is open to attack.

WAFs operate with black and white list and filter the http transfer between servers and clients. The advantage this hasover regular firewalls is that a WAF does not filter at the lower network levels , but at the application level – level 7according to the OSI model. Conventional firewalls generally operate at level 3 (network layer) or level 4 (transport layer),which enables them to filter in-coming requests for IP addresses or ports . A WAF, on the other hand, also examines thecontent of the in-coming packet and is thus able to defend against attacks such as SQL injections and cross-s ite scripting,which will not be recognised by conventional firewalls . Web application firewalls examine only http packets and thereforeserve to prevent exploitation of vulnerabilities especially in web applications. For this purpose, they make use of certaindefined rules, which operate with regular terms in order to block malicious http enquiries us ing the black-and-white listingmethod.

Because the WAF ModSecurity itself contained a vulnerability, it was able, for example, to put the web server out ofoperation by means of s imple http enquiries with XML content due to a denial-of-service vulnerability.

This shows that security software can be a double-edged sword: while firewalls on the one hand increase the securitylevel, by filtering the traffic and thus protect servers, computers and web applications from attacks; on the other hand,however, they must themselves be free of vulnerabilities. Otherwise the firewall itself can be attacked. In addition, it isalways necessary to patch security software promptly and have it generally configured correctly if the security level is tobe increased to meet the relevant threat.

To ensure that security software never becomes a conduit for threats it should be examined to ascertain anyvulnerabilities as part of a multi-level systematic security test process by means of Threat Modelling, Static Source CodeAnalys is , Penetration Testing and Dynamic Analys is – Fuzzing. Only in this way can it be guaranteed that security softwareis really secure.

Application Security – Beyond Secure Configurations and Access Controls.Peter J. Wirnsperger, DeloitteProtecting your Applications Against the Threat of Attacks and Data BreachesProf. Dr. Hartmut Pohl, softScheck GmbHJuergen Vollmer, Security & Quality Software GmbHPeter J. Wirnsperger, Deloitte

Everything we talk about during this conference, is based on software. Even more, we see clear trends towards a"Software Defined EVerything", replacing specialized hardware with software solutions. Therefore, to protect your businessagainst espionage, attacks and data breaches, you must address applications security challenges. In this expert panel, wewill draw an outline of an application security program leading your enterprise through the age of cloud, mobile, social.

15:30-16:30 Security in a M2M & IoT WorldSecurity in a World of 50 Billion Connected DevicesMichelle Chibba, Office of the Information and Privacy Commissioner OntarioGershon Janssen, OASIS Open Standards GroupProf. Dr. Dawn Jutla, Saint Mary´s Univers ityAlex Kritikos, Software AGPeter Niblett, IBM

When 50 billion devices start sending data over networks, privacy and security challenges become exponentially harder.M2M solutions require the ability to handle existing security governance investments yet support a variety of securityprotocols , encryption and privacy requirements that cross mobility, sensor networks, diverse devices, M2Mtelecommunications and data centers and their relevant policy domains. The nature and scale of the M2M infrastructurecreate unique challenges such as trust (untrusted devices, networks, associated applications), cost (cannot be expensiveconsidering the large number of devices), shared data (who owns it, controls it and how to securely share and manage it),access (static access controls cannot adjust to the dynamic nature of M2M), performance (low power devices can´t sparemany cycles for security), heterogeneity, integration into existing security paradigms, and cross-jurisdictional privacymandates that have to be addressed.

The panel will discuss the above challenges unique to the application of M2M and IoT devices within various industrysectors, such as Smart Grid systems in the energy industry. The panel will also discuss how some of these issues arebeing tackled by the important OASIS committees: Message Queuing Telemetry Transport Protocol (MQTT), Privacy byDesign Documentation for Software Engineers (PbD-SE), Privacy Management Reference Model and Methodology (PMRM) aswell as the Smart Grid Cybersecurity Committee under the Smart Grid Interoperability Panel.

The panel will include case studies on how governments and large organizations and critical infrastructure providers suchas electric utilities are tackling the security and privacy implications of IoT/M2M to build a res ilient environment to drivebusiness value.

15:30-16:30 Cloud EncryptionSearching over Encrypted Data in Cloud Database as a Service EnvironmentsDr. Andreas Schaad, SAP AG

In this talk, Dr. Schaad will demonstrate on a working SAP HANA system that it is possible to execute arbitrary SQL directlyon encrypted data in the cloud - without any intermediate decryption!

Encryption keys never leave the on-premise environment and even a cloud administrator with full privileges will not be ableto learn anything about the content of an outsourced business database.

He will show and discuss the potential trade-offs regarding performance and functionality, but can already conclude thatindustrial strength systems appear to be ready to enter the market in the next 2-3 years.

Cloud Encryption: Protecting Privacy, Preventing Data Loss in the Age of Snowden andHeartbleedPaige Leidig, CipherCloudMike Small, KuppingerCole

16:30-17:00 Coffee & NetworkingRoom: EXPO AREA

17:00-18:00 IAM/IAG Maturity Best PracticeDo's and Don'ts for a Successful Identity Management Project (Manpower)Rainer Knorpp, Devoteam

This best practice presentation demonstrates how Manpower were able to successfully implement a process for periodicalreview and re-certification of user access rights and entitlements to fulfil SOX compliance requirements, within s ixmonths. The focus of the presentation is an agile and pragmatic approach from a company and system integrator´sperspective.

The presentation covers the following topics:

Goals and requirements of the projectSelection of partners for the projectRealization of the projectCritical factors for project success

A Practitioner´s Recommendations for a Successful IAM ProgramDr. Horst Walther, KuppingerCole

17:00-18:00 Security Operations CenterBuilding your SOC: Realtime Security Intelligence On-Premise and/or as a Service?Prof. Dr. Sachar Paulus, KuppingerCole

Building a SOC (Security Operations Center) is a tremendous challenge. But this is not only (and maybe not even primarily)about technology. As always, it is also about organization and about people. Do you have the skill sets in your organizationto successfully run your SOC? The people who not only understand a s ingle piece of security technology such as a firewall,but that have both the breadth and depth required for successfully building and running a SOC? Breadth, to understandthe relationship of security events across various systems. Many of today’s attacks involve many systems, thus analys isalso has to have a holistic, integrated view. On the other hand, people need to have te depth necessary to know eachpiece of the security apparatus as well as the ability to manage the specialists . These people, being both generalists andspecialists , are a rare species.

Unfortunately, things are becoming more and more complex. More complex attacks, more complex IT environments -especially in connected enterprises or when looking at SCADA (supervisory control and data acquis ition) systems and theIoEE (Internet of Everything and Everyone) - and more complex solutions to analyze threats: It is hard to solve this issue.Realtime Security Analytics, which means “Big Data Analytics applied to Security, powered by external realtime threatintelligence services” is promis ing, but complex. Understanding these systems, configuring not only rules but complexpattern detection, achieving valid and actionable results and understanding these is a tremendous challenge.

Thus, when building a SOC, there is a s imple question to answer at the very beginning: How much should be on premises,and where to rely on services? These services can range from a second or third tier for full-service offerings. Thepanelists will discuss the need for this , not only from a skill and people perspective, but also with respect to cost,security, and bandwidth requirements.

Plan, Build, run. What Makes up a Real SOC?Reto Bachmann, Dell SoftwareJason Hill, VMwareAmar Singh, KuppingerCole

Many organizations believe they need a SOC (Security Operations Center). But do they? And if yes, what makes up a realSOC? Which are the main and mandatory tasks of a SOC? Understanding the role a SOC plays in Information and ITSecurity is the first step to success – it is about plan, before building and running it. The panelists will discuss the scopingof SOCs, based on their best practice experience.

17:00-18:00 IoE Privacy & SecurityUnexpected and Complex Implications of the Internet of Everything (IoE)Dr. Karsten Kinast LL.M., KuppingerColeJeff Stollman, Secure Identity Consulting

With the recent acquis ition of NEST Labs, Google is paving it´s way into your bed- and s itting room, listening to your mostprivate prefences and habits . Home automation and many other areas, where the Internet of Everything will try to addvalue to our analog lives, come along with strong privacy concerns and is rais ing new questions:

Who owns the data on your automobile´s computer? The manufacturer? The current title holder? The auto, itself?Will the auto have its own personal cloud and grant you permiss ion to access it? Will this spell the end of auto theft?How do you manage apps for devices?

These are some of the curious questions that arise as global experts debate the implications of the Internet of Things.For its promises to s implify our lives, the Internet of Things presents a panoply of concerns. Will you be able to profit fromforesight into this life-changing development?

Security and Identity Challenges for the Internet of EverythingJohn Barco, ForgeRockPaul Fremantle, WSO2Jason Hart, SafeNetPer Hägerö, neXusRob Newby, KuppingerColeGeoff Webb, NetIQ

The Internet of Things (IoT) concerns the connection of physical devices (cars, thermostats, smartphones, home lighting,tide sensors, smart meters, etc) to the Internet. There are more devices connected to the Internet than people on theplanet, and the prediction is that there will be 50 billion IoT devices by 2020.

The IoT brings with it many security challenges, and this session will explore these challenges as well as looking at someemerging solutions. Of course these challenges fall into existing security and identity challenges but are exacerbated andmodified by the specific aspects of the IoT. This session will concentrate on those aspects.

For example, standard approaches for security and identity, such as PKI, may not be appropriate or suitable for memoryand CPU constrained devices. Even when the device can handle asymmetric encryption, the key distribution may be asignificant issue.

The session will cover identity, confidentiality, denial of service, privacy and other aspects and specifically how those aredifferent in the IoT space.

This session is aimed at profess ionals who understand identity and security issues and wish to understand how thoseconcepts apply in the IoT space. It will also be relevant to IoT specialists looking to understand security issues.

17:00-18:00 Cloud Best PracticeEfficiency Gains in the CloudVladislava Toukalek, WMO

Over the past two decades IT evolved from business enabler under its own conditions (setting up the rules of the game) tothe service that is expected to meet not only business but users’ demands now and here. New technologies are easilybuilt and extended and only forward-thinking IT organizations can keep the pace and promptly prepare “defense”.Today’s work force does not only have requirements and demands, they have expectations.

WMO 's journey to the cloud shows how consumerization, BYOD and Cloud provided answers to challenges of the corebusiness of a non-profit international organization with tight budget, traveling work force and operating all over the world,including the least developed countries. The presentation shows how the acceptable risk was determined, what were thechallenges and lessons learnt.

The organization achieved 70% costs cut thanks to successful implementation of Cloud, BYOD and mobility initiatives,s ignificantly improved its efficiency and users and customers satis faction.

Embracing Cloud Services : Roadmap to RealityAmol Sawarkar, International Federation of Red Cross and Red Crescent Societies (IFRC)

Offering cloud services has become a high-volume mainstream business these days, not only for providers, but also forconsultants and architects. Amol will talk in this session aligning to his experience in various phases defining roadmap,analys ing service fit, defining criteria for acquiring cloud services followed by challenges in implementation.

17:00-18:00 Roundtable: The Future Model of Banking (continued)18:00-18:30 Closing Keynote

Prof. Dr. Sachar Paulus, Senior Analyst, KuppingerColeRoom: AUDITORIUM

Friday, 16.05.201408:30-10:00 Check-in & Registration

Room: HOTEL

09:00-12:30 Understanding the Legal Framework for Using Big Data Approaches in Security AnalyticsDr. Karsten Kinast LL.M., KuppingerCole

In the age of the extended, connected enterprise, preventive security solutions such as firewalls are not enough anymoreto protect against nowadays threats, because many attacks aiming at industrial espionage originate from well funded(governmental) institutions and therefore are sophisticated enough to not being stoppable by traditional security methods.It therefore is becoming more and more vital to detect attacks while they are being conducted by monitoring the wholenetwork traffic, and to properly react if such a breach occurs.

Monitoring and analyzing parts of or the complete network traffic is regulated by privacy, telecommunication and criminallaws in all EC and most other countries. In this Workshop, KuppingerCole´s privacy expert Dr. Karsten Kinast, LL.M willdiscuss with you a number of security analytics and usage of big data in security use cases, which you will propose, tofind out whether they comply with EC and local regulation. During this workshop, you will create a checklist which will helpyou to avoid legal implications when moving into deep security analytics.

09:00-12:30 Negotiating the Cloud Standards and Advice JungleMike Small, KuppingerCole

The cloud is a hot topic and most SDOs (Standards Defining Organizations) have at least one initiative in this area. Thisplethora of initiatives has confronted the users of cloud services as well as CSPs (Cloud Service Providers) with a jungle offrameworks, standards, advice and certifications. In this Workshop, KuppingerCole´s Senior Analyst and Cloud GovernanceExpert Mike Small will provide you with a deep ins ight into cloud standards and guide you to the ones which are relevantand usable for your organization.

Cloud computing is one of three dimensions in which organizations are moving towards an economy based upon theinterconnection of IT services ("The Open API Economy"). The success of this economy and hence of cloud computingdepends on the availability of clearly defined interfaces; standards have a key role to play in achieving this .

Cloud services are built us ing a technical architecture that may include both proprietary and standard protocols andinterfaces. Many of these standard protocols and interfaces are already available and indeed form the basis of cloudconnectivity. However the services themselves have s ignificant proprietary content and this can make the costs ofchanging provider high.

Join Mike in this workshop to get a deep ins ight on existing frameworks, standards, advice and certifications - and theirrelevance for your cloud initiatives.

There is a recorded Webinar from Mike Small available that will help you prepare for this workshop

09:00-12:30 FIDO Alliance Workshop - Business TrackMichael Barrett, FIDO AllianceRajiv Dholakia, Nok Nok LabsDr. Paul Madsen, Ping IdentityDr. Kim Nguyen, D-Trust

Spend a day with the FIDO Alliance and find out what the future of online authentication is going to look like. You will seeand discuss hands-on demonstrations of FIDO Ready™ products. There will be separate sessions for the business and thetechnically inclined. Most important, there will be lots of opportunity to ask questions and talk to the people who know!

Who should attend?

Business personnel with responsibility for their organizations information securityArchitects, engineers, technical planners involved in the development and/or deployment of authentication technologies

Session content

Morning sess ions will give you a good overview of the FIDO Alliance, what it has been working on and the benefits ofthe FIDO approachAt Lunchtime, and during the breaks, you will have the opportunity to see FIDO Ready™ products and prototypes inaction and to network with FIDO Alliance membersAfternoon sess ions will include tutorials for the technical community, providing a good grounding on the FIDOstandards, what they are, and how they work.

Key take aways

A good understanding of how FIDO will help address the the usability-security tradeoffs in authenticationAn understanding of what your organization will need to do to take advantage of the FIDO Standards

Please follow this link to view the agenda of the workshop.

12:30-13:30 Lunch BreakRoom: HOTEL

13:30-16:00 Migrating Away from your Current Identity Provisioning SolutionMartin Kuppinger, KuppingerCole

Many organizations currently consider migrating away from their current Identity Provis ioning solution. There are manyreasons to do so: vendors became acquired and the roadmap changed; the requirements have changed and the currentsolution does not appear being a perfect fit anymore; a lot of money has been spent for little value; the solution does notsuit the new requirements of managing external users and access to Cloud services.

However, migrating your provis ioning tool will be not as easy as some vendors claim, because Identity Managementimplementations are mainly not plain vanilla out-of-the-box, and there is no such thing as a "miracle migration toolset" –honestly, there are only a few toolsets (like the one offered by Oracle for migrating the Sun Identity Manager/OracleWaveset Identity Manager to Oracle Identity Manager). More important, moving from one Identity Manager to another is notnecessarily the best choice, given that there many more alternatives for IAM infrastructures than a few years ago, not tospeak of the fact that many organizations struggle with multiple Provis ioning tools which came in through acquis itions ofother companies or through regional or departmental decis ions not consistent with the central IT strategy. Thesearchitectures include those centered around Access Governance, as well as several other options. Not to forget the fact,that successful implementation of a new IAM solution and migration also depends on the quality level of your guidelinesand policies, your process and role models, and your organization.

This workshop will give you a deep dive into what the prerequis ites for successful migrations (and for making a decis ion tostay with your current tool, if that turns out being the better choice). We will discuss a lot of aspects, such as

Understand the maturity of your current IAM program from both a technical and organizational perspective;Understand the options you have beyond Identity Provis ioning – which role must Access Governance and Cloud IAMplay?What do you need beyond core IAM functionalities?Make a rational decis ion on when to migrate from your current provis ioning tool;Plan your migration strategy based on industry best practice;Select the best tools and approaches to perform the migration;Identify and manage the risks associated with migration.

To best prepare for this workshop, you should consider taking part in this free webinar:http://www.kuppingercole.com/events/n40212

13:30-16:00 Internet of Everything and Big Data: Benefits and how to Manage RiskMike Small, KuppingerCole

The vis ion for the Internet of Things (IoT) makes bold promises for the individual as well as business. The vis ion is for anInternet of Everything and Everyone and is intimately related to the ability to manage and process vast amounts of data.However the realization of this vis ion is based on existing systems and infrastructure which contain known weaknesses.This workshop will describe the vis ion for the Internet of Everything and Everyone and the benefits that this could bring. Itwill cover the security and privacy risks and how these risks are balanced by the rewards.

13:30-16:00 FIDO Alliance Workshop - Technical TutorialsDirk Balfanz, GoogleRolf Lindemann, Nok Nok Labs

Spend a day with the FIDO Alliance and find out what the future of online authentication is going to look like. You will seeand discuss hands-on demonstrations of FIDO Ready™ products. There will be separate sessions for the business and thetechnically inclined. Most important, there will be lots of opportunity to ask questions and talk to the people who know!

Who should attend?

Business personnel with responsibility for their organizations information securityArchitects, engineers, technical planners involved in the development and/or deployment of authentication technologies

Session content

Morning sess ions will give you a good overview of the FIDO Alliance, what it has been working on and the benefits ofthe FIDO approachAt Lunchtime, and during the breaks, you will have the opportunity to see FIDO Ready™ products and prototypes inaction and to network with FIDO Alliance membersAfternoon sess ions will include tutorials for the technical community, providing a good grounding on the FIDOstandards, what they are, and how they work.

Key take aways

A good understanding of how FIDO will help address the the usability-security tradeoffs in authenticationAn understanding of what your organization will need to do to take advantage of the FIDO Standards

Please follow this link to view the agenda of the workshop.

WorkshopsOpenID Foundation Workshop13.05.2014 09:00-13:00Open identity standards are important ingredients in the planning and architecture of interoperable and extensible large scaleenterprise deployments. The OpenID Foundation is a standards development organization focused on a user centric approachto solving the global challenges of online identity. This OpenID Foundation Workshop provides early insight and influence onimportant new online identity standards like the EIC Award winning OpenID Connect, Account Chooser and Native Applications.Leading technology experts from Microsoft, Google, Ping Identity and others will share the latest developments with these keyprotocols, review work group progress and how they apply to key enterprise business challenges.

Enterprise application of OpenID ConnectConnecting to the Cloud using Enterprise DirectoryAttribute Based Access Control and OpenID ConnectManaging virtual organizationsHigh Assurance IdentityApplying OpenID Connect to non-http protocolsDeutsche Telekom and Verizon Connect Implementation Case Studies

Mobile Apps SSOAccount Chooser: Choosing appropriate identity

Balancing private and business life: Same browser, different identity

SpeakersRonny BjonesSenior ArchitectMicrosoftRonny Bjones currently is working for Microsoft Corporate as senior architect in the identity & security divis ion. Ronnyjoined Microsoft in 2002 to contribute in trustworthy computing. Later he became the EMEA security lead for Microsoft’senterprise business. He has 27 years of experience in ICT, 21 of those in security. Ronny oversees the whole areas ofsecurity but has a special interest in smart cards, PKI, Identity Metasystem, cryptography and digital s ignatures.Ronny...

John BradleyOpenID Foundation, KantaraJohn Bradley is an Identity Management subject matter expert and IT profess ional with a diverse background. Mr.Bradley has over 15 years experience in the information technology and identity management field. Mr. Bradleyadvises Government Agencies and commercial organizations on the policy and technical requirements of IdentityManagement, Federated Identity, PKI and smart card solutions. He is also Chair of the Leadership council and aMember of the Board at Kantara. He is treasurer of...

Pamela DingleSenior Technical ArchitectPing IdentityPamela Dingle is a Senior Technical Architect within the Office of the CTO at Ping Identity. Pamela has a long historywith Identity Management, working as an implementer and moving into architecture and strategy over 10 years ofevolution of systems such as directories, application servers, web access management systems, provis ioning, andnow federation. Pamela is also on the board of directors of both the Information Card Foundation and the OpenIDFoundation and runs the Pamela Project, an...

Peter Mark GrahamSenior Identity StrategistVerizon Enterprise SolutionsMore than 2 decades of experience in program and project management, business analys is , business development,and thought leadership for enterprise software development programs. Sectors include both regulated and non-regulated industries, including pharmaceutical, telecom, aerospace, oil and gas, retail, travel and hospitality, and stateand federal government. 10+ years profess ional consulting, business development, and management experience forenterprise-wide software development...

Dr. Michael B. JonesStandards ArchitectMicrosoftMichael B. Jones is a Standards Architect at Microsoft. He is an editor of several IETF OAuth specifications, the IETFJOSE (JSON cryptography) specifications, and the OpenID Connect specifications. He serves on the board of the OpenIDFoundation . He was a researcher at Microsoft Research from 1992 to 2005. Michael earned his Ph.D. in ComputerScience from Carnegie Mellon Univers ity in 1992. His interests include digital identity, computer security, privacy,distributed...

Dr. Torsten LodderstedtSenior Product Owner Identity ManagementDeutsche Telekom AGDr.-Ing. Torsten Lodderstedt has been working in the identity management space at Deutsche Telekom for the last

seven years. In his current position as a Senior Product Owner Identity Management, he leads the development ofservices enabling login into retail and business digital products. He is also an identity management evangelist withinDeutsche Telekom and regularly contributes Deutsche Telekom’s experiences and perspective as a subject-matterexpert at standardization bodies and...

Anthony NadalinChief Security ArchitectMicrosoftAnthony Nadalin is a partner architect in the Government Engagement Team leading the Standards and Public Policypractice. Anthony had spent the last 27 years with IBM where he was the Chief Security Architect responsible for thesecurity strategy for software group products. Anthony participates in many standards organizations (OASIS, IEEE,W3C, ITU, ISO) aligning security strategy with standards. Anthony has co-authored many of the web servicesspecifications written 3 books around the...

Nat SakimuraSenior ResearcherNomura Research InstituteNat Sakimura is the research lead on Digital Identity at Nomura Research Institute (NRI). He has been working on digitalidentity and privacy for the past decade. His main theme cosinstently has been to empower the people with the digitalidentity so that they can live happily and peacefully in the cyber space transacting and connecting whenever andwherever they want. To that end, he has been active in standardization sapces such as OASIS Open, OpenIDFoundation, Kantara Initiative, and...

Don ThibeauExecutive DirectorOpenID FoundationDon Thibeau is the Executive Director of The OpenID Foundation openid.net an open source, identity standardsdevelopment organization representing industry leaders in internet enterprise, web and social media technologies.Thibeau is also Chairman of the Board of the Open Identity Exchange ( OIX ) a non-profit, technology-agnostic, multi-tenant platform for of certification listing services and trust frameworks for identity authentication in global internetand telecommunications...

Continuing Education CreditsAfter attending this block you will be able to:

Define the current markets where identity data is kept and describe their market potential.Describe current state of the open identity data market.Explain the benefits that information sharing through listings, directories, registries, and exchanges have on emergingmarkets.Define the benefits an information sharing registry would have on the open identity data market.

Completion of the workshop qualifies for 4 Group Learning based CPEs

Prerequisites: None Advance Preparation: None Learning Level: Intermediate Field: Computer Science

KuppingerCole is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuingeducation on the National Registry of CPE Sponsors. State Boards of accountancy have final authority on the acceptance ofindividual courses for CPE credits. Complaints regarding registered sponsors may be submitted to the National Registrythrough its website: www.learningmarket.org

For more information regarding administrative policies such as complaint and refund, please contact Mr. Levent Kara at ouroffice's telephone +49 211 23707710, email: lk@kuppingercole.com

Identity & Access Management Crash Course13.05.2014 09:00-13:00IAM is about guidelines, organization, processes – and technology. Or, correctly: A set of technologies. Understanding thesetechnologies, their value for specific use cases, and their dependencies is mandatory for successful investment decisions.Avoiding point solutions requires a good understanding of the overall IAM big picture.

This session provides you with the information you need to understand the big picture. It explains the main terms. It providesinsight into the relation of guidelines, organizations, processes, and technologies. It unveils the relationship of IAM to other ITdisciplines such as IT Service Management. It dives into the various elements of IAM, from Directory Services to IdentityProvisioning, Access Governance & Intelligence, Single Sign-On, Identity Federation, Privilege Management and Cloud IAM. Itdiscusses how to extend the on-premise IAM to cover all types of users, including customers and business partners. Itdiscusses the emerging Cloud IAM solutions and their role. It looks at how various IAM disciplines are related.

It is a crash course that gives you insight into IAM and is the perfect preparation for all the following sessions of EIC 2014.

SpeakersMartin KuppingerPrincipal AnalystKuppingerColeMartin Kuppinger is Founder and Principal Analyst at KuppingerCole, a leading analyst company for identity focusedinformation security, both in class ical and in cloud environments. Prior to KuppingerCole, Martin wrote more than 50 IT-related books and is known as a widely-read columnist and author of technical articles and reviews in some of themost prestigious IT magazines in Germany, Austria and Switzerland. He is also a well-established speaker andmoderator at seminars and...

Continuing Education CreditsContinuing Education Credits

Prerequisites: None Advance Preparation: None Learning Level: Intermediate Field: Computer Science

After attending this workshop you will be able to:

Explain how Identity and Access Management has evolvedDescribe how IAM is the foundation for secure business processes, secure collaboration and information sharing, and forthe new ABC: “Agile businesses – connected”.Explain why understanding these technologies, their value for specific use cases, and their dependencies is necessary forsuccessful investment decisions.Describe the relationship between the underlying IAM guidelines, organizations, processes, and technologies.Be prepared to get the most value from the EIC sessions.

This workshop qualifies for up to 4 Group Learning based CPEs depending on the number of sessions you attend.

KuppingerCole is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuingeducation on the National Registry of CPE Sponsors. State Boards of accountancy have final authority on the acceptance ofindividual courses for CPE credits. Complaints regarding registered sponsors may be submitted to the National Registrythrough its website: www.learningmarket.org

For more information regarding administrative policies such as complaint and refund, please contact Mr. Levent Kara at ouroffice's telephone +49 211 23707710, email: lk@kuppingercole.com

Kantara Workshop13.05.2014 09:00-13:00Industry Standards that are developed in an open and transparent forum are key to the advancement of technology andmarkets growth. Key to this progress is working to connect communities of interest to harmonize and optimize growth. TheKantara Initiative workshop will focus on innovation in both the public and private sectors. This workshop brings togetherleaders from around the world to share their unique perspectives and findings regarding Identity Management innovation andbest practices. From an international perspective attendees will participate with leaders from Canada, Denmark, New Zealand,Sweden, UK, and US. From an innovation perspective we'll discuss the future of IdM towards Identity Relationship Managementand Access Management 2.0 from a User Managed Access (UMA) approach that aligns with Life Management Platforms.

Hear from industry leaders on the latest in international approaches with real world use cases. Learn how varying countries areapproaching using agile and trustworthy approaches to enhance and drive adoption and market growth of Identity and AccessManagement. Join us. Innovate and Trust.

Founded in 2009 as a non-profit organization, Kantara Initiative is a robust and open focal point for collaboration to addressthe issues we each share across the identity community. Kantara Initiative influences trans-formative innovation within IdentityManagement. Our Membership is broad with influential international business Members including: CA, Experian, ForgeRock,Symantec, and Verizon; and policy influential Members including Internet Society, NRI, Government of Canada. Kantara activitiesfocus on requirement gathering for the development and operation of Trust Frameworks as well verification of actors withinTrust Framework ecosystems. Kantara Initiative Accredits Assessors, Approves Credential Service Providers Services andRecognizes Service Components (Identity Proofing and Credential Management).

AgendaTuesday, 13.05.201409:00-09:30 Welcome, Overview, Update on Trust Frameworks - The Latest Trends

Joni Brennan, Executive Director, Kantara Initiative09:30-10:15 Identity Relationship Management

Allan Foster, VP of Community, ForgeRockSandy Porter, Avoco

Michel Prompt, Founder/CEO, Radiant LogicMichelle Waugh, VP, CA Technologies

10:15-11:00 AuthZ: UMA Demo and Latest Implementation DraftDr. Maciej Machulak, CEO, Cloud Identity Limited

11:00-11:45 International Track: UK, New Zealand, DenmarkDavid Simonsen, Executive Manager, WAYF

Matthew Trigg, IDAP Stds & Cert Lead, UK Cabinet OfficeColin Wallis, Standards Architect, Internal Affairs Dept, New Zealand Government

11:45-12:30 Trust: Open Stand & Trust InitiativeRobert Labelle, Senior Director, Strategic Innovation and Standards Solutions, IEEE

12:30-13:00 Open Question & Answer, Calls To ActionJoni Brennan, Executive Director, Kantara Initiative

SpeakersAllan FosterVP of CommunityForgeRockAllan Foster is a founding member of ForgeRock, bringing skills in the entire Identity management space. He hasproven skills in Access Management, Federation, and Portal Architectures. Allan is based in Portland, Oregon in theUSA, and has worked with the ForgeRock products, as well as prior vers ion of the products for several years. Allanbrings 25 years of experience in the development, internet, and Identity management spaces to ForgeRock. Allan'scareer has reached from Apple Computer...

Robert LabelleSenior Director, Strategic Innovation and Standards SolutionsIEEESenior executive with global experience in driving organizational growth through innovation, with expertise in businessdevelopment in new and evolving technology spaces. Focused on technology domain strategy and development for anon-profit organization dedicated to advancing technology for the benefit of humanity. Possess deep knowledge of thestandards development ecosystem and life cycle, as well as knowledge of security, privacy, networking, virtualcommunities/worlds, software,...

Dr. Maciej MachulakCEOCloud Identity LimitedDr Maciej Machulak specializes in security, privacy and trust in the Cloud as well as in personal data management. Heis the founder and CEO of Cloud Identity Limited where he works with his team on research and development ofinnovative identity management and privacy solutions that allow individuals to have better control over their personalinformation in the Cloud. As the lead architect and developer, he also advises companies during all stages of theirprojects and helps them adopt...

Sandy PorterAvoco

Michel PromptFounder/CEORadiant LogicMichel is a world-renowned developer, researcher and entrepreneur who most recently founded Radiant Logic, asoftware company focused on integrating Directory Services (LDAP), XML and databases to enable companies to easilylocate and combine information housed in disparate databases and better manage e-business. Prior founding RadiantLogic in 1995, Prompt served as Senior Vice President of Client/Server Technology at Knowledgeware, now known asSterling Software. In 1986, Prompt founded...

David SimonsenExecutive ManagerWAYFDavid Simonsen, born 1973 in Copenhagen. Manager of WAYF s ince it started as a research network project in 2005.Employed by the Danish government agency for Library and Media. 2010 member of the TERENA networking conferenceprogram committee 2009 - member of the steering commitee for Kalmar2 (www.kalmar2.org) 2007 - member of ECAM,European commitee for Academic Middleware 2005 - 2007 co-chair of TERENAs mobility task force (result:...

Matthew TriggIDAP Stds & Cert LeadUK Cabinet OfficeJoined the Civil Service from school in 1982 working at the RAF Personal Management Centre at Innsworth inGloucester. Early roles included Cobol programming on pay applications before joining the Small Systems Group toinitially implement new desk top systems in Clipper and then later designing large Ingres applications and databases.In 1996 moved to Germany to develop a new Oracle system before returning to the UK in 2000 to maintain Informix AirWorthiness reports for the RAF. From...

Colin WallisStandards ArchitectInternal Affairs Dept, New Zealand GovernmentColin holds leadership positions across the consortium space in Information Security and Trusted Identity - particularlywhere policy, strategy and technology plays into cloud, big data, government transformation and in the broader macroeconomic challenges facing the internet. In OASIS, he s its on the identity-related Technical Committees of SecurityServices (SAML), Customer Information (CIQ), Identity in the Cloud, Trust Elevation, Privacy by Design for SoftwareEngineers &...

Michelle WaughVPCA Technologies

Continuing Education CreditsContinuing Education Credits

Prerequisites: None Advance Preparation: None Learning Level: Intermediate Field: Computer Science

After attending this workshop you will be able to:

Explain what Identity Relationship Management is.Describe the User Managed Access (UMA) proposal, its architecture, protocol and the trust model.Describe the identity assurance initiatives that are underway in NewZealand, the UK and Denmark.Describe the Open Stand & Trust InitiativeExplain how the Kantara Initiative Accredits Assessors, Approves Credential Service Providers Services and RecognizesService Components.

This workshop qualifies for up to 4 Group Learning based CPEs depending on the number of sessions you attend.

KuppingerCole is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuingeducation on the National Registry of CPE Sponsors. State Boards of accountancy have final authority on the acceptance ofindividual courses for CPE credits. Complaints regarding registered sponsors may be submitted to the National Registrythrough its website: www.learningmarket.org

For more information regarding administrative policies such as complaint and refund, please contact Mr. Levent Kara at our

office's telephone +49 211 23707710, email: lk@kuppingercole.com

OASIS Workshop13.05.2014 09:00-13:00"Smart" technologies are helping to solve many modern day challenges: making our living space "smarter," our cities moreefficient and livable, and bringing networked functionality to transportation, public facilities and services. But the networkedstorage and streams of data associated with these new technologies and their integration into big data systems create newrisks for personal privacy. In this sense, privacy is not about having something to hide, it's about transparency and personalcontrol. In the case of smart cities, privacy concerns arise in many ways: when there is the possibility of unauthorized servicesor when third parties access sensitive information, such as habits and behaviors, personal relationships or accountinformation and use this information without an individual's consent. The increased integration and inter-relationship of smartapplications amplify the potential for systemic risks to personal privacy.

0900 – 0905 – WELCOME AND INTRODUCTIONS –Gershon Janssen

0905– 0950 – WORKSHOP CONTEXT, ANN CAVOUKIAN VIDEO, PBD PRINCIPLES – Michelle Chibba

09:50 – 10:35– PRIVACY BY DESIGN AND SOFTWARE ENGINEERING, THE PBD-SE TC – Dawn Jutla

10:35 – 11:00 – PMRM OVERVIEW AND PRIVACY MANAGEMENT ANALYSIS TOOLS DEVELOPMENT – John Sabo, Gershon Janssen

11:00 – 11:15 – BREAK

11:15 – 11:45 – USING XACML AND ABAC TO PROTECT PII AND PHI – David Brossard

11:45 – 12:10 – USE CASES: APPLYING PBD IN SMART GRID SYSTEMS (Hydro One, San Diego Gas & Electric, and Vatenfall) –Michelle Chibba

12:10 – 12:55 – GAPS AND WORKS IN PROGRESS: TECHNICAL STANDARDS TO SUPPORT PRIVACY BY DESIGN IN SMART SYSTEMS –John Sabo, Panelists

12:55 – 13:00 - CONCLUDING REMARKS

"Smart" technologies are helping to solve many modern day challenges: making our living space "smarter," our cities moreefficient and livable, and bringing networked functionality to transportation, public facilities and services. But the networkedstorage and streams of data associated with these new technologies and their interaction with big data systems create newrisks for personal privacy. In this sense, privacy is not about having something to hide, it's about transparency and personalcontrol. In the case of smart cities, privacy concerns arise in many ways: when there is the possibility of unauthorized servicesor when third parties access sensitive information, such as habits and behaviors, personal relationships or accountinformation and use this information without an individual's consent. The increased integration and inter-relationship of smartapplications amplify the potential for systemic risks to personal privacy.

This workshop will help business owners, software developers, and policy makers understand how to move from the abstractPbD principles toward implementation and conformance assessment in “smart” systems and services. The workshop willinclude:

An overview of the seven foundational principles of PbD including its motivation and benefits and how standardizationinitiatives underway in OASIS are addressing the challenges of Assessing privacy management risks in complex, "smart"systems and applications.A video message to participants from Ontario Privacy Commissioner, Ann Cavoukian, the creator of PbD.An overview of the current work of the OASIS Privacy by Design Documentation for Software Engineers (PbD-SE) technicalcommittee and the relationship of PbD to software engineering, embedded code, and application development.An update on the OASIS Privacy Management Reference Model and Methodology (PMRM) specification and a PMRM-basedprivacy management analysis template now under development to support the baseline analysis needed for Privacy byDesign assessments. The applicability of Attribute Based Access Controls (ABAC) and privacy profiles developed by the OASIS XACML (eXtensibleAccess Control Markup Language) Technical Committee in support of technical privacy management solutions andstandards where XACML can play an important role.An overview of Smart Meter Use cases: PbD smart meter technical and service implementation projects and the benefits ofPbD to businessA discussion of the gaps in standards and technology that must be filled to ensure that PbD implementations are possible.

It may be impossible to envision all potential risks in the design and implementation phases of "smart" projects, but usingPrivacy by Design approaches in the development of smart applications and systems can help dramatically. Developing user-centric, user-driven tools can also ensure that users' privacy rights and preferences are integrated into smart technologiesand services, giving individuals greater measures of control of their own personal information and some ability to identify andremedy problems. As privacy and security risk management practices continue to take center stage in our headlines, andgovernments enforce stronger privacy laws and regulations, making smart technologies user-centric should be seen as anexciting challenge for industry, and even as a way to generate customer loyalty and revenue growth.

The broader challenge will be to understand the societal values that our communities see as imperatives, such as thefundamental right to privacy and user control, and to ensure their integration as much as possible in the new "smart"architectures, technologies, and business practices surrounding the provision, delivery, and use of services. By doing this,

developing badly needed standards, and designing privacy into smart systems, we can achieve improved system functionality,more effective risk management and greater public awareness and confidence.

SpeakersDavid BrossardVP Customer RelationsAxiomatics ABDavid is the VP Customer Relations at Axiomatics AB, the leader in externalized authorization management. In his day-to-day job, David helps customers architect authorization solutions that enable secure data sharing in compliance withcompliance and privacy regulations. David's main area of expertise is service oriented architecture (SOA) security andgovernance. David has published several papers and contributed to several books on the topic of SOA security,governance, and...

Michelle ChibbaPrivacy OfficerOffice of the Information and Privacy Commissioner OntarioMichelle Chibba oversees the Policy Department and Special Projects at the Office of the Information and PrivacyCommissioner of Ontario, Canada (IPC). Her department is responsible for conducting research and analys is (seepapers www.privacybydesign.ca ), as well as liais ing with a wide range of stakeholders to support the Commissioner’sleadership role in proactively addressing privacy and access issues affecting the public. She has over two decades ofprofess ional experience,...

Gershon JanssenMemberOASIS Open Standards GroupGershon Janssen is an independent consultant and member of the OASIS Open Standards Group. Gershon has abackground in software and infrastructure architecture, distributed systems and integration technologies. Gershonworks predominantly on projects, designing and building complex information technology architectures focusing onarchitecture, SOA, Cloud, Identity and Privacy. Gershon is a strong promoter of open standards and believes in broadadoption of these and as such participates...

Prof. Dr. Dawn JutlaProfessor of Business and Computer ScienceSaint Mary´s UniversityDr. Dawn Jutla is an award-winning, multi-disciplinary researcher and full professor in the Department of Finance,Information Systems, and Management Science at the Sobey School of Business, Saint Mary's Univers ity. She receivedher undergraduate degree from the Univers ity of the West Indies, and both her Masters and PhD degrees in ComputerScience from the Technical Univers ity of Nova Scotia. Her 1996 PhD work on multi-view access control has been citedin Xerox, IBM, and Koninklijke...

John SaboOASIS IdtrustJohn Sabo is an independent consultant on data privacy and cyber security, with a long career in government and the ITindustry. Most recently, John was Senior Director, Global Government Relations, CA Technologies, from 2000 to 2012,where he focused on trusted infrastructure technologies, policies, and practices. He provided technology policyleadership in industry and government-led data security, privacy, and critical infrastructure protection initiatives and instandards development....

Continuing Education CreditsContinuing Education Credits

Prerequisites: None Advance Preparation: None Learning Level: Intermediate Field: Computer Science

After attending this workshop you will be able to:

Explain how increased integration and inter-relationship of smart applications amplify the potential for systemic risks topersonal privacy. Explain why using Privacy by Design - PbD- approaches in the development of smart applications andsystems can help dramatically reduce these risks.List the seven foundational principles of PbDDescribe its motivation and benefits and how standardization initiatives underway in OASIS are addressing the challenges.Describe how the OASIS Privacy Management Reference Model and Methodology specification can be used.

This workshop qualifies for up to 4 Group Learning based CPEs depending on the number of sessions you attend.

KuppingerCole is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuingeducation on the National Registry of CPE Sponsors. State Boards of accountancy have final authority on the acceptance ofindividual courses for CPE credits. Complaints regarding registered sponsors may be submitted to the National Registrythrough its website: www.learningmarket.org

For more information regarding administrative policies such as complaint and refund, please contact Mr. Levent Kara at ouroffice's telephone +49 211 23707710, email: lk@kuppingercole.com

EIC 2014 Beer Garden Talks14.05. - 15.05.2014

Challenge the vendors in a relaxed atmosphereShort-track presentations held by vendors describing their approach on how to solve your criticalbusiness challenges.Directly and intensively discuss right after a presentationPlaced around the breaks of the main agenda tracks and in the later afternoonConnect to vendors intensively and make maximum use of your time while still having the opportunityfor some coffee and drinks.

AgendaWednesday, 14.05.201410:00-10:20 Dealing with Device and User Divers ity

Cleston Oliveira, Systems Engineer, NetIQ10:20-10:40 IAM as a Service

Marco Rohrer, CEO, IPG AG10:40-11:00 Data Centric Security - A Business Focused Approach

Henk Van der Heijden, Partner TecHarbor for Covertix, TecHarbor11:00-11:20 IAM Today – the Evolvement of Requirements

Pascal Jacober, IAM Specialist, Dell12:00-12:20 Crowd-Source your Data Protection

Roy Peretz, VP of Product Management, Whitebox Security12:20-12:40 Making Big Data Useful – the Users Journey to Securely Accessing Secure Information

Mike Nelsey, Managing Director, UK & EMEA, Aurionpro Solutions plc12:40-13:00 Detect and Defend Privileged Threats

Jochen Koehler, Regional Director - DACH, CyberArk13:00-13:20 5 Ways to Stop Ins ider Threats

Ben Yoder, Product Manager, Thycotic Software13:20-13:40 Empowering the Mobile Enterprise

Dominic Schmidt-Rieche, Enterprise Team Lead DACH, AirWatch13:40-14:00 Secure Collaboration and Web Governance: How does this fit in with IAM?

Stephan Schweizer, Nevis Product Manager, AdNovum Informatik AG

Thursday, 15.05.201410:00-10:20 Identity Management in Hospitals - Is it Different?

Peter Weierich, Senior Strategy Consultant, iC Consult GmbH10:20-10:40 Simple and Secure Access to Cloud-Based Services

Kay Hellmich, Systems Engineer Identity and Access Management, NetIQ10:40-11:00 How inSync Protects Data in Real-World Use Cases

Martin Edwards, Director of Sales Engineering – EMEA, Druva12:00-12:20 Customer Identity Management Survival Guide

Radovan Semancik, Software Architect, Evolveum12:20-12:40 Banking in an Online and Mobile World

Edwin van der Wal, Senior Director of Profess ional Services, Everett12:40-13:00 Bringing Convenience to the Secure Access to Online Channels

Jiri Wachtl, Key Account Manager, ANECT13:00-13:20 Is the Importance of Multifactor Authentication Delivery Models Overrated?

Doron Cohen, CTO, SafeNet13:20-13:40 Effective Data Cleaning and assigning accounts as a fast entry into Compliance and Identity Management

Dr. Martin Kuhlmann, Lead Solution Consultant (D-A-CH), Omada13:40-14:00 User Centric Secure Mobile Access

Niklas Brask, Co-founder & President, PointSharp AB

SpeakersAlexei BalaganskiSenior AnalystKuppingerColeAlexei Balaganski acts as KuppingerCole CTO. He also serves as an analyst with specific focus on cybersecurity. Hisdeep technical understanding allows him to support customers even with complex architectural and securitychallenges. After graduating with an MSc degree in Mathematics and Computer science he has worked in the ITindustry for over 15 years. His experience includes software development, network administration and informationsecurity. Before joining KuppingerCole in 2007,...

Niklas BraskCo-founder & PresidentPointSharp ABNiklas Brask is one of the founders of the Swedish product company PointSharp and has worked in the IT industry for

over 20 years, with the past 15 years within software companies providing mobility and security products.

Doron CohenCTOSafeNetDoron Cohen leads technology strategy for SafeNet’s Authentication solutions, bringing expertise in the areas ofauthentication, password management and identity management to his role. Doron has over 25 years of experience inIT and Security Management including directing development of enterprise-class system and security applications. Hehas extensive expertise in developing enterprise-class Identity Management solutions for distributed cross-platformenvironments -...

Martin EdwardsDirector of Sales Engineering – EMEADruvaWith a core background of “Customer First” attitude, Martin has been involved in client facing, and Support teamleadership for over 27 years. The last 14 focused in the End Point Data arena. Martin Joined Druva in 2011, and worksclosely with both his team of Sales Engineers, and the Product Engineering Group, ensuring that the inSync solutionkeeps up to date with industry trends, and client needs.

Henk Van der HeijdenPartner TecHarbor for CovertixTecHarborMr. Henk van der Heijden is an information security profess ional with over 25 years’ experience in IT (Security) salesand services. Henk is co-founder and partner at a leading Security Technology firm TecHarbor where he is responsiblefor Strategy development, Product Selection & Sales of the company. Before starting TecHarbor he has beenresponsible for the Security Business at CA Technologies as a VP EMEA. He joined CA Technologies’ IT Security team inSeptember 2010, to help the...

Kay HellmichSystems Engineer Identity and Access ManagementNetIQKay Hellmich works as a Systems Engineer at NetIQ, a business unit of The Attachmate Group. In this role, he isresponsible for the Identity and Access Management portfolio in the DACH region. Kay has over 15 years of experiencein pre- and post-sales roles within the IT industry with a proven track record of implementing successful go-to-marketstrategies. Kay holds a bachelors degree in Information Technology.

Pascal JacoberIAM SpecialistDellPascal is working as an Identity and Access Management Sales Specialist in Switzerland. In his role, he is responsiblefor developing and maintaining the IAM/Security marked in Switzerland and Austria. Before joining Quest Software in2011, Pascal was working for other companies in a s imilar role.

Jochen KoehlerRegional Director - DACHCyberArkJochen Koehler is the Regional Director for the DACH region at CyberArk. Jochen brings with him over 13 years ofexperience within the IT industry with a proven track record of successful go-to-market strategies for innovative ITsolutions, especially in Identity Management and the IT security market. In this role, he is responsible for managing theGerman, Austrian and Swiss business area and ensuring the successful penetration and growth in this region.

Dr. Martin KuhlmannLead Solution Consultant (D-A-CH)OmadaDr. Kuhlmann plays a key role in the continued development Omada’s solutions, including the award-winning OmadaIdentity Manager solution that is built entirely on the Microsoft platform and integrates with Microsoft Identity LifecycleManager to provide a robust solution for Compliance Reporting and Advanced RBAC. Since the 90s, Dr. Kuhlmann hasbeen designing and implementing Identity and Access Management (IAM) solutions for global enterprises, whilepioneering one of the earliest...

Mike NelseyManaging Director, UK & EMEAAurionpro Solutions plcMike came to Aurionpro Sena as a part of the acquis ition of Enline plc in the UK in July 2012. He drove the Enlinebusiness from its original incarnation as an hp hardware reseller to being an end-to-end Oracle partner withcapabilities across hardware and software. Under his leadership the business developed into one of the mostrespected names in the identity market in EMEA , winning the prestigious 'Oracle PartnerNetwork SpecializedMiddleware Partner of the Year for EMEA' award in 2011....

Rob NewbyManaging PartnerKuppingerColeRob Newby studied Physics at the Univers ity of Bath, UK, before graduating and choosing a career in Security and RiskManagement. He is now a governance, risk and compliance specialist with a background in data security andconsultancy within Government, Finance and Telecoms in the UK and Europe. Rob is an independent CLAS consultant,currently advis ing CSC UK on risk and architecture within the UK Government’s Identity and Passport Service account.Rob has also worked as a...

Cleston OliveiraSystems EngineerNetIQCleston Oliveira works as a Systems Engineer at NetIQ, a business unit of The Attachmate Group. He is a subjectmatter expert in digital identity security, federated access and enterprise / cloud integration. Cleston worked for thelast many years in several large scale projects ranging from workforce to cloud identity federation, social identityconsumption in the enterprise (consumer to business e-commerce scenarios) to eGovernment digital identityframeworks. He is furthermore a...

Roy PeretzVP of Product ManagementWhitebox SecurityRoy Peretz is responsible for Whitebox Security's product management, product marketing and overall productstrategy. Roy brings over 12 years of experience in technology, marketing and business strategy to this role. Mr.Peretz gained s ignificant experience serving in various information security roles within the Israel Defense Forces. Heholds a bachelor’s degree in computer science from Israel’s College of Management.

Marco RohrerCEOIPG AGMarco Rohrer is co-founder and CEO of IPG AG Switzerland. Marco Rohrer holds a degree in Business Administrationand offers more than 10 years experience in the IT industry. IPG AG is focused on IT security and ensures acomprehensive understanding of all topics related to Identity and Access Management.

Dominic Schmidt-RiecheEnterprise Team Lead DACHAirWatchDominic Schmidt-Rieche is the sales team leader for the DACH region at AirWatch®, the global leader and innovator inmobile device security and the largest Enterprise Mobile Management (EMM) provider. In this role, he is responsible forthe sales team for the German, Austrian and Swiss markets, providing mentoring, coaching and support for the team.Prior to joining Airwatch, Schmidt-Rieche spent more than 15 years in the telecom & IT industries. He has worked in...

Stephan SchweizerNevis Product ManagerAdNovum Informatik AGStephan Schweizer joined AdNovum in May 2009 to take over the position of the Nevis Product Manager. In this functionhe is responsible for the overall Nevis product strategy, the Nevis development team and strategic Nevis projects. Heis involved in a multitude of Nevis-centric projects in the areas of financial services, banking and industry and in thepublic sector, especially in projects with high IT security as well as identity and access management (IAM) standards.

Radovan SemancikSoftware ArchitectEvolveumRadovan Semancik graduated from the Slovak Technical Univers ity with a master degree in Software Engineering andPhD degree. At the time he works as a Software Architect and identity management specialist at Evolveum. His mainareas of interest are digital identity and distributed systems architecture. He architected one of the first full-scaleidentity management deployments in Central Europe and provided key consulting services to many morecomprehensive identity management solutions. He...

Jiri WachtlKey Account ManagerANECTWith many years of experience with international acquis ition sales (B2B) and business development (mainly Telco,M2M, ICT), I am currently responsible for identification and exploration of business opportunities (both direct and viapartners) for the patented authentication technology ALUCID mainly designed for on-line channels such as eBanking orSaaS.

Edwin van der WalSenior Director of Professional ServicesEverettAs Senior Director Edwin is responsible for Profess ional Services within Everett and acts as chairman of theKnowledge Management Team. He performs the Senior Supplier role in key projects as well.

Peter WeierichSenior Strategy ConsultantiC Consult GmbHPeter Weierich, born in 1964, studied Computer Science and Medical Informatics in Erlangen. Since 2011 he is SeniorStrategy Consultant at iC Consult GmbH. Before that, he was Head of Marketing and Sales at Völcker Informatik AG.

Ben YoderProduct ManagerThycotic SoftwareBen Yoder is a software engineer turned product manager and a lover of all things IT. He’s an expert on technologyintegrations and database systems, manages Thycotic Software’s market-leading Privileged Account Managementsolution, and keeps a keen eye on product trends in the IT security space. Ben currently leads the product team atThycotic Software and spends his spare time indulging in craft beers with friends.

FIDO Alliance Workshop16.05.2014 9:00-16:00

Why the FIDO Alliance?FIDO & Federation — Better TogetherAuthentication meets Identification - FIDO and PKIDemos of FIDO in actionTutorial: The Universal Authentication (UAF)Tutorial: The Universal 2nd Factor (U2F)

Spend a day with the FIDO Alliance and find out what the future of online authentication is going to look like. You will see anddiscuss hands-on demonstrations of FIDO Ready™ products. There will be separate sessions for the business and thetechnically inclined. Most important, there will be lots of opportunity to ask questions and talk to the people who know!

Who should attend?

Business personnel with responsibility for their organizations information securityArchitects, engineers, technical planners involved in the development and/or deployment of authentication technologies

Session content

Morning sessions will give you a good overview of the FIDO Alliance, what it has been working on and the benefits of theFIDO approachAt Lunchtime, and during the breaks, you will have the opportunity to see FIDO Ready™ products and prototypes in actionand to network with FIDO Alliance membersAfternoon sessions will include tutorials for the technical community, providing a good grounding on the FIDO standards,what they are, and how they work.

Key take aways

A good understanding of how FIDO will help address the the usability-security tradeoffs in authenticationAn understanding of what your organization will need to do to take advantage of the FIDO Standards

AgendaFriday, 16.05.201408:30-09:00 Registration, Coffee, Demos09:00-09:30 Why the FIDO Alliance?

Michael Barrett, Pres ident, FIDO Alliance09:30-10:15 FIDO 101

Rajiv Dholakia, VP Products, Nok Nok Labs10:15-10:30 Coffee10:30-11:00 FIDO & Federation — Better Together

Dr. Paul Madsen, Senior Architect, Ping Identity11:00-11:30 Authentication meets Identification - FIDO and PKI

Dr. Kim Nguyen, Managing Director, D-Trust11:30-12:30 Q&A Panel: FIDO next steps12:30-13:30 Lunch — and Demos of FIDO in action13:30-14:30 Tutorial: The Universal Authentication (UAF)

Rolf Lindemann, Senior Director Products & Technology, Nok Nok Labs14:30-15:30 Tutorial: The Universal 2nd Factor (U2F)

Dirk Balfanz, Software Engineer, Google15:30-16:00 U2F code walk-through

Dirk Balfanz, Software Engineer, Google

SpeakersDirk BalfanzSoftware EngineerGoogleDirk Balfanz is a software engineer in Google's Security Team, focusing on user authentication. He is currently workingon strengthening authentication on the Web through the use of public-key cryptography. In the past, Dirkworkedon Google's OpenID and OAuth implementations, as well as different pieces of Google's (and Android's) authenticationand authorization infrastructure. He holds a PhD in Computer Science from...

Rolf LindemannSenior Director Products & TechnologyNok Nok LabsRolf Lindemann brings more than 15 years of experience in product management, R&D and operations from the ITsecurity industry. He works for Nok Nok Labs, Inc. as Senior Director Products & Technology. Prior to Nok Nok LabsRolf Lindemann worked as Senior Director Product Management in the user authentication group at Symantec where hewas responsible for research and product strategy on device authentication in smart grids and mobile networks.

Before Symantec's acquis ition of TC...

Continuing Education CreditsContinuing Education Credits

Prerequisites: NoneAdvance Preparation: NoneLearning Level: IntermediateField: Computer Science

After attending this workshop you will be able to:

Explain how FIDO will help address the the usability-security tradeoffs in authenticationDescribe what your organization will need to do to take advantage of the FIDO StandardsDescribe how FIDO and identity Federation fit together.Explain how FIDO and PKI interoperate.Describe the Universal Authentication (UAF) standard

This workshop qualifies for up to 5 Group Learning based CPEs depending on the number of sessions you attend.

KuppingerCole is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuingeducation on the National Registry of CPE Sponsors. State Boards of accountancy have final authority on the acceptance ofindividual courses for CPE credits. Complaints regarding registered sponsors may be submitted to the National Registrythrough its website: www.learningmarket.org

For more information regarding administrative policies such as complaint and refund, please contact Mr. Levent Kara at ouroffice's telephone +49 211 23707710, email: lk@kuppingercole.com

Cleston OliveiraNetIQ

Marco RohrerIPG AG

Henk Van der HeijdenTecHarbor

Pascal JacoberDell

New at the EICEIC 2014 Beer Garden Talks14.05. - 15.05.2014

Challenge the vendors in a relaxed atmosphereShort-track presentations held by vendors describing their approach on how to solve your criticalbusiness challenges.Directly and intensively discuss right after a presentationPlaced around the breaks of the main agenda tracks and in the later afternoonConnect to vendors intensively and make maximum use of your time while still having the opportunityfor some coffee and drinks.

AgendaWednesday, 14.05.2014

Beer Garden Day IModerator:Alexei Balaganski, KuppingerColeRob Newby, KuppingerCole

10:00-10:20 Dealing with Device and User Diversity

Facilitating secure access to employees, partners and customers using applications of all sorts fromdevices of all kinds (all kinds of terminals) is the theme of NetIQ's beer garden session - come seehow their solutions address your Identity security needs through the entire user life cycle andmultiple digital personae in the Internet of Everything.

10:20-10:40 IAM as a Service

An effective Identity & Access Management (IAM) is not luxury anymore. For many companies, IAM hasbecome one of the key systems and therefore needs accurate attention from the Management as well asa profess ional support. The Identity & Access Management Processes has to be designed andestablished in a way it secures all Compliance requirements, without disturbing the daily business. Likea referee, IAM should intervene as soon as the daily business does not comply with the defined rulesanymore(infraction). IAM keeps everything in order without changing the outcome of a game.

10:40-11:00 Data Centric Security - A Business Focused Approach

Security needs to be viewed from a different perspective. The way we manage for yearsSecurity for the business is no longer working and is a lost battle against the complexity of theBusiness usage, IT means and the threats that get introduced on a daily basis . Going back tobasics will help us to be more effective for our business. During the speech we will highlightthe approach and solutions that can be taken.

11:00-11:20 IAM Today – the Evolvement of Requirements

Pascal will share his experience over the last years about the shift of the customer needs and howvendors had to adapt.

Roy PeretzWhitebox Security

Mike NelseyAurionpro Solutions plc

Jochen KoehlerCyberArk

Ben YoderThycotic Software

Dominic Schmidt-RiecheAirWatch

Stephan SchweizerAdNovum Informatik AG

12:00-12:20 Crowd-Source your Data Protection

The volume of data companies produce has spiraled out of control. IT security is under ever-increasing pressure to deliver secure data governance, often with minimal resources. The larger theorganization, the greater the data sprawl. WhiteOPS™ crowd-powered solution educate employeesabout the critical need for data governance by making them a part of the process.

The people who create the information know it best, so we’ve created crowd-sourced employee-focused product to leverage employees’ collective intelligence in order to protect the organizationalsensitive information. The new solution also relieves IT of the unmanageable burden of having toprotect all the organizations’ data by itself.

Join us in this beer garden session to find out more about our crowd-powered data governancesolution.

12:20-12:40 Making Big Data Useful – the Users Journey to Securely Accessing Secure Information

Everyone is talking about big data but for the consumers of information what does that reallymean? How can an organisation protect its data assets and ensure that users only see whatthey should see based upon their role, entitlements, attributes and the context inwhich theinformation is being consumed? Add the demand of leveraging big data through apps and mobiledevices where is the new security boundary?

12:40-13:00 Detect and Defend Privileged Threats

Today’s Cyber-attacks are all about exploiting privileged accounts – just because it is so s imple… assimple it is to take better control on the usage of these. Even now the breach of cyber-attacks haschanged from external to internal it is easy to protect your privileged accounts. In this session you willhear how to detect, alert and stop in-progress attacks with CyberArk Privileged Threat Analytics.

13:00-13:20 5 Ways to Stop Insider Threats

In a recent study, 460 employees admitted to stealing confidential data from their work place. JoinThycotic for an interactive, hands-on demo and learn how to stop an ins ider from taking down yourorganization.

13:20-13:40 Empowering the Mobile Enterprise

AirWatch is the world’s leading mobile security and enterprise mobility management providerwith more than 1,600 employees across nine global offices. More than 10,000 organizationsin 150 countries leverage the AirWatch® Enterprise Mobility Management Platform, whichincludes industry-leading mobile device, email, application, content, laptop and browsermanagement solutions. Organizations can implement these solutions stand-alone for uniquebring your own device requirements, in AirWatch® Workspace containerized solution, or as acomprehensive, highly scalable, enterprise-grade mobility platform. With the largestresearch and development team in the industry, AirWatch ensures the broadest mobileplatform support, develops innovative solutions like AirWatch® Secure Content Locker™, andintegrates with the leading device manufacturers and technology solution providers in themobile ecosystem.

Dominic Schmidt-Reiche, enterprise account executive at AirWatch, will discuss how AirWatch is enhancing and securing themobile enterprise and the benefits that our solutions will provide to empower your workforce.

13:40-14:00 Secure Collaboration and Web Governance: How does this fit in with IAM?

AdNovum's Nevis security and compliance suite is used by renowned institutions and companiesin Switzerland and abroad to protect miss ion-critical online services. The Nevis suite has amodular architecture and covers all functional aspects of a modern IAM suite, including WAF(Web Application Firewall), versatile authentication, identity management and federation andprovis ioning functionality.

However, as more and more critical business processes are shifted to the online channel, newrequirements arise: How should comprehensive online support be implemented in securitysensitive areas, where the use of common screen-sharing techniques is no option? How do youprovide governance and non-repudiation on the web channel for personalized content and webtransactions?

Stephan Schweizer, Nevis Product Manager, will show how an IAM infrastructure can be leveraged to cover these specificneeds in order to provide added value to business.

Peter WeierichiC Consult GmbH

Kay HellmichNetIQ

Martin EdwardsDruva

Radovan SemancikEvolveum

Edwin van der WalEverett

Thursday, 15.05.2014

Beer Garden Day IIModerator:Alexei Balaganski, KuppingerColeRob Newby, KuppingerCole

10:00-10:20 Identity Management in Hospitals - Is it Different?

Today, there are hospitals with 100 % of the patient data stored electronically (instead of paper based,as before). But most hospitals in Europe lack a proper IAM solution. Why is this the case? And what arethe upcoming trends like mobile computing in the hospital or "consumer IAM": An intensifiedcommunication of hospitals , practitioners and patients.

10:20-10:40 Simple and Secure Access to Cloud-Based Services

Managing access to your critical data is key. At the same time Cloud is becoming more and moreprevalent as business strives to cut costs & improve agility. An important factor to consider here is howto control the risk of having your data res ide outs ide your internal infrastructure? NetIQ has a solutionthat ensures only authorized users are able to access sensitive or regulated information and preventscorporate credentials from being stored out in the cloud.

10:40-11:00 How inSync Protects Data in Real-World Use Cases

See how inSync protects data in scenarios like accidental data deletion, hard drive failure, and deviceloss or theftLearn how inSync's integrated solution provides capabilities beyond backup with DLP, file sharing, andgovernanceGet an in-depth look at the inSync admin console and client UI, including mobile apps

12:00-12:20 Customer Identity Management Survival Guide

Managing customer identities is much harder than it might look. The basic principles that guide themanagement of any kind of identities are the same. But the devil is in the detail. Scalability,flexibility and especially deployment efficiency are the crucial elements of success. But these arenot the usual traits of identity management software. Customer identity management can easilyturn into a very expensive nightmare. Not doing it at all is usually not an option as today it isalmost impossible to find a company that does not provide electronic services to customers. It justhas to be done. And it has to be done quickly. What was almost impossible to do a couple of yearsago is quickly becoming a "must have". But how to make the management of huge number ofcustomer identities practical and especially economically feasible? How does access management,federation, directories and provis ioning all fit together to create an efficient customer-orientedsolution?

12:20-12:40 Banking in an Online and Mobile World

In the last 12 months 81% of households have used online banking and 19% of households haveused a mobile app to do their banking. Acceptance of online banking and smart devices arebecoming ubiquitous. This trend gives opportunities for banks to tap into new client sources andserve clients 24/7 wherever and whenever while lowering costs for staff and physical offices.

The two biggest challenges in optimis ing the mobile and online banking experience is user-friendly-but-secure authentication and user-friendly-bug-secure-onboarding. Overcoming these challengesresults in getting more clients and more transactions

Everett will demonstrate how we can achieve a seamless experience for KYC compliant online-client-onboarding and user friendly banking-grade mobile authentication for both Online and Mobile

banking.

Doron CohenSafeNet

Dr. Martin KuhlmannOmada

Niklas BraskPointSharp AB

13:00-13:20 Is the Importance of Multifactor Authentication Delivery Models Overrated?

Strong authentication is becoming more ubiquitous, more commoditized and more heavily consumedwithin the enterprise and beyond. This begs the question: Is the commoditization and consumerization ofauthentication driving the adoption of cloud-based authentication services, or is authentication as aservice a natural outcome of increased cloud adoption? To what extent do authentication delivery modelsaffect enterprise security strategies and impact on service provider business models. Lastly: Are thecapabilities of authentication solutions inherent to the delivery model, and if so, what are the capabilitiesthat will trigger wide-scale adoption?

13:20-13:40 Effective Data Cleaning and assigning accounts as a fast entry into Compliance and IdentityManagement

Besides all the new trends in the area of identity and access management, every project startswith data quality issues. Questions like “What accounts, roles and entitlements are still valid?”,“Who is the owner of that accounts”, “Who is responsible for those service account?” need to beanswered to have a realistic starting point of all identity management projects. Instead of us ingExcel, we show ways how to increase data quality, remove orphaned accounts and distribute theburden of cleaning to the natural responsible person in different areas and make live of thosepersons easier. Based on the Omada Identity Suite we will show an example, how it also couldwork in your company.

13:40-14:00 User Centric Secure Mobile Access

Areas such as mobility and security are high on the agenda for most businesses today with challengeshow to achieve user friendly security for email and products such as Microsoft Lync on mobile devices. Agood mobile security strategy has to originate from users and business, not from technical products thatsolve a subset of the overall need. PointSharp is a Swedish company that develops products for mobilesecure access and will give a short introduction how their products provide a user centric secure mobileaccess strategy supporting a mobile workforce.