Modern Identity and Access Management: How to Build Trust without Sacrificing Security
ISMG SECURITY EXECUTIVE ROUNDTABLE
Sponsored by CA Technologies
Agenda6:00 – 6:30 p.m.
Registration, Networking
6:30 – 6:45 p.m.
Introductions and Opening Remarks
• Tom Field, SVP Editorial, Information Security Media Group• Naresh Persaud, Senior Director of Security, CA Technologies
6:45 – 8:15 p.m.
Roundtable Discussion
8:15 – 8:30 p.m.
Closing Remarks
8:30 p.m.
Program Concludes
Introduction
Leading organizations understand that data breaches have
become the norm in today’s application economy. With
information everywhere and with personalized experience
driving digital transformation, identity is critical – it’s the
foundation for trust.
But how do we establish and maintain this trust without burdening our users? What are the critical
questions that need to be addressed by anyone managing identity and access management in a modern
enterprise?
If you’re looking for new answers to these questions, then please join me for an exclusive executive
roundtable on Modern Identity and Access Management: How to Build Trust without Sacrificing
Security.
Guided by insight from Naresh Persaud, Senior Director of Security for event sponsor CA Technologies,
this invitation-only dinner will draw from the experiences of the attendees, offering thoughts on how
they have been able to help their organizations meet the modern demands of identity and access
management. Additionally, Persaud will share insights from a new Digital Trust survey conducted with
ISSA members. Among the discussion topics:
• How can you efficiently manage identities and access entitlements in the modern enterprise?
• How do you make security frictionless while decreasing your exposure?
• What is the state of digital trust within your organization, and are you doing a good job ensuring it?
You’ll have the opportunity to discuss modern IAM with a handful of senior executives and market
leaders in an informal, closed-door setting, from which you will emerge with new strategies and solutions
you can immediately put to work.
Modern Identity and Access Management: How to Build Trust without Sacrificing Security 2
Discussion Points
Among the questions to be presented for open discourse:
• Based on the survey results just reviewed, how would you rate the state of digital trust in your
organization today?
• What are your organization’s biggest inhibitors of digital trust?
• How would you describe the state of identity and access management?
• What have you done in the past year to improve IAM?
• What haven’t you done?
• What are your biggest obstacles today to improving IAM – both technical and non-technical?
• What role does “frictionless experience” play in your IAM strategy, and how do you address it?
• What investments will you make in 2018 to improve IAM and the state of digital trust?
Modern Identity and Access Management: How to Build Trust without Sacrificing Security 3
About the ExpertJoining our discussion today, to share the latest insights and
case studies on trusted access is:
Naresh Persaud
Senior Director of Security, CA Technologies
Naresh Persaud is the Senior Director of Security at CA Technologies. He has more than 20 years of
experience in security and identity management across roles encompassing engineering, architecture
and business development. As a solutions architect and product manager, he has devoted much of his
career to following security. Before working at CA Technologies, Naresh held leadership roles in security
at Oracle, Sun Microsystems, Waveset and Alcatel. He began his career in security engineering at IBM
Tivoli.
About CA Technologies
CA Technologies (NASDAQ: CA) creates software that fuels transformation for companies and enables
them to seize the opportunities of the application economy. Software is at the heart of every business
in every industry. From planning, to development, to management and security, CA is working with
companies worldwide to change the way we live, transact, and communicate—across mobile, private
and public cloud, distributed and mainframe environments.
Learn more at www.ca.com.
Modern Identity and Access Management: How to Build Trust without Sacrificing Security 4
About the ModeratorLeading our discussion today is:
Tom Field
SVP Editorial, Information Security Media Group
Field is an award-winning journalist with over 30 years of experience in newspapers, magazines, books,
events and electronic media. A veteran community journalist with extensive business/technology and
international reporting experience, Field joined ISMG in 2007 and currently oversees the editorial
operations for all of ISMG's global media properties. An accomplished public speaker, Field has developed
and moderated scores of podcasts, webcasts, roundtables and conferences and has appeared at RSA
Conference and on various C-SPAN, The History Channel and Travel Channel television programs.
About ISMG
Information Security Media Group (ISMG) is the world’s largest media organization devoted solely to
information security and risk management. Each of our 28 media properties provides education, research
and news that is specifically tailored to key vertical sectors including banking, healthcare and the public
sector; geographies from North America to Southeast Asia; and topics such as data breach prevention,
cyber risk assessment and fraud. Our annual global summit series connects senior security professionals
with industry thought leaders to find actionable solutions for pressing cybersecurity challenges.
For more information, visit www.ismg.io.
Modern Identity and Access Management: How to Build Trust without Sacrificing Security 5
NOTE: In advance of this event, ISMG’s Tom Field spoke about modern identity and access management with Naresh Persaud of CA Technologies. Here is an excerpt of that conversation.
The State of IAM
TOM FIELD: How must the advent of our modern application
economy change how we approach IAM?
NARESH PERSAUD: With the creation of the application economy,
users have been given more choices for services than ever
before, and they are overwhelmingly choosing experience as
the differentiator. For most, the primary challenge in embracing
the app economy revolves around developing agile approaches
to software delivery to meet customers’ expectations. However,
rushing applications to market to stay competitive often comes at
the expense of quality and security, and these defects can have
a devastating impact to the business. We need a more modern
approach that improves security without impacting the user
experience. In addition, the enterprise must also deal with much
greater number of users accessing from a greater number and
variety of devices, which not only complicates the security concerns,
but also creates many new potential vectors for online fraud.
FIELD: What is the state of IAM as you see it today?
PERSAUD: The IT environment is becoming increasingly distributed,
complex and heterogeneous. When it comes to deciding who has
access to what and reliably enforcing those policies, it becomes a
multifaceted challenge that requires both a shift-left and a shift-right
approach. Managing identities is a critical need for both internal
and external user communities. For this reason, identity lifecycle
management and governance needs to be driven by a DevOps-
oriented approach that leverages APIs so that access requests
and self-service can be embedded into applications. Similarly, IAM
solutions have traditionally been highly technical and complex, but
shrinking IT budgets and an increased focus on empowering users
have required modern IAM solutions to be business-friendly and
easy to use. The enterprise needs a solution that is easy to deploy,
easy to use and can manage its hybrid environment. The modern
IAM solution has become hybrid itelf, with different features and
capabilities existing on-premise, hosted, in the cloud, or within a
third-party. Consider authentication – if we are accepting social
credentials, we have essentially outsourced this functionality to
Facebook or Google; we may allow partners to provision new users
into our applications and directories; we may outsource customer
service centers to a different third-party.
CONTEXT
Modern Identity and Access Management: How to Build Trust without Sacrificing SecurityQ&A with Naresh Persaud of CA Technologies
“In today's breach epidemic some of the most embarrassing fraud cases are related to excess access.”
Naresh Persaud
Modern Identity and Access Management: How to Build Trust without Sacrificing Security 6
FIELD: What are the key IAM questions that need to be answered
and where do you see organizations veering off course?
PERSAUD: In today’s breach epidemic some of the
most embarrassing fraud cases are related to excess
access. Organizations that fall short do not have the right balance
between enterprise data security and convenient user access.
Some of the key questions that organizations need to ask
themselves include:
• How do I identify a legitimate user from a fraudulent one?
• What confidence do I have that you are who you claim to be?
• How do I make security frictionless while decreasing my
exposure?
• How do I efficiently manage identities and access entitlements?
• How do I reign in privileged users and protect against insider
threats?
Digital Trust Survey
FIELD: You recently conducted a Digital Trust survey of ISSA
members. What were some of the key findings?
PERSAUD: Back in October, we ran a study/survey among the
Information Systems Security Association members (ISSA). For
anyone that is not familiar with ISSA, they are a professional
association of cybersecurity professionals in mainly medium to
larger business. They have 12,000+ members that are organized
into 115 chapters worldwide. Our goal of the survey was to
better understand their perspectives on the state of online trust,
understand their key issues/concerns, and importance of use of
threat analytics and reducing friction in the process.
Some of the key findings include:
• Over 84% of respondents agreed that cyberattacks and data
breaches are creating a loss of confidence/trust with customers
when doing business online.
• Over 87% of respondents agreed that customers of their business
showed preference for interacting online with businesses that
exhibit a high degree of online trust and data privacy protection.
• Over 85% of respondents strongly agreed that it is important to
implement an IAM Security Technology.
FIELD: How do these findings support your view of modern IAM?
PERSAUD: This is completely in line with what we are hearing from
our customers and prospects.
In today’s world where breaches are the norm, information
is everywhere and personalized experiences drive digital
transformation, identity is the key. Identity is the foundation of trust
in a zero-trust online world.
How CA Can Help
FIELD: How is CA helping organizations evolve to modern IAM and
preserve a frictionless security experience for users?
PERSAUD: At CA Technologies, we understand how important
it is to strike the right balance between enterprise data security
and convenient user access. To this end, we have adopted three
strategic initiatives to differentiate our IAM solutions:
• Hybrid cloud – Just as your application environment is moving to
a hybrid model, we believe that modern IAM solution should do
so as well. Your IAM infrastructure is mission critical but it is highly
customizable. This can make it difficult to add new functionality
quickly. We deliver a hybrid model that leverages the benefits
of SaaS and but also provides and on-premises component to
enable the right level of control, governance and usage insight
you need for your enterprise.
• Behavioral analytics – Gaining visibility into what users and their
accounts are doing is key for two reasons. First, you can detect
anomalous activity from either a malicious insider or to identify
an account that has been taken over. Second, you can simplify
the user experience and reduce friction by positively identifying
legitimate users from fraudulent ones. Our strategy is to apply
advanced analytics into our security products to make IAM
processes more effective.
• Developer velocity – For IAM to be integrated into your
enterprise, it needs to be API-enabled. We believe that a simple
and easy developer experience is critical to getting broad
adoption. Your teams understand the value of implementing
security, but they need to move fast. We deliver APIs and mobile
SDKs that enable security to be quickly implemented so the
development teams can spend more time focusing on app
functionality, not IAM. n
“In today's world where breaches are the norm, information is everywhere and personalized experiences drive digital transformation, identity is the key.”
Modern Identity and Access Management: How to Build Trust without Sacrificing Security 7
Notes
Modern Identity and Access Management: How to Build Trust without Sacrificing Security 8
Notes
Modern Identity and Access Management: How to Build Trust without Sacrificing Security 9
902 Carnegie Center • Princeton, NJ • 08540 • www.ismg.io
About ISMG
Information Security Media Group (ISMG) is the world’s largest media organization devoted solely to information
security and risk management. Each of our 28 media properties provides education, research and news that is
specifically tailored to key vertical sectors including banking, healthcare and the public sector; geographies from
North America to Southeast Asia; and topics such as data breach prevention, cyber risk assessment and fraud.
Our annual global Summit series connects senior security professionals with industry thought leaders to find
actionable solutions for pressing cybersecurity challenges.
Contact
(800) 944-0401 • [email protected]