Gartner Identity & Access Management Summit 2013 November 18 20 Los Angeles, CA gartner.com/us/iam HOT TOPICS IAM SUPPORTING MOBILE, SOCIAL, CLOUD AND INFORMATION INITIATIVES IAM BEST PRACTICES FOR DEPLOYMENT AND OPERATIONS LEVERAGING EXTERNAL IDENTITIES DATA SECURITY AND IAM CONVERGENCE JUSTIFYING IAM VALUE FOR THE BUSINESS Go to page XX for details. EARLY-BIRD DISCOUNT Register by September 27 and save $300
North America s most important annual gathering of the identity and access management community Identity Heats Up: Next Steps in Future-Proofing IAM IAM is in the spotlight. Can you feel the heat? Identity and access management has never been so hot. Mobile, social, cloud and analytics are transforming IT, business and entire markets. These new capabilities depend on secure and consistent access to succeed. From its new location in Los Angeles, CA, Gartner Identity & Access Management Summit 2013, November 18 20, provides the insights and recommendations that IAM professionals need to craft and implement an effective IAM strategy and essential new IAM governance protocols. Join us to find out how IAM can help transform the business and how the best IAM systems go beyond secure access to deliver greater agility, transparency and efficiency. Key benefits of attending Learn what s on the horizon for IAM the trends, future technologies and changing market Plan and organize your IAM program and create an IAM strategy Understand what is really going on in the world of IAM today Create a strategy for dealing with IAM implications related to mobile, social, cloud and information Gain real-world insight into identity administration, mobility, cloud, privacy and identity externalization Take compliance reporting to the next step by leveraging identity and access intelligence Who should attend Anyone responsible for IAM programs including: CISOs, CSOs and their teams CIOs and other IT directors Vice presidents, directors and managers of network security, information security and identity management IT/IS directors and managers Enterprise architects and planners Value-driven Gartner research for your personal IAM needs When you join us at Gartner Identity & Access Management Summit 2013, you ll walk away with the ability to craft an IAM strategy, evaluate appropriate solutions and align with business needs to deliver the maximum business value. From bring your own device (BYOD), advanced IAM analytics and IAM as a service, to budget concerns, articulating the business value of IAM and aligning IAM strategy with business goals, five in-depth conference tracks are designed to update your understanding of key priorities across IAM today. Fresh insight for the challenges you re facing now More analysts! Twenty-three analysts and consultants will be on-site for one-on-one meetings New town hall sessions New content added on information security More technical content! An expanded amount of content that takes a deep dive into IAM with the Technical Insights track presented by Gartner for Technical Professionals Customized agenda and networking opportunities by industries such as public sector, financial services and healthcare TABLE OF CONTENTS 4 Keynote Sessions 5 Meet the Analysts 6 Agenda Tracks 7 Summit Features 8 Agenda at a Glance 10 Session Descriptions 14 Solution Showcase 15 Registration and Pricing 2 Gartner Identity & Access Management Summit 2013 3
KEYNOTE SESSIONS MEET THE ANALYSTS Gartner keynotes F. Christian Byrnes Managing Felix Gaehtgens Gregg Kreizman Managing Andrew Walls Opening Keynote: The Future of Managing Identity IAM Scenario For a long time, we ve called the process of enabling access identity and access management primarily because our pursuit of managing identities was done so that we could use them to access applications and data. But what will happen to this enabler, this identity, when more and more applications and services demand more of the identity construct? How will we make sense of such an environment, and how much will truly be managed? The 2013-2014 Gartner Magic Quadrants and MarketScopes for IAM In this session, authors of Gartner Magic Quadrants and MarketScopes for IAM discuss the trends within their various markets, the Magic Quadrant and MarketScope findings and address audience questions. Topics and tools specifically covered include authentication technologies, user administration or provisioning, identity and access governance, Web access management and identity federation. The Gartner Five-Year Security and Risk Scenario The Gartner research community for security and risk is composed of more than 50 dedicated and contributing analysts. This scenario represents their five-year projection of the state of security and risk. The intent is to provide a base for your long-term strategic planning. Closing Keynote: Putting Strategy Into Action In this informal panel and discussion, Gartner IAM analysts reveal their key take-aways from the conference. Key issues include: What trends have been revealed while talking to attendees? What should attendees do as soon as possible upon returning to the workplace? How best can attendees leverage their conference experience? Guest keynote speakers to be announced soon! Visit gartner.com/us/iam for agenda updates. Gartner analysts draw on the real-life challenges and solutions experienced by clients from 13,000 distinct organizations worldwide. Felix Gaehtgens Brian Iverson Eric Ouellet Andrew Walls Gartner for Technical Professionals Gartner for Technical Professionals provides in-depth, how-to research for your project teams to help them assess new technologies at a technical level, develop technical architecture and design, evaluate products and create an implementation strategy that supports your enterprise s IT initiatives. F. Christian Byrnes Managing John Girard and Distinguished Analyst Gregg Kreizman Jeffrey Wheatman Leadership Partner, Gartner for Enterprise IT Leaders Nick Nikols Heidi L. Wachs Homan Farahmand Gartner Consulting Jay Heiser Managing Ray Wagner Managing Neil Wynne Service Analyst Trent Henry Mary E. Ruddy 4 Gartner Identity & Access Management Summit 2013 5
AGENDA TRACKS Take your IAM program to the next level Strategic Planning: Foundations, Controls and Processes Every program needs a solid foundation. This track provides the information you need to properly plan and organize your IAM program, create an IAM strategy, and ensure that processes and controls are implemented to gain real business benefits. We provide valuable, time-proven best practices and help you avoid a number of pitfalls. IAM in the Trenches: Getting the Most Out of Your Infrastructure What s really going on in the world of IAM today? What are your peers doing, and how can you best deploy the technology that you have? In this track, we help you make the most of the tools you have and help you ensure that you are positioning your current IAM infrastructure for success. Emerging Trends: The Mobile, Social, Cloud and Information Revolution The Nexus of Forces mobile, social, cloud and information continues to stretch established IAM programs. But how can you separate fact from hype? Now is the time to think about strategies for each of these forces. If you aren t, then you will be behind before you know it. In this track, we explore where and how IAM can support and leverage these emerging trends and technologies. Security and IAM: Safeguarding Access Together IAM and security are related disciplines. There are process, organizational, functional and technology overlaps that should be considered so that you can maximize your investment and have a multifaceted approach to IAM, infrastructure protection and risk management. In this track, we explore the intersection of IAM and security, and we cover hot-button security topics. Technologists Perspective: IAM in the Modern Era This year, we continue the popular addition of sessions by Gartner for Technology Professional analysts. These are in-depth talks providing real-world insight into identity administration mobility, cloud, privacy and identity externalization. Hot topics by track IAM program management and governance Data access governance IAM and cybersecurity Developing a realistic IAM strategy Single sign-on ies for internal and cloud services Identity governance and administration Justifying IAM value for the business IAM supporting mobile, social, cloud and information initiatives The future of managing identity Content and context awareness Mobile authentication practices User activity monitoring Data security and IAM convergence Content-aware data loss prevention Future security and risk scenario New trends in identity administrations Managing non-employee identities Enterprise identity in public and private clouds Building a modern federation architecture for a cloud, mobile and social world By 2017, more than 50% of enterprises will choose cloud-based services as the delivery option for new or refreshed user authentication implementations up from less than 10% today., Gartner Research Summit Features Experience the power of Gartner IAM research Live! Analyst one-on-ones Sign up for two private, 30-minute consultations with the Gartner analyst of your choice and get targeted advice on the specific IAM challenges you re currently facing. Seating is limited and general preregistration opens on October 21. (End users only) Analyst-user roundtables Moderated by Gartner analysts, these popular peer-to-peer discussions provide you with the opportunity to explore today s hottest IAM issues in an informal setting. Seating is limited and general preregistration opens on October 21. (End users only) Track sessions Leveraging the latest Gartner IAM research, these sessions focus on providing real-world information that help you make better decisions and drive results. Hands-on workshops These small-group workshops immerse you in real-world problem solving, with practical take-aways. Seating is limited and preregistration required. (End users only) End-user case studies Hear directly from user practitioners who share the lessons learned and the successes and challenges of IAM initiatives. Solution Showcase Meet with today s leading and emerging IAM solution providers, all in one room, and get the latest information and demonstrations on new products and services. Analyst-User Roundtables AUR1. DLP Roundtable Eric Ouelett AUR2. Saving Privacy in the Public Cloud Heidi L. Wachs AUR3. Shared Experiences With Identity Governance and Administration AUR4. Fine-Grained Access Control, Felix Gaehtgens AUR5. Where Has Your PKI Been Where Is It Going? Trent Henry AUR6. Government Identity Issues and Solutions Gregg Kreizman AUR7. TBA AUR8. IAM and Mobility Trent Henry Please visit gartner.com/us/iam for complete session descriptions. EARN CPE CREDITS As an attendee of this event, any session you participate in that advances your knowledge within that discipline may earn you continuing professional education (CPE) credits from the following organizations: (ISC) 2 (CISSP, CAP, SSCP and CSSLP) ISACA (CISA, CISM and CGEIT) VALUABLE ONLINE TOOLS Events Navigator Customize your agenda Schedule analyst one-on-ones, analyst-user roundtables or workshops Connect with peers, using the networking tool Manage your agenda on your mobile device with the Gartner Events Navigator mobile app Event Approval Tools Customizable letter, cost-benefit analysis, cost optimization highlights Post-event conference summary report Media Center Watch related summit videos Read related Twitter feeds, analyst blogs and press releases 6 Gartner Identity & Access Management Summit 2013 7
AGENDA at a glance SUNDAY, NOVEMBER 17 2:00 p.m. Registration 3:00 p.m. T1. IAM 101 Felix Gaehtgens T2. Fundamentals of User Provisioning and Identity and Access Governance W1. Workshop: The Gartner ITScore Maturity Model for IAM, Ray Wagner 4:15 p.m. T3. Authorization Architectures 5:30 p.m. Event Orientation and Welcome Reception TBA MONDAY, NOVEMBER 18 7:00 a.m. Registration Agenda as of July 25, 2013, and subject to change 7:00 a.m. General Networking Breakfast 8:15 a.m. K1a. Opening Keynote The Future of Managing Identity IAM Scenario, Gregg Kreizman,, Felix Gaehtgens 9:00 a.m. K1b. Gartner Keynote Welcome and Opening Remarks Gregg Kreizman Track A Strategic Planning: Foundations, Controls and Processes Track B IAM in the Trenches: Getting the Most Out of Your Infrastructure Track C Emerging Trends: The Mobile, Social, Cloud and Information Revolution Track D Security and IAM: Safeguarding Access Together Track E Technologists Perspective: IAM in the Modern Era 9:45 a.m. A1. Developing Identity and Access Management Processes and Controls B1. What Do You Buy for the Users Who Have (Access to) Everything?, Felix Gaehtgens C1. Cloud, Mobile, Social: What Have You Done to My IAM Infrastructure?! Gregg Kreizman D1. The Cyberthreat Landscape E1. Beyond Join, Move, Leave: Implications of Identity and Access Management in the Modern Era 11:00 a.m. Solution Provider Sessions 12:00 p.m. Attendee Lunch and Solution Showcase Dessert Reception 1:45 p.m. W2. Workshop: How to Build a Modern Federation Architecture for a Cloud, Mobile and Social World Mary E. Ruddy 2:15 p.m. A2. IAM Program Management and Governance: Building Firm Foundations for Future Success B2. Get the Plumbing Right: ies for Internal and Cloud Services Andrew Walls C2. Why Is Your Organization at Greater Risk Now That It Is Encrypting Sensitive Data? Eric Ouellet D2. Mobile Device Security Exploits in Depth John Girard E2. Are Your Users Sick of Typing Passwords on Mobile Devices? Give Em SSO Now! Trent Henry 3:15 p.m. Solution Provider Sessions 4:30 p.m. A3. Sharing Data Without Losing It Jay Heiser B3. Town Hall: Identity Governance and Administration Learning From the Experts Felix Gaehtgens C3. Good Authentication Practices for Smartphones and Tablets John Girard D3. Detect Data Breaches With User Activity Monitoring 5:45 p.m. K2. Gartner Keynote The 2013-2014 Gartner Magic Quadrants and MarketScopes for IAM, Gregg Kreizman, Felix Gaehtgens 6:30 p.m. Solution Showcase Reception TUESDAY, NOVEMBER 19 7:00 a.m. Registration 7:00 a.m. General Networking Breakfast by Industry and Topics 8:00 a.m. K3. Guest Keynote TBA 9:15 a.m. A4. Practicing Safe SaaS Jay Heiser B4. Who? C4. Case Study TBA D4. Dealing With Advanced Threats and Targeted Attacks E3. The Role of Enterprise Identity in Public and Private Clouds Nick Nikols E4. What About Everyone Else? Managing Non-Employee Identities Mary E. Ruddy 9:30 a.m. W3. Workshop: How an IAM RFP Can Help You Choose the Best Solution for Your Business 10:30 a.m. Solution Provider Sessions 11:45 a.m. A5. IAM for Applications and Data: The Rise of Data Access Governance in IAM B5. How to Get to Single Sign-On Gregg Kreizman, Neil Wynne C5. Social Realism in Your IAM Future D5. Town Hall: Lessons Learned (and Fingers Burned) in IT Risk Management Practices Jeffrey Wheatman E5. Adaptive Access Control: Holy Grail, Snake Oil or the Next Big Thing? Trent Henry 12:30 p.m. Attendee Lunch and Solution Showcase 1:45 p.m. W4. Workshop: Shifting IAM Design Principles and Adjusting Your Capabilities Architecture Homan Farahmand 2:45 p.m. K4. Gartner Keynote: The Gartner Five-Year Security and Risk Scenario F. Christian Byrnes, Andrew Walls 4:00 p.m. Solution Provider Sessions 4:45 p.m. A6. Case Study TBA B6. Town Hall: Selling IAM to the Business Felix Gaehtgens, C6. Managing Mobile Identity Amid Diversity John Girard, Trent Henry D6. Management Still Doesn t Get Security (and What You Can Do About That) F. Christian Byrnes E6. Saving Privacy in the Cloud Heidi L. Wachs 5:45 p.m. Hospitality Suites WEDNESDAY, NOVEMBER 20 7:00 a.m. Registration 7:00 a.m. Breakfast With the Analysts PB1. Power Breakfast: Top Security Trends and Take-Aways for 2014 Ray Wagner 8:00 a.m. W5. Workshop: Not Going It Alone Using Consultants and Integrators Brian Iverson, 8:15 a.m. A7. Developing a Process-Based Security Organization Jeffrey Wheatman B7. Case Study TBA C7. Identity Intelligence or Employee Surveillance? Andrew Walls D7. So You Have a New Content-Aware Data Loss Prevention Solution Now What? Eric Ouellet E7. How to Cope With Two Sides of BYOD: Bring Your Own Device and Bring Your Own (Personal) Data Trent Henry, Heidi L. Wachs 9:30 a.m. Solution Provider Sessions 10:15 a.m. A8. IAM, Cybersecurity and the Internet of Everything B8. Privileged Account Management for Private Cloud and IaaS Environments Nick Nikols C8. How Will Content and Context Awareness Change Your Existing IAM Deployment During the Next Five Years? Eric Ouellet D8. Linking Risk and Security to Business Decision Making: Creating KRIs That Matter F. Christian Byrnes E8. Case Study TBA 11:15 a.m. K5. Closing Keynote: Putting Strategy Into Action,, Gregg Kreizman,, 12:15 p.m. Conference Adjourns 8 Gartner Identity & Access Management Summit 2013 9
session descriptions Track A Strategic Planning: Foundations, Controls and Processes A1. Developing Identity and Access Management Processes and Controls As IAM enterprise programs mature, developing an effective process for planning and operations becomes critical. Understanding how basic security controls are applied to IAM policy and process and how that process informs architects, developers and operations is a key success factor. What do IAM controls and process look like, and how can this knowledge be applied in the enterprise? A2. IAM Program Management and Governance: Building Firm Foundations for Future Success Identity and access management initiatives need good program management and sound governance, but existing information security programs and governance frameworks may be incomplete. This session sets out the Gartner recommendations for IAM program management and governance, which typically build on and extend information security best practices in ways that address the more intimate relationship that IAM has with the business. A3. Sharing Data Without Losing It Today s security managers are struggling to meet the growing demands to share enterprise data with personal devices and external parties. This session provides a use case model for the choice of collaborative systems with data protection technology that matches business needs for data protection. Jay Heiser A4. Practicing Safe SaaS Most enterprises continue to struggle with the appropriate use of SaaS, but for most organizations, no is not the right answer. Standards and practices for risk assessment and use continue to evolve, but gaps still remain. This presentation provides guidance on the creation of a SaaS usage profiles. Jay Heiser A5. IAM for Applications and Data: The Rise of Data Access Governance in IAM Access to unstructured data has always been a concern to an enterprise. How can IAM provide administration, access, analytics capabilities for access to files, folders and other data formats? How can data access governance truly become part of identity governance and administration? A6. Case Study TBA A7. Developing a Process-Based Security Organization Do you need a dedicated security team? If so, what should it look like? How many people do you need? Whom does it report to? There is no such thing as a perfect, universally appropriate model for security organizations. Every organization must develop its own process-based model, taking into consideration basic principles and practical realities. Jeffrey Wheatman A8. IAM, Cybersecurity and the Internet of Everything The Internet is expanding to include connections not only to people but also to machines: automobiles, buildings, power grids millions of sensors and control systems, all needing protection and access. How can enterprises that embrace the Internet of Everything (IoE) in their businesses prepare for such systems from an IAM perspective? Track B IAM in the Trenches: Getting the Most Out of Your Infrastructure B1. What Do You Buy for the Users Who Have (Access to) Everything? Effectively managing privileged accounts default administrator and other shared accounts, as well as personal accounts, used by internal or external users requires a fine balance between security, operational and business needs., Felix Gaehtgens B2. Get the Plumbing Right: ies for Internal and Cloud Services Buildings and identity management don t work well if the plumbing is not designed, deployed and maintained. Behind every shiny, new IAM program is a wilderness of directories, databases, synchronization events and trust relationships. If you don t sort out the system, your IAM program is doomed to failure. This presentation dives into the plumbing and identifies what works and what doesn t when it comes to directories, whether at home or in the cloud. Andrew Walls B3. Town Hall: Identity Governance and Administration Learning From the Experts Identity governance and administration (IGA) projects are often the most challenging IAM projects. In this town hall session, Gartner analysts discuss audience questions about IGA planning, strategy and execution. Felix Gaehtgens B4. Who? Establishing the identities of the people who get access to your networks, systems and services is fundamental to other IAM services; insufficient trust in those identities erodes the value of authorization, audit and analytics. The Nexus of Forces has offered new ways of providing identity assurance but also has created challenges for traditional methods and delivery options. What is identity assurance anyway and why should I care? How has the Nexus of Forces changed the identity assurance landscape? Can we look forward to a world without passwords and tokens? B5. How to Get to Single Sign-On The quest for single sign-on (SSO) is the result of disparate identity silos, increased password-related support costs and user frustration. This session helps attendees make decisions about strategies and tools to achieve SSO securely. Gregg Kreizman, Neil Wynne B6. Town Hall: Selling IAM to the Business Many organizations struggle to demonstrate the value of the IAM program. Without an ability to communicate costs and value to the board or other IAM sponsors, IAM programs may languish and not be properly resourced or worse! In this town hall session, Gartner analysts discuss audience questions regarding how to overcome the perceptions that IAM is purely a cost center and to highlight real business benefits. Felix Gaehtgens, B7. Case Study TBA B8. Privileged Account Management for Private Cloud and IaaS Environments This session delves into the new security challenges that are exposed in private cloud and IaaS deployments. It illustrates how both traditional and new identity technologies can be employed to address these challenges. Nick Nikols Track C Emerging Trends: The Mobile, Social, Cloud and Information Revolution C1. Cloud, Mobile, Social: What Have You Done to My IAM Infrastructure?! Cloud computing and mobile endpoint adoption break established IAM architectures and challenge security leaders to deliver secure access services to their enterprises. This session addresses the current and evolving solutions to these problems. Gregg Kreizman C2. Why Is Your Organization at Greater Risk Now That It Is Encrypting Sensitive Data? Your organization has implemented encryption to protect your sensitive assets and has fulfilled an annoying requirement. Are you really better off than you were before? Or is the security blanket actually on fire? Eric Ouellet C3. Good Authentication Practices for Smartphones and Tablets The price and complexity of traditional authentication is more than just unpopular with mobile users; many platforms simply do not support robust identity access methods. We offer a path for making strategic decisions about mobile authentication and answer the question, Who benefits from good authentication? John Girard C4. Case Study TBA C5. Social Realism in Your IAM Future While the use of social login to simplify new customer registration and customer login is getting increasing attention from enterprises and IAM vendors, this may be the least impact that social has on enterprises IAM programs. This session explores how social will reset your IAM world and how IAM can evolve to meet the challenges and embrace the opportunities of social amid the Nexus of Forces. Who is using social login, and why and what additional risks does it pose for the enterprise? How can social benefit enterprise IAM in other ways? To what extent will social identities become things that enterprise IAM must manage? C6. Managing Mobile Identity Amid Diversity When organizations establish bring your own device policies and acknowledge the diversity of consumer mobile devices, they show they are prioritizing user choice and flexibility over control. Enterprises must defend themselves while providing appropriate access. This session will give attendees the opportunity to get answers to the hard questions about mobile diversity. John Girard, Trent Henry C7. Identity Intelligence or Employee Surveillance? The expansion of identity into cloud platforms provides enterprises with unparalleled opportunities to develop a more complete understanding of the services that their users access, where they are when they access a service and how they use those services. In other words, IAM gives us new abilities to spy on our users. This presentation takes a candid look at the promises and perils of identity intelligence with an aim to keeping you out of jail. Andrew Walls C8. How Will Content and Context Awareness Change Your Existing IAM Deployment During the Next Five Years? For how many years has your corporate IAM project been an ongoing activity? You know it goes from one extreme to the other too coarse, too fine, then back again each time, with changes to your organization that end up costing you more time and resources. Is there a better approach on the horizon? Eric Ouellet Track D Security and IAM: Safeguarding Access Together D1. The Cyberthreat Landscape Recent security breaches highlight an evolving and precarious threat environment. Attacks are financially motivated and are supported by a sophisticated underground economy. To stay a step ahead of the bad guys, enterprises need to invest wisely in security tools and personnel. Finding the right balance between too little and too much security is essential to business success. 10 Gartner Identity & Access Management Summit 2013 11
session descriptions D2. Mobile Device Security Exploits in Depth How can we stop worrying about mobile security? You can t trust the OS or the apps, the user resists security practices and your company doesn t own the device. This presentation puts the inconvenient facts front and center with real examples and offers a path forward to reduce risk while still taking user experience into consideration. John Girard D3. Detect Data Breaches With User Activity Monitoring The ability to monitor user activity and resource access has become increasingly important because the number of targeted attacks has grown. Organizations need to incorporate identity intelligence into their security monitoring to increase the chance of early breach detection. D4. Dealing With Advanced Threats and Targeted Attacks Today s attacks are stealthy and targeted to steal critical data or compromise specific accounts. Organizations need to present a hard target to an attacker, implement shielding to protect systems and applications, and get better at threat and breach detection. D5. Town Hall: Lessons Learned (and Fingers Burned) in IT Risk Management Practices Risk management is more art than science. The best way to learn risk management is to practice it. And the risk management approach must suit the culture of the organization. This presentation shares experiences, pitfalls and best practices encountered by Gartner analysts during their travels and daily interactions with clients. Jeffrey Wheatman D6. Management Still Doesn t Get Security (and What You Can Do About That) Many management teams just don t get it. After a failure, security and IT risk become priorities, but only for a while; after long periods without visible failures, these teams go back to not caring. A modern security and IT risk program needs continuously engaged non-it decision makers. In this session, you learn how to engage executive management teams and keep them continuously engaged. F. Christian Byrnes D7. So You Have a New Content- Aware Data Loss Prevention Solution Now What? Since data loss prevention (DLP) is quickly becoming part of the standard of due care for various industries (finance, insurance, healthcare, manufacturing and design), it is still a very misunderstood technology for what it can and should be used for. This session looks at the best approaches for implementing a new DLP solution and gets you from zero to very useful. Eric Ouellet D8. Linking Risk and Security to Business Decision Making: Creating KRIs That Matter The term key risk indicator (KRI) has come to mean our most important metrics, but the criteria for most important usually falls short of most useful. The definition varies greatly across different organizations, so there are no standards. Good KRIs should influence business decision making. F. Christian Byrnes Track E Technologists Perspective: IAM in the Modern Era E1. Beyond Join, Move, Leave: Implications of Identity and Access Management in the Modern Era The world in which IAM now operates has changed radically during the past decade; the world is now more agile, with larger constituencies and less visibility offered to traditional identity services. This has a profound implication for existing IAM architectures. These architectures do not have to be abandoned to adapt to the modern world, but changes are ahead. E2. Are Your Users Sick of Typing Passwords on Mobile Devices? Give Em SSO Now! The contrasts between elegant user experience, usability and security is distinct on mobile devices. Just as users are feeling productive and engaged with shiny new handhelds, the act of authenticating suddenly feels archaic and a waste of time. How do we make things better while maintaining assurance? Mobile single sign-on (SSO) is a goal that most enterprises seek, but the solution space is maturing rapidly but not smoothly. This session describes the major alternatives for mobile SSO and the typical components deployed for success. Trent Henry E3. The Role of Enterprise Identity in Public and Private Clouds This session examines how to better facilitate the integration of private and public clouds with enterprise identity infrastructure, the maturity of these capabilities, and the role identity plays within these environments. Nick Nikols E4. What About Everyone Else? Managing Non-Employee Identities For years, identity and access management initiatives have focused on internal employee populations. But, in today s highly connected business environment, organizations must manage identities for not only employees but also non-employees, including contractors, customers, partners and vendors. The use cases for managing non-employee identities bring unique challenges that require fresh solutions. Mary E. Ruddy E5. Adaptive Access Control: Holy Grail, Snake Oil or the Next Big Thing? Our users do much more than traipse about with authentication tokens in their pockets. They log in at regular and recurring times, demonstrating a behavior pattern. They carry phones with geolocation information and interesting sensors. They have unique knowledge about themselves for answering tricky questions. In short, they possess a bundle of interesting context. However, we aren t using their context to its fullest during authentication and authorization. Enter adaptive access control. Trent Henry E6. Saving Privacy in the Public Cloud Enterprise data is moving to the public cloud, with privacy and compliance risks often as an afterthought. This session discusses how to address the privacy risks associated with moving enterprise data into the public cloud, insight into successfully entering into these agreements and guidance on retroactively bringing the entire organization into a comprehensive cloud strategy. Heidi L. Wachs E7. How to Cope With Two Sides of BYOD: Bring Your Own Device and Bring Your Own (Personal) Data Where bring your own device isn t the answer, enterprises have to rely on corporately owned devices only to discover that people are bringing their own personal data (and applications) to those devices; this is the world of COPE corporately owned, personally enabled. This session explores the privacy implications of how enterprises balance their information protection needs with employee expectations of personal data privacy on mobile devices, whether supplied by the enterprise or employee. Trent Henry, Heidi L. Wachs E8. Case Study TBA Workshops W1. The Gartner ITScore Maturity Model for IAM IAM leaders use this Gartner assessment to evaluate their IAM efforts against key maturity indicators. This helps determine which aspects of a maturity level are most important and shows how to advance. Immature programs are likely to be inefficient, ineffective and unable to deliver full business value., Ray Wagner W2. How to Build a Modern Federation Architecture for a Cloud, Mobile and Social World Identity and access management infrastructure needs to meet the demands of an increasingly networked and outsourced world. Cross-domain access is now becoming commonplace. In order to manage the growing complexity, select standards on the basis of products that support more granular and adaptive decision making. Mary E. Ruddy W3. How an IAM RFP Can Help You Choose the Best Solution for Your Business There are many tools that are used to choose IAM technologies and services for purchase. One of the most common is the request for proposal (RFP) or tender. A structured and thorough RFP captures a buyer s requirements and ensures that the vendors selected are the right fit for the enterprise. Building a good RFP is a science, and an important one to ensure the success of IAM projects. This workshop seeks to provide you with a process and components to build an RFP for the common IAM technologies. W4. Shifting IAM Design Principles and Adjusting Your Capabilities Architecture The rising IAM complexity is driving a shift in IAM design principles from manage access to manage access risk. In this workshop, we discuss how leading organizations are trying to factor risk in IAM architecture strategies. Homan Farahmand W5. Not Going It Alone: Using Consultants and Integrators The key to delivering an effective identity and access management solution for your enterprise is primarily in the hands of the IAM consultant or integrator. The very success of most IAM deployments hinges on how good these providers do their job for you. What consultant or integrator is best for what type of IAM technology or service deployment? This workshop seeks to provide you with an approach to choosing consultants or integrators well. Brian Iverson, T1. IAM 101 Identity and access management is well established as a cornerstone of information security and can deliver real business value beyond its contributions in efficient and effective security, risk management and compliance. Here we look at the pieces of the IAM jigsaw puzzle, and how they fit together. Felix Gaehtgens T2. Fundamentals of User Provisioning and Identity and Access Governance Provisioning and identity access governance (IAG) technologies form the foundation of an identity management solution. In this session we provide a component description and architectural overview of these technologies. We also offer deployment considerations, insights and best practices based on years of customer experience. T3. Authorization Architectures Authorization is the science of determining whether a person is allowed to perform an action in an application on a piece of data. Where authorization decisions are made is often just as important as how those decisions are made. This advanced tutorial explores multiple authorization architectures, evaluating the pros and cons of each. 12 Gartner Identity & Access Management Summit 2013 13 Tutorials
SOLUTION SHOWCASE REGISTRATION and PRICING Rapid technology evolution means that keeping up with innovators and industry leaders is essential. Visit our Solution Showcase and find the IAM vendors that fit your individual and organization s needs. Gartner events deliver what you need 3 WAYS TO REGISTER We ve developed a series of offers, features and conference essentials to ensure that your time at a Gartner summit results in real value and delivers everything you need efficiently and effectively. Web: gartner.com/us/iam PREMIER SPONSORS Lieberman Software provides award-winning privileged identity management and security management products to more than 1200 active customers worldwide, including 40 percent of the Fortune 50. By automatically discovering and managing privileged accounts throughout the network, Lieberman Software helps secure access to sensitive systems and data, thereby reducing internal and external security vulnerabilities, improving IT productivity and helping ensure regulatory compliance. Lieberman Software products scale to the largest enterprises in the world and deploy in minutes. David Sorkin Gartner Events +1 203 316 3561 david.sorkin@gartner.com EARLY-BIRD DISCOUNT EXPIRES SEPTEMBER 27 Save $300 when you register by September 27 Early-bird price: $2,075 Standard price: $2,375 AlertEnterprise Security Convergence capabilities are revolutionizing Identity and Access Governance while extending Identity and Access Management beyond IT to include Physical and SCADA security for the true prevention of risk against fraud, theft and malicious threats. AlertEnterprise delivers Situational Awareness as well as Incident Management and Response for true IT OT Integration. Centrify provides unified identity services across data center, cloud and mobile resulting in one single login for users and one unified identity infrastructure for IT. Centrify s software and cloud services let organizations securely leverage their existing identity infrastructure to centrally manage authentication, access control, privilege management, policy enforcement and compliance across on-premise and cloud resources. Courion is the only company to offer a complete real-time, risk aware Identity and Access Management (IAM) solution that enables you to visually recognize and reduce risk. With Courion, you can confidently provide open and compliant access to all while also protecting your critical company data from unauthorized access. Cyber-Ark Software is a global information security company that specializes in protecting and managing privileged users, sessions, applications and sensitive information to improve compliance, productivity and protect organizations against insider threats and advanced external threats. Its award-winning Privileged Identity Management, Privileged Session Management and Sensitive Information Management Suites, help organizations effectively manage and govern data center access and activities, whether on-premise, off-premise or in the cloud. Get the security you need in the way that best suits your situation. Dell Software s IAM solutions make managing access simple and efficient without costly customization or rigid technology. Our modular and integrated approach addresses your immediate security and compliance concerns while ensuring that future business needs are met. IBM Security offers one of the world s broadest, most advanced and integrated portfolios of enterprise security products and services. The portfolio, supported by world-renowned IBM X-Force research and development, provides the security intelligence to help holistically protect people, infrastructure, data and applications for protection against advanced threats in today s hyper-connected world. SailPoint helps the world s largest organizations securely deliver and effectively manage user access from any device to data and applications in the datacenter, on mobile devices, and in the cloud. SailPoint s innovative portfolio delivers integrated identity governance, provisioning, and access management on-premises or as a cloud-based service (IDaaS). Visit www.sailpoint.com. Thycotic Software, Ltd. provides password and access management solutions to IT administrators worldwide. Over 75,000 IT professionals use our Identity and Access Management (IAM) tools. Secret Server is a password management system for IT pros to store, organize and manage privileged/shared accounts in an on-premise, web-based vault. Verizon Enterprise Solutions creates global connections that generate growth, drive business innovation and move society forward. With industry-specific solutions and a full range of global wholesale offerings provided over the company s secure mobility, cloud, strategic networking and advanced communications platforms, Verizon Enterprise Solutions helps open new opportunities around the world for innovation, investment and business transformation. Visit www.verizonenterprise.com to learn more. SILVER SPONSORS Authentify, Inc. BeyondTrust ForgeRock NetIQ Ping Identity Symplified, Inc. Aveksa Covisint Corporation Hitachi ID Systems NuData Security Prolifics Tools4ever Axway Fischer International Identity Identropy Okta Quantum Secure Inc. ILANTUS Technologies Pvt. Ltd. Omada Radiant Logic View DS Identity Solutions OneLogin STEALTHbits Technologies, Inc. FishNet Security Phone: 1 866 405 2511 Become a aponsor RSA, The Security Division of EMC, is the premier provider of security, risk and compliance management solutions for business acceleration. RSA helps organizations solve their most complex and sensitive security challenges by bringing visibility and trust to millions of user identities, the transactions they perform and the data that is generated. RSA delivers identity assurance, encryption & key management, SIEM, Data Loss Prevention, Continuous Network Monitoring, and Fraud Protection with industry leading egrc capabilities and robust consulting services. www.rsa.com PLATINUM SPONSORS Beta Systems Software AG Email: us.registration@gartner.com MEDIA AND ASSOCIATION PARTNERS Oracle Corporation Team Attendance Program: Leverage more value across your organization Knowledge creates the capacity for effective action. Imagine the impact on your organization when knowledge multiplies: common vision, faster responses, smarter decisions. That s the Gartner Team Attendance effect. You ll realize it in full when you attend a Gartner event as a group. Maximize learning by participating together in relevant sessions. Split up to cover more ground, sharing your session take-aways later. Leverage the expertise of a Gartner analyst in a private group meeting. Team benefits Complimentary registrations Team meeting with a Gartner analyst (end users only) Role-based agendas On-site team support: Work with a single point of contact for on-site team deliverables Complimentary registrations 1 for every 3 paid registrations 2 for every 5 paid registrations 3 for every 7 paid registrations For more information, email us.teamsend@gartner.com or contact your Gartner account manager. Event Approval Tools For use pre-event, on-site and post-event, our Event Approval Tools make it easy to demonstrate the substantial value of your Gartner event experience to your manager. They include a customizable letter, cost-benefit analysis, top reasons to attend and more. Visit gartner.com/us/iam for details. Gartner event tickets We accept one Gartner summit ticket or one Gartner Catalyst ticket for payment. If you are a client with questions about tickets, please contact your sales representative or call +1 203 316 1200. SPECIAL GARTNER HOTEL ROOM RATE $239 per night at JW Marriott Los Angeles L.A. LIVE 900 West Olympic Boulevard Los Angeles, CA Phone: 1 888 832 9136 Xceedium, Inc. NO NEED TO TAKE NOTES Missed a session? Need to revisit those recommendations again? Want to share a useful presentation with a colleague? As an attendee, you can gain access to every slide from every session, free of charge. Log into Gartner Events Navigator at events.gartner.com/go/iam8 and click on the PDF for the session you are interested in reviewing. TECHWATCH FierceCIO Sponsors as of July 25, 2013, and subject to change 14 Gartner Identity & Access Management Summit 2013 15
Gartner, Inc. 56 Top Gallant Road Stamford, CT 06902-7700 Presorted Standard U.S. Postage PAID Gartner PO Box 29307 Shawnee, KS 66201 Change Service Requested Gartner Identity & Access Management Summit 2013 Priority code November 18 20 Los Angeles, CA gartner.com/us/iam Save $300 when you register by September 27! 2013 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. or its affiliates. For more information, email info@gartner.com or visit gartner.com. CONNECT WITH GARTNER IAM Connect with Gartner Identity & Access Management Summit on Twitter and LinkedIn. #GartnerIAM Gartner Identity & Access Management SECURITY & RISK MANAGEMENT GLOBAL EVENTS Security & Risk Management Summit 2013 August 19 20 Sydney, Australia Security & Risk Management Summit 2013 September 18 19 London, U.K. Catalyst Technical Forum on Mobility & Cloud 2013 September 25 London, U.K. 3 WAYS TO REGISTER Web: gartner.com/us/iam Email: us.registration@gartner.com Phone: 1 866 405 2511