Gartner Identity & Access Management Summit 2013

(1)

Gartner

Identity & Access

Management Summit 2013

November 18 – 20

Los Angeles, CA

gartner.com/us/iam

• IAM SUPPORTING MOBILE, SOCIAL, CLOUD AND INFORMATION

INITIATIVES

• IAM BEST PRACTICES FOR DEPLOYMENT AND OPERATIONS

• LEVERAGING EXTERNAL IDENTITIES

• DATA SECURITY AND IAM CONVERGENCE

• JUSTIFYING IAM VALUE FOR THE BUSINESS

Go to page XX for details.

(2)

Identity Heats Up: Next Steps in Future-Proofing IAM

IAM is in the spotlight. Can you feel the heat?

Identity and access management has never been so hot. Mobile, social, cloud and analytics are transforming

IT, business and entire markets. These new capabilities depend on secure and consistent access to succeed.

From its new location in Los Angeles, CA, Gartner Identity & Access Management Summit 2013, November 18 – 20,

provides the insights and recommendations that IAM professionals need to craft and implement an effective IAM strategy

and essential new IAM governance protocols. Join us to find out how IAM can help transform the business and how the

best IAM systems go beyond secure access to deliver greater agility, transparency and efficiency.

Key benefits of attending

• Learn what’s on the horizon for IAM — the trends,

future technologies and changing market

• Plan and organize your IAM program and create an

IAM strategy

• Understand what is really going on in the world of

IAM today

• Create a strategy for dealing with IAM implications

related to mobile, social, cloud and information

• Gain real-world insight into identity administration,

mobility, cloud, privacy and identity externalization

Who should attend

Anyone responsible for IAM programs including:

• CISOs, CSOs and their teams

• CIOs and other IT directors

• Vice presidents, directors and managers of network

security, information security and identity management

• IT/IS directors and managers

• Enterprise architects and planners

North America’s

most important

annual gathering

of the identity

and access

management

community

Value-driven Gartner research for your

personal IAM needs

When you join us at Gartner Identity & Access Management Summit 2013,

you’ll walk away with the ability to craft an IAM strategy, evaluate appropriate

solutions and align with business needs to deliver the maximum business value.

From bring your own device (BYOD), advanced IAM analytics and IAM as a

service, to budget concerns, articulating the business value of IAM and aligning

IAM strategy with business goals, five in-depth conference tracks are designed

to update your understanding of key priorities across IAM today.

Fresh insight for the challenges you’re facing now

• More analysts! Twenty-three analysts and consultants will be on-site for

one-on-one meetings

• New town hall sessions

• New content added on information security

• More technical content! An expanded amount of content that takes a

deep dive into IAM with the Technical Insights track presented by Gartner

for Technical Professionals

• Customized agenda and networking opportunities by industries such as

4 Keynote Sessions

5 Meet the Analysts

6 Agenda Tracks

7 Summit Features

8 Agenda at a Glance

10 Session Descriptions

14 Solution Showcase

15 Registration and Pricing

(3)

Ant Allan

Vice President

Felix Gaehtgens

Director

John Girard

Vice President and Distinguished Analyst

F. Christian Byrnes

Managing Vice President

Homan Farahmand

Director Gartner Consulting

Jay Heiser

Vice President

MEET THE ANALYSTS

KEYNOTE SESSIONS

Eric Ouellet Vice President Earl Perkins Vice President Ian Glazer Vice President Gregg Kreizman Vice President Mark Nicolett

Trent Henry Vice President Andrew Walls Vice President Jeffrey Wheatman Leadership Partner, Gartner for Enterprise IT Leaders Heidi L. Wachs Director Neil Wynne Service Analyst Mary E. Ruddy Director

Gartner analysts draw on the real-life challenges and solutions experienced by clients from 13,000

distinct organizations worldwide.

Gartner keynotes

F. Christian

Byrnes

Andrew Walls

Vice President

Gartner for Technical

Professionals

Gartner for Technical

Professionals provides in-depth,

how-to research for your project

teams to help them assess new

technologies at a technical level,

develop technical architecture

and design, evaluate products

and create an implementation

strategy that supports your

enterprise’s IT initiatives.

Ant Allan

Vice President

Felix

Gaehtgens

Director

Ian Glazer

Vice President

Gregg

Kreizman

Vice President

Opening Keynote: The Future of Managing Identity —

IAM Scenario

For a long time, we’ve called the process of enabling access “identity and

access management” primarily because our pursuit of managing identities

was done so that we could use them to access applications and data. But

what will happen to this enabler, this identity, when more and more applications

and services demand more of the identity construct? How will we make sense

of such an environment, and how much will truly be managed?

The 2013-2014 Gartner Magic Quadrants and

MarketScopes for IAM

In this session, authors of Gartner Magic Quadrants and MarketScopes for

IAM discuss the trends within their various markets, the Magic Quadrant and

MarketScope findings and address audience questions. Topics and tools

specifically covered include authentication technologies, user administration

or provisioning, identity and access governance, Web access management

and identity federation.

The Gartner Five-Year Security and Risk Scenario

The Gartner research community for security and risk is composed of more

than 50 dedicated and contributing analysts. This scenario represents their

five-year projection of the state of security and risk. The intent is to provide a

base for your long-term strategic planning.

Closing Keynote: Putting Strategy Into Action

In this informal panel and discussion, Gartner IAM analysts reveal their key

take-aways from the conference. Key issues include: What trends have been

revealed while talking to attendees? What should attendees do as soon as

possible upon returning to the workplace? How best can attendees leverage

their conference experience?

Nick Nikols Director

Mark Nicolett

Earl Perkins

Vice President

Guest keynote speakers to be announced soon!

Visit gartner.com/us/iam for agenda updates.

Ray Wagner

Brian Iverson

(4)

Strategic Planning: Foundations, Controls and Processes

Every program needs a solid foundation. This track provides the

information you need to properly plan and organize your IAM program,

create an IAM strategy, and ensure that processes and controls are

implemented to gain real business benefits. We provide valuable,

time-proven best practices and help you avoid a number of pitfalls.

• IAM program management and

governance

• Data access governance

• IAM and cybersecurity

• Developing a realistic

IAM strategy

IAM in the Trenches: Getting the Most Out of Your Infrastructure

What’s really going on in the world of IAM today? What are your peers

doing, and how can you best deploy the technology that you have?

In this track, we help you make the most of the tools you have and

help you ensure that you are positioning your current IAM infrastructure

for success.

• Single sign-on

• Directories for internal and

cloud services

• Identity governance and

administration

• Justifying IAM value for

the business

Emerging Trends: The Mobile, Social, Cloud and Information

Revolution

The Nexus of Forces — mobile, social, cloud and information —

continues to stretch established IAM programs. But how can you

separate fact from hype? Now is the time to think about strategies for

each of these forces. If you aren’t, then you will be behind before you

know it. In this track, we explore where and how IAM can support

and leverage these emerging trends and technologies.

• IAM supporting mobile, social,

cloud and information initiatives

• The future of managing identity

• Content and context awareness

• Mobile authentication practices

Security and IAM: Safeguarding Access Together

IAM and security are related disciplines. There are process,

organizational, functional and technology overlaps that should be

considered so that you can maximize your investment and have a

multifaceted approach to IAM, infrastructure protection and risk

management. In this track, we explore the intersection of IAM and

security, and we cover hot-button security topics.

• User activity monitoring

• Data security and IAM

convergence

• Content-aware data loss

prevention

• Future security and risk scenario

Technologists’ Perspective: IAM in the Modern Era

This year, we continue the popular addition of sessions by Gartner for

Technology Professional analysts. These are in-depth talks providing

real-world insight into identity administration mobility, cloud, privacy and

identity externalization.

• New trends in identity

administrations

• Managing non-employee identities

• Enterprise identity in public and

private clouds

• Building a modern federation

architecture for a cloud, mobile

and social world

Take your IAM program to the next level

ANALYST-USER ROUNdTABLES

SUMMIT FEATURES

AGENdA TRACKS

• AUR1. DLP Roundtable Eric Ouelett

• AUR2. Saving Privacy in the Public Cloud Heidi L. Wachs

• AUR3. Shared Experiences With Identity Governance and

Administration Ian Glazer

• AUR4. Fine-Grained Access Control Ian Glazer, Felix Gaehtgens

• AUR5. Where Has Your PKI Been — Where Is It Going? Trent Henry

• AUR6. Government Identity Issues and Solutions Gregg Kreizman

• AUR7. TBA

• AUR8. IAM and Mobility Trent Henry

As an attendee of this event, any

session you participate in that

advances your knowledge within that

discipline may earn you continuing

professional education (CPE) credits

from the following organizations:

• (ISC)

2

_{(CISSP, CAP, SSCP and}

CSSLP)

• ISACA (CISA, CISM and CGEIT)

Event Approval Tools

• Customizable letter, cost-benefit

analysis, cost optimization highlights

• Post-event conference

summary report

Events Navigator

• Customize your agenda

• Schedule analyst one-on-ones,

analyst-user roundtables or

workshops

• Connect with peers, using the

networking tool

• Manage your agenda on your

mobile device with the Gartner

Events Navigator mobile app

Media Center

• Watch related summit videos

• Read related Twitter feeds, analyst

blogs and press releases

EARN CPE CREdITS

VALUABLE

ONLINE TOOLS

Experience the power of Gartner IAM

research — Live!

Analyst one-on-ones

Sign up for two private, 30-minute consultations with the Gartner analyst

of your choice and get targeted advice on the specific IAM challenges

you’re currently facing.

Seating is limited and general preregistration

opens on October 21. (End users only)

Analyst-user roundtables

Moderated by Gartner analysts, these popular peer-to-peer discussions

provide you with the opportunity to explore today’s hottest IAM issues in

an informal setting.

Seating is limited and general preregistration opens

on October 21. (End users only)

Track sessions

Leveraging the latest Gartner IAM research, these sessions focus on

providing real-world information that help you make better decisions and

drive results.

Hands-on workshops

These small-group workshops immerse you in real-world problem solving,

with practical take-aways.

Seating is limited and preregistration required.

(End users only)

End-user case studies

Hear directly from user practitioners who share the lessons learned and the

successes and challenges of IAM initiatives.

Solution Showcase

Meet with today’s leading and emerging IAM solution providers, all in one

room, and get the latest information and demonstrations on new products

and services.

Hot topics by track

By 2017, more than 50% of enterprises will choose cloud-based services as the

delivery option for new or refreshed user authentication implementations — up from

less than 10% today.

(5)

SUNDAY, NOVEMBER 17

2:00 p.m. Registration

3:00 p.m. T1. IAM 101 Felix Gaehtgens T2. Fundamentals of UserProvisioning and Identity and Access Governance Ian Glazer W1. Workshop:The Gartner ITScore Maturity Model for IAM Ant Allan, Ray Wagner

4:15 p.m. T3. Authorization Architectures Ian Glazer

5:30 p.m. Event Orientation and Welcome Reception TBA

MONDAY, NOVEMBER 18

7:00 a.m. Registration

7:00 a.m. General Networking Breakfast

8:15 a.m. K1a.Opening Keynote The Future of Managing Identity — IAM Scenario Ant Allan, Gregg Kreizman, Earl Perkins, Felix Gaehtgens

9:00 a.m. K1b.Gartner Keynote Welcome and Opening Remarks Gregg Kreizman

Track A

Strategic Planning: Foundations, Controls and Processes

Track B

IAM in the Trenches: Getting the Most Out of Your Infrastructure

Track C

Emerging Trends: The Mobile, Social, Cloud and Information Revolution

Track d

Security and IAM: Safeguarding Access Together

Track E

Technologists’ Perspective: IAM in the Modern Era

9:45 a.m. A1. Developing Identity and Access Management Processes and Controls Earl Perkins

B1. What Do You Buy for the Users Who Have (Access to) Everything? Ant Allan, Felix Gaehtgens

C1. Cloud, Mobile, Social: What Have You Done to My IAM Infrastructure?! Gregg Kreizman

D1. The Cyberthreat Landscape Mark Nicolett E1. Beyond Join, Move, Leave: Implications of Identity and Access Management in the Modern Era Ian Glazer

11:00 a.m. Solution Provider Sessions

12:00 p.m. Attendee Lunch and Solution Showcase Dessert Reception

1:45 p.m. W2. Workshop: How to Build a Modern Federation Architecture for a Cloud, Mobile and Social World Mary E. Ruddy

2:15 p.m. A2. IAM Program Management and Governance: Building Firm Foundations for Future Success Ant Allan

B2. Get the Plumbing Right: Directories for Internal and Cloud Services Andrew Walls

C2. Why Is Your Organization at Greater Risk Now That It Is Encrypting Sensitive Data? Eric Ouellet

D2. Mobile Device Security Exploits in Depth John Girard E2. Are Your Users Sick of Typing Passwords on Mobile Devices? Give ’Em SSO Now! Trent Henry

3:15 p.m. Solution Provider Sessions

4:30 p.m. A3. Sharing Data Without Losing It Jay Heiser B3. Town Hall: Identity Governance and Administration — Learning From the Experts Felix Gaehtgens

C3. Good Authentication Practices for Smartphones and Tablets

John Girard

D3. Detect Data Breaches With User Activity Monitoring

Mark Nicolett

E3. The Role of Enterprise Identity in Public and Private Clouds

Nick Nikols

5:45 p.m. K2. Gartner Keynote The 2013-2014 Gartner Magic Quadrants and MarketScopes for IAM Ant Allan, Gregg Kreizman, Felix Gaehtgens

6:30 p.m. Solution Showcase Reception

TUESDAY, NOVEMBER 19

7:00 a.m. General Networking Breakfast by Industry and Topics 8:00 a.m. K3. Guest Keynote TBA

9:15 a.m. A4. Practicing Safe SaaS Jay Heiser B4. Who? Ant Allan C4. Case Study TBA D4. Dealing With Advanced Threats and Targeted Attacks

Mark Nicolett

E4. What About Everyone Else? Managing Non-Employee Identities

Mary E. Ruddy

9:30 a.m. W3. Workshop: How an IAM RFP Can Help You Choose the Best Solution for Your Business Earl Perkins

11:45 a.m. A5. IAM for Applications and Data: The Rise of Data Access Governance in IAM Earl Perkins

B5. How to Get to Single Sign-On Gregg Kreizman, Neil Wynne C5. Social Realism in Your IAM Future Ant Allan D5. Town Hall: Lessons Learned (and Fingers Burned) in IT Risk Management Practices Jeffrey Wheatman

E5. Adaptive Access Control: Holy Grail, Snake Oil or the Next Big Thing? Trent Henry

12:30 p.m. Attendee Lunch and Solution Showcase

1:45 p.m. W4. Workshop: Shifting IAM Design Principles and Adjusting Your Capabilities Architecture Homan Farahmand

2:45 p.m. K4. Gartner Keynote: The Gartner Five-Year Security and Risk Scenario F. Christian Byrnes, Andrew Walls

4:00 p.m. Solution Provider Sessions

4:45 p.m. A6. Case Study TBA B6. Town Hall: Selling IAM to the Business Felix Gaehtgens, Earl Perkins

C6. Managing Mobile Identity Amid Diversity

John Girard, Trent Henry

D6. Management Still Doesn’t Get Security (and What You Can Do About That) F. Christian Byrnes

E6. Saving Privacy in the Cloud Heidi L. Wachs

5:45 p.m. Hospitality Suites

WEDNESDAY, NOVEMBER 20

7:00 a.m. Breakfast With the Analysts PB1. Power Breakfast: Top Security Trends and Take-Aways for 2014 Ray Wagner

8:00 a.m. W5. Workshop: Not Going It Alone — Using Consultants and Integrators Brian Iverson, Earl Perkins

8:15 a.m. A7. Developing a Process-Based Security Organization

Jeffrey Wheatman

B7. Case Study TBA C7. Identity Intelligence or Employee Surveillance? Andrew Walls D7. So You Have a New Content-Aware Data Loss Prevention Solution … Now What? Eric Ouellet

E7. How to Cope With Two Sides of BYOD: Bring Your Own Device and Bring Your Own (Personal) Data Trent Henry, Heidi L. Wachs

10:15 a.m. A8. IAM, Cybersecurity and the Internet of Everything Earl Perkins B8. Privileged Account Management for Private Cloud and IaaS Environments Nick Nikols

C8. How Will Content and Context Awareness Change Your Existing IAM Deployment During the Next Five Years? Eric Ouellet

D8. Linking Risk and Security to Business Decision Making: Creating KRIs That Matter F. Christian Byrnes

E8. Case Study TBA

11:15 a.m. K5. Closing Keynote: Putting Strategy Into Action Ant Allan, Ian Glazer, Gregg Kreizman, Mark Nicolett, Earl Perkins

12:15 p.m. Conference Adjourns

AGENdA AT A GLANCE

(6)

TRACK A

Strategic Planning:

Foundations, Controls

and Processes

A1. developing Identity and Access Management Processes and Controls As IAM enterprise programs mature, developing an effective process for planning and operations becomes critical. Understanding how basic security controls are applied to IAM policy and process — and how that process informs architects, developers and operations — is a key success factor. What do IAM controls and process look like, and how can this knowledge be applied in the enterprise? Earl Perkins

A2. IAM Program Management and Governance: Building Firm

Foundations for Future Success Identity and access management initiatives need good program management and sound governance, but existing information security programs and governance frameworks may be incomplete. This session sets out the Gartner recommendations for IAM program management and governance, which typically build on and extend information security best practices in ways that address the more intimate relationship that IAM has with the business.

Ant Allan

A3. Sharing data Without Losing It

Today’s security managers are struggling to meet the growing demands to share enterprise data with personal devices and external parties. This session provides a use case model for the choice of collaborative systems with data protection technology that matches business needs for data protection.

Jay Heiser

A4. Practicing Safe SaaS

Most enterprises continue to struggle

but gaps still remain. This presentation provides guidance on the creation of a SaaS usage profiles.

Jay Heiser

A5. IAM for Applications and data: The Rise of data Access Governance in IAM

Access to unstructured data has always been a concern to an enterprise. How can IAM provide administration, access, analytics capabilities for access to files, folders and other data formats? How can data access governance truly become part of identity governance and administration? Earl Perkins

A6. Case Study TBA

A7. developing a Process-Based Security Organization

Do you need a dedicated security team? If so, what should it look like? How many people do you need? Whom does it report to? There is no such thing as a perfect, universally appropriate model for security organizations. Every organization must develop its own process-based model, taking into consideration basic principles and practical realities.

Jeffrey Wheatman

A8. IAM, Cybersecurity and the Internet of Everything

The Internet is expanding to include connections not only to people but also to machines: automobiles, buildings, power grids — millions of sensors and control systems, all needing protection and access. How can enterprises that embrace the Internet of Everything (IoE) in their businesses prepare for such systems from an IAM perspective?

Earl Perkins

TRACK B

IAM in the Trenches:

Getting the Most Out of

Effectively managing privileged accounts — default administrator and other shared accounts, as well as personal accounts, used by internal or external users — requires a fine balance between security, operational and business needs. Ant Allan, Felix Gaehtgens

B2. Get the Plumbing Right: directories for Internal and Cloud Services

Buildings and identity management don’t work well if the “plumbing” is not designed, deployed and maintained. Behind every shiny, new IAM program is a wilderness of directories, databases, synchronization events and trust relationships. If you don’t sort out the system, your IAM program is doomed to failure. This presentation dives into the “plumbing” and identifies what works and what doesn’t when it comes to directories, whether at home or in the cloud.

Andrew Walls

B3. Town Hall: Identity Governance and Administration — Learning From the Experts

Identity governance and administration (IGA) projects are often the most challenging IAM projects. In this town hall session, Gartner analysts discuss audience questions about IGA planning, strategy and execution.

Felix Gaehtgens

B4. Who?

Establishing the identities of the people who get access to your networks, systems and services is fundamental to other IAM services; insufficient trust in those identities erodes the value of authorization, audit and analytics. The Nexus of Forces has offered new ways of providing identity assurance but also has created challenges for traditional methods and delivery options. · What is identity assurance anyway and

why should I care?

· How has the Nexus of Forces changed the identity assurance landscape? · Can we look forward to a world without

passwords and tokens?

result of disparate identity silos, increased password-related support costs and user frustration. This session helps attendees make decisions about strategies and tools to achieve SSO securely.

Gregg Kreizman, Neil Wynne

B6. Town Hall: Selling IAM to the Business

Many organizations struggle to

demonstrate the value of the IAM program. Without an ability to communicate costs and value to the board or other IAM sponsors, IAM programs may languish and not be properly resourced — or worse! In this town hall session, Gartner analysts discuss audience questions regarding how to overcome the perceptions that IAM is purely a cost center and to highlight real business benefits.

Felix Gaehtgens, Earl Perkins

B7. Case Study TBA

B8. Privileged Account Management for Private Cloud and IaaS

Environments

This session delves into the new security challenges that are exposed in private cloud and IaaS deployments. It illustrates how both traditional and new identity technologies can be employed to address these challenges.

Nick Nikols

TRACK C

Emerging Trends: The

Mobile, Social, Cloud and

Information Revolution

C1. Cloud, Mobile, Social: What Have You done to My IAM Infrastructure?!

Cloud computing and mobile endpoint adoption break established IAM architectures and challenge security leaders to deliver secure access services to their enterprises. This session

C2. Why Is Your Organization at Greater Risk Now That It Is Encrypting Sensitive data? Your organization has implemented encryption to protect your sensitive assets and has fulfilled an annoying requirement. Are you really better off than you were before? Or is the security blanket actually on fire?

Eric Ouellet

C3. Good Authentication Practices for Smartphones and Tablets The price and complexity of traditional authentication is more than just unpopular with mobile users; many platforms simply do not support robust identity access methods. We offer a path for making strategic decisions about mobile authentication and answer the question, “Who benefits from good authentication?” John Girard

C4. Case Study TBA

C5. Social Realism in Your IAM Future While the use of social login to simplify new customer registration and customer login is getting increasing attention from

enterprises and IAM vendors, this may be the least impact that social has on enterprises’ IAM programs. This session explores how social will reset your IAM world and how IAM can evolve to meet the challenges and embrace the opportunities of social amid the Nexus of Forces. · Who is using social login, and why and

what additional risks does it pose for the enterprise?

· How can social benefit enterprise IAM in other ways?

· To what extent will social identities become things that enterprise IAM must manage?

Ant Allan

C6. Managing Mobile Identity Amid diversity

When organizations establish “bring your own device” policies and acknowledge the diversity of consumer mobile devices, they show they are prioritizing user choice and

attendees the opportunity to get answers to the hard questions about mobile diversity.

John Girard, Trent Henry

C7. Identity Intelligence or Employee Surveillance?

The expansion of identity into cloud platforms provides enterprises with unparalleled opportunities to develop a more complete understanding of

the services that their users access, where they are when they access a service and how they use those services. In other words, IAM gives us new abilities to spy on our users. This presentation takes a candid look at the promises and perils of identity intelligence with an aim to keeping you out of jail.

Andrew Walls

C8. How Will Content and Context Awareness Change Your Existing IAM deployment during the Next Five Years?

For how many years has your corporate IAM project been an ongoing activity? You know it goes from one extreme to the other — too coarse, too fine, then back again — each time, with changes to your organization that end up costing you more time and resources. Is there a better approach on the horizon? Eric Ouellet

TRACK d

Security and IAM:

Safeguarding Access

Together

d1. The Cyberthreat Landscape Recent security breaches highlight an evolving and precarious threat environment. Attacks are financially motivated and are supported by a sophisticated underground economy. To stay a step ahead of the “bad guys,” enterprises need to invest wisely in security tools and personnel. Finding the right

(7)

d2. Mobile device Security Exploits in depth

How can we stop worrying about mobile security? You can’t trust the OS or the apps, the user resists security practices and your company doesn’t own the device. This presentation puts the inconvenient facts front and center with real examples and offers a path forward to reduce risk while still taking user experience into consideration. John Girard

d3. detect data Breaches With User Activity Monitoring

The ability to monitor user activity and resource access has become increasingly important because the number of targeted attacks has grown. Organizations need to incorporate identity intelligence into their security monitoring to increase the chance of early breach detection.

Mark Nicolett

d4. dealing With Advanced Threats and Targeted Attacks

Today’s attacks are stealthy and targeted to steal critical data or compromise specific accounts. Organizations need to present a hard target to an attacker, implement shielding to protect systems and applications, and get better at threat and breach detection. Mark Nicolett

d5. Town Hall: Lessons Learned (and Fingers Burned) in IT Risk Management Practices

Risk management is more art than science. The best way to learn risk management is to practice it. And the risk management approach must suit the culture of the organization. This presentation shares experiences, pitfalls and best practices encountered by Gartner analysts during their travels and daily interactions with clients.

Jeffrey Wheatman

d6. Management Still doesn’t Get Security (and What You Can do About That)

Many management teams just don’t get it. After a failure, security and IT risk become priorities, but only for a while; after long

teams go back to not caring. A modern security and IT risk program needs continuously engaged non-IT decision makers. In this session, you learn how to engage executive management teams and keep them continuously engaged.

F. Christian Byrnes

d7. So You Have a New Content-Aware data Loss Prevention Solution … Now What?

Since data loss prevention (DLP) is quickly becoming part of the standard of due care for various industries (finance, insurance, healthcare, manufacturing and design), it is still a very misunderstood technology for what it can and should be used for. This session looks at the best approaches for implementing a new DLP solution and gets you from zero to very useful.

Eric Ouellet

d8. Linking Risk and Security to Business decision Making: Creating KRIs That Matter The term “key risk indicator” (KRI) has come to mean “our most important metrics,” but the criteria for “most important” usually falls short of “most useful.” The definition varies greatly across different organizations, so there are no standards. Good KRIs should influence business decision making.

F. Christian Byrnes

TRACK E

Technologists’

Perspective: IAM in

the Modern Era

E1. Beyond Join, Move, Leave: Implications of Identity and Access Management in the Modern Era The world in which IAM now operates has changed radically during the past decade; the world is now more agile, with larger constituencies and less visibility offered to traditional identity services. This has a profound implication for existing IAM architectures. These architectures do not have to be abandoned to adapt to the modern world, but changes are ahead.

E2. Are Your Users Sick of Typing Passwords on Mobile devices? Give ’Em SSO Now!

The contrasts between elegant user experience, usability and security is distinct on mobile devices. Just as users are feeling productive and engaged with shiny new handhelds, the act of authenticating suddenly feels archaic and a waste of time. How do we make things better while maintaining assurance? Mobile single sign-on (SSO) is a goal that most enterprises seek, but the solution space is maturing rapidly — but not smoothly. This session describes the major

alternatives for mobile SSO and the typical components deployed for success. Trent Henry

E3. The Role of Enterprise Identity in Public and Private Clouds

This session examines how to better facilitate the integration of private and public clouds with enterprise identity infrastructure, the maturity of these capabilities, and the role identity plays within these environments.

Nick Nikols

E4. What About Everyone Else? Managing Non-Employee Identities For years, identity and access

management initiatives have focused on internal employee populations. But, in today’s highly connected business environment, organizations must manage identities for not only employees but also non-employees, including contractors, customers, partners and vendors. The use cases for managing non-employee identities bring unique challenges that require fresh solutions.

Mary E. Ruddy

E5. Adaptive Access Control: Holy Grail, Snake Oil or the Next Big Thing?

Our users do much more than traipse about with authentication tokens in their pockets. They log in at regular and recurring times, demonstrating a behavior pattern. They carry phones with

geolocation information and interesting sensors. They have unique knowledge about themselves for answering tricky

of interesting context. However, we aren’t using their context to its fullest during authentication and authorization. Enter adaptive access control.

Trent Henry

E6. Saving Privacy in the Public Cloud

Enterprise data is moving to the public cloud, with privacy and compliance risks often as an afterthought. This session discusses how to address the privacy risks associated with moving enterprise data into the public cloud, insight into successfully entering into these

agreements and guidance on retroactively bringing the entire organization into a comprehensive cloud strategy. Heidi L. Wachs

E7. How to Cope With Two Sides of BYOd: Bring Your Own device and Bring Your Own (Personal) data

Where bring your own device isn’t the answer, enterprises have to rely on corporately owned devices only to discover that people are bringing their own personal data (and applications) to those devices; this is the world of COPE — corporately owned, personally enabled. This session explores the privacy implications of how enterprises balance their information protection needs with employee expectations of personal data privacy on mobile devices, whether supplied by the enterprise or employee.

Trent Henry, Heidi L. Wachs

E8. Case Study TBA

W1. The Gartner ITScore Maturity Model for IAM

IAM leaders use this Gartner assessment to evaluate their IAM efforts against key maturity indicators. This helps determine which aspects of a maturity level are most important and shows how to advance. Immature programs are likely to be inefficient, ineffective and unable to deliver

Ant Allan, Ray Wagner

W2. How to Build a Modern

Federation Architecture for a Cloud, Mobile and Social World

Identity and access management

infrastructure needs to meet the demands of an increasingly networked and

outsourced world. Cross-domain access is now becoming commonplace. In order to manage the growing complexity, select standards on the basis of products that support more granular and adaptive decision making.

Mary E. Ruddy

W3. How an IAM RFP Can Help You Choose the Best Solution for Your Business

There are many tools that are used to choose IAM technologies and services for purchase. One of the most common is the request for proposal (RFP) or tender. A structured and thorough RFP captures a buyer’s requirements and ensures that the vendors selected are the right fit for the enterprise. Building a good RFP is a science, and an important one to ensure the success of IAM projects. This workshop seeks to provide you with a process and components to build an RFP for the common IAM technologies. Earl Perkins

W4. Shifting IAM design Principles and Adjusting Your Capabilities Architecture

The rising IAM complexity is driving a shift in IAM design principles from manage access to manage access risk. In this workshop, we discuss how leading organizations are trying to factor risk in IAM architecture strategies.

Homan Farahmand

W5. Not Going It Alone: Using Consultants and Integrators

The key to delivering an effective identity and access management solution for your enterprise is primarily in the hands of the IAM consultant or integrator. The very success of most IAM deployments hinges on how good these providers do their job for you. What consultant or integrator is best for what type of IAM technology or service deployment? This workshop seeks to provide you with an approach to choosing consultants or integrators well. Brian Iverson, Earl Perkins

T1. IAM 101

Identity and access management is well established as a cornerstone of information security and can deliver real business value beyond its contributions in efficient and effective security, risk management and compliance. Here we look at the pieces of the IAM jigsaw puzzle, and how they fit together. Felix Gaehtgens

T2. Fundamentals of User Provisioning and Identity and Access Governance

Provisioning and identity access governance (IAG) technologies form the foundation of an identity management solution. In this session we provide a component description and architectural overview of these technologies. We also offer deployment considerations, insights and best practices based on years of customer experience.

Ian Glazer

T3. Authorization Architectures Authorization is the science of determining whether a person is allowed to perform an action in an application on a piece of data. Where authorization decisions are made is often just as important as how those decisions are made. This advanced tutorial explores multiple authorization architectures, evaluating the pros and cons of each.

Ian Glazer

SESSION dESCRIPTIONS

Workshops

(8)

Authentify, Inc. Aveksa Axway Beta Systems Software AG BeyondTrust Covisint Corporation Fischer International Identity FishNet Security ForgeRock Hitachi ID Systems Identropy ILANTUS Technologies Pvt. Ltd. NetIQ NuData Security Okta Omada OneLogin Oracle Corporation Ping Identity Prolifics

Quantum Secure Inc. Radiant Logic STEALTHbits Technologies, Inc. Symplified, Inc. Tools4ever View DS Identity Solutions Xceedium, Inc. Lieberman Software provides award-winning privileged

identity management and security management products to more than 1200 active customers worldwide, including 40 percent of the Fortune 50. By automatically discovering and managing privileged accounts throughout the network, Lieberman Software helps secure access to sensitive systems and data, thereby reducing internal and external security vulnerabilities, improving IT productivity and helping ensure regulatory compliance. Lieberman Software products scale to the largest enterprises in the world and deploy in minutes.

AlertEnterprise Security Convergence capabilities are revolutionizing Identity and Access Governance while extending Identity and Access Management beyond IT to include Physical and SCADA security for the true prevention of risk against fraud, theft and malicious threats. AlertEnterprise delivers Situational Awareness as well as Incident Management and Response for true IT – OT Integration.

Cyber-Ark®_{Software is a global information security}

company that specializes in protecting and managing privileged users, sessions, applications and sensitive information to improve compliance, productivity and protect organizations against insider threats and advanced external threats. Its award-winning Privileged Identity Management, Privileged Session Management and Sensitive Information Management Suites, help organizations effectively manage and govern data center access and activities, whether on-premise, off-premise or in the cloud.

SailPoint helps the world’s largest organizations securely deliver and effectively manage user access from any device to data and applications in the datacenter, on mobile devices, and in the cloud. SailPoint’s innovative portfolio delivers integrated identity governance, provisioning, and access management on-premises or as a cloud-based service (IDaaS). Visit www.sailpoint.com.

RSA, The Security Division of EMC, is the premier provider of security, risk and compliance management solutions for business acceleration. RSA helps organizations solve their most complex and sensitive security challenges by bringing visibility and trust to millions of user identities, the transactions they perform and the data that is generated. RSA delivers identity assurance, encryption & key management, SIEM, Data Loss Prevention, Continuous Network Monitoring, and Fraud Protection with industry leading eGRC capabilities and robust consulting services. www.RSA.com

Centrify provides unified identity services across data center, cloud and mobile — resulting in one single login for users and one unified identity infrastructure for IT. Centrify’s software and cloud services let organizations securely leverage their existing identity infrastructure to centrally manage authentication, access control, privilege management, policy enforcement and compliance across on-premise and cloud resources.

Get the security you need in the way that best suits your situation. Dell Software’s IAM solutions make managing access simple and efficient without costly customization or rigid technology. Our modular and integrated approach addresses your immediate security and compliance concerns while ensuring that future business needs are met.

Thycotic Software, Ltd. provides password and access management solutions to IT administrators worldwide. Over 75,000 IT professionals use our Identity and Access Management (IAM) tools. Secret Server is a password management system for IT pros to store, organize and manage privileged/shared accounts in an on-premise, web-based vault.

IBM Security offers one of the world’s broadest, most advanced and integrated portfolios of enterprise security products and services. The portfolio, supported by world-renowned IBM X-Force®_research

and development, provides the security intelligence to help holistically protect people, infrastructure, data and applications for protection against advanced threats in today’s hyper-connected world.

Verizon Enterprise Solutions creates global connections that generate growth, drive business innovation and move society forward. With industry-specific solutions and a full range of global wholesale offerings provided over the company’s secure mobility, cloud, strategic networking and advanced communications platforms, Verizon Enterprise Solutions helps open new opportunities around the world for innovation, investment and business transformation. Visit www.verizonenterprise.com to learn more. Courion is the only company to offer a complete real-time, risk aware Identity and Access Management (IAM) solution that enables you to visually recognize and reduce risk. With Courion, you can confidently provide open and compliant access to all while also protecting your critical company data from unauthorized access.

Rapid technology evolution means that keeping up with innovators and industry leaders is essential.

Visit our Solution Showcase and find the IAM vendors that fit your individual and organization’s needs.

Gartner event tickets

We accept one Gartner summit ticket or one Gartner Catalyst ticket for payment. If you are a client with questions about tickets, please contact your sales representative or call +1 203 316 1200.

Team Attendance Program:

Leverage more value across your organization

Knowledge creates the capacity for effective action. Imagine the impact on

your organization when knowledge multiplies: common vision, faster

responses, smarter decisions. That’s the Gartner Team Attendance effect.

You’ll realize it in full when you attend a Gartner event as a group. Maximize

learning by participating together in relevant sessions. Split up to cover more

ground, sharing your session take-aways later. Leverage the expertise of a

Gartner analyst in a private group meeting.

Team benefits

• Team meeting with a Gartner analyst

(end users only)

• Role-based agendas

• On-site team support: Work with a

single point of contact for on-site

team deliverables

• Complimentary registrations

For more information, email [email protected] or contact your

Gartner account manager.

REGISTRATION ANd PRICING

SOLUTION SHOWCASE

Save $300 when you register

by September 27

Early-bird price: $2,075

Standard price: $2,375

3 WAYS TO REGISTER

Web:

gartner.com/us/iam

Email:

[email protected]

Phone:

1 866 405 2511

$239 per night at JW Marriott

Los Angeles L.A. LIVE

900 West Olympic Boulevard

Los Angeles, CA

Phone: 1 888 832 9136

PREMIER SPONSORS

PLATINUM SPONSORS

SILVER SPONSORS

MEdIA ANd ASSOCIATION PARTNERS

EARLY-BIRd dISCOUNT

EXPIRES SEPTEMBER 27

SPECIAL GARTNER

HOTEL ROOM RATE

NO NEEd TO TAKE NOTES

Gartner events deliver what you need

We’ve developed a series of offers, features and conference essentials to

ensure that your time at a Gartner summit results in real value and delivers

everything you need — efficiently and effectively.

Event Approval Tools

For use pre-event, on-site and post-event, our Event Approval Tools make it

easy to demonstrate the substantial value of your Gartner event experience

to your manager. They include a customizable letter, cost-benefit analysis, top

reasons to attend and more. Visit gartner.com/us/iam for details.

Complimentary registrations

1 for every 3 paid registrations

2 for every 5 paid registrations

3 for every 7 paid registrations

Become a aponsor

David Sorkin

Director

Gartner Events

+1 203 316 3561

[email protected]

(9)

Presorted Standard U.S. Postage PAID Gartner Gartner, Inc. 56 Top Gallant Road Stamford, CT 06902-7700

PO Box 29307 Shawnee, KS 66201

Change Service Requested

Security & Risk Management Summit 2013

August 19 – 20 | Sydney, Australia

Security & Risk Management Summit 2013

September 18 – 19 | London, U.K.

Catalyst Technical Forum on Mobility & Cloud 2013

September 25 | London, U.K.

Connect with Gartner Identity & Access Management

Summit on Twitter and LinkedIn.

#GartnerIAM