- Speakers At Catalyst
- About Speakers
- Current Agenda
- Hospitality Suites
- About Hospitality Suites
- List of 2009 Hospitality Suite Hosts
- Tracks
- SOA Is Dead; Long Live Services
- Future Work: Any Time, Any Place
- Cloud Computing's Business Advantage
- Virtualization: The Key to the Dynamic Data Center
- Identity Management: Making It Pay Off
- Networks for Dynamic Enterprises
- Risk Management in Risky Times
- Information Management: Business Know Thyself
Catalyst Tracks:
- SOA is Dead; Long Live Services
- Future Work: Any Time, Any Place
- Cloud Computing's Business Advantage
- Virtualization: The Key to the Dynamic Data Center
- Identity Management: Making It Pay Off
- Networks for Dynamic Enterprises
- Risk Management in Risky Times
- Information Management: Business Know Thyself
Identity Topics:
IdM Evolution: Markets, Intermediaries, and Services
The Identity Management Market is changing as the world is becoming more mobile, more wireless, and more global. Organizations are becoming more virtual and more collaborative, which means interacting with more people, and more types of people, than ever before. Classical Identity Management systems were not designed to handle people who aren’t employed by the organization, don’t work on its premises, and aren’t covered by the same laws and regulations as those in force at corporate headquarters. The limitations of classical Identity Management systems are pushing the cost of identity up, exposing organizations to compliance and incident costs, and creating business inefficiencies. New Identity Management services – many hosted “in the cloud” – are arising to address these problems. In this topic you’ll learn:
- How to identify the costs of identity in your organization
- What costs can be reduced through the use of in-house IdM technology, and which are best addressed through third-party service providers
- What third-party identity services exist today
- What risks are created by relying on third parties for the management of identity, and how these risks can be addressed and mitigated
- What forces are driving the Identity Management market, and how the market is likely to evolve in response to those forces
Roles in the Real World: What Works
The technology infrastructure of tomorrow’s organization must be flexible; it needs to deal effectively with change. Roles are a key enabler of flexibility because they help reduce dependencies of organizational processes on individuals. But deploying roles has proven to be complex and difficult; roles which are poorly designed align poorly with the needs of the business and create brittle systems which are hard to modify as the needs of the business change. Part of the problem arises from an over-emphasis on the access-control uses of roles. In this topic, you’ll learn:
- That roles support more than access control; they also support transparency and business effectiveness
- How to get started – by engaging the business to contribute to role development
- Who needs to be involved in a role initiative, and how the initiative needs to be governed
- How to develop a stable and effective set of roles
- How to future-proof role design so that it can evolve with the business
- How (and what) to learn from the successes and failures of past role deployments
- How to leverage technology to maintain the use of roles
- How to use roles for business continuity, contingency planning, skills inventory, personnel development, and recruitment
Using What You Have: Improving IdM Efficiency
You don’t have to buy a new IdM suite to make progress on your identity management problems; most organizations have a lot of technology in-house which can be used to solve identity problems if it’s used properly. Especially in a down market, it’s important to focus on core business issues, to aim for incremental progress, and to use and re-use existing assets in smart ways. In this topic you’ll learn how to:
- Do an inventory to scope the problem; discover what processes and data you have in-house
- Dust off shelfware and put it to productive use
- Focus existing audit, event management, and log management resources on identity
- Use audit information to discover roles
- Use features of Active Directory and AD bridge products to meet identity management objectives
- Reduce compliance, privacy, and data quality issues by limiting collection and retention
- Get more leverage out of physical/logical access control integration, mainframe, and ERP systems’ identity features
Identity Transparency and Governance
Failures of transparency are everywhere today. Billions of dollars of off-balance sheet and unregulated derivatives have triggered bank failures. Governments have paid hundreds of billions of taxpayer dollars to banks in exchange for assets of unspecified value. A fifty-billion dollar Ponzi scheme went undetected for a decade. Organizations who don’t know who’s doing what – that is, organizations without transparency – can cease to exist overnight, and they can do significant collateral damage to other businesses and to the public. Identity management is key to transparency. In this topic you’ll learn:
- How to communicate risks to executive management
- What makes a dashboard or report “transparent”
- How to support separation of duties and accountability using identity management technologies and processes
- How to use identity audit, security event management, and data loss prevention to build organizational transparency
- How to use role management and access certification tools to identify insider threats before they become losses
- How to reduce cost of compliance by effective use of identity technologies and processes
Privacy Risks Get Real
Privacy requirements are starting to bite. New laws (in Massachusetts and Ohio, for example), new regulations (PA-DSS, for example), and heightened press coverage of private data breaches during the US Presidential election of 2008 are driving privacy compliance costs and reputation risks up in the USA; the proliferation of international privacy legislation is complicating the privacy picture for multinational organizations. But technologies and processes to protect privacy are also improving; privacy impact assessment practices are solidifying; information classification and search tools are now more able to locate private information; data loss prevention tools are more able to detect its flow through and out of the organization; identity audit and security event management tools keep better records of who did what with whose data. 2009 may be a watershed year for privacy; organizations need to be ready. Privacy isn’t a technology problem; you can DO things without BUYING anything. In this topic, you’ll learn:
- How, and why, to identify private information in your organization’s possession
- How to define privacy for your organization
- What regulations, risks, and costs are driving privacy onto the organization’s radar
- Which tools should be included in the privacy toolbox
- How to benchmark your organization’s privacy practices against recognized good practices in other organizations
