Modern Identity and Access Management: How to Build Trust without Sacrificing Security

ISMG SECURITY EXECUTIVE ROUNDTABLE

Sponsored by CA Technologies

Agenda6:00 – 6:30 p.m.

Registration, Networking

6:30 – 6:45 p.m.

Introductions and Opening Remarks

• Tom Field, SVP Editorial, Information Security Media Group• Naresh Persaud, Senior Director of Security, CA Technologies

6:45 – 8:15 p.m.

Roundtable Discussion

8:15 – 8:30 p.m.

Closing Remarks

8:30 p.m.

Program Concludes

Introduction

Leading organizations understand that data breaches have

become the norm in today’s application economy. With

information everywhere and with personalized experience

driving digital transformation, identity is critical – it’s the

foundation for trust.

But how do we establish and maintain this trust without burdening our users? What are the critical

questions that need to be addressed by anyone managing identity and access management in a modern

enterprise?

If you’re looking for new answers to these questions, then please join me for an exclusive executive

roundtable on Modern Identity and Access Management: How to Build Trust without Sacrificing

Security.

Guided by insight from Naresh Persaud, Senior Director of Security for event sponsor CA Technologies,

this invitation-only dinner will draw from the experiences of the attendees, offering thoughts on how

they have been able to help their organizations meet the modern demands of identity and access

management. Additionally, Persaud will share insights from a new Digital Trust survey conducted with

ISSA members. Among the discussion topics:

• How can you efficiently manage identities and access entitlements in the modern enterprise?

• How do you make security frictionless while decreasing your exposure?

• What is the state of digital trust within your organization, and are you doing a good job ensuring it?

You’ll have the opportunity to discuss modern IAM with a handful of senior executives and market

leaders in an informal, closed-door setting, from which you will emerge with new strategies and solutions

you can immediately put to work.

Modern Identity and Access Management: How to Build Trust without Sacrificing Security 2

Discussion Points

Among the questions to be presented for open discourse:

• Based on the survey results just reviewed, how would you rate the state of digital trust in your

organization today?

• What are your organization’s biggest inhibitors of digital trust?

• How would you describe the state of identity and access management?

• What have you done in the past year to improve IAM?

• What haven’t you done?

• What are your biggest obstacles today to improving IAM – both technical and non-technical?

• What role does “frictionless experience” play in your IAM strategy, and how do you address it?

• What investments will you make in 2018 to improve IAM and the state of digital trust?

Modern Identity and Access Management: How to Build Trust without Sacrificing Security 3

About the ExpertJoining our discussion today, to share the latest insights and

case studies on trusted access is:

Naresh Persaud

Senior Director of Security, CA Technologies

Naresh Persaud is the Senior Director of Security at CA Technologies. He has more than 20 years of

experience in security and identity management across roles encompassing engineering, architecture

and business development. As a solutions architect and product manager, he has devoted much of his

career to following security. Before working at CA Technologies, Naresh held leadership roles in security

at Oracle, Sun Microsystems, Waveset and Alcatel. He began his career in security engineering at IBM

Tivoli.

About CA Technologies

CA Technologies (NASDAQ: CA) creates software that fuels transformation for companies and enables

them to seize the opportunities of the application economy. Software is at the heart of every business

in every industry. From planning, to development, to management and security, CA is working with

companies worldwide to change the way we live, transact, and communicate—across mobile, private

and public cloud, distributed and mainframe environments.

Learn more at www.ca.com.

Modern Identity and Access Management: How to Build Trust without Sacrificing Security 4

About the ModeratorLeading our discussion today is:

Tom Field

SVP Editorial, Information Security Media Group

Field is an award-winning journalist with over 30 years of experience in newspapers, magazines, books,

events and electronic media. A veteran community journalist with extensive business/technology and

international reporting experience, Field joined ISMG in 2007 and currently oversees the editorial

operations for all of ISMG's global media properties. An accomplished public speaker, Field has developed

and moderated scores of podcasts, webcasts, roundtables and conferences and has appeared at RSA

Conference and on various C-SPAN, The History Channel and Travel Channel television programs.

About ISMG

Information Security Media Group (ISMG) is the world’s largest media organization devoted solely to

information security and risk management. Each of our 28 media properties provides education, research

and news that is specifically tailored to key vertical sectors including banking, healthcare and the public

sector; geographies from North America to Southeast Asia; and topics such as data breach prevention,

cyber risk assessment and fraud. Our annual global summit series connects senior security professionals

with industry thought leaders to find actionable solutions for pressing cybersecurity challenges.

For more information, visit www.ismg.io.

Modern Identity and Access Management: How to Build Trust without Sacrificing Security 5

NOTE: In advance of this event, ISMG’s Tom Field spoke about modern identity and access management with Naresh Persaud of CA Technologies. Here is an excerpt of that conversation.

The State of IAM

TOM FIELD: How must the advent of our modern application

economy change how we approach IAM?

NARESH PERSAUD: With the creation of the application economy,

users have been given more choices for services than ever

before, and they are overwhelmingly choosing experience as

the differentiator. For most, the primary challenge in embracing

the app economy revolves around developing agile approaches

to software delivery to meet customers’ expectations. However,

rushing applications to market to stay competitive often comes at

the expense of quality and security, and these defects can have

a devastating impact to the business. We need a more modern

approach that improves security without impacting the user

experience. In addition, the enterprise must also deal with much

greater number of users accessing from a greater number and

variety of devices, which not only complicates the security concerns,

but also creates many new potential vectors for online fraud.

FIELD: What is the state of IAM as you see it today?

PERSAUD: The IT environment is becoming increasingly distributed,

complex and heterogeneous. When it comes to deciding who has

access to what and reliably enforcing those policies, it becomes a

multifaceted challenge that requires both a shift-left and a shift-right

approach. Managing identities is a critical need for both internal

and external user communities. For this reason, identity lifecycle

management and governance needs to be driven by a DevOps-

oriented approach that leverages APIs so that access requests

and self-service can be embedded into applications. Similarly, IAM

solutions have traditionally been highly technical and complex, but

shrinking IT budgets and an increased focus on empowering users

have required modern IAM solutions to be business-friendly and

easy to use. The enterprise needs a solution that is easy to deploy,

easy to use and can manage its hybrid environment. The modern

IAM solution has become hybrid itelf, with different features and

capabilities existing on-premise, hosted, in the cloud, or within a

third-party. Consider authentication – if we are accepting social

credentials, we have essentially outsourced this functionality to

Facebook or Google; we may allow partners to provision new users

into our applications and directories; we may outsource customer

service centers to a different third-party.

CONTEXT

Modern Identity and Access Management: How to Build Trust without Sacrificing SecurityQ&A with Naresh Persaud of CA Technologies

“In today's breach epidemic some of the most embarrassing fraud cases are related to excess access.”

Naresh Persaud

Modern Identity and Access Management: How to Build Trust without Sacrificing Security 6

FIELD: What are the key IAM questions that need to be answered

and where do you see organizations veering off course?

PERSAUD: In today’s breach epidemic some of the

most embarrassing fraud cases are related to excess

access. Organizations that fall short do not have the right balance

between enterprise data security and convenient user access.

Some of the key questions that organizations need to ask

themselves include:

• How do I identify a legitimate user from a fraudulent one?

• What confidence do I have that you are who you claim to be?

• How do I make security frictionless while decreasing my

exposure?

• How do I efficiently manage identities and access entitlements?

• How do I reign in privileged users and protect against insider

threats?

Digital Trust Survey

FIELD: You recently conducted a Digital Trust survey of ISSA

members. What were some of the key findings?

PERSAUD: Back in October, we ran a study/survey among the

Information Systems Security Association members (ISSA). For

anyone that is not familiar with ISSA, they are a professional

association of cybersecurity professionals in mainly medium to

larger business. They have 12,000+ members that are organized

into 115 chapters worldwide. Our goal of the survey was to

better understand their perspectives on the state of online trust,

understand their key issues/concerns, and importance of use of

threat analytics and reducing friction in the process.

Some of the key findings include:

• Over 84% of respondents agreed that cyberattacks and data

breaches are creating a loss of confidence/trust with customers

when doing business online.

• Over 87% of respondents agreed that customers of their business

showed preference for interacting online with businesses that

exhibit a high degree of online trust and data privacy protection.

• Over 85% of respondents strongly agreed that it is important to

implement an IAM Security Technology.

FIELD: How do these findings support your view of modern IAM?

PERSAUD: This is completely in line with what we are hearing from

our customers and prospects.

In today’s world where breaches are the norm, information

is everywhere and personalized experiences drive digital

transformation, identity is the key. Identity is the foundation of trust

in a zero-trust online world.

How CA Can Help

FIELD: How is CA helping organizations evolve to modern IAM and

preserve a frictionless security experience for users?

PERSAUD: At CA Technologies, we understand how important

it is to strike the right balance between enterprise data security

and convenient user access. To this end, we have adopted three

strategic initiatives to differentiate our IAM solutions:

• Hybrid cloud – Just as your application environment is moving to

a hybrid model, we believe that modern IAM solution should do

so as well. Your IAM infrastructure is mission critical but it is highly

customizable. This can make it difficult to add new functionality

quickly. We deliver a hybrid model that leverages the benefits

of SaaS and but also provides and on-premises component to

enable the right level of control, governance and usage insight

you need for your enterprise.

• Behavioral analytics – Gaining visibility into what users and their

accounts are doing is key for two reasons. First, you can detect

anomalous activity from either a malicious insider or to identify

an account that has been taken over. Second, you can simplify

the user experience and reduce friction by positively identifying

legitimate users from fraudulent ones. Our strategy is to apply

advanced analytics into our security products to make IAM

processes more effective.

• Developer velocity – For IAM to be integrated into your

enterprise, it needs to be API-enabled. We believe that a simple

and easy developer experience is critical to getting broad

adoption. Your teams understand the value of implementing

security, but they need to move fast. We deliver APIs and mobile

SDKs that enable security to be quickly implemented so the

development teams can spend more time focusing on app

functionality, not IAM. n

“In today's world where breaches are the norm, information is everywhere and personalized experiences drive digital transformation, identity is the key.”

Modern Identity and Access Management: How to Build Trust without Sacrificing Security 7

Notes

Modern Identity and Access Management: How to Build Trust without Sacrificing Security 8

Notes

Modern Identity and Access Management: How to Build Trust without Sacrificing Security 9

902 Carnegie Center • Princeton, NJ • 08540 • www.ismg.io

About ISMG

Information Security Media Group (ISMG) is the world’s largest media organization devoted solely to information

security and risk management. Each of our 28 media properties provides education, research and news that is

specifically tailored to key vertical sectors including banking, healthcare and the public sector; geographies from

North America to Southeast Asia; and topics such as data breach prevention, cyber risk assessment and fraud.

Our annual global Summit series connects senior security professionals with industry thought leaders to find

actionable solutions for pressing cybersecurity challenges.

Contact

(800) 944-0401 • sales@ismg.io