The keynote presentation and the focus of Chrysalis 2022 is to support the enterprise journey and be prepared for the tremendous opportunities associated with accelerated digital engagement while managing risk. Achieving business goals while protecting digital assets across your ecosystems (enterprise, partners, customers) is critical.

This requires scale, automation, pervasive security, and an increased emphasis on user experience. The concept of the Digital Enterprise took on a new meaning over the past few years given the impact of the pandemic on work, commerce, and life; and we’ll explore how this impacts our thinking, use of technology, business models and future state architectures with a particular emphasis on security, risk, governance, innovation, and user experience. The practice of Identity and Security has significantly changed and is still evolving, with a premium that’s being placed on flexibility and adaptability.

This session will also describe the overall conference agenda and takeaways organizations should garner from Chrysalis 2022. It will also describe a modern enterprise trends and IT frameworks to consider in building your secure Digital Enterprise.

Identity and Access Management (IAM) is evolving from a static, structured environment to one that is more dynamic, inclusive, and flexible. This is critical in support of the Digital Enterprise. There is nothing more important than getting the core IAM foundation/platform right. In this session, we’ll examine what the IAM capabilities are, how they fit with current and expected vendor offerings, and offer enterprise recommendations towards establishing the right future-state IAM foundation.

We’ll evaluate IAM platforms provider offerings against our Future of Identity management premises and assess the challenges enterprises have in executing on an optimal future state vision. We’ll examine vendor and industry offerings and get their perspective on their future state IAM platforms. At a minimum we expect the future state IAM platform to support new objects (customers, partners, services, “things”), increased scale, increased integration, improved user experience (all users; developers, end-users, administrators, partners…), greater flexibility, and the movement of resources to the cloud.  Key IAM platform vendors will participate in the discussion sharing their perspective, customer observations, roadmap, and vision of the right IAM platform future state.

Expanding on the IAM foundation discussion, IAM is a conduit for building lifetime digital customer relationships as its scope and scale expand. Extending IAM from its early support for employees to supporting customers, citizens, partners, relationships and things has both added to the capabilities of foundational IAM platforms and created a new category of IAM called Customer IAM or CIAM. This session will start brief level set from TechVision describing the current state, key user challenges, and future state expectations and then have Andrew Cameron describe how General Motors is leveraging and architecting a CIAM platform as the core element in building a common set of user experiences across all of its customer touch-points. He will discuss the importance of enabling a platform of consumer identity services that are built using industry standards and cloud-based technologies and will highlight how GM addressed some of the key challenges in determining strategies for customer identification, customer interaction, preference management, etc.  Andrew Nash will then describe key building blocks and lessons learned as he architected and deployed Customer IAM at Capital One

This session will reflect on what we covered thus far on Day 1 and what we should cover going forward with a discussion about the past, present, and future of Identity by the “legends” of Identity Management. The “legends” are some of the top analysts, thought leaders, consultants, visionaries, and experienced practitioners in this area and will be given an extended session to share their wisdom. These leaders will discuss, debate, address your questions and provide advice to attendees. They will also reflect on what has been discussed during the day. The focus will be on how large organizations architect and develop strategies in Identity Management that support the dynamic needs of the Digital Enterprise. This will include pragmatic advice for the enterprise and the overall industry as to how we might approach lingering challenges and how we might prepare for the expected future. This session will leverage the expertise of both the legends and the audience to better frame the problems and potential solutions for enterprises and the industry. If these problems were easy to solve, we wouldn’t be debating some of the same issues we were discussing 30 years ago. Our “legends” include:

Andrew Nash: Andrew has led some of the most significant IAM programs and efforts to scale Identity systems as the Managing VP of Consumer Identity Services at Capital One, the CEO of Confyrm (acquired by Capital One), the Director of Identity Services at Google and PayPal and a board member at Open ID Foundation, Open Identity eXchange, and the Information Card Foundation.

Patrick Harding: Patrick is actively involved in the standards community and is a former board member of the Information Card Foundation, as well as the Open Identity Exchange. He is a co-inventor of the SCIM standard. From 2005 to 2018, Harding served as Ping’s original Chief Technology Officer and is currently Chief Architect driving Ping’s investments, strategy, and product roadmap.

Kevin Kampman: Over the last 24 years Kevin has established himself as one of the top analysts and consultants while leading the Identity Practice at Burton Group and Gartner. Kevin’s areas of expertise include identity management, security, risk, and privacy issues for cloud, enterprise, business-to-business and consumer-facing environments.

Lasse Andresen: Lasse has been one of the preeminent innovators, leaders, technologists and “big thinkers” in Identity over the past 20+ years. He was the co-founder and former CEO/CTO of ForgeRock and is the founder/CEO of IndyKite focused on building the identity layer for Web 3.0, with products that securely manage human, IoT, and machine identity.

Doug Simmons: Doug has supported over 1000 IAM and Security consulting engagements over the past 30 years as VP Consulting at Burton Group, VP of Identity and Security Consulting at Gartner and Principal Consulting Analyst/Managing Director of Consulting at TechVision Research. Doug has recently authored research reports on IGA, PAM, IAM Reference Architecture and Supply Chain Security.

We continue to emphasize the criticality of IAM and as a capability that’s so established and critical to the success of the enterprise, there’s a strong hesitancy to change what’s working. But changes are required to make it work across the digital enterprise. These changes need to be made in ways that ensure a smooth and safe transition, and this is where adhering to standards and having the right integration tools can provide the flexibility and inclusiveness required to support the modern digital enterprise. How do we leverage standards to bridge/moderate/facilitate a rapidly changing business environment?

This panel session describes the key standards, architectural elements, governance models, and integration tools and approaches needed to extend/integrate existing services while transitioning to the foundation for the future. 

 We’ll spend a lot of time on Day 2 talking about security, risk, authorization, and authentication, but this session will focus on IAM as a necessary prerequisite for a successful and sustainable Zero Trust program. Jay Schumacher from Honda will provide a pragmatic perspective and describe how Honda views IAM in the context of its overarching Zero Trust program.

The ultimate opportunity to scale IAM is to have individuals gain control by establishing and using their own identities and not have to “re-establish” their identity every time they want to establish a trusted connection via the Internet. A decentralized identity system adds a focus on authenticity and how a community can establish trust across the boundaries of any ecosystem. In a decentralized identity future, credentials can be shared between parties with authenticity, security, and privacy guaranteed; or at least, that’s the promise.

This panel session will describe this new approach, assess industry and vendor offerings and address the prerequisites and timing of this nascent approach. We’ll also contrast this model to one in which individuals “rent” IDs for every site they may conduct business with. We’ll look to provide insights to help enterprises better understand what this new environment is, how it benefits the enterprise and when it will be ready for “prime time”. This also sets the stage for our evening event that showcases some of the more exciting offerings in the Decentralized Identity and Verifiable Credentials area.

The Day 2 agenda is all about transforming the security capabilities to adapt to the new business requirements of the digital enterprise while maintaining the appropriate risk level. These transformed security capabilities need to be cloud-friendly, flexible, and user-friendly and provide necessary protection against not only the “bad guys” but support the emerging privacy and data protection regulations. Diana Kelley will provide her thought-provoking perspective on Technology, Security, and Risk and describe how we’ll address these key issues during the day.

These leaders will discuss, debate, take questions and provide advice to our attendees. They will also reflect on what has been discussed during the conference that pertains to security and risk management and what they feel should be discussed for the duration of the conference. The focus will be on how large organizations architect and develop strategies that support a “safe” Digital Enterprise as we enter the “Next Normal”.

This session will leverage the expertise of legends and the audience to better frame the problems and potential solutions for enterprises and the industry and help set the tone for the conference on Day 2. These “legends” represent some of the top analysts, thought leaders, consultants, visionaries, and practitioners that have unparalleled knowledge and experience in this area. This panel includes:

• Dan Blum: one of the world’s foremost analysts, consultants, and thought leaders in the security and identity management areas. Dan’s the author of the TechVision Security Reference Architecture, author of an acclaimed book called “Rational Cybersecurity for Business” and former Burton Group and Gartner Research Vice President. Dan will moderate this session.
• Steve Roberts the Chief Information Security Officer at Honda North America with previous technology leadership roles in the security, identity, privacy, digital transformation, and CIO leading/supporting to his current CISO role.
• Fred Cohen: widely considered to be one of the leading security/risk experts in the world. He is best known for defining the term “computer virus” in the early 80s and as the inventor of the most widely used computer virus defense techniques. Fred started the original security practice at Burton Group along with Dan Blum and has built/guided cybersecurity programs and defined security best practices for the past 30 years.
• Diana Kelley: Cybersecurity leader over many decades at Burton Group, Gartner, IBM, Microsoft (most recently Field Cybersecurity CTO), and one of the most sought-after public figures in cybersecurity.
• Nick Nikols: former Burton, Gartner, and TechVision Analyst who has designed security services led product teams, and served as a top analyst and consultant in this space over the past 30 years. Nick is currently the Vice President of Identity Services at Microfocus.

The speed by which change occurs in enterprises today, the sheer volume of data, the relationships to be managed, the new development models such as DevOps and the diversity of the platforms that need to be appropriately secured require a new way to think about security. This session will describe this approach and provide food for thought for CIOs, CISOs, architects and LOB leaders as they plan to secure and mitigate risk in this new world.

A key premise is that organizational silos and traditional security architectures cannot support the business effectively as enterprises adopt cloud-native platforms. To protect business assets in these environments, organizations must establish new methods, capabilities, and instrumentation. Security controls must be both agile and scalable (much like the identity services we discussed on Day 1), providing new capabilities that match this new environment. These new concepts and approaches will be described in this session. We’ll then have Andrew Cameron, a Technical Fellow and IAM/Security leader at General Motors describe their journey and priorities in Zero Trust.

We have anticipated the demise of password-centric authentication for decades. TechVision’s position is that a passwordless future is now or at least rapidly approaching. For the reasons we have been discussing for years – device and network ubiquity, reliability, Bring Your Own Device (BYOD) initiatives coupled with the accelerating levels of fraud associated with password-based authentication…we believe the time has arrived to deploy MFA or other means of dynamically authenticating given the risk profile within your enterprise.

MFA is becoming the standard, while password-less authentication, biometrics, and other advances in authentication are being explored in support of the digital enterprise. This session will include a TechVision “level set” and perspectives from selected vendors as to how this landscape will and should change.  Virtually every IAM and security vendor is claiming to be password-less or moving in that direction and we’ll explore where this is, how organizations should deploy, and what to expect next.

DevOps, Identity, microservices, APIs and agility all depend on a robust layer of Authorization to facilitate the movement beyond static one time events (app deployment/ Authentication) to a fluid dynamic Enterprise that requires adoption of cloud-tech from supply chain to deployment.

Most breaches start with compromised credentials. This session will describe an approach to developing a “least privileged” security model and leveraging increasingly sophisticated PAM products and services. PAM is a specialized category of access management that provides increased protection for administrative accounts that are the most highly coveted by bad actors and can generally do the most damage. TechVision will provide a level set that describes key trends and challenges to be addressed in the PAM area and then we’ll get insights into the directions and investments being made by key vendors in this space and include guidance for enterprise security leaders.

Scaling the digital enterprise requires new development models built using APIs, readily-available applications, and the ability to move quickly. APIs are key conduits of an efficient and scalable digital enterprise, but also represent significant security risks. This session will focus on API/Application security, key vulnerabilities, and developing enterprise strategies and programs to address these risks. We’ll also get insights about the approaches, strategies, and expected future state from vendors in this space. These new concepts and approaches for securing and managing APIs will be described in this session.

When we talk about achieving true Zero Trust/Zero Friction security, it is often premised on insights garnered from massive amounts of available data and signals and the ability to make decisions quickly. Virtually every major IAM and security vendor is investing in this space and we’ll describe what it means, the approaches, and how enterprises can best take advantage of AI/ML and expected current results and future trends. Monitoring user behavior, service deployment and failure, error detection, and data access at a real-time scale requires a different strategy than a traditional IT environment and security approaches. It also creates challenges concerning privacy.

As we scale, secure, and manage our next-generation Digital Enterprise we must consider privacy and increasingly complex sets of regulatory controls in our architecture, design, and deployment. Privacy needs to be considered early in the planning cycle (much like security), not after the fact and we have a team of privacy “legends” to discuss how enterprises should be approaching privacy. This includes discussions about key privacy and data protection regulations, Privacy by Design, and developing a “living” privacy program that continues to adapt to new regulations and employee, partner, and customer privacy expectations. We are fortunate to have Jill Phillips, former privacy leader/Chief Privacy Officer (CPO) at General Motors, Dell, Chevron, Ford, and TechVision contributor; Sari Ratican, the long-tenured CPO from Amgen, now a practicing attorney focusing on privacy and Ann Cavoukian, the creator of the concept of Privacy by Design.

The Day 3 agenda is all about leaving attendees with recommendations, tools, and input towards your short-and-long-term planning processes…both tactically and strategically.  As organizations accelerate digital programs and we become integrated Digital Enterprises we’ll leave you with recommendations, templates, and tools and summarize this from an Identity, Security, Privacy, Innovation, and Governance perspective. 

A digital enterprise maintains its market advantage through two simple (but not easy) capabilities; decision velocity, and execution speed. In this session, Gary Zimmerman describes how technologies such as cloud and edge computing, open-source, API exposure and microservices, Web3, AI/ ML, and service platforms are being leveraged by digital enterprises to increase decision-making and execution capabilities. He’ll then describe the implications of these technologies on identity, security, and privacy.

We’ll then describe tools, reference architecture models, typical enterprise requirements, and vendor assessments /observations /expectations in the context of our expected IAM future state to support your journey going forward and prepare you to execute when you are back in the office.

We’ll then describe tools, our reference architecture models, typical enterprise requirements, vendor assessments/observations/expectations in the context of our expected security/risk future state to support your journey going forward and prepare you to execute when you are back in the office. Dan Blum will run through his widely acclaimed multi-cloud Security Reference Architecture that can be used to organize, prioritize, and better plan your security program.

Jill Phillips, as the former Chief Privacy Officer at General Motors, Chevron, Ford, and Dell has been building privacy programs in many cases from scratch for the past 30+ years.  She will round out our privacy coverage by framing privacy and data protection in the current regulatory environment and describe how to approach balancing business goals, regulatory controls, and privacy principles as we deal with increased volatility, public distrust, disruption, supply chain shortages, and conflicting goals.