Attendees had two immersive days of discussion and learning with world leaders in the practices of Identity Management, Security, Privacy, Innovation and Architecture, and Data.
Overall Conference Schedule
Nov. 3, 4
Main Conference Presentations and Panels
After Nov. 4
Videos are available on demand
Main Conference Details
Wednesday Nov. 3 (all times are Pacific Time Zone)
8:00 to 8:30 AM
Introduction, Conference Keynote. “The New Digital Normal”
Speaker: Gary Rowe, CEO and Principal Consulting Analyst, TechVision Research
This year’s conference will focus on how enterprises can best balance the opportunities and risks we are encountering as we live through the new digital normal.
The concept of the Digital Enterprise took on new meaning in early 2020 given the seismic impact of the pandemic on work, commerce, and life. Supply chains broke down, customers stayed home, enterprises shifted focus from growth to survival, living rooms became offices, and enterprise data that was safely tucked behind the firewall is now residing on thousands of endpoints spread across the country.
These shifts accelerated many digital transformation programs by years and continue to test our assumptions about our business models, architectures, and use of technology with a particular emphasis on enterprise speed and resilience. In response, the world of Identity and Security has dramatically shifted and is still evolving with a premium placed on risk management, governance, innovation, and user experience.
This session sets the stage for the rest of the conference and describes the takeaways organizations should garner from Chrysalis 2021.
8:30 – 9:00 AM
New Building Blocks; A Cloud-First, DevOps and Microservices Foundation
Speaker: Patrick McClory, Principal Consulting Analyst, TechVision Research
This session describes what was already trending and further accelerated in the areas of “cloud-first”, DevOps and Microservices.
The ramifications of the moving to new, iterative, and dynamic development approaches permeate through all the topics we’ll be covering during the conference and this level set provides guidance as to what these trends are and how they impact large enterprises. This sets the stage for developing a digital services supply chain with containers and services that will be the foundation for our next generation set of digital services.
9:00 to 9:30 AM
Pandemic Lessons Learned: It starts with Governance Best Practices
Speakers: Doug Simmons, Principal Consulting Analyst, TechVision Research, author of TechVision’s Governance Report, Fred Cohen, Principal Consulting Analyst, TechVision Research
This session will start with TechVision’s guidance as to how governance needs to consistently reflect policy and orchestrated across Identity, Security and Data management.
9:30 to 10:15 AM
Identity Governance and Administration (IGA) Level Set and Vendor Strategies
Speakers: Doug Simmons, TechVision Principal Consulting Analyst, Nick Nikols, VP Identity, Micro Focus, Jackson Shaw, Chief Product Officer, Clear Skye, Paul Mezerra, VP Strategy, Saviynt, Nathanael Coffing, CSO, Cloudentity, Mike Kiser, Strategy and Standards, Office of the CTO, Sailpoint
This panel session will start with a quick IGA level-set, its growing importance, expected future state and key enterprise requirements.
IGA is all about how we provision and govern access and how we define policies and ensure execution. We’ll then get a fresh perspective on the strategies and future state from key IGA providers.
10:15 to 11:00 AM
Executing on the Future of Identity Management; New Capabilities to Support and Secure the Digital Enterprise
Speakers: TechVision Principal Consulting Analysts Doug Simmons, Gary Rowe
The pandemic has accelerated the new Digital Enterprise including developing a future state strategy that supports new objects (customers, partners, services, “things”), increased scale, increased integration, more flexibility, and the movement of resources to the cloud.
In response, IAM needs to move from a static, structured environment to one that is more dynamic, inclusive, and flexible as this will be critical in support of the Digital Enterprise. A strong identity ecosystem provides the foundation for much of the innovation discussed earlier and supports enterprises as they evolve digitally.
In this session, the TechVision team discusses our vision for the Future of Identity Management and how enterprises can best plan and execute their path to the future. We’ll also set the stage for the Identity portion of the conference. TechVision will introduce our Reference Architecture for IAM as a platform for enterprises to identify, secure and improve the user experience associated with our new Digital Enterprise.
11:15 AM to 12:15 PM
Identity Legends Panel
Speakers: Gary Rowe (Moderator), Ian Glazer, Lori Robinson, Doug Simmons, Kim Cameron, Eve Maler
This session will be a "no holes barred", enterprise focused discussion about the past, present, and future of Identity Management by the “legends” of Identity Management.
These leaders will discuss, debate, address your questions and provide advice to our attendees. They will also reflect on what has been discussed during the day. The focus will be on how large organizations architect and develop strategies in the Identity Management area that support the Digital Enterprise. This will include pragmatic advice for the enterprise and the overall industry as to how we might approach lingering challenges and how we might prepare for the expected future. This session will leverage the expertise of both the legends and the audience to better frame the problems and potential solutions for enterprises and the industry. If these problems were easy to solve, we wouldn’t be debating some of the same issues we were discussing 30 years ago.
The “legends” are some of the top analysts, thought leaders, consultants, visionaries, and experienced practitioners in this area and will be given an extended session to share their wisdom.
12:15 to 1:00 PM
IAM Case Studies from Sempra Energy and Blue Shield of California
Speakers: David Inglehart, Head of Identity Program, Sempra Energy, Miquel Furtado, Senior Manager Identity at Blue Shield of CA
Our case studies describe major programs to build new IAM foundations for enterprise and customer use cases;
these real-world examples provide insights and lessons learned from the leaders of these efforts. We’ll first hear from Sempra Energy as they evolved their overarching IAM reference architecture, and now are deploying and iterating on their new enterprise IAM services. The second case study will feature Blue Shield of California’s Identity and Access Management program goals, lessons learned and going forward strategy.
1:15 to 2:00 PM
Customer IAM; Securing and Understanding Our Customers
Speakers: TechVision Research Principal Consulting Analysts Gary Rowe and Doug Simmons, Aubrey Turner, Executive Advisor, Ping Identity, Allan Foster, Chief Evangelist, ForgeRock
A CIAM program - properly executed, is a conduit towards building lifetime digital customer relationships.
Establishing trusted connections and building relationships that generate useful data and can be served by better customer knowledge are keys to digital business success – as was so apparent during the past 18 months. This session will provide a brief level set from TechVision and then have key vendors describe their approaches, value proposition and future state plans.
2:00 to 2:45 PM
The Disruptor: Decentralized (Blockchain/Self-Sovereign) Identity Systems and Verifiable Credentials
Speakers: Gary Rowe (Moderator), TechVision Research, Phil Windley, Former Chair of the Sovrin Foundation and Architect, CIOs office at Brigham Young University, Kim Cameron, Rohan Pinto, Chief Technology Officer, 1Kosmos, Armin Ebrahimi, Head of Distributed Identity, Ping Identity, James Monaghan, VP Product, Evernym, Ankur Patel,Principal Program Manager, Microsoft
Traditional identity systems are mostly geared toward authentication and access management for known entities.
A decentralized identity system adds a focus on authenticity and how a community can establish trust across the boundaries of any ecosystem. In a decentralized identity future, credentials can be shared between parties with authenticity, security, and privacy guaranteed; or at least, that’s the promise.
This panel session will describe this new approach, assess industry and vendor offerings, and describe implemented case studies currently solving real-world problems. We’ll look to provide insights to help enterprises better understand what this new environment is, how it benefits the enterprise and how it is evolving.
2:45 to 3:45 PM
Building the next generation IAM foundation via standards and integration
Speakers: David Goodman, TechVision Research and former Exec Director, Open Identity Exchange, Wade Ellery, Director, Solutions Architects, Radiant Logic, Gerry Gebel, Head of Standards, Strata Identity, Andrew Hughes, Director Identity Standards, Ping Identity, Don Thibeau, Former Executive Director of the OpenID Foundation, Daniel Goldscheider, CEO, yes.com
For many enterprises, the IAM architecture so established and critical to success that there’s a strong hesitancy on the part of anyone to change what’s working.
But changes are required to make it work in the digital enterprise, and those changes don’t replace your architecture, they become a part of your architecture. These new parts of your architecture must work with the older parts to keep digital operations running smoothly and safely. This is where the right standards and the right integration tools can provide the flexibility and inclusiveness required to support the modern digital enterprise.
This panel session describes the key standards, architectural elements, governance models and integration tools and approaches needed to extend/integrate existing services while transitioning the foundation for the future.
Thursday Nov. 4 (all times are Pacific Time Zone)
8:00 to 8:30 PM
Recap of Day 1, Day 2 Agenda, Theme and Keynote Level-Set
Speakers: TechVision Principal Consulting Analysts, Gary Rowe, Diana Kelley
The Day 2 is all about transforming the security capabilities to adapt to the needs of digital enterprise by maintaining the appropriate risk level while supporting new business requirements.
These transformed security capabilities need to be cloud-friendly, flexible, user-friendly and provide necessary protection against not only the “bad guys” but provide protection from the emerging privacy and data protection regulations. Diana Kelley will provide her thought-provoking perspective on the Technology, Security and Risk to kick off the day.
8:30 to 9:00 AM
New and Emerging European Identity and Cybersecurity Initiatives and Regulations
Speakers: David Goodman, Principal Consulting Analyst, TechVision Research
In the digital enterprise, innovation isn’t a one-time program; it is a continuous process that becomes a source of competitive advantage in a rapidly changing market.
From a distance, the plethora of regulations, directives and supranational organizations in Europe focused on identity, cybersecurity and privacy often appears confusing to US organizations that have operations in Europe. Over the last ten years the European Union (EU) has been driving a digital transformation strategy that will work for people and businesses.
On top of the 2018 eIDAS regulation providing EU-wide electronic identification, authentication and trust services, this year the European Commission (EC) proposed a framework for a European Digital Identity which will be available to all EU citizens, residents and businesses in the EU.
In parallel the EU is adopting a wide range of cybersecurity, trust and privacy-related measures to protect infrastructure, governments, businesses and citizens.
Last but not least, the General Data Protection Regulation (GDPR) introduced in 2018 has spawned similar regulations in many other jurisdictions worldwide and sits alongside the newer ePrivacy regulation. Alongside these laws comes the Data Governance Act, a proposal to create a framework which will facilitate data-sharing. Of concern to many large US corporations is being able to manage cross-border data flows in a post Privacy Shield/Schrems II world.
This session will help you meaningfully navigate this labyrinth of inter-related initiatives.
9:00 to 10:00 AM
Security Legends Panel
Speakers: TechVision Research Principal Consulting Analysts Dianna Kelley, Fred Cohen, and Dan Blum, Nick Nikols, VP Identity, Micro Focus, Steve Roberts, Chief Information Security Officer, Honda
This session will take the “legends” in the Industry and have them set the tone for the agenda on Day 2.
These leaders will discuss, debate, take questions and provide advice to our attendees. They will also reflect on what has been discussed during the conference that pertains to security and risk management and what they feel should be discussed for the duration of the conference. The focus will be on how large organizations architect and develop strategies that support a “safe” Digital Enterprise and how this has been accelerated and modulated during the past few COVID-19 influenced years.
This session will leverage the expertise of legends and the audience to better frame the problems and potential solutions for enterprises and the industry and help set the tone for the conference on Day 2. These “legends” represent some of the top analysts, thought leaders, consultants, visionaries, and practitioners that have unparalleled knowledge and experience in this area. This panel includes:
- Dan Blum; one of the world’s foremost analysts, consultants and thought leaders in the security and identity management areas. Dan’s the author of the TechVision Security Reference Architecture, author of an acclaimed recent book called “Rational Cybersecurity for Business and former Gartner Research Vice President.
- Steve Roberts the Chief Information Security Officer at Honda North America with previous technology leadership roles in the security, identity, privacy, digital transformation, CIO leading/supporting to his current CISO role.
- Fred Cohen; he is widely considered to be one of the leading security/risk experts in the world. He is best known as defining the term “computer virus” in the early 80s and the inventor of the most widely used computer virus defense techniques. Fred also started the security practice at Burton Group along with Dan Blum and has built/guided cybersecurity programs and defined security best practices for the past 30 years.
- Nick Nikols; former Burton, Gartner and TechVision Analyst who has designed security services, led product teams and served as a top analyst and consultant in this space over the past 30 years. Nick is currently the Vice President of Identity Services at Microfocus.
- Diana Kelley: Cybersecurity leader over many decades at Burton Group, Gartner, IBM, Microsoft (most recently Field Cybersecurity CTO) and one of the most sought after public figures in cybersecurity.
10:15 to 10:45 AM
The New Security Foundation; Start with Zero Trust
Speakers: Sorell Slaymaker, Principal Consulting Analyst, TechVision Research, leading Zero Trust vendors/industry experts being invited
The speed by which change occurs in enterprises today, the sheer volume of data, the relationships to be managed, the new development models such as DevOps and the diversity of the platforms that need to be appropriately secured require a new way to think about security.
This session will describe this approach and provide food for thought for CIOs, CISOs, architects and LOB leaders as they plan to secure and mitigate risk in this new world.
A key premise is that organizational silos and traditional security architectures cannot support the business effectively as enterprises adopt mobile and cloud-native platforms. To protect business assets in these environments, organizations must establish new methods, capabilities, and instrumentation. Security controls must be both agile and scalable (much like the identity services we discussed on Day 1), providing new capabilities that match this new environment. These new concepts and approaches will be described in this session.
10:45 to 11:15 AM
Modeling Next Generation Security: The Multi-Cloud Security Reference Architecture
Speaker: Dan Blum, Principal Consulting Analyst, TechVision Research
Dan describes the TechVision Security Reference Architecture he developed
as a model for describing a holistic set of key security capabilities to
- help enterprises gain control of and better define their security program,
- future state goals and
- to be used as a foundation for putting enterprises in the “driver’s seat” when evaluating vendor offerings.
11:15 to 11:45 AM
Future State Security Starts with Resiliency
Speaker: Nick Nikols, Vice President, MicroFocus
Resiliency is an essential element of an overall cyber defense strategy.
While traditional strategies have focused on keeping out cyber adversaries, more effective newer strategies—combined with a resiliency focus—ensure that critical capabilities continue despite successful attacks. The persistence of advanced cyber threats generally means that if an organization is targeted, eventually it will be compromised. Consequently, organizations must be able to “weather the storm” of cyber-attacks and continue to provide critical functions. To minimize the impact on an organization’s critical missions, business goals, and operations, resiliency must be built in, utilizing many techniques working in concert – implementing both protective and detective controls and establishing a process of continuous improvement where these controls can evolve and aid the organization to be able to intelligently adapt to the changing threat and business landscape.
11:45 AM to 12:30 PM
Pay Particular Attention to Privileged Users—Developing Your Privileged Access Management (PAM) Program and Strategy
Speakers: Doug Simmons, Principal Consulting Analyst, TechVision Research, Chris Owen, Director of Product Management, Saviynt, Gal Helemski, Co-Founder & Chief Innovation & Product (CIPO), PlainID, Brian Chappell, Chief Security Strategist, BeyondTrust, Katie Curtin-Mestre, Vice President Marketing, CyberArk
Many if not most breaches start with compromised credentials.
This session will describe an approach to developing a “least privileged” security model and leveraging increasingly sophisticated PAM products and services. PAM is a specialized category of access management that provides increased protection for administrative accounts that are the most highly coveted by bad actors and can generally do the most damage. We’ll also get insights into the directions and investments being made by key vendors in this space and include guidance for enterprise security leaders.
12:30 to 1:15 PM
Upgrading Authentication Models; MFA, Password-less and more
Speakers: Doug Simmons, Principal Consulting Analyst, TechVision Research, Mike Engle, Head of Strategic Planning, 1Kosmos, Gerry Gebel, Head of Standards, Strata Identity
We have anticipated the demise of password-centric authentication for decades.
Our position is that this future is now or at least rapidly approaching. For the reasons we have been discussing – device and network ubiquity, reliability, Bring Your Own Device (BYOD) initiatives coupled with the accelerating levels of fraud associated with password-based authentication, the time has arrived to explore new patterns of authentication given the increased risk profile for your enterprise.
MFA is becoming the standard, while password-less authentication, biometrics and other advances in authentication are being explored in support of the digital enterprise. This session will include a TechVision “level set” on these new patterns and perspectives from selected vendors as to how this landscape will and should change.
1:30 to 2:15 PM
Collaboration Platform Security
Speakers: TechVision Research Analysts Sorell Slaymaker and Diana Kelley, Niraj Gopal, Head of Product Management for Webex Platform, Cisco
Another area exposed during the pandemic lockdown is the importance of collaboration platforms and a major area of exposure has been security.
This session will look at the state of security on these platforms, future state requirements and then have key platform vendors address their strategies and vision in this area.
2:15 to 3:00 PM
Pragmatic Security and the Evolving Role of AI/ML/Analytics
Speakers: Jeff Nichols, Principal Consulting Analyst, TechVision Research, Diana Kelley TechVision Research, Eve Maler, CTO, ForgeRock
The pace of change in development and production environment in the digital enterprise quickly becomes harder and harder to manage.
Monitoring user behavior, service deployment and failure, error detection, and data access at real-time scale requires a different strategy than a traditional IT environment. It also creates challenges with respect to privacy.
In this session we will discuss the trends in using Analytics (AI, ML) to manage application delivery, quality, security, and performance in a dynamic DevSecOps / cloud native environment.
3:00 to 3:45 PM
Security Considerations for the API Economy
Speakers: TechVision Research Principal Consulting Analysts Archie Reed and Doug Simmons, Nathanael Coffing, CSO, Cloudentity, Bernard Harguindeguy, Chief Technology Officer & Sr. VP, Ping Identity
APIs are key conduit of an efficient and scalable digital enterprise, but also represent significant security risks.
This session will focus on API security, key vulnerabilities and developing enterprise strategies and programs to address these risks. New concepts and approaches for securing and managing APIs will be described in this session. We’ll also get insights about the approaches, strategies and expected future state from a few key vendors in this space.
3:45 to 4:15 PM
Closing: Conference Summary, Enterprise Action Plan
Speakers: TechVision Principal Consulting Analysts Gary Rowe, Doug Smmons, Dan Blum, Diana Kelley, Sorell Slaymaker and invited guests
This closing session will include Gary Rowe, Doug Simmons, Dan Blum, Diana Kelley, Sorell Slaymaker and other guests
to provide summary thoughts, recommendations, conclusions, and next steps. This closing session will summarize what we heard, the continuity of thinking and the “takeaways” for our enterprise attendees.
Reserve your spot for Chrysalis 2022
By giving us your contact information, you will reserve your spot as an early registrant. That will allow you to claim an early-bird discount no matter when you finally register for the event – a big savings over full pricing.