December 20, 2019//Tony HowlettLast Updated: November 19, 2020
The 2019 Gartner Identity Access Management (IAM) conference was put on in Las Vegas at the beginning of December 2019 and I, along with several of my colleagues and around 2,000 fellow IAM enthusiasts, attended. This conference, unlike some of the broader focused Gartner conferences, is more tightly focused on the IAM practice in companies and government. Having this many of the big brains in IAM in one place provided for a great environment for networking, sharing best practices, and asking questions from fellow practitioners
The attendee list included a good cross-section of this niche discipline with CISOs, IAM managers, and front line technicians in the mix. The keynotes and session tracks were designed around the three areas of the IAM discipline; Access Management (AM), Privileged Access Management (PAM), and Identity Governance and Administration (IGA). These three technologies were well represented in the trade show hall and session tracks. In terms of presentations, several of the keynotes focused on business skills rather than technology in order to better prepare IAM professionals to communicate with their upper management and board of directors to get their priorities funded and supported.
The Zero Trust model continued to be showcased as a key technology and, as with most buzzwords, the exact definition of the term seemed to differ from company to company. It remains to be seen yet if this buzzword will become more of a specifically defined standard or just a marketing ideal.
Speaking of buzzwords, Gartner continued to talk about the Continuous Adaptive Risk and Trust Assessment (CARTA), which is a model that covers next-gen solutions in the whole IAM space. They also covered topics such as vulnerability management and risk assessment.
And I would be remiss not to mention my co-presentation on Vendor Privileged Access Management (VPAM) with Sasan Poureetezadi, CTO of the Town of Gilbert, Arizona on how they solved key issues related to third parties accessing their network systems with the VPAM technology provided by SecureLink. We had two talks in a panel discussion style which were well received with many topics discussed and questions asked from the audience.
All said, Gartner IAM was a great conference for a very focused group of security professionals to talk about the subject we hold near and dear to our hearts. The crowd felt large enough to reach a broad swath of industries and roles, but small enough to build relationships with those people and companies for future collaboration. I would highly recommend it as a conference choice for those employed in the IAM specialty and look forward to attending next year.