Monday 22 October - Thursday 25 October



Register now for Catalyst Conference.


Print Friendly PDFs Monday 22 October | Tuesday 23 October| Wednesday 24 October| Thursday 25 October


Detailed Agenda Coming Soon


Workshops
General Sessions
Monday 22 October 2007: 0900 - 1230

Advanced Considerations for Mature Identity Management (IdM) Deployments

Workshop details


Advanced Considerations for Mature Identity Management (IdM) Deployments


This session is aimed at organisations that have already deployed IdM services and are in their second, third, or higher deployment cycle. The topics to be discussed come from real world experiences and deployments. The areas of discussion are:


  • Determining your next area of coverage
  • Developing identity data services—a foundational element of the Burton Group Reference Architecture
  • Advanced use of IdM technologies such as virtual directories, federation, and integration tools
  • Governance models for solving business issues such as compliance and audit

Security Metrics that Matter

Workshop details


Security Metrics that Matter


Can your enterprise count on you? What security metrics are in your repertoire? Security professionals are seeking some sort of ‘holy grail’ of metrics often without a clear understanding that metrics come with different objectives – productivity, quality, cost effectiveness and, in security, risk management. The secret to a strong metrics program is understanding your objectives. This session will explain the most popular objectives for security metrics programs and provide specific guidance in decision making and resource allocation in order to meet those objectives. Attendees will leave with instructions on calculating information asset value, quantifying risk, measuring productivity, and evaluating cost effectiveness.

Developing an Enterprise Network Architecture

Workshop details


Developing an Enterprise Network Architecture


This full-day workshop teaches the skills IT managers need to develop an enterprise network architecture. Leveraging the Reference Architecture for Networks, the workshop will provide a decision-making framework and methodology for technology selection. The workshop will cover the principles, technical positions and template frameworks Burton Group has developed through its consulting experience with many large enterprises. Attendees will learn valuable technical information and understand how to create network plans that support business initiatives.

Topics this workshop will cover include:

  • Network architecture value and benefits
  • Network architecture development methodology
  • Network architecture framework
  • Architectural principles
  • Technical positions: Network Protocols, IP addressing, Routing Protocols, QoS, IP Multicast, Switching and Routing, Local Area Networking, WAN/MAN Services, Wireless LANs, Remote Access, Resiliency, IP Telephony, Internet Access, Storage Area Networking, and WAN Performance Optimisation
  • Architectural templates: large/medium/small sites, campus, WAN/MAN, Internet access
  • Creation of Gap analysis and migration plans
  • Architecture implementation and review process

Who Should Attend
This workshop is designed specifically for enterprise network architects and technologists involved with network planning, network designers and consultants, and integrators and VARs.

Role Management: Developing a Strategy for Enterprise Roles

Workshop details


Role Management: Developing a Strategy for Enterprise Roles


This workshop will cover how to develop roles for access control and how to evaluate role discovery and role management products. Roles will be examined from an IT perspective, focusing on the use of roles, rules, and policy to manage access rights. Participants will also learn popular role discovery techniques. The workshop will cover how to align IT roles to business responsibilities, and discuss the opportunities and challenges this approach presents. The course includes a discussion on experiences, results, and lessons learned from enterprises that have conducted role definition efforts. The workshop will conclude with recommendations on product evaluation and governance.

Monday 22 October 2007: 1330 – 1700

Network Performance Optimisation

Workshop details


Network Performance Optimisation


Data centre consolidation, Voice over IP, and other new applications are increasing the pressures on enterprise networks. Some of these applications are very sensitive to the amount and type of bandwidth that is available, but it is sometimes too expensive, or impossible, to obtain WAN links with all of the necessary characteristics. Worse, simply improving one characteristic, such as bandwidth, may have surprisingly little effect on application performance. Redesigning the applications is often impractical, performance suffers, and the network managers are blamed. This intensive workshop therefore begins with a detailed technical analysis of the performance aspects of relevant protocols and their sensitivity to network characteristics. It then discusses performance optimisation techniques, network tuning best practices, and current optimisation devices such as advanced compression, caching, and protocol spoofing appliances -- all with the goal of improving performance as seen by users while controlling network costs and not modifying the application.

Topics this workshop will cover include:
  • Performance aspects of relevant protocols, including TCP/IP, SSL, HTTP, and commonly-used email and file transfer protocols
  • Compression and caching; comparison to wide area file services (WAFS)
  • Protocol spoofing to handle inefficient or ping-pong protocols at both network and application levels
  • Quality of Service, including data flow tagging, queuing, rate control, and route selection
  • Load and geographic distribution, including content distribution networks
  • Relevant performance measurement
  • Survey of WAN performance optimisation appliances
  • "Best Practices" recommendations for network and applications designers, including realistic pre-deployment testing

Who Should Attend
Anyone who is responsible for building and managing the performance of WANs at both network and applications levels.

Federation Gathering Momentum

Workshop details


Federation Gathering Momentum


Federated identity, the exchange of information within and between enterprises, provides authentication and authorisation capabilities. Federation enables loosely coupled identity management across autonomous business domains and extends the reach of applications. It is now becoming a strategic requirement for most enterprise infrastructures and adoption continues in multiple industries. Organisations investing in federation are still seen as early adopters. Because the field is still developing, the challenges as well as the potential benefits can be significant. This workshop is designed to provide insight into the results of early implementations. It will discuss the efforts of OASIS, Liberty Alliance, web access management and platform vendors, with a focus on current capabilities and limitations, and convergence strategies. The workshop will provide information to help you evaluate whether federated identity fits your IT roadmap, as well as when and how to begin your adoption of these solutions.

Synopsis:
  • The Case for Federation
  • Federated Identity Concepts
  • Federation Standards
  • Early Adopter Case Studies and Best Practices
  • Identity Networks
  • Federation, User-Centric Identity, and the Identity Metasystem
  • Lessons Learned and Recommendations

Provisioning Deployment: Planning Considerations and Recommended Practices

Workshop details


Provisioning Deployment: Planning Considerations and Recommended Practices


User and resource provisioning continues to be one of the hottest topics in the identity management space. Regulatory compliance, administrative efficiency, cost savings, and tighter security controls are driving the provisioning market at a rapid pace. Experiences are unfolding as enterprises increasingly invest in and deploy provisioning solutions. This workshop will review the practices in place at successful organisations and discuss evolving trends in project planning, design, and deployment. Additionally, the workshop will review vendor solutions and technological approaches. With its in-depth knowledge and increasing real-world experience, Burton Group will advise you on how to plan, design, and deploy a provisioning solution within your organisation.

Data Leakage Protection: Avoiding the Front-Page Headlines

Workshop details


Data Leakage Protection: Avoiding the Front-Page Headlines


Do you cringe when you read about a lost laptop? Are you nervous that your Internet connection might be a giant intellectual-property sieve? Despite widespread regulatory and contractual stipulations for data protection, chances are you haven't developed a wholly effective architecture for thwarting sensitive information leakage across the organisation. This workshop will strive to help fix that. After briefly examining the drivers for confidentiality, the workshop will walk through a systematic approach to preventing data loss. Although it will cover some of the critical non-technical controls that help to keep data confidential, the bulk of time will be spent examining technical approaches to private data protection. By walking through the critical security infrastructure layers—perimeter, identity & access, point-of-use, and repositories—attendees will learn the strength and effectiveness of important content control techniques, such as encryption, rights management, network content filters, and endpoint agents.

Monday, 22 October 2007: All Day Workshops

SOA: Soup to Nuts

Workshop details


SOA: Soup to Nuts


Service-oriented architecture (SOA) is an approach to system design in which the core unit of design is a shared, reusable service. SOA can deliver numerous benefits, such as increased flexibility and agility, reduced cost of ownership, better alignment between IT and business, and improved consistency and compliance. But SOA requires significant changes in the way projects are funded, designed, developed, managed, and maintained. This full day workshop examines SOA from many different perspectives, including an overview of SOA; SOA technologies and infrastructure; service-oriented design approaches for business logic, data access, and infrastructure functionality; and SOA governance programs. Time will be set aside during the day to allow participants to discuss their experiences (good and bad) in a birds-of-a-feather (BOF) like setting.

SharePoint and Office2007: New Enterprise Collaboration/Content Opportunities and Risks

Workshop details


SharePoint and Office2007: New Enterprise Collaboration/Content Opportunities and Risks


Microsoft SharePoint (composed of Windows SharePoint Services 3.0 and Microsoft Office SharePoint Server 2007) is Microsoft's strategic collaboration and content server, and it has strategic implications -- with both good and bad potential -- for enterprise planning. As the server-side counterpart to Microsoft Office, and encompassing everything from blogs to enterprise content management, SharePoint has the potential to help organisations more effectively collaborate and manage content. If unsuccessfully deployed, however, SharePoint can exacerbate rather than advance enterprise collaboration and content management planning, with the potential for out-of-control content dissemination and explosive growth in unmanaged workspaces.

This workshop, a one-day subset of a CCS consulting workshop, covers topics including:
  • A SharePoint introduction, including enterprise challenges Microsoft seeks to address with SharePoint 2007
  • Detailed analysis of SharePoint capabilities, maturity, and limitations
  • Competitive landscape projections

General Session Topics - Tuesday 23 October

The IdM Market: Trends and Dynamics


Topic Owner: Mike Neuenschwander

Topic Details


The IdM Market: Trends and Dynamics


The identity management (IdM) market continues to evolve at a rapid pace. As the market grows, a broader range of technologies are becoming available, making it difficult to keep tabs on its entirety. While technology advancements proceed apace, the implementation experience remains primarily an add-on exercise for most enterprises—indicating that inherent IdM functionality will remain elusive for some time. The sessions on this topic will provide an overview of all the trends, technologies, and vendors affecting the IdM industry. Topics covered include:


  • IdM market definition
  • Assessment of IdM vendors’ directions and products
  • Discussion of relevant standards, emerging frameworks, and technologies
  • Predictions on market trends over the next two years

Identity System Interoperability: Are Worlds Colliding or Converging?


Topic Owner: Gerry Gebel

Topic Details


Identity System Interoperability: Are Worlds Colliding or Converging?

Over the last few years, the industry has converged a long list of proposals for federation protocols to just a few—essentially SAML and WS-Trust. Progressive enterprises have begun deploying federation products, but the technology has yet to achieve broad adoption. This year, the availability of user-centric products and emerging protocols and frameworks threaten to rock the federation boat once more. CardSpace, Project Higgins, OpenID, and other proposals approach interoperability from a new angle, and the so-called identity metasystem, originally proposed by Microsoft, seems to be gathering steam. The sessions on this topic will evaluate the effectiveness and uptake of existing federation technology and how emerging standards will affect the interoperability landscape. Issues covered include:


  • Federation, SAML-style: Will adoption rates explode or implode?
  • Lessons learned from real deployments: What are the sticking points for deployment of federation technologies?
  • User-centric technology, the identity metasystem, and federation: Peers or rivals?
  • What can enterprises do today to create durable federations?

WANs and Telecoms: Disruptive Developments


Topic Owner:Michael Disabato

Topic Details


WANs and Telecoms: Disruptive Developments

The specific WAN service choices available to enterprises continue to be affected by disruptive telecoms industry developments, such as carrier mega mergers and acquisitions. Many WAN service providers are struggling to support new business models (such as delivering their own video content), but concerns this will lead to “walled gardens” puts pressure on regulators to establish new telecoms public policies promoting “net neutrality”—so that enterprise and residential network users will still have the freedom to access competing third-party network applications and content. Will enterprises continue to be best served by “dumb pipes” as public network operators migrate from becoming “bit haulers” to content providers?” New service provider technologies such as WiMAX fixed wireless, and IMS (IP Multimedia Subsystems), combined with next-generation residential broadband service offerings (such as those based on fiber), are creating new transport and service alternatives for enterprises. Ultimately public Internet services may become acceptable substitutes for MPLS, ATM, or frame relay virtual-circuit-oriented services. In the near-term, many enterprises have realised significant value from their WANs from deployment of WAN performance optimisers/accelerators.

The Efficient Data Centre: Building an IT Infrastructure for Business


Topic Owner:Richard Jones

Topic Details


The Efficient Data Centre: Building an IT Infrastructure for Business


Today’s business requirements are driving data centre technology advances including consolidation through virtualisation; disaster recovery and business continuity planning; power, density, and thermal efficiencies; and using scalable and interoperable management technologies. Attendees will gain insight into the technological evolution of new hardware designs in blade servers and compute nodes, virtualisation software, IP SANs, rapid deployment, and scalable management.

At Catalyst Conference, we’ll define the “Efficient Data Centre” and its components. Burton Group analysts and consultants will explain how to leverage these new technologies to solve real business problems. We’ll discuss potential pitfalls and challenges that affect efficient data centre operations. You’ll hear the latest design considerations, learn how new and future standards and technologies will impact your organisation, and get practical tips on how to integrate and implement state-of-the-art technology. We’ll also give you a clear picture of the Data Centre of the Future, ensuring that the steps you take today won’t lead you to architectural dead-ends.

Successful Security: Getting Proactive


Topic Owner:Diana Kelley

Topic Details


Successful Security: Getting Proactive

Are today’s standard security practices adequate, or are we caught in a reactive loop of ineffective approaches? Let’s stop the debate over the so-called “failure” of information security, and instead re-examine and challenge out-dated assumptions about what’s working, what’s not, and why.


  • What’s the real cost of weak controls and reactive security models?
  • Is building in security up-front always the best approach, or should security programs self-organise using collaborative, social networking concepts?
  • How can this industry jolt vendors out of the “hype cycle” and into building more inherently secure products?
  • Is more security always better?
  • How can risk management set the right balance?

Expect lively discussion of these questions as well as specific recommendations that attendees can use to help their organisations rise out of the reactivity cycle and get on the path to continuous, proactive improvement.

Architecture Inflection Point: Rethinking Security for Networks without Borders


Topic Owner: Phil Schacter

Topic Details


Architecture Inflection Point: Rethinking Security for Networks without Borders


As a growing community of mobile users access the corporate IT infrastructure via the public Internet and ubiquitous wireless hotspots, the borders that once defined enterprise networks are changing. Traditional network edge firewalls and access policies may no longer be under the control of the enterprise. The focus of policy-based security shifts to defending re-centralised data centres and intelligent endpoints, and securing traffic between endpoints, data centres, and external IT services. While network infrastructure and network security vendors promote imbedding security into the network, this strategy may not work. Burton Group analysts, customers, and leading industry experts will explore the changing nature of the network, alternative perimeter and zone strategies, and how network access control (NAC) should be implemented. The debate between network and security experts will revisit the rationale for dumb vs. smart networks, and apply this argument to perimeter and zone-based network security, and alternative approaches for NAC.

Collaboration: Connecting People, Processes, and Information


Topic Owner:Craig Roth

Topic Details


Collaboration: Connecting People, Processes, and Information

AGrowth and innovation have become top priorities for business and IT leaders alike, causing collaboration initiatives to become a centerpiece of enterprise IT strategies. Organisations are also investigating emerging social computing capabilities to better connect people across communities and networks, including external parties. This topic will address organisational and technology trends that are collectively shaping the next generation of enterprise collaboration and communication infrastructure, including assorted “Web 2.0” dynamics. It will also address the blurring boundaries between traditional applications and collaborative applications, exemplified by products such as Office 2007 and its smart document architecture. Discussion points include:


  • Current and emerging communication/collaboration/content management market dynamics, including new collaborative platforms, services, and application development tools
  • The evolving nature of, and growing importance of, attention management
  • Emerging social software technologies and techniques, and their roles relative to traditional collaboration technologies (such as IBM Lotus Notes and Microsoft SharePoint)
  • The value and impact of XML syndication and optimisation on communication strategies
  • Future virtual/synthetic worlds such as Second Life and their implications for mainstream collaboration

Application Platform Strategies: Build, Buy, Rent, or Steal


Topic Owner: Chris Haddad

Topic Details


Application Platform Strategies: Build, Buy, Rent, or Steal


Enterprises have a wide choice of options when it comes to application systems. They can build systems from scratch (in-house, outsourced, or offshore), buy commercial off-the-shelf (COTS) solutions, rent solutions from a software as a service (SaaS) provider, or construct a solutions from open source projects. This topic will examine the benefits and challenges of each option. It will also examine trends and dynamics in the application platform market and provide a candid assessment of vendor strategies. Discussion points include:


  • Superplatform vendor strategies and market dynamics
  • Superplatform vs. best-of-breed
  • The open source alternative
  • Breaking the vendors’ “big model” lock-in mindset
  • Holding the COTS vendors’ feet to the fire: modularity vs. monolithic silos
  • Integrating, enhancing, and modernising legacy and COTS application systems
General Session Topics - Wednesday 24 October

Meeting the Authorisation Challenge: The State of the Art


Topic Owner: Gerry Gebel

Topic Details


Meeting the Authorisation Challenge: The State of the Art


The billion-dollar question for the IdM market is “who has access to what?” and contenders are quickly lining up to help enterprises answer that question. Platform vendors, as well as boutique startups, are creating authorisation engines that enable application developers to externalise policy decisions for fine-grained entitlements. Several startup vendors are working on role discovery and management tools. Provisioning vendors are betting on the popularity of identity audit modules. The sessions covering this topic will look at the solutions available in this market and push for greater integration, better interoperability, and more convenient packaging. Issues we’ll discuss include:


  • What’s the right way to address entitlement management? Where should finer-grained authorisation be applied? What are the best ideas for moving forward?
  • Is XACML all the industry needs? If not, what else? If so, can we get better interoperability?
  • How do SOA applications take advantage of externalised policy engines?
  • When will COTS applications externalise security and identity management?
  • How much authorisation management can be channeled through provisioning and identity audit systems?

Defining the Architecture: The Infrastructure Services Model


Topic Owner:Chris Haddad

Topic Details


Defining the Architecture: The Infrastructure Services Model


The infrastructure services model (ISM) is an approach that applies service-oriented principles to infrastructure functionality. The ISM encapsulates complex technology into simple, easy-to-use services that can be consumed by any application or by other infrastructure systems. It simplifies development, enables reuse and interoperability, and reduces vendor lock-in. It also delivers benefits, such as flexibility, future-proofing, centralised management, distributed enforcement, better consistency, and improved compliance. This cross-cutting topic will examine the model and propose an architecture that enables and facilitates its adoption. Discussion points include:


  • Making ISM services real (e.g., identity data services, entitlement services, collaboration services, communication services, and data access services)
  • A drill-down definition of enterprise-class identity services, and what enterprises should be doing
  • Externalising infrastructure functionality from applications
  • Raising the level of abstraction: Using modeling, domain-specific languages, and declarative programming to enable and exploit the ISM
  • Freedom through requirements: Adopting a requirements-driven rather than product-driven infrastructure
  • Vendor progress in adopting the ISM model

IT Operations and Management: What Really Works


Topic Owner:Michael Disabato

Topic Details


IT Operations and Management: What Really Works


IT systems and networks are rapidly outgrowing their vintage management systems. Service providers and enterprises will need new management techniques, systems and tools such as those based on SOAP/XML to replace aging SNMP, RMON, and related management platforms. Improved instrumentation and new incident management systems promise more rapid problem diagnosis. Sessions on this topic area will cover best practices for fault isolation and “triage,” and network and systems performance management.

To keep many problems from occurring in the first place, enterprises need to plan for sufficient systems and network capacity. According to ITIL, best practices for capacity planning should be based on pro-active modeling and calculations to predict future workloads and network traffic. But are IT systems and networks sufficiently deterministic for predictive modeling to work in an environment characterised by unforeseeable new applications and users? Or should enterprises rely more heavily on performance measurement combined with reactive deployment and fine-tuning of capacity? Other issues to be considered in this topic area will include vendor management strategies, global service and support, and how to manage the growing “threat” of employees/users to the IT infrastructure.

Wireless and Mobility: More Ways to Cut the Cable


Topic Owner:Michael Disabato

Topic Details


Wireless and Mobility: More Ways to Cut the Cable


With wireless now becoming the preferred form of communications for many network users, there’s a powerful incentive for device developers, product designers and manufacturers, network operators and carriers, and others allied to the field to push wireless broadband to parity with—and beyond—wireline networks. Despite dropped calls, lack of coverage, and the limited bandwidth for data that characterise most current wireless services, true wireless broadband technologies based on new variants of 802.11, Bluetooth, Ultrawideband, MIMO, OFDM, UMTS/HSDPA, EV-DO cellular, and mobile WiMAX will also address the future of networks and central issue of fixed mobile convergence (FMC) – the promise of unified multimedia services and dual-mode handsets operating across wireless and wireline networks.

Sessions in this topic area cover the wireless broadband future from an enterprise perspective, and will consider the major technologies, systems, services, and devices that enable mobile broadband, including radio technologies and the key variables at work in wireless broadband solutions. Future wireless LAN, MAN, and WAN standards and services, such as those from mobile virtual network operators (MVNOs), mobile messaging, new wireless devices/smartphones, and location-based services promise to create even more wireless choices for enterprise and consumer wireless users.

Comprehensive and Secure Content Management: Fruitful or Futile?


Topic Owner:Craig Roth

Topic Details


Comprehensive and Secure Content Management: Fruitful or Futile?


Content management has historically been complex, cumbersome, and costly, making it useful and cost effective for a relatively small subset of enterprise information management. But technology trends and market dynamics are poised to make content management more the norm, rather than the exception, and the need for comprehensive content security is a critical consideration for all organisations. Discussion points include:


  • The emerging content management landscape, encompassing the full content life cycle, with new opportunities for integration and consolidation
  • The enterprise content digital rights management (E-DRM) debate
  • Data classification, including taxonomy and “folksonomy”
  • Enterprise search, including new alternatives for integrated search across desktop, enterprise, and Internet resources
  • E-disclosure, e-discovery, and audit considerations, including email and records management
  • The advent of robust XML data model management in database management systems (DBMSs), for data labeling and to tighten control over both structured and semi-structured information
  • The role for complementary, centralised mechanisms such as terminal services

The sessions on this topic will discuss how to bring all of these technologies into coherent information-centric security architecture.

Compliance and Security Management: Finding a Balance


Topic Owner: Diana Kelley

Topic Details


Compliance and Security Management: Finding a Balance


Caught in a web of global regulatory requirements, organisations are struggling to find the right balance. Many are trying to “raise the bar” by investing heavily in more detailed policies and stronger controls, but concerns about over-reacting and over-spending remain.


  • Bottom line compliance and certification issues with EUDD, PCI, , Basel 2, ISO 27001/17799, US SOX, and others
  • How much can compliance be automated, and what controls make sense?
  • Are vendors providing tools to orchestrate compliance, or just a lot of hot air? Are compliance dashboard products useful?
  • Can domain specific policy languages, metrics, and workflow tools operationalise compliance?
  • Does automation and manageability go out the window with outsourcing and third parties?
  • Do large security and management suites help or hurt emergence of an integrated control layer?
  • What is the appropriate balance between preventive vs accountability-based compliance models?

Expect a holistic compliance discussion that pulls together and examines everything from architecture, to automation, to tools and tips for dealing with auditors.

SOA: Dreams vs. Reality


Topic Owner:Chris Haddad

Topic Details


SOA: Dreams vs. Reality


Service-oriented architecture (SOA) continues to be a hot topic, but how well are enterprises doing with their SOA initiatives? The bad news is that many SOA initiatives will fail spectacularly. Regardless of what the vendors tell you, you can’t buy SOA. It doesn’t come in a tidy little box. It’s something you do. And it requires change in many parts of the organisation. SOA is more about culture than technology, and that makes it very difficult for an IT group to manage. This topic will examine the current state of SOA and the issues impeding its adoption. Discussion points include:


  • Is SOA dead, or are people just tired of hearing about it?
  • What are the prerequisites to SOA adoption?
  • What is missing in IT today: Information, technology, or process?
  • To ESB or not to ESB: Do I need one to be successful?
  • SOA governance
  • WS-*: Is it the path to SOA or a dead end?
  • WS-* vs. REST

The Collaboration and Content Markets: Trends and Dynamics


Topic Owner:Craig Roth

Topic Details


The Collaboration and Content Markets: Trends and Dynamics


2007 will be a watershed year for collaboration and content management. IBM and Microsoft, the market-leading collaboration vendors, will release their most significant product updates in a decade, triggering upheaval and consolidation of collaboration and content markets. At the same time, growing business imperatives related to compliance and security are escalating the need for comprehensive management of collaboration and content records for nearly all enterprises. Such volatile market dynamics have significant implications for incumbent vendors in content management, document management, search, and several other traditional software product categories. Discussion points include:


  • Overviews and assessments of new collaboration and content management offerings from IBM and Microsoft, including customer case studies
  • An assessment of other enterprise collaboration/content contenders, including Adobe, Google, Oracle, and open source alternatives
  • A review of implications for incumbent content/document management vendors
General Session Topics - Thursday 25 October

Digital Identity: Implications for Policy and Society


Topic Owner: Gerry Gebel

Topic Details


Digital Identity: Implications for Policy and Society


As society grapples with the use of digital identity in consumer activities, internet commerce, and social programs, enterprises may at first seem shielded from the outcome of such issues. But enterprise identity and internet identity are quickly merging into a common problem space. As consumer- and citizen-facing identity systems are refined, they will heavily influence the way enterprises issue identifiers, manage personal information, and federate with other businesses. Similarly, enterprise technologies bring a wealth of experiential information to the design of Internet-wide identity systems. Issues we’ll cover include:

  • The end of secrecy: Why technology makes secrets virtually impossible to keep.
  • Beyond identity: Relying on reputation systems, presence, and collaborative technologies to secure domains.
  • Coping in a secretless world: Introducing new devices for obscurity
    • Identity Oracle, or the “Meta-identity System”
    • Limited Liability Personas
    • Relational SSL
    • Multi-factor Identity
  • Does identification make society more secure?

Unified Communications: Beyond the Phone System


Topic Owner:Michael Disabato

Topic Details


Unified Communications: Beyond the Phone System


Unified communications has been the focus of numerous media stories and has been hyped by industry pundits and vendors alike. But how are organisations progressing on their journey towards converged real-time communication services, including voice, videoconferencing, instant messaging, and presence? Fixed and mobile devices, systems, and services will need to be consolidated, and security issues must be considered.

However, unified communications is much more than just technology consolidation. Undertaking such efforts will have dramatic impacts on organisational roles, responsibilities and structures. Unified communications also has to provide greater business relevancy than simply deploying a fancier phone. Adapting work practices to better integrate real-time communications within process activities are design and development skills that are not very mature. The evolution of call centres/customer contact centres is also part of the equation. This topic examines the current state of unified communications, challenges impeding adoption, and prospects for success.

OS and Application Security: Are We There Yet?


Topic Owner:Diana Kelley

Topic Details


OS and Application Security: Are We There Yet?


The industry has made significant strides towards more secure operating systems but many issues and vulnerabilities remain. Many applications continue to roll out in sensitive areas without adequate security input. Moreover, organizations must adapt security management infrastructures to accommodate new releases.


  • How high does Windows Vista raise the bar against inevitable attacks, and what are the challenges in migrating security infrastructure to support it?
  • Behind the scenes, servers hold critical data: Are there secure (and practical) OS alternatives?
  • Use of handheld computers is expanding faster than laptops or desktops; how’s their security?
  • How should organizations balance tighter endpoint protections, manageability and a productive user experience?
  • How can IT security, application developers and application vendors promote improved security moving forward?

These sessions will take a wide-angled perspective on operating systems, the IT security market and opportunities for employing more secure building blocks from the endpoint, to the data centre to the security architecture.

The Evolving User Interface: Never Too Rich or Too Thin?


Topic Owner:Chris Haddad

Topic Details


The Evolving User Interface: Never Too Rich or Too Thin?


Rich internet application (RIA) technologies, such as Ajax and Flash are becoming pervasive on the Web and within the enterprise. But RIA is not the only new idea in the user interface (UI) domain. The convergence of UI and collaboration is likely to revolutionise the user experience. This cross-cutting topic will examine RIA and other evolving UI techniques, such as using productivity applications (e.g., Office or Lotus) as an interface to line of business (LOB) applications, developing smart documents that act as a front end to workflow systems, and integrating collaboration services into LOB desktop applications. Discussion points include:


  • The RIA wars: Ajax vs. Flash vs. Java vs. WPF/E
  • Debunking Web 2.0: What it is, and what it isn’t
  • Office as a legitimate enterprise application development platform
  • The intersection between departmental forms and enterprise application development
  • What happened to portals and portlets?

Please note: Burton Group will not provide any documentation to attendees regarding session attendance or participation. After the conference, attendees must log-in to the (ISC)˛ website and submit the required information.

For those information security professionals who endeavor to become (ISC)˛ members holding any of the certifications such as Systems Security Certified Practitioner (SSCP®), Certification and Accreditation Professional (CAPCM) and Certified Information Security Professional (CISSP®) and any of the CISSP Concentrations: Information Security Systems Engineer (ISSEP®), Information Security Management Professional (ISSMP®) and Information Security Architecture Professional (ISSAP®), Burton Group Catalyst Conference offers sessions that qualify attendees to earn Continuing Professional Education (CPE) credits.

(ISC)2®, the International Information System Security Certification Consortium, Inc., a not-for-profit organization founded in 1989. https://www.isc2.org

© 2007 Burton Group. All rights reserved