Andrew is the founder and Managing Director of Archistry Limited, bringing over 12 years experience in delivering innovative solutions to the Mobile & Wireless Telecommunications, Public Sector, Financial Services and Software industries. His primary focus is helping organizations ensure they have the right technology strategy to deliver their business objectives. Prior to founding Archistry, Andrew was a Manager and Technical Architect with BearingPoint Ireland where he was the Principal Design Authority and Enterprise Architect for the Irish Government's Public Services Brokerthe SOA backbone of Ireland's e-government efforts. Andrew is an active member of the SOA and Security communities, including holding the CISSP security certification and regularly speaking on these topics at conferences such as SOA for E-Governemnt, InfoSeCon and worldwide OASIS events. He is a regular contributor to the US Government's SOA Community of Practice and has published articles in Information Security Bulletin magazine and the InfoQ on-line community. Andrew is a member of the Association for Computing Machinery, the IEEE Computer Society and the Irish Computer Society.


Identity Management – The Foundation of Your Enterprise Architecture
Regardless if you call them "stakeholders", "users, groups and roles" or "identities", the processes and systems of the enterprise are meaningless unless you understand how they will be used, by whom and in what context. While it is quite clear that identities form the foundation of any security policy, the link between identities and enterprise architecture may not be so apparent.
Enterprise architecture defines the principles, methods and models in the design of the whole enterprise—including its organizational structures and policies, business processes, information systems and infrastructure. Therefore, how identification, authentication and authorization are performed should be a core part of any enterprise architecture.
Every time you add a new system to your organization, add new functionality to existing systems, outsource business processes or integrate legacy systems as a result of a merger or acquisition or even deploy new technologies such as Wi-Fi, VPNs or IPSec, you need to know how this change will affect your enterprise: will we need new identities? Will what our existing identities need access to be changed?
How will these identities evolve over time?
This session shows the relationship between enterprise architecture and identity management and how you really can't have one without the other.
After attending this session, you will understand:
* The business drivers for enterprise architecture,
* Why information assurance and security are a foundational part of enterprise architecture,
* The policy questions that must be answered when building an identity system,
* Where to start with enterprise identity management,
* Some of the challenges and pitfalls you can expect, and
* Some tangible business benefits you should achieve

SOA – The Security Implications of the Agile Enterprise
Service-Oriented Architecture is a current trend for implementing enterprise architecture that views an organization in terms of its essential tasks and functions from the perspective of those that benefit from them. This approach allows the organization to more gracefully adapt to both economic trends such as outsourcing and off-shoring as well as changes in technology platforms, aligning IT more closely with business strategy and delivering levels of "business agility" not previously possible.
While the business benefits of SOA have been well explored elsewhere, SOA is a different way of organizing IT systems and infrastructure using new technologies with potentially dramatic implications to your existing information assurance policies and controls. If your organization is considering SOA or has committed to move toward SOA, it is essential that you understand these implications and ensure you maintain an appropriate level of assurance within your enterprise. How much of what you know is still valid, and how is SOA going to be different than what you had before?
Fortunately, you can reuse a lot of what you already know, but you can only understand the differences within the context of understanding some fundamentals of SOA. This session will help you understand:
* The fundamentals of SOA and how they are likely to be applied to your organization,
* The risks, privacy, audit and other regulatory implications of SOA,
* How you can apply what you already know,
* Some of the new approaches you will need to adopt, and
* Some of the technologies and tools that you may need to make it all fit together