ForgeRock New York Summit Recap

New York in May – you couldn’t ask for a better location or better weather to kick off the 2016 ForgeRock Identity Summit series. Or a better venue, for that matter. Guastavino’s Bridgemarket is a historic event space situated under the 59^th Street Bridge (formally the Ed Koch Queensboro Bridge) on the east side of Manhattan. It’s a dramatic setting with soaring granite arches and vaulted tile ceilings that are the trademark of Rafael Guastavino Moreno, the famed Spanish architect who also contributed design elements to the Boston Public Library, San Francisco’s Grace Cathedral, and many landmark buildings in New York, including Carnegie Hall and Grand Central Station.

Guastavino’s was the site for our main event Business Track day on Thursday, May 26^th, but we actually got started the day before with our Tech Day event at the Renaissance 57 Hotel in midtown. This was an afternoon of deep dives into best practices and how-to instructional presentations on getting the most out of ForgeRock solutions. Among the highlights:

• Jamie Nelson, Senior VP of Engineering, gave an overview of the ForgeRock Identity Platform, with insights into ForgeRock’s overall engineering strategy, CREST and HTTP framework, APIs, audit framework and common services. Jamie proceeded to give updates on the latest developments with the core four modules in the ForgeRock platform: Access Management, Identity Gateway, Identity Management and Directory Services.
• Warren Strange, Director of Customer Engineering, provided an overview of ForgeRock’s emerging DevOps / Cloud strategy. As many ForgeRock customers are seeking cloud-based approaches to digital security, our engineering groups are responding with offerings that are optimized for environments including Cloud Foundry, Azure, AWS and OpenStack. Warren also described how ForgeRock is now accommodating developers who work with container-oriented technologies such as Kubernetes and Docker.
• Victor Aké, Co-Founder and VP of Innovation, gave a talk, Authorization for the Modern World, which reviewed the central importance of digital identity to life today. Victor’s presentation touched on many technical aspects of the ForgeRock platform – policy enforcement, role-based access control (RBAC), OAuth and UMA, most notably – but was notable for putting these technologies and approaches into the larger context of how individuals and organizations interact online through all kinds of digital devices.
• Finally, Product Management Director Ludovic Pouitou presented on Best Practices for API Security, providing an overview of our Identity Gateway product. Ludo’s talk covered policy management, traffic throttling, OAuth2, border enforcement, monitoring and auditing. He also delved into how API security measures can inform monetization strategies.

On Thursday, CEO Mike Ellis kicked off our Business Track event with a brief “state-of-the-union” overview of what’s been happening at ForgeRock while the assembled customers, partners, friends and family finished off their morning coffee from the buffet breakfast downstairs. Mike stayed onstage to host the main event of the morning: a wide-ranging discussion on cybersecurity with Suzanne Kelly, former intelligence correspondent at CNN and now-CEO at The Cipher Brief, and Fran Moore, retired senior executive with the Central Intelligence Agency and Vice President at The Cipher Brief. Kelly launched The Cipher Brief to provide relevant analysis of news and events that helps readers accurately anticipate and safely navigate the complex, unstable, global security environment, and that theme underpinned the discussion. During the discussion Kelly asserted that assessing and understanding cyberthreats has mostly been perceived as a governmental issue, but that going forward must be an imperative for both public and private entities. Moore amplified that line of reasoning, pointing out that many of the highest-profile data breaches in recent years came about not through sophisticated IT techniques, but through simple social engineering methods usually involving phishing emails. “Behavioral change regarding cyberthreats cannot be legislated,” she noted. The Q&A session following was newsworthy in that Moore, a CIA veteran with 32 years of service, said she is not in favor of the government having a “backdoor” capability to access encrypted data from secured smartphones or other devices, saying “I understand the argument for one, and could perhaps be convinced otherwise, but I don’t see the need at this point.”

Other highlights from Business Track day:

• Eve Maler, VP of innovation and emerging technology, presented on User Managed Access, an emerging identity standard that promises to provide a secure, consent-based data sharing framework for the emerging regulatory environment.
• Matt Devost from Accenture, who helps large international companies to identify and manage dynamic threats in complex operational environments, briefed the conference on the emerging threats and vectors that are putting critical infrastructure at risk.
• Ashely Stevenson, identity technology director, gave an overview of ForgeRock’s continuous security technology, pointing out that digital identity plays a unique role in any organization’s technology stack because it’s as important to the user experience as it is to security.
• John Barco, Allan Foster and Daniel Raskin provided an overview of ForgeRock’s approach to identity in the cloud, the essential point being that ForgeRock is making it possible to port identity capabilities across proprietary cloud architectures. To date, developers have largely been constrained to using the limited (very limited!) identity capabilities baked in to each environment.
• James Ashfield from Capital One described how his organization is pursuing a digital transformation initiative to streamline operations and improve customer service.

Finally, CEO Mike Ellis hosted a roundtable panel with Jeff Bagby from Thomson Reuters, Dan Blum from KuppingerCole, and Dean Morstad from MoneyGram. It was a balanced discussion, global in scope as Dan provided some insights into recent developments with European data privacy legislation, including the GDPR. Jeff described how with a growing proportion of Thomson Reuters’ business involving data sharing through APIs, identity and access management has become a critical enabling technology for the global publisher. Dean was able to provide insight into the other side of the identity coin, explaining that with MoneyGram’s agent-based organization, a powerful but flexible identity infrastructure makes it possible to maintain a secure and frictionless user experience.

Overall, the first ForgeRock Identity Summit to be held in New York was a smashing success.  We’re posting presentation decks from the event on SlideShare, and will also be sharing video soon. Onward to San Francisco, Sydney, London and Paris.