NorthSec 2021

Evelyn Lam

Evelyn Lam is an Identity and Access Management Lead Security Architect, Vice President at Morgan Stanley. She has over 16 years of IT experience managing enterprise-scale global projects for such industries as Wall Street Investment Banking, Retail Banking, and Big 4 Consultancy. She has nine years of experience in leading security teams, development teams in North America and Asia, and managing client relationships in North America, Europe, and Asia.

Evelyn specializes in strategic and architectural decision-making in authentication, identity management, cloud security, and data masking.

In addition to her Security Architect role, Evelyn has a track record of public speaking, tutoring, and mentoring since 2010. She was a speaker at Grace Hopper Conference 2020, a summer guild instructor in Women in Technology in New York 2019, a speaker and a panelist at security conferences. Evelyn has been an instructor of entry-level and advanced security classes teaching security architecture and threat modeling in her Firm since 2018. She is an active member of campus recruitment teams in North America. She is also a mentor in Rewriting the Code (RTC).

Evelyn is a Certified Information Security Manager with a Master's degree in Computer Science.

The speaker's profile picture

What is your title?

IAM Lead Security Architect, Vice President

What is your company/affiliation(s)?

Morgan Stanley

LinkedIn profile (full URL)

https://www.linkedin.com/in/evelyn-l-9aba0332/


Sessions

05-21
12:15
30min
Authentication challenges in SaaS integration and Cloud transformation
Evelyn Lam

Enterprise companies are using cloud applications at an increasing pace. The Work-from-home (WFH) new normal has turned the Cloud transformation evening more demanding than ever. Software as a Service (SaaS) access model is prevalent for WFH as it enables devices to connect from the internet and the corporate network.

Even though many enterprises today adopted SaaS solutions, a workable integration does not necessarily imply a secure one. Enterprises shall come up with a strategic solution to maintain security standards sustainably.

Managing authentication in the Cloud is a complex problem, more complicated than the traditional, on-premise "Walled Garden" environments. Public Cloud applications reside in a more "open" and "shared" environment and therefore have different attack vectors and vulnerabilities. The conventional ways to handle authentication are not good enough to securely protect Public Cloud resources and SaaS applications from unauthorized access.

In this presentation, I will go through some common SaaS integration security pitfalls, the risk of unmanaged Cloud identities, and explain why adopting an Identity provider (IDP) solution is critical to handle Cloud authentication security. The audience would also look at how a Cloud-based IDP solution tackles the Cloud authentication problems more intelligently than a traditional IDP.

Cloud
Main stream
05-21
14:00
30min
Cloud security
Philippe Arteau, Renzon Cruz, Magno Logan, Evelyn Lam, Max Habra

Q&A and discussion for the cloud security block, hosted and moderated by Max Habra. Questions will be gathered from the audience during the three prior talks.

Cloud
Main stream