English   Deutsch

News Archive

 Subscribe in a reader

2014 | 2013 | 2012 | 2011 | 2010 | 2009 | 2008 | 2007

News
Date Title Type
25.04.14 Enterprise Single Sign-On (E-SSO) is a well-established technology. Despite all progress in the area of Identity Federation, E-SSO is also still a relevant technology. This is also true in the light of the growing number of Cloud-SSO solutions that manage access to cloud applications, both… Executive Views
23.04.14 Have you seen this WSJ article? This is great news for privacy, human rights and a profound public security based on individual freedom: nations can no longer require IT and telecom companies to store communication data about all customers and communication partners - at least there need to… Blog
22.04.14 Access Governance is about the governance and management of access controls in IT systems and thus about mitigating access-related risks. These risks include the stealing of information, fraud through changing information, and the subverting of IT systems, for example in banking, to… Executive Views
22.04.14 Enterprise Single Sign-On (E-SSO) is a well-established technology. Despite all progress in the area of Identity Federation, E-SSO is also still a relevant technology. This is also true in the light of the growing number of Cloud-SSO solutions that manage access to cloud applications, both… Executive Views
21.04.14 Two weeks have passed since the day the Heartbleed Bug has been revealed to the world, and people around the world are still analyzing the true scale of the disaster. We've learned quite a lot during these two weeks: After Cloudflare initially expressed doubt that the bug can really leak… Blog
10.04.14 In this KuppingerCole Webinar, we will look at Enterprise Single Sign-On (E-SSO) and the alternatives. Starting with the use cases for single sign-on and related scenarios, we will analyze the technical alternatives. We look at various aspects such as the time for implementation, the reach… Podcast
10.04.14 Identity Provisioning is still one of the core segments of the overall IAM market. Identity Provisioning is about provisioning identities and access entitlements to target systems. This includes creating and managing accounts in such connected target systems and associating the accounts… Leadership Compass
09.04.14 Many organizations currently consider migrating away from their current Identity Provisioning solution. There are many reasons to do so: vendors became acquired and the roadmap changed; the requirements have changed and the current solution does not appear being a perfect fit anymore; a lot… Podcast
09.04.14 Managing and governing access to systems and information, both on-premise and in the cloud, needs to be well architected to embrace and extend existing building blocks and help organizations moving forward towards a more flexible, future-proof IT infrastructure. Business & Technology Breakfast
08.04.14 As just about every security-related publication has reported today, a critical vulnerability in OpenSSL has been discovered yesterday. OpenSSL is a cryptographic software library, which provides SSL/TSL encryption functionality for network traffic all over the Internet. It's used by Apache… Blog
08.04.14 Enterprise Key and Certificate Management (EKCM) is made up of two niche markets that are converging. This process still continues, and as with all major change of IT market segments, is driven by customer requirements. These customer requirements are driven by security and compliance… Leadership Compass
08.04.14 Since the documents leaked last year by Edward Snowden have revealed the true extent of NSA powers to dig into people's personal data around the world, the topic of protecting internet communications has become of utmost importance for government organizations, businesses and private… Blog
08.04.14 In IBM's view the kinds of IT applications that organizations are creating is changing from internal facing systems to external facing systems.  IBM calls these kinds of systems "systems of record" and "systems of engagement" respectively.  The systems of record represent the traditional… Blog
04.04.14 NextLabs is a US-based vendor with headquarters in San Mateo, CA, and a strong footprint as well in the APAC (Asia/Pacific) region. The company focuses on what they call “Information Risk Management”. In fact, the focus is more on Information Risk Mitigation, i.e. practical… Executive Views
04.04.14 The attack landscape is changing. Targeted, advanced and persistent external attacks are increasing. However, despite all discussions about external threats, one thing is clear: The biggest threat is internal, and comes from your own users. Whether these are malicious or just human errors,… Webinar
03.04.14 Access Governance ist inzwischen eine etablierte Disziplin innerhalb der Governance- und Informationssicherheitsorganisation von Unternehmen. Mit Access Intelligence-Funktionen werden vermehrt zusätzliche Analysedienste bereitgestellt, mit deren Hilfe man besondere Risiken beispielsweise… Podcast
01.04.14 A few days ago, I was I was travelling in a local train, together with a business partner, from my office in Germany to an event in another city. We both learned a lot about the real world challenges of face recognition. While I already had a 24-hour ticket for travelling in and around that… Blog
01.04.14 VASCO is a vendor in the Authentication Management market which provides solutions for strong authentication, electronic signing & digital signing. They are known for their broad range of hardware tokens for authentication & signatures and complementary software solutions. In… Vendor Reports
25.03.14 "To cloud or not to cloud?" - this is no longer the question. It is rather to what extent and depth enterprises leverage cloud computing. With identity and access management (IAM) solutions for their internal IT systems, enterprises have achieved a high level of security, transparency and… Podcast
25.03.14 Targeted attacks continue to hit the headlines as the pinnacle of cyber-attacks faced by businesses. Once the perimeter defenses fail to defend against targeted attacks, the mitigation focus has shifted to inside the network. Security analytics focused on privileged account activity can… Podcast
21.03.14 Thank you for attending and see you next year! Podcast
20.03.14 Die “Identity Explosion” stellt Unternehmen vor neue Herausforderungen. Statt sich beim IAM (Identity und Access Management) primär um die Mitarbeiter zu kümmern, muss man im „Extended Enterprise“ auch Geschäftspartner und oftmals Millionen von Kunden verwalten und ihnen kontrollierten… Podcast
20.03.14 The Cloud IAM market is currently driven by services that focus on providing Single Sign-On to various Cloud services as their major feature and business benefit. This will change, with two distinct evolutions of more advanced services forming the market: Cloud-based IAM/IAG (Identity… Advisory Notes
20.03.14 KuppingerCole Buyer’s Guide for Access Governance and Identity Provisioning as core disciplines of IAM (Identity and Access Management) and IAG (Identity and Access Governance). Criteria to select your vendor. Questions to ask vendors. Requirements for successful deployments. Your… Advisory Notes
16.03.14 Pre-Program: Identity and Access Management - Where to Start? Morning: Access Governance for both on premises applications and Cloud & Mobile Afternoon: Dynamic Externalised Authorisation Management with the move from Role to Policy Based Access control. Seminar
15.03.14 Join us for an Identity and Access Management seminar day jointly supported by KuppingerCole (Asia Pacific) and the Shenzhen IT Compliance Association. Seminar
15.03.14 Pre-Program: Identity and Access Management - Where to Start? Morning: Access Governance for both on premises applications and Cloud & Mobile Afternoon: Dynamic Externalised Authorisation Management with the move from Role to Policy Based Access control. Seminar
15.03.14 Pre-Program: Getting Started with Identity and Access Management. Morning: Access Governance; how to control On Premise, Cloud and Mobile applications, and Dynamic Externalised Authorisation Management. Afternoon: Moving to the Cloud, practical steps to managing identities and… Seminar
14.03.14 Access Governance is about the management of access controls in IT systems and thus about mitigating access-related risks. These risks include the theft of information, fraud through changes to information, and the subversion of IT systems - for example in banking - to facilitate illegal… Advisory Notes
14.03.14 Recently  a spotlight has been shed on the need for investing in Information Security solutions. The increase in cyber-attacks, the consistently high level of internal challenges, the appearance of more sophisticated types of long-running attacks (sometimes called Advanced Persistent… Blog
13.03.14 Targeted attacks continue to hit the headlines as the pinnacle of cyber-attacks faced by businesses. Once the perimeter defenses fail to defend against targeted attacks, the mitigation focus has shifted to inside the network. Security analytics focused on privileged account activity can… Webinar
13.03.14 Most organizations use Microsoft Active Directory as a strategic element of their on-premise network infrastructure. However, handling external users such as customers and partners is not easy. This new ABC – the Agile Business: Connected – is the challenge. Webinar
12.03.14 The challenge of all organizations in these days of connected businesses and their need for agility in changing markets – the new ABC: Agile Business, Connected – is creating new challenges for IT. One of these challenges is securely sharing information. Podcast
10.03.14 Migrating an existing provisioning system always becomes a red-hot topic once a vendor becomes acquired by another vendor. In these situations - like the acquisition of Novell by NetIQ, of Völcker by Quest Software, of Waveset by Sun Microsystems and then Sun Microsystems by Oracle and… Advisory Notes
10.03.14 Unlike the majority of their competitors, Venafi came from an ECM background to become a market leader in their field. Their main competition evolved from EKM devices and HSM manufacturers’ acquisition and consolidation of products. As a result Venafi has a well-developed software… Executive Views
10.03.14 Enterprise Single Sign-On (E-SSO) is a well-established technology. Despite all progress in the area of Identity Federation, E-SSO is also still a relevant technology. This is also true in the light of the growing number of Cloud-SSO solutions that manage access to cloud applications, both… Executive Views
07.03.14 Recently there have been posters in London Underground stations warning users of Oyster Cards – the Transport for London (TfL) NFC enabled electronic travel wallet – that there is a risk of "card clash".  These posters warn that they need to keep other contactless NFC payment… Blog
06.03.14 Recently, the FIDO Alliance announced that PayPal and Samsung were enabling consumer payments with fingerprint authentication on the new Samsung Galaxy S5. My valued colleague Dave Kearns and I have written various posts about the FIDO Alliance and the impact we expect they will have on the… Blog
06.03.14 Dynamic Authorization Management for applications based on centrally managed policies, enforced at runtime. Support for existing applications, without any code changes, through the Oracle API Gateway... Executive Views
05.03.14 A few days ago, Tokyo-based Bitcoin exchange Mt. Gox appeared to be in trouble. When looking at their website Friday morning, I only found meaningless announcements. They are "working very hard to find a solution to our recent issues". Looking at the situation realistically, chances are… Blog
05.03.14 Agility is a key capability of successful organizations. Agility is the ability to quickly adapt the organization and the business model to new customer demands, innovations, and a changing competitive landscape. We live in a time where virtually all business relies on IT. Whether this is… Blog
05.03.14 The Connected Enterprise is opening new opportunities for business, for innovation and for growth – it is a fundamentally important imperative for today's business world. But it does not come for free: there are a number of caveats to circumvent, risks to address and changes to… Blog
04.03.14 IBM has recently made a number of major announcements and these are linked.  In December 2013 IBM announced the acquisition of FiberLink a privately held mobile management and security company.  Then on January 23rd it announced that Lenovo plans to acquire IBM's x86 server business. … Blog
04.03.14 Smart information is big data analyzed to provide answers to business questions. SAP HANA is the new runtime backend for SAP Enterprise Applications. It provides high performance database through “in-memory” processing and storage and is especially suited for instant analytics… Executive Views
28.02.14 Access Governance ist inzwischen eine etablierte Disziplin innerhalb der Governance- und Informationssicherheitsorganisation von Unternehmen. Mit Access Intelligence-Funktionen werden vermehrt zusätzliche Analysedienste bereitgestellt, mit deren Hilfe man besondere Risiken beispielsweise… Webinar
28.02.14 My last post focused on the challenges and the potential of SDN (Software Defined Networking) and SDCI (Software Defined Computing Infrastructures) for improving Information Security. APIs are being used to control more devices from a central point, bringing agility to networks, virtual… Blog
28.02.14 There are various approaches to Secure Information Sharing (SIS), as I have explained in previous posts. However, which one is the best? As always, there is no simple answer. It depends on the requirements of the customers. Nevertheless, the various product categories have their strengths… Blog
27.02.14 Why Identity Federation, Cloud IAM, and API Management help organizations in meeting their business needs for agile business processes that connect the organization to their business partners and customers and manage access to Cloud applications. The need for a new organizational structure… Advisory Notes
27.02.14 The news of the bug in Apple operating systems has spread this week. As Seth Rosenblatt wrote on cnet, Apple's culture of secrecy again has delayed a security response. While there is a patch available for iOS, the users of OS X still have to wait. I have written before about the risks… Blog
25.02.14 When looking at the core IAM (Identity and Access Management) market with its main product categories of Identity Provisioning and Access Governance, some customers and vendors currently raise the question of whether there is still a need to keep these product categories separate or whether… Blog
25.02.14 Secude is a Swiss-based vendor with a long history in Information Security. Among other accomplishments, they developed today’s SAP NetWeaver Single Sign-On product that then was acquired by SAP and became part of SAP’s own security portfolio... Executive Views
25.02.14 "To cloud or not to cloud?" - this is no longer the question. It is rather to what extent and depth enterprises leverage cloud computing. With identity and access management (IAM) solutions for their internal IT systems, enterprises have achieved a high level of security, transparency and… Webinar
24.02.14 A business-driven approach to Access Governance, based on business processes and access risk. Supporting fine-grained SoD analysis for all environments, with strong support for SAP. Combining Access Governance and Dynamic Authorization Management. Providing connectivity to target systems… Product Reports
24.02.14 A while ago, I wrote about the changing market for Secure Information Sharing. I also recently published a report on Microsoft Azure RMS, one of the most important products in that market segment, and further reports will follow. The first question is: What is Secure Information Sharing… Blog
21.02.14 Microsoft Rights Management Services (RMS) is a solution that might help Secure Information Sharing become a topic for the masses, at least at the enterprise level. I just recently wrote a report on the product. However, as with any Information Security technology - especially ones that are… Blog
20.02.14 In my new report "Entitlement & Access Governance", published yesterday, I introduce a new term and abbreviation: EAG for Entitlement & Access Governance. Thanks to Dave Kearns for proposing that term - I like it because it reflects what this is about. EAG describes approaches that… Blog
20.02.14 CA Technologies is amongst the largest infrastructure software vendors worldwide. They offer a broad portfolio of products in the IAM market segment, including CA IdentityMinder™ (formerly CA Identity Manager) as their solution for Identity Provisioning. IdentityMinder™ is built… Product Reports
19.02.14 Integrating Access Governance, Data Governance, and system-level Fine Grained Access Control to provide a comprehensive approach to requesting, managing, and governing access at all levels. Defining the next maturity level for Access Governance solutions: Entitlement & Access Governance… Advisory Notes
19.02.14 SAP HANA is the new runtime backend for SAP Enterprise Applications, and is especially suited for instant analytics on the data managed by the applications. This Executive View presents an overview on the security of SAP HANA and gives recommendations on how to address potential weaknesses... Executive Views
18.02.14 Unternehmen verändern sich schneller denn je. Die Zusammenarbeit mit Kunden und Geschäftspartnern in neuen Geschäftsmodellen führt zu immer neuen Anforderungen an die IT. Diese muss reagieren und die Business-Innovationen unterstützen, statt sie zu behindern. BYOI (Bring Your Own Identity)… Podcast
17.02.14 The challenge of all organizations in these days of connected businesses and their need for agility in changing markets – the new ABC: Agile Business, Connected – is creating new challenges for IT. One of these challenges is securely sharing information. Webinar
14.02.14 Many organizations – of all sizes – still have no or only a rudimentary IAM in place. When looking at IAM, it quickly turns out that this is about more than a single technology. Webinar
14.02.14 In this KuppingerCole Webinar, we will look at Enterprise Single Sign-On (E-SSO) and the alternatives. Starting with the use cases for single sign-on and related scenarios, we will analyze the technical alternatives. We look at various aspects such as the time for implementation, the reach… Webinar
14.02.14 NIST (the US National Institute of Standards and Technology) has now released the final version of their Cybersecurity Framework for Critical Infrastructures. As requested, this is not a set of new regulations or fundamentally new concepts for security, but, to quote my colleague Prof. Dr.… Blog
14.02.14 Industry networks for secure collaboration are not a new thing. The evolution of these networks started back in the late ‘90s for some industries. While the initial focus sometimes was more about B2B marketplaces, enabling secure collaboration and managing the identities of the… Executive Views
14.02.14 SecureKey Technologies provides cloud-based, trusted identity networks that enable organizations to deliver online services securely to consumers. SecureKey offers a suite of cloud based services for consumer and citizen authentication under the trademarked name of briidge.net™. There… Executive Views
13.02.14 Secure Information Sharing is the number one challenge these days in Information Security. Organizations on the one hand must enable flexible collaboration with business partners as part of their evolution towards agile, connected businesses. On the other hand, the increasing Information… Executive Views
12.02.14 Many organizations currently consider migrating away from their current Identity Provisioning solution. There are many reasons to do so: vendors became acquired and the roadmap changed; the requirements have changed and the current solution does not appear being a perfect fit anymore; a lot… Webinar
10.02.14 It is a common scenario in organizations that the marketing department, business development, or the sales department asks the IT department to support social logins on some of the corporate websites, including eCommerce sites. Admittedly, IT also sometimes proposes such functionality,… Blog
06.02.14 Recently, there have been various articles on the NSA and GCHQ (Britain's Government Communications Headquarter) collecting date from "leaky apps", including data from Angry Birds, Google Maps, Facebook, Flickr, or Twitter. Surprise? No! Look at another story in that context: There have… Blog
06.02.14 Due to their natural coupling, SDN and virtual networking are often confused, but are not the same thing. Virtual networking is the ability for networks to exist in a virtual state - removing hardware, as with SDN. This already happens in the majority of networks, VLANs being used as a… Blog
04.02.14 A recent discussion in the "Identity Management Specialists Group" on LinkedIn had the title "On point. Agree. Gartner says attributes are the new role for identity?" I wondered a little about a rather old discussion appearing again. In fact, there rarely has been pure role-based access… Blog
04.02.14 It's a new year, and there are some new changes coming to KuppingerCole, especially in the material that will come into your inbox. First, some background. After the past year or so we've been growing by leaps and bounds with new offices in Europe and the Asia-Pacific area as well as new… Blog
04.02.14 Akamai is a software platform, originally built on Linux, and able to run on commodity hardware. According to Akamai’s own metrics, at any one time between 15% and 30% of web traffic is going between Akamai servers. It is not a separate network, running as it does over the Internet… Product Reports
30.01.14 As part of a series of blogs concentrating on the market of Software-defined infrastructures such as SDN (Software Defined Networking) or SDCI, I am currently looking into SDN, and the implications that it is will have for the network market in general over the coming months. It helps to… Blog
29.01.14 Managing and governing access to systems and information, both on-premise and in the cloud, needs to be well architected to embrace and extend existing building blocks and help organizations moving forward towards a more flexible, future-proof IT infrastructure. Business & Technology Breakfast
28.01.14 Geschäftliche Informationen machen einen wesentlichen Teil des Unternehmenswertes aus. Diese Informationen sind aber gefährdeter als jemals zuvor. Diese Gefahr entsteht aber keineswegs nur durch externe Angriffe, sondern in hohem Maße immer noch durch interne Anwender mit umfassenden Berechtigungen. Podcast
28.01.14 Issues faced by CISOs when looking for Enterprise Key and Certificate Management systems, and how to address them. Advisory Notes
27.01.14 The Leadership Compass shows that Enterprise Single Sign-On is a rather mature market. Especially in the areas of Product Leadership and Innovation Leadership, many vendors are leading-edge and competing head-to-head. This is good news for customers, allowing them to choose from a range of… Leadership Compass
22.01.14 This Leadership Compass provides an overview and analysis of the Privilege Management market segment, sometimes referred to as Privileged Identity Management, Privileged Account Management, etc. Technologies typically support Privilege Management as a password repository approach (commonly… Leadership Compass
17.01.14 This week the UK government launched the Cyber Street programme to improve the cyber security of UK residents and SMEs.  This is complemented by a Cyber to the Citizen initiative from the BCS - (The UK Chartered Institute for IT). The background to this is the continuing concern that most… Blog
16.01.14 Aussagen von Auditoren zu Risiken durch privilegierte Nutzer sind nicht wirklich nötig, um ein besonderes Augenmerk auf privilegierte Zugriffe zu werfen. Podcast
15.01.14 It was recently reported that Google has bought Nest Labs, a manufacturer of home automation sensors and devices with, currently, two products: a digital thermostat and a Smoke + CO Alarm. Why is it, then, that somebody would spend 3.2 Billion USD for a company producing home appliances… Blog
10.01.14 Brainwave is a French vendor and their product Brainwave Identity GRC is focused on what they describe as identifying and mitigating the user risks. Compliance is an important driver for the acquisition of IAM technology and Brainwave Identity GRC is focused squarely on this need. It… Executive Views
07.01.14 Happy New Year everyone! We've just come through what's probably the biggest gift giving month of the year - most of you, I'm sure, unwrapped more than one present. So let me ask a couple of questions. If there was a pretty package, with no tag identifying the giver - would you open it? If… Blog
top
KuppingerCole Select
Register now for KuppingerCole Select and get your free 30-day access to a great selection of KuppingerCole research materials and to live trainings.
Register now
Links
 KuppingerCole News

 KuppingerCole on Facebook

 KuppingerCole on Twitter

 KuppingerCole on Google+

 KuppingerCole on YouTube

 KuppingerCole at LinkedIn

 Our group at LinkedIn

 Our group at Xing

 GenericIAM
Imprint       General Terms and Conditions       Terms of Use       Privacy policy
© 2003-2014 KuppingerCole