English   Deutsch   Русский      

News Archive

 Subscribe in a reader

2014 | 2013 | 2012 | 2011 | 2010 | 2009 | 2008 | 2007

News
Date Title Type
Sep 01, 2014 A number of users of Microsoft’s OneDrive cloud storage system have reported problems on the Microsoft community relating to synchronizing files between devices. So far, I have not seen an official response from Microsoft. This can be very disconcerting so, in the absence of a response from… Blog
Aug 25, 2014 Some years ago IBM brought out a brilliant product in the Tivoli Security Policy Manager (TSPM), a tool to centralize policy administration for access control solutions. It was IBM’s first foray into attribute-based access control and provided a “discrete” externalized authentication tool… Executive View
Aug 22, 2014 CA Technologies is a multinational publicly held software company headquartered in New York, USA. Founded in 1976 to develop and sell mainframe software, over the decades CA Technologies has grown significantly via a series of strategic acquisitions. Although it used to produce consumer… Executive View
Aug 18, 2014 In some form, Privilege Management (PxM) already existed in early mainframe environments: those early multi-user systems included some means to audit and control administrative and shared accounts. Still, until relatively recently, those technologies were mostly unknown outside of IT… Executive View
Aug 18, 2014 Oracle Audit Vault and Database Firewall monitors Oracle databases and databases from other vendors. It can detect and block threats to databases while consolidating audit data from the database firewall component and the databases themselves. It also collects audit data from other sources… Executive View
Aug 14, 2014 In contrast to common application servers, WSO2 provides a more comprehensive platform, adding on the one hand features such as event processing and business rule management, but on the other hand also providing strong support for security features. The latter includes WSO2 API Manager,… Executive View
Aug 14, 2014 Druva’s approach to information protection is quite unique among traditional solutions, since instead of maintaining a centralized data storage and enabling secure access to it from outside, inSync maintains a centralized snapshot of data backed up from all endpoints and operates on… Executive View
Aug 11, 2014 Most companies do not plan their migration to the cloud. They suddenly find that there are multiple users of cloud services in their organisation, each of which was a good idea at the time but now form a disparate approach to cloud services with no strategic vision, a significant training… Webinar
Aug 08, 2014 Controls in security and GRC (Governance, Risk Management, and Compliance) systems are commonly structured in preventive, detective, and reactive controls. When we look at IAM/IAG (Identity and Access Management/Governance), we can observe a journey from the initial focus on preventive… Blog
Aug 07, 2014 Large-scale security breaches are nothing new. Last December we’ve heard about the American retail chain Target’s network hack, when over 40 million credit cards and 70 million addresses have been stolen. This May, eBay announced that hackers got away with more than 145 million of their… Blog
Aug 05, 2014 Using the cloud involves an element of trust between the consumer and the provider of a cloud service; however, it is vital to verify that this trust is well founded. Assurance is the process that provides this verification. This article summarizes the steps a cloud customer needs to take… Blog
Aug 05, 2014 The recent US court decision has added to the concerns of EU customers (and of other regions such as APAC) regarding the use of Cloud services from US-based providers. The decision orders Microsoft to turn over a customer’s emails stored in Ireland to the US government. The decision… Blog
Aug 04, 2014 The word risk is in common use and means different things to different people. This range of use of the word risk makes for potential misunderstandings. This is especially the case where IT related risks are being discussed in a business context. This report is intended to introduce IT… Executive View
Jul 31, 2014 A while ago I blogged about IBM being back as a leader in the IAM/IAG (Identity Access Management/Governance) market. Today the news that IBM is to acquire CrossIdeas, an Italian vendor in the Access Governance market, hit the wire. CrossIdeas is a key player in Access Governance in its… Blog
Jul 30, 2014 It’s never been easier to control who has access to what, who authorised it, who’s access hasn’t been removed and to generate reports on it all. We’ll look at the direction of technological and standards development and discuss the ramifications – what do you have to do to exploit the potential? Podcast
Jul 24, 2014 BalaBit IT Security was founded in 2000 in Hungary, and their first product was an application layer firewall suite called Zorp. Since that time, BalaBit has grown into an international holding headquartered in Luxembourg with sales offices in several European countries, the United States… Executive View
Jul 23, 2014 On Tuesday, security company Trend Micro has unveiled a long and detailed report on “Operation Emmental”, an ongoing attack on online banking sites in several countries around the world. This attack is able to bypass the popular mTAN two-factor authentication scheme, which uses SMS messages… Blog
Jul 18, 2014 Dieses Seminar vermittelt Ihnen die grundlegenden und brachenspezifischen Regelungen für Ihre Cloud-Strategie und informiert Sie über die heutigen und künftigen Anforderungen an Datensicherheit und Datenschutz. Sie tragen Verantwortung für die Planung, Einführung und das Management von Cloud… Leadership Seminar
Jul 18, 2014 Dieses Seminar vermittelt Ihnen die grundlegenden und brachenspezifischen Regelungen für Ihre Cloud-Strategie und informiert Sie über die heutigen und künftigen Anforderungen an Datensicherheit und Datenschutz. Sie tragen Verantwortung für die Planung, Einführung und das Management von Cloud… Leadership Seminar
Jul 18, 2014 Erhalten Sie einen Überblick zur Echtzeit-Überwachung mit Hilfe von Big Data Tools und lernen Sie wie Sie die datenschutzrechtlichen Regulatorien im Kontext der Netzwerküberwachung einhalten. Leadership Seminar
Jul 18, 2014 Erhalten Sie einen Überblick zur Echtzeit-Überwachung mit Hilfe von Big Data Tools und lernen Sie wie Sie die datenschutzrechtlichen Regulatorien im Kontext der Netzwerküberwachung einhalten. Leadership Seminar
Jul 18, 2014 So, unless you’ve been hiding under a rock this week, you’ve definitely heard about a historical global partnership deal forged between IBM and Apple this Tuesday. The whole Internet’s been abuzz for the last few days, discussing what long-term benefits the partnership will bring to both… Blog
Jul 18, 2014 Symantec was founded in 1982 and has evolved to become one of the world’s largest software companies with more than 18,500 employees in more than 50 countries. Symantec provides a wide range of software and services covering security, storage and systems management for IT… Executive View
Jul 17, 2014 Leaders in innovation, product features, and market reach for Cloud User and Access Management. Manage access of employees, business partners, and customers to Cloud services and on-premise web applications. Your compass for finding the right path in the market. Leadership Compass
Jul 16, 2014 Cloud computing allows individuals, businesses and the public sector to store their data and carry out data processing in remote data centers, saving on average 10-20%. Yet there is scope for improvement when it comes to the trust in these services. The new EU-guidelines, developed by a… Blog
Jul 15, 2014 The Cloud IAM market is currently driven by products that focus on providing Single Sign-On to various Cloud services as their major feature and business benefit. This will change, with two distinct evolutions of more advanced services forming the market: Cloud-based IAM/IAG (Identity… Leadership Compass
Jul 14, 2014 Since launching its Web Services in 2006, Amazon has been steadily pushing towards global market leadership by continuously expanding the scope of their services, increasing scalability and maintaining low prices. Last week, Amazon has made another big announcement, introducing two major… Blog
Jul 14, 2014 Die Ergon Informatik AG ist ein in Zürich ansässiges Unternehmen. Neben einem großen Unternehmensbereich für Software-Individualentwicklungen ist Ergon schon seit vielen Jahren auch als Anbieter von Standard-Software am Markt präsent und hat eine signifikante Zahl… Executive View
Jul 14, 2014 Centrify is a US based Identity Management software vendor that was founded in 2004. Centrify has achieved recognition for its identity management and auditing solutions including single sign-on service for multiple devices and for cloud-based applications. The company is VC funded and has… Executive View
Jul 10, 2014 It really didn’t take long after my last blog post on SCADA security for an exciting new development to appear in the press. Several security vendors, including Symantec and F-Secure, have revealed new information about a hacker group “Dragonfly” (or alternatively “Energetic bear”) that has… Blog
Jul 07, 2014 In a press release on June 26 th , the European Commission announced the publication of new guidelines “to help EU businesses use the Cloud”. These guidelines have been developed by a Cloud Select Industry Group as part of the Commission’s European Cloud… Executive View
Jul 07, 2014 There is a growing demand from organizations for tighter communication and collaboration with external parties and, in some cases, customers. At the same time the rapid growth of cloud services is driving the need for robust and flexible authentication solutions. As the network boundary… Executive View
Jul 04, 2014 Organizations are facing a dilemma today. On one hand, they need to collaborate far more flexible than ever before. Employees want to use the Cloud and are mobile. Collaboration with business partners is ever-tightening. Employees already are sharing files with customers using Cloud services… Podcast
Jul 04, 2014 Delivering on the vision for an Internet of Everything and Everyone depends upon the ability to manage and process vast amounts of data; this means turning Big Data into Smart Information. However the realization of this vision is based on existing systems and infrastructure which contains… Leadership Seminar
Jul 03, 2014 In a press release on June 26th, the European Commission announced the publication of new guidelines “help EU businesses use the Cloud”.  These guidelines have been developed by a Cloud Select Industry Group as part of the Commission’s European Cloud Strategy to increase trust in these… Blog
Jul 03, 2014 Earlier this year, I published the Buyer’s Guide: Access Governance and Provisioning. That document provides condensed information about key selection criteria for Identity Provisioning and Access Governance products, while also posing questions that buyers should ask of vendors. I focused… Blog
Jul 01, 2014 Big Data is often characterized by three properties: there is now an enormous quantity of data which exists in a wide variety of forms and is being generated very quickly. These properties are usually referred to as volume, velocity and variety. However there are two other important… Advisory Note
Jul 01, 2014 Office 365 is a popular cloud-based office productivity service built around Microsoft Office platform. Initially released in 2011, it has gone through a major upgrade in 2013 and is currently offered with different plans for home, small business, midsize and enterprise customers.… Blog
Jul 01, 2014 Most organizations have a Microsoft Active Directory in place. The Active Directory (or, in short, AD) builds the foundation of their on-premises infrastructure for managing users, performing their primary network authentication and authentication to AD-integrated applications such as… Blog
Jun 30, 2014 If you have attended our European Identity and Cloud Conference this May, you have probably noticed that, as opposed to the previous years, a significantly bigger part of the agenda and a substantial number of expo stands has been devoted to practical “down to earth” aspects of IT security.… Blog
Jun 25, 2014 The challenges you face are not getting any easier. You need to provision user access efficiently and effectively and maintain regulatory compliance while simultaneously protecting company assets by identifying and eliminating risk. It’s a daunting task. How can you quickly and easily assess… Podcast
Jun 23, 2014 NetIQ is part of the Attachmate Group, which consists of a number of business units, including Novell and Attachmate. NetIQ is the entity, which now markets the former Novell Identity and Access Management products. The core product of NetIQ today is NetIQ Identity Manager, formerly known… Executive View
Jun 23, 2014 CA SiteMinder® in conjunction with CA SiteMinder® Federation provides secure single sign-on and access management to Web applications and Web services either on-premise, at a partner’s site or in the cloud, from a web browser or a mobile device. Executive View
Jun 23, 2014 EmpowerID was founded in 2005. The company initially was called The Dot Net Factory. Over the years, EmpowerID grew from a vendor of point solutions for administration of Windows Server and Microsoft Server products to providing an integrated platform that covers a large breadth of IAM/IAG… Product Report
Jun 20, 2014 Eine Gesamtsicht auf IAM/IAG und die verschiedenen Teilthemen – Definieren Sie Ihr eigenes „Big Picture“ für Ihre zukünftige IAM Infrastruktur. Leadership Seminar
Jun 20, 2014 Eine Gesamtsicht auf IAM/IAG und die verschiedenen Teilthemen – Definieren Sie Ihr eigenes „Big Picture“ für Ihre zukünftige IAM Infrastruktur. Leadership Seminar
Jun 20, 2014 Eine Gesamtsicht auf IAM/IAG und die verschiedenen Teilthemen – Definieren Sie Ihr eigenes „Big Picture“ für Ihre zukünftige IAM Infrastruktur. Leadership Seminar
Jun 19, 2014 Eine Gesamtsicht auf IAM/IAG und die verschiedenen Teilthemen – Definieren Sie Ihr eigenes „Big Picture“ für Ihre zukünftige IAM Infrastruktur. Leadership Seminar
Jun 18, 2014 Keynote at the European Identity & Cloud Conference 2014 May 13-16, 2014 at Munich, Germany Podcast
Jun 18, 2014 Keynote at the European Identity & Cloud Conference 2014 May 13-16, 2014 at Munich, Germany Podcast
Jun 17, 2014 It’s never been easier to control who has access to what, who authorised it, who’s access hasn’t been removed and to generate reports on it all. We’ll look at the direction of technological and standards development and discuss the ramifications – what do you have to do to exploit the potential? Webinar
Jun 16, 2014 Die Gründe, Chancen, Risiken und Zielszenarien einer Migration verstehen und einen Überblick über die Anbieter im Identity Provisioning- und Access Governance-Markt gewinnen. Leadership Seminar
Jun 16, 2014 Mitarbeiter, Kunden, Partner, Lieferanten – Wie Sie unterschiedliche Anwendertypen optimal integrieren. Leadership Seminar
Jun 16, 2014 Keynote at the European Identity & Cloud Conference 2014 May 13-16, 2014 at Munich, Germany Podcast
Jun 16, 2014 Keynote at the European Identity & Cloud Conference 2014 May 13-16, 2014 at Munich, Germany Podcast
Jun 16, 2014 Keynote at the European Identity & Cloud Conference 2014 May 13-16, 2014 at Munich, Germany Podcast
Jun 16, 2014 Keynote at the European Identity & Cloud Conference 2014 May 13-16, 2014 at Munich, Germany Podcast
Jun 16, 2014 Keynote at the European Identity & Cloud Conference 2014 May 13-16, 2014 at Munich, Germany Podcast
Jun 16, 2014 Keynote at the European Identity & Cloud Conference 2014 May 13-16, 2014 at Munich, Germany Podcast
Jun 16, 2014 Keynote at the European Identity & Cloud Conference 2014 May 13-16, 2014 at Munich, Germany Podcast
Jun 12, 2014 Most organizations have already been hacked or been victims of data theft (internal or external), whether they know it or not – or know it and haven’t been willing to acknowledge it. Many are operating in specific regulatory environments, but aren’t in full compliance, leaving them… Webinar
Jun 10, 2014 Organizations are facing a dilemma today. On one hand, they need to collaborate far more flexible than ever before. Employees want to use the Cloud and are mobile. Collaboration with business partners is ever-tightening. Employees already are sharing files with customers using Cloud services… Webinar
Jun 04, 2014 Thycotic is one of the newer vendors in the market segment of Privilege Management. Previously they had been a vendor of various point solutions for system management. Aside from their core product Secret Server, Thycotic still develops and sells two other products which focus on specific… Vendor Report
Jun 04, 2014 Detecting and managing attacks on IT systems is becoming a serious problem. Cyber criminals are using increasingly sophisticated techniques to infiltrate organizational IT systems to commit crimes including data theft, denial of service and blackmail. However, statistics show that most… Executive View
Jun 04, 2014 Dynamic Authorization Management is arguably the most exciting area in identity and access management today. It is the way in which organizations leverage their identity and access management environment to control access to restricted resources. Access control to file shares, network… Leadership Compass
Jun 03, 2014 Most organizations have Microsoft Active Directory in place. The Active Directory (AD) builds the foundation of their on-premises infrastructure for managing users, performing their primary network authentication and authentication to AD-integrated applications such as Microsoft Exchange… Advisory Note
Jun 03, 2014 The Beta Systems Software AG (Beta Systems) SAM Enterprise Identity Manager belongs to the category of enterprise provisioning systems with integrated access governance functions. Its core function is to reconcile identity information among different systems based on defined processes and… Executive View
Jun 03, 2014 Mit dem Garancy Access Intelligence Manager hat die Beta Systems AG eine spezialisierte Lösung für die Analyse von Zugriffsberechtigungen auf den Markt gebracht. Wie der Produktname schon sagt, handelt es sich um eine Lösung für „Access Intelligence“, einen… Executive View
Jun 02, 2014 The challenges you face are not getting any easier. You need to provision user access efficiently and effectively and maintain regulatory compliance while simultaneously protecting company assets by identifying and eliminating risk. It’s a daunting task. How can you quickly and easily assess… Webinar
Jun 02, 2014 This blueprint aims to provide an overview of IAM/IAG to the informed user, helping them to better understand the “big picture” of IAM, including technologies such as Identity Provisioning, Access Governance, strong- and risk-based authentication and authorization and Access… Advisory Note
May 31, 2014 Keynote at the European Identity & Cloud Conference 2014 May 13-16, 2014 at Munich, Germany Podcast
May 30, 2014 Die Gründe, Chancen, Risiken und Zielszenarien einer Migration verstehen und einen Überblick über die Anbieter im Identity Provisioning- und Access Governance-Markt gewinnen. Leadership Seminar
May 30, 2014 Mitarbeiter, Kunden, Partner, Lieferanten – Wie Sie unterschiedliche Anwendertypen optimal integrieren. Leadership Seminar
May 30, 2014 Kim Cameron, Microsoft Scott David, University of Washington (Seattle) - School of Law Ladar Levison, Lavabit Nat Sakimura, Nomura Research Institute Podcast
May 30, 2014 Amar Singh, KuppingerCole John Bradley, OpenID Foundation, Kantara Steven Hope, Winfrasoft Anthony Nadalin, Microsoft Mike Neuenschwander, iC Consult Americas Bart Renard, VASCO Data Security Podcast
May 30, 2014 Marcel van Galen, Qiy Foundation Peter Mark Graham, Verizon Enterprise Solutions Dr. Maciej Machulak, Cloud Identity Limited Drummond Reed, Connect.Me Podcast
May 30, 2014 Mike Small, KuppingerCole Ian Glazer, salesforce.com Dr. Michael B. Jones, Microsoft Christian Patrascu, Oracle Corp. Daniel Raskin, ForgeRock Don Schmidt, Microsoft Podcast
May 30, 2014 Scott David, University of Washington (Seattle) - School of Law Dr. Michael B. Jones, Microsoft Dr. Karsten Kinast LL.M., KuppingerCole Ladar Levison, Lavabit Amar Singh, KuppingerCole Podcast
May 30, 2014 Chinese philosopher Confucius is said to be the originator of the saying “the journey is the reward”. What does it mean? In its historic meaning, it says that by moving forward people will benefit, even while they might not reach perfection. Applied to projects, it means that continuous… Blog
May 30, 2014 Cloud computing provides an unparalleled opportunity for new businesses to emerge and for existing businesses to reduce costs and improve the services to their customer.  However the revelations of Snowden and the continuing disclosure of state sponsored interception and hacking undermine… Blog
May 30, 2014 Keynote at the European Identity & Cloud Conference 2014 May 13-16, 2014 at Munich, Germany Podcast
May 30, 2014 Keynote at the European Identity & Cloud Conference 2014 May 13-16, 2014 at Munich, Germany Podcast
May 29, 2014 Keynote at the European Identity & Cloud Conference 2014 May 13-16, 2014 at Munich, Germany Podcast
May 29, 2014 Keynote at the European Identity & Cloud Conference 2014 May 13-16, 2014 at Munich, Germany Podcast
May 29, 2014 Keynote at the European Identity & Cloud Conference 2014 May 13-16, 2014 at Munich, Germany Podcast
May 29, 2014 Keynote at the European Identity & Cloud Conference 2014 May 13-16, 2014 at Munich, Germany Podcast
May 29, 2014 Keynote at the European Identity & Cloud Conference 2014 May 13-16, 2014 at Munich, Germany Podcast
May 29, 2014 EIC Awards ceremony at the European Identity & Cloud Conference 2014 May 14, 2014 at Munich, Germany Podcast
May 29, 2014 Keynote at the European Identity & Cloud Conference 2014 May 13-16, 2014 at Munich, Germany Podcast
May 29, 2014 Keynote at the European Identity & Cloud Conference 2014 May 13-16, 2014 at Munich, Germany Podcast
May 29, 2014 Keynote at the European Identity & Cloud Conference 2014 May 13-16, 2014 at Munich, Germany Podcast
May 28, 2014 Keynote at the European Identity & Cloud Conference 2014 May 13-16, 2014 at Munich, Germany Podcast
May 28, 2014 Keynote at the European Identity & Cloud Conference 2014 May 13-16, 2014 at Munich, Germany Podcast
May 26, 2014 Last Wednesday, eBay Inc. has announced that their user database has been compromised, and hackers were able to get away with “encrypted passwords and other non-financial data” of more than 145 million of eBay customers. eBay has informed us that financial information has not been affected… Blog
May 26, 2014 In a panel discussion I had at EIC 2014 with Roy Adar, Vice President of Product Management at CyberArk, Roy brought up an interesting number: according to research, attacks start on average 200 days before they are detected. Taking into account the Gaussian distribution behind this… Blog
May 26, 2014 EIC, the European Identity & Cloud Conference, took place for the 8 th time in Munich May 13 th to 16 th , 2014. The conference focuses on Information Security and Privacy. It covers a broad range of topics in four parallel tracks, complemented by parallel roundtables, pre-conference… Advisory Note
May 20, 2014 European Identity & Cloud Conference 2015 is the place where identity management, cloud and information security thought leaders and experts get together to discuss and shape the Future of secure, privacy-aware agile, business- and innovation driven IT. Congress
May 15, 2014
Gestern Abend hat das Analystenunternehmen KuppingerCole im Rahmen der achten European Identity & Cloud Conference (EIC) in München den European Identity & Cloud Award 2014 in mehreren Kategorien verliehen. Dieser Award zeichnet herausragende Projekte und Initiativen in den Bereichen…
Article
May 15, 2014 The European Identity & Cloud Awards 2014 were presented last night by KuppingerCole at the 8th European Identity & Cloud Conference (EIC). These awards are honoring outstanding projects and initiatives in Identity & Access Management (IAM), Governance, Risk Management and Compliance (GRC),… Article
May 14, 2014 Keynote at the European Identity & Cloud Conference 2014 May 13-16, 2014 at Munich, Germany Podcast
May 13, 2014 Identity and Access Management (IAM) is in constant flux. The merging into IAM of Access Governance and Access Control is a relatively new phenomenon with a high rate of growth. Based on new offerings and changing demand, KuppingerCole predicts several major changes in that market. We… Advisory Note
May 13, 2014 Extending your current Access Management infrastructure gradually to support the emerging requirements of the new ABC – Agile Businesses: Connected – with a standard infrastructure. Supporting Cloud Services, APIs, and more. Advisory Note
May 13, 2014 Organizations depend upon the IT systems and the information that they provide to operate and grow. However the information that they contain and the infrastructure upon which they depend is under attack. Statistics show that most data breaches are detected by agents outside of the… Advisory Note
May 13, 2014 How authentication and authorization have to change in the days of the Computing Troika (Cloud Computing, Mobile Computing, Social Computing), the API Economy, and the New ABC: Agile Businesses – Connected. Advisory Note
May 13, 2014 Cloud services are built using a technical architecture that may include both proprietary and standard protocols and interfaces. Many of these standard protocols and interfaces are already available and indeed form the basis of cloud connectivity. However the services themselves have… Executive View
May 09, 2014 A few days ago, while announcing their new Advanced Threat Protection initiative, Piero DePaoli, Symantec’s director of product marketing has made a provocative statement, proclaiming that ‘AV is dead’. His colleague Brian Dye said that antivirus software only catches around 45% of malware… Blog
May 07, 2014 Cloud-based IAM (Identity and Access Management) is one of the emerging markets within IAM in particular and Information Security in general. Within the broader Cloud IAM market, we observe a number of solutions that are focused on specific capabilities, such as providing a Single Sign-On… Executive View
May 07, 2014 Omada, a Danish vendor, started as a provider of advanced Identity and Access Management solutions and services back in 2000. The core product of the company is its Omada Identity Suite. Omada focuses on adaptable business-centric and collaborative features such as workflows, attestation and… Executive View
May 06, 2014 The attack landscape is changing. Targeted, advanced and persistent external attacks are increasing. However, despite all discussions about external threats, one thing is clear: The biggest threat is internal, and comes from your own users. Whether these are malicious or just human errors,… Podcast
May 06, 2014 Cloud-based IAM (Identity and Access Management) is one of the emerging markets within IAM in particular and Information Security in general. Within the broader Cloud IAM market, we observe a number of solutions that are focused on specific capabilities, such as providing a Single Sign-On… Executive View
May 06, 2014 When looking at today’s IT, it is driven by some major evolutions. Everything which is done in IT has to take these evolutions into account. One is Social Computing. The second evolution is Mobile Computing. The third evolution is Cloud Computing. All these trends affect IT… Blog
May 06, 2014 While relatively new to the Identity marketplace, Dell has a long history in technology far exceeding most of its competitors. Its world-wide presence dwarfs most of its competition and includes resellers, VARs and system integrators with a strong knowledge and much experience of the product… Vendor Report
May 02, 2014 There can be many reasons to why a business embarks on a journey to improve its Information Security. There is however one reason which consistently recurs: “Because the auditors says that we need to…” Regulatory requirements include penalties for non-compliance but… Advisory Note
Apr 30, 2014 Most organizations use Microsoft Active Directory as a strategic element of their on-premise network infrastructure. However, handling external users such as customers and partners is not easy. This new ABC – the Agile Business: Connected – is the challenge. Podcast
Apr 29, 2014 Many organizations – of all sizes – still have no or only a rudimentary IAM in place. When looking at IAM, it quickly turns out that this is about more than a single technology. Podcast
Apr 25, 2014 Enterprise Single Sign-On (E-SSO) is a well-established technology. Despite all progress in the area of Identity Federation, E-SSO is also still a relevant technology. This is also true in the light of the growing number of Cloud-SSO solutions that manage access to cloud applications, both… Executive View
Apr 23, 2014 Have you seen this WSJ article? This is great news for privacy, human rights and a profound public security based on individual freedom: nations can no longer require IT and telecom companies to store communication data about all customers and communication partners – at least there need to… Blog
Apr 22, 2014 Access Governance is about the governance and management of access controls in IT systems and thus about mitigating access-related risks. These risks include the stealing of information, fraud through changing information, and the subverting of IT systems, for example in banking, to… Executive View
Apr 22, 2014 Enterprise Single Sign-On (E-SSO) is a well-established technology. Despite all progress in the area of Identity Federation, E-SSO is also still a relevant technology. This is also true in the light of the growing number of Cloud-SSO solutions that manage access to cloud applications, both… Executive View
Apr 21, 2014 Two weeks have passed since the day the Heartbleed Bug has been revealed to the world, and people around the world are still analyzing the true scale of the disaster. We’ve learned quite a lot during these two weeks: After Cloudflare initially expressed doubt that the bug can really leak… Blog
Apr 10, 2014 In this KuppingerCole Webinar, we will look at Enterprise Single Sign-On (E-SSO) and the alternatives. Starting with the use cases for single sign-on and related scenarios, we will analyze the technical alternatives. We look at various aspects such as the time for implementation, the reach… Podcast
Apr 10, 2014 Identity Provisioning is still one of the core segments of the overall IAM market. Identity Provisioning is about provisioning identities and access entitlements to target systems. This includes creating and managing accounts in such connected target systems and associating the accounts… Leadership Compass
Apr 09, 2014 Many organizations currently consider migrating away from their current Identity Provisioning solution. There are many reasons to do so: vendors became acquired and the roadmap changed; the requirements have changed and the current solution does not appear being a perfect fit anymore; a lot… Podcast
Apr 08, 2014 As just about every security-related publication has reported today, a critical vulnerability in OpenSSL has been discovered yesterday. OpenSSL is a cryptographic software library, which provides SSL/TSL encryption functionality for network traffic all over the Internet. It’s used by Apache… Blog
Apr 08, 2014 Enterprise Key and Certificate Management (EKCM) is made up of two niche markets that are converging. This process still continues, and as with all major change of IT market segments, is driven by customer requirements. These customer requirements are driven by security and compliance… Leadership Compass
Apr 08, 2014 Since the documents leaked last year by Edward Snowden have revealed the true extent of NSA powers to dig into people’s personal data around the world, the topic of protecting internet communications has become of utmost importance for government organizations, businesses and private… Blog
Apr 08, 2014 In IBM’s view the kinds of IT applications that organizations are creating is changing from internal facing systems to external facing systems.  IBM calls these kinds of systems “systems of record” and “systems of engagement” respectively.  The systems of record represent the traditional… Blog
Apr 04, 2014 NextLabs is a US-based vendor with headquarters in San Mateo, CA, and a strong footprint as well in the APAC (Asia/Pacific) region. The company focuses on what they call “Information Risk Management”. In fact, the focus is more on Information Risk Mitigation, i.e. practical… Executive View
Apr 04, 2014 The attack landscape is changing. Targeted, advanced and persistent external attacks are increasing. However, despite all discussions about external threats, one thing is clear: The biggest threat is internal, and comes from your own users. Whether these are malicious or just human errors,… Webinar
Apr 03, 2014 Access Governance ist inzwischen eine etablierte Disziplin innerhalb der Governance- und Informationssicherheitsorganisation von Unternehmen. Mit Access Intelligence-Funktionen werden vermehrt zusätzliche Analysedienste bereitgestellt, mit deren Hilfe man besondere Risiken beispielsweise… Podcast
Apr 01, 2014 A few days ago, I was I was travelling in a local train, together with a business partner, from my office in Germany to an event in another city. We both learned a lot about the real world challenges of face recognition. While I already had a 24-hour ticket for travelling in and around that… Blog
Apr 01, 2014 VASCO is a vendor in the Authentication Management market which provides solutions for strong authentication, electronic signing & digital signing. They are known for their broad range of hardware tokens for authentication & signatures and complementary software solutions. In… Vendor Report
Mar 25, 2014 "To cloud or not to cloud?" - this is no longer the question. It is rather to what extent and depth enterprises leverage cloud computing. With identity and access management (IAM) solutions for their internal IT systems, enterprises have achieved a high level of security, transparency and… Podcast
Mar 25, 2014 Targeted attacks continue to hit the headlines as the pinnacle of cyber-attacks faced by businesses. Once the perimeter defenses fail to defend against targeted attacks, the mitigation focus has shifted to inside the network. Security analytics focused on privileged account activity can… Podcast
Mar 21, 2014 Thank you for attending and see you next year! Podcast
Mar 20, 2014 Die “Identity Explosion” stellt Unternehmen vor neue Herausforderungen. Statt sich beim IAM (Identity und Access Management) primär um die Mitarbeiter zu kümmern, muss man im „Extended Enterprise“ auch Geschäftspartner und oftmals Millionen von Kunden verwalten und ihnen kontrollierten… Podcast
Mar 20, 2014 The Cloud IAM market is currently driven by services that focus on providing Single Sign-On to various Cloud services as their major feature and business benefit. This will change, with two distinct evolutions of more advanced services forming the market: Cloud-based IAM/IAG (Identity… Advisory Note
Mar 20, 2014 KuppingerCole Buyer’s Guide for Access Governance and Identity Provisioning as core disciplines of IAM (Identity and Access Management) and IAG (Identity and Access Governance). Criteria to select your vendor. Questions to ask vendors. Requirements for successful deployments. Your… Advisory Note
Mar 16, 2014 Pre-Program: Identity and Access Management - Where to Start? Morning: Access Governance for both on premises applications and Cloud & Mobile Afternoon: Dynamic Externalised Authorisation Management with the move from Role to Policy Based Access control. Seminar
Mar 15, 2014 Join us for an Identity and Access Management seminar day jointly supported by KuppingerCole (Asia Pacific) and the Shenzhen IT Compliance Association. Seminar
Mar 14, 2014 Access Governance is about the management of access controls in IT systems and thus about mitigating access-related risks. These risks include the theft of information, fraud through changes to information, and the subversion of IT systems - for example in banking - to facilitate illegal… Advisory Note
Mar 14, 2014 Recently  a spotlight has been shed on the need for investing in Information Security solutions. The increase in cyber-attacks, the consistently high level of internal challenges, the appearance of more sophisticated types of long-running attacks (sometimes called Advanced Persistent… Blog
Mar 13, 2014 Targeted attacks continue to hit the headlines as the pinnacle of cyber-attacks faced by businesses. Once the perimeter defenses fail to defend against targeted attacks, the mitigation focus has shifted to inside the network. Security analytics focused on privileged account activity can… Webinar
Mar 13, 2014 Most organizations use Microsoft Active Directory as a strategic element of their on-premise network infrastructure. However, handling external users such as customers and partners is not easy. This new ABC – the Agile Business: Connected – is the challenge. Webinar
Mar 12, 2014 The challenge of all organizations in these days of connected businesses and their need for agility in changing markets – the new ABC: Agile Business, Connected – is creating new challenges for IT. One of these challenges is securely sharing information. Podcast
Mar 10, 2014 Migrating an existing provisioning system always becomes a red-hot topic once a vendor becomes acquired by another vendor. In these situations - like the acquisition of Novell by NetIQ, of Völcker by Quest Software, of Waveset by Sun Microsystems and then Sun Microsystems by Oracle and… Advisory Note
Mar 10, 2014 Unlike the majority of their competitors, Venafi came from an ECM background to become a market leader in their field. Their main competition evolved from EKM devices and HSM manufacturers’ acquisition and consolidation of products. As a result Venafi has a well-developed software… Executive View
Mar 10, 2014 Enterprise Single Sign-On (E-SSO) is a well-established technology. Despite all progress in the area of Identity Federation, E-SSO is also still a relevant technology. This is also true in the light of the growing number of Cloud-SSO solutions that manage access to cloud applications, both… Executive View
Mar 07, 2014 Recently there have been posters in London Underground stations warning users of Oyster Cards – the Transport for London (TfL) NFC enabled electronic travel wallet – that there is a risk of “card clash”.  These posters warn that they need to keep other contactless NFC payment… Blog
Mar 06, 2014 Recently, the FIDO Alliance announced that PayPal and Samsung were enabling consumer payments with fingerprint authentication on the new Samsung Galaxy S5. My valued colleague Dave Kearns and I have written various posts about the FIDO Alliance and the impact we expect they will have on the… Blog
Mar 06, 2014 Dynamic Authorization Management for applications based on centrally managed policies, enforced at runtime. Support for existing applications, without any code changes, through the Oracle API Gateway... Executive View
Mar 05, 2014 A few days ago, Tokyo-based Bitcoin exchange Mt. Gox appeared to be in trouble. When looking at their website Friday morning, I only found meaningless announcements. They are “working very hard to find a solution to our recent issues”. Looking at the situation realistically, chances are… Blog
Mar 05, 2014 Agility is a key capability of successful organizations. Agility is the ability to quickly adapt the organization and the business model to new customer demands, innovations, and a changing competitive landscape. We live in a time where virtually all business relies on IT. Whether this is… Blog
Mar 05, 2014 The Connected Enterprise is opening new opportunities for business, for innovation and for growth – it is a fundamentally important imperative for today’s business world. But it does not come for free: there are a number of caveats to circumvent, risks to address and changes to… Blog
Mar 04, 2014 IBM has recently made a number of major announcements and these are linked.  In December 2013 IBM announced the acquisition of FiberLink a privately held mobile management and security company.  Then on January 23rd it announced that Lenovo plans to acquire IBM’s x86 server business.… Blog
Mar 04, 2014 Smart information is big data analyzed to provide answers to business questions. SAP HANA is the new runtime backend for SAP Enterprise Applications. It provides high performance database through “in-memory” processing and storage and is especially suited for instant analytics… Executive View
Feb 28, 2014 Access Governance ist inzwischen eine etablierte Disziplin innerhalb der Governance- und Informationssicherheitsorganisation von Unternehmen. Mit Access Intelligence-Funktionen werden vermehrt zusätzliche Analysedienste bereitgestellt, mit deren Hilfe man besondere Risiken beispielsweise… Webinar
Feb 28, 2014 My last post focused on the challenges and the potential of SDN (Software Defined Networking) and SDCI (Software Defined Computing Infrastructures) for improving Information Security. APIs are being used to control more devices from a central point, bringing agility to networks, virtual… Blog
Feb 28, 2014 There are various approaches to Secure Information Sharing (SIS), as I have explained in previous posts. However, which one is the best? As always, there is no simple answer. It depends on the requirements of the customers. Nevertheless, the various product categories have their strengths… Blog
Feb 27, 2014 Why Identity Federation, Cloud IAM, and API Management help organizations in meeting their business needs for agile business processes that connect the organization to their business partners and customers and manage access to Cloud applications. The need for a new organizational structure… Advisory Note
Feb 27, 2014 The news of the bug in Apple operating systems has spread this week. As Seth Rosenblatt wrote on cnet, Apple’s culture of secrecy again has delayed a security response. While there is a patch available for iOS, the users of OS X still have to wait. I have written before about the risks… Blog
Feb 25, 2014 When looking at the core IAM (Identity and Access Management) market with its main product categories of Identity Provisioning and Access Governance, some customers and vendors currently raise the question of whether there is still a need to keep these product categories separate or whether… Blog
Feb 25, 2014 Secude is a Swiss-based vendor with a long history in Information Security. Among other accomplishments, they developed today’s SAP NetWeaver Single Sign-On product that then was acquired by SAP and became part of SAP’s own security portfolio... Executive View
Feb 25, 2014 "To cloud or not to cloud?" - this is no longer the question. It is rather to what extent and depth enterprises leverage cloud computing. With identity and access management (IAM) solutions for their internal IT systems, enterprises have achieved a high level of security, transparency and… Webinar
Feb 24, 2014 A business-driven approach to Access Governance, based on business processes and access risk. Supporting fine-grained SoD analysis for all environments, with strong support for SAP. Combining Access Governance and Dynamic Authorization Management. Providing connectivity to target systems… Product Report
Feb 24, 2014 A while ago, I wrote about the changing market for Secure Information Sharing. I also recently published a report on Microsoft Azure RMS, one of the most important products in that market segment, and further reports will follow. The first question is: What is Secure Information Sharing… Blog
Feb 21, 2014 Microsoft Rights Management Services (RMS) is a solution that might help Secure Information Sharing become a topic for the masses, at least at the enterprise level. I just recently wrote a report on the product. However, as with any Information Security technology – especially ones that are… Blog
Feb 20, 2014 In my new report “Entitlement & Access Governance”, published yesterday, I introduce a new term and abbreviation: EAG for Entitlement & Access Governance. Thanks to Dave Kearns for proposing that term – I like it because it reflects what this is about. EAG describes approaches that… Blog
Feb 20, 2014 CA Technologies is amongst the largest infrastructure software vendors worldwide. They offer a broad portfolio of products in the IAM market segment, including CA IdentityMinder™ (formerly CA Identity Manager) as their solution for Identity Provisioning. IdentityMinder™ is built… Product Report
Feb 19, 2014 Integrating Access Governance, Data Governance, and system-level Fine Grained Access Control to provide a comprehensive approach to requesting, managing, and governing access at all levels. Defining the next maturity level for Access Governance solutions: Entitlement & Access Governance… Advisory Note
Feb 19, 2014 SAP HANA is the new runtime backend for SAP Enterprise Applications, and is especially suited for instant analytics on the data managed by the applications. This Executive View presents an overview on the security of SAP HANA and gives recommendations on how to address potential weaknesses... Executive View
Feb 18, 2014 Unternehmen verändern sich schneller denn je. Die Zusammenarbeit mit Kunden und Geschäftspartnern in neuen Geschäftsmodellen führt zu immer neuen Anforderungen an die IT. Diese muss reagieren und die Business-Innovationen unterstützen, statt sie zu behindern. BYOI (Bring Your Own Identity)… Podcast
Feb 17, 2014 The challenge of all organizations in these days of connected businesses and their need for agility in changing markets – the new ABC: Agile Business, Connected – is creating new challenges for IT. One of these challenges is securely sharing information. Webinar
Feb 14, 2014 Many organizations – of all sizes – still have no or only a rudimentary IAM in place. When looking at IAM, it quickly turns out that this is about more than a single technology. Webinar
Feb 14, 2014 In this KuppingerCole Webinar, we will look at Enterprise Single Sign-On (E-SSO) and the alternatives. Starting with the use cases for single sign-on and related scenarios, we will analyze the technical alternatives. We look at various aspects such as the time for implementation, the reach… Webinar
Feb 14, 2014 NIST (the US National Institute of Standards and Technology) has now released the final version of their Cybersecurity Framework for Critical Infrastructures. As requested, this is not a set of new regulations or fundamentally new concepts for security, but, to quote my colleague Prof. Dr.… Blog
Feb 14, 2014 Industry networks for secure collaboration are not a new thing. The evolution of these networks started back in the late ‘90s for some industries. While the initial focus sometimes was more about B2B marketplaces, enabling secure collaboration and managing the identities of the… Executive View
Feb 14, 2014 SecureKey Technologies provides cloud-based, trusted identity networks that enable organizations to deliver online services securely to consumers. SecureKey offers a suite of cloud based services for consumer and citizen authentication under the trademarked name of briidge.net™. There… Executive View
Feb 13, 2014 Secure Information Sharing is the number one challenge these days in Information Security. Organizations on the one hand must enable flexible collaboration with business partners as part of their evolution towards agile, connected businesses. On the other hand, the increasing Information… Executive View
Feb 12, 2014 Many organizations currently consider migrating away from their current Identity Provisioning solution. There are many reasons to do so: vendors became acquired and the roadmap changed; the requirements have changed and the current solution does not appear being a perfect fit anymore; a lot… Webinar
Feb 10, 2014 It is a common scenario in organizations that the marketing department, business development, or the sales department asks the IT department to support social logins on some of the corporate websites, including eCommerce sites. Admittedly, IT also sometimes proposes such functionality,… Blog
Feb 06, 2014 Recently, there have been various articles on the NSA and GCHQ (Britain’s Government Communications Headquarter) collecting date from “leaky apps”, including data from Angry Birds, Google Maps, Facebook, Flickr, or Twitter. Surprise? No! Look at another story in that context: There have… Blog
Feb 06, 2014 Due to their natural coupling, SDN and virtual networking are often confused, but are not the same thing. Virtual networking is the ability for networks to exist in a virtual state – removing hardware, as with SDN. This already happens in the majority of networks, VLANs being used as a… Blog
Feb 04, 2014 A recent discussion in the “Identity Management Specialists Group” on LinkedIn had the title “On point. Agree. Gartner says attributes are the new role for identity?” I wondered a little about a rather old discussion appearing again. In fact, there rarely has been pure role-based access… Blog
Feb 04, 2014 It’s a new year, and there are some new changes coming to KuppingerCole, especially in the material that will come into your inbox. First, some background. After the past year or so we’ve been growing by leaps and bounds with new offices in Europe and the Asia-Pacific area as well as new… Blog
Feb 04, 2014 Akamai is a software platform, originally built on Linux, and able to run on commodity hardware. According to Akamai’s own metrics, at any one time between 15% and 30% of web traffic is going between Akamai servers. It is not a separate network, running as it does over the Internet… Product Report
Jan 30, 2014 As part of a series of blogs concentrating on the market of Software-defined infrastructures such as SDN (Software Defined Networking) or SDCI, I am currently looking into SDN, and the implications that it is will have for the network market in general over the coming months. It helps to… Blog
Jan 29, 2014 Managing and governing access to systems and information, both on-premise and in the cloud, needs to be well architected to embrace and extend existing building blocks and help organizations moving forward towards a more flexible, future-proof IT infrastructure. Business & Technology Breakfast
Jan 28, 2014 Geschäftliche Informationen machen einen wesentlichen Teil des Unternehmenswertes aus. Diese Informationen sind aber gefährdeter als jemals zuvor. Diese Gefahr entsteht aber keineswegs nur durch externe Angriffe, sondern in hohem Maße immer noch durch interne Anwender mit umfassenden Berechtigungen. Podcast
Jan 28, 2014 Issues faced by CISOs when looking for Enterprise Key and Certificate Management systems, and how to address them. Advisory Note
Jan 27, 2014 The Leadership Compass shows that Enterprise Single Sign-On is a rather mature market. Especially in the areas of Product Leadership and Innovation Leadership, many vendors are leading-edge and competing head-to-head. This is good news for customers, allowing them to choose from a range of… Leadership Compass
Jan 22, 2014 This Leadership Compass provides an overview and analysis of the Privilege Management market segment, sometimes referred to as Privileged Identity Management, Privileged Account Management, etc. Technologies typically support Privilege Management as a password repository approach (commonly… Leadership Compass
Jan 17, 2014 This week the UK government launched the Cyber Street programme to improve the cyber security of UK residents and SMEs.  This is complemented by a Cyber to the Citizen initiative from the BCS – (The UK Chartered Institute for IT). The background to this is the continuing concern that most… Blog
Jan 16, 2014 Aussagen von Auditoren zu Risiken durch privilegierte Nutzer sind nicht wirklich nötig, um ein besonderes Augenmerk auf privilegierte Zugriffe zu werfen. Podcast
Jan 15, 2014 It was recently reported that Google has bought Nest Labs, a manufacturer of home automation sensors and devices with, currently, two products: a digital thermostat and a Smoke + CO Alarm. Why is it, then, that somebody would spend 3.2 Billion USD for a company producing home appliances… Blog
Jan 10, 2014 Brainwave is a French vendor and their product Brainwave Identity GRC is focused on what they describe as identifying and mitigating the user risks. Compliance is an important driver for the acquisition of IAM technology and Brainwave Identity GRC is focused squarely on this need. It… Executive View
Jan 07, 2014 Happy New Year everyone! We’ve just come through what’s probably the biggest gift giving month of the year – most of you, I’m sure, unwrapped more than one present. So let me ask a couple of questions. If there was a pretty package, with no tag identifying the giver – would you open it? If… Blog
top
KuppingerCole Select
Register now for KuppingerCole Select and get your free 30-day access to a great selection of KuppingerCole research materials and to live trainings.
Register now
Spotlight
Cloud Provider Assurance
Using the cloud involves an element of trust between the consumer and the provider of a cloud service; however, it is vital to verify that this trust is well founded. Assurance is the process that provides this verification. The first step towards assuring a cloud service is to understand the business requirements for it. The needs for cost, compliance and security follow directly from these requirements. There is no absolute assurance level for a cloud service – it needs to be just as secure, compliant and cost effective as dictated by the business needs –– no more and no less.
KC Trusted Independent Advice in CLoud ASSurance
KC CLASS includes a detailed analysis of the Cloud Assurance management tasks in your company and the current status of the Cloud Services integration in your IAM, and a recommendation on how you can standardize the approach for the evaluation of Cloud Service Providers.
Links
 KuppingerCole News

 KuppingerCole on Facebook

 KuppingerCole on Twitter

 KuppingerCole on Google+

 KuppingerCole on YouTube

 KuppingerCole at LinkedIn

 Our group at LinkedIn

 Our group at Xing

 GenericIAM
Imprint       General Terms and Conditions       Terms of Use       Privacy policy
© 2003-2014 KuppingerCole