KuppingerCole - Research, Upcoming Webinars and Events

With workloads moving to the cloud and remote working increasing, traditional perimeter-based security strategies are no longer practical. A Zero Trust model of strict access control for every user or device offers an alternative that secures data while ensuring it is accessible to those who need it. But the shift to treating both internal and external users as untrusted can be challenging.

Managing the granting and revoking of access based on user workflows is paramount to enabling effective risk management. Enforcing distinct access control requires an interconnected access management system that aligns with company policies and regulations.

Organizations or institutions that are essential for the public are called Critical Infrastructure (KRITIS = “Kritische Infrastrukturen”). As such, they are subject to comprehensive and strict legal regimes consisting of laws and regulations. Their failure or significant impairments result in sustained supply shortages, significant disruptions to public safety or other drastic consequences. Their protection and the safeguarding of the public require appropriate concepts, processes and technologies.

The march of the cloud is unstoppable. Eager to outsource the tedious and expensive maintenance of their IT infrastructures to a reliable 3rd party, most companies would dream of becoming cloud-native, at least in the long term. Needless to say, letting someone else run your identity management out there sounds like a great idea as well, hence the rising popularity of Identity-as-a-Service solutions that combine the latest technology achievements with the flexibility of the cloud.

As businesses embrace the Digital Transformation and become increasingly cloud-native, mobile and interconnected, the corporate network perimeter is gradually disappearing, exposing users to malware, ransomware, and other cyber threats. Traditional perimeter security tools no longer provide adequate visibility, threat protection, and scalability, nor can they offer convenience and productivity for users on the go. There is a need for the next-generation enterprise security solutions delivered from the cloud.

This report provides selected Key Risk Indicators (KRI) for the area of Cyber security. These indicators are easy to measure and provide organizations with a quick overview of the relevant risks and how these are changing. The indicators can be combined into a risk scorecard which then can be used in IT management and corporate management.