KuppingerCole Blog

A Zero Trust approach to cyber security is a concept that has been around for decades, but thanks to advances in technology and the need to adapt cyber security capabilities to support secure hybrid working models and ways of doing business in the digital era, it has never been more relevant. As businesses embrace Digital Transformation and become increasingly cloud-native, mobile, and interconnected, the corporate network perimeter is gradually disappearing, exposing users to malware, ransomware, and other cyber threats. Traditional perimeter security tools no longer provide adequate...

Access control is a key part of cyber security, however traditional approaches do not work well for modern business IT environments that nowadays typically include a mix of applications on-prem and across multiple cloud environments. Most modern companies tend to struggle with access management for a variety of reasons. These include the fact that it is difficult to make the necessary connections to the many disparate IT systems for which they need to provision access, role-based access management is challenging, static role-based entitlements are difficult to manage and typically...

Digital leaders face new challenges: a volatile political situation, an uncertain economic climate, and a new paradigm in the way their employees work. Raj explains how we identified the core qualities cyber leaders need in our times and how the Cybersecurity Leadership Summit was designed to give digital leaders the tools they need to take up those challenges. The Three Core Qualities of a Cyber Leader in Our Day and Age At the Cybersecurity Leadership Summit, we help you develop the core qualities of a digital leader. What are they? Leadership: learn how to...

Organizations are more dependent than ever on web applications for doing business with partners and customers, which means that protecting web applications has become business critical, something that all organizations should be taking into account. Web Application Firewalls (WAF), therefore, are as relevant as ever, if not even more important than when they were first introduced for their ability to protect against or block a long list of common traditional web attacks such as SQL injection. Although they have been around for decades, WAFs cannot be discounted as outdated or...

During my studies and the subsequent first years of my career, I was already always someone who liked to share knowledge with others and present interesting topics. This is not the only reason why my profession has developed in the direction of IT consulting. In fact, in consulting, "being on stage" is part of the daily work. You present results in front of smaller and larger groups, you become more and more of an expert on a topic, and then at some point, you slide onto the bigger stage at small and large conferences. 3,5 years ago, I joined KuppingerCole and there, giving speeches on big...

Software Bill of Material (SBOM) tools have come sharply into focus as a foundational component of any Software Supply Chain Security (SSCS) strategy, spurred on by the U.S. Executive Order to improve the security of the software supply chain. This was in response to a number of highly visible attacks on the software supply chain of some well knows software products and services, such as SolarWinds in 2020, as well as compromised open-source code and other backdoors embedded in routine maintenance updates. As part of the overall enhancement to SSCS, the Executive Order specifically...

Cybersecurity has become essential for every modern business, but has historically focused on securing information technology (IT) used by the administrative side of the business, rather than operational technology (OT) used to manage industrial operations in manufacturing plants, mining operations, chemical plants, and the like. However, in recent years, OT has evolved, expanded, and become more interconnected and integrated with IT than ever before. Most industrial systems now have digital controls and are connected to IT systems and networks to enable remote monitoring, data...

Thales, a global provider of advanced technology solutions, with more than 80,000 employees worldwide, and an established business unit for Digital Identity and Security, has announced the acquisition of OneWelcome, one of the leading European providers of CIAM (Consumer IAM). While the acquisition will provide OneWelcome with a go-to-market capability on a global scale, there are interesting options beyond that. OneWelcome delivers CIAM and B2B management capabilities, consent management, authentication support, and policy-based access control. Thales, on the other hand, has a variety...

Recently deepfakes made a splash in the headlines: Vitali Klitschko, the mayor of Kiev held one-on-one virtual interviews with several European leaders – or so they thought. In the days following the interviews, it came to light that the Ukrainian official was not actually conducting the interviews, but an unknown party had presented a false representation of Klitschko – with possibilities ranging from a real-time deepfake to a re-edited version of existing video footage called “shallow fakes” – that lasted approximately 15 minutes. One of the interviewees...

Digital engagement is a key driver of economic growth, but the lack of reusable, verified identities is a significant problem that needs to be solved. At present, there is no way for anyone to get a single, verified identity that can be used to interact with government services, employers, health providers, and other service providers around the world. The digital economy is being held back by the lack of any means to provide trust in identity transactions, to ensure that individuals are who they claim to be, and to verify that the origin and destination of identity attributes are...