Blog by Martin Kuppinger

Why Distributed Public Ledgers such as Blockchain will not solve the identification and thus the authentication problem
There is a lot of talk about Blockchain and, more generally, Distributed Public Ledgers (DPLs) these days. Some try to position DPLs as a means for better identification and, in consequence, authentication. Unfortunately, this will not really work. We might see a few approaches for stronger or “better” identification and authentication, but no real solution. Not even by DPLs, which I see as the most disruptive innovation in Information Technology in a very, very long time. Identification is the act of finding out whether someone (or something) is really the person (or thing)...
Read More
Cyber Security: Why Machine Learning is Not Enough
Currently, there is a lot of talk about new analytical approaches in the field of cyber security. Anomaly detection and behavioral analytics are some of the overarching trends along with RTSI (Real Time Security Intelligence), which combines advanced analytical approaches with established concepts such as SIEM (Security Information and Event Management). Behind all these changes and other new concepts, we find a number of buzzwords such as pattern-matching algorithms, predictive analytics, or machine learning. Aside from the fact that such terms frequently aren’t used correctly...
Read More
Security and Privacy: An opportunity, not a threat
One of the lessons I have learned over the years is that it is far simpler “selling” things by focusing on the positive aspects, instead of just explaining that risk can be reduced. This is particularly true for Information Security. It also applies to privacy as a concept. A few days ago I had a conversation about the chances organizations have in better selling their software or services through supporting advanced privacy features. The argument was that organizations can achieve better competitive positioning by supporting high privacy requirements. Unfortunately, this is...
Read More
Microsoft to offer cloud services from German datacenters
With a recent announcement , Microsoft reacts on both privacy and security concerns of customers and the continuous uncertainty regarding a still pending law suit in the U.S. The latter is about an order Microsoft had received on turning over a customer’s emails stored in Ireland to the U.S. government. The new data centers will operate from two locations within Germany, Frankfurt/Main and Magdeburg. They will run under the control of T-Systems, a subsidiary of Deutsche Telekom. Thus, an independent German company is acting as the data trustee, as Microsoft has named that role....
Read More
Security is part of the business. Rethink your organization for IoT and Smart Manufacturing
IoT (Internet of Things) and Smart Manufacturing are part of the ongoing digital transformation of businesses. IoT is about connected things, from sensors to consumer goods such as wearables. Smart Manufacturing, also sometimes titled Industry 4.0, is about bridging the gap between the business processes and the production processes, i.e. manufacturing goods. In both areas, security is a key concern. When connecting things, both things and the central systems receiving data back from things must be sufficiently secure. When connecting business IT and operational IT (OT for Operational...
Read More
Microsoft to acquire Secure Islands – a significant investment in Secure Information Sharing
Microsoft and Secure Islands today announced that Microsoft is to acquire Secure Islands. Secure Islands is a provider of automated classification for documents and further technologies for protecting information. The company already has tight integration into Microsoft’s Azure Rights Management Services (RMS), a leading-edge solution for Secure Information Sharing . After completing the acquisition, Microsoft plans full integration of Secure Islands’ technology into Azure RMS, which will further enhance the capabilities of the Microsoft product, in particular by...
Read More
Your future Security Operations Center (SOC): Not only run by yourself
There is no doubt that organizations need both a plan for what happens in case of security incidents and a way to identify such incidents. For organizations that either have high security requirements or are sufficient large, the standard way for identifying such incidents is setting up a Security Operations Center (SOC). However, setting up a SOC is not that easy. There are a number of challenges. The three major ones (aside of funding) are: People Integration & Processes Technology The list is, from our analysis, order in according to the complexity of...
Read More
mTAN hacks: You've got SMS - and someone else your money
Do you use mTANS (mobile transaction authentication numbers) for online banking? Have you checked your bank account balance lately? Well, what happened to Deutsche Telekom customers recently has happened to others before and is likely to happen again elsewhere if online banking customers and providers don't follow even the most basic rules of IT security.  IT protection measures are smart, unfortunately the attackers are often smarter these days: several customers of Deutsche Telekom's mobile offering have become victims of a cunning fraud series while banking online. The...
Read More
VMware on cloud delivery models
In a press and analyst Q+A at VMworld Europe, Bill Fathers, Executive Vice President and General Manager Cloud Services at VMware, made a bold statement. He stated that from the VMware perspective, a network of (regional or local) service providers will better help in fulfilling customer requirements (particularly around compliance and data sovereignty) than a single, homogeneous US entity can do. The statement was been made during a discussion of the impact the recent EuGH (Europäischer Gerichtshof, European Union High Court) decision on whether the U.S. can still be considered a...
Read More
Microsoft Azure AD B2B and B2C: Cloud IAM for managing the masses
With its recent announcement of Microsoft Azure Active Directory B2B (Business-to-Business) and B2C (Business-to-Customer/consumer/client), which are in Public Preview now, Microsoft has extended the capabilities of Azure AD (Active Directory). Detailed information is available in the Active Directory Team Blog . There are two new services available now. One is Azure AD B2C Basic (which suggests that later there will be Azure AD B2C Premium as well). This service focuses on connecting enterprises with customers through a cloud service, allowing authentication of customers and providing...
Read More
Your Domain Controller in the Cloud: Azure AD Domain Services
I have a long Active Directory history. In fact, I started working with Microsoft identities way before there was an AD, back in the days of Microsoft LAN Manager, then worked with Windows NT from the early beta releases on, and the same with Windows 2000 and subsequent editions. So the news of Azure AD Domain Services caught my attention. Aside from Microsoft Azure AD (Active Directory) - which despite its name has been a new type of directory service without support for features such as Kerberos, NTLM, or even LDAP - Microsoft has offered Active Directory domain controllers as...
Read More
Dell to acquire EMC – more questions than answers for now
Yesterday, Dell and EMC announced a “definitive agreement” about Dell’s plan to acquire EMC. Dell and EMC are just two factors in that equation, the third one is VMware. EMC owns 80% of the VMware shares. In a press and analyst conference call held right after the announcement, Michael Dell and Joe Tucci, respectively the leaders of Dell and EMC, provided some high-level information on the deal. However, that call left more questions than answers. Let’s start with the high-level storyline. First of all, there was no sustainable vision for the combined company...
Read More
Previous 8 9 10 11 12 13 14 Next