Blog by Martin Kuppinger

The end of Mobile Device Management (as we know it)
Just recently, BlackBerry announced the acquisition of Good . This is just one more acquisition of Mobile Security Management vendors. Quite a while ago, VMware acquired AirWatch, which so far has been the most prominent M&A activity in the field of Mobile Security Management. However, these acquisitions are not the only fundamental changes for Mobile Device Management (MDM) and, in particular, the Mobile Security Management market – with Mobile Security Management being the most important part of overall MDM anyway. The other fundamental change becomes apparent when looking...
Read More
Reading Might Help: What You Should Consider before Closing a Cloud Computing Contract
As with most other contracts, be it about a large purchase or an insurance, you should read (standard) contracts with your cloud provider very carefully. Chances are good that you will detect some points that border on insolence. There are certainly good reasons for using the cloud in business of any size, among them cost reductions and the ability to concentrate on the core business. By providing rapid adoption of new services, the cloud also enables quick innovation. But since your whole business will be influenced by the services delivered, they might sooner or later become disruptive...
Read More
Cloud Security: IBM not only protects but detects, connects, and responds
With the announcement of the IBM Cloud Security Enforcer , IBM continues its journey towards integrated solutions. What had started a while ago in the IBM Security division with integrating identity and analytical capabilities, both from the former IBM Tivoli division and the CrossIdeas acquisition, as well as from the Q1 Labs acquisition, now reaches a new level with the IBM Cloud Security Enforcer. IBM combines capabilities such as mobile security management, identity and access management, behavioral analytics, and threat intelligence (X-Force) to build a comprehensive cloud...
Read More
Why recertification isn’t sufficient anymore – time to look at user behavior and detect anomalies
Imagine you have well thought-out processes for IAM (Identity and Access Management) that ensure that identities are managed correctly and all the challenges in particular of mover and leaver processes are handled well. Imagine you also have a well-working recertification approach implemented and rolled out to your organization. Are you done? Unfortunately not. Even when you succeed in implementing the core IAM and IAG (Identity and Access Governance) processes including recertification – and not everyone does so – you still are far from the end of your journey. Why?...
Read More
Dealing with risks in IoT and Smart Manufacturing: Time to rethink your (not only IT) security organization
Let me start with two recent experiences I have had. Just recently, I was sitting in front of a number of CISOs and had the opportunity to ask them how many of them also had responsibility for IoT and smart manufacturing in their organization. The simple answer: none of the CISOs had. At best, they were informed, but neither responsible nor accountable. The other one was a conversation in which a business partner, in the context of my recent blog post on Shodan , started complaining about the ignorance of CIOs and CISOs regarding the risks for both Operational Technology...
Read More
Why security increases agility, not inhibits it
A common complaint against Information Security (be it IT security, OT security, or IoT security) is that security costs money but doesn’t deliver business benefits. Wrong! In a short-term perspective, security incurs cost. Thus, quarterly reporting by organizations and short-term targets pressure security to be an afterthought. However, mid-term and long-term, this changes. It obviously is cheaper to code using simple APIs for security functions than hard-coding security into every application and maintaining that code. Application Security Infrastructures reduce cost. Even...
Read More
It really is worse than your nightmares – try Shodan
Shodan is a computer search engine. They call themselves the “world’s first search engine for Internet-connected devices”, including buildings, refrigerators, power plants, the Internet of Things (IoT), webcams, and whatever else you can imagine. Shodan isn’t new. The search engine has been online for several years now. The only new thing is the change in the URL from www.shodanhq.com to www.shodan.io . When talking about the challenges we are facing in the IoT and in Smart Manufacturing, I commonly bring up Shodan as an example of what is visible today in...
Read More
Connected Vehicle: Security First
The recently discovered remote hack vulnerability of Fiat Chrysler Jeep cars, based on their Uconnect functionality, puts a spotlight on the miserable state of connected vehicle security these days. Another recently published article in a German newspaper not only identified a gap in functionality but also illustrates on how in particular German automotive vendors and suppliers implement (or plan to implement) security in their connected vehicles. While the U.S. has introduced the Spy Car Act (Security and Privacy in Your Car Act) which is about defining industrywide benchmarks...
Read More
Safety vs. security – or both?
When it comes to OT (Operational Technology) security in all its facets, security people from the OT world and IT security professionals quickly can end up in a situation of strong disagreement. Depending on the language they are talking, it might even appear that they seem being divided by a common language. While the discussion in English quickly will end up with a perceived dichotomy between security and safety, e.g. in German it would be “Sicherheit vs. Sicherheit”. The reason for that is that OT thinking traditionally – and for good reason – is about safety...
Read More
The business case for user empowerment
At the end of the day, every good idea stays and falls with the business model. If there is no working business model, the best idea will fail. Some ideas appear at a later time and are successful then. Let’s take tablets. I used a Windows tablets back in the days of Windows XP, way before the Apple iPad arrived. But it obviously was too early for widespread adoption (and yes, it was a different concept than the iPad, but one that is quite popular these days again). So, when talking about user empowerment, the first question must be: Is there a business case? I believe it is, more...
Read More
Consent – Context – Consequence
Consent and Context: They are about to change the way we do IT. This is not only about security, where context already is of growing relevance. It is about the way we have to construct most applications and services, particularly the ones dealing with consumer-related data and PII in the broadest sense. Consent and context have consequences. Applications must be constructed such that these consequences can be taken. Imagine the EU comes up with tighter privacy regulations in the near future. Imagine you are a service provider or organization dealing with customers in various locations....
Read More
100%, 80% or 0% security? Make the right choice!
Recently, I have had a number of conversations with end user organizations, covering a variety of Information Security topics but all having the same theme: There is a need for certain security approaches such as strong authentication on mobile devices, secure information sharing, etc. But the project has been stopped due to security concerns: The strong authentication approach is not as secure as the one currently implemented for desktop systems; some information needs to be stored in the cloud; etc. That’s right, IT Security people stopped Information Security projects due to...
Read More
Previous 9 10 11 12 13 14 15 Next