Blog posts by Martin Kuppinger

Blog

Why I Sometimes Wanna Cry About the Irresponsibility and Shortsightedness of C-Level Executives When It Comes to IT Security

WannaCry counts, without any doubt, amongst the most widely publicized cyber-attacks of the year, although this notoriety may not necessarily be fully justified. Still, it has affected hospitals, public transport, and car manufacturing, to name just a few of the examples that became public. In an earlier blog post , I was looking at the role government agencies play. Here I look at businesses. Let’s look at the facts: The exploit has been known for a while. A patch for the current Windows systems has been out for months, and I’ve seen multiple warnings in the press...

Blog

Why I Sometimes Wanna Cry About the Irresponsibility and Shortsightedness of Government Agencies

Just a few days ago, in my opening keynote at our European Identity & Cloud Conference I talked about the strong urge to move to more advanced security technologies, particularly cognitive security, to close the skill gap we observe in information security, but also to strengthen our resilience towards cyberattacks. The Friday after that keynote, as I was travelling back from the conference, reports about the massive attack caused by the “WannaCry” malware hit the news . A couple of days later, after the dust has settled, it is time for a few thoughts about the...

Blog

The New Role of Privilege Management

Privilege Management or PxM, also referred to by some vendors as Privileged Account Management, Privileged User Management, Privileged Identity Management, or a number of other terms, is changing rapidly, in two areas: Privilege Management is not only an IAM (Identity & Access Management) topic anymore, but as well a part of Cyber Defense. The focus of Privilege Management is shifting from session access to session runtime control. Thus, the requirements for vendors as well as the starting point of product selection is at least getting broader, and sometimes even...

Blog

OpenC2 – Standards for Faster Response to Security Incidents

Recently, I came across a rather new and interesting standardization initiative, driven by the NSA (U.S. National Security Agency) and several industry organizations, both Cyber Defense software vendors and system integrators. OpenC2 names itself “a forum to promote global development and adoption of command and control” and has the following vision: The OpenC2 Forum defines a language at a level of abstraction that will enable unambiguous command and control of cyber defense technologies. OpenC2 is broad enough to provide flexibility in the implementations of devices and...

Blog

Follow-Up on “Managing the User's Consent Life Cycle: Challenges, GDPR Compliance and (Business) Rewards”

The GDPR continues to be a hot topic for many organizations, especially for those who store and process customer data. A core requirement for compliance to GDPR is the concept of “consent,” which is fairly new for most data controllers. Coming up with GDPR is that parties processing personally identifiable information need to ask the user for his/her consent to do so and let the user revoke that consent any time and as easily as it was given. During the KuppingerCole webinar held on April 4th, 2017 and supported by iWelcome, several questions from attendees were left...

Blog

GDPR as an Opportunity to Build Trusted Relationships with Consumers

During the KuppingerCole webinar run March 16 th , 2017, which has been supported by ForgeRock, several questions from attendees were left unanswered due to a huge number of questions and a lack of time to cover them all. Here are answers to questions that couldn’t be answered live during the webinar. Q: How does two factor authentication play into GDPR regulations? Karsten Kinast: Two factor authentication does not play into GDPR at all. Martin Kuppinger: While two factor authentication is not a topic of GDPR, it e.g. plays a major role in another upcoming EU...

Blog

The Role of Artificial Intelligence in Cyber Security

Over the last few weeks I’ve read a lot about the role AI or Artificial Intelligence (or should I better write “Artificial” Intelligence?) will play in Cyber Security. There is no doubt that advanced analytical technologies (frequently subsumed under the AI term), such as pattern matching, machine learning, and many others, are already affecting Cyber Security. However, the emphasis here is on “already”. It would be wrong to say “nothing new under the sun”, given that there is a lot of progress in this space. But it is just as wrong to ignore the...

Blog

PSD II, Adaptive Authentication, and Multi-Factor Authentication

The upcoming updated Payment Services Directive (PSD II) will, among other changes, request Multi-Factor Authentication (MFA) for all payments above 10€ which aren’t done electronically. This is only one major change PSD II brings (another major change are the mandatory open APIs), but one that is heavily discussed and criticized, e.g. by software vendors , by credit card companies such as VISA , and others . It is interesting to look at the published material. The major point is that it only talks about MFA, without going into specifics. The regulators also point out...

Blog

Do You Need a Better IAM System to Meet the GDPR Requirements?

GDPR, the EU General Data Protection Regulation, is increasingly becoming a hot topic. That does not come as a surprise, given that the EU GDPR has a very broad scope, affecting every data controller (the one who “controls” the PII) and data processor (the one who “processes” the PII) dealing with data subjects (the persons) residing in the EU – even when the data processors and data controllers are outside of the EU. Among the requirements of EU GDPR are aspects such as the right to be forgotten, the right to edit the PII stored about one self, or the...

Blog

Accenture to acquire French IAM System Integrator Arismore

Just before Christmas Accenture Security announced the acquisition of French IAM system integrator Arismore, a company with about 270 employees and an estimated turnover of €40M. This makes Arismore a leading IAM system integrator in France, while also being involved in IT transformation initiatives. The acquisition follows other deals such as the acquisition of Everett by PWC earlier in 2016. Arismore is of specific interest because it also owns a subsidiary, Memority, which launched an IDaaS offering back in 2014. Memority is one of the various IDaaS offerings that are largely...


KuppingerCole Select

Register now for KuppingerCole Select and get your free 30-day access to a great selection of KuppingerCole research materials and to live trainings.

Stay Connected

Subscribe to our Podcasts

KuppingerCole Podcasts - watch or listen anywhere


How can we help you

Send an inquiry

Call Us +49 211 2370770

Mo – Fr 8:00 – 17:00