Blog by Martin Kuppinger

Blog
Changes in the Scope of Investors for IAM
by Martin Kuppinger
As a long-term observer of the IAM market, KuppingerCole finds it interesting to see the change in both the size of investments and the type of investors in this market. Just recently, ForgeRock announced an $88 million round in series D funding. This follows other major investments in IAM vendors such as Okta, Ping Identity , and SailPoint, to name a few. What is interesting with the recent funding for ForgeRock is that KKR appears on the list, one of the very big names amongst the investors. I found that particularly telling because it means that IAM is now on the radar of a...
Read More
Blog
The Sweet Spot for Blockchains: Registries
by Martin Kuppinger
A couple of days ago, DIACC (Digital ID & Authentication Council of Canada) together with IBM Canada and the Province of British Columbia released information about a PoC (Proof of Concept) for moving corporate registrations to a blockchain-based register. The PoC, which used the Hyperledger Fabric, was for both corporate registries of a single province and across multiple jurisdictions. Such registries, be it corporate registries, land register, or other types of decentralized ledgers, are the sweet spot for blockchains. Registration is decentralized. The registries and ledgers...
Read More
Blog
IBM Moves Security to the Next Level – on the Mainframe
by Martin Kuppinger
In a recent press release , IBM announced that they are moving security to a new level, with “pervasively encrypted data, all the time at any scale”. That sounded cool and, after talks with IBM, I must admit that it is cool. However, it is “only” on their IBM Z mainframe system, specifically the IBM Z14. By massively increasing the encryption capabilities on the processor and through a system architecture that is designed from scratch to meet the highest security requirements, these systems can hold data encrypted at any time, with IBM claiming support of up...
Read More
Blog
A Great Day for Information Security: Adobe Announces End-of-Life for Flash
by Martin Kuppinger
Today, Adobe announced that Flash will go end-of-life. Without any doubt, this is great news from an Information Security perspective. Adobe Flash counted for a significant portion of the most severe exploits as, among others, F-Secure has analyzed . I also wrote about this topic back in 2012 in this blog . From my perspective, and as stated in my post from 2012, the biggest challenge hasn’t been the number of vulnerabilities as such, but the combination of vulnerabilities with the inability to fix them quickly and the lack a well-working patch management approach. With the...
Read More
Blog
PSD2 – the EBA’s Wise Decision to Reject Commission Amendments on Screen Scraping
by Martin Kuppinger
In a response to the EC Commission, the EBA (European Banking Authority) rejected amendments on screen scraping in the PSD2 regulation (Revised Payment Services Directive) that had been pushed by several FInTechs. While it is still the Commission’s place to make the final decision, the statement of the EBA is clear. I fully support the position of the EBA: Screen scraping should be banned in future. In a “ manifesto ”, 72 FinTechs had responded to the PSD2 RTS (Regulatory Technical Standards), focusing on the ban of screen scraping or as they named it, “direct...
Read More
Blog
PSD2: Strong Customer Authentication Done Right
by Martin Kuppinger
The Revised Payment Services Directive (PSD2), an upcoming EC regulation, will have a massive impact on the Finance Industry. While the changes to the business are primarily based on the newly introduced TPPs (Third Party Providers), which can initiate payments and request access to account information, the rules for strong customer authentication (SCA) are tightened. The target is better protection for customers of financial online services. Aside from a couple of exemptions such as small transactions below 30 € and the use of non-supervised payment machines, e.g. in parking lots,...
Read More
Blog
There Is No Such Thing as GDPR-Compliant Software or SaaS Solution
by Martin Kuppinger
Recently, I stumbled about the first marketing campaigns of vendors claiming that they have a “GDPR compliant” application or SaaS offering. GDPR stands for General Data Protection Regulation and is the upcoming EC regulation in that field, which also has an extraterritorial effect, because it applies to every organization doing business with EU residents. Unfortunately, neither SaaS services nor software can be GDPR compliant. GDPR is a regulation for organizations that regulates how to protect the individual’s PII (Personally Identifiable Information), which includes...
Read More
Blog
Why I Sometimes Wanna Cry About the Irresponsibility and Shortsightedness of C-Level Executives When It Comes to IT Security
by Martin Kuppinger
WannaCry counts, without any doubt, amongst the most widely publicized cyber-attacks of the year, although this notoriety may not necessarily be fully justified. Still, it has affected hospitals, public transport, and car manufacturing, to name just a few of the examples that became public. In an earlier blog post , I was looking at the role government agencies play. Here I look at businesses. Let’s look at the facts: The exploit has been known for a while. A patch for the current Windows systems has been out for months, and I’ve seen multiple warnings in the press...
Read More
Blog
Why I Sometimes Wanna Cry About the Irresponsibility and Shortsightedness of Government Agencies
by Martin Kuppinger
Just a few days ago, in my opening keynote at our European Identity & Cloud Conference I talked about the strong urge to move to more advanced security technologies, particularly cognitive security, to close the skill gap we observe in information security, but also to strengthen our resilience towards cyberattacks. The Friday after that keynote, as I was travelling back from the conference, reports about the massive attack caused by the “WannaCry” malware hit the news . A couple of days later, after the dust has settled, it is time for a few thoughts about the...
Read More
Blog
The New Role of Privilege Management
by Martin Kuppinger
Privilege Management or PxM, also referred to by some vendors as Privileged Account Management, Privileged User Management, Privileged Identity Management, or a number of other terms, is changing rapidly, in two areas: Privilege Management is not only an IAM (Identity & Access Management) topic anymore, but as well a part of Cyber Defense. The focus of Privilege Management is shifting from session access to session runtime control. Thus, the requirements for vendors as well as the starting point of product selection is at least getting broader, and sometimes even...
Read More
Previous 6 7 8 9 10 11 12 Next