KuppingerCole Blog

Passwords are inherently insecure, and adding multifactor authentication can help compensate, but ultimately, organizations should be aiming to eliminate the password altogether because strong password polices are difficult to enforce, and passwords are easily compromised and are costly in terms of management, password resets, and lost productivity. Adopting multi-factor authentication (MFA) can immediately enable stronger authentication to reduce cybercrime, but it should be regarded as a short-term improvement over passwords alone, with the ultimate goal being truly passwordless...

Every day the world is becoming more digital, which means we increasingly need an effective, trusted, and convenient way to prove our identity as we interact with digital services from governments, retailers, and other service providers. We can no longer easily use things like a driver’s license in a digital environment. A digital equivalent that could be held by individuals and accepted by all service providers would make it much easier and safer to do business online. Some digital national IDs can be used to access some government services, but they are not widely accepted....

Web and the metaverse is a trendy topic, so it is even nicer to enjoy a more nuanced view of the subject. An optimistic but still realistic sneek peak of our digital future. Katryna Dow from Meeco will elaborate on the challenges of Web3 in her Keynote The Omniverse SWOT on Thursday, May 12, at the European Identity and Cloud Conference 2022 . To give you a preview of what to expect, we asked Katryna some questions about her presentation. What is the Omniverse and why the title? To be honest, I was trying to avoid the word metaverse. And also because I think this new...

As one of the founders of KuppingerCole Analysts, I’m also an EIC (European Identity & Cloud Conference) veteran. Looking back to the start in 2007, a lot has changed since then, but the core of EIC is what it has been from the very beginning: A conference that provides both thought leadership and best practices from the field. A conference that brings together end users, vendors, analysts, and other experts, for close interaction and exchange. A conference that, I dare to say (and I’m proud of), is the most relevant gathering on identity topics globally. Time to...

Identity and information security are inextricably linked because is impossible to secure information without knowing who or what is allowed to access it, or without knowing who or what is attempting to access it. Simply put, there is no information security without identity. More accurately, there is no information security without management of identity and management of access: a means of knowing who or what is attempting to access systems or data, a means of knowing who or what is allowed access, and a means of allowing or blocking access based on those predefined access rights....

DDoS (Distributed Denial of Service) attacks are no longer top of mind; however, today DDoS attacks are an even bigger threat than ever before. The pandemic has accelerated digital transformation due to growth in digital services. The ever-increasing number of devices being exposed to the internet, the ever-growing dependency of organizations on these digital services as a virtual interface to customers, consumers, and citizens, the shift to remote work/work from home and the growth in importance of cryptocurrencies. All these factors have led to a continuous increase in the number and...

The decentralized identity paradigm disrupts traditional identity and access management ecosystems and requires a more democratic collaboration and competition among several identity and credential issuers. Dr. Michele Nati from IOTA Foundation will elaborate on this challenge in his Combined Session  Making SSI accessible: IOTA technology, solutions and projects on Thursday, May 12, at the European Identity and Cloud Conference 2022 . To give you a sneak preview of what to expect, we asked Michele some questions about his presentation. How important is SSI...

Managing business in today's geopolitical context In the face of a geopolitical crisis, concerns are growing about the threat of cyber-attacks to global supply chains and private organizations, which are already in a precarious state due to the Covid-19 pandemic. When a crisis occurs, business continuity and corporate resilience are essential. Both require a company-wide response. In this context, geopolitical risk assessments are integral to a secure IT environment. With the advent of cyberspace, state and non-state actors have been willing to challenge the political and economic...

Over the past 16 months, Software Supply Chain Risks have risen to a top concern of CISOs, caused by several software supply chain attacks as well as major risks induced by vulnerabilities in extensively used standard software components, specifically Log4j/Log4shell. Understanding and mitigating software (supply chain) risks as well as protecting the own DevOps pipeline is a must for organizations. This is not a one-time exercise but requires continuous re-evaluation based on standardized methodology. Risks are continuously changing, be it by newly detected vulnerabilities or by external...

Decentralized identity is an incredibly flexible technology that solves fundamental problems in the way we manage digital communication. But this capacity to do more than one thing at once can be a source of confusion. Heather Dahl from Indicio will elaborate on this challenge in her Combined Session  How to use the framework of a Trusted Data Ecosystem to simplify building decentralized identity solutions on Wednesday, May 11, at the European Identity and Cloud Conference 2022 . To give you a sneak preview of what to expect, we asked Heather some questions about her...