KuppingerCole Blog

The recent SolarWinds incident has shed a light on an area of cybersecurity that is not frequently in focus. Better said, it is “again has shed a light”, if we remember the Heartbleed incident that happened back in 2014. Back then, my colleague Alexei Balaganski wrote in a blog post that “software developers (both commercial and OSS) […] should not rely blindly on third-party libraries, but treat them as a part of critical infrastructure”. What we need is a defined approach and consequent enforcement of what, in a slightly awkward manner, is called...

Oh, how time flies! It seems that the whole story of Zero Trust as a revolutionary concept for designing computer networks began just yesterday, but it’s been over a decade already. In fact, the very idea that was later somewhat awkwardly named “de-perimeterization” was being discussed nearly 20 years ago. Back then, in the early 2000s, years before the era of the cloud and ubiquitous presence of smart mobile devices, organizations were already feeling the pressure to reorganize their networks for the digital transformation – establishing communications to their...

Privacy-sensitive users are drawn to solutions with certain features: end-to-end encryption, granular consent, data ownership, and secure storage. But what is it that privacy can really do for users, and is there a non-exploitative business model in it for companies? KuppingerCole envisioned Life Management Platforms back in 2012 as the pathway to individual data sovereignty. Data sovereignty is incrementally being introduced as a right of individuals, with principles being introduced in the European GDPR, the Canadian PIPEDA, the CCPA, and others. While these regulations manage the...

On July 16 th , 2020 the European Court of Justice issued its decision on the adequacy of the protection provided by the EU-US Data Protection Shield for the transfer of personal data for commercial purposes by an economic operator established in an EU Member State to another economic operator established in a third country.  The use of cloud services is now commonplace and has been increased due to the need for working from home due to the coronavirus pandemic.  In addition, unstructured files like documents, spreadsheets and slide decks that are stored in these services often...

I had no intention to write any blog posts during the holidays or, God forbid, do any predictions for the next year (look how relevant last year’s predictions turned out to be). However, an interesting story involving Ticketmaster, a large American ticket sales company, has caught my eye and made me think once again about my career in cybersecurity. The whole story goes all the way back to 2013, but the details have only recently been unsealed after the company has entered into a plea agreement and agreed to pay a $10 million fine for illegal access to a competitor’s...

The ongoing SolarWinds incident illustrates that the much-lauded Zero Trust security paradigm is, in fact, based on trust. Zero Trust is about authenticating and authorizing every action within a computing environment. It is putting the principle of least privilege into action. In an ideal implementation of Zero Trust, users authenticate with the proper identity and authentication assurance levels to get access to local devices, on-premises applications and data, and cloud-hosted resources. Access requests are evaluated against access control policies at runtime. In order for Zero Trust...

Many if not most organizations have moved to a risk management model for cybersecurity and identity management. Priorities have shifted in two major ways over the last decade: decreasing attack surface sizes focusing on detection and response technologies instead of prevention only Reducing attack surfaces inarguably improves security posture. Achieving the objective of reducing attack surfaces involves many activities: secure coding practices, vulnerability scanning and management, consolidation of functions into fewer products and services, access reconciliation, user...

Attending AWS re:Invent is always an exceptional experience and, despite it being virtual, this year was no different. As usual, there were the expected announcements of bigger better and faster services and components. AWS always shows a remarkable level of innovation with many more announcements than it is practical to cover comprehensively. Therefore, in this blog, I will focus on what I think are some of the highlights in the areas of hybrid IT, edge computing, machine learning as well as security and compliance. There is an old adage – “Keep it Simple Stupid” and...

Since the beginning of the Covid-19 crisis, the use of language in public life, in the press, and in everyday life has changed. Terms that were formerly confined to the circles directly affected by them are now much more common. For example, every informed and responsible citizen is now familiar with specific terms from epidemiology and immunology such as “reproduction number” and “herd immunity”. Another term that has risen to prominence since the beginning of the crisis is “first-line worker”. These workers literally work on the front line. They are...

Whether you’re a fan of MySQL or not, you cannot dispute the fact that it is the world’s most popular open-source database by a large margin (incidentally, it’s also the second most popular database ever, behind only its owner Oracle’s flagship commercial product). 25 years after its inception, MySQL has evolved into an essential and truly ubiquitous component of every web application stack and cloud platform. Even though some database experts might frown upon it for lacking “enterprise capabilities”, it is widely used by the largest enterprises around...