KuppingerCole Blog

Managing business in today's geopolitical context In the face of a geopolitical crisis, concerns are growing about the threat of cyber-attacks to global supply chains and private organizations, which are already in a precarious state due to the Covid-19 pandemic. When a crisis occurs, business continuity and corporate resilience are essential. Both require a company-wide response. In this context, geopolitical risk assessments are integral to a secure IT environment. With the advent of cyberspace, state and non-state actors have been willing to challenge the political and economic...

Over the past 16 months, Software Supply Chain Risks have risen to a top concern of CISOs, caused by several software supply chain attacks as well as major risks induced by vulnerabilities in extensively used standard software components, specifically Log4j/Log4shell. Understanding and mitigating software (supply chain) risks as well as protecting the own DevOps pipeline is a must for organizations. This is not a one-time exercise but requires continuous re-evaluation based on standardized methodology. Risks are continuously changing, be it by newly detected vulnerabilities or by external...

Decentralized identity is an incredibly flexible technology that solves fundamental problems in the way we manage digital communication. But this capacity to do more than one thing at once can be a source of confusion. Heather Dahl from Indicio will elaborate on this challenge in her Combined Session  How to use the framework of a Trusted Data Ecosystem to simplify building decentralized identity solutions on Wednesday, May 11, at the European Identity and Cloud Conference 2022 . To give you a sneak preview of what to expect, we asked Heather some questions about her...

Is your Digital Supply Chain your weakest Link? In the 1950’s the Lyons restaurant chain in the UK built their own computer and wrote all the applications that they needed to manage and optimize their operations. This was called LEO – Lyons’ Electronic Office.  Today, this would be impractical, and all organizations now rely on IT software and services delivered from external suppliers. The creates a supply chain that is very attractive to cyber adversaries because of the leverage it provides.  One compromised component is delivered to many potential...

Passwords are inherently insecure , and adding multifactor authentication can help compensate, but ultimately, organizations should be aiming to eliminate the password altogether because strong password polices are difficult to enforce, and passwords are easily compromised and are costly in terms of management, password resets, and lost productivity . As discussed in the previous edition of KC Navigator, adopting MFA can immediately enable stronger authentication to reduce cybercrime, but it should be regarded as a short-term improvement over passwords alone, with the ultimate goal...

A poor user experience is increasingly becoming a no-go for customers, even to the point of them not buying a product. So a good user experience is a must, but how can you achieve that without neglecting security? Candace Worley from Ping Identity will elaborate on this challenge in her Keynote Human-Centric Identity on Thursday, May 12, at the European Identity and Cloud Conference 2022 . To give you a sneak preview of what to expect, we asked Candace some questions about her presentation. What is Human-Centric Identity? So human-centric identity is taking an...

Why Backup and Disaster Recover is ever more important In May 2021, the Irish health Service (HSE) was hit by a ransomware attack. According to the BBC this caused substantial cancellations to outpatient services and staff having to resort to paper-based systems. The service was still recovering from this attack four months later and, although it said than 95% of its servers had been recovered it still had an area of its website devoted to giving updates. Ransomware has become a rich vein that is being mined by cyber-criminals . Any organization that has money and time critical...

Are today's identity fundamentals such as single sign-on, multi-factor authentication, passwordless authentication enough for the future of Web 3.0? Asanka from WSO2 will elaborate on his idea of Creating a Seamless Access Experience with the Digital Double  on Thursday, May 12, at the European Identity and Cloud Conference 2022 to address the next digital era. To give you a sneak preview of what to expect, we asked Asanka some questions about his presentation. What do you mean by the digital double in your presentation title? Yeah, I think it's a really good...

Where we already benefit from AI Efficiency, personalization, and transforming numerous parameters into an actionable insight are some of the benefits we have from AI. Artificial intelligence is already embedded in our daily lives, often in ways that we barely notice anymore. In our personal lives, we benefit form recommendation engines , fraud detection for payment transactions , image classification of medical imaging , and natural language interaction with our smart devices. Organizations are harnessing AI as well, for anomaly detection in customer transactions and in IT...

Anyone who has attended our European Identity & Cloud Conference (EIC) in the past 15 years will know that this is the leading event when it comes to current and future trends in  IAM and privacy (not to mention cloud security or cybersecurity). EIC is about the union of analyst thought leadership, the expertise of industry leaders, and best practices from the field. This year’s EIC continues and strengthens this proud tradition with more than 200 speakers, covering a huge range of topics, which an increased focus on cybersecurity. Some of the highlights in the...