Blog posts by Matthias Reinwarth

Blog

Assuming High Criticality: Resilience, Continuity and Security for Organizations and Infrastructures

Acronyms are an ever-growing species. Technologies, standards and concepts come with their share of new acronyms to know and to consider. In recent years we had to learn and understand what GDPR or PSD2 stand for. And we have learned that IT security, compliance and data protection are key requirements for virtually any enterprise. The following acronyms and more importantly the concepts behind them can teach us about what forward-looking organizations and their leaders should be thinking of.  MTPD stands for "Maximum Tolerable Period of Disruption" . Its value determines the...

Blog

Ledger for the Masses: The Blockchain Has Come to Stay

Hype topics are important. They are important for vendors, startups, journalists, consultants, analysts, IT architects and many more. The problem with hypes is that they have an expiration date. Who remembers 4GL or CASE tools as an exciting discussion topic in IT departments? Well, exactly, that's the point... From that expiration date on, they either have to be used for some very good purposes within a reasonable period of time, or they turn out to be hot air. There have been quite a few hype topics lately. Think for example of DevOps, Machine Learning, Artificial Intelligence, IoT,...

Blog

CCPA: GDPR as a Catalyst for Improving Data Protection Outside the EU

It wasn't too long ago that discussions and meetings on the subject of digitization and consumer identity access management (CIAM) in an international environment became more and more controversial when it came to privacy and the personal rights of customers, employees and users. Back then the regulations and legal requirements in Europe were difficult to communicate, and especially the former German data protection law has always been belittled as exaggerated or unrealistic. However, in the past three years, during which I have given many talks, workshops and advisory sessions on...

Blog

BAIT and VAIT as Levers to Improving Security and Compliance (And Your IAM)

Usually, when we talk about special compliance and legal requirements in highly regulated industries, usually one immediately thinks of companies in the financial services sector, i.e. banks and insurance companies. This is obvious and certainly correct because these companies form the commercial basis of all economic activities. Although regulations and their obligations are often formulated on a relatively abstract level, they must be adapted over time to the changing business and technical circumstances. Sometimes they need to be made more concise, more actionable and more specific,...

Blog

How to Implement IT Governance Requirements Relating to Information Security and IT for Insurances and Beyond: VAIT Now Available in English

A short update blog post: Earlier this year, in September, I did a blog post about the VAIT . This BaFin document explains the challenges for IT in companies in the insurance industry much more clearly than the original regulatory documents. VAIT ("Versicherungsaufsichtliche Anforderungen an die IT") maps BaFin's requirements to more tangible guidance. A few days ago, the English translation of this document has been made available. It is described on its announcement page as follows: "The VAIT aims at clarifying BaFin's expectations with regard to governance requirements relating...

Blog

Another Astounding Data Breach Hits the Confidence of Customers

The dust is still setting, but the information on this case currently available, which also includes the official press release , is worrying: Just this Friday, November 30, the hotel chain Marriott International announced that it has become the target of a hacker attack. Marriott's brand names include W Hotels, St. Regis, Sheraton Hotels & Resorts, Westin Hotels & Resorts, and Le Meridien Hotels & Resorts. The compromised database contains personal information about customers, in particular, reservations made in the chain's hotels before September 10, 2018. Even more...

Blog

Intelligente Governance jenseits von Auditoren und regulatorischen Anforderungen

Es kann viele Gründe geben, warum ein Unternehmen eine Initiative zur Verbesserung seiner Informationssicherheit ergreift. Es gibt jedoch einen spezifischen Grund, der sich immer wieder wiederholt: "Weil die Auditoren das sagen, müssen wir....". Die Realität und die hieraus resultierende Logik war bislang oft wie folgt: Zur Durchsetzung der regulatorischen oder gesetzlichen Anforderungen gehören Sanktionen bei Nichteinhaltung. Diese galt es zu vermeiden. Dies führte zu einem Ankreuz-Listen-Ansatz für die Einhaltung der Vorschriften. Wenn dieser mit dem wie...

Blog

Intelligent Governance Beyond Auditors and Regulatory Requirements

There can be many reasons why a company takes an initiative to improve its information security. However, there is one specific reason that repeats itself time and again: "Because the auditors say that, we have to..." The reality and the resulting logic have so far often been as follows: The enforcement of regulatory or legal requirements includes sanctions for non-compliance. These had to be avoided.  This led to a check-list approach for regulatory compliance. If this was done with the absolute minimum possible cost and effort in order to avoid non-compliance and thus the fine,...

Blog

Insight, Control and Automation for Intelligent Security Technologies Within Virtualized Environments

Traditional endpoint and infrastructure security approaches are tackling changes to OS, application and communication by monitoring these through dedicated solutions installed as agents onto the actual system. Often these solutions search for specific violations and act upon predefined white listed applications / processes or blacklisted identified threats. Due to their architecture, virtualization platforms and cloud infrastructures have completely different access to security-relevant information. When intelligently executed, real-time data and current threats can be correlated. But...


KuppingerCole PLUS

Get access to the whole body of KC PLUS research including Leadership Compass documents for only €800 a year

Stay Connected

KuppingerCole on social media

Subscribe to our Podcasts

KuppingerCole Podcasts - listen anywhere


How can we help you

Send an inquiry

Call Us +49 211 2370770

Mo – Fr 8:00 – 17:00