News Archive


Cisco Promises Future of the Internet – But Can They Deliver?

On December 11th I attended an analyst webcast from Cisco entitled “The Future of the Internet”. At this Cisco unveiled its plans for its next generation of networking products. While this was interesting, it did not meet my expectations for a deeper vision of the future of the internet. The timing is interesting because 50 years ago in 1969 there were several events that were seminal to the internet. Many people will remember Apollo 11 and the moon landing – while this was an enormous achievement in its own right – it was the space race that led to the...

Leadership Brief

Leadership Brief: AI in the Legal Industry: The Basics in a Nutshell - 80269

Artificial Intelligence (AI) applications in the legal industry already range from naissent to mature. However, the legal implications of such applications and trends in global regulation should be considered when assessing the suitability of any AI application. This leadership brief offers an overview of the current state of AI in the legal industry.


Christoph Weiss - Next Generation ML based Data Intelligence Around Process Automation (DSGVO, GDPR, etc.)


Klara Jordan - Operationalizing Election Security Guidance


Assaf Pilo - AI as an Enabler for Detecting PI Across Large Data Infrastructures

Using intelligent insights on the readiness of data to move to the cloud and a dynamic catalog ready to manage it, companies can accelerate migration with both confidence and control.


Dr. Vangelis Gazis - IoT Security: A Standards’ Perspective

The Internet of Things tends to mean different things to different people. This diversity of understandings makes it hard to pick up speed in joint efforts to improve the security of IoT. Fortunately, recent developments in international collaboration, particularly in standardisation initiatives, have started to bear fruits in this direction. This talk will introduce the landscape of standardisation IoT security, highlighting particular areas of technical significance to security and where improvements are challenging. In addition, areas where standardisation initiatives have been...


René Grob - Migration to a Modern IAG Solution - Experiences of Helsana Versicherungen AG

For over 12 years, Helsana used an IAM solution based on NetIQ Identity Manager, which was extended and adapted to individual needs. Not only did the system's maintainability suffer as a result, but its usability also no longer met today's expectations. A new, leaner and more modern system with SailPoint IdentityIQ should not only help to standardize the processes, but also offer the possibility to tackle old and new challenges in the field of IAM/IAG. It shows where Helsana was at the beginning of the project, where she is today and what the company has learned along the way.


Francisco Z. Gaspar - The Unpatchable Element


Dr. Komitas Stepanyan - Auditing Cybersecurity Governance: Putting the Elephant in the Fridge

The term Cyber sounds very attractive and everyone wants to use this term nowadays. Although many people talk about cybersecurity, however only some of them pay some attention to cybersecurity governance. On the one hand, it is a challenge for top management to govern cybersecurity on the other hand it is challenge for internal audit to give an appropriate assurance on cybersecurity. Should Internal Audit give an assurance on cybersecurity – that is one of the most difficult questions? If yes – how? If not – who should?  Cybersecurity is more about people, management...


Per Thorsheim - The Real Cost of Cyber Security Incidents

We see stories on data breaches every week, happening due to weak cyber security. Massive fines are issued based on GDPR, PCI, and consumer protection around the world. Proactive. fast & efficient handling of cyber security incidents is a key to survival for any organisation, but there are also costs that are rarely mentioned: the personal consequences for those affected by a data breach.


Philipp Schneidenbach - Inflections of Elections – When Ballot Rigging Meets Fraud Prevention

Voting is said to be the first of all citizens duties. No matter what is to be decided: Not voting is said to be a societal taboo. Scandals around the world raise questions about the security of voting and election systems: Manipulations by election staff, inside jobs at polling locations and blatantly insecure systems. All this has been there since decades, but why does it happen again and again? What can be done to mitigate risk? And how can the current discussion about digital trust and privacy help identify solutions for the future? Acquire an in-depth overview of the key facts and...


Dr. Heiko Klarl - Everything as Code – Ensuring Compliance and Governance for IAM


Panel - New Cybersecurity Challenges: Cyber-conflitcs in Perspective


John Tolbert - The Information Protection Lifecycle

Too often those of us in the cybersecurity space get wrapped up in comparing, deploying, and managing point solutions. While this is a necessary consequence of both the fragmented nature of the market and the highly specialized nature of our work, sometimes we need to step back and look at the big picture. What kind of information am I charged with protecting? How can I discover and keep track of it all? What kinds of controls can I apply? How can data be protected in different environments, on different platforms, etc? We'll look at the various stages in the life and death of information...


Per Thorsheim - Password Security in 2019 - More Important Than Ever Before!

There is no other computer related issue that affects more people globally and more frequently than passwords. We can easily authenticate 100 times day using pins, passwords, biometrics, cards and other technologies. At the same time we see time and again that weaknesses, vulnerabilities and flaws in these mechanisms are exploited to gain unlawful access to systems and data. New consensus on passwords & digital authentication exist, but a major challenge persist: how do convince everyone we've done passwords wrong for 30 years, and need to change everything? This talk will provide...


Tom Janetscheck - Threat Hunting with the Microsoft Cloud

With the preview-release of Azure Sentinel, Microsoft has shifted some features from Azure Security Center to its new threat hunting solution. But how do all the security tools Microsoft offers nowadays integrate with each other? How can you find a way through this security jungle? And how do you make sure to have the right tools in place when it comes to protecting your IT environments and hunting threats? Join cloud security expert and Microsoft MVP Tom Janetscheck for this demo-rich session to get all these questions answered and to learn how to protect your resources easily and...


Jean-Christophe Gaillard - The Language of Security

How the way we talk about information security has changed over the last 2 decades, based on a quantitative analysis of 17 Global Information Security Surveys by EY (2002-2019)


Philipp Veronesi - Engineering Cybersecurity – The Knowledge Gap in Automotive

Cybersecurity is by far no temporary fashion. The automotive industry now realizes the importance of cybersecurity for its organization and particularly for its products. However, a large gap exists between the requirements that result from new standards and the existing knowledge within the organization. This frequently results in diffuse solutions to establish required principles of cybersecurity. In this context, many enterprises still underestimate that cybersecurity needs to be applied along the entire product lifecycle. Due to this, many companies try to close the knowledge gap via...


Benjamin T. Schlabs - Embracing the Human Factor

IT security departments are no longer just responsible for securing digital assets and appliances. They must - with equal priority - help create a secure environment that inspires productivity and empowers employees to innovate. In this talk, we discuss challenges faced by large enterprises around embracing the Human Factor (security awareness, phishing / social engineering, password hygiene/policies, etc.). We also share insights into how key security indicators such as overall vulnerability levels and basic security hygiene can be measured and compared across organizations,...


Klara Jordan - The Forgotten Story of Cyber Hygiene

Advisory Note

Advisory Note: Future of Identity Management - 71303

Digital identities are at the core of Digital Transformation, Information Security and Privacy, and therefore it has never been more important for enterprises to ensure they have the capability to manage identities effectively and efficiently in a rapidly changing business, regulatory and IT environment.

This Advisory Note looks at the main trends and challenges to help businesses evolve their Identity Management strategies to become well-placed to meet existing, new, emerging and future requirements.


Whitepaper: CCPA: The Need for Data-Centric Security - 80136

CCPA is the latest in a series of global privacy regulations. It comes with new requirements for dealing with personal data and is accompanied by severe penalties. Thus, businesses must take appropriate action to comply with CCPA. While handling consent and opt-outs are at the forefront, successful mitigation of risks starts with data-centric security – it is about understanding where personal data resides and encrypting or anonymizing that data whenever possible. This is where technology, such as data tokenization becomes an essential element for every business.


Jan 16, 2020: API Management and Security: Don’t Trade Protection for Convenience

Once a purely technical concept created to make developers’ lives easier, Application Programming Interfaces (APIs) have evolved into one of the foundations of modern digital business. As companies are struggling to maintain their business agility, to react to the ever-changing market demands and technology landscapes, the need to deliver a new application or service to customers as quickly as possible often trumps all other considerations.


Identity Fabrics for True Digital Transformation

Business models are changing, customer relationships are changing, and business partnerships are far more volatile than ever before. Workloads are shifting to the cloud and to as-a-service models. Businesses are looking to provide more and more digital services to their customers and consumers via apps and integrate with devices and things. Digital Identity is at the center of these digital transformations.


Regulatory Compliance a Potential Driver of Cloud Migration

Newly announced AWS offerings of Access Analyzer, Amazon Detective and AWS Nitro Enclaves discussed in my last blog post, further round out AWS’s security services and tools such as Amazon GuardDuty that continuously monitors for threats to accounts and workloads, Amazon Inspector that assesses application hosts for vulnerabilities and deviations from best practices, Amazon Macie that uses machine learning to discover, classify, and protect sensitive data, and AWS Security Hub, a unified security and compliance center. These new security capabilities come hard on the heels of other...

Executive View

Executive View: Axiomatics APS - 80314

Axiomatics provides a complete enterprise-grade dynamic authorization solution that can address an organization's breadth of access control needs. The Axiomatics Policy Server (APS) makes available a suite of tools and services to manage an Attribute Based Access Control (ABAC) policy life-cycle efficiently both on-premises and in the cloud.


Breaches and Regulations Drive Better Security, AWS re:Invent Shows

The high proportion of cyber attacks enabled by poor security practices has long raised questions about what it will take to bring about any significant change. Finally, however, there are indications that the threat of substantial fines for contravening the growing number of data protection regulations and negative media exposure associated with breaches are having the desired effect. High profile data breaches driving industry improvements The positive effect of high-profile breaches was evident at the Amazon Web Services (AWS) re:Invent conference in Las Vegas, where the cloud services...


API Platforms as the Secure Front Door to Your Identity Fabric

Identity and Access Management (IAM) is on the cusp of a new era: that of the Identity Fabric. An Identity Fabric is a new logical infrastructure that acts as a platform to provide and orchestrate separate IAM services in a cohesive way. Identity Fabrics help the enterprise meet the current expanded needs of IAM, like integrating many different identities quickly and securely, allow BYOID, enable accessibility regardless of geographic location or device, link identity to relationship, and more. The unique aspect of Identity Fabrics is the many interlinking connections between IAM services...


The First Step to Cloud Is Not Technical – an AWS Perspective on Cloud Migration

As usual, Amazon Web Services (AWS) is making a slew of announcements at its reinvent conference in Las Vegas, and as expected, the key ones related to making it easier for organizations to move workloads to the cloud, keep data secure and get more value out of their data with services supported by Machine Learning. However, one of the most interesting points made in the keynote by CEO Andy Jassy was not the power of the cloud transform business, revolutionize industry sectors or the latest AWS server processor chip and services, but about the common, non-technical barriers organizations...


Jan 23, 2020: Improve Security With Critical Infrastructures Requirements

Organizations or institutions that are essential for the public are called Critical Infrastructures (KRITIS = “Kritische Infrastrukturen”). As such, they are subject to comprehensive and strict legal regimes consisting of laws and regulations.


Dr. Mariarosaria Taddeo - The Risk of Trusting AI in Cybersecurity


Ola Sergatchov - Beyond Cloud - the Place Where Security, DevOps and Business Meet

As a result of the continous evolution of IT platforms, new environments and applications show up to simplify our lives. Some receive them with suspicion, others embrace them. But security challenges don't change, they just multiply. Visibility and segmentation cannot be a roadblock on the never-ending quest for innovation and business agility.   Ola Sergatchov, Vice President of Corporate Strategy at Guardicore, in her presentation, will explore how we can deliver more with less. How to accelerate while reducing security risks, and most importantly, align...


Dr. Heiko Klarl - Challenges of a Global IAM

Globalisation has spread business and production sites all over the world. Companies are faced with distributed IT systems as well as with different and demanding regulations in various countries, spanning from USA through to Europe and Asia, especially China and Russia. For many businesses IAM is a central part when it comes to managing employees, partners, customer, things and APIs in a secure and reliable way.


Alexei Balaganski - AI in Cybersecurity: Between Hype and Reality

Artificial Intelligence is surely one of the hottest topics in nearly every industry nowadays, and not without reason. Some of its practical applications have already become an integral part of our daily lives – both at home and in offices; others, like driverless cars, are expected to arrive within a few years. With AIs beating humans not just in chess, but even in public debating, surely, they’ve already matured enough to replace security analysts as well?


Dr. Niklas Hellemann - Next Generation Phishing – Social Engineering in Times of Voice Phishing, AI and DeepFake

Phishing attacks on companies have become increasingly sophisticated in recent years. The high success rates in tactics such as CEO fraud, ransomware or cryptojacking have led to hackers spending much more time and resources manipulating their targets. This is also reflected in the increased incidence of spear phishing attacks and voice phishing operations. At the same time, technological developments in the field of machine learning (e.g. in natural language processing) offer a dangerous basis for new applications in this area. Dr. Niklas Hellemann gives an overview of new social...


Max Heinemeyer - AI vs. AI - On The Next Paradigm Shift in Cyber Security

This talk intents to provide thought leadership on how AI & ML is currently being used for defensive purposes and will soon be used for offensive purposes. It covers both sides, defence and offence, and provides examples of how AI either is currently used to augment defensive measures or how AI will be used to augment cyber offence. On the defensive side we have seen an explosion in the vendor landscape using narrow AI to varying levels of success. What is undeniable is that there is improvements in blue teaming & cyber defence thanks to AI. Max will give a handful of practical...


Panel - The Future of AI in Cybersecurity

Numerous malware variants are being created daily. To adjust to this evolution, machine learning tools are being utilized by security companies to detect the novel threats and new attack vectors. Same for the threat hunting, where the ML helps in p roactively and iteratively parsing through  networks detecting the advance threats. Important question is where we want to apply these advanced techniques. The technology should be applied in a smart way to tackle specific problems. In this panel we will discuss the current state of AI in cybersecurity and what the future will hold.


Extending Beyond the Limits of Multi-Factor Authentication With Continuous Adaptive Trust

The Identity and Access Management (IAM) market is undergoing rapid and at times transformative change. A steady progression from on-premises to API and cloud platforms is visible as vendors innovate, but authentication tools are under attack from determined adversaries.


Orel Pery - The Art of Using Threat Intelligence to Improve Your Security Operations

  • Why is it so important to do threat hunting in today’s expanding attack surface
  • What are the latest tools and methodologies used by threat intelligence teams to automate and accelerate hunting
  • How to gain visibility of targeted threats in your digital footprint eg. in the Internet, Deep-Web and Dark-Web
  • How threat actors use leaked and sensitive data to target your organization and personnel
  • How does an effective CTI strategy transform security operations, improve performance and reduce risk
  • Case study


Panel - Threat Hunting: Making Data Informed Decisions


On the Way to Becoming a Cognitive Enterprise

The digitalization has resulted in the "digital enterprise". It aims at leveraging previously unused data and the information hidden in it for the benefit of the enterprise. The “cognitive enterprise” comes with the promise to use this information to do something productive, profitable and highly innovative for the enterprise.  The cognitive enterprise is the application of cognitive technologies in critical areas of a company. Automation, analytics and decision-making, customer support and communication are key target areas, because many tasks in today’s...

Leadership Compass

Leadership Compass: API Management and Security - 70311

This Leadership Compass provides an overview of the market for API management and security solutions along with recommendations and guidance for finding the products which address your requirements in the most efficient way. We examine the complexity and breadth of the challenges to discover, monitor and secure all APIs within your enterprise and identify the vendors, their products, services and innovative approaches towards implementing consistent governance and security along the whole API lifecycle.


Welcome to KuppingerCole

How can we help you

Send an inquiry

+49 211 237 077 33

Mo – Fr 8:00 – 17:00

Stay Connected


AI for the Future of Your Business Learn more

AI for the Future of Your Business

AI for the Future of your Business: Effective, Safe, Secure & Ethical Everything we admire, love, need to survive, and that brings us further in creating a better future with a human face is and will be a result of intelligence. Synthesizing and amplifying our human intelligence have therefore the potential of leading us into a new era of prosperity like we have not seen before, if we succeed keeping AI Safe, Secure and Ethical. Since the very beginning of industrialization, and even before, we have been striving at structuring our work in a way that it becomes accessible for [...]