News Archive

Webcast

IAM and GRC Market Today and 2009

What We Have Observed This Year and What We Expect for 2009

Webcast

Trendstudie Rollenmanagement

Kuppinger Cole Webinar recording

Webcast

Reducing Authentication & Authorization Risks in Today´s Open Flexible Business Environments

Kuppinger Cole Webinar recording

Blog

Meet local - act global: CAST eV on Internet Crime

Yesterday I had the pleasure to attend this year's last CAST workshop in Darmstadt, Germany. CAST, Competence Center for Applied Security Technology, is a non-profit organization that provides security information for its members as well as the broader public. CAST is led by representatives of academia (Technical University of Darmstadt) and applied research (Fraunhofer SIT and IGD) as well as corporate and SME members. Yesterdays' event had "cybercrime and forensics" as headlines and the keynote was delivered by the famous president of the Federal Policy of Germany, Joerg Zierke (who...

Blog

Virtualization – changing the IT world

Over the last few years, virtualization has become a main topic of IT. Even though it isn’t a new concept, there have been many changes which affect IT in various areas, from data center design and operations to software delivery and future business models. One of the most interesting aspects of this trend is that virtualization really isn’t new. In the mainframe world, virtualization has been common for at least thirty years. But right now, it’s all about virtualizing PC-based servers and desktops. Even within this space, certain virtualization products have been around for...

Blog

The future role of the CIO

I received the results of a study compiled by the “Center of CIO Leadership” and sponsored by IBM. The survey highlighted some interesting aspects: 91% of the CIOs have a clear understanding on how to improve business through IT. On the other hand, only 67% participate actively on the definition and improvement of corporate strategies. 64% don't know how to build up their team. 69% of the CIOs have difficulties to delegate responsibilities. While the first number suggests a high level of IT-business alignment, the other numbers doesn't really support this view. Organizations...

Blog

Enterprise Role Management

The Kuppinger Cole definition of generic GRC tools which support a consistent platform approach to GRC requirements, includes role management capabilities as one of the core functional areas. To efficiently implement GRC, organizations should consider an enterprise role management approach. Role management has become relatively popular within the last 36 months. The recent IAM market survey by Kuppinger Cole shows that the portion of organizations with an enterprise-wide approach for role management has grown from 8% in 2006 to 20% in 2008. And 36% of all companies are currently in the...

Blog

ArisID is born – a next generation Identity Framework for Developers

The Liberty Alliance has announced the availability of ArisID and Project Aristotle. In a recent Webcast, Oracle’s Phil Hunt presented ArisID and demonstrated its usefulness to software developers. This innovation makes it easier to develop applications that are becoming increasingly less dependent on where identity information is stored, making applications easier to deploy in an identity management infrastructure. At the same time, governance of identity data is simplified by creating an open and interoperable framework that can be harnessed for controlling and auditing identity...

Blog

GRC platforms - more than IAM

GRC (Governance, Risk Management, Compliance) is frequently reduced to IAM (Identity and Access Management) or, in best case, to a more business-centric layer on top of IAM infrastructures. In our research and publications around GRC we've pointed out that GRC platforms will have to go well beyond IAM - SIEM, BSM (with aspects like business continuity), and other areas will have to be covered. If you ask the question the other way round, that becomes more obvious: What are the controls that business requires from IT? That question is, from my perspective, the core question for the...

Webinar

Jan 29, 2009: Cutting Costs through Lean Role Management

In tough economic times, IT departments are required to tighten their belts. This webinar explores cost saving potentials of enterprise role management initiatives.

Webinar

Jan 21, 2009: Service Oriented Security (SOS)

Service-Oriented Security aligns with the overall Application-Centric approach of Identity and Access Management solutions - with the goal of providing a comprehensive, standards-based, developer-friendly platform. By leveraging and sharing many of the common Identity "Services", Service-Oriented Security allows developers to spend the effort on where it counts the most - the application logic itself. Security will be just a service that can be invoked over a well defined hetrogenous interface based on open Standards. Furthermore application developers building identity-enabled applications...

Webinar

Jan 20, 2009: Entitlement Management - Business and Technical Perspectives

The question on how to control and secure access to resources has become an even more critical topic, as monolithic applications more and more become legacy and service oriented architectures (SOA) are taking over the regime. In this webinar we will give an overview of the emerging field of Entitlement Management and the XACML standard as a possibility to externalize identity management into an abstraction layer across multiple applications and services.

Webinar

Dec 18, 2008: IAM and GRC Market Today and 2009 – What we have Observed this Year and what we Expect for 2009

The final Kuppinger Cole Webinar in 2008 will provide a conclusion of what we have observed in our research during 2008 - trends, interesting vendors and concepts, emerging standards, remarkable best practices. Based on this, we will also talk about our view on what we expect to happen in 2009.

Blog

The Empire Strikes Back!

Well, I thought nothing could puzzle me regarding the IAM market these days - acquisitions, mergers, emerging start-ups. This ONE "acquisition" really hit me: Dick Hardt joins Microsoft! I almost dropped my morning espresso shot, when I received his (mass-)email... Once I read through his blog-posts here and here  though, I fully understand and congratulate both Dick and my former co-workers at Microsoft! It almost makes me wish I was still there ;-) - now with even more big AND versatile brains in Redmond it must feel like the "in the old days"... Nevertheless, I think the (not so evil)...

Blog

IT organizations have to change - for economic reasons!

During the last month's research I frequently ended up with thinking about IT organizations - as well the organization of IT itself as the IT as part of the overall organizational structure, including the role of the CIO. There is, from my perspective, no doubt that fundamental changes are required. Let's start with the IT organization. Early in 2008, we've done a survey and report on the topic of "SOA Governance" together with Ernst & Young (the German subsidiary) which we first time presented at EIC 2008 (by the way: EIC 2009 will be again in Munich, May 2009 5th to 8th, hope to meet...

Webcast

Enterprise Role Management

Kuppinger Cole Webinar recording

Blog

Role-over

Looks like IAM and GRC is all about roles, doesn't it? Well, for the sake of simplicity it does. Simplicity you ask, having had trouble defining these in a year-long struggle and ending up with worthless collections of access rights and user profiles due to the latest merger and the finance -crisis consolidation? You have pretty good company as many organizations face these problems. A few years back when I worked for CA, a good portion of the IAM projects also included considerable amounts of work to be done on roles. VAAU, at these times the preferred role-mining specialist in the...

Blog

The need for multi-layered attestation...

One of the issues I discuss most frequently in these days is attestation. I talk with vendors, with integrators, with auditors, and with end-users. Especially when talking with vendors, it appears to me that - again (I'll talk about that later) - frequently a light-weight solution is sold as the biggest thing since the invention of the wheel. Why light-weight? Many of the offerings for attestation support only one level of attestation. That's not enough (see below). Why again? That directly leads to the problems of many of today's attestation solutions. It is about the (often concealed)...

Blog

Sharepoint – a security risk?

There is an increasing number of security tools which support Microsoft Sharepoint. That is an indicator of Microsoft’s success in this market – but it is as well an indicator for security issues around Sharepoint. The problem is that these security issues are conceptual issues. They are about securing information on different levels – the information objects like documents or list entries themselves, the higher level lists, forms, and other elements in a Sharepoint environment, and the portal level itself. Microsoft has decided to use an ACL-based approach. ACLs can be applied on...

Blog

There is no need for IT Risk Management

OK, that sounds a little provocative. And it should. But in essence, it is true, at least as there is no need for a IT-only Risk Management. What we need is an integrated Risk Management, which covers "enterprise" risks and IT risks. Why? Let's start with the types of risks. Risks might be divided in three categories: Strategic risks, e.g. the risks of wrong (strategic) decisions, like entering a market with products no one wants to buy, changes in the market themselves and so on. Operational risks. That is what the vendors of ERM tools (Enterprise Risk Management) usually name...

Quicklinks

Welcome to KuppingerCole

How can we help you

Send an inquiry

+49 211 237 077 33

Mo – Fr 8:00 – 17:00

Stay Connected

Spotlight

Modern Cybersecurity Trends & Technologies Learn more

Modern Cybersecurity Trends & Technologies

Companies continue spending millions of dollars on their cybersecurity. With an increasing complexity and variety of cyber-attacks, it is important for CISOs to set correct defense priorities and be aware of state-of-the-art cybersecurity mechanisms. [...]