News Archive


The need for an integrated risk management

During our GRC Forum 2008 which we’ve held in Frankfurt, one of the important discussions was around the way risk management should be implemented. There was broad agreement on the thesis that IT Risk Management and Enterprise Risk Management can’t be separated – at least not beyond the part which deals with strategic risks. Overall, there are three different types of risks which are usually differentiated:Strategic risks, the risks of strategic decisions like acquiring companies or developing specific products. Even while they might be related to IT risks (especially in the capability of...


Regeln für erfolgreiches Rollenmanagement

10-minütige Präsentation


Integration - die Zukunft des Risikomanagements

9-minütige Präsentation


Identity Management Roadmap 2009

10 minutes audio-enhanced presentation


Identity Management and GRC Trends 2009-2019

9 minutes audio-enhanced presentation


Consolidation... as expected

The recent acquisition of EUREKIFY by CA does not come as a surprise, it was rather expected to happen sooner or later after the OEM/reseller agreement had been published. CA took what was left for grabs after SUN had (more to our surprise) settled an agreement with VAAU, who also had been in close cooperation with CA (and others) before. The consolidation regarding the role mining and role management market is in full progress and it is to be expected that each large IAM player in the market will cooperate if not acquire one of the smaller role specialists left in the field. As from the...


CA acquires Eurekify

Another acquisition in the IAM and GRC has been announced that weekend. CA decided to buy Eurekify, a role management specialist with specific strengths in role mining, based in Israel. That adds to the recent acquisitions in that field, like Sun with Vaau or Oracle with Bridgestream. The CA/Eurekify deal is somewhat special because Eurekify has been more focused on pure role management than Vaau or Bridgestream. Thus, there won't be much overlap to CAs current portfolio. The acquisition proves that CA is willing to invest in the IAM and GRC markets. There has been some time after the...

Vendor Report

Vendor Report: Lieberman Software

Lieberman Software is an established software vendor with focus on Add-ons for Windows manage-ment. The core focus is solutions for mass management and PAM (Privileged Account Management). Lieberman Software provides valuable tools for specific problems. These targeted add-ons are very common in the Windows system management market.


More on "Geneva" and the Identity Metasystem

One and a half weeks ago I was speaking in our Webinar about the Identity Metasystem and Microsoft's implementation of it (codename "Geneva"). The news was still very fresh - I had just been to Microsoft's Professional Developer's Conference and scrambled to get the presentation together. We had almost 100 participants, and many questions were being asked. I slightly overshot the one hour reserved for my Webinar, but even after 70 minutes, the majority of the participants were still online. I then started answering some more questions, but there were still too many of them. If you missed...


Ensim: Crusade to Europe

Just a short note after meeting up with some ENSIM representatives (thanks for the opportunity!): after building some reasonable references in the european market and the recent acquisitions in the "MS infrastructure management market", there definitly will be some growth potential for ENSIM in EMEA. Whereever AD and ID management is needed and automation is key, one should check out if the quite modular and customizable set of solutions could make a fit. I'll look into the technology a bit deeper at the end of the year - so check back for more info and the capabilities of their products....


Creating Authentication Strategies

Joining a special "reality" session was the best choice I made while attending IIW. Not only was this a wonderful opportunity to compare our KuppingerCole approach to providing insight and second opinion on the exact topic, but getting a deeper understanding of how to analyse and structure the whole process from the point of the Identity Architect. Most important was to learn about the projection and "5 year plan", especially regarding assertions, federation and -naturally (for me) smartcards and certificates. Great to learn also, that usage of TPM (Trusted Platform Modules for Trusted...


Meet in real world, connect online - v2.0

One of the fancy things about conferences like IIW is that lots of entrepreneurs and start-up people mingle with each other, which is how came to "poke around" a little. POKEN is a cute little way to give the traditional exchange of the business cards and the following procedure of scanning/creating vcards a tad bit easier... Dave Brown of POKEN had a little session on how to facilitate the exchange of contact information without the hassle of activating bluetooth, entering data manually or other hurdles. One can get a small (and cute) token  called poken (USB and wireless, sor of NFC)...


Backup in the cloud

Within the last days I tested several solutions for backup and storage in the so called "cloud", e.g. by service providers in the Internet. I learned some interesting things: Backup in the cloud is amongst the most mature cloud services At least in some cases There are still some weaknesses, including performance, platform support, and costs And few vendors provide a strong ITIL and SLA support And, like with all other cloud services, backup in the cloud requires a clear "cloud strategy" If tested solutions of different vendors, as well local players in Germany and Switzerland as...


Who should be in charge of IAM?

This morning, I had two conversations on the question about who should be in charge of IAM in an organization. Afterwards, I run through my records and did some analysis. The main question: Which role do the IAM and GRC responsibles have in their organizations? I for sure only did a sample and asked myself the question how I'd rate what they were doing. First of all: There are many good IAM implementations driven by IT administration or IT infrastructure. But, interestingly, the most advanced implementations, with a scope beyond administrative IAM, are usually driven by others - Compliance...



Howdy? I am sitting in the lounge of IIW2008b, or the Internet Identity Workshop, Fall 2008, in the Computer History Museum, Mountain View, CA. Well, I am expecting the start of the event, as it will be kick off at 1 PM... I am really looking forward to this as I travelled all around California the last two weeks and the impression have been overwhelming so far. According to Dave Kearns, (thanks for a delicious dinner!) it will be quite a nice event! Stay tuned for some up-to-date info what's happening here! Sebastian


Dec 04, 2008: Enterprise Role Management

Managing access rights through business roles is a key element of identity management initiatives and it is fundamental to an enterprise-wide GRC strategy. True? Are there alternatives? Fact is, that many role management projects tend to either run out of budget or time, or completely fail. In this 90 minutes XL-webinar, we will first talk about the 5 most important rules for a successful role management project, and then present the results of a recent survey we did to find out where most companies are right now.


Ping Identity moves into the cloud

At this years "Dreamforce" - the yearly conference for customers, Ping Identity has announced a new product: PingConnect. This latest offering is an on-demand service for Internet single sign-on for SaaS (Software as a service) applications. In other words: a hosted, managed service that lets enterprises extend single sign-on to SaaS applications. Software as a service is enjoying rapid growth as enterprises are outsourcing more applications away from their internal data centres and "into the cloud". Especially for small and medium enterprises with IT overstretched...


Nov 13, 2008: How the Identity Metasystem will change Everything

Since a few years, several industry luminaries are trying to define a better way to handle Identity in the Enterprise and on the Internet. What came out of extensive discussions within the industry was the identity metasystem. Microsoft has just released "Geneva", the first version of its implementation of the identity metasystem.


Nov 13, 2008: Trendstudie Rollenmanagement

Die Beweggründe für die Einführung eines unternehmensweiten Rollenmanagements sind sehr unterschiedlich. Während es bei vielen Unternehmen häufig zunächst um die Reduktion von Komplexität geht, stehen in anderen Unternehmen Compliance-Aspekte im Mittelpunkt. Entsprechend unterschiedlich ist die Herangehensweise an das Thema Rollen und häufig auch das Resultat. Kuppinger Cole führt deshalb derzeit eine Umfrage unter Anwenderunternehmen durch, deren Ergebnisse in diesem Webinar präsentiert werden.


Microsoft´s new "Geneva" Claims-based Access Platform

Recording of a Webinar held by Kuppinger Cole Senior Analyst Felix Gaehtgens on Microsoft´s new Identity Platform "Geneva"


Nov 06, 2008: Integration - die Zukunft des Risikomanagements

Unterschiedliche Rogue Trading Vorfälle und die Finanzmarktkrise haben es nochmals deutlich gezeigt: Das traditionelle Risikomanagement scheint nicht dazu geeignet zu sein, Unternehmen vor selbstvernichtendem Handeln zu bewahren. Einerseits war es im operativen Geschäft wohl häufig so, dass man glaubte, die Grundsätze eines internen Risikomanagements zu Gunsten externer Ratings über den Haufen werfen zu können. Andererseits fehlte (und fehlt) ein ganzheitlicher Ansatz, der die Risiken nicht nur der wertschöpfenden, sondern auch der nicht-wertschöpfenden Prozesse aufdeckt und für...


Welcome to KuppingerCole

How can we help you

Send an inquiry

+49 211 237 077 33

Mo – Fr 8:00 – 17:00

Stay Connected


AI for the Future of Your Business Learn more

AI for the Future of Your Business

AI for the Future of your Business: Effective, Safe, Secure & Ethical Everything we admire, love, need to survive, and that brings us further in creating a better future with a human face is and will be a result of intelligence. Synthesizing and amplifying our human intelligence have therefore the potential of leading us into a new era of prosperity like we have not seen before, if we succeed keeping AI Safe, Secure and Ethical. Since the very beginning of industrialization, and even before, we have been striving at structuring our work in a way that it becomes accessible for [...]