News Archive

Press Release

Analystengruppe Kuppinger Cole bringt Ordnung in das Cloud-Chaos

Market Report Cloud Computing strukturiert den Cloud Computing-Markt

Die Analystengruppe Kuppinger Cole hat heute Ihren Market Report Cloud Computing veröffentlicht. In diesem Report wird erstmals eine stringente und valide Strukturierung dieses Marktes mit seiner Vielzahl an unterschiedlichen Angeboten - von der Rechnerleistung über einzelne Web Services bis hin zu vollständigen Anwendungsplattformen oder sozialen Netzwerken - geliefert.


Cutting Costs through Lean Role Management

Kuppinger Cole Webinar recording


1-day eema-Workshop: Role Life Cycle Management and IAM - 5 March 2009

This meeting is a one-day event aimed at Ascure, Belgium and is organized in cooperation with Kuppinger Cole and EEMA. This workshop will discuss the approach and importance for setting up Role Life Cycle Management in your IAM Program. Currently many enterprises are investing in having a dynamic RBAC-Role Model but do forget to organize them selves by setting in place a framework for their role model. Role Life Cycle Management has all to do with vision and strategy and is closely related to GRC issues.In this workshop our customers are centralized and we will focus on their issues,...


Feb 05, 2009: Key Risk Indicators (KRIs) als Frühwarnsystem zur Verringerung operationeller Risiken

Martin Kuppinger stellt in diesem Webinar den aktuellen Kuppinger Cole Report zu diesem Thema vor und beschreibt die Verwendung dieser KRIs für einen risikobasierten Management-Ansatz. Im Anschluß daran wird Thomas Reeb, Vorstand econet AG, über seinen Ansatz einer Key Performance Indicator (KPI)-Matrix an Hand eines Beispiels (Sicherheit in Dateisystemen) sprechen, mit deren Hilfe sich aus den KRIs Strategien sowie Reifegradmodelle ableiten lassen.


Engiweb – worth to look at

Even while most IAM and GRC software is provided by US-based companies, there are several vendors from other countries. Eurekify, from Israel, is now part of CA. But there are companies like BHOLD from the Netherlands, IPG from Switzerland, Völcker Informatik or Beta Systems from Germany, Omada from Denmark, Evidian from France, or Symlabs from Portugal, to name just a few. And there is Engiweb from Italy. Like many of the vendors mentioned, Engiweb started in its home country – but that shouldn’t restrict you from having a closer look at what Engiweb is doing.Engiweb has a core...


Lean Enterprise Role Management

Role Management projects sometimes are stated as too complex. Yes, there are projects which failed due to their complexity. On the other hand, a recent Kuppinger Cole report based on a survey proves that the average number of business roles is relatively small. On the other hand, the complexity of role models for specific system environments (even SAP) is manageable. Thus, defining and implementing role models with multiple layers can be done - and it can be lean. The keys, from my perspective, are the use of multiple clearly defined, separate layers of roles, defined responsibilities for...


Why IaaS is mandatory for the cloud...

I blogged several times about IaaS (Identity as a Service), last time only some two weeks ago. We will observe a strong increase in that field, the stronger the more people understand that IaaS is mandatory for the cloud. In our upcoming Market Report Cloud Computing 2009 (available starting tomorrow at we provide, first time ever, a stringent and valid structurization of the cloud market with all its different segments. IaaS is part of this market, but it is as well a prerequisite for most other aspects of cloud computing. The more services you use in...


The European IAM and GRC landscape

These days, we've been mentioned by Marcus Lasance, an independent IAM consultant who formerly managed MaxWare U.K., in his blog. Dave Kearns commented on this today in his Network World newsletter. Both, Marcus' blog and Daves newsletter were about IAM in Europe - and the fact that there are many more vendors and integrators out there than are visible at first glance. And yes, Kuppinger Cole as an analyst company covers them, but isn't limited to them - for sure we are in touch with the US vendors and companies from other countries (for example Brazil, Australia,...) as well. My personal...

Product Report

Product Report: Radiant Logic Virtual Directory Server

With release 5.0 of Virtual Directory Server, Radiant Logic has split up its product line into VDS proxy edition and VDS context edition to cater better to the specific demands for directory virtualisation. Many virtual directory requirements arise out of specific deployment problems that must be overcome, and are best addressed with targeted point solutions. Radiant Logic’s VDS proxy edition is well placed to address these issues and has been priced accordingly. Other more strategic virtual directory projects are centred on a desire to harmonise and integrate identity data that is...


Mar 05, 2009: Getting Attestation Right

In this webinar, Martin Kuppinger, Principal Analyst at Kuppinger Cole give an overview on an automated and risk-based approach to access certification, followed by a discussion with industry thought leaders on how to significantly improve the operational efficiency and accuracy of the attestation process, ensuring the goals of corporate accountability and compliance are met.


Service Oriented Security (SOS)

Kuppinger Cole Webinar recording

Vendor Report

Vendor Report: Arcot Systems

Arcot Systems targets the authentication segment of the IAM market with focus on software-based strong authentication with support for versatile authentication and risk-based authentication. The companies’ revenue model is backed by well established hosted services for the financial industry, mainly in providing cardholder authentication to credit card companies. The company provides several leading-edge solutions in the areas of risk-based authentication, web-based versatile authentication, and soft tokens. There is a significant potential to enter the enterprise IT market...

Product Report

Product Report: Sun Identity Manager

Sun Identity Manager is one of the most well-known products in the Enterprise Provisioning market segment. The product has been continuously improved over the course of the last years, with significant changes especially within the last two releases (7.0 and 8.0). It supports all core features we expect from products in that market segment, with strong provisioning capabilities and a broad set of connectors. The biggest shortcoming from our perspective is that changes in the user interfaces and to workflows might become relatively complex, requiring XML and Java knowledge and the use of...


Feb 26, 2009: Business Roles, Business Rules, Claims – What is it all about? (CANCELLED)

The webinar will discuss the questions and outline the future trends for business roles, business rules, and claims.


Feb 19, 2009: Risk Management Trends

The webinar will discuss risk management trends as well as the evolution of the market for risk management tools.


Feb 12, 2009: Reducing Compliance Costs through Risk-Based Segregation of Duties Management

In this Webinar, Kuppinger Cole´s Principal Analyst Martin Kuppinger will highlight the challenges of risk based segregation of duties management, and will discusses technology solutions for continuous monitoring that deliver affordable and effective compliance.


Authorization Strategy

Even while some expert’s in the industry understand authorization management still as sort of “rocket science”, the year 2008 has shown significant evolution in that field. New vendors like Rohati have entered the market, others like Bitkoo appeared a little earlier, and some of the big vendors like Oracle and CA are as well actively pushing their technologies. There are others like the Italian Engiweb which have even today a strong customer base in that field. And not to forget Microsoft, who’s “Geneva” framework addresses authorization aspects as well. Besides this, IRM...


Again: Identity Data Theft

Yesterday, news spread about the theft of millions of credit card dates at the US company Heartland Payment Systems, based in Princeton, New Jersey. Even while that might be one of the largest cases of data theft in the credit card industry, it wouldn't be that interesting that I'd blog about. The - from my perspective - really interesting point is, from what I've read in the news, the way the attack has been performed. The information sent is encrypted but has to be decrypted to work with it. The attackers grabbed the then unencrypted information. Surprise? Not really. The problem with...


Identity as a Service

Some days ago, I had a very interesting discussion with John de Santis and some of his colleagues from TriCipher, one of the vendors which provide IaaS (Identity as a Service) solutions, in that case particularly with their MyOneLogin service. That discussion is one in a row of others I had with several of the other vendors in the IaaS space like Multifactor Authentication, Arcot Systems, or Ping Identity, to mention just a few. On the other hand, my colleague Jörg Resch (currently very active in organizing the European Identity Conference 2009, where we will have, amongst many other...


Entitlement Management - Business and Technical Perspectives

Kuppinger Cole Webinar recording

Vendor Report

Vendor Report: ActivIdentity

ActivIdentity is a vendor for solutions around strong authentication, Enterprise Single Sign-On (E-SSO), device and credential management, and secure information transfer. The company has been founded in 1985 with headquarters in the US and in Suresnes, France. The company acts as a niche player in the mentioned market segments, with specific strengths in the fields of versatile authentication, E-SSO (especially in combination with strong authentication), and employee ID cards. Within the market segments ActivIdentity is acting, the company appears to be well established and providing a...

Advisory Note

Trend Report: Enterprise Role Management

Enterprise Role Management describes an enterprise-wide approach for defining role models and roles for every type of system which requires roles, going beyond IAM and GRC requirements. Within that concept, there are typically three levels of roles, which we define as Business Roles, IT-functional Roles, and System-level Roles. These concepts are accepted and implemented by an increasing number of organizations. The report provides, beyond some numbers on the role management market, guidelines for imple-menting Enterprise Role Management successfully. The information in this report is...


The effect of the recession on IT security

These days I received a pretty interesting survey compiled by Cyber-Ark, one of the vendors in the market for Privileged Account Management (PAM) or Privileged Identity Management (PIM), like Cyber-Ark calls that market segment. I seldom read such an interesting survey, providing insight in the dark side of many users. The survey which has been carried out amongst 600 workers, mainly from financial districts, in New York, London, and Amsterdam included some really tough questions. People were for example asked whether people would try their hardest to gain access to the redundancy lists if...

Vendor Report

Vendor Report: Quest Software

Quest Software has become, after a series of acquisitions, the leading vendor in the segment of Win-dows Management tools. Overall, Quest provides specialized tools to support IT operations in the areas of Windows Management, Application Management, Database Management, and Virtualization Management. Amongst these tools, several solutions support Identity and Access Management (IAM) aspects, which has recently been branded as the Quest One Identity Solution, even while this is only a part of the overall offerings of Quest Software. In contrast to other vendors, Quest never tried to...


CIO Agenda 2009

The year 2009 will be a threat for most CIOs. There will be pressure on IT budgets. On the other hand, many threats like Governance and Risk Management aren’t solved in most organizations today. The Business/IT alignment still is an open topic for most organizations. Cost cutting is important as well. And the security problems are still there.My five main points for the CIO agenda are:Business controlGRC IndependenceAccountabilityIT organizationNot many aspects, but the ones which are most important for a long term success of business and IT. You might add reliability/availability as...


Some new Kuppinger Cole surveys on IAM

We've compiled some questionnaires on different aspects of the IAM and GRC markets and put them online. We'd greatly appreciate your participation on these surveys. Most of the questionnaires are very lean, consisting of 10 to 12 questions - only the IAM market survey 2009 is quite a bit longer. Two surveys are about the RoI of IAM, or, more correct, different aspects of IAM. The Identity Administration RoI Survey analyzes the cost of administering Identity Management infrastructures. The IAM Tools RoI survey focuses on the cost of the core tools (mainly directories and provisioning) in...


From IT to Business

The topic of IT-Business Alignment isn't really new. It is discussed for years right now. And several software vendors, mainly in the area of "Business Service Management" claim to solve the threats in that area. But, honestly: I believe that we are, in most cases, far from a real IT-Business Alignment. I have blogged several times around this, topic (here, here, here, and here). But let's start with my definition of what IT-Business Alignment is: IT does what the business requires - not more, not less. That includes aspects like the ability to efficiently respond on new business requests,...


Authentication 2.0 - Beyond username and passwords

More and more organizations –driven by the vast amount of media coverage on data loss incidents –realize that the increased security requirements can not to be met by making password policies more complex. Users are already overwhelmed by the sheer number of password they have to memorize, and HelpDesks are flooded by the amount of password related calls. Besides establishing strategic authorization management projects (see Felix´ blog for more on that), organizations tend to rid themselves of ancient UID/password schemes turning towards modern, flexible and – above all –...


Welcome to KuppingerCole

How can we help you

Send an inquiry

+49 211 237 077 33

Mo – Fr 8:00 – 17:00

Stay Connected


AI for the Future of Your Business Learn more

AI for the Future of Your Business

AI for the Future of your Business: Effective, Safe, Secure & Ethical Everything we admire, love, need to survive, and that brings us further in creating a better future with a human face is and will be a result of intelligence. Synthesizing and amplifying our human intelligence have therefore the potential of leading us into a new era of prosperity like we have not seen before, if we succeed keeping AI Safe, Secure and Ethical. Since the very beginning of industrialization, and even before, we have been striving at structuring our work in a way that it becomes accessible for [...]