News Archive


eGovernment and eID in Europe

Ever since the infamous “Signaturgesetz” (law for the regulation of electronic signatures) had passed the Bundestag (parliament) in Germany, the industry moaned about the “signature inhibition effect” this law had and still has. Attending the not so obviously related event on the “Industrialization of Cybercrime” some weeks ago, organized by Bitkom and the Ministry of Economics in Berlin, I finally heard one of the well-known lawyers, Mr. Harder from Munich, admit, that the lawyers might have “over - engineered” the whole thing! Well, the next sentence was Mr. Harders' attempt to put that...

Product Report

Product Report: SailPoint IdentityIQ

SailPoint IdentityIQ is one of the leading products in the emerging market segment of Identity/Access-oriented GRC platforms, providing strong capabilities in the areas of attestation, auditing and analysis, and role management – the latter with significant improvements in the current release. The product supports a risk scoring approach that focuses on identity risk; but it isn’t a fully-featured enterprise risk management solution. It can be used to control the management of authorizations using direct connections to target systems or existing provisioning solutions. And,...

Vendor Report

Vendor Report: Oracle

Oracle hat sich in den vergangenen Jahren insbesondere durch Zukäufe zu einem der führenden Anbieter im Bereich IAM (Identity und Access Management) und GRC (Governance, Risk Management, Compliance) entwickelt. Das Unternehmen kann in diesen Segmenten des IT-Markts inzwischen Lösungen für den überwiegenden Teil der Anforderungen bereitstellen und verfügt insgesamt gesehen über eines der breitesten Portfolios aller Anbieter, auch wenn es weiterhin einzelne Lücken gibt. Das bringt allerdings auch die Herausforderung der Integration mit sich. Viele der...


Novell enters PAM market - the first deal in the next wave of acquisitions in IAM?

Novell has announced that they have acquired the technology for privileged account management (PAM) from Fortefi Ltd. PAM addresses the need to better manage privileged accounts. It is a broad field, starting with root account management in the Unix and Linux environments and reaching out to technical user accounts, system users and local as well as domain administrators in Windows environments or database and other system administrators. There are many privileged accounts out there. And these accounts frequently aren't well managed, despite the fact that they either have full access or at...


Facebook, Xing, and the question of copyrights...

Some time ago I blogged about the "rise and fall of social networks". My main point was that today's social networks lock-in the information of their customers - but if I participate in Xing, LinkedIn, Facebook or other platforms, I enter my data there. With some networks, it's virtually impossible to export my own network. And if I want to use more than one of these networks, there is no way to just move my existing network to the new platform. The interfaces (in most cases) as well as the standards (in any case) are missing. Yesterday, the discussion gained further momentum because...


Reducing Compliance Costs through Risk-Based Segregation of Duties Management

Kuppinger Cole Webinar Recording


Key Risk Indicators (KRIs) als Frühwarnsystem zur Verringerung operationeller Risiken

Kuppinger Cole Webinar recording

Press Release

New Kuppinger Cole Report: "Key Risk Indicators for Identity Management and GRC"

25 useful indicators to lower IT risks

The analyst group Kuppinger Cole has presented a new report dealing with Key Risk Indicators (KRI), that is data measuring the risk in businesses. KRIs help businesses recognise and address risks. Risk management is becoming more and more important at all company levels, especially in hard times.

Press Release

Neuer Kuppinger Cole-Report: "Key Risk Indicators für Identity Management und GRC"

25 einfach nutzbare Indikatoren, um IT-Risiken zu verringern

Die Analystengruppe Kuppinger Cole hat einen neuen Report vorgestellt, der sich mit Key Risk Indicators (KRI), also Messwerten für Risiken in Unternehmen, beschäftigt. KRIs unterstützen Unternehmen dabei, Risiken zu erkennen und zu adressieren. Gerade in schwierigen Zeiten kommt dem Risikomanagement auf allen Ebenen des Unternehmens wachsende Bedeutung zu.


How to reduce the costs of compliance?

I think that is an interesting question. Compliance is a key topic for every organization, with many facets. Currently we have an intense debate about the Deutsche Bahn (railway) and other organizations which have for example compared the bank accounts of their employees with the ones of suppliers. The target is to avoid corruption. From a Corporate Governance perspective and from a compliance perspective (mitigating risks of compliance and so on) that is a valid approach. From the data protection law perspective, it isn't that easy. There are obvious conflicts between different...


Is there a bright future for directory services?

Last week I've been talking with Andrew Ferguson and Steven Legg of eB2Bcom. Probably you've never heard of them, at least as long as you are neither from the APAC region nor working in the government and defense business where they have most of their customers outside the APAC region. eB2Bcom is, first of all, a system integrator and distributor of IAM and GRC products. But eB2Bcom is as well the company which develops the View500 directory service. You haven't heard of this product? At least it is worth to have a look at. Basically, it is a directory service which goes beyond typical...

Advisory Note

Business Report: Key Risk/Performance Indicators IAM and GRC

The concept of Key Performance Indicators is well established at the corporate level, using scorecards as a tool for a quick overview on the progress of organizations. Key Risk Indicators add risk metrics to that view, relating the progress of indicators to changes in risks. The report provides 25 selected Key Risk Indicators (KRI) for the area of IAM and GRC. These indicators are easy to measure and provide a quick overview of the risk status and its changes for organizations. The indicators can be combined in a risk scorecard which then can be continuously used in IT management and...


Mar 02, 2009: Der Weg zu schlanken, fokussierten IAM- und GRC-Projekten (Storniert)

Martin Kuppinger gibt in diesem Webinar Hinweise aus der Beratungspraxis und der Analyse von Kuppinger Cole für die optimierte Gestaltung von IAM-Projekten.

Vendor Report

Vendor Report: Evidian

Evidian is a company mainly owned by Bull Group, a leading French IT company. The company pro-vides solutions for IAM with some GRC support and for IT Service Management, with IAM being the more important element in the overall portfolio. Despite the breadth of their portfolio, Evidian isn’t usually recognized amongst the leading IAM ven-dors – which they should be. Evidian is at least amongst the best established and leading European IAM vendors. With their strengths in access management, E-SSO, and a consistent, integrated plat-form, Evidian provides an interesting approach...

Vendor Report

Vendor Report: BHOLD

BHOLD ist ein spezialisierter Anbieter, der sich auf das Enterprise Authorization Management, also die Verwaltung von Autorisierungen für den Zugriff auf IT-Systeme aus Business-Sicht, spezialisiert hat. Diese Funktion stellt eine der Kernfunktionen von generischen GRC-Anwendungen (Governance, Risk Management, Compliance) mit Fokus auf Identity und Access Management (IAM-GRC) dar. Über das Autorisierungsmanagement hinaus werden von BHOLD auch weitere zentrale GRC-Funktionen wie die Attestierung unterstützt. BHOLD hat seinen Schwerpunkt im Gegensatz zu den meisten...


Why to invest in IAM and GRC - especially in these days

There is no doubt: We are in economic turmoils. And no one really knows when things will become better again. It is definitely interesting to observe what is happening from a risk management perspective (Why didn't governments have pre-defined actions prepared? Why didn't financial institutions understand the risks or, if they understood them, why were they willing to take them? What happened with all the positive cash-flow of many organizations which are now in trouble - too much dividends?). But that isn't my topic here. The topic is why organizations should invest in IAM and GRC -...


Feb 13, 2009: Zehn Gründe, warum Sie gerade jetzt in IAM und GRC investieren sollten

Martin Kuppinger nennt und erläutert zehn Gründe dafür, warum man gerade jetzt in IAM und GRC investieren sollte, um die IT besser und Unternehmen leistungs- und wettbewerbsfähiger zu machen und Risiken zu reduzieren.

Vendor Report

Vendor Report: Entrust 2009

Entrust zählt zu den bekannten und etablierten Anbietern im Identity Management-Markt. Historisch hat sich das Unternehmen primär als Hersteller und Service-Anbieter im Bereich der Zertifikatsdienste und PKIs (Public Key Infrastructures) positioniert. Im Rahmen der Restrukturierung und Repositionierung hat Entrust allerdings inzwischen ein deutlich breiteres Produktportfolio realisiert, das auf die Stärken in den etablierten Themenfeldern aufbaut.  Trotz erheblicher Herausforderungen durch diesen Prozess der Restrukturierung, die sich zuletzt auch in deutlichen...


Going beyond attestation: Authorization Management is key

There is no doubt that the attestation capabilities which can be found in many of today's IAM-GRC platforms (e.g. GRC platforms with focus on Identity and especially Access Management aspects) are important and helpful. Attestation provides a capability to go through existing entitlements and, in some cases, changes and confirm or revoke them. But: Attestation is mainly sort of a detective approach. There are two other aspects which have to be addressed as well: Preemptive controls which avoid that there is any access right granted which later on has to be revoked Controls in the sense...


Mar 19, 2009: Wer war Root?

Der Umgang mit privilegierten Benutzerkonten, wie beispielsweise "ROOT", birgt hohe Risiken. In diesem Webinar führen wir Sie in die Grundlagen des Privileged Account Management (PAM) ein und geben Ihnen wertvolle Praxistipps, wie Sie Ihr Netzwerk wirksam gegen interne und externe Bedrohung schützen können.


Mar 11, 2009: Fraud Prevention and Multi-factor Authentication

In this webinar, Kuppinger Cole´s founder and principal analyst will give you an overview on the market for risk- and context-based, multi-factor authentication and authorization solutions for fraud detection, followed by Stefan Dodel, middleware solutions specialist at Oracle, who will talk about his experiences from numerous projects.


Welcome to KuppingerCole

How can we help you

Send an inquiry

+49 211 237 077 33

Mo – Fr 8:00 – 17:00

Stay Connected


AI for the Future of your Business Learn more

AI for the Future of your Business

AI for the Future of your Business: Effective, Safe, Secure & Ethical Everything we admire, love, need to survive, and that brings us further in creating a better future with a human face is and will be a result of intelligence. Synthesizing and amplifying our human intelligence have therefore the potential of leading us into a new era of prosperity like we have not seen before, if we succeed keeping AI Safe, Secure and Ethical. Since the very beginning of industrialization, and even before, we have been striving at structuring our work in a way that it becomes accessible for [...]