News Archive


Beyond Role Based Access Control - the ABAC approach

Kuppinger Cole Webinar recording

Advisory Note

Technology Report: XACML – Extensible Access Control Markup Language

This report explains XACML, an evolving standard in the field of access control. Access control in IT is of vital importance. Companies use access control technology to protect sensitive systems and information, and to keep assets safe. At the same time, compliance with external regulations and internal policies is very important and access control technology is key. We can think about access control doing two things: 1. Identifying the users (who are you) 2. Allowing known users to do things (what are you allowed to do) The first part is authentication and solutions are very mature...


Google makes changes to Android Market, but many are still unhappy

Under immense pressure from users and developers, Google has recently announced some changes to Android Market. But this may turn not be enough. Even though sales for mobile phones with Google's Android operating system are ramping up, developers find it hard to make money on that platform. A recent bombshell was a blog post from Larva Labs towards the end of August. Larva Labs' average income for all Android paid applications was only $62.39 per day - and that included games that are ranked #5 and #12 in the Android Market. This is a tiny figure when compared to Apple's App Store, where a...


Beyond RBAC

Please join me tomorrow for a free Webinar on the topic "Beyond Role Based Access Control - the ABAC Approach". Many - if not most - organisations are not getting as much value as they thought from RBAC (role based access control). In fact, many RBAC projects start with high expectations, but quickly get bogged down due to many issues and problems. Eventually it turns out that the initial expectations were too ambitious. But why? Is RBAC making promises that are difficult to keep? Many in the industry (Babak and myself included) think that this is due to the fact that the real world just...

Press Release

Kuppinger Cole-Analyst zum Professor für Security- und Risikomanagement ernannt

Düsseldorf, 24.09.2009 - Sachar Paulus, Senior Analyst bei Kuppinger Cole für die Themen SAP-Sicherheit und GRC, wird ab Oktober eine Professur für Wirtschaftsinformatik, insbesondere Unternehmenssicherheit und Risikomanagement, an der Fachhochschule Brandenburg übernehmen. Er unterrichtet dort im Master- Studiengang "Security Management" und leitet das Kompetenzzentrum für Qualifizierung im Bereich Sicherheit.


VeriSign VIP - back again?

It has been pretty quíet around the VIP (VeriSign Identity Protection) solution. I have played around with that solution some two years ago, when support for eBay and PayPal had been added. But after that I didn't see much of VIP (and didn't hear much of VeriSign, honestly). Until these days, when TriCipher and VeriSign announced a strong authentication solution for Google Apps. They call it "triple-sec" given that three different factors are used - the two provided by TriCipher and an out-of-band authentication based on VeriSign VIP Access for Mobile. VeriSign VIP Accessfor Mobile is in...

Advisory Note

Business Report: Identity & Security in the Cloud

Cloud Computing ist seit etwa zwei Jahren das Modewort schlechthin in der IT-Branche. Historisch geht Cloud Computing auf verschiedene Ansätze zur externen Bereitstellung von Anwendungen oder Speicherplatz, um die Unternehmens-IT zu entlasten oder sogar ganz zu ersetzen. ASP („Application Service Providing“) wurde bereits in den 90ern mit dem Aufkommen des Internet intensiv diskutiert, entsprechende Angebote scheiterten aber in der Regel an unzureichenden Bandbreiten, mangelnde Zuverlässigkeit sowie Sicherheitsbedenken der Anwender. Nur wenige Dienste wie...


Identity Services and the Cloud

Kuppinger Cole Webinar recording


Sicherheitsrichtlinien zuverlässig durchsetzen

Kuppinger Cole Webinar recording


Minimizing Business Risks through Enterprise SSO


Cloud Business Models - a threat for vendors

During the last months I had a number of conversations with vendors about the licensing and business models for their cloud offerings. And frequently the conclusion was that the models aren't really adequate for the cloud. Some might work today and for some period of time, but they are not likely to be successful on the longer term. One ob the obvious shortcomings are accounting periods which are too long and thus don't provide the required flexibility which is a key advantage of cloud services. Contracts which run at least 12 months or accounting periods which look at the peak use within...


Welcome to KuppingerCole

How can we help you

Send an inquiry

+49 211 237 077 33

Mo – Fr 8:00 – 17:00

Stay Connected


AI for the Future of your Business Learn more

AI for the Future of your Business

AI for the Future of your Business: Effective, Safe, Secure & Ethical Everything we admire, love, need to survive, and that brings us further in creating a better future with a human face is and will be a result of intelligence. Synthesizing and amplifying our human intelligence have therefore the potential of leading us into a new era of prosperity like we have not seen before, if we succeed keeping AI Safe, Secure and Ethical. Since the very beginning of industrialization, and even before, we have been striving at structuring our work in a way that it becomes accessible for [...]