News Archive

Press Release

Article on „ Identity Management for the cloud – taking the next step” from Martin Kuppinger available

Duesseldorf March, 31st, 2010 - Martin Kuppinger, co-founder and Principal Analyst at Kuppinger Cole, has written an article on the topic of „Identity Management for the Cloud“ in which he explores the reasons why companies and organizations must ask themselves if their Identity and Access Management (IAM) systems are capable of handling not just external users, but external ones as well: suppliers, partners and above all customers. Such comprehensive systems will increasingly become necessary as parts of corporate IT, especially services and data, become cloud-born. Here,...

Press Release

Neuer Technology Access Governance Architectures Report der Analystengruppe Kuppinger Cole verfügbar

Die Analystengruppe Kuppinger Cole stellt ihren neuen Technology Report Access Governance Architecture vor Düsseldorf, 31.03.2010 - Der neue Kuppinger Cole-Report stellt unterschiedliche Ansätze für Access Governance-Architekturen vor. Access Governance hat sich in den vergangenen beiden Jahren zu einem der wichtigsten Themen im Bereich IT-Sicherheit, Identity und Access Management (IAM) sowie Governance, Risk Management, Compliance (GRC) entwickelt. Bei Access Governance geht es darum, Zugriffsrechte auf Systeme und Informationen so zu steuern, dass die Richtlinien...

Vendor Report

Vendor Report: Cyber-Ark

Cyber-Ark has established itself as one of the leading vendors of Privileged Access Management (PAM) solutions and offers one of the most functionally comprehensive products in the market. In addition, Cyber-Ark is active in the field of secure file transfer for secure document handling. The company was founded in 1999 and is investor financed. Its flagship product is the Cyber-Ark Privileged Identity Management (PIM) Suite. The terms PIM, PAM and PUM (Privileged User Management) are often used synonymously, but KuppingerCole prefers the PAM designation. Whatever name is used, this is...

Webcast

Managing Cloud Security and Cloud Risk

Kuppinger Cole Webinar recording

Webcast

Identity, Security, Governance for the Cloud - Who is Who? A Market Overview

Kuppinger Cole Webinar recording

Webcast

Cloud Management - Sufficient to Mitigate Security Risks?

Kuppinger Cole Webinar recording

Webcast

The Internal Cloud - What Are the Risks Involved And How to Avoid Them?

Kuppinger Cole Webinar recording

Webcast

Cloud Computing Standards - Which Ones Are Already There And Which Ones Are Missing?

Kuppinger Cole Webinar recording

Webcast

Cloud Computing - is it Really a Risk?

Kuppinger Cole Webinar recording

Webcast

Beyond Simple Attestation - How to Really Keep Your Access Under Control

Kuppinger Cole Webinar recording

Blog

Is an insecure smart planet really smart?

There are a lot of talks about making our planet smarter. Despite being far too much fiction, the film "Die Hard 4.0" has been around some of the potential risks around this. I recently had a very interesting discussion with a forensic/incident expert from the US. We've discussed several issues and ended around the idea of this "smarter planet" and the "smart grid" as one of its most prominent elements. Per se, the idea of having a networked infrastructure in many areas, with a high degree of flexibility and increased service availability is as appealing as inevitable - things will go that...

Advisory Note

Technology Report: Access Governance Architectures

Access Governance is about the governance and management of access controls in IT systems and thus about mitigating access-related risks. These risks include the theft of information, fraud through changing information, and the abuse of IT systems for example in banking for illegal actions, to name just a few. The large number of prominent incidents within the last few years proves the need to address these issues – in any industry. There is an increasing number of tools for Access Governance. However, the implementation has to be well-thought, given that there are many different...

Webcast

Making Security Stronger Yey Easier to Use

Kuppinger Cole Webinar recording

Press Release

Artikel zum Thema „Identity Management auch für die Cloud – der nächste Schritt“ von Martin Kuppinger verfügbar

Düsseldorf, 18.03.2010 - Martin Kuppinger, Gründer und Principal Analyst bei Kuppinger Cole, hat einen Artikel zum Thema „Identity Management für die Cloud“ geschrieben. In diesem Artikel beschäftigt sich Martin Kuppinger mit der Notwendigkeit, das derzeitig bestehende Identity und Access Management (IAM) nicht nur auf die internen Benutzer zu beschränken, sondern auch Kunden und Lieferanten in die IT-Prozesse einzubeziehen. Herr Kuppinger betont, dass ein funktionsfähiges IAM, das sowohl interne wie auch externe Benutzer und Systeme integriert, die...

Blog

Myths about Cloud Security

There are so many myths out there about Cloud Security - time to start putting them away... The cloud is inherently insecure. No, not really. There are providers which deliver a high level of security. The cloud can be more secure than internal IT, given that services are frequently operated very professional. The cloud is more secure than the internal IT. No, as well not. The cloud is neither secure or insecure. It is about the single service which might be more or less secure. And it always depends on with what you compare, e.g. how strong security in the existing internal environment...

Blog

Measuring the real costs of identity theft

One of the best-held secrets in the German credit card industry was inadvertently revealed last night at an informal press dinner hosted by Bayern Card Services, an acquirer jointly operated by Bayerische Landesbank and the Bavarian community-owned savings and loan banks (“Sparkassen”). Asked just how much money banks were losing from credit card fraud, Monika Kummer, head of risk management for BCS, blurted out a figure of between 0.2 and 0.3 percent of total card turnover. When pushed for further details, she clamed up, but the genie was already out of the bottle. After that, the math...

Workshop

May 04, 2010: EEMA Public Workshop: Cloud Computing Services

This Cloud Computing introduction and tutorial is invaluable for delegates who wish to learn and increase their knowledgebase. It is aimed at all stakeholders who have an influence on policy and the impact on commercial and business applications and services.

Vendor Report

Vendor Report: Cyber-Ark

Cyber-Ark hat sich als einer der führenden Anbieter im Bereich von Privileged Access Management (PAM) etabliert und dürfte derzeit die größte funktionale Breite im Markt aufweisen. Darüber hinaus bietet das Unternehmen Lösungen für den sicheren Transfer von Dateien und den Umgang mit sensiblen Dokumenten an. Das Unternehmen wurde 1999 gegründet und ist durch Investoren finanziert worden. Das Kernprodukt ist die Cyber-Ark Privileged Identity Management (PIM) Suite. PIM ist eine andere Bezeichnung für das von KuppingerCole als PAM bezeichnete...

Press Release

Neuer Market Overview Strong Authentication Report der Analystengruppe Kuppinger Cole verfügbar

Die Analystengruppe Kuppinger Cole stellt ihren neuen Report Market Overview Strong Authentication vor Düsseldorf, 11.03.2010 - Der neue Kuppinger Cole-Report liefert einen umfassenden Überblick über am Markt verfügbare Lösung für die hardware-/token-basierende starke Authentifizierung und eine Einordnung dieser Lösungen in eine Gesamtstruktur für eine starke, flexible (versatile) Authentifizierung sowie in Authentifizierungsstrategien, die eine optimierte Nutzung von technischen Ansätzen für die starke Authentifizierung erst...

Product Report

Product Report: Axiomatics Policy Server and Policy Auditor

This product report covers the Axiomatics Policy Server and the accompanying Policy Auditor. These products fall into the category of Entitlement Management solutions. They use the XML-based XACML standard – Extensible Access Control Markup Language – to define authorisation policies and make access control decisions. Agents are available for the Java and .NET platform that work together with the Policy Server in order to enforce the policies. Axiomatics has distinguished itself from other vendors in this space by focusing on a solution that consistently implements and...

Blog

Versatile authentication - break-through for mass adoption of strong authentication?

Versatile authentication is one of the hot topics in IT - more and more vendors start to support it in some way or another. Versatile, a not that common term, means the ability to flexibly switch between different authentication methods. In practice, versatile authentication solutions shall support at least the following features: Flexible use of different authentication methods. Simple plug-in of additional authentication methods, e.g. extensibility. Flexible interfaces for applications OR integration with existing technologies which interface with other apps. Support for step-up...

Webinar

Apr 15, 2010: Access Governance: Implement Processes, Reduce Business Risks

As the demand for user access increases, IT security organizations run the risk of not being able to meet the needs of the business for timely and compliant delivery of access. In this webinar, you will learn, how operational efficiencies in access administration can be achieved while enabling sustainable compliance with regulatory requirements.

Webinar

Mar 26, 2010: Managing Cloud Security and Cloud Risk

Martin Kuppinger will discuss in this presentation risk-based approaches to manage cloud security. The issue, from his perspective, isn’t that the cloud is inherently insecure. The real issue is to deal in appropriate way with the specifics of the cloud – which includes not only security but as well related issues like availability. In this presentation, Martin Kuppinger will talk about aspects like authentication and authorization in cloud environments, cross-cloud governance approaches and the specific issues around changing providers. He will also highlight his view that risk and...

Webinar

Mar 26, 2010: Identity, Security, Governance for the Cloud – Who is Who? A Market Overview

There is an increasing number of offerings around Identity Management, Cloud Security, and Cloud Governance in the market. Some of these are well-known and established, others are new. Martin Kuppinger will provide an overview of the different elements of cloud security (for private, hybrid, and public clouds) and a structuring of that emerging market(s). This presentation provides insight into what is there and what is missing from a KuppingerCole perspective.

Webinar

Mar 26, 2010: Cloud Management – Sufficient to Mitigate Security Risks?

There is an increasing number of tools to manage cloud environments. Some are, in fact, more tools to manage virtualized environments, whilst others focus more on service management issues. More and more of these tools promise to support hybrid environments as well. However the question arises whether security is covered sufficiently by these tools. The panel will discuss the state of cloud management with respect to the security requirements.

Webinar

Mar 25, 2010: The Internal Cloud – What are the Risks Involved and how to Avoid them?

Many companies are telling that they tend to start with a “private” cloud instead of going to the “public” cloud. Besides the question whether hybrid IT environments aren’t reality today, this panel will discuss the specific security risks of internal clouds, especially around the changes from physical to virtual environments, but as well with respect to more loosely coupled IT environments and their new threats – which are in fact not that new, given that we have some experience on loosely coupled environments from SOA.

Webinar

Mar 25, 2010: Cloud Computing Standards - Which ones are Already there and which ones are Missing?

There are many standards out there for the cloud. SAML (Security Assertion Markup Language) for federation, SPML (Service Provisioning Markup Language), and many others. But there are as well many standards missing, either directly related to security or in some relation to security – like service management standards, given that SLAs (Service Level Agreements) and service descriptions are a key for measuring service fulfillment and thus managing risk and security issues. Obvious shortcomings are in the field of governance and auditing. In this panel, several experts will discuss the state...

Webinar

Mar 25, 2010: Cloud Computing – is it Really a Risk?

Cloud Computing frequently is discussed mainly as a security risk. However, there is as well the view that the cloud is or might be more secure than on-premise IT solutions. Martin Kuppinger will look at risks of cloud computing, the status and outline the points which you should look at when considering a move to the cloud or moving additional services to the cloud. In contrast to most other information on that topic available today, the presentation will also look at solutions for these issues – some will be discussed in detail her, some in the closing keynote.

Blog

The business of business is trust

Who's pulling the cart on data protection? At least in Germany, that has traditionally been government's role, and that has made the German regulatory environment one of the fiercest in the world for foreign enterprises and organizations. U.S. companies in particular are often reluctant to engage in the German market for fear of running afoul of the strict laws, but the same actually goes for the EU as a whole. Witness Amazon Web Services decision to build two separate clouds, one (based in Dublin) for Europe and another for the rest of the world. So it may come as a surprise to hear a...

Advisory Note

Market Overview Strong Authentication

For companies and their employees as well as for online-services and their customers respectively, authentication with username and password are no longer considered bearable. The multitude of user accounts and the increasing complexity that passwords are expected to have, simply brought this mode of authentication to a point where users and administrators are no longer able to cope with it. Be it the increased level of security, a.k.a. authenticity, required by the service provider, or compliance requirements: other means of authentication are necessary to keep up with future system...

Blog

Can authentication be both strong and flexible?

Whether you want to place a bid at eBay, check your bank balance online or your credit rating at Schufa or Experian, or access your corporate SAP account: Instead of asking you to please enter your user name and password, chances are the system nowadays will demand some other method of authentication like a token or a smartcard, or it may offer to scan your finger or iris. The procedures may differ, but the reasons behind them are the same: Companies want to protect themselves from rampant online fraud. And it's not just banks that are starting to deploy so-called "two-tier" or...

Press Release

Article on "Cloud Computing – a Security Risk?" from Martin Kuppinger available

Duesseldorf March, 04th, 2010 - Martin Kuppinger is Co-Founder and Principal Analyst of Kuppinger Cole. He has written an article entitled “Cloud Computing – a Security Risk?” in which he explores the various and often conflicting definitions of the “Cloud” before turning to the complicated, but vitally important question of cloud security. According to Mr. Kuppinger, cloud computing is at best a “calculated risk”, at least as long as certain strategic preconditions are met, which he describes in detail.

Blog

Back to the basics - you still need "core IAM"

In these days the industry talks a lot about IT GRC, Risk Management, Access Governance, Identity for the Cloud, and so on. However, we should keep in mind that the vast majority of organizations still have to do a lot of homework around basic Identity and Access Management.  And, even more: That's the foundation for many of the other things like Access Governance, because it's not only about auditing but as well about managing (and, honestly, it's much more about managing and enforcing preventive controls than of auditing in a reactive way, isn't it?). Thus, you shouldn't ignore Identity...

Blog

Why IPv6 might benefit from European and German privacy regulations

Yesterday, the German Federal Constitutional Court declared the German law on "Vorratsdatenspeicherung" for illegal. That wasn't a real surprise, given that this is overall well aligned to other decisions of the Federal Constitutional Court. Two interesting annotations: There where some 35.000 suitors against this law. And the German Minister of Justice, Sabine Leutheusser-Schnarrenberger, was amongst them. She started the law suit when being in opposition - right now she had the interesting situation that there was a lawsuit by her against Germany, represented by her - so she would have...

Webinar

Mar 24, 2010: Beyond Simple Attestation – How to Really Keep Your Access Under Control

Attestation should not be a point solution, but an element within a larger information security architecture. In this Webinar, we will talk about where access certification is today and what is changing – and what has to change. We will describe maturity levels with respect to access certification and will focus on the relationship to risk management and to overall IT governance.

Press Release

Artikel zum Thema „Funktioniert es nicht zwischen Business und IT? Nicht immer ist die IT schuld!“ von Martin Kuppinger verfügbar

Düsseldorf, 01.03.2010 - Martin Kuppinger, Gründer und Principal Analyst bei Kuppinger Cole, hat einen Artikel zum Thema „Business-IT-Alignment: Was das Business lernen muss“ geschrieben. In diesem Artikel beschäftigt sich Martin Kuppinger nicht nur mit den Entwicklungen und Erwartungen an die IT, um das Business adäquat zu unterstützen, sondern geht auch darauf ein, was sich auf Seiten der operativen Bereiche im Unternehmen für ein besseres Zusammenspiel von IT und Business zu ändern hat. Herr Kuppinger betont in seinen Ausführungen, dass...

Blog

Microsoft releases its privacy-enabling U-Prove technology

Microsoft has just announced the availability of U-Prove - an innovative privacy-enabling technology that it acquired almost exactly two years ago. This is a significant announcement, because of two reasons: first of all, the technology is in our opinion a gigantic enabler for many applications that have been held back because of privacy concerns, and second because Microsoft is releasing the technology to the world under its "Open Specifications Promise", allowing anybody to use and incorporate the technology royalty-free. With the U-Prove technology, users can release authenticated...

Webinar

Mar 18, 2010: Making Security Stronger Yet Easier to Use

While companies are moving toward growth in 2010, IT budgets are still under intense scrutiny. IT departments are being asked to keep their networks and applications secure while still allowing end users to not be weighed down by policies and time consuming procedures with often a reduction in funds. In this webinar we will discuss about frequently unseen and very significant saving potentials through connecting enterprise-SSO and strong authentication with your existing infrastructure.

Quicklinks

Welcome to KuppingerCole

How can we help you

Send an inquiry

+49 211 237 077 33

Mo – Fr 8:00 – 17:00

Stay Connected

Spotlight

AI for the Future of your Business Learn more

AI for the Future of your Business

AI for the Future of your Business: Effective, Safe, Secure & Ethical Everything we admire, love, need to survive, and that brings us further in creating a better future with a human face is and will be a result of intelligence. Synthesizing and amplifying our human intelligence have therefore the potential of leading us into a new era of prosperity like we have not seen before, if we succeed keeping AI Safe, Secure and Ethical. Since the very beginning of industrialization, and even before, we have been striving at structuring our work in a way that it becomes accessible for [...]