News Archive

Product Report

Product Report: iT-CUBE agileSI - 70349

agileSI is a product which collects SAP security information and provides this information to Security Information and Event Management (SIEM) tools. The initial release supports ArcSight ESM, the market leader in the SIEM market. Beyond extracting the SAP security information, agileSI transforms that information for use in SIEM tools and adds standard configurations to ArcSight ESM which allow you to directly perform analytics. These analytics can be customized, depending on the customer requirements. agileSI is the second product brought to market by iT-CUBE, a German software vendor,...

Blog

More on the Open API Revolution

As I said in an earlier post, the folks as Programmableweb.com announced the that the number of open APIs they track reached an unbelievable number—4000—in record time. The published this graph showing the hockey stick growth rate: Figure 1—Total Number of APIs source: Programmableweb So lets take quick look at the dynamics of this growth rate. Phil Windley helped me out and here is what we came up with. The data could be interpreted as a power law. Phil  used this: Figure 2—Extrapolating the Numbers source: Craig Burton and Phil Windley But I am going to go out on a limb and...

Blog

Mobile phones and security - still two worlds colliding?

Some days ago I received a new HTC Pro Windows Phone, now running with Windows 7.5, the "Mango" release. Overall, I really like that phone. It is smart, it is very easy to configure. I never had a phone which was up and running with access to all mail accounts, calendar, and tasks so quickly. It works pretty seamless with Office 365. OK, having Skype on the phone would be great, in particular given that Microsoft owns Skype. So far, so good. But then you start this phone and are asked for the PIN. But if you just cancel the PIN entry, you have full access to everything which is on that...

Blog

Relevance of recertification

In a recent briefing with CrossIdeas, the MBO of the former Engiweb, an Italian software manufacturer in the area of Access Governance and Dynamic Authorization Management, they demonstrated an interesting feature: Doing recertifications based on relevance. Recertification of access rights is a key element of regulatory compliance. This is done frequently on a pretty standardized schedule. Doing this once or twice a year is the typical approach. For some specific systems or groups of users, we frequently see that the intervals are shorter, e.g. some risk-oriented approach is not uncommon....

Blog

The API Computing Magic Troika and the API Economy

Intro Provocative quotes: Baking your core competency into an open API is a economic imperative. source: Craig Burton If you are not engaged in generating or enabling open API’s for your business—you are not in the game. source: Craig Burton Social—, Mobile—, and Cloud-computing are hot. The API computing magic troika is white hot. source: Craig Burton Ubiquitineurs don’t litigate or file for patents. Litigation and patents are the tools of the purveyors of scarcity. Source: Craig Burton I talk to my buddy and visionary Doc Searls almost everyday. He is busy writing his new book about the...

Webcast

IdM in der Praxis: Urlaubs- und Krankheitsvertretungen einfach und sicher gemacht

KuppingerCole Webinar recording

Vendor Report

Vendor Report: TITUS - 70301

TITUS (www.titus.com) is a privately held company specializing in information classification and data security, including Data Loss Prevention (DLP). The product portfolio consists of several products sup-porting the information classification and some aspects of DLP requirements in different types of environments, from email to SharePoint and Cloud security. TITUS has been covered in KuppingerCole’s 2010 report “Hidden Gems”, covering vendors with a strong potential in the market. The company successfully managed to build on the strong potential we had identified and...

Blog

Information (hardware-) Security

We have been discussing IRM, DRM, DLP and other acronyms back and forth for a quite a while now and I am sure there are a good bunch of solutions out there for those organizations, that have policies and procedures in place to sufficiently plan, build and run thus a tool. Thus, I was pretty much „meh“ about any discussions revolving around the pros and cons of approaches… Well, our close friends sometimes surprise us with problems, we never seem to have „seen“ before. One of those friends runs a small System Integrator / VAR company and approached me with a problem, that is common among...

Blog

Hunting for the latest Android Release?

Recently I came across a news alert that Google have released Android 4.0 on some new mobile phone. 4.0 already? That is extreme, Android hasn't been around that long. It is good on one side, that there seems to be a strong community of developers eliminating bugs and improving on a fast pace. On the other side - you need to be quick in carrying your new Android smartphone home if you want to install the first OS update before your hardware becomes incompatible with the latest release. Cupcake, Donut, Eclair, Froyo, Gingerbread, Honeycomb.... now Ice Cream Sandwich and soon Jelly Bean -...

Product Report

Product Report: SailPoint IdentityIQ 5.2 - 70287

SailPoint is one of the pioneers in the emerging market for Access Governance. The company was founded in 2005 by a group of executives with long experience in IAM (Identity and Access Management) as well as in the general IT market. SailPoint is a company that started focusing exclusively on a platform that provides what they describe as “Identity Governance”. Designated “IdentityIQ,” the product belongs to the category of so-called “Access Governance” tools, which themselves form a relatively new segment within the markets for GRC (Governance, Risk...

Blog

The Decadence of Stuxnet, Duqu, Staatstrojaner and other Government produced Vermin

It seems that we now have entered the “Age of Political Cretinism”, with governments reducing themselves to either waste money or produce malware. We have several recent examples for this tendency: Stuxnet, Duqu and similar, (have alook at Martin's recent blogpost on this) well elaborated and dangerous trojans aiming at large industrial facilities on the one side, and poorely timbered Trojans used to regain the option to spy anybody's communication with anyone in a time where skype and similar services have made this more difficult for governments. The German so-called “Staatstrojaner”...

Blog

Stuxnet reloaded - the war has just begun

Yesterday, news about a new trojan have spread. The trojan is called Duqu or, correctly, W32.Duqu. It appears to be based on Stuxnet code, thus it is targeted against industrial automation equipment. However, unlike Stuxnet the new Trojan isn't targeted to sabotage industrial control systems but steals data. So it is most likely just the precursor to the next Stuxnet-like type of attack. Duqu was, from what we know, targeted against selected organizations mainly in the area of software development for industry automation. It does some espionage there, collecting information which then might...

Product Report

Product Report: DirX Identity 8.2 - 70134

With DirX Identity, Siemens has been able to establish itself amongst the technically leading vendors in the area of enterprise provisioning. As part of the Atos Origin acquisition of Siemens IT Solutions and Services (SIS) on 1st July 2011, the entire DirX product portfolio has been passed to Atos Origin. Atos Origin was renamed “Atos” to coincide with the takeover of SIS. Atos is marketing the DirX products on a global scale. The functionality of version 8.1, which has been available since 2009, and version 8.2, released in 2011, has been significantly enhanced compared to...

Webinar

Nov 22, 2011: Access Governance: Identity Management aus dem Business für das Business

Verantwortung kann nicht delegiert werden. Es sind die Mitarbeiter der Fachabteilungen, die gegenüber Aufsichtsorganen, Prüfern und Justiz in der Verantwortung stehen und letztlich auch in die Haftung genommen werden. Alleine schon deshalb (aber natürlich auch, weil sie näher am Prozess sind und es deshalb besser können) muß ein modernes Identity Management fachabteilungstauglich sein. Identity & Access Governance. In diesem Webinar beschreibt zunächst Martin Kuppinger, worauf es ankommt, wenn man seine Identity Infrastruktur den Fachabteilungen als Service zur Verfügung stellt. Danach...

Webcast

Surviving the Cyber Security Attack Wave

KuppingerCole Webinar recording

Vendor Report

Vendor Report: Symplified - 70121

Securant Technology was a visionary vendor which created the web access management niche in the mid 1990’s. When that company was acquired by RSA, its management team immediately began thinking about what would come next. From that brain-storming emerged Symplified. Symplified was envisioned and built to be the identity service for the cloud-based computing platform that was beginning to emerge in the early years of the 21st century. Initially this was supposed to be a pure-play cloud strategy – nothing would be installed on-premises. Since the market wasn’t quite ready...

Webinar

Nov 10, 2011: Solving the Million Record Challenge with XACML

This webinar with Martin Kuppinger and Gerry Gebel is part of our XACML how-to series and will highlight, how you can implement XACML policies in "big data" scenarios.

Blog

Steve Jobs: cause to reflect

I am the same age as Steve Jobs. So when Phil Windley sent me the link to the 1985 Playboy Magazine interview of Steve Jobs (just before he was forced to leave Apple) I had to laugh at some of the questions made by the interviewer and remember all of the things that where going on in the industry then. During the 80’s I worked for Ray Noorda at Novell. My job was to create and drive Novell’s strategy. The plan was simple, give real freedom of choice to the customer and be interoperable with as many networks and computers as possible. By 1985 Noorda was finally coming around to the freedom...

Blog

SIEM - it's not mainly about tools

Last week, IBM announced the acquisition of Q1 Labs. The same day, McAfee acquired its plans to buy NitroSecurity. Not that long ago, HP bought ArcSight. Obviously, SIEM vendors seem to be very attractive to the large players in IT. SIEM, the acronym of Security Information and Event Management, consists of two disciplines. One is about managing the security information from different sources, the other is about real-time analysis of that information to identity events. Given the increasing security threats (no, it aren't just challenges anymore), having approaches in place which help in...

Blog

German state fails in hacking

This weekend, the German CCC (Chaos Computer Club), an institution which probably is best described as the "white hat" association in Germany and being prominent for a long time for identifying security issues, informed the public about severe issues with the so called "Bundestrojaner", a trojan used by the German BKA (sort of the counterpart to the FBI) in some cases to hack computers of suspects and to collect internet telephony data. There are two severe issues identified. The first one is that the trojan is able to do a lot of things which are just illegal. The German Federal...

Webcast

XACML Made Easy: Modeling High Level Policies in XACML

KuppingerCole Webinar recording

Blog

Understanding Identity and Access Management

In the second document from our series outlining KuppingerCole’s basic positions on key issues sur-rounding Digital Identity, Security and Infrastructure Management, we will explore the cornerstones of Identity & Access Management, which is mostly known by its abbreviation “IAM”, along with current trends and ramifications for corporate IT systems. IAM is primarily seen as a set of technologies which govern and regulate who is allowed access to which information stored or being processed within IT environments. Unfortunately, taking such a narrow technology-focused view deflects from the...

Product Report

Product Report: Evidian Identity & Access Manager 9 - 70130

Corporate IT environments are growing more complex every day. Not only do users within and outside the organization need to access sensitive information, they need to do so on the road and from a wide range of different devices. Identity & Access Management (IAM) is increasingly being recognized as the key to both security and business success for enterprises around the world. Evidian, a subsidiary of Groupe Bull created in July 2000 as an Independent Software Vendor company, is a well-established player in this field. Its signature product, Evidian Identity and Access Manager,...

Advisory Note

Scenario: Understanding Identity and Access Management - 70129

In this second document from our series outlining KuppingerCole’s basic positions on key issues sur-rounding Digital Identity, Security and Infrastructure Management, we will explore the cornerstones of Identity & Access Management, which is mostly known by its abbreviation “IAM”, along with current trends and ramifications for corporate IT systems. IAM is primarily seen as a set of technologies which govern and regulate who is allowed access to which information stored or being processed within IT environments. Unfortunately, taking such a narrow technology-focused...

Advisory Note

Advisory Note: Avoiding Lock-in and Availability Risks in the Cloud - 70171

Cloud computing provides an opportunity for organizations to optimize the procurement of IT services from both internal and external suppliers. The Cloud is not a single model but covers a wide spectrum ranging from applications shared between multiple tenants to virtual servers used by a single customer. The risks associated with Cloud computing depend upon both the service model and the delivery model adopted. This document focuses on two specific risks – availability and lock-in. A major objective of IT services is that systems, applications and data are available to authorized...

Blog

DigiNotar and RSA hackings demonstrate need for multi-level IT security

The attacks on SSL certificate authorities such as DigiNotar or GlobalSign threaten significant aspects of SSL-based security on the Internet. They also demonstrate yet again that security concepts should be multi-layered and never have a “single point of failure”. In late August it emerged that Dutch SSL certificate authority DigiNotar, a subsidiary of the VASCO Group, had been the subject of a successful attack in which an attacker, presumably from Iran, hacked into DigiNotar’s certificate authority (CA). Claims have meanwhile surfaced that the CA was insufficiently secured.Now...

Blog

Agility, service levels, and cost

Some two weeks ago I've been at the EMC EMEA Analyst Summit in France. In one of the session Chuck Hollis, VP Global Marketing CTO of EMC Corporation (what a title, isn't it?) made a very good comment when of the presenters talked about the needs for agility and speed service level fulfillment and improvement cost optimization of IT when providing services. He pointed out that IT looks at this typically in the order of cost - service level - agility, while business looks at agility - service level - cost. I really like that. You might argue that business always is talking about IT...

Webinar

Nov 03, 2011: The Clock is Ticking: Rethink PCI 2.0 Compliance

The time when you will ultimatively have to demonstrate PCI DSS 2.0 compliance is getting closer now. We therefore would like to invite you to join us in this webinar to have a look at how you can certify fast and at reasonable cost. Don´t miss this webinar and its great speaker lineup: KuppingerCole´s Senior Analyst Dave Kearns, Tom Arnold from Payment Software Company, who is one of the leading Qualified Security Assessors in the world, and Dr. Torsten George from Agiliance.

Quicklinks

Welcome to KuppingerCole

How can we help you

Send an inquiry

+49 211 237 077 33

Mo – Fr 8:00 – 17:00

Stay Connected

Spotlight

AI for the Future of your Business Learn more

AI for the Future of your Business

AI for the Future of your Business: Effective, Safe, Secure & Ethical Everything we admire, love, need to survive, and that brings us further in creating a better future with a human face is and will be a result of intelligence. Synthesizing and amplifying our human intelligence have therefore the potential of leading us into a new era of prosperity like we have not seen before, if we succeed keeping AI Safe, Secure and Ethical. Since the very beginning of industrialization, and even before, we have been striving at structuring our work in a way that it becomes accessible for [...]