News Archive

Webcast

Overcoming Enterprise Entitlement Barriers by Externalizing Authorization

Kuppinger Cole Webinar recording

Vendor Report

Vendor Report: Avatier - 70144

Avatier is a vendor in the Identity and Access Management (IAM) market which provides an integrated set of tools to cover core requirements in that market. The AIMS (Avatier Identity Management Suite) supports features like role mining, password management and reset, user provisioning, recertification of access and access requests. With this offering, AIMS fits into the Enterprise Identity Provisioning market segment, which is at the core of most IAM implementations. In contrast to most other vendors, the core focus is on providing a simple-to-use, user-centric ap-proach to IAM, focused...

Webcast

Identity Management, Access Governance und Datenschutz: Sind Sie auf der sicheren Seite?

Kuppinger Cole Webinar recording

Advisory Note

KuppingerCole Top Trends 2011 - 70116

Wie jedes Jahr haben die Analysten von KuppingerCole wieder die wichtigsten Trends im Markt für allgemeine IT, Cloud Computing, Governance, Risk Management und Compliance (GRC), Identity und Access Management (IAM) und Mobile Computing herausgearbeitet. An der Spitze dieser Listen steht unserer Meinung nach eine noch stärkere Zusammenarbeit zwischen operativen Geschäftseinheiten und IT (so genanntes "Business-IT-Alignment") sowie die schrittweise Einführung von Hybrid-Umgebungen auf der Grundlage gut abgestimmter interner und externer IT-Services.

Blog

RSA SecurID again

I've blogged last week about the RSA SecurID case. In the meantime there were several other posts and advices on that and I'd like to put together some thoughts from my side about that, looking at what customers should do now. What should existing customers do short-term? In most cases, RSA SecurID will be a standard mechanism for strong authentication which can't be replaced immediately. If customers don't use a solution for versatile authentication they usually aren't able to opt for another (stronger) authentication mechanisms on the fly. Not using RSA SecurID however will make things...

Advisory Note

Advisory Note: Cloud Computing - Cloud Security Management - 70139

The Cloud allows the procurement of IT services from both internal and external suppliers to be opti-mized because the services are delivered through the Internet in a standard way.   The Cloud is not a single model but covers a wide spectrum from applications shared between multiple tenants to virtual servers used by one customer and hosted internally.  The information security risks associated with Cloud computing depend upon both the service model and the delivery model adopted. The common security concerns across this spectrum are ensuring the confidentiality, integrity...

Blog

Having the right conversation on online banking security

Sometimes the most interesting conversations are about something you never really expected to discuss, but I digress. No, seriously: You sometimes get sidetracked on a topic that becomes so fascinating that your meeting is almost over before you get back to what you really wanted to talk about. Take for instance a conversation I had recently with Julian Lovelock of ActivIdentity. There are lots of things I as an analyst wanted to know about their recent acquisition by HID, who are at home in the “old” world of physical access management and who obviously wanted to buy into the “new” world...

Blog

RSA SecurID breach: it had to happen...

As you, dear reader, can imagine, the information about the SecurID breach was really shaking the minds of us analysts here - for a long time, we were telling the story that SecurID was the right compromise between security, convenience and manageability - until SMS became so cheap, that they made the first place for cheap, manageable and strong authentication. There has been said much about the management aspects, whether it will shake the industry (I personally believe, yes, but much slower than some people argue) or what this means for the reputation of the world's largest strong...

Blog

Identity Management - Process or Technology

Identity Management – Process or Technology? RSA recently announced SEC 8-K filing a security breach, relating its SecureID authentication technology.   This reopens the question of which is the most important factor in identity management – processes or technology? One line of thinking has been that the major cause of identity theft and data loss is poor process and that strengthening the process is the key approach. Strong processes are indeed required but a strong process can be undermined by a weakness in  technology.   Authentication: The electronic identity of someone depends...

Blog

RSA SecurID - it will never be the same again

Yesterday RSA informed about a security breach which they assume to be an "advanced persistent threat", e.g. a long-running attack. In that case it was apparently against the seeds, e.g. the base material for keys which are used to generate OTPs. With other words: The first and (until now) stronger part of the two-factor authentication used with RSA SecurID cards isn't secure anymore. In fact it shows that every approach which relies on a central database of such seeds has its inherent security weaknesses. The importance of this breach becomes obvious when looking at the SEC 8-K filing -...

Press Release

Article on the "Top Trends 2011" from Martin Kuppinger available

Duesseldorf, March 17th, 2011 - As in the past years, KuppingerCole has worked out the Top Trends in IT in general, Cloud Computing, GRC (Governance, Risk Management and Compliance), IAM (Identity and Access Management) and Mobile Computing, which will be presented at this year’s European Identity Conference and CLOUD 2011. The most important trends are, from  a KuppingerCole perspective, an increasing level of Business-IT-Alignment and the evolution towards hybrid IT environments based on a well-managed mix of internal as well as external IT services.

Blog

Your law or mine in the Cloud?

Where in the Cloud am I? And more importantly: Where are my data? I know that many managers and CIOs are asking themselves similar questions. In fact, as I have posted before, a colleague of mine put that question to Martin Jetter, CEO of IBM Germany, at a briefing about a year ago, namely: “If I give you my data to store in the Cloud, where exactly are they?” Mr. Jetter didn’t quite get the question at first, so he launched into a lengthy technical explanation, but the guy interrupted him and insisted: “I mean, physically, where are they?” Of course, there was no really good answer, and...

Webinar

Apr 12, 2011: Reliable Protection for Information in Databases

How to best protect data? This is about processes, this is about technology. Whilst Database Governance focuses on the big picture, technology enables the required controls. Amongst them, encryption is a key technology – supporting critical controls to prevent by-passing the access controls mechanisms within databases and in the surrounding system environment. In this webinar, Martin Kuppinger will outline how Database Security solutions fit into the approach of Database Governance, which role encryption technologies play therein, and what it needs for a holistic approach on Database...

Blog

Database Security - a hot topic

During the last few months I've did a lot of research around database security, and some advisory. This market, with the very big player Oracle and its large number of offerings, and IBM as another heavyweight vendor, is growing rapidly. Besides the two big ones there are several specialized vendors like Sentrigo, Imperva, Bitkoo, NetIQ, and several others - I'll cover the market soon in an upcoming research note which will provide an overview about all key players in that market. Have a look here regularly - the research note will be out latest around mid April... By the way: You'll find...

Webcast

Database Governance - How to Put the Right Controls in Place to Protect Your Data

Kuppinger Cole Webinar recording

Webinar

Apr 14, 2011: Business-Centric, Cloud-Aware Identity and Access Management

In this webinar, KuppingerCole´s Principal Analyst Martin Kuppinger will introduce you into the key elements of a future-proof and cloud-ready Identity and Access Management strategy and how to deal with hybrid cloud environments. Following Martin, Ralf Knöringer and Rudolf Wildgruber from Siemens IT Solutions and Services will present case studies and product features of Siemens DirX Identity and DirX Audit and show how to realize an Identity Governance solution that creates business value.

Advisory Note

Advisory Note: Database Governance - 70102

Database Governance is the set of policies, procedures, practices and organizational structures ensuring the execution of database related activities in an organization according to defined strategies and controls. Database Governance is required to enforce Information Security for structured data held in databases. Within Enterprise GRC, Database Governance is an element of IT GRC. Enterprise GRC starts with Corporate Governance, e.g. the general, enterprise-wide policies and the focus on strategic risks. Business GRC with its focus on operational risks is the second element (or...

Vendor Report

Vendor Report: Symantec Cloud Security - 70115

The Cloud is an environment which allows the delivery of IT services in a standardized way.   This standardization makes it possible to optimize the procurement of IT services from both external and internal providers.   The information security risks associated with Cloud computing depend upon both the service model and the delivery model adopted.   The Cloud covers a wide spectrum from shared applications delivered over the internet to virtual servers hosted internally.  The common security concerns across this spectrum are ensuring the confidentiality,...

Webcast

Recent Trends and Best Practices in Internal Audit Management for Better Business Performance

Kuppinger Cole Webinar recording

Webinar

Mar 24, 2011: Identity Management, Access Governance und Datenschutz: Sind Sie auf der sicheren Seite?

Datenschutz - ein notwendiges Übel? In zahlreichen Unternehmen ist dieses Thema auch heute in der Tat noch eine Randerscheinung, obwohl mit der gesteigerten öffentlichen Wahrnehmung und damit einher gehenden Sensibilisierung jeder bekannt werdende Verstoß zu einer fundamentalen Schädigung der Substanz Ihres Unternehmens führen kann. Dieses Webinar hilft Ihnen dabei, den Datenschutz wirksam und effizient in Ihrem Unternehmen zu verankern.

Blog

We need a policy standard for the use of data

One of the issues I'm confronted with in most of the advisories I'm doing is "how to protect information once it leaves a system". A typical situation is that HR data leaves the HR system and is imported in another system - the identity provisioning system, a business analytics tool, or whatever else. Once information is out of HR, it is out of control. Lost somewhere in the happy hunting grounds of information... However, from a governance perspective (and deu to many specific regulations) we have to keep control. PII has to be well managed, financial data has to be well managed, risk...

Press Release

Save the date: European Identity / CLOUD Conference 2011

Duesseldorf March 9th, 2011 - The European Identity Conference 2011 (EIC) and co-located CLOUD 2011 will take place from May 10-13, 2011, in Munich. Now in its fifth year, Kuppinger Cole´s flagship event is the place to meet with thought leaders, experts and decision makers to learn about, discuss and shape the market in most significant technology topics such as Identity Management, Governance, Risk Management and Compliance (GRC) and Oriented Architecture (SOA), both in “classical” environments as well as in private, public and hybrid cloud environments with a strong...

Press Release

Terminblocker: European Identity / CLOUD Conference 2011

Düsseldorf, 08.03.2011 - Vom 10. bis 13. Mai 2011 finden in München zeitgleich die European Identity Conference (EIC) und CLOUD 2011 statt. Im Rahmen der Jahresveranstaltungen von KuppingerCole treffen sich Analysten und Vordenker der Branche mit IT-Experten und -Entscheidern, um die neuesten Trends kennenzulernen. Dabei wird der Markt rund um Identity Management, Governance, Risk Management and Compliance (GRC) und Service Oriented Architecture (SOA) – sowohl in „klassischen“ wie auch privaten, öffentlichen und hybriden Cloud-Umgebungen – diskutiert...

Advisory Note

KuppingerCole Top Trends 2011 - 70116

As in the past years, KuppingerCole has worked out the Top Trends in IT in general, Cloud Computing, GRC (Governance, Risk Management and Compliance), IAM (Identity and Access Management) and Mobile Computing. The most important trends are, from our perspective, an increasing level of Business-IT-Alignment and the evolution towards hybrid IT environments based on a well-managed mix of internal as well as external IT services

Blog

10 Rules for Securing the Cloud

Security is the hottest topic in town when considering moving your business to the Cloud, especially if you plan to use an external provider or, even worse, more than one provider. How do you make sure your data are “secure” out there? Here are ten simple rules to follow in if you want to stay on the safe side of Cloud Computing. There are many kinds of clouds: private and public, just to name the two most common ones. Private clouds are usually run over a more or less dedicated infrastructure operated by an external provider. Public clouds, on the other hand, run on shared infrastructures...

Executive View

Snapshot: Oracle Database Firewall - 70384

Oracle Database Firewall is one of several Oracle offerings in the database security market. It complements other products such as Oracle Database Vault that offer protection within the database by providing protection by analyzing database traffic outside the database. Like few other products in that area, Oracle Database Firewall analyzes database activity traffic over the network and thus is able to intercept and filter potentially illegitimate database activities based on pre-defined policies.

Webcast

Externalize Authorization - XACML and Beyond

Kuppinger Cole Webinar recording

Blog

Android attacks - you shouldn't be surprised

The news about a significant number of malicious apps for the Android platform on mobile phones hit the news yesterday. Many comments still sounded a little surprised. However there is no reason for being surprised. Today's mobile phones are insecure by design. The vendors haven't understood that security is mandatory for long term success and they are still selling devices which are as secure as a PC in the mid '80s of last century. Unfortunately these devices are connected and have far more capabilities than the PCs of the early days. The vendors (and developers of OSes) are just...

Blog

Persons, identities, users, accounts - and which attributes to select from HR

One of the discussion which pops up in many advisories is around the terms and related object to use in Identity and Access Management. This is directly related to the question which attributes to use where and which to import from HR. My best bet and experience is that customers should look at three levels ob objects: Persons, e.g. the human being Identities, e.g. a virtual representation. There might be several identities for one person. Someone might be the manager of several companies within an organization. Or someone is working as an internal in an insurance and as external sales...

Quicklinks

Welcome to KuppingerCole

How can we help you

Send an inquiry

+49 211 237 077 33

Mo – Fr 8:00 – 17:00

Stay Connected

Spotlight

AI for the Future of your Business Learn more

AI for the Future of your Business

AI for the Future of your Business: Effective, Safe, Secure & Ethical Everything we admire, love, need to survive, and that brings us further in creating a better future with a human face is and will be a result of intelligence. Synthesizing and amplifying our human intelligence have therefore the potential of leading us into a new era of prosperity like we have not seen before, if we succeed keeping AI Safe, Secure and Ethical. Since the very beginning of industrialization, and even before, we have been striving at structuring our work in a way that it becomes accessible for [...]