News Archive


Recertification in dynamic authorization systems

Access Governance tools are becoming standard in IAM infrastructures. However, they mainly focus on "static" access controls, e.g. the entitlements granted to a user based on roles and other paradigms. Recertification is supported by these tools, and the solutions are maturing quickly. Thus, that part of Access Governance is easy to solve. However, the next wave is coming with the increasing success of tools which are commonly called Entitlement Servers or Policy Servers. I tend to call them Dynamic Authorization Systems because they authorize based on rule sets and attributes at runtime....


Slipsliding away from passwords

Tell me a story! Everybody hates passwords, because there so many of them and keeping track is tricky. And of course we all know that passwords are inherently insecure, so we would all be better off with something else. Nowadays, there’s another reason to hate password, namely the perfusion of smartphones and other mobile devices with itsy-bitsy, teeny-weenie keypads that make typing in long, complicated passwords a real pain. Lots of people have spent lots on time trying to come up with alternatives. Biometrics? Smartcards? Keystroke recognition? Voice recognition? You name it,...


How to deal with Data Sprawl? Could a sticky policy standard help?

Data Sprawl appears to me to be one of the biggest challenges in information security. And, by the way, Data Sprawl is not an issue that is specific to Cloud Computing. It is a problem organizations are facing day by day. What happens when data is extracted from a SAP system? One example: a CSV (flat) file is created with some data from the HR system. This file is delivered to another system, in best case using some secure file transfer. But what happens then? That other systems processes the file in some way or another. It might export some or all of the data, which then ends up in yet...


What can News International teach us about information governance?

WHAT HAPPENED? On July 19th, Rupert Murdoch, proprietor of one of  the world’s largest news organizations News International, apologized for phone hacking by reporters at the News of the World, and is quoted as saying “this is the humblest day of my life” to a committee of MP’s in London. What does this teach us about information governance? On Sunday July 10th, 2011 the News of the World published it last edition. This paper had been publishing for 168 years and was the top selling Sunday newspaper in the UK. The closure came following revelations of how the newspaper had allegedly...

Press Release

BYOD setzt ITler unter Druck

Private Endgeräte in der Firma sind nicht zu kontrollieren – Informationssicherheit als Ausweg

Düsseldorf, 13. Juli 2011
- Angesichts des Trends zur Verwendung privater mobiler Endgeräte wie iPhone, iPad, Tablets oder Laptops in Unternehmen drohen IT-Abteilungen die Kontrolle über die Sicherheit ihrer Systeme zu verlieren. Statt sich gegen den BYOD-Trend zu stemmen, sollten ITler ihr Augenmerk (und ihre Investitionen) auf das Schaffen von echter Informationssicherheit legen.

Press Release

BYOD puts new pressure on IT pros

There is no way to control the business use of private mobile devices – information security is the only answer

Duesseldorf July 13th, 2011
- The growing trend towards use of privately owned mobile devices such as iPhones, iPads, tablet PCs and laptops for business purposes is causing IT departments to lose control of the security and integrity of their systems. Instead of trying to stop the trend toward BYOD (“Bring Your Own Device”), IT pros should focus on securing the information itself.


Critical success factors for IAM projects

This is sort of a "back to the roots" post, but for some good reason. I've done several advisories and customer calls recently, and in some of them it became obviuos that companies tend to miss some of the critical success factors for IAM (Identity and Access Management). Some of the projects are still too technology-focused. So I've put together some key success factors for IAM projects. These are not that technical, so you won't read things like "support the cloud", because that should just be a result of the requirements analysis. Requirements: Understand the requirements of Business...

Advisory Note

Advisory Note: BYOD - 70335

Bring Your Own Device (or “BYOD” for short) may seem like the latest hype, but in fact it isn’t really all that new. Employees have been bringing their smartphones or iPads to work for quite some time now, mostly with their employers’ explicit (or at least implicit) consent. And ever since, IT departments have been worrying about losing control and how to halt the spread of privately owned mobile devices. Sadly, they are missing the point. They need to accept that smartphones and tablets are a fact of life in the networked economy, and that they are poised to...


ITIL is good, but IT Service Management is better

Service Management and with it the IT Infrastructure Library, or ITIL, is key to bridging the gap between IT users and „IT production“. But as Cloud Computing goes mainstream, it becomes increasingly clear that ITIL alone is not enough. For their Service Management needs, many vendors and user companies rely today on the IT Infrastructure Library. Developed in the 80ies by the UK Government's Central Computer and Telecommunications Agency as a set of recommendations on best practices for IT, ITIL really is quite helpful as a pedestal upon which Service Management can be based since it...


How can IT keep a grip on mobile devices?

Bring Your Own Device (or “BYOD” for short) is another IT hype word making the rounds nowadays, but it isn’t really all that new. Many employees have been bringing their smartphones or iPads to work for quite some time now, with the company’s explicit or implicit consent – at least as long as access with such devices hasn’t be fully blocked. IT departments worry increasingly about how to control the proliferation of privately owned mobile devices, but they’re missing the real point. Of course, many people have been using private devices professionally for years, ever since laptops started...


How to Prepare for BYOD (Bring Your Own Device)

Kuppinger Cole Webinar recording


Welcome to KuppingerCole

How can we help you

Send an inquiry

+49 211 237 077 33

Mo – Fr 8:00 – 17:00

Stay Connected


AI for the Future of your Business Learn more

AI for the Future of your Business

AI for the Future of your Business: Effective, Safe, Secure & Ethical Everything we admire, love, need to survive, and that brings us further in creating a better future with a human face is and will be a result of intelligence. Synthesizing and amplifying our human intelligence have therefore the potential of leading us into a new era of prosperity like we have not seen before, if we succeed keeping AI Safe, Secure and Ethical. Since the very beginning of industrialization, and even before, we have been striving at structuring our work in a way that it becomes accessible for [...]