News Archive


What is the future of trust?

Trust is a fundamental concept of today's IT. Security is based on trust. We have (or better: had, after DigiNotar?) trust that a web server which has a valid SSL certificate is the server it claims to be. We had trust that RSA SecurID tokens are secure (whích they still are to some degree, but a lower than before). We have trust that our authentication in the Active Directory is done in a secure way. We trust the identity provider when using identity federation. However, especially the first two examples raise the question whether the concept of trust still is a foundation to build...


Thriving in Change - Using Federation and the Cloud to Minimize IT Costs

KuppingerCole Webinar recording


Nov 15, 2011: Why Access Governance Moves the Risk and Reward Balance in your Favour

In this webinar, KuppingerCole´s Principal Analyst Martin Kuppinger will describe, how to reduce business risks through transferring responsibility for defining, maintaining and auditing information security policies and access rules from IT to those business divisions which actually need these policies to do their job. Following to Martin´s presentation, Quest Software´s Phil Allen will show practical approaches and best practices implementing such an Access Governance program.


Why Managing Privileged Users Benefits your Business

KuppingerCole Webinar recording


Facebook strikes again

Last spring, the world was up in arms over alleged tracking of users’ locations by iPads,  iPhones and Smartphones powered by Google’s Android operating system. According to a story from ABC News, “…Just days after researchers demonstrated that some Apple iPhone and iPad owners have had their locations tracked by their devices, another security researcher revealed that Android phones, which use Google's mobile operating system, store users' geographic information in a very similar manner.” Interestingly, though, Apple had revealed that information a year earlier in a letter drafted in...


Microsoft acquires BHOLD technology assets

Today Microsoft announced that they have acquired technology assets from BHOLD, a dutch vendor of Access Governance technology. Microsoft thus now owns technology which has been missing in their IAM portfolio until now. Microsoft thus enters the Access Governance market. Whether that will happen through enhancements of their existing FIM 2010 product or by adding another product based on the BHOLD technology hasn't been announced yet. Anyhow, the deal will change the Access Governance market, particularly regarding the offerings which are targeted to complement Microsoft FIM. KuppingerCole...


Integrating Access Governance and Entitlement Management

KuppingerCole Webinar recording

Advisory Note

Advisory Note: From Identity and Access Solutions to Access Governance - 70318

The need to identify users, control what they can access and audit their activities is fundamental to information security. Over the past decade there has been a tsunami of identity and access management technology designed to provide a solution to these needs. However many organizations have not realised the benefits expected from the application of this technology, because they have taken a technology led approach rather than one based on governance. In addition – the move to outsourcing and the Cloud means that technology and some processes are no longer under direct control....


Who are the good guys - the one that keep you informed about security issues or the others?

I understand the reason behind - but it is still contradictory. People expect IT vendors to quickly inform them about security issues. And people then blame them for the security issues. OK, if there are security issues which affect someone, he has some reason to blame the company responsible for these. Nevertheless, some more fairness would help in achieving even more openness. If you have to admit a security issue and you fix it, then this is obviously better than just trying to hide what has happened. Let's take some examples. Microsoft has been bashed for years for not doing even to...


Game On: Managing Multi-Regulatory Compliance

KuppingerCole Webinar recording


The UBS case: Again 2 billion US$ lost due to unauthorized transactions of a trader

Today, the next story about banks failing in managing trading risks hit the news. It remains unclear what allowed the trader to execute unauthorized (and thus most likely illegal) transactions which lead to that loss. However, the Risk Management of UBS obviously failed. By the way: UBS had to annouce that just the day the swiss parlament started a debate about new regulations for the finance industry. It will be interesting to hear about why that could happen. Did some people co-operate? Did the risk management system specifically for that types of transactions fail? Or has it been an...


UBS: No Guts, No Glory

I just read that UBS is reporting some 2 Billion $$ damage from "unauthorized deals" one of their investment bankers made. 2 years after Kerviel / Société Generale. This is the hard way of learning things. The only thing that now might really help those who will be asked why somebody is able to do unauthorized deals and create 2 Billion Dollars loss: Get the latest album from Australian Hard Rock Band Airbourne: "NO GUTS NO GLORY", take a day off and listen to it. Or for immediate relief, have a look at their "NO WAY BUT THE HARD WAY" video. Great music.

Product Report

Product Report: CrossIdeas IDEAS - 70271

CrossIdeas is a European vendor based in Italy specializing in Access Governance, Dynamic Authorization Management, and IAM. Formerly known as Engiweb Security, the company was renamed following a management buy-out and operates today as an independent software vendor in their core market segments. Like its predecessor, CrossIdeas is a one-product company, focusing entirely on their “IDEAS” platform which is built around role management, authorization management, and other core identity-related features. KuppingerCole feels that the product is well positioned as an accepted...


Oct 06, 2011: XACML Made Easy: Modeling High Level Policies in XACML

In this webinar, Principal Analyst Martin Kuppinger will give an overview on how the XACML standard can be used to achieve a top-down approach to governance. Following Martin's presentation, Axiomatics' Director of Technology Partnerships and former Kuppinger Cole Analyst Felix Gaehtgens will show examples that show how easy it actually is to translate high-level access control requirements from written English into XACML policies that implement tight control. Felix will then describe how to model XACML policies to integrate risk-awareness in access controls.


GlobalSign interrupt their Certificate Services and ask Fox-IT to Investigate Alleged Security Breach

Only hours after the individual/group claiming responsibility for the DigiNotar hack had posted on pastebin, that he/they have access to 4 more high profile CAs and had named GlobalSign to be one of those 4, GlobalSign reacted and released a statement that they have ceased to issue any SSL certificates. Also GlobalSign have asked Fox-IT for e-discovery and investigative services to verify the hacker's claim. GlobalSign, a GMO Internet Inc. company since 2006, has its roots in Belgium. Back in 2000, Vodafone had bought a 40% share of GlobalSign through their German subsidiary D2 Mannesmann....


The DigiNotar Hack, Black Tulips, Rogue Certificates and what You're not Being Told about PKI and Risk

DigiNotar is a Dutch "Internet Trust Provider" running a Certificate Authority (CA),  selling SSL Certificates and digital signature solutions. DigiNotar had recently been bought by VASCO.  On August 30, 2011, DigiNotar/VASCO reported that DigiNotar detected on July 19th, 2011 an intrusion into their CA infrastructure, "... which resulted in the fraudulent issuance of public key certificate requests for a number of domains, including " In the meantime we know that so far the known number of fraudulently created certificates is beyond 500 and it concerns domains like...


Nov 17, 2011: KuppingerCole Industry Round Table: Cloud Computing und Datenschutzrecht

Seit mehr als 2 Jahren befinden wir uns in einer Cloud Computing Hype-Phase, und ein Ende ist nicht in Sicht. Im Gegenteil: es gibt kaum ein Unternehmen, in dem IT Professionals nicht unter mehr oder weniger starkem Druck ihres Top Managements das Cloud Computing Zeitalter einleuten und bereits die nächste Treibstufe zünden. Mehr Agilität für weniger Geld, wir kennen die für eine Verlagerung der IT in die Cloud einschlägigen Business-Argumente zwischenzeitlich gut genug um zu wissen, dass die Cloud keine vorübergehende Erscheinung sein wird. Doch auch nach 2 Jahren Hype sind die Risiken in...


Welcome to KuppingerCole

How can we help you

Send an inquiry

+49 211 237 077 33

Mo – Fr 8:00 – 17:00

Stay Connected


AI for the Future of your Business Learn more

AI for the Future of your Business

AI for the Future of your Business: Effective, Safe, Secure & Ethical Everything we admire, love, need to survive, and that brings us further in creating a better future with a human face is and will be a result of intelligence. Synthesizing and amplifying our human intelligence have therefore the potential of leading us into a new era of prosperity like we have not seen before, if we succeed keeping AI Safe, Secure and Ethical. Since the very beginning of industrialization, and even before, we have been striving at structuring our work in a way that it becomes accessible for [...]