News Archive

Blog

The sad world of passwords – and why IdPs don’t solve the problem

This week Jackson Shaw commented in his blog on an article written by John Fontana. The discussion is about the future of passwords and how federation and structures with IdPs (Identity Providers) will help us to avoid them. Both have somewhat different opinions. However, in both posts there is the idea of having an IdP, using federation, and getting rid of passwords. My perspective is a little different and I’d like to add two important points (even while I think that Jackson is right with his skepticism regarding a quick replacement of passwords and with highlighting that password...

Webcast

Choosing the Right Cloud

KuppingerCole Webinar recording

Survey

Survey Report: Identity Access Management und Governance in der Finanzindustrie - 70584

Studie zum aktuellen Status der Umsetzung von Identity und Access Management sowie Identity und Access Governance in der Finanzindustrie in Deutschland und der Schweiz.

Studie beauftragt von Beta Systems.
Studie durchgeführt von KuppingerCole.

Blog

A CHANGE FOR THE BETTER?

There is an old joke that circulated amongst IT professionals during the 1980s – this joke goes as follows.  A man goes up to an ATM puts his card in the machine and requests some cash.  The machine accepts his card and PIN but doesn’t give out any cash.  He goes into the bank and tells a cashier what has happened.  The cashier replies – “that’s strange because we just had brand new software installed this morning”.  This joke is probably not funny if you bank with RBS in the UK. I normally write about IT security issues so – why is it that this entry is about managing change.  Well -...

Conference

Sep 13, 2012: Digital Economics Forum 2012

Mit Macht drängt die „Generation Y“ auf den Arbeitsmarkt und übernimmt Verantwortung in den Unternehmen. Aufgewachsen mit dem Internet, geübt im Umgang mit den neuesten mobilen Gadgets und daran gewöhnt, dass ein neuer Kontakt nur einen Mausklick entfernt ist, egal ob Kollege/Kollegin, Partner, Kunde, Lead, stellen sie CIOs und IT Professionals vor die größten Herausforderungen seit Einführung des Mainframe. Wie lässt sich Informationssicherheit in einer vollständig deperimeterisierten Umgebung erreichen? Wie kann man den bunten Zoo an privaten Endgeräten, der an den Schreibtischen ohnehin...

Blog

Security out of the Blue

If you were asked to think of an IT security firm perhaps IBM would not be top of the list.  However IBM has a significant set of products in this market and it manages the security of its customers’ outsourced and cloud systems, as well as that of its very large internal IT operations.  Following the acquisition of Q1 Labs late last year IBM is reorganizing to bring together all the security products under one division.  Well large companies are forever re-organizing so why does this change matter?  In short this is important because it reflects the increasing level of cyber risk and the...

Blog

IBM CastIron – delivering on the promise of the Open API Economy

Some days ago I had a very interesting briefing with IBM on their CastIron products. I had been in touch with CastIron way before they became part of IBM, because CastIron was one of the most interesting start-ups around “Cloud Integration”, i.e. the ability to integrate different cloud services and on-premise applications using the exposed APIs. Since then a lot has happened. The number of available APIs exploded, as my colleague Craig Burton has described in his report on the Open API Economy. More and more vendors are entering the space and are picking up the term Open API Economy. The...

Blog

Making Good on the Promise of IdMaaS

As a follow up to Microsoft’s announcement of IdMaaS, the company announced the — to be soon delivered — developer preview for Windows Azure Active Directory (WAAD). As John Shewchuk puts it: The developer preview, which will be available soon, builds on capabilities that Windows Azure Active Directory is already providing to customers. These include support for integration with consumer-oriented Internet identity providers such as Google and Facebook, and the ability to support Active Directory in deployments that span the cloud and enterprise through synchronization technology. Together,...

Blog

Lessons Learned from the LinkedIn fiasco

By now you should all be familiar with the “hack-in” on June 6 which led to the taking of over 6.5 million hashed user passwords. My colleague, Craig Burton, has addressed what should happen next, but I’d like to examine some issues which might appear tangential to the leak but should still be of concern. First, according to LinkedIn Product Director Vicente Silveira: “Based on our investigation, all member passwords that we believe to be at risk have been disabled.” How does LinkedIn know what my password is? Sure, they could search through all accounts, comparing the hashed value stolen...

Webinar

Jul 03, 2012: Intelligent Access Management – Vorsprung vor dem Auditor

Nie war es wichtiger als heute, genau darüber Bescheid zu wissen, wer wozu berechtigt ist und wer was getan hat. In diesem Webinar geht es um das intelligente Management von Zugriffsrechten. Um Risiken zu reduzieren, Compliance sicherzustellen und um den Anwendern selbst die Möglichkeit zu geben, ihre Zugriffsrechte zu organisieren.

Blog

LinkedIn Password Disaster

I first thought about ignoring this topic for my blog. However, there have been so many press releases, blogs, and other comments on it which have been just wrong or absurd that I finally decided on posting a little about it. First of all, the LinkedIn Password Disaster reinforces the old rule that you shouldn’t reuse passwords (at least not too much). Second, it is another proof of the fact that the security skills of developers are on average far too low. There are not enough developers with strong security skills, but many developers with a lack of good skills in security which are...

Blog

Active Directory in the Cloud – the new Microsoft WAAD offering

Over the course of the last few days, there have been many posts being published in different blogs, including the ones of Craig Burton, Nishant Kaushik of Identropy, KuppingerCole’s Dave Kearns and for sure Kim Cameron and John Shewchuk. I won’t dive into the discussion taking place between Craig, Nishant, Kim and others but clearly have to say that I’m fully with Craig on that it is about “Freedom of choice” and that this is fundamentally different from the “Freedom to choose your captor”. My main points later down will focus on the blog of John. However, when looking at the initial...

Blog

THE DIMINISHING NETWORK PERIMETER

I just returned from NISC - the National Information Security Conference - held this year in Cumbernauld in Scotland. The theme of this event was “the diminishing network perimeter”. With the advent of smart phones, tablets, Kindles and BYOD, the boundaries between the work and home environment have dissolved so how do you maintain the security of your corporate network? How does this impact on the corporate network, and how much can you put into the cloud? There were many interesting sessions around this theme and, as well as giving a talk on the Deadly Sins of Cloud computing, I sat on a...

Webinar

Sep 18, 2012: Preparing your Enterprise for the Generation Y: BYOD & Mobile Device Management

A plethora of mobile devices are invading the enterprise at incredible speed, raising issues in areas like access control, policy enforcement, security of confidential data on users’ devices, and many others. Practices of “bring your own device,” (BYOD) and “company owned, personally enabled,” (COPE) are trying to describe methods of mitigating the risks involved. In this training, KuppingerCole Principal Analyst Martin Kuppinger will help IT professionals to find their best way through the myriad of recommendations and solutions related to this issue, and implement the right corporate...

Training

Aug 14, 2012: XACML and the Externalization of Authorization: How to do it Right

This training will give an overview about XACML and the concepts behind, from the way policies are expressed to the different components like PEPs, PDPs, or PAPs. It also will look at the shortcomings XACML currently has and how to best deal with them. It will look at different approaches in which XACML currently is used, showing the breadth and potential limitations of XACML. And it will discuss where to better not use XACML itself but to “translate” things.

Webinar

Aug 07, 2012: Preparing your Enterprise for the Generation Y: BYOD & Mobile Device Management

A phletora of mobile devices are invading the enterprise at incredible speed, raising issues in areas like access control, policy enforcement, security of confidential data on users’ devices, and many others. Practices of “bring your own device,” (BYOD) and “company owned, personally enabled,” (COPE) are trying to describe methods of mitigating the risks involved. In this training, KuppingerCole Principal Analyst Martin Kuppinger will help IT professionals to find their best way through the myriad of recommendations and solutions related to this issue, and implement the right corporate...

Webinar

Jul 17, 2012: Life Management Plattformen & die Zukunft des Social Networking

Social Networking steckt noch in den Kinderschuhen, der eher suboptimal sich entwickelnde Kurs der Facebook-Aktie mag ein Indiz dafür sein. Social Networking wie wir es heute kennen, basiert in der überwiegenden Zahl der Geschäftsmodelle darauf, dass die Nutzer weitgehend auf Privatspäre und Kontrolle über ihre persönlichen Daten verzichten. Durch die sich häufenden Fälle von Datenmissbrauch und Identitätsdiebstahl wirkt dieser Verzicht mit jedem Tag unangebrachter. Life Management Plattformen bringen Social Networking und Privatsphäre zusammen und schaffen die Basis für neue...

Webinar

Jul 17, 2012: How to Unleash the Power of Life Management Platforms

Life Management Platforms will change the way individuals deal with sensitive information like their health data, insurance data, and many other types of information – information that today frequently is paper-based or, when it comes to personal opinions, only in the mind of the individuals. In this webinar, KuppingerCole Founder and Principal Analyst Martin Kuppinger will describe, why Life Management will be a key trend and how it will influence your enterprise.

Training

Jun 27, 2012: Choosing the Right Cloud

The rise of cloud computing has changed the rules for optimising your IT strategy. However within cloud computing there are many choices. Making the right choices can save time and money making the wrong choices can increase risks. This training will look at how to choose the right cloud for your business need.

Blog

Freedom of Choice != Your Choice of Captor

Earlier this week I posted a first-look analysis of Microsoft’s Cloud-based Identity Metasystem (IDMaaS).In that analysis I stated: Microsoft is not only doing something innovative — but profoundly innovative. On June 7, Nishant Kaushik (Chief Architect at Identropy) wrote on his blog (How Do Governance Controls fit into IDMaaS?): I’ll be honest, I’m having a little trouble seeing what is so innovative about WAAD itself. How is the fact that becoming an Office 365 customer automatically gives you an AD in the cloud that you can build/attach other Azure applications to that differentfrom...

Blog

Managing risk, not preventing loss

I spent a week in Boston recently, attending Courion’s Converge conference. This was the 10th annual customer (existing and future customers) meeting the now venerable Identity Management company has produced and as always it provided a great way to see what the implementers - the enterprise IT and security folks - were doing, thinking and planning. The first thing I noticed was the company’s new catchphrase, “See risk in a whole new way,” which alluded to their newest product, Access Insight which they dub as an “Access Intelligence Engine.” There were also two major takeaways (among...

Blog

LinkedIn Hacked—More Reason for IdM in the Cloud

On June 6, 2012 LinkedIn was hacked and user accounts — names and passwords — were compromised. Follow LinkedIn’s advice on addressing the matter. There are just two things I want to say about this. 1. Service Providers should build hardened systems up-front Any service provider that has a security architecture that stores names and passwords on a server somewhere has an unacceptable system design. There is simply NO excuse for letting this happen — EVER. LinkedIn management is acting like hashing and salting passwords is some new thing that they are all over as a result of the...

Blog

What I would like to see First from IDMaaS

Intro Kim Cameron and John Shewchuk jointly rolled out Microsoft’s vision of Identity Management (IDMaaS) as a Service and then Microsoft’s implementation of that vision as Windows Azure Active Directory (WAAD). I posted first impressions. Kim Cameron responded. This morning over coffee I was gesturing through Zite — the iPhone and iPad personal publishing review app. There was my blog post in the headlines. I realize that Zite personalizes the headlines so probably no one else saw that, but that seemed pretty cool. Anyway, it got me to thinking what kind of things I would like to have...

Blog

Microsoft is Finally Being Relevant

Surprise surprise. For the last few years it looked as if the battling business units and power struggles within Microsoft had all but rendered the company incapable of doing anything innovative or relevant. But clearly something has happened to change this lack of leadership and apparent stumbling in the dark. Microsoft is not only doing something innovative — but profoundly innovative. In a dual post by Microsoft’s John Shewchuk and Kim Cameron, the announcement was made about what Kim Cameron alluded to at the KuppingerCole EIC in April — Identity Management as a Service (IDMaaS). This...

Quicklinks

Welcome to KuppingerCole

How can we help you

Send an inquiry

+49 211 237 077 33

Mo – Fr 8:00 – 17:00

Stay Connected

Spotlight

AI for the Future of your Business Learn more

AI for the Future of your Business

AI for the Future of your Business: Effective, Safe, Secure & Ethical Everything we admire, love, need to survive, and that brings us further in creating a better future with a human face is and will be a result of intelligence. Synthesizing and amplifying our human intelligence have therefore the potential of leading us into a new era of prosperity like we have not seen before, if we succeed keeping AI Safe, Secure and Ethical. Since the very beginning of industrialization, and even before, we have been striving at structuring our work in a way that it becomes accessible for [...]