News Archive

Blog

Martin Kuppinger's Top 5 IAM Topics for 2019

Where to put your focus on in 2019

Webcast

Martin Kuppinger's Top 5 IAM Topics for 2019

Where to put your focus on in 2019

Blog

How to Implement IT Governance Requirements Relating to Information Security and IT for Insurances and Beyond: VAIT Now Available in English

A short update blog post: Earlier this year, in September, I did a blog post about the VAIT. This BaFin document explains the challenges for IT in companies in the insurance industry much more clearly than the original regulatory documents. VAIT ("Versicherungsaufsichtliche Anforderungen an die IT") maps BaFin's requirements to more tangible guidance. A few days ago, the English translation of this document has been made available. It is described on its announcement page as follows: "The VAIT aims at clarifying BaFin's expectations with regard to governance requirements relating to...

Webcast

Cybersecurity Innovation Night 2018 - Machine Learning & Deep Learning for Secure Future

Every year the number of cyber attacks is increasing. The types of targets include just about everyone, ranging from Fortune 500 companies, small and medium-sized businesses, critical infrastructure, and government agencies. Cyber-attacks are becoming more sophisticated as well as growing in frequency. Up to a million new malware variants are created every day. Each new threat group can be significantly different from previous ones and can be used in damaging attacks around the world. The Cybersecurity Innovation Night will focus on cutting-edge approaches and advanced solutions in...

Webcast

Online Forms Are Out of Date – There Are New Ways to Sign Up Customers

An extreme lack of innovation has led to online forms dominating online buying for over two decades. The latest identity platforms use fast, easy, and secure technology to streamline customer sign-ups and simplify data. Today, customer experience is the main differentiator for businesses selling online. A competitive customer experience, though, requires balancing two conflicting needs: providing a fast, minimal sign-up experience for customers and collecting clean, compliant customer data for functions like personalisation, marketing, and compliance. Organisations that can address sign up...

Webcast

Richard Bell - Developing a Strategy for Managing Incidents

For many years now, the management of incidents has been a challenging, dynamic and somewhat accidental in response. Today, whatever the threat we face, there is zero margin for errors if affected and excuses are certainly a thing of the past. Planning for the worst-case scenario is now commonplace, yet is it tested? and who is involved? Developing the right strategy for your organisation and its operations is key to continued success and minimising the impact of any incident. This presentation intends to encourage the consideration of different approaches, thinking, and conversations...

Webcast

Peter Dornheim - Build Up a Security Operation Center and Provide Added-Value to Business Operations

Make or buy? Budget annihilator or business driver? Only 2 questions which must be answered when building up a Security Operation Center. How to address these questions and how to start a project to establish a Security Operation Center in a traditional German manufacturing company is content of this session. - Start small, think big: Understand how to start a SOC project and deliver an added-value fast - Think big: Identify a SOC target vision which maps to your individual company situation - Be prepared: Learn about typical challenges during the SOC ramp-up...

Webcast

Alexei Balaganski - The Sorry State of Consumer IoT Security and How Can We Possibly Fix it

The Internet of Things has already become an integral part of our daily lives, whether we like it or not. In the office, at home, and even in the street, we are surrounded by a multitude of smart devices ranging from smart TVs and fridges to network routers, voice assistants and parking meters. No matter how different their functionality is, however, all these “things” share two major common traits: they are all connected to the public Internet and they lack the most basic security controls. For decades, security was never a priority for embedded device manufacturers. Modern...

Webcast

Alexei Balaganski - Containers, Microservices, APIs: The Latest DevOps Security Trends

To stay competitive during the times of digital transformation, when business models and technology landscapes change daily, enterprises must reinvent many of their business processes to achieve new levels of agility and flexibility, and nowhere else this is more evident than in software development. As the demand for faster design, development and delivery of software is growing, organizations are adopting the DevOps methodology that fundamentally changes the ways software is produced. With a strong focus on practices like continuous delivery, infrastructure as code and test...

Webcast

John Tolbert - Defense-in-Depth: New Kinds of Tools for All the Layers

The principle of defense-in-depth remains a key design element for enterprise organizations. Although many have said that perimeters are going away, or identity is the new perimeter, the fact is that almost all enterprises still have perimeters. The names may have changed, and components may be declared “next-gen”, but there are still firewalls, VPNs, intrusion detection and prevention systems, etc. We will look at how new kinds of tools have become available to help protect against attacks from the application to the network layers.

Webcast

Chris Burtenshaw - User Behaviour Analytics (UBA) - The Enterprise Value Proposition

This session explores what UBA is and the value it brings to enterprise security in context of other common controls and tools.  Chris will give some history of how user activity monitoring has changed, and its challenges, and the state today. Finally, we will discuss how this is changing and what to look out for as organisations are consuming more cloud-based services.

Webcast

Dimitri Chichlo - What is the Role of a CISO in 2020?

In the past years, a CISO would mainly be chosen among the IT staff who expressed his interest for information security or by arbitrarily promoting someone from the inside to please the auditors with filling a headcount gap. Tasks and skills were mainly technical, focusing on patching, administering firewalls and installing antiviruses. With the years though, companies have made their IT systems the backbone of their businesses. Similarly, criminality has shifted to exploit online systems. Combination of both realities now requires that CISOs possess and demonstrate core competencies that...

Webcast

Panel - Risk Assessment and Security Design

Zero Trust Security assumes that nothing in a companies ITinfrastructure like including users, endpoint devices, networks, and resources, is ever trusted. All interactions must be verified to decrease the chance of a security breach. Zero Trust Security ensures secure access to resources while significantly reducing the possibility of access by bad actors. In this paneldiscussion we will discuss the considerations companies should make before implementing Zero Trust Security and Zero Trust Security by Design.

Webcast

Mans Hakansson - Beyond OAuth: Securing APIs with Policies & Attribute-Based Access Control

Attribute Based Access Control (ABAC), OAuth 2.0 and OpenID Connect (OIDC) are complementary standards that can be used individually or in concert to offer comprehensive access control for applications that are built using microservice and API approaches. -API security basics -Avoiding bad security practices -Overcoming OAuth limitations -Managing authorization as a microservice

Webcast

Tom Hofmann - Effective Countermeasures For Securing Critical Infrastructure – A View On The Human Aspect

When we think of security in the OT / IoT space, we are very focused on technological measures and controls. However, the recent incidents in this field showed that security events are not only based on a failure of technical controls. The 2017 Triton malware attack on SaudiAramco is a good example of what can happen based on human behaviour. While the attacked Triconex SIS controller is protected by a physical switch, it seems that this switch has been left in program mode. The ongoing digitalization of operational technologies presents cyber security professionals a whole new challenge....

Webcast

H. Huetter, B. Peeters and D. Roeper - Managing Complexity in a CIAM Migration Project - A Case Study of the ‘Steinberg ID’ Project

To handle the digital identities of customers efficiently is key to deliver valuable digital services. This entails a change of the core infrastructure, leading to a critical operation for many stakeholders and raising challenges in different domains. These challenges not only affect technical architecture and implementation, but also processes, communication and even organizational structures. In this talk, we will give an overview of how Steinbergapproached those challenges. This includes topics like: - How to handle the huge complexity of such a project, technically and...

Webcast

Gal Helemski - How a Policy Based Approach Dramatically Improved Access Control and Authorization

Hear how a leading multinational Financial institution was able to evolve from Role Based Access Control (RBAC) to the new paradigm, Policy Based Access Control (PBAC), and learn what challenges this solved, and the ROI they were able to see from using PBAC.

Webcast

Panel - AI and the Future of Cybersecurity

 Advanced analytical technologies will help organizations in their fight against cyber-attacks. These technologies assist in detecting potential attacks at an earlier stage, as well as enabling the identification of complex attack patterns that span various systems. In this panel we will discuss the role of AI in the future of cybersecurity, possibilities of using it as a weapon by adversaries and the possibility of developing preventing techniques using Machine Learning and Deep Learning. 

Webcast

Dr. Rachel Suissa - Mapping the Comprehensive Cyber Human Factor with Implications on AI and Future Cyber Leadership

The aim of this presentation is to map the comprehensive human factor and cybercrime landscape categories (Motivations, the category of the perpetrator, category of the targets and victims, opportunistic and targeted attacks, the jurisdiction of the target, technology versus social engineering). Mapping these two pillars provides indicators that can be integrated in AI cybercrime predictive analysis, construct a model of the man-cognitive system and a cyber leadership network based on the deduction of cyber policy challenges.

Webcast

Panel - Future of Critical Infrastructure Security

More often we hear about the devastating effects the attack on critical infrastructure can have on the citizens of an affected city or a country. Yet we don't see large scale attacks yet being conducted. Panellist will discuss possible threats in todays world as well as the ways private sector and governments can collaborate to prevent such assaults on critical infrastructure.

Webcast

Peter Gyongyosi - Can You Trust UBA? -- Evaluating Machine Learning Algorithms in Practice

The promise of every security solution is to detect the next attack, but verifying that claim is almost impossible. Attacks are extremely rare and tend to change: the ability to catch attacks that happened in the past say little about the ability to find things that will happen in the future and those breached are unlikely to share information and data about how that happened. In this  presentation  I will show the different approaches and metrics we found to measure the efficiency of the unsupervised machine learning algorithms commonly used in UBA products.

Webcast

Klaus Hild - Predictive Governance – Leveraging the Power of Identity Analytics

In this presentation, SailPoint will explain why Identity Analytics will change the way companies will think about CyberSecurity, by adapting ‘Predictive Governance’.

Predictive Governance will enable organizations to be more effective and efficient at governing access without increasing the risk.

Webcast

Yaniv Avidan - AI Powered Data Herding in Hybrid Cloud Environments

Having cloud software tools and services entering our core business processes, it becomes even more critical that we govern information across platforms, the diverse forms of data and at scale. Artificial Intelligence plays a significant role in enabling companies keep their business running faster, more protected in hybrid cloud environments, while optimizing the Hardware and Software stack.

Webcast

Martin Kuppinger - User Behavior Analytics: Can We? Should We? Must We? And if, How to Do It Right?

User Behavior Analytics (UBA) or UEBA (User & Entity Behavior Analytics) is an important capability of a variety of products: Specialized solutions for UBA; IAM tools with built-in UBA capabilities; and various cyber-security products that also come with built-in UBA capabilities. The question to start with is: What is UBA really and how does it differ from e.g. Threat Analytics, SIEM, Access Governance, and other capabilities? Where is the benefit of UBA? Is it a nice-to-have or must-have in these days of ever-increasing cyber-threats? And if we go for UBA: How do we do it right?...

Webcast

Jochen Werne - The Future of Digital Business Security

The digital development spurts have captured all areas of life. Industry 4.0 is on everyone's lips. The digitization of all areas of work and life requires integrated and robust strategies and processes at all levels. Consequently, this poses many questions: How well prepared are economies and politics as well as the society as a whole with regard to cyber safety aspects? How do people react to change processes? Basically, what is the significance of the human factor in the overall context of digital safety and cybersecurity? Of course, there have been prior leaps in developments within...

Webcast

Marko Vogel - Cyber Security as Part of Industry 4.0

 - More aggressive, complex and well organized: Cyber threat landscape on the rise

- Cyber Security – added value for industry 4.0?

- Industry 4.0 needs company-specific security strategies

Webcast

Martin Zeitler - Your Move to “the Cloud” Secured

There is a tremendous amount of business value that you can get from “the cloud”. But, there are a lot of challenges in adopting these services securely. The real question is how we can approach “the cloud” from a security perspective in order to really get that full benefit of the offerings.

Webcast

Matthias Reinwarth - CIAM as a Building Block of an Online-Success Story

Consumer Identity and Access Management (CIAM) encompasses many aspects. On the one hand, it is about optimizing the usability of services through technologies and practices to make it easier and secure for users sign up for a service. For the service providers, CIAM is all about lifecycle management of identities of many kinds - ensuring that accounts are set up, changed, and deactivated (or deleted) in a timely, accurate and secure manner. And for even more people, it focuses on security and compliance through technologies and practices that facilitate auditing and governance activities,...

Webcast

Martin Kuppinger - User Behaviour: The Link between CyberSecurity and Identity Management

An increasing number of attacks, both external cyber-attacks and internal attacks, are well-thought-out and long-running. Particularly external, targeted attacks rely on the use of zero-day-exploits, which factually are yet unknown exploits. Thus, standard approaches such as signature-based analysis don’t help – you can’t detect what you don’t know. On the other hand, malicious behavior of internal users is hard to detect. Commonly, existing entitlements are used, but not as they should be used. Both challenges can be addressed by analyzing the user behavior and...

Webcast

Dr. Torsten George - How Zero Trust is Creating a Game-Changing Security Experience

We got security wrong. Enterprise security is failing with two-thirds of organizations experiencing an average of five or more security breaches in the past two years, according to Forrester. Adding to the fervor is the impact of Cloud, Mobile, DevSecOps, Access. The entire experience of developing, deploying and protecting applications has forever changed. In today’s network perimeter-free world, organizations must adopt a Zero Trust Security model – and shift from ‘trust but verify; to assume users inside a network are no more trustworthy than those outside. And with...

Webcast

Dr. Frank Dudek - Accelerating Cybersecurity – Is Your Information Security Program Up to Speed?

Internet content providers rely on fast, modern webapps and feature-rich web frameworks to drive customers to their sites. In a landscape of accelerating change and continuous code deployment, my keynote will discuss how a company’s cybersecurity program must evolve to remain effective in such fast-paced environments. 

Webcast

Tim Hobbs - DevOps & Service Layers

IAM products are highly configurable systems tailored to the diverse needs of customer environments and applications. Modern applications require short development cycles and IAM systems that can be adjusted at the same pace. Modern data centers are configuration-driven, resilient environments designed to meet rapidly changing application needs, and modern IAM solutions must be in line with this paradigm. Introducing traditional IAM products into cloud containers is not a simple "lift and shift" operation, as it once was with the virtual machine infrastructure. Today's...

Webcast

Dr. Michael von der Horst - The Current Threat Landscape: A 360° View and Effective Remediation Strategies

In today’s cloud-connected world, the way we work has changed. But security has not. When over half of the PCs in most organisations are mobile, you need to protect your workforce wherever they access the internet – not just when they are in the office. You need to identify attacks as they are staged on the internet, so you can block them before they launch. Join us as Dr. Michael von der Horst, Senior Director for Cybersecurity Germany at Cisco, takes us through what we see out there “in the wild”. He will present effective defence and remediation strategies...

Webcast

Paul Simmonds - From Network Protection to Data Security

"Zero Trust" is the latest security buzzword from the vendors marketing department; but what it actually means for you means should vary depending on your business requirements.

Properly aligning security architecture to enable the business strategy of the organisation is the key to deliver a Zero Trust architecture. But the solution could be anything from implementing identity-aware firewalls to the extremes of "BeyondCorp"; Google's firewall-less global network when the security posture is identical whether you are in Starbucks or on the Google campus.

Webcast

Dragan Pendic - Application Security - Achieving Security at Speed and Scale

Modern software development for cloud-native world requires continuous application security to go along with continuous integration, continuous delivery, and continuous deployment. Sadly, even well-established application security programmes often can’t operate at the speed and scale required. We will look into the ways of rethinking legacy security infrastructure and processes and how to adapt in the complex world of digital business and advanced attacks.

Webcast

Dragan Pendic - Path to Zero Trust Security - Data Veracity, When Truth Is Essential and Trust Optional

Businesses are more data-driven than ever, but inaccurate and manipulated information threatens to compromise the insights that companies rely on to plan, operate, and grow. Unverified digital resource is a new type of vulnerability - one that is  chronically overlooked by digital enterprises. With autonomous, data-driven decision making, the potential harm from unverified digital resources become an enterprise-level existential threat. And then, there's a wider cybersecurity aspect and how to address the following: - Data provenance verification - the history of data from its...

Webcast

Panel - Achieving Consistent Enterprise Security

In this discussion the panellists will speak about the types of attacks which enterprises should expect in coming years. The ways of DevOps integration into an enterprise security program will also be discussed together with best practice highlights.

Leadership Compass

Leadership Compass: CIAM Platforms - 79059

This report provides an overview of the market for Consumer Identity and Access Management and provides you with a compass to help you to find the Consumer Identity and Access Management product that best meets your needs.  We examine the market segment, vendor product and service functionality, relative market share, and innovative approaches to providing CIAM solutions.

Webcast

Five Steps to Building an Effective Insider Threat Program

The greatest cybersecurity threat an organization faces is no longer the malicious outsider hacking from beyond network firewalls. It is the insiders - the contractors, third-party vendors, and even your own privileged employees who already have full access to your company's systems and sensitive data. Any of those can cause substantial damage to your business by leaking confidential information, disrupting access to a critical system or simply draining your bank account. The most privileged users in this regard are no longer the IT administrators, but the CEO or CFO, and the number of new...

Conference

Oct 22 - 24, 2019: Consumer Identity World EU 2019

At the Consumer Identity World you learn how to balance the user experience, privacy, and security of your connected customer and how to enhance the customers' journey by leveraging Artificial Intelligence (AI) and Machine Learning (ML) to provide a superior and customized experience.

Conference

Sep 25 - 27, 2019: Consumer Identity World USA 2019

At the Consumer Identity World you learn how to balance the user experience, privacy, and security of your connected customer and how to enhance the customers' journey by leveraging Artificial Intelligence (AI) and Machine Learning (ML) to provide a superior and customized experience.

Webcast

The Power of Identity Context: How to Get the Right Context and How AI will Help

How did the phrase “Russian trolls” manage to take over the news? If anyone knew at the time that these were not actually American citizens, they would have had no power to influence. That’s what a lack of identity context will do to you.

Webcast

Modern Endpoint Protection – Automating Prevention, Detection, and Response

“Antivirus is dead!” - we’ve heard talks like this for years. Some experts would point out that traditional signature-based products cannot detect zero-day attacks or sophisticated advanced threats. Others would even recommend getting rid of any 3rd party antimalware products because the one built into Windows is good enough. But can we really take these claims at face value? If the last few years have taught us anything, it would be that the cyberthreat landscape is constantly evolving, changing quickly and unpredictably. Even the largest companies that have invested...

Webinar

Jan 29, 2019: IDaaS: Your Identity Fabric. Connecting Every User to Every Service, Seamlessly

Making your service available to everyone, everywhere, without losing control. On their digital journey, businesses are constantly launching new digital services, chased by competitive and innovative pressure.

Webcast

Security vs. Innovation: Why Not Choose Both?

In a world where businesses compete and succeed on the basis of application-driven innovation, enterprises are challenged to deliver software to market faster than ever before. Simultaneously, they're grappling with insider and outsider cybersecurity threats, as well as stringent data privacy regulations such as GDPR.

Executive View

Executive View: VeriClouds Identity Threat Protection Platform - 79083

Securely authenticating users remains a difficult problem. VeriClouds offers an Identity Threat Protection Platform that can provide a useful additional level of assurance against the reuse of compromised credentials.  There are many approaches, products, and services around user authentication, however, the VeriClouds Identity Threat Protection Platform is unique in what it offers. 

Leadership Brief

Leadership Brief: What AI Can Do for You Today – and What Not - 79002

AI is a generic term that covers a range of technologies. Today some of those technologies are sufficiently mature for commercial exploitation and some are not. This leadership brief describes the current state of AI technologies and recommends the areas where they can be applied today.

Webcast

Andre Priebe - CIAM & API Management

Customer Identity & Access Management und API Management sind als Business Enabler bekannt. Aber in Kombination sind sie sogar mehr als die Summe ihrer Teile.

 Erfahren Sie, wie digitale Identitäten Ihrer Kunden und Ihrer APIs das digitale Ökosystem Ihrer Kunden infiltrieren, um sie noch stärker an Ihr Unternehmen zu binden. Verstehen Sie, warum die Weitergabe von Kontrolle an Dritte und externe Entwickler der Schlüssel zum Erfolg dieses Ansatzes ist und dass die Einhaltung von Standards Voraussetzung dafür ist.

Webcast

Workshop - Mobile Apps und Single Sign-On

Wenn es um die Integration von Mobile Apps in die Single Sign-On-Umgebung geht, dann entstehen oft Interessenskonflikte zwischen Designern, der IT-Sicherheit und dem, was der Kunde wirklich möchte.

Welchen Einfluss hat das gewählte Login-Verfahren auf die Sicherheit und welche Ansätze haben sich in der Praxis bewährt? Wie kann ein Kompromiss aussehen, der sowohl den Kunden zufriedenstellt, aber trotzdem ein ausreichendes Sicherheitsniveau bietet? Erfahren Sie, welche Best Practices es gibt und welche Rolle OAuth 2.0 dabei spielt.

Webcast

Dr. Andre Kudra - Dezentrale Digitale IDs und die Vorzüge der Blockchain Technologie

Um den Dschungel von Authentifizierungsverfahren und digitalen Identitäten zu bändigen, werden oftmals Single Sign-on (SSO) Strukturen geschaffen. Dadurch wird es Nutzern ermöglicht viele Logins mit nur einer digitalen Identität zu verwalten und Authentifizierungsverfahren je nach  Bedarf  einer Applikation anzupassen. SSO-Applikationen haben jedoch einen entscheidenden Nachteil: Sie setzen ein Vertrauen in nur eine Instanz, z. B. den Entwickler der Applikationen, oder mehrere Instanzen voraus. Was wäre, wenn wir für jeden Onlinedienst oder...

Webcast

Martin Lum - Dezentralisierte Blockchain Identität BYODID ohne Zwischenhändler

Viele der neuen DID und Self-Sovereign Identitäts-Konzepten verlangen weitreichende neue Strukturen und Verfahren. Ihr Schwerpunkt ist der Austausch maschinell lesbarer Identitäts-Unterlagen zwischen Behörden und vertrauenden Geschäftspartnern. Anstatt Zwischenhändler abzuschaffen, so wie von den Blockchain Propheten versprochen, werden neue Führungsnetzwerke aufgebaut um technische Neuigkeiten traditionell zu verwalten.

Webcast

Maximilian Möhring - Die Zukunft Digitaler ID ist Dezentral – Aber Nicht Blockchain

Die Identitätslandschaft ist voll von IAM-Systemen, Identifikations- und Authentifizierungsanbietern, verschiedenen Technologiestandards und wird durch nationale sowie branchenspezifische Normen geregelt. Die Lösung für dieses Problem ist die Interoperabilität der Lösungen indem der Markt vereint wird und die Integration bestehender Identitätsanbieter vereinfacht wird. Obwohl Blockchain neue ID-Lösungen liefern kann, löst sie nicht die Kernproblematik des Identitätsmarktes. Revolution wird durch die Evolution des bestehenden Marktes...

Webcast

Identity Verification & Authentication Made Easy

Business is undergoing change. The Digital Transformation affects business models and changes the way businesses interact with their customers. A seamless customer journey is a key success factor for the digital business. This journey starts with attracting the customer and includes steps such as registration, Identity Verification and the authentication of customers when they return.

Blog

AWS re:Invent Impressions

This year’s flagship conference for AWS – the re:Invent 2018 in Las Vegas – has just officially wrapped. Continuing the tradition, it has been bigger than ever – with more than 50 thousand attendees, over 2000 sessions, workshops, hackathons, certification courses, a huge expo area, and, of course, tons of entertainment programs. Kudos to the organizers for pulling off an event of this scale – I can only imagine the amount of effort that went into it. I have to confess, however: maybe it’s just me getting older and grumpier, but at times I couldn’t...

Blog

Another Astounding Data Breach Hits the Confidence of Customers

The dust is still setting, but the information on this case currently available, which also includes the official press release, is worrying: Just this Friday, November 30, the hotel chain Marriott International announced that it has become the target of a hacker attack. Marriott's brand names include W Hotels, St. Regis, Sheraton Hotels & Resorts, Westin Hotels & Resorts, and Le Meridien Hotels & Resorts. The compromised database contains personal information about customers, in particular, reservations made in the chain's hotels before September 10, 2018. Even more worrying...

Quicklinks

Welcome to KuppingerCole

How can we help you

Send an inquiry

+49 211 237 077 33

Mo – Fr 8:00 – 17:00

Stay Connected

Spotlight

AI for the Future of your Business Learn more

AI for the Future of your Business

AI for the Future of your Business: Effective, Safe, Secure & Ethical Everything we admire, love, need to survive, and that brings us further in creating a better future with a human face is and will be a result of intelligence. Synthesizing and amplifying our human intelligence have therefore the potential of leading us into a new era of prosperity like we have not seen before, if we succeed keeping AI Safe, Secure and Ethical. Since the very beginning of industrialization, and even before, we have been striving at structuring our work in a way that it becomes accessible for [...]