News Archive

Executive View

Executive View: Cayosoft Administrator v5 - 79000

Cayosoft Administrator is an integrated platform for management and automation of Active Directory and Office 365 environments, including hybrid deployments. The latest release adds new capabilities not available in native Microsoft tools, focusing on customers who have already completely moved to the cloud.

Blog

Future-Proofing Your Cybersecurity Strategy

It’s May 25 today, and the world hasn’t ended. Looking back at the last several weeks before the GDPR deadline, I have an oddly familiar feeling. It seems that many companies have treated it as another “Year 2000 disaster” - a largely imaginary but highly publicized issue that has to be addressed by everyone before a set date, and then it’s quickly forgotten because nothing has really happened. Unfortunately, applying the same logic to GDPR is the biggest mistake a company can make. First of all, obviously, you can only be sure that all your previous...

Executive View

Executive View: Onegini Connect - 79031

Onegini provides a compelling solution for Consumer Identity and Access Management (CIAM). Onegini is headquartered in Europe and has global ambitions. They have expertise in EU regulations such as GDPR and PSD2. They are positioning their product as a CIAM solution for financial, health care, and insurance industries with a strong mobile differentiator to enhance customer engagement.

Webinar

Jun 26, 2018: Identity is Security: Avoiding the Pitfalls of an Authentication-Centric Security Architecture

The security landscape has changed in the recent decade, and the methods we used to protect our enterprise networks are no longer working. The network perimeter has dissipated, the adversary has become increasingly skilled at alternative methods to gain entry, and enterprise applications and data are spread across multiple environments, on-premises and in the cloud. With more sensitive information getting out of our control every day, a data breach is just waiting to occur, and the consequences, if successful, can be disastrous for your business.

Blog

"Archive != Delete": Bring Back the Delete Button

Why does it seem to be getting harder to delete information online? GDPR will take effect in just a few days. GDPR empowers EU people to take control of their personal information. When in force, GDPR will mandate that companies and other organizations which control or process personal information must comply with delete requests. Users around the world are more cognizant of the data they create and leave online. Even outside the EU, people want to be able to delete data which they deem is no longer useful.Enter the “archive” button. On some social media sites and other popular...

Blog

How (Not) to Achieve Instant GDPR Compliance

With mere days left till the dreaded General Data Protection Regulation comes into force, many companies, especially those not based in the EU, still haven’t quite figured out how to deal with it. As we mentioned countless times earlier, the upcoming GDPR will profoundly change the way companies collect, store and process personal data of any EU resident. What is understood as personal data and what is considered processing is very broad and is only considered legal if it meets a number of very strict criteria. Fines for non-compliance are massive – up to 20 million Euro or 4%...

Blog

Will Your Security Solutions Violate GDPR?

As the May 25th, 2018 GDPR enforcement date approaches, more and more companies are actively taking steps to find, evaluate, and protect the personally identifiable information (Personal Data) of EU persons. Organizations that do business with EU persons are conducting data protection impact assessments (DPIAs) to find Personal Data under their control. Many are also asking “do we need to keep the data?” and putting into practice data minimization principles. These are good measures to take. IT and privacy professionals are inventorying HR, CRM, CIAM, and IAM systems, which is...

Leadership Brief

Leadership Brief: Product Security as Your Biggest Challenge: Start Before It’s Too Late - 72011

The Internet of Things (IoT) has enormous potential to transform and benefit both consumers and industries, but along with it comes significant privacy and security implications. Addressing these challenges early on in an IoT project can go a long way to lowering potential security risks in the field.

Whitepaper

Whitepaper: Varonis - Daten kennen - 79028

Neue Regulierungen wie die Datenschutz-Grundverordnung (DSGVO) und die stetig wachsende Gefahr durch Cyber-Attacken führen zu einem hohen Druck auf Unternehmen. Es gibt aber auch Chancen, wenn man versteht, wo die wirklich wertvollen Daten liegen und sich darauf fokussiert, diese Daten im Unternehmen optimal zu nutzen und sie gezielt zu schützen, statt mit breitflächigen Sicherheitsmaßnahmen alles ein bisschen zu schützen und am Ende viel zu investieren, ohne die wertvollen Daten wirklich gut zu schützen. Dazu muss man zunächst wissen, wo diese Daten...

Webcast

Impressions of the European Identity & Cloud Conference 2018

Webcast

Martin Kuppinger's EIC 2018 Summary

Press Release

European Identity & Cloud Awards 2018

Wiesbaden, May 17, 2018 – Last night KuppingerCole Ltd. presented the winners of the European Identity & Cloud Awards 2018. The festive Ceremony took place during the 12th European Identity & Cloud Conference (EIC) in Munich, Germany. 

Webinar

Jun 27, 2018: Closing the Loop Between Audit and Action: Meet Compliance Needs With Privileged Access Management

Privilege Management has been a key element of both IAM (Identity & Access Management) and cybersecurity programs for years. However, increased complexity of modern corporate IT infrastructures and mounting pressure from compliance regulators force privilege management solutions to constantly expand their scope into new functional areas. From simple password vaults to advanced monitoring and behavior analytics to governance and compliance – a modern PxM solution permeates every corner of your enterprise IT infrastructure.

Blog

IAM for a Microservices World: Securing Agile IT

Ten years ago, for the second EIC, we published a report and survey on the intersection of IAM and SOA (in German language). The main finding back then was that most businesses don’t secure their SOA approaches adequately, if at all. Ten years later, we are talking Microservices. Everything is DevOps, a small but growing part of it is DevSecOps. And again, the question is, whether we have appropriate approaches in place to protect a distributed architecture. This question is even more important in an age where deployment models are agile and hybrid. So how to do IAM for this...

Blog

IAM as Microservices: It’s About Flexibility and Agility

Since I’m observing the IAM business, it has been under constant change. However, there is a change on its way that is bigger than many of the innovations we have seen over the past decade. It is IAM adopting the architectural concept of microservices. This will have a massive impact on the way we can do IAM, and it will impact the type of offerings in the market. In a nutshell: microservices can make IAM far more agile and flexible. But let’s start with the Wikipedia definition of Microservices: Microservices is a software development technique—a variant of the...

Webcast

Joni Brennan - The Economics of Identity

Around the world topics related to Digital Identity are becoming more and more critical. The world is beginning to recognize that Digital Identity lays the foundation needed for trust to perform myriad transactions in both the public and private sectors. Canada is moving rapidly toward the next Digital Identity Revolution. In this new model, capabilities from both the public and private sectors come together to deliver value to businesses, customers, citizens, and governments. This Digital Economy focused model prioritizes privacy and security by design as well as convenience delivered...

Webcast

Ian Bailey - The OrgBook: Enabling the Digital Economy

British Columbia is a digital identity leader in Canada with the development of the BC Services Card and associated digital identity services. Building upon our experience in providing digital identity services for all British Columbians, the Province of BC is now collaborating with the Canadian Federal government and the Province of Ontario in establishing the Org Book for businesses. The Org Book provides verified digital claims about businesses and their representatives to enable streamlined government service delivery to businesses and to enable digital transactions in the broader...

Webcast

Rene Mulder - Challenges to the Wide-Spread Adoption of DLT-Based Self-Sovereign Identity

In a world where everyone has a large amount of different personas and credentials stored and managed by government, banks, socials and other, we call for consolidation and control while preserving privacy and security. With DLT a lot of that call can be answered, but how do we roll-out. There are some major challenges to adoption such as usability, network economics, governance, privacy and recoverability. How do we approach these challenges to reach a global self-sovereign identity platform?

Webcast

Dr. Torsten Lodderstedt - Is Blockchain the Silver Bullet for Identity

As one of the winning presentations from the pre-conference Blockchain ID Innovation Night, Dr. Torsten Lodderstedt will continue his presentation about the limits of Blockchain Identity and the challenges that still need to be solved.

Webcast

Markku Rossi - Credentialess Cloud Access

Some of the most common causes of cloud security breaches include system misconfiguration, dynamic system updating and patching, unmanaged and leaked access credentials. The industry is applying different methods to overcome these challenges. These methods include dynamic system monitoring and alerting, automated deployment pipelines, and access management including credential and key management and rotation. But what if we could overcome all of these challenges with an immutable cloud infrastructure that could be accessed without any credentials which could be leaked or compromised?

Webcast

[DE] Privilegierte Konten sichern. Angriffe stoppen.

An interview during the European Identity & Cloud Conference 2018

Privileged accounts, credentials and secrets are everywhere— on premises, in the cloud, on endpoints, and across DevOps environments. From personally identifiable customer information to critical intellectual property, they provide access to your enterprise’s most valuable assets. And attackers are after them. Right now.

Advisory Note

Architecture Blueprint: Access Governance and Privilege Management - 79045

Well-designed IAM/IAG-architectures establish real-time visibility of all accounts of a person, thereby closing a formerly intrinsic security gap. Bridging between established governance silos within organizations enables full enforcement of Segregation of Duties rules for both business and privileged access. Thus, it substantially improves an organization's security posture.

Blog

Blockchain for Identity – Myth or Potential?

During yesterday’s opening keynote at the EIC (European Identity & Cloud Conference), I brought up (and explained) a slide about the areas where Blockchain technology has the potential of helping solving existing identity problems, either by doing it just better than today or delivering entirely new capabilities. Notably: it was about the potential, not that this will inevitably happen. Not surprisingly – an Opening Keynote should provoke thoughts and discussions – this lead to some discussions in the social media right after. Some found that I’m gone over the...

Blog

Blockchain Identity – Success Factors and Challenges

When new things arrive, which are still in the pioneering stage and far from reaching maturity, there is always a lot of discussion. This is even more true for Blockchain Identity, where the massive hype around Blockchains, a long history of clever ideas failing, and a few interesting technical and security challenges come together. During my keynote at this year’s EIC, I addressed the challenges and success factors for Blockchain ID as well. That led to a discussion on Twitter about whether some of these success factors are contradictory. That definitely is a good question worth...

Webcast

Naresh Persaud - How to Enable Trust with Interoperable & Shared Credentials

The focus of digital identity for consumers and enterprise is to remove silos, minimize redundant effort, enable better collaboration and provide a foundation for regulatory compliance. The challenge is that shared credentials for both commercial and public-sector organizations will require organizations to innovate to address requirements for physical access, protecting PII, delivering cross-agency services and re-thinking how digital consumers interact. In this session, we will discuss best practices across the industry that can be applied to enable interoperable credentials, we will...

Webcast

European Identity & Cloud Awards Ceremony

European Identity & Cloud Awards Ceremony

Webcast

Ian Glazer - Our Secret Strengths: The Skills of an Identity Professional

An identity and access management professional is more than just her knowledge of federation protocols, her ability to build user provisioning policies, or her talent in deploying social sign-up. Although we inherently know that it takes other skills to be a successful identity professional, we don't often identify them, nor do we consider how to grow them.

Webcast

Prof. Dr. Heiko Beier - Is it Facebook's End Game? Why Social Networks as we know them Today will not Survive

The real problem behind the recent Facebook scandal is not primarily that a company like Cambridge Analytica has "gained" access to the personal information of millions of Facebook users and misused them for political manipulation. It is the business model of social networks itself: Letting their users deal privacy for some kind of communication convenience, without letting them at any point opt for both: the convenience of using social network services to digitally interact with others as well as control over the usage of their personal information.  Will such business models...

Webcast

Tim Hobbs - What Connects DevOps & IAM

IAM products are highly configurable systems tailored to the diverse needs of customer environments and applications. Modern applications require short development cycles and IAM systems that can be adjusted at the same pace. Modern data centers are configuration-driven, resilient environments designed to meet rapidly changing application needs, and modern IAM solutions must be in line with this paradigm. Introducing traditional IAM products into cloud containers is not a simple "lift and shift" operation, as it once was with the virtual machine infrastructure. Today's...

Webcast

Dr. Torsten George - Zero Trust: Solving IT Security’s Identity Crisis

Although companies are constantly increasing their cybersecurity budgets, this does not seem to help much: each day we learn about new large-scale data breaches. Considering that over 80% of hacking-related breaches leverage compromised user credentials, it’s mindboggling why so many organizations are still focusing on securing their network perimeters. This keynote outlines an entirely new approach — Zero Trust Security. This paradigm assumes that nothing in your corporate IT infrastructure — including users, endpoints, networks, and resources — is ever trusted,...

Webcast

Joy Chik - Planning for Tomorrow: Connecting Identities for People, Processes, and Things

Social, economic and technological changes are creating urgent new requirements for enterprise identity that enable interconnected digital systems. These new use cases require a governance framework that is consistent, integrated and efficiently managed. It also needs to provide increased security, privacy and reliability while being open. Learn how to respond holistically to these growing and evolving identity needs.

Webcast

Jeff Jonas - Do you Know What You Know About the Data Subject?

GDPR obligates organizations to provide data subjects with access to their personal data. To comply, companies must be able to answer a seemingly innocuous but frighteningly difficult question: What do we know about the data subject? Further, organizations must respond to Data Subject Access Requests (DSARs) in a privacy-preserving, Privacy by Design-embedded manner. This is going to be problem as organizations are not going to be able to reliably find the data – as there are too many places look, data variability (Elizabeth vs. Liz) and other problems. In this keynote these...

Webcast

Martin Kuppinger - Microservices Architectures: Making IAM Hybrid

In recent times, an increasing number of vendors announced a migration of their products towards microservices architectures. Some renovate their existing on premises IAM tools, others build new solutions with a new architectural approach. Factually, the idea isn’t that new, but the evolution in the field of microservices and containerization now enables flexible architectures that allow to distribute and scale components better than in the past. Furthermore, such architectures build the foundation for simplified hybrid cloud deployments, but also increased customization using APIs...

Press Release

First Blockchain ID Innovation Night

On Monday, 14th of May 2018, KuppingerCole hosted first ever Blockchain ID Innovation Night in Munich, Germany. It preceded the four-day European Identity & Cloud Conference (EIC), Europe’s leading event for Identity and Access Management (IAM), Privacy & GDPR, Blockchain Identity, as well as Cybersecurity.

Press Release

12th European Identity & Cloud Conference

Today KuppingerCole open its doors to their 12th European Identity & Cloud Conference, Europe’s leading event for Identity and Access Management (IAM), Privacy & GDPR, Blockchain ID, as well as Cloud Security and Digital Transformation, in Munich, Germany. With 60 exhibitors and more than 800 participants from all over the world KuppingerCole brought together the world’s leading vendors, end users, thought leaders, visionaries and analysts.

Webcast

Martin Kuppinger - The Future Model of Identity: Blockchain ID and the Digital Transformation

Distributed Ledger Technologies ("Blockchain") are the foundation for the most disruptive changes to business we are either already observing or that are on the road to becoming a reality. Based on these technologies, both new business models and fundamental changes to established models become possible – and what is technically feasible and economical beneficial will happen. However, there is still one missing element for fully leveraging the Blockchain potential: Identity. Identity in that context is far more than just identification, authentication, or authorization. It is...

Webcast

Prof. Dr. Hans Ulrich Buhl - Unchaining Blockchain

Blockchain is much more than the technology behind its still most successful application – the Bitcoin. One of its key attributes is the immutable storage of information. Besides other applications, this enables trustful online business between two or more individuals – without the need of any intermediary. Thus, the Blockchain is said to introduce the “Internet of Trust” as successor of the “Internet of Information”. In various workshops with industry, we have identified how organizations cope with this possibly disruptive technology. While some try to...

Webcast

Ralf Oestereich - We will Disrupt You

We will Disrupt You - Are AI, Blockchain, IoT a Blessing or Curse for an Insurance Company?

Webcast

Drs. Jacoba C. Sieders - Digital Identities and Blockchain: Experiments and Use Cases @ ABNAMRO

ABNAMRO runs over 30 blockchain experiments, also involving digital identity capabilities. Co-operation has been set –up across various coalitions, and use cases are running a lot wider than just the banking and payments industry. Academia, building-, and shipping industries are also involved. What are the typical problems to solve with blockchain technology, and why? Some of the practical use cases and scenarios ABNAMRO is involved in today.

Webcast

Doc Searls - How Customers Will Lead Companies to GDPR Compliance and Beyond

Nearly all advice on GDPR compliance is about what companies can do for other companies, or companies can do for themselves. There isn't much on what customers can do for companies, which may turn out to be the biggest help of all. That’s because customers are going to get more power all the time, and that’s exactly what the GDPR was made to encourage, whether regulators knew that or not. Doc Searls has been on this case for over a decade, leading ProjectVRM, which encourages development of tools and services that empower customers. (And which won a KuppingerCole award in...

Webcast

Kim Cameron - The Laws of Identity on the Blockchain

Keynote at the European Identity & Cloud Conference 2018

Webcast

Patrick Parker - The AI and Robotic Process Automation Revolution and the Upcoming Redesign of IAM

The AI and Robotic Process Automation revolutions are in full swing with record growth in both sectors as well as an explosion of new startups in this space. Not to be left behind, existing vendors are rushing to heed the call of AI and automation by sprucing up there existing product suites with conversational interfaces and smart AI-driven assistants. This session will cover the impact of these emerging technologies on the IAM product space and what can be expected in the near future.

Webcast

Dr. Sridhar Muppidi - Identity Meets Fraud Protection to Establish Digital Trust

In this session, we will introduce a framework to establish digital trust based on capabilities from fraud protection and Identity. This will quickly and transparently establish a trusted, frictionless digital relationship for your customers, employees, and business partners. The session will also highlight key scenarios of adoption, best practices and leveraging emerging topics like decentralized identity networks.

Webcast

Jason Rose - Realizing the full potential of Consumer Identity

Customer Experience is Everything and Everything is Digital. Digital transformation is now the center of marketing, advertising and sales strategy across every industry and region, with today’s consumers demanding a seamless and relevant experience across online and offline channels and devices. Consumers and Regulators Demand Privacy, Security and Control of Personal Data With the rise of increasingly severe cybersecurity incidents and concerns over poor or unethical business practices, governments and their citizens are rewriting the rules for online commerce and the collection...

Webcast

Jackson Shaw - Fire Safety and Cyber-Security – Smoke Detectors are Not Enough

It takes most businesses over 6 months to detect a breach on their network. And while smoke detectors are proven to halve the death rate by fire, saving thousands of lives each year, detection is sometimes too late to prevent many buildings from burning to the ground. So imagine if it were possible to reduce the risk of a cyber-security fire starting in the first place. We are all familiar with the elements needed to start a fire: heat, oxygen and fuel. For data breaches, one key element of risk is abnormally high access entitlements. Detecting these abnormalities early, across your...

Webcast

Eve Maler - The Evolution of Identity and its Importance for our Digital Lives

Identity is as old as mankind and adapted very well to its changing environments. From a simple look that determines who you are to a high frequency of multi-factor vehicle-to-vehicle authentication in autonomous driving - with Digital Transformation, Identity in digital form has become the enabler of complex horizontal value chains and ecosystems. Without authentication, authorization, and consent, those digital ecosystems of our every-day journeys will be less secure, less convenient, and less beneficial. The “consent" part most especially needs new thinking - from pure...

Webcast

Carmine Auletta - Identity & Digital Trust

Trust is essential for a society to function. It’s even more critical in a digital society where transactions take place between parties that can only rely on each other supplied digital Identity. eIDAS Regulation provides – for the first time – a clear, universal and comprehensive Trust framework for the digital world. Thanks to eIdas, EU is today the country with the most advanced regulatory framework for Digital Trust but, the Regulation is not able to cope with the new challenges introduced by AI, IoT or Distributed Ledger Technologies. Software increasing...

Webcast

Lukas Praml - Your Mobile Identity: Blockchain Ain't no Swiss Army Knife

Digital identity solutions are very wide spread and everybody is using them on a day to day basis. Mainly it can be distinguished between state issued IDs/eIDs which lack usability and are therefore not as successful as hoped and self-claimed or self-established eIDs (sometimes stored in the blockchain) where service providers have to rely on the honesty of the user. Additionally, self-claimed solutions mostly focus on the eID and don’t cover traditional ID documents. In this presentation, a mobile ID solution is presented that shows a combination of traditional printed ID documents...

Webcast

Christopher Spanton - Blockchain and the Business of Identity

Identity and Access Management (IAM) within an enterprise environment presents complex challenges for any business. While new technologies, such as blockchain, have the potential to help solve some of these challenges, today bringing blockchain into solution oriented discussions can merely add to that complexity. In this session we’ll explore the pillars of blockchain based identity, and how business can use blockchain as a keystone technology to simplify many of the traditional challenges of IAM.

Webcast

Mo Ahddoud - SGN Securing Shared Credentials at The Heart of Digital Transformation

The future of IT security will depend on CISOs who are brave enough to build a new security model that is both innovative and unconventional. Gas distribution company, SGN, is blazing a trail that every company can follow. As a UK, critical infrastructure company SGN’s cloud-first strategy, provided an opportunity to redefine the security model with privileged access zero-touch and zero-trust as key principles. This thinking is enabling secure adoption of the cloud, IoT and frictionless user experience. The result is redefining traditional thinking.

Blog

Email Encryption Is Dead™. Or Is It?

As we all know, there is no better way for a security researcher to start a new week than to learn about another massive security vulnerability (or two!) that beats all previous ones and will surely ruin the IT industry forever! Even though I’m busy packing my suitcase and getting ready to head to our European Identity and Cloud Conference that starts tomorrow in Munich, I simply cannot but put my things aside for a moment and admire the latest one. This time it’s about email encryption (or rather about its untimely demise). According to this EFF’s announcement, a group...

Executive View

Executive View: StealthDEFEND® - 70366

Cyber-attacks often involve a complex process, including an insider threat element, which exploits compromised or illicit user credentials to gain access to data. StealthDEFEND is the real time file and data threat analytics component of the STEALTHbits’ Data Access Governance Suite. 

Webinar

Jun 28, 2018: Securing your Hybrid IT Environment with Privileged Access Management

As your business grows, so does your IT footprint – both on-premises and in the cloud. This adds to the overall complexity of managing access to the newly acquired IT assets and applications in addition to existing ones. The conventional approaches of managing privileged access using controls native to the individual operating systems, and other internal access policies, are not only cumbersome to manage but add to the security risks in today’s hybrid IT environment.

Press Release

European Identity & Cloud Conference 2018

Wiesbaden, May 2, 2018 – The European Identity & Cloud Conference , taking place May 15 - 18, 2018 at the Infinity Ballhaus Forum Unterschleissheim, Munich/Germany, is Europe’s leading event for Identity and Access Management (IAM), Privacy & GDPR, Blockchain ID, as well as Cybersecurity. For the 12th time KuppingerCole will bring together more than 50 exhibitors and 900+ participants from all over the world, including most leading vendors, end users, thought leaders, visionaries, and analysts.

Congress

May 14 - 17, 2019: European Identity & Cloud Conference 2019

Come to the place where the Digital Transformation is happening. The European Identity & Cloud Conference, held from May 14-17, 2019, offers a mixture of best practice discussions, visionary presentations, and networking opportunities with a future-oriented community. More than 800 thought leaders, leading vendors, analysts, executives, and end-users get together in Munich to be inspired by a list of world-class speakers.

Webinar

Jun 20, 2018: Best Practices of Privileged Identity Management

Security and risk management leaders need to balance the significant security risks associated with unmanaged privileged access against the administrative and other operational efficiencies achieved by conventional privileged access management practices.

Webcast

Zero Trust: Solving IT Security’s Identity Crisis

Although companies are constantly increasing their cybersecurity budgets, this does not seem to help much: each day we learn about new large-scale data breaches. Considering that over 80% of hacking-related breaches leverage compromised user credentials, it’s mindboggling why so many organizations are still focusing on securing their network perimeters.

Executive View

Executive View: Oracle Database Security Assessment - 70965

This report provides an executive summary of Oracle’s Database Security capabilities based on recently published KuppingerCole research. It covers both the company’s traditional database security solutions and the innovative Autonomous Database cloud platform.

Executive View

Executive View: Pirean Consumer IAM Platform - 70223

In today’s modern digital environments, organizations need an IAM solution that can span the breadth of employees, consumers, and citizens. Pirean's Access: One provides a single point of access and control that can meet these need with support for secure mobility and flexible workflows.

Quicklinks

Welcome to KuppingerCole

How can we help you

Send an inquiry

+49 211 237 077 33

Mo – Fr 8:00 – 17:00

Stay Connected

Spotlight

Modern Cybersecurity Trends & Technologies Learn more

Modern Cybersecurity Trends & Technologies

Companies continue spending millions of dollars on their cybersecurity. With an increasing complexity and variety of cyber-attacks, it is important for CISOs to set correct defense priorities and be aware of state-of-the-art cybersecurity mechanisms. [...]