News Archive

Webcast

Cybersecurity Leadership Summit 2018 Europe Summary

Executive View

Executive View: Sphere Identity Platform - 79052

Any Self-Sovereign Identity platform must strike a balance between the individual and the organization that uses it. The Sphere Identity platform provides not only primary support for B2B, but also economic incentives for both individuals and organizations through ease of use, privacy, and rewards for the individual, and reduced compliance risk, easy customer onboarding and integration for the organization.

Blog

Cross-Border Verification with LIGHTest

LIGHTest leverages on existing infrastructures to verify electronic transactions. This ability is especially useful for transactions that are not created in the same trust scheme or country as the entity validating the transaction. This is mainly because creating new infrastructure takes time, money and possibly other unforeseen costs. This post shows an example of how to use LIGHTest in practice. Let us assume there are two businesses that are working together for the first time, one from France and one from the United States. The ability to validate necessary documents to form a business...

Webcast

A Digital Society Needs a Digital ID

Our world is becoming more digital and more mobile every day. The sensitivity of information being exchanged online grows rapidly and data privacy is a real concern to many people.
How are we facing new challenges to keep pace with today's digital transformation?
Getting rid of all paper flows, taking KYC-process to the next level, improve customers’ experience, introduce a safer way to login and confirm transactions, be compliant with EU regulations and PSD2.
Creating a digital ID in a country is one of the solution, but it requires more then just technology.

Webcast

Panel: CIAM Strategy Best Practice

When dealing with consumers and customers directly the most important asset for any forward-thinking organization is the data provided and collected for these new type of identities. The appropriate management of consumer identities is of utmost importance. Handing over personal data to a commercial organization the consumer typically does this with two contrasting expectations. On the one hand, the consumer wants to benefit from the organization as a contract partner for goods or services. Customer-facing organizations get into direct contact with their customers today as they are...

Webcast

Privacy By Design in Practice

Privacy has become a global concern, with regulations such as GDPR coming into effect. In this context, e-commerce businesses that operate globally cannot simply adopt data protection regulations of a single country/region. Supporting each and every regulation as they emerge is challenging and greatly increases the maintenance cost. Furthermore, these kinds of regular modifications can lead to poor customer experiences. Leveraging well-known privacy by design principles into your system design strategy is a long-term and sustainable solution for most of these privacy challenges. Once these...

Webcast

The End of the Password – How to Really Protect Digital Identity

In the digitalized world, passwords are not sufficient anymore to protect digital logins and transactions. What’s even worse: In 81 percent of all cases, they are the main reason for a hack. Once a password is stolen, it opens the doors to fraudulent use and data theft. Furthermore, since most consumers link their online accounts at Amazon, eBay or Twitter to their Facebook or Google account, attackers only have to hack one password in order to gain access to the entire range of applications. This also enables them to easily compromise the complete digital identity of a user. All...

Webcast

Consent Life Cycle Management

Consent Management is a crucial aspect of PSD2 and GDPR regulation. At initial thought, consent seems to be simple but from legal and regulatory perspective its complexity arises. Managing consent within an organization should be well planned with all units of businesses and audit trail to prove the veracity of the consent should be tied to identity and security systems of the organization.

Webcast

Panel: How to Defend your Customer from Current and Future Threats

This panel will explore contemporary means of protecting identities to lower cyber risk while safeguarding the privacy of users. Learn best practices from data protection & privacy experts on how to use the latest defenses to secure your organization against the latest threats and to offer your customer a smooth customer journey without fears.

Webcast

Data Privacy — Who Actually Cares and Why?

Most of us know that Facebook, Google, Amazon and million others are collecting vast troves of demographic and behavioral data about us — sometimes even if you aren't on Facebook. That’s bad, right? But do we really care? If we don't care — that is excellent news for advertisers and every other data mining company. But if we do care, what are the implications for marketers? What does it mean for the generation of products and services we develop? This session will highlight how we rationalize or perceive data-privacy, why we care, and what we expect from companies when...

Webcast

Transform Your Customer Experience: Customer Identity Today and Tomorrow

Customers are increasingly expecting more from the businesses they interact with, especially as security and privacy breaches dominate headlines. Customer Identity and Access Management can help businesses transform their customer experiences.
Join this session to learn about key use cases where organizations have leveraged CIAM to deepen their relationships with a broad spectrum of customers, businesses, and partners and to hear Okta's view of what they will demand in 2018 and beyond.

Webcast

5 months of GDPR – status quo on implementation of the most extensive digital law in the world

How are companies, consumers and authorities taking the new regulation?

Webcast

How Policy Based CIAM can Improve the Customer Journey

In an ever-changing and rapidly evolving world, the fight about the customer is getting tougher. Companies that can offer a customer-centric approach have the advantage. With new technologies such as mobile, internet of things, social media, and big data, the approach towards customers is getting redefined. During this presentation, TrustBuilder’s Sales Director for Benelux Kurt Berghs will give some industry-based examples of how policy-based Customer Identity and Access Management (CIAM) can help with these new challenges.  For different markets such as finance,...

Webcast

CX as the core of any CIAM

Customer Experience (CX) is the central starting point when it comes to the strategic definition of your CIAM. The management of millions of identities and the handling of several millions of interactions per day is a technical challenge that changes every day. However, ease of use, efficiency and joy of use by the customer are indispensable prerequisites. At the same time, it is imperative that every consumer can control access to his personal data. Managing customer information in a digitally changing economy with many business partners in need of access is one of today's biggest...

Webcast

Panel: Blockchain, Identity and Privacy - How to Combine It?

Blockchain, Identity and Privacy: Three words that buzz, fade and mature. 

The blockchain is currently one of the most-hyped technologies. In this panel, we will explore how security and privacy can be enhanced by blockchain technology and outline the challenges ahead. Further, we discuss If and when blockchain-based identity projects reach critical mass in terms of user adoption, they could help get more decentralized services off the ground.

Press Release

KuppingerCole Analysts organizes Consumer Identity World APAC in Singapore

Wiesbaden, November 12, 2018 – For the second time the Consumer Identity World APAC will take place from November 20-22, 2018 at The Westin Hotel, Singapore. Singapore is the third event of the Consumer Identity World Tour which already took place in Seattle (Sep 19-21) and Amsterdam (Oct 29-31).

Advisory Note

Buyer’s Guide: Identity-as-a-Service (IDaaS)

Organizations need a detailed yet carefully guided and defensible approach to evaluate Identity and Access Management Services (IDaaS). This document provides the required guidance and criteria necessary for evaluating IDaaS providers and supporting the request for proposal (RFP) processes. Security leaders are encouraged to use the criteria laid out in this research for IDaaS evaluation and modify it as necessary to meet specific business requirements.

Webcast

An Overview of the Leadership Compass: Adaptive Authentication and Cloud-Based Multi-Factor Authentication

KuppingerCole has published two related Leadership Compasses on Adaptive Authentication and Cloud-based Multi-Factor Authentication solutions. We define adaptive authentication (AA) as the on-premises deployments, whereas Cloud-based MFA is SaaS-delivered. For both AA and Cloud MFA, many organizations need to gather additional attributes about users and their environments and evaluate the attributes in the context of risk-based policies. The goal of AA & Cloud MFA is to provide the appropriate risk-mitigating assurance levels for access to sensitive resources by requiring users to...

Press Release

KuppingerCole Analysts organizes first Cybersecurity Leadership Summit in Berlin

Wiesbaden, November 07, 2018 – Cybersecurity Leadership Summit 2018 will take place for the first time from November 12 to November 14 in Berlin, Germany.

The Berlin summit It is the place where the audience can learn more about the future of digital business security, Artificial Intelligence & cybersecurity, Zero Trust security and increasing Social Engineering threats. The participants will hear about the innovative ways and strategies for mastering various security challenges. 

Webcast

How to Handle Consent to Be Compliant With the GDPR and the Upcoming ePrivacy Regulation

GDPR is here to stay and the new ePrivacy regulation is on the horizon, but many organizations are still not yet in full state of compliance. A core requirement for compliance with GDPR is the concept of “consent,” which is fairly new for most data controllers. Now, with the GDPR regulation in force, parties processing personally identifiable information need to ask the user for his/her consent to do so and let the user revoke that consent any time and as easily as it was given.

Executive View

Executive View: IBM Security Access Manager (ISAM) - 79066

As IAM is continuing to evolve based on the growing list of IT security requirements, so is IBM Security Access Manager (ISAM). Not only does ISAM provide the essentials of access management and federation use cases, but it also provides Risk-Based Access Control and Mobile capabilities, as well as providing flexible deployment models.

Executive View

Executive View: ThreatMetrix Digital Identity Network, powered by ThreatMetrix ID - 79049

ThreatMetrix is a global fraud, identity and authentication company, helping customers deliver a unified experience across their digital customer journey.  Built on a platform providing a unified, global customer digital identity, ThreatMetrix enables businesses to prevent fraud, reduce friction, and streamline the customer experience using both risk-based and strong authentication capabilities.

Blog

IBM Acquires Red Hat: The AI potential

On October 28th IBM announced its intention to acquire Red Hat. At $34 Billion, this is the largest software acquisition ever.  So why would IBM pay such a large amount of money for an Open Source software company? I believe that this acquisition needs to be seen beyond looking just at DevOps and Hybrid Cloud, rather in the context of IBM’s view of the future where the business value from IT services will come from in future. This acquisition provides near-term tactical benefits from Red Hat’s OpenShift Platform and its participation in the Kubeflow project. It strengthens...

Blog

IBM & Red Hat – And Now?

On October 28th IBM announced its intention to acquire Red Hat. At $34 Billion, this is the largest software acquisition ever. So why would IBM pay such a large amount of money for Red Hat? Not surprising, there were quite a few negative comments from parts of the Open Source community. However, there is logic behind that intended acquisition. Aside of the potential it holds for some of the strategic fields of IBM such as AI (Artificial Intelligence) and even security (which is amongst the divisions of IBM showing the biggest growth), there is an obvious potential in the field of Hybrid...

Executive View

Executive View: AWS Identity and Access Management - 79048

AWS is the largest global provider of Cloud infrastructure with extensive capabilities to suit a wide range of customer requirements for cloud-based services. The AWS platform now provides easy-to-use facilities to allow customer to better leverage their identity management environment.

Blog

Impressions from the Oracle OpenWorld

Recently I was in San Francisco again, attending the Oracle OpenWorld for the second time. Just like last year, I cannot but commend the organizers for making the event even bigger, more informative and more convenient to attend – by all means not a small feat when you consider the crowd of over 60000 attendees from  175 countries. By setting up a separate press and analyst workspace in an isolated corner of the convention center, the company gave us the opportunity to work more productively and to avoid the noisy exposition floor environment, thus effectively eliminating the...

Executive View

Executive View: Securonix Cloud SIEM and UEBA - 79035

Securonix Cloud is a next-generation security intelligence platform that provides comprehensive security information and event management, as well as user and entity behavior analytics offered as a fully managed Security Operations Platform in the cloud.

Webinar

Dec 11, 2018: The Power of Identity Context: How to Get the Right Context and How AI will Help

How did the phrase “Russian trolls” manage to take over the news? If anyone knew at the time that these were not actually American citizens, they would have had no power to influence. That’s what a lack of identity context will do to you.

Webinar

Nov 22, 2018: Blockchain ID for the Enterprise: A Single ID? A Good Complement? Or Irrelevant?

Blockchain and the underlying concept of “Distributed Ledger Technologies” (DLT) have well passed the peak of initial hype. As always, focus is now shifting to real-world applications that allow companies to improve their business. It is less about cryptocurrencies and concepts with a global impact, but more about process and supply chain optimizations as well as better identity (ID) concepts. Blockchain IDs are being heavily discussed as the number of concrete product offerings is increasing in the marketplace. With organizations facing an ever-growing ID problem in their Digital...

Press Release

KuppingerCole Analysts organizes Consumer Identity World EU in Amsterdam

Wiesbaden, October 23, 2018 – For the third time in a row the Consumer Identity World EU will take place from October 29-31, 2018 at the Marriott Hotel, Amsterdam. The event is the second event of the Consumer Identity World Tour which took place in Seattle (Sep 19-21) and will continue in  Amsterdam (Oct 29-31) and Singapore (Nov 20-22).

Webinar

Dec 13, 2018: Five Steps to Building an Effective Insider Threat Program

The greatest cybersecurity threat an organization faces is no longer the malicious outsider hacking from beyond network firewalls. It is the insiders - the contractors, third-party vendors, and even your own privileged employees who already have full access to your company's systems and sensitive data. Any of those can cause substantial damage to your business by leaking confidential information, disrupting access to a critical system or simply draining your bank account. The most privileged users in this regard are no longer the IT administrators, but the CEO or CFO, and the number of new...

Webcast

Fine-Grained Policy-Based Access Control: Why & How?

Mastering authorization is critical for modern organizations with multiple user constituencies, applications, and data types. Authorization has become a crucial part of security infrastructures and can no longer be considered just another feature of existing IAM solutions. Instead, authorization control infrastructures have developed their own segment in the security market. There is a need for more than just one technology to meet different needs of the market, especially in the areas of administration and governance - both dictate the need for an authorization solution. Furthermore,...

Webinar

Nov 29, 2018: Identity Verification & Authentication Made Easy

Business is undergoing change. The Digital Transformation affects business models and changes the way businesses interact with their customers. A seamless customer journey is a key success factor for the digital business. This journey starts with attracting the customer and includes steps such as registration, Identity Verification and the authentication of customers when they return.

Executive View

Executive View: Zscaler Security-as-a-Service Platform - 72505

Zscaler is the world’s largest multi-tenant distributed cloud security platform that delivers a broad range of services without any on-premises hardware or software agents, including cybersecurity, network transformation, public cloud connectivity, and secure access to on-premises and cloud services.

Webcast

Assuring and Implementing Cybersecurity and Data Protection for Public Clouds

Just a few years ago, IT infrastructures resembled medieval fortresses: Firewalls, intrusion prevention systems and anti-virus programs were supposed to ward off attacks even before the enemy could enter. But things have changed substantially: The traditional security perimeter is proving to no longer be an effective cybersecurity control and fast-growing technologies, such as cloud, mobile and virtualization make the boundaries of an organization blurry. Protecting sensitive resources of modern organisations, which are becoming increasingly logically and geographically distributed, is...

Webinar

Dec 06, 2018: Modern Endpoint Protection – Automating Prevention, Detection, and Response

“Antivirus is dead!” - we’ve heard talks like this for years. Some experts would point out that traditional signature-based products cannot detect zero-day attacks or sophisticated advanced threats. Others would even recommend getting rid of any 3rd party antimalware products because the one built into Windows is good enough. But can we really take these claims at face value?

Webcast

Buying Into Zero Trust? What You Need to Consider to Be Successful

As organizations take on the digital transformation, trends such as mobility, proliferation of SaaS applications and cloud infrastructure are driving up the number of connected entities and devices increasing the attack surface. With the spate of recent acquisitions in the market looking to change the way we approach security, we need to think beyond the technology and focus on the gaps we need to consider.

Executive View

Executive View: FSP Identity Governance & Administration Suite ORG - 79050

Die FSP Identity Governance & Administration Suite ORG ist eine Lösung zur Verwaltung des Identitäts- und Zugriffslebenszyklus und bedient somit den Markt für Identity Provisioning und Access Governance, gerade in stark regulierten Branchen. Ein besonderer Vorteil des Produkts ist die Kombination von rollenbasierter und richtlinienbasierter Zugriffssteuerung in einer einzigen Lösung.

Blog

The Ethics of Artificial Intelligence

Famously, in 2014 Prof. Stephen Hawking told the BBC: "The development of full artificial intelligence could spell the end of the human race." The ethical questions around Artificial Intelligence were discussed at a meeting led by the BCS President Chris Rees in London on October 2nd. This is also an area covered by KuppingerCole under the heading of Cognitive Technologies and this blog provides a summary of some of the issues that need to be considered. Firstly, AI is a generic term and it is important to understand precisely what this means. Currently the state of the art can be...

Whitepaper

Whitepaper: SailPoint: Governance for all data: Get a grip on unstructured data - 79046

While many businesses have solutions for managing and reviewing access at a coarse-grain, cross-system level in place as part of their Identity & Access Governance solutions, they lack an integrated approach for governing access to unstructured data. However, for mitigating access risks to that data, expanding the aperture of identity governance programs is mandatory. This whitepaper looks at the requirements and the solution SailPoint delivers.  

Leadership Compass

Leadership Compass: Identity Governance & Administration - 71135

Backed by closer integration of Identity Provisioning and Access Governance capabilities, the IGA market continues to evolve and enters mainstream market adoption with most vendors providing mature capabilities around the core IGA functions. This Leadership Compass provides insights into the IGA market and presents an evaluation of vendors based on criteria important for successful IGA deployments.

Leadership Compass

Leadership Compass: Cloud-based MFA Solutions - 70967

This report provides an overview of the market for Cloud-based Multi-Factor Authentication (MFA) solutions and provides you with a compass to help you to find the service that best meets your needs. We examine the market segment, vendor service functionality, relative market share, and innovative approaches to providing Cloud-based MFA solutions.

Leadership Brief

Leadership Brief: Mit den VAIT zu einer transparenteren Versicherungs-IT - 79081

Mit dem im Juli 2018 final vorgelegten Dokument „Versicherungsaufsichtliche Anforderungen an die IT“ (VAIT) gibt die BaFin (Bundesanstalt für Finanzdienstleistungsaufsicht) Versicherungsunternehmen konkretere Vorgaben für die Umsetzung ihrer Geschäftsprozesse mittels IT an die Hand. Diese stellen Herausforderungen dar, denen in betroffenen Unternehmen angemessen, transparent und wohldokumentiert begegnet werden muss.

Blog

Making Sense of the Top Cybersecurity Trends

With each passing year, the CISO’s job is not becoming any easier. As companies continue embracing the Digital Transformation, the growing complexity and openness of their IT infrastructures mean that the attack surface for hackers and malicious insiders is increasing as well. Combined with the recent political developments such as the rise of state-sponsored attacks, new surveillance laws, and harsh privacy regulations, security professionals now have way too many things on their hands that sometimes keep them awake at night. What’s more important – protecting your...

Webinar

Nov 15, 2018: Zero Trust Reality Check: Secure Access for Hybrid IT

Workforce mobility and widespread adoption of distributed data center and cloud environments have introduced significant access control complexities and threats. Organizations are questioning the efficacy of conventional, perimeter-based defenses and are now evaluating a “trust but verify” model. What are key enterprise considerations when deploying Zero Trust to enable seamless access, ensure business compliance and mitigate risk?

Webcast

Customer Identity Access Management (CIAM): Creating the Foundations for User Focused Digital Business, GDPR Compliant

Digital Business Transformation is a continuous process that affects all areas of doing business, with technology finally getting the right focus: The customer and his/her experience with your business. It is now all about providing that ultimate Frictionless CX (customer experience) so that users don't do that “one-click” towards your competitors.

Blog

Artificial Intelligence and Cyber Security

As organizations go through digital transformation, the cyber challenges they face become more important. Their IT systems and applications become more critical and at the same time more open. The recent data breach suffered by British Airways illustrates the sophistication of the cyber adversaries and the difficulties faced by organization to prevent, detect, and respond to these challenges. One approach that is gaining ground is the application of AI technologies to cyber security and, at an event in London on September 24th, IBM described how IBM Watson is being integrated with other...

Webinar

Nov 08, 2018: An Overview of the Leadership Compass: Adaptive Authentication and Cloud-Based Multi-Factor Authentication

KuppingerCole has published two related Leadership Compasses on Adaptive Authentication and Cloud-based Multi-Factor Authentication solutions. We define adaptive authentication (AA) as the on-premises deployments, whereas Cloud-based MFA is SaaS-delivered.

Webcast

Panel: How to Defend Your Customer from Current and Future Threats

Learn best practices from data protection experts on how to use the latest defenses to secure your organization against the latest threats and to offer your customer a smooth customer journey without fears.

Webcast

Marisa Rogers - Privacy by Design for Consumer Goods and Services

Webcast

Panel: Multi-Factor Authentication Options for Consumer Identity Solutions

Webcast

Christian Goy - Data Privacy: Who Actually Cares and Why

Most of us know that Facebook, Google, Amazon and million others are collecting vast troves of demographic and behavioral data about us — sometimes even if you aren't on Facebook. That’s bad, right? But do we really care? If we don't care — that is excellent news for advertisers and every other data mining company. But if we do care, what are the implications for marketers? What does it mean for the generation of products and services we develop? This session will highlight how we rationalize or perceive data-privacy, why we care, and what we expect from companies when...

Webcast

Prabath Siriwardena - Five Pillars of Consumer IAM

Transforming the customer experience is at the heart of digital transformation. Digital technologies are changing the game of customer interactions, with new rules and possibilities that were unimaginable only a few years back. Customer Identity and Access Management (CIAM) is a whole emerging area in the IAM, which is essentially an ingredient for digital customer experience. Today’s increasingly sophisticated consumers now view digital interactions as the primary mechanism for interacting with brands and, consequently, expect deeper online relationships delivered simply and...

Webcast

Panel: CIAM Strategy Best Practice

When dealing with consumers and customers directly the most important asset for any forward-thinking organization is the data provided and collected for these new type of identities. The appropriate management of consumer identities is of utmost importance. Handing over personal data to a commercial organization the consumer typically does this with two contrasting expectations. On the one hand, the consumer wants to benefit from the organization as a contract partner for goods or services. Customer-facing organizations get into direct contact with their customers today as they are...

Webcast

John Tolbert - The CIAM Solutions Market

Webcast

Panel: Blockchain, Identity and Privacy - How to Combine It

Blockchain, Identity and Privacy: Three words that buzz, fade and mature. 

The blockchain is currently one of the most-hyped technologies. In this panel, we will explore how security and privacy can be enhanced by blockchain technology and outline the challenges ahead. Further, we discuss If and when blockchain-based identity projects reach critical mass in terms of user adoption, they could help get more decentralized services off the ground.

Webcast

Dr. Hans Lombardo - Identity for a Connected World

 

In this session, we will examine use of blockchain tech and smart contracts

  • How the blockchain can support identity verification of humans (KYC), objects (KYO) and connected devices (KYD)
  • Building a platform-as-a-service offering shared regulatory compliance services for humans, companies, objects, and devices. 
  • Enabling development of new apps that need trusted connections between human, corporate, and device identities

Webcast

Andrew Shikiar - Moving Beyond Passwords with Standards-based Strong Authentication

Webcast

Patrick Salyer - The Digital Imperative: Build Trust with Customers, Don't Break It

Today’s customers, beset with endless choices, expect brands to understand their needs and deliver contextual experiences that reduce stress and increase convenience. But, these same customers don’t want this kind of personalization at any cost. Unfortunately, many businesses still employ “creepy” tactics when marketing to customers, breaking their trust. This, in turn, has led to the GDPR and a slew of newer data protection regulations. How do you win back the trust of customers and steer clear of regulatory punishment? Join us to learn best practices from CX...

Webcast

John Tolbert - The Journey to CIAM Success

Consumer Identity and Access Management (CIAM) is many things. For some it’s all about streamlining the user experience through technologies and practices that make it easier for them to securely logon. For others, IAM is all about identity lifecycle management – ensuring that accounts are set up, modified, and retired in a timely, accurate, and secure manner. And for still others it’s focused on security and compliance through technologies and practices that make governance activities such as attestations easy and complete, or adding a...

Webcast

William Spruill - Trust and Privacy in Digital Identity Verification

Webcast

Tim Maiorino - GDPR: Four Months in... And Now

A quick overview of how the perception of GDPR has developed over the last few weeks prior to 25th May 2018 and in the weeks following the date everyone had been waiting for and working towards for months and months. Is GDPR as dangerous as everyone thought? What are the most relevant questions, issues and tasks in practice?

Blog

Consumer Identity World (CIW) USA 2018 - Report

Fall is Consumer Identity Season at KuppingerCole, just in time for holiday shopping. Last week we kicked off our 2018 tour in Seattle. The number of attendees and sponsors was well up over last year, indicating the significant increase in interest in the Consumer Identity and Access Management (CIAM) subject. CIAM is one of the fastest growing market segments under IAM, and with good reason. Companies that deploy CIAM solutions find that they can connect with their consumers better, delivering a more positive experience, and generating additional revenue. CIAM can also aid with regulatory...

Webinar

Dec 04, 2018: Security vs. Innovation: Why Not Choose Both?

In a world where businesses compete and succeed on the basis of application-driven innovation, enterprises are challenged to deliver software to market faster than ever before. Simultaneously, they're grappling with insider and outsider cybersecurity threats, as well as stringent data privacy regulations such as GDPR.

Webinar

Nov 06, 2018: How to Handle Consent to Be Compliant With the GDPR and the Upcoming ePrivacy Regulation

GDPR is here to stay and the new ePrivacy regulation is on the horizon, but many organizations are still not yet in full state of compliance. A core requirement for compliance with GDPR is the concept of “consent,” which is fairly new for most data controllers. Now, with the GDPR regulation in force, parties processing personally identifiable information need to ask the user for his/her consent to do so and let the user revoke that consent any time and as easily as it was given.

Webcast

Making Sense of the Top 5 Latest Cybersecurity Trends

Let’s face it: with each passing year, the CISO’s job is not becoming any easier. As companies continue embracing the Digital Transformation, the growing complexity and openness of their IT infrastructures mean that the attack surface for hackers and malicious insiders is increasing as well. Combined with the recent political developments such as the rise of state-sponsored attacks, new surveillance laws, and harsh privacy regulations, security professionals now have way too many things on their hands that sometimes keep them awake at night. What’s more important...

Blog

Intelligente Governance jenseits von Auditoren und regulatorischen Anforderungen

Es kann viele Gründe geben, warum ein Unternehmen eine Initiative zur Verbesserung seiner Informationssicherheit ergreift. Es gibt jedoch einen spezifischen Grund, der sich immer wieder wiederholt: "Weil die Auditoren das sagen, müssen wir....". Die Realität und die hieraus resultierende Logik war bislang oft wie folgt: Zur Durchsetzung der regulatorischen oder gesetzlichen Anforderungen gehören Sanktionen bei Nichteinhaltung. Diese galt es zu vermeiden. Dies führte zu einem Ankreuz-Listen-Ansatz für die Einhaltung der Vorschriften. Wenn dieser mit dem wie...

Blog

Intelligent Governance Beyond Auditors and Regulatory Requirements

There can be many reasons why a company takes an initiative to improve its information security. However, there is one specific reason that repeats itself time and again: "Because the auditors say that, we have to..." The reality and the resulting logic have so far often been as follows: The enforcement of regulatory or legal requirements includes sanctions for non-compliance. These had to be avoided.  This led to a check-list approach for regulatory compliance. If this was done with the absolute minimum possible cost and effort in order to avoid non-compliance and thus the fine, the...

Webcast

Digital Identities in the Internet of Things - Securely Manage Devices at Scale

The Internet of Things is disrupting all industries and use cases; from customer IoT, to Industrial IoT. Companies are forced to become more innovative with their products whilst their services are being, or will be, digitized. Top drivers of this digitization are eroding margins and changing customer behaviour, whereas new market disruptors face security challenges. The question now becomes: where do companies decide to focus their money and efforts, in order to capitalize on this disruption? Either on business optimization, by doing things better and more efficiently, or focusing on a...

Webcast

Access Control From an Userbase to Agency Applications in the Education Sector

The Ministry of Education in New Zealand can now control access from a wide user base to agency applications in the education sector.

Advisory Note

Advisory Note: GRC Reference Architecture - 72582

GRC covers the areas of Governance, Risk and Compliance and this report refers to GRC in the context of delivering IT services to meet organizational goals.  GRC is concerned with setting objectives, policies and controls and monitoring performance against these.  This report provides an architecture for the successful implementation of GRC within an organization.

Webinar

Dec 18, 2018: Online Forms Are Out of Date – There Are New Ways to Sign Up Customers

An extreme lack of innovation has led to online forms dominating online buying for over two decades. The latest identity platforms use fast, easy, and secure technology to streamline customer sign-ups and simplify data.

Blog

Managing the Hybrid Multi Cloud

The primary factor that most organizations consider when choosing a cloud service is how well the service meets their functional needs.  However, this must be balanced against the non-functional aspects such as compliance, security and manageability. These aspects are increasingly becoming a challenge in the hybrid multi-cloud IT environment found in most organizations. This point was emphasized by Virtustream during their briefing in London on September 6th, 2018.  Virtustream was founded in 2009 with a focus on providing cloud services for mission-critical...

Leadership Compass

Leadership Compass: Adaptive Authentication - 79011

This report provides an overview of the market for on-premise Adaptive Authentication solutions and provides you with a compass to help you to find the product that best meets your needs.  We examine the market segment, vendor product and service functionality, relative market share, and innovative approaches to providing on-premise Adaptive Authentication solutions.

Whitepaper

Whitepaper: Overcoming PSD2 Challenges with Onegini Connect - 79058

Many changes are coming to Europe's financial landscape due to the Revised Payment Service Directive (PSD2). PSD2 will present new challenges to overcome, as well as potential benefits for Third Party Providers (TPPs) and consumers.  Account Information Service Providers (AISP) and Payment Initiation Service Providers (PISP) functions have historically been performed by banks; competition in the financial sector will emerge from non-traditional, non-banking types of businesses. Onegini Connect provides the foundational technical capabilities needed to meet the PSD2 challenges while...

Executive View

Executive View: United Security Providers Secure Entry Server - 79040

United Security Providers (USP) provides a web access management platform designed to provide a unified and efficient approach towards Web Application Firewall (WAF), Authentication, CIAM and Identity Federation capabilities for complex use cases and hybrid on-premises and cloud solutions.

Conference

Feb 19 - 20, 2019: Blockchain Enterprise Days 2019

Blockchain Enterprise Days (#BeDays19) will take place February 19-20, 2019 in Frankfurt, Germany. Blockchain is still on everyone's lips and is no longer reserved for the financial sector. For this reason, the Blockchain Enterprise Days will focus on further enterprise application areas of interest: Identity Access Management (IAM), Enterprise Resource Planning (ERP) and cybersecurity.

Press Release

Independent Analyst Company presents Cybersecurity Innovation Night in Berlin

Wiesbaden, September 17th, 2018  – On November 13, 2018, the independent Analyst Company KuppingerCole runs an Innovation Night as part of the Cybersecurity leadership Summit in Berlin. The Cybersecurity Innovation Night focuses on cutting-edge approaches and advanced solutions in the various areas of cybersecurity which utilize Machine Learning (ML) and Deep Learning (DL) technologies. ML and DL have had many successful applications in image recognition and language processing, and now these techniques are the fastest growing trends in cybersecurity....

Executive View

Executive View: Evidian Identity & Access Manager - 70872

With the continually evolving security requirements and challenges IT faces today, the capabilities of IAM must also advance to keep up. Evidian meets these modern IAM requirements by integrating Identity Governance and Administration, and Analytics & Intelligence into their IAM suite.

Executive View

Executive View: ObserveIT Insider Threat Management - 79038

ObserveIT Insider Threat Management is a platform that combines the functionality of traditional User Behavior Analytics (UBA) and Data Loss Prevention (DLP) products in a lightweight and streamlined solution for detecting and mitigating various insider threats.

Press Release

KuppingerCole Organizes Second Consumer Identity World USA in Seattle

Wiesbaden, 13 September   2018  – For the second time the independent Analyst Company KuppingerCole organizes the  Consumer Identity World USA  which will take place  September 19 - 21, 2018 at the Motif Hotel in Seattle, USA.  Seattle is the first of three stops of the Consumer Identity World Tour, which will also be heald in  Amsterdam (Oct 29-31)  and  Singapore (Nov 20-22). The  Consumer Identity World USA  is the place where you get input for your perfect CIAM Strategy. Learn more about Privacy...

Webcast

Prepare for PSD2 with Strong Customer Authentication, Fraud Risk Management and Open Banking APIs

Banks will soon have to comply with the Revised Payment Service Directive, commonly called "PSD2." The directive will introduce massive changes to the payments industry and radically alter the user experience for customers of European banks by allowing third party payment service providers (TPP) to access their account information to provide various innovative financial services. But to mitigate risk, banks and TPPs must address the core regulatory technical requirements outlined by PSD2.

Webcast

Consumer Identity & Access Management (CIAM), Big Data and the Internet of Things (IoT)

It is all about providing your customer a great experience so that they return to you and not to your competitor, who has never before been that close to your business. Anticipating, maybe even in advance, your customer's needs has on the one hand become a must. On the other hand, GDPR is significantly limiting the way how to create such intelligence through collecting personally identifiable data.

Webinar

Oct 18, 2018: Fine-Grained Policy-Based Access Control: Why & How?

Mastering authorization is critical for modern organizations with multiple user constituencies, applications, and data types. Authorization has become a crucial part of security infrastructures and can no longer be considered just another feature of existing IAM solutions. Instead, authorization control infrastructures have developed their own segment in the security market.

Whitepaper

Whitepaper: Preparing for PSD2 technical requirements using RSA solutions - 79062

The Revised Payment Service Directive (PSD2) will drive many changes in technical infrastructure at financial institutions across Europe.  Banks and other financial service providers must quickly prepare for PSD2. RSA provides foundational technical capabilities in their SecurID, Adaptive Authentication, Web Threat Detection, and Archer products that can help businesses meet the technical challenges posed by PSD2.

Webcast

Privilege Management From the Cloud: Go or No-Go?

The digital transformation is changing the way we do business, and it is also changing the way we have to keep our increasingly complex IT infrastructure agile and flexible yet secure and compliant. Managing geographically dispersed cloud/hybrid environments and the privileged access to servers and other systems therein is a challenging task.

Executive View

Executive View: Delphix Dynamic Data Platform - 79010

Die Delphix Dynamic Data Platform ist eine integrierte Plattform für die Verwaltung, Absicherung und Replizierung von Daten in lokalen, cloudbasierten und Hybrid-Umgebungen. Sie kombiniert eine hochleistungsfähige Virtualisierung mit integriertem Data Masking und automatisierten Self-Service-Workflows. Auf diese Weise erhöht sie signifikant die Effizienz in Bezug auf Agile Development, Data Analytics, Cloud-Migration, Notfallwiederherstellung und andere DataOps-Anwendungsfälle.

Webinar

Oct 16, 2018: Assuring and Implementing Cybersecurity and Data Protection for Public Clouds

Just a few years ago, IT infrastructures resembled medieval fortresses: Firewalls, intrusion prevention systems and anti-virus programs were supposed to ward off attacks even before the enemy could enter.

Webcast

Security and Governance in the Hybrid Multi-Cloud

Most organizations now use multiple cloud services as well as retaining some IT services on-premises, this multi-cloud hybrid environment creates many challenges for security and governance.

Webinar

Sep 27, 2018: Making Sense of the Top 5 Latest Cybersecurity Trends

Let’s face it: with each passing year, the CISO’s job is not becoming any easier. As companies continue embracing the Digital Transformation, the growing complexity and openness of their IT infrastructures mean that the attack surface for hackers and malicious insiders is increasing as well. Combined with the recent political developments such as the rise of state-sponsored attacks, new surveillance laws, and harsh privacy regulations, security professionals now have way too many things on their hands that sometimes keep them awake at night.

Executive View

Executive View: CA Privileged Access Management Suite - 79047

CA Technologies offers comprehensive Privileged Access Management (PAM) under CA Privileged Access Management Suite comprising of several modules bundled in a single product. The CA PAM solution blends well with CA’s popular IAM Suite to offer market leading PAM capabilities for large scale deployments requiring complex integrations and fine-grained command control.

Webinar

Sep 26, 2018: Access Control From an Userbase to Agency Applications in the Education Sector

The Ministry of Education in New Zealand can now control access from a wide user base to agency applications in the education sector.

Executive View

Executive View: TechDemocracy Intellicta - 70362

A software platform designed to achieve a holistic assessment of an organization’s cybersecurity, compliance, risk and governance status by establishing risk governance, resilience and protection from cyber threats through the deployment of a standards-based risk governance framework.

Executive View

Executive View: ViewDS Cobalt - 70851

ViewDS Cobalt is a cloud-architected identity platform flexible enough to support on-premises, cloud, and hybrid environments. With all aspects of the platform management fully accessible via APIs, Cobalt is uniquely positioned to support the automation and integration requirements of today’s modern IT environment.

Executive View

Executive View: Senrio Insight - 72525

Senrio Insight is an Industrial IoT cybersecurity platform utilizing passive nonintrusive network device discovery to provide visibility and analytics of industrial device behavior and rapid detection of abnormal activities.
 

Webinar

Oct 11, 2018: Buying Into Zero Trust? What You Need to Consider to Be Successful

As organizations take on the digital transformation, trends such as mobility, proliferation of SaaS applications and cloud infrastructure are driving up the number of connected entities and devices increasing the attack surface. With the spate of recent acquisitions in the market looking to change the way we approach security, we need to think beyond the technology and focus on the gaps we need to consider.

Executive View

Executive View: WidasConcepts cidaas - 79057

WidasConcepts offers a complete consumer identity and access management solution:  cidaas.  cidaas is developed and hosted in Germany. cidaas contains most standard and many innovative features, such IoT integration and consent management.  It is based on a micro-services architecture which enables continuous deployment of service enhancements.

Executive View

Executive View: CipherCloud CASB+ - 79037

Many organizations are using cloud services, but the use of these services is often poorly governed. Cloud Access Security Brokers (CASBs) provide functionality to discover the use of the cloud, to control which cloud services can be accessed and to protect the data held in these services. This report provides an up to date review of CipherCloud CASB+ which strongly matches KuppingerCole’s recommended functionality for CASBs. It provides a valuable tool that organizations can use to improve governance over their use of cloud services. 

Webinar

Oct 02, 2018: Customer Identity Access Management (CIAM): Creating the Foundations for User Focused Digital Business, GDPR Compliant

Digital Business Transformation is a continuous process that affects all areas of doing business, with technology finally getting the right focus: The customer and his/her experience with your business. It is now all about providing that ultimate Frictionless CX (customer experience) so that users don't do that “one-click” towards your competitors.

Executive View

Executive View: Semperis Directory Services Protector for Active Directory - 79054

Active Directory provides critical identify infrastructure for the enterprise. Semperis offers Active Directory change monitoring and forest recovery products. The Semperis DS-Protector product support change monitoring and rollback for a broad set of AD infrastructure objects.

Webcast

Welcome to the European Identity & Cloud Conference 2019

Learn all you need to know about the future of information security today!

Webcast

Jonathan Sander - Starting Real Cybersecurity Means Protecting Credentials

An Expert Stage presentation at the European Identity and Cloud Conference 2018

Webcast

Marc Vanmaele - Empower IAM to Serve your Business Needs

An Expert Stage presentation at the European Identity and Cloud Conference 2018

Executive View

Executive View: 1Kosmos BlockID - 79064

1Kosmos BlockID is one of the first commercial implementations of a blockchain-based identity solution that works for both consumers and employees. It is well thought-out and implements the fundamental concepts of Self Sovereign Identity. It integrates well with existing identity and service providers. While there are still some challenges to solve, BlockID delivers on the promise of Blockchain Identity.

Advisory Note

Advisory Note: Big Data Security, Governance, Stewardship - 72565

An ever-increasing number of devices, sensors and people are connected to the global internet and generate data.  The analysis of this data can help organizations to improve their effectiveness and make better decisions.  However, there are concerns over the trustworthiness of the data as well as the ethics of its use.  This report describes how good Information Stewardship helps to ensure that Big Data is used in ways that are ethical, compliant and secure.  

Blog

Decentralized Identity 101: What It Is and Why It Matters

Guest Author: Vinny Lingham, CEO, Civic Technologies Bitcoin. Blockchain. Crypto. Decentralization. Tokens. A lot of buzzwords have emerged alongside the rise of blockchain technology. Yet, there is often a lack of context about what those terms actually mean and the impact they will have. Decentralized identity re-envisions the way people share access, control, and share their personal information. It gives people power back over their identity. Current identity challenges all tie back to the way we collect and store data. The world has evolved from floppy disks to the Cloud, but...

Executive View

Executive View: MinerEye Data Tracker - 79063

MinerEye DataTracker is an AI-based application that identifies, classifies, and tracks unstructured information. It creates cluster of similar content across data sources and analyzes information about classified data in those clusters, to triggers applications such as DLP, IRM and Access control tools. It also provides deep insight into unstructured data based on sophisticated dashboards. With that, MinerEye Data Tracker can form a substantial element in a Data Governance strategy.

Executive View

Executive View: StealthINTERCEPT® - 70367

Cyber criminals regularly exploit vulnerabilities and poor practices around Microsoft Active Directory to obtain credentials that allow them to infiltrate organizational systems, cause damage and exfiltrate data.  This report describes StealthINTERCEPT, the real-time policy enforcement, change and access monitoring and Active Directory security component of the STEALTHbits’ Data Access Governance Suite, that helps organizations to protect against these forms of cyber-attack. 

Blog

Entrust Datacard Acquisition

Entrust Datacard, founded in 1969 and headquartered in Minnesota, announced today that it is making a strategic investment in CensorNet and acquiring the SMS Passcode business from CensorNet (originally a Danish company). Entrust Datacard is a strong brand in IAM, with card and certificate issuance, and financial and government sector business.  CensorNet was founded in 2007 in the UK. Their original product was a secure web gateway. It now includes multi-mode in-line and API-based CASB service. It...

Webinar

Sep 13, 2018: Prepare for PSD2 with Strong Customer Authentication, Fraud Risk Management and Open Banking APIs

Banks will soon have to comply with the Revised Payment Service Directive, commonly called "PSD2." The directive will introduce massive changes to the payments industry and radically alter the user experience for customers of European banks by allowing third party payment service providers (TPP) to access their account information to provide various innovative financial services. But to mitigate risk, banks and TPPs must address the core regulatory technical requirements outlined by PSD2.

Executive View

Executive View: NRI SecureTechnologies: Uni-ID Libra 2.0 - 70266

NRI Secure’s Uni-ID Libra is a relatively new entrant in the rapidly growing market for consumer identity management (CIAM). Focused for now completely on the Japanese market, the product emphasizes security, leveraging the company’s expertise in managed SOC services and security software. The near-term product roadmap includes enhanced consent management and support for FIDO and IoT standards. 

Executive Meet Up

Sep 06, 2018: Executive Meet Up - Singapore

KuppingerCole welcomes you personally to an exclusive round of talks with other decision-makers, moderated by Senior Analyst Graham Williamson & Lead Analyst Anmol Singh. The half-day seminar offers a relaxed learning opportunity and will be rounded up by a quality three-course lunch at the M Hotel, 81 Anson Road in Singapore.

Executive View

Executive View: Centrify Next-Gen Access Platform - 79036

Often, enterprise security is delivered as separate services such as Identity-as-aService (IDaaS), Enterprise Mobility Management (EMM) and Privileged Access Management (PAM). Centrify converges these market segments into a single platform to deliver the next generation of access management.

Webinar

Sep 11, 2018: Consumer Identity & Access Management (CIAM), Big Data and the Internet of Things (IoT)

It is all about providing your customer a great experience so that they return to you and not to your competitor, who has never before been that close to your business. Anticipating, maybe even in advance, your customer's needs has on the one hand become a must. On the other hand, GDPR is significantly limiting the way how to create such intelligence through collecting personally identifiable data.

Webinar

Sep 25, 2018: Digital Identities in the Internet of Things - Securely Manage Devices at Scale

The Internet of Things is disrupting all industries and use cases; from customer IoT, to Industrial IoT. Companies are forced to become more innovative with their products whilst their services are being, or will be, digitized. Top drivers of this digitization are eroding margins and changing customer behaviour, whereas new market disruptors face security challenges. The question now becomes: where do companies decide to focus their money and efforts, in order to capitalize on this disruption? Either on business optimization, by doing things better and more efficiently, or focusing on a...

Executive View

Executive View: Deep Secure Content Threat Removal Platform - 79056

The Content Threat Removal Platform by Deep Secure operates at the network boundary, intercepts and analyzes incoming data, extracts only the useful business information while eliminating malicious content and then creates new, clean data for onward delivery. In this way, it defeats zero-day attacks and prevents covert data loss, all transparent to end users.

Executive View

Executive View: One Identity Safeguard - 79042

One Identity is one of the leading vendors in the field of IAM. With their recent acquisition of Balabit and the integration of their Privilege Management offerings into the Safeguard product portfolio, the company positions itself among the leaders in the Privilege Management market, delivering a comprehensive portfolio of Privilege Management capabilities.

Executive View

Executive View: RSA® Identity Governance and Lifecycle - 71052

RSA Identity Governance and Lifecycle is a complete solution for managing digital identities and their access, both inside and outside the enterprise. The RSA solution covers all aspects of governance from attestations to policy exceptions and identity lifecycle, from provisioning to entitlement assignment to access reconciliation to removal.

Executive View

Executive View: Delphix Dynamic Data Platform - 79010

Delphix Dynamic Data Platform is an integrated platform for managing, securing and replicating data across on-premises, cloud and hybrid environments. Combining high-performance virtualization, integrated masking and automated self-service workflows, it significantly increases efficiency of agile development, data analytics, cloud migration, disaster recovery and other DataOps use cases.

Blog

Broadcom acquires CA Technologies in a ‘Broadest’ ever shift of acquisition strategy

Broadcom, after having denied the acquisition of Qualcomm earlier this year by Trump administration based on national security concerns, has decided to acquire CA Technologies showing one of the greatest shifts in an acquisition strategy from a semiconductor business to an IT Software and Solutions business. The proposed Qualcomm acquisition by once Singapore-based Broadcom had the likelihood of several 5G patents passing beyond US control.  The CA Technologies’ acquisition still gets over...

Webcast

Active Directory Disaster Recovery

Active Directory has grown both in importance and complexity in recent years, with businesses have become increasingly dependent on AD for authentication and authorization of mobile workforce and cloud-based applications. The new AD usage landscape has introduced greater complexity to the enterprise IT environment, raising the risk of AD disasters tied to human error and cyberattack. More and more frequently, attackers are using AD as an attack vector to compromise enterprises and, in some severe cases, wiping out the entire IT environment.

Conference

Nov 12 - 14, 2018: Cyber Access Summit 2018

Willkommen zum Cyber Access Summit (CAS) 2018! Gestalten Sie die Zukunft der digitalen Transformation und diskutieren Sie mit Kollegen und Branchenexperten. Das Programm des deutschsprachigen Cyber Access Summit 2018 nimmt aktuelle Themen und Trends im Bereich des Identity und Access Managements in den Fokus.

Blog

BOMGAR acquires Avecto to expand its PAM portfolio

BOMGAR, owned by PE firm Francisco Partners has recently announced that it has acquired Avecto, a UK based Endpoint Privilege Management (EPM) company. The move coming within 6 months of Lieberman Software’s acquisition by BOMGAR clearly depicts the quest to strengthen its position in the PAM market by offering a full-featured PAM suite. Originally a provider of ‘remote support’ solutions, BOMGAR offered remote session management capabilities in the market for a while until it acquired Argentina based Pitbull Software in late 2015 to enter the PAM market with its password...

Webinar

Sep 04, 2018: Security and Governance in the Hybrid Multi-Cloud

Most organizations now use multiple cloud services as well as retaining some IT services on-premises, this multi-cloud hybrid environment creates many challenges for security and governance.

Blog

The Digital Transformation and the Role of the CISO

Cybersecurity needs to be at the heart of the digital transformation, but organisational models will have to evolve Cybersecurity is in the process of becoming an essential component of any organisation’s digital transformation journey. There is no way around this, especially as policymakers start dipping their toes into privacy and security issues, and societal norms are shifting on the topic.Most new technology layers enabling the digital transformation need to be protected from interference, intrusion, or corruption. This is especially the case across industry sectors seeking to...

Webinar

Sep 06, 2018: Privilege Management From the Cloud: Go or No-Go?

The digital transformation is changing the way we do business, and it is also changing the way we have to keep our increasingly complex IT infrastructure agile and flexible yet secure and compliant. Managing geographically dispersed cloud/hybrid environments and the privileged access to servers and other systems therein is a challenging task.

Webcast

Patients, People and Things - Managing Identities in Healthcare

Digital transformation is a game changer in the health sector and a core requirement is better identity management. The need for improved security in modern medical facilities, the growing reliance on monitoring devices and support for millennials in their health outcome management, all require improved healthcare IAM. This will eliminate administrative expense, implement up-to-date governance and facilitate the exploitation of known trends in healthcare.

Webcast

Securing your Hybrid IT Environment with Privileged Access Management

As your business grows, so does your IT footprint – both on-premises and in the cloud. This adds to the overall complexity of managing access to the newly acquired IT assets and applications in addition to existing ones. The conventional approaches of managing privileged access using controls native to the individual operating systems, and other internal access policies, are not only cumbersome to manage but add to the security risks in today’s hybrid IT environment. IAM leaders need to assess security risks associated with unmanaged and uncontrolled privileged access across...

Blog

Blockchain, Identity, Trust and Governance

On June 15th, 2018 I attended an OIX Workshop in London on this subject. The workshop was led by Don Thibeau of the Open Identity Exchange and Distributed Ledger foundation and was held in the Chartered Accountants’ Hall, Moorgate Place, London.Blockchain and Distributed Ledger Technology (DLT) is often associated with crypto-currencies like Bitcoin. However, it has a much wider applicability and holds the potential to solve a wide range of challenges. Whenever a technology is evolving, the governance is often neglected until there are incidents requiring greater participation of...

Webcast

Closing the Loop Between Audit and Action: Meet Compliance Needs With Privileged Access Management

Privilege Management has been a key element of both IAM (Identity & Access Management) and cybersecurity programs for years. However, increased complexity of modern corporate IT infrastructures and mounting pressure from compliance regulators force privilege management solutions to constantly expand their scope into new functional areas. From simple password vaults to advanced monitoring and behavior analytics to governance and compliance – a modern PxM solution permeates every corner of your enterprise IT infrastructure.

Webcast

Identity is Security: Avoiding the Pitfalls of an Authentication-Centric Security Architecture

The security landscape has changed in the recent decade, and the methods we used to protect our enterprise networks are no longer working. The network perimeter has dissipated, the adversary has become increasingly skilled at alternative methods to gain entry, and enterprise applications and data are spread across multiple environments, on-premises and in the cloud. With more sensitive information getting out of our control every day, a data breach is just waiting to occur, and the consequences, if successful, can be disastrous for your business.

Blog

Cross-Border Data Management and Cybersecurity: Walking the Tightrope of Compliance and Business Efficiency

Guest Author: Jordan L. Fischer, Esq., Co-Founder & Managing Partner of XPAN Law Group, LLC Technology is changing rapidly, correlating in an increasing amount of data collected every second.  These technologies cross-borders and allow businesses to operate on a global scale, at a rate never before seen.  However, the corresponding legal infrastructures operate with borders -- hard borders -- that make the exchange of data, both internally and externally, complicated and challenging.  In the last two years, new data protection regulations have gone into effect in a...

Advisory Note

Buyer's Guide: Hybrid Cloud Services - 72562

Organizations now commonly use multiple cloud services as well as on premises IT. This KuppingerCole Buyer’s Guide focusses on IaaS services. It will provide you with questions to ask vendors, criteria to select your vendor, and the requirements for successful deployments. This report will prepare your organization to conduct RFIs and RFPs for IaaS as part of a Hybrid IT service delivery model.

Webcast

Managing Authentication and Access for Different Identities in Hybrid Environments

The Digital Transformation is driving enterprises in all geographies and throughout most verticals to become open and connected. These enterprises need to digitally engage with their customers, to technologically empower and mobilize their employees, to optimize their current business processes and to ultimately transform their products. At the same time, large-scale cyberattacks and wrongful exploitation of personal data has reached an all-time high and the associated risks are further increasing.

Webcast

Best Practices of Privileged Identity Management

Security and risk management leaders need to balance the significant security risks associated with unmanaged privileged access against the administrative and other operational efficiencies achieved by conventional privileged access management practices.

Webcast

Datendiebstahl, Malware, DSGVO - Unstrukturierte Daten Zwischen Kollaboration & Compliance

Die Mengen an digitalen Daten, die Organisationen nun speichern und verarbeiten müssen, wachsen exponentiell. Dabei geht es nicht nur um die Digitalisierung bestehender Geschäftsprozesse - für viele Unternehmen sind die Daten selbst zum wertvollsten Gut geworden, das sie vor Lecks und unberechtigtem Zugriff schützen müssen.

Webcast

Wie Sie mit der Kombination aus Technologie und Awareness eine zukunftsfähige Cybersecurity-Strategie entwerfen

Mehr Cyberangriffe, mehr Investitionen – aber zahlt sich das für Ihr Unternehmen aus? Die richtige Cybersecurity-Strategie und die richtigen Tools helfen, Ihre Budgets gezielt einzusetzen, den Erfolg zu messen und insbesondere die Risiken durch die stetig wachsende Zahl von Angriffen und deren immer raffinierteren Methoden zu reduzieren.

Webcast

Classification - the Intelligent Way to Ensure Strong Data Protection

As businesses are increasingly embracing the digital transformation, the volumes of information that a typical company has to collect, keep, transport and process is growing exponentially. Massive amounts of digital data are now being stored in various structured and unstructured formats across multiple environments – both on-premises and in the cloud – and businesses are struggling to keep up with the demands generated from the increasingly globalized regulatory environment.

Webcast

Cloud IGA: Built for Hybrid Reality

Conventionally, Identity Governance and Administration (IGA) products have been developed and deployed with a focus on on-premise IT systems and applications. While IAM leaders were still struggling with IGA solutions to deliver effective identity administration and access governance, the move to cloud with a need to support an increasingly mobile workforce has entirely changed the IAM priorities for organizations.

Webcast

Policy-Based Access Management – A Reliable Foundation for Your Next-Generation Unified IAM

As companies adopt numerous new technologies and establish new communications channels with their partners, suppliers or even customers, the amounts of sensitive information that’s stored across on-premises systems and cloud services are growing exponentially, and the task of managing secure access to this data by numerous third parties is quickly getting out of control. Hence, instead of managing access to individual systems with separate technology stacks, many companies are looking for more universal and future-proof alternatives, aiming for establishing granular,...

Webinar

Jul 12, 2018: Active Directory Disaster Recovery

Active Directory has grown both in importance and complexity in recent years, with businesses have become increasingly dependent on AD for authentication and authorization of mobile workforce and cloud-based applications. The new AD usage landscape has introduced greater complexity to the enterprise IT environment, raising the risk of AD disasters tied to human error and cyberattack. More and more frequently, attackers are using AD as an attack vector to compromise enterprises and, in some severe cases, wiping out the entire IT environment.

Leadership Compass

Leadership Compass: Access Governance & Intelligence - 71145

Leaders in innovation, product features, and market reach for access governance & Intelligence. Delivering the capabilities for managing access entitlements, always knowing the state of these, and enforcing access and SoD policies across heterogeneous IT environments on premises and in the cloud. Your compass for finding the right path in the market.

Executive View

Executive View: Varonis DatAdvantage - 79029

Getting a grip on your data is a bigger challenge than ever before. While solutions for central IT environments such as SAP are quite established, a significant portion of critical data resides in unstructured data stores such as file servers or collaboration services. This includes PII (think “GDPR”), but also blueprints, financial data, and more. It is essential having tools in place that help in both identifying and securing this data. Varonis DatAdvantage is a leading-edge offering in this area of what commonly is called Data Governance.

Webinar

Jul 05, 2018: Patients, People and Things - Managing Identities in Healthcare

Digital transformation is a game changer in the health sector and a core requirement is better identity management. The need for improved security in modern medical facilities, the growing reliance on monitoring devices and support for millennials in their health outcome management, all require improved healthcare IAM. This will eliminate administrative expense, implement up-to-date governance and facilitate the exploitation of known trends in healthcare.

Executive View

Executive View: Cayosoft Administrator v5 - 79000

Cayosoft Administrator is an integrated platform for management and automation of Active Directory and Office 365 environments, including hybrid deployments. The latest release adds new capabilities not available in native Microsoft tools, focusing on customers who have already completely moved to the cloud.

Blog

Future-Proofing Your Cybersecurity Strategy

It’s May 25 today, and the world hasn’t ended. Looking back at the last several weeks before the GDPR deadline, I have an oddly familiar feeling. It seems that many companies have treated it as another “Year 2000 disaster” - a largely imaginary but highly publicized issue that has to be addressed by everyone before a set date, and then it’s quickly forgotten because nothing has really happened. Unfortunately, applying the same logic to GDPR is the biggest mistake a company can make. First of all, obviously, you can only be sure that all your previous...

Executive View

Executive View: Onegini Connect - 79031

Onegini provides a compelling solution for Consumer Identity and Access Management (CIAM). Onegini is headquartered in Europe and has global ambitions. They have expertise in EU regulations such as GDPR and PSD2. They are positioning their product as a CIAM solution for financial, health care, and insurance industries with a strong mobile differentiator to enhance customer engagement.

Webinar

Jun 26, 2018: Identity is Security: Avoiding the Pitfalls of an Authentication-Centric Security Architecture

The security landscape has changed in the recent decade, and the methods we used to protect our enterprise networks are no longer working. The network perimeter has dissipated, the adversary has become increasingly skilled at alternative methods to gain entry, and enterprise applications and data are spread across multiple environments, on-premises and in the cloud. With more sensitive information getting out of our control every day, a data breach is just waiting to occur, and the consequences, if successful, can be disastrous for your business.

Blog

"Archive != Delete": Bring Back the Delete Button

Why does it seem to be getting harder to delete information online? GDPR will take effect in just a few days. GDPR empowers EU people to take control of their personal information. When in force, GDPR will mandate that companies and other organizations which control or process personal information must comply with delete requests. Users around the world are more cognizant of the data they create and leave online. Even outside the EU, people want to be able to delete data which they deem is no longer useful.Enter the “archive” button. On some social media sites and other popular...

Blog

How (Not) to Achieve Instant GDPR Compliance

With mere days left till the dreaded General Data Protection Regulation comes into force, many companies, especially those not based in the EU, still haven’t quite figured out how to deal with it. As we mentioned countless times earlier, the upcoming GDPR will profoundly change the way companies collect, store and process personal data of any EU resident. What is understood as personal data and what is considered processing is very broad and is only considered legal if it meets a number of very strict criteria. Fines for non-compliance are massive – up to 20 million Euro or 4%...

Blog

Will Your Security Solutions Violate GDPR?

As the May 25th, 2018 GDPR enforcement date approaches, more and more companies are actively taking steps to find, evaluate, and protect the personally identifiable information (Personal Data) of EU persons. Organizations that do business with EU persons are conducting data protection impact assessments (DPIAs) to find Personal Data under their control. Many are also asking “do we need to keep the data?” and putting into practice data minimization principles. These are good measures to take. IT and privacy professionals are inventorying HR, CRM, CIAM, and IAM systems, which is...

Leadership Brief

Leadership Brief: Product Security as Your Biggest Challenge: Start Before It’s Too Late - 72011

The Internet of Things (IoT) has enormous potential to transform and benefit both consumers and industries, but along with it comes significant privacy and security implications. Addressing these challenges early on in an IoT project can go a long way to lowering potential security risks in the field.

Whitepaper

Whitepaper: Varonis - Daten kennen - 79028

Neue Regulierungen wie die Datenschutz-Grundverordnung (DSGVO) und die stetig wachsende Gefahr durch Cyber-Attacken führen zu einem hohen Druck auf Unternehmen. Es gibt aber auch Chancen, wenn man versteht, wo die wirklich wertvollen Daten liegen und sich darauf fokussiert, diese Daten im Unternehmen optimal zu nutzen und sie gezielt zu schützen, statt mit breitflächigen Sicherheitsmaßnahmen alles ein bisschen zu schützen und am Ende viel zu investieren, ohne die wertvollen Daten wirklich gut zu schützen. Dazu muss man zunächst wissen, wo diese Daten...

Webcast

Martin Kuppinger's EIC 2018 Summary

Webcast

Impressions of the European Identity & Cloud Conference 2018

Press Release

European Identity & Cloud Awards 2018

Wiesbaden, May 17, 2018 – Last night KuppingerCole Ltd. presented the winners of the European Identity & Cloud Awards 2018. The festive Ceremony took place during the 12th European Identity & Cloud Conference (EIC) in Munich, Germany. 

Webinar

Jun 27, 2018: Closing the Loop Between Audit and Action: Meet Compliance Needs With Privileged Access Management

Privilege Management has been a key element of both IAM (Identity & Access Management) and cybersecurity programs for years. However, increased complexity of modern corporate IT infrastructures and mounting pressure from compliance regulators force privilege management solutions to constantly expand their scope into new functional areas. From simple password vaults to advanced monitoring and behavior analytics to governance and compliance – a modern PxM solution permeates every corner of your enterprise IT infrastructure.

Blog

IAM for a Microservices World: Securing Agile IT

Ten years ago, for the second EIC, we published a report and survey on the intersection of IAM and SOA (in German language). The main finding back then was that most businesses don’t secure their SOA approaches adequately, if at all. Ten years later, we are talking Microservices. Everything is DevOps, a small but growing part of it is DevSecOps. And again, the question is, whether we have appropriate approaches in place to protect a distributed architecture. This question is even more important in an age where deployment models are agile and hybrid. So how to do IAM for this...

Blog

IAM as Microservices: It’s About Flexibility and Agility

Since I’m observing the IAM business, it has been under constant change. However, there is a change on its way that is bigger than many of the innovations we have seen over the past decade. It is IAM adopting the architectural concept of microservices. This will have a massive impact on the way we can do IAM, and it will impact the type of offerings in the market. In a nutshell: microservices can make IAM far more agile and flexible. But let’s start with the Wikipedia definition of Microservices: Microservices is a software development technique—a variant of the...

Webcast

Rene Mulder - Challenges to the Wide-Spread Adoption of DLT-Based Self-Sovereign Identity

In a world where everyone has a large amount of different personas and credentials stored and managed by government, banks, socials and other, we call for consolidation and control while preserving privacy and security. With DLT a lot of that call can be answered, but how do we roll-out. There are some major challenges to adoption such as usability, network economics, governance, privacy and recoverability. How do we approach these challenges to reach a global self-sovereign identity platform?

Webcast

Joni Brennan - The Economics of Identity

Around the world topics related to Digital Identity are becoming more and more critical. The world is beginning to recognize that Digital Identity lays the foundation needed for trust to perform myriad transactions in both the public and private sectors. Canada is moving rapidly toward the next Digital Identity Revolution. In this new model, capabilities from both the public and private sectors come together to deliver value to businesses, customers, citizens, and governments. This Digital Economy focused model prioritizes privacy and security by design as well as convenience delivered...

Webcast

[DE] Privilegierte Konten sichern. Angriffe stoppen.

An interview during the European Identity & Cloud Conference 2018

Privileged accounts, credentials and secrets are everywhere— on premises, in the cloud, on endpoints, and across DevOps environments. From personally identifiable customer information to critical intellectual property, they provide access to your enterprise’s most valuable assets. And attackers are after them. Right now.

Webcast

Dr. Torsten Lodderstedt - Is Blockchain the Silver Bullet for Identity

As one of the winning presentations from the pre-conference Blockchain ID Innovation Night, Dr. Torsten Lodderstedt will continue his presentation about the limits of Blockchain Identity and the challenges that still need to be solved.

Webcast

Markku Rossi - Credentialess Cloud Access

Some of the most common causes of cloud security breaches include system misconfiguration, dynamic system updating and patching, unmanaged and leaked access credentials. The industry is applying different methods to overcome these challenges. These methods include dynamic system monitoring and alerting, automated deployment pipelines, and access management including credential and key management and rotation. But what if we could overcome all of these challenges with an immutable cloud infrastructure that could be accessed without any credentials which could be leaked or compromised?

Webcast

Ian Bailey - The OrgBook: Enabling the Digital Economy

British Columbia is a digital identity leader in Canada with the development of the BC Services Card and associated digital identity services. Building upon our experience in providing digital identity services for all British Columbians, the Province of BC is now collaborating with the Canadian Federal government and the Province of Ontario in establishing the Org Book for businesses. The Org Book provides verified digital claims about businesses and their representatives to enable streamlined government service delivery to businesses and to enable digital transactions in the broader...

Advisory Note

Architecture Blueprint: Access Governance and Privilege Management - 79045

Well-designed IAM/IAG-architectures establish real-time visibility of all accounts of a person, thereby closing a formerly intrinsic security gap. Bridging between established governance silos within organizations enables full enforcement of Segregation of Duties rules for both business and privileged access. Thus, it substantially improves an organization's security posture.

Blog

Blockchain for Identity – Myth or Potential?

During yesterday’s opening keynote at the EIC (European Identity & Cloud Conference), I brought up (and explained) a slide about the areas where Blockchain technology has the potential of helping solving existing identity problems, either by doing it just better than today or delivering entirely new capabilities. Notably: it was about the potential, not that this will inevitably happen. Not surprisingly – an Opening Keynote should provoke thoughts and discussions – this lead to some discussions in the social media right after. Some found that I’m gone over the...

Blog

Blockchain Identity – Success Factors and Challenges

When new things arrive, which are still in the pioneering stage and far from reaching maturity, there is always a lot of discussion. This is even more true for Blockchain Identity, where the massive hype around Blockchains, a long history of clever ideas failing, and a few interesting technical and security challenges come together. During my keynote at this year’s EIC, I addressed the challenges and success factors for Blockchain ID as well. That led to a discussion on Twitter about whether some of these success factors are contradictory. That definitely is a good question worth...

Webcast

Martin Kuppinger - Microservices Architectures: Making IAM Hybrid

In recent times, an increasing number of vendors announced a migration of their products towards microservices architectures. Some renovate their existing on premises IAM tools, others build new solutions with a new architectural approach. Factually, the idea isn’t that new, but the evolution in the field of microservices and containerization now enables flexible architectures that allow to distribute and scale components better than in the past. Furthermore, such architectures build the foundation for simplified hybrid cloud deployments, but also increased customization using APIs...

Webcast

Jeff Jonas - Do you Know What You Know About the Data Subject?

GDPR obligates organizations to provide data subjects with access to their personal data. To comply, companies must be able to answer a seemingly innocuous but frighteningly difficult question: What do we know about the data subject? Further, organizations must respond to Data Subject Access Requests (DSARs) in a privacy-preserving, Privacy by Design-embedded manner. This is going to be problem as organizations are not going to be able to reliably find the data – as there are too many places look, data variability (Elizabeth vs. Liz) and other problems. In this keynote these...

Webcast

European Identity & Cloud Awards Ceremony

European Identity & Cloud Awards Ceremony

Webcast

Prof. Dr. Heiko Beier - Is it Facebook's End Game? Why Social Networks as we know them Today will not Survive

The real problem behind the recent Facebook scandal is not primarily that a company like Cambridge Analytica has "gained" access to the personal information of millions of Facebook users and misused them for political manipulation. It is the business model of social networks itself: Letting their users deal privacy for some kind of communication convenience, without letting them at any point opt for both: the convenience of using social network services to digitally interact with others as well as control over the usage of their personal information.  Will such business models...

Webcast

Ian Glazer - Our Secret Strengths: The Skills of an Identity Professional

An identity and access management professional is more than just her knowledge of federation protocols, her ability to build user provisioning policies, or her talent in deploying social sign-up. Although we inherently know that it takes other skills to be a successful identity professional, we don't often identify them, nor do we consider how to grow them.

Webcast

Naresh Persaud - How to Enable Trust with Interoperable & Shared Credentials

The focus of digital identity for consumers and enterprise is to remove silos, minimize redundant effort, enable better collaboration and provide a foundation for regulatory compliance. The challenge is that shared credentials for both commercial and public-sector organizations will require organizations to innovate to address requirements for physical access, protecting PII, delivering cross-agency services and re-thinking how digital consumers interact. In this session, we will discuss best practices across the industry that can be applied to enable interoperable credentials, we will...

Webcast

Dr. Torsten George - Zero Trust: Solving IT Security’s Identity Crisis

Although companies are constantly increasing their cybersecurity budgets, this does not seem to help much: each day we learn about new large-scale data breaches. Considering that over 80% of hacking-related breaches leverage compromised user credentials, it’s mindboggling why so many organizations are still focusing on securing their network perimeters. This keynote outlines an entirely new approach — Zero Trust Security. This paradigm assumes that nothing in your corporate IT infrastructure — including users, endpoints, networks, and resources — is ever trusted,...

Webcast

Joy Chik - Planning for Tomorrow: Connecting Identities for People, Processes, and Things

Social, economic and technological changes are creating urgent new requirements for enterprise identity that enable interconnected digital systems. These new use cases require a governance framework that is consistent, integrated and efficiently managed. It also needs to provide increased security, privacy and reliability while being open. Learn how to respond holistically to these growing and evolving identity needs.

Webcast

Tim Hobbs - What Connects DevOps & IAM

IAM products are highly configurable systems tailored to the diverse needs of customer environments and applications. Modern applications require short development cycles and IAM systems that can be adjusted at the same pace. Modern data centers are configuration-driven, resilient environments designed to meet rapidly changing application needs, and modern IAM solutions must be in line with this paradigm. Introducing traditional IAM products into cloud containers is not a simple "lift and shift" operation, as it once was with the virtual machine infrastructure. Today's...

Press Release

12th European Identity & Cloud Conference

Today KuppingerCole open its doors to their 12th European Identity & Cloud Conference, Europe’s leading event for Identity and Access Management (IAM), Privacy & GDPR, Blockchain ID, as well as Cloud Security and Digital Transformation, in Munich, Germany. With 60 exhibitors and more than 800 participants from all over the world KuppingerCole brought together the world’s leading vendors, end users, thought leaders, visionaries and analysts.

Press Release

First Blockchain ID Innovation Night

On Monday, 14th of May 2018, KuppingerCole hosted first ever Blockchain ID Innovation Night in Munich, Germany. It preceded the four-day European Identity & Cloud Conference (EIC), Europe’s leading event for Identity and Access Management (IAM), Privacy & GDPR, Blockchain Identity, as well as Cybersecurity.

Webcast

Christopher Spanton - Blockchain and the Business of Identity

Identity and Access Management (IAM) within an enterprise environment presents complex challenges for any business. While new technologies, such as blockchain, have the potential to help solve some of these challenges, today bringing blockchain into solution oriented discussions can merely add to that complexity. In this session we’ll explore the pillars of blockchain based identity, and how business can use blockchain as a keystone technology to simplify many of the traditional challenges of IAM.

Webcast

Prof. Dr. Hans Ulrich Buhl - Unchaining Blockchain

Blockchain is much more than the technology behind its still most successful application – the Bitcoin. One of its key attributes is the immutable storage of information. Besides other applications, this enables trustful online business between two or more individuals – without the need of any intermediary. Thus, the Blockchain is said to introduce the “Internet of Trust” as successor of the “Internet of Information”. In various workshops with industry, we have identified how organizations cope with this possibly disruptive technology. While some try to...

Webcast

Martin Kuppinger - The Future Model of Identity: Blockchain ID and the Digital Transformation

Distributed Ledger Technologies ("Blockchain") are the foundation for the most disruptive changes to business we are either already observing or that are on the road to becoming a reality. Based on these technologies, both new business models and fundamental changes to established models become possible – and what is technically feasible and economical beneficial will happen. However, there is still one missing element for fully leveraging the Blockchain potential: Identity. Identity in that context is far more than just identification, authentication, or authorization. It is...

Webcast

Ralf Oestereich - We will Disrupt You

We will Disrupt You - Are AI, Blockchain, IoT a Blessing or Curse for an Insurance Company?

Webcast

Drs. Jacoba C. Sieders - Digital Identities and Blockchain: Experiments and Use Cases @ ABNAMRO

ABNAMRO runs over 30 blockchain experiments, also involving digital identity capabilities. Co-operation has been set –up across various coalitions, and use cases are running a lot wider than just the banking and payments industry. Academia, building-, and shipping industries are also involved. What are the typical problems to solve with blockchain technology, and why? Some of the practical use cases and scenarios ABNAMRO is involved in today.

Webcast

Jackson Shaw - Fire Safety and Cyber-Security – Smoke Detectors are Not Enough

It takes most businesses over 6 months to detect a breach on their network. And while smoke detectors are proven to halve the death rate by fire, saving thousands of lives each year, detection is sometimes too late to prevent many buildings from burning to the ground. So imagine if it were possible to reduce the risk of a cyber-security fire starting in the first place. We are all familiar with the elements needed to start a fire: heat, oxygen and fuel. For data breaches, one key element of risk is abnormally high access entitlements. Detecting these abnormalities early, across your...

Webcast

Mo Ahddoud - SGN Securing Shared Credentials at The Heart of Digital Transformation

The future of IT security will depend on CISOs who are brave enough to build a new security model that is both innovative and unconventional. Gas distribution company, SGN, is blazing a trail that every company can follow. As a UK, critical infrastructure company SGN’s cloud-first strategy, provided an opportunity to redefine the security model with privileged access zero-touch and zero-trust as key principles. This thinking is enabling secure adoption of the cloud, IoT and frictionless user experience. The result is redefining traditional thinking.

Webcast

Lukas Praml - Your Mobile Identity: Blockchain Ain't no Swiss Army Knife

Digital identity solutions are very wide spread and everybody is using them on a day to day basis. Mainly it can be distinguished between state issued IDs/eIDs which lack usability and are therefore not as successful as hoped and self-claimed or self-established eIDs (sometimes stored in the blockchain) where service providers have to rely on the honesty of the user. Additionally, self-claimed solutions mostly focus on the eID and don’t cover traditional ID documents. In this presentation, a mobile ID solution is presented that shows a combination of traditional printed ID documents...

Webcast

Eve Maler - The Evolution of Identity and its Importance for our Digital Lives

Identity is as old as mankind and adapted very well to its changing environments. From a simple look that determines who you are to a high frequency of multi-factor vehicle-to-vehicle authentication in autonomous driving - with Digital Transformation, Identity in digital form has become the enabler of complex horizontal value chains and ecosystems. Without authentication, authorization, and consent, those digital ecosystems of our every-day journeys will be less secure, less convenient, and less beneficial. The “consent" part most especially needs new thinking - from pure...

Webcast

Carmine Auletta - Identity & Digital Trust

Trust is essential for a society to function. It’s even more critical in a digital society where transactions take place between parties that can only rely on each other supplied digital Identity. eIDAS Regulation provides – for the first time – a clear, universal and comprehensive Trust framework for the digital world. Thanks to eIdas, EU is today the country with the most advanced regulatory framework for Digital Trust but, the Regulation is not able to cope with the new challenges introduced by AI, IoT or Distributed Ledger Technologies. Software increasing...

Webcast

Jason Rose - Realizing the full potential of Consumer Identity

Customer Experience is Everything and Everything is Digital. Digital transformation is now the center of marketing, advertising and sales strategy across every industry and region, with today’s consumers demanding a seamless and relevant experience across online and offline channels and devices. Consumers and Regulators Demand Privacy, Security and Control of Personal Data With the rise of increasingly severe cybersecurity incidents and concerns over poor or unethical business practices, governments and their citizens are rewriting the rules for online commerce and the collection...

Webcast

Patrick Parker - The AI and Robotic Process Automation Revolution and the Upcoming Redesign of IAM

The AI and Robotic Process Automation revolutions are in full swing with record growth in both sectors as well as an explosion of new startups in this space. Not to be left behind, existing vendors are rushing to heed the call of AI and automation by sprucing up there existing product suites with conversational interfaces and smart AI-driven assistants. This session will cover the impact of these emerging technologies on the IAM product space and what can be expected in the near future.

Webcast

Dr. Sridhar Muppidi - Identity Meets Fraud Protection to Establish Digital Trust

In this session, we will introduce a framework to establish digital trust based on capabilities from fraud protection and Identity. This will quickly and transparently establish a trusted, frictionless digital relationship for your customers, employees, and business partners. The session will also highlight key scenarios of adoption, best practices and leveraging emerging topics like decentralized identity networks.

Webcast

Kim Cameron - The Laws of Identity on the Blockchain

Keynote at the European Identity & Cloud Conference 2018

Webcast

Doc Searls - How Customers Will Lead Companies to GDPR Compliance and Beyond

Nearly all advice on GDPR compliance is about what companies can do for other companies, or companies can do for themselves. There isn't much on what customers can do for companies, which may turn out to be the biggest help of all. That’s because customers are going to get more power all the time, and that’s exactly what the GDPR was made to encourage, whether regulators knew that or not. Doc Searls has been on this case for over a decade, leading ProjectVRM, which encourages development of tools and services that empower customers. (And which won a KuppingerCole award in...

Blog

Email Encryption Is Dead™. Or Is It?

As we all know, there is no better way for a security researcher to start a new week than to learn about another massive security vulnerability (or two!) that beats all previous ones and will surely ruin the IT industry forever! Even though I’m busy packing my suitcase and getting ready to head to our European Identity and Cloud Conference that starts tomorrow in Munich, I simply cannot but put my things aside for a moment and admire the latest one. This time it’s about email encryption (or rather about its untimely demise). According to this EFF’s announcement, a group...

Executive View

Executive View: StealthDEFEND® - 70366

Cyber-attacks often involve a complex process, including an insider threat element, which exploits compromised or illicit user credentials to gain access to data. StealthDEFEND is the real time file and data threat analytics component of the STEALTHbits’ Data Access Governance Suite. 

Webinar

Jun 28, 2018: Securing your Hybrid IT Environment with Privileged Access Management

As your business grows, so does your IT footprint – both on-premises and in the cloud. This adds to the overall complexity of managing access to the newly acquired IT assets and applications in addition to existing ones. The conventional approaches of managing privileged access using controls native to the individual operating systems, and other internal access policies, are not only cumbersome to manage but add to the security risks in today’s hybrid IT environment.

Press Release

European Identity & Cloud Conference 2018

Wiesbaden, May 2, 2018 – The European Identity & Cloud Conference , taking place May 15 - 18, 2018 at the Infinity Ballhaus Forum Unterschleissheim, Munich/Germany, is Europe’s leading event for Identity and Access Management (IAM), Privacy & GDPR, Blockchain ID, as well as Cybersecurity. For the 12th time KuppingerCole will bring together more than 50 exhibitors and 900+ participants from all over the world, including most leading vendors, end users, thought leaders, visionaries, and analysts.

Congress

May 14 - 17, 2019: European Identity & Cloud Conference 2019

Come to the place where the Digital Transformation is happening. The European Identity & Cloud Conference, held from May 14-17, 2019, offers a mixture of best practice discussions, visionary presentations, and networking opportunities with a future-oriented community. More than 800 thought leaders, leading vendors, analysts, executives, and end-users get together in Munich to be inspired by a list of world-class speakers.

Webinar

Jun 20, 2018: Best Practices of Privileged Identity Management

Security and risk management leaders need to balance the significant security risks associated with unmanaged privileged access against the administrative and other operational efficiencies achieved by conventional privileged access management practices.

Webcast

Zero Trust: Solving IT Security’s Identity Crisis

Although companies are constantly increasing their cybersecurity budgets, this does not seem to help much: each day we learn about new large-scale data breaches. Considering that over 80% of hacking-related breaches leverage compromised user credentials, it’s mindboggling why so many organizations are still focusing on securing their network perimeters.

Executive View

Executive View: Oracle Database Security Assessment - 70965

This report provides an executive summary of Oracle’s Database Security capabilities based on recently published KuppingerCole research. It covers both the company’s traditional database security solutions and the innovative Autonomous Database cloud platform.

Executive View

Executive View: Pirean Consumer IAM Platform - 70223

In today’s modern digital environments, organizations need an IAM solution that can span the breadth of employees, consumers, and citizens. Pirean's Access: One provides a single point of access and control that can meet these need with support for secure mobility and flexible workflows.

Executive View

Executive View: Cleafy - 79030

Cleafy is an integrated real-time clientless threat detection and prevention platform for online services in highly regulated industries, providing protection against advanced targeted attacks for web applications and mobile apps.
 

Webinar

Jun 15, 2018: Wie Sie mit der Kombination aus Technologie und Awareness eine zukunftsfähige Cybersecurity-Strategie entwerfen

Mehr Cyberangriffe, mehr Investitionen – aber zahlt sich das für Ihr Unternehmen aus? Die richtige Cybersecurity-Strategie und die richtigen Tools helfen, Ihre Budgets gezielt einzusetzen, den Erfolg zu messen und insbesondere die Risiken durch die stetig wachsende Zahl von Angriffen und deren immer raffinierteren Methoden zu reduzieren.

Webcast

Access Management Leading the Cloud Transformation Drive

To survive the fierce market competition in the era of Digital Transformation, businesses strive to be as agile as possible, to quickly adjust to constantly changing customer demands, industry regulations and modern technologies. Driven by cloud transformation and digitalization, modern companies are becoming increasingly open and interconnected, with massive numbers of people, devices and applications forming millions of relationships across geographically and technologically diverse environments.

Executive View

Executive View: RadiantOne Federated Identity Suite - 70845

Radiant Logic’s federation suite evolves the directory to be a “single source of truth” about identity data in even the most complex hybrid enterprise. It provides an important building block at the center of an integrated identity management capability.

Webinar

Jun 07, 2018: Cloud IGA: Built for Hybrid Reality

Conventionally, Identity Governance and Administration (IGA) products have been developed and deployed with a focus on on-premise IT systems and applications. While IAM leaders were still struggling with IGA solutions to deliver effective identity administration and access governance, the move to cloud with a need to support an increasingly mobile workforce has entirely changed the IAM priorities for organizations.

Webcast

An overview of the Leadership Compass: Endpoint Security Anti-Malware

Malware has been on the rise. Ransomware continues to grab the headlines. New malware variants proliferate by the millions. Old style manual malware analysis can't keep pace. But organizations are increasingly under attack. Fortunately, vendors have been enhancing and improving their products to help their customer successfully defend against these attacks.

Blog

RSA’s 2018 Conference Starts Bi-Polar and Ends with a Minor Breach

It is a world of great turmoil and considerable fear amidst incredible human progress. No wonder the RSA keynotes seemed bi-polar - mixing fear one moment, hope and inspiration the next.  RSA opened with a somber act from rapper poet Kevin Olusola to the conference theme: "Now Matters" “Together we rise, together we fallNow matters, for one and for all” Rohit Ghai, President of RSA Security, introduced the conference with the message that - despite the headlines - cybersecurity is getting better, not worse.  Why better? The world reads about breaches, not...

Webinar

Jun 05, 2018: Policy-Based Access Management – A Reliable Foundation for Your Next-Generation Unified IAM

As companies adopt numerous new technologies and establish new communications channels with their partners, suppliers or even customers, the amounts of sensitive information that’s stored across on-premises systems and cloud services are growing exponentially, and the task of managing secure access to this data by numerous third parties is quickly getting out of control. Hence, instead of managing access to individual systems with separate technology stacks, many companies are looking for more universal and future-proof alternatives, aiming for establishing granular, centrally-managed...

Blog

Some Perspective on Self-Sovereign Identity

Identity isn't hard when you don't always use it. For example, here in the natural world we are anonymous—literally, nameless—in most of our public life, and this is a handy thing. Think about it: none of us walks down the street wearing a name badge, and it would be strange to do so. A feature of civilization is not needing to know everyone's name, or details about their lives, and to give others information about ourselves on a need-to-know basis. To be anonymous, however, does not mean to lack distinction. In fact to be human is to be distinctive: designed by nature to look...

Webcast

Privileged Attack Vectors: Verständnis und Minimierung interner und externer Cyber-Risiken

Zunehmend ausgefeilte Cyber-Angriffe und strenge neue Datenschutzbestimmungen haben dazu geführt, dass Privilege Management-Lösungen von der relativen Unbekanntheit bis an die Grenze der Cybersicherheit gebracht wurden. Eine effiziente PxM-Strategie muss heutzutage mehrere Funktionsbereiche abdecken, wie z.B. Verwaltung und automatische Rotation von Passwörtern, Durchsetzung des Least Privilege Prinzips, Schwachstellenintegration, zentrale Analyse, Auditierung und Schutz. Nur ein solcher ganzheitlicher Ansatz ermöglicht eine vollständige Transparenz aller...

Whitepaper

Whitepaper: Saviynt: IAM for the Hybrid Reality. Efficiently Managing On-Premise IT and the Cloud - 70364

Most organizations today run in a hybrid IT environment. However, their IAM solutions have repeatedly been built for the traditional on-premises IT. IAM needs to become a service that supports the hybrid IT infrastructure organizations run today. This whitepaper describes the paradigm shift, the customer needs, and a solution to help businesses move forward in this hybrid IT environment.

Executive View

Executive View: ARCON Privilege Manager - 70950

ARCON offers a platform suite with multiple Privilege Management capabilities bundled in a single product offering. In addition to generic capabilities necessary for managing privileged access across a typical IT infrastructure, ARCON’s PAM suite offers distinct advantages to support the scalability and complexity requirements of large data centre deployments.

Webinar

Jun 19, 2018: Datendiebstahl, Malware, DSGVO - Unstrukturierte Daten Zwischen Kollaboration & Compliance

Die Mengen an digitalen Daten, die Organisationen nun speichern und verarbeiten müssen, wachsen exponentiell. Dabei geht es nicht nur um die Digitalisierung bestehender Geschäftsprozesse - für viele Unternehmen sind die Daten selbst zum wertvollsten Gut geworden, das sie vor Lecks und unberechtigtem Zugriff schützen müssen.

Webinar

Jun 21, 2018: Managing Authentication and Access for Different Identities in Hybrid Environments

The Digital Transformation is driving enterprises in all geographies and throughout most verticals to become open and connected. These enterprises need to digitally engage with their customers, to technologically empower and mobilize their employees, to optimize their current business processes and to ultimately transform their products. At the same time, large-scale cyberattacks and wrongful exploitation of personal data has reached an all-time high and the associated risks are further increasing.

Blog

Without Prosecution, There Is No Protection

The Equifax data breach saga continues to unfold. In late 2017, the company admitted it had suffered significant data loss starting in March of last year. There were likely multiple data theft events over a number of months. At some point in May, they notified a small group of customers but kept mostly quiet. Months later the story went public, after Equifax contacted government officials at the US federal and state level. The numbers and locations of consumers affected by the breach keeps growing. As of March 1, 2018, Equifax is reported to have lost control of personally identifiable...

Blog

Insight, Control and Automation for Intelligent Security Technologies Within Virtualized Environments

Traditional endpoint and infrastructure security approaches are tackling changes to OS, application and communication by monitoring these through dedicated solutions installed as agents onto the actual system. Often these solutions search for specific violations and act upon predefined white listed applications / processes or blacklisted identified threats. Due to their architecture, virtualization platforms and cloud infrastructures have completely different access to security-relevant information. When intelligently executed, real-time data and current threats can be correlated. But much...

Executive View

Executive View: inWebo 2FA Platform - 79002

inWebo offers a cloud-based Two-Factor Authentication (2FA) solution, with some unique and proprietary authentication methods that can be less obtrusive and more user-friendly. The inWebo solution provides easy-to-deploy application plug-ins and SDKs for mobile authenticators.

Executive View

Executive View: Micro Focus Privileged Account Manager - 71314

With massive data breaches in the headlines and increased regulatory scrutiny of failures to implement effective cybersecurity controls, enterprise management of privileged user accounts has become a business imperative. This report provides an overview of Micro Focus’ NetIQ Privileged Account Manager.

Webinar

Jun 12, 2018: Classification - the Intelligent Way to Ensure Strong Data Protection

As businesses are increasingly embracing the digital transformation, the volumes of information that a typical company has to collect, keep, transport and process is growing exponentially. Massive amounts of digital data are now being stored in various structured and unstructured formats across multiple environments – both on-premises and in the cloud – and businesses are struggling to keep up with the demands generated from the increasingly globalized regulatory environment.

Leadership Compass

Leadership Compass: Infrastructure as a Service – Global Providers - 70303

The KuppingerCole Leadership Compass provides an overview of vendors and their product or service offerings in a certain market segment.  This Leadership Compass focusses on Infrastructure as a Service (IaaS) from Cloud Service providers (CSP) with a global presence and with a specific focus on security and compliance.

Webcast

Cloud Data Protection Done Right: When Bringing Your Own Key Just Isn’t Enough

Data encryption is undoubtedly the most popular technology for securing data in the cloud, but also one of the most misunderstood ones. Although most cloud service providers offer their own capabilities for encrypting data at rest or in transit, their implementations may vary dramatically in scope and quality. Without understanding of underlying principles, it is too difficult for most customers to see behind marketing buzzwords and to estimate what grade of security they are actually getting. Protecting your data from unauthorized access isn’t even your cloud provider’s legal...

Blog

BAIT: Clearer Guidelines as a Basis for More Effective Implementation

If legal laypersons (as I am) read legal texts and regulations, they often miss clear and obligatory guidelines on how to implement them in practice. This is not least due to the fact that laws are generally designed to last and are not directly geared to concrete measures. This type of texts and provisions regularly contain references to the respective "state of the art". For example, it is obvious that detailed requirements on how companies should implement the protection of the privacy of customers and employees cannot necessarily be found in the EU General Data Protection Regulation...

Webcast

Acing the Upcoming GDPR Exam

With only weeks to go until the EU GDPR (General Data Protection Regulation) takes effect on May 25th, global businesses are scrambling to figure out how to avoid the hefty fines that loom for companies failing to achieve compliance. Sanctions for non-compliance are very severe with penalties of up to 4% of annual worldwide turnover.

Blog

2018 – the Turning Point for Social Networks

The Facebook data privacy story continues to be in the headlines this week. For many of us in IT, this event is not really a surprise. The sharing of data from social media is not a data breach, it’s a business model. Social media developers make apps (often as quizzes and games) that harvest data in alignment with social networks’ terms of service. By default, these apps can get profile information about the app users and their friends/contacts. There are no granular consent options for users. What gives this story its outrage factor is the onward sharing of Facebook user data...

Blog

FIAM – Fake Identity and Access Management

Just when you thought we had enough variations of IAM, along comes FIAM. Fake digital identities are not new, but they are getting a lot of attention in the press these days. Some fake accounts are very sophisticated and are difficult for automated methods to recognize. Some are built using real photos and stolen identifiers, such as Social Security Numbers or driver’s license numbers. Many of these accounts look like they belong to real people, making it difficult for social media security analysts to flag them for investigation and remove them. With millions of user credentials,...

Executive Meet Up

Jun 28, 2018: Executive Meet Up München

KuppingerCole begrüßt sie persönlich zu einer exklusiven Gesprächsrunde mit anderen Entscheidungsträgern, moderiert von unserem Gründer und Principal Analyst Martin Kuppinger. Die Abendveranstaltung wird begleitet von einem Dinner und findet in der Käfer-Schänke, Prinzregentenstraße 73, 81675 München statt.

Webinar

Apr 24, 2018: An overview of the Leadership Compass: Endpoint Security Anti-Malware

Malware has been on the rise. Ransomware continues to grab the headlines. New malware variants proliferate by the millions. Old style manual malware analysis can't keep pace. But organizations are increasingly under attack. Fortunately, vendors have been enhancing and improving their products to help their customer successfully defend against these attacks.

Whitepaper

Whitepaper: Pirean: Orchestrated Identity for Meeting IAM & CIAM Requirements -70225

Identity and Access Management (IAM) for employees and partners is a foundational element in all digital environments today.  Consumer Identity and Access Management (CIAM) systems and services provide new technical capabilities for organizations to know their customers better.  Pirean’s solutions for IAM and CIAM can help companies deploy a single solution to meet both sets of business objectives.    

Blog

PSEUDO WHAT AND GDPR?

GDPR comes into force on May 25th this year, the obligations from this are stringent, the penalties for non-compliance are severe and yet many organizations are not fully prepared. There has been much discussion in the press around the penalties under GDPR for data breaches. KuppingerCole’s advice is that preparation based on six key activities is the best way to avoid these penalties. The first two activities are first to find the personal data and second to control access to this data. While most organizations will be aware of where personal data is used as part of their normal...

Executive View

Executive View: Microsoft Azure Information Protection - 72540

Microsoft Azure Information Protection creates a viable user experience for data classification and labeling of Office documents and emails. It enables sensitive data discovery; integrates data protection capabilities throughout Microsoft’s Azure, Office, and Windows environments; and is gaining third party support from Adobe and data leakage prevention (DLP) vendors among others. KuppingerCole recommends clients invested in Office365 and Azure consider adopting AIP as part of their data protection strategy.

Webinar

Apr 26, 2018: Access Management Leading the Cloud Transformation Drive

To survive the fierce market competition in the era of Digital Transformation, businesses strive to be as agile as possible, to quickly adjust to constantly changing customer demands, industry regulations and modern technologies. Driven by cloud transformation and digitalization, modern companies are becoming increasingly open and interconnected, with massive numbers of people, devices and applications forming millions of relationships across geographically and technologically diverse environments.

Executive View

Executive View: UNIFY Identity Broker - 70263

With today's ever-growing IT requirements for integrations between identity sources, applications and services whether on-premise, the cloud, or hybrid environments, an advanced identity provider service is required to bridge these disparate technologies. UNIFY Solutions overcomes these challenges with their Identity Broker.

Leadership Brief

Leadership Brief: Securing PSD2 APIs - 79028

The Revised Payment Service Directive (PSD2) mandates that banks provide APIs for Account Information Service Providers (AISPs) and Payment Initiation Service Providers (PISPs) to use.

Leadership Brief

Leadership Brief: Marketing Chatbots and GDPR - 79026

Chatbots are a recent trend in marketing automation, designed to enhance customers’ digital journeys and elicit more information from consumers. This report evaluates the impact of GDPR will have on the use of chatbots and provides an overview of topics to be considered in order to ensure compliance.

Blog

Azure Advanced Threat Protection: Securing Your Identities Right From the Cloud

Recently, Microsoft has announced general availability for another addition to their cybersecurity portfolio: Azure Advanced Threat Protection (Azure ATP for short) – a cloud-based service for monitoring and protecting hybrid IT infrastructures against targeted cyberattacks and malicious insider activities. The technology behind this service is actually not new. Microsoft has acquired it back in 2014 with the purchase of Aorato, an Israel-based startup company specializing in hybrid cloud security solutions. Aorato’s behavior detection methodology, named Organizational Security...

Webcast

Holistic Approach to Cyber Risk Governance in the GDPR Era

Pressured by the Digital Transformation, corporate networks are becoming increasingly complex, spanning across multiple geographical locations and technology platforms. Unfortunately, even as companies are becoming more open to the outside world, different business units within the same company still remain essentially isolated when it comes to consistently measuring and exchanging security and risk management data across their networks. Without full and clear visibility into the true company-wide risk posture, executives are bound to have massive difficulties understanding and...

Advisory Note

Advisory Note: Security Organization Governance and the Cloud - 72564

The cloud provides an alternative way of obtaining IT services that offers many benefits including increased flexibility as well as reduced cost.   This document provides an overview of the approach that enables an organization to securely and reliably use cloud services to achieve business objectives.

Leadership Brief

Leadership Brief: The Anti-Malware Requirement in PSD2 - 79027

The Revised Payment Service Directive (PSD2) mandates thatservice providersevaluatetransaction requests for signs of malware infection. In order for transactions to be considered low-risk, there must be no signs of malware infection in any sessions of authentication events.

Webcast

Faktor Mensch: Wie man das schwächste Glied der IT-Infrastruktur Ihres Unternehmens schützt

Obwohl der Markt mit einer großen Anzahl von Sicherheitslösungen reagiert und die Budgets für Cybersicherheit ständig wachsen, scheinen sich viele Unternehmen immer noch auf den Schutz von Endgeräten und Netzwerken zu konzentrieren. Sie übersehen dabei das kritischste Ziel in ihren Reihen - die Menschen. Aktuelle Studien zeigen deutlich, dass Hacker sich davon entfernen, Schwachstellen in der Infrastruktur zu attackieren und stattdessen den Faktor Mensch über Kanäle wie E-Mail, Social Media und mobile Anwendungen ausnutzen. Statt ausgefeilte...

Blog

CyberArk Acquires Vaultive to Strengthen Its Privilege Management Capabilities in Cloud

CyberArk, an overall leader in privilege management according to KuppingerCole Leadership Compass on Privilege Management, announced yesterday that it has acquired certain assets in a privately held America-based Israeli cloud security provider, Vaultive. Data encryption has emerged as a key inhibitor for organizations seeking to adopt cloud services. Most cloud providers today offer own encryption to ensure that data in transit and at rest remains unreadable if a breach occurs. However, as organizations adopt multiple SaaS...

Webinar

Apr 10, 2018: Acing the Upcoming GDPR Exam

With only weeks to go until the EU GDPR (General Data Protection Regulation) takes effect on May 25th, global businesses are scrambling to figure out how to avoid the hefty fines that loom for companies failing to achieve compliance. Sanctions for non-compliance are very severe with penalties of up to 4% of annual worldwide turnover.

Webcast

Panel - PSD2 and Open API Solutions

By giving access to customer’s online account (XS2A), PSD2 lays the foundation for new and exciting digital payments system. Many new opportunities arise through the innovative and wide-ranging usage of APIs which can be mutually beneficial for banks, TPPs and customers. In this session we will discuss the novel concepts for post-PSD2 financial ecosystem. 

Webcast

Ivana Bartoletti - Meeting the GDPR Transparency Requirements in Digital Finance

Presentation at the Digital Finance World 2018 in Frankfurt, Germany

Webcast

Guido Scholz - GDPR Is Not Only Law, It Is Also a Trusted Relationships with Customers

Presentation at the Digital Finance World 2018 in Frankfurt, Germany

Webcast

Jason Boud - A Panorama of RegTech Trends and of the RegTech Market

Presentation at the Digital Finance World 2018 in Frankfurt, Germany

Webcast

Mike Small - PSD2 – Does the RTS Prohibit Secure Customer Authentication?

On January 13 th , 2018 a new set of rules for banking came into force that open up the market by allowing new companies to offer electronic payment services.  On November 27 th , 2017 the European Union published and press release and a draft Regulatory Technical Standard (RTS) on strong authentication. On the one hand the press release says that – “thanks to PSD2 consumers will be better protected when they make electronic payments or transactions because the RTS makes strong customer authentication (SCA) the basis for accessing one's payment account, as well as for...

Webcast

Dr. Karsten Kinast - Preparing for GDPR: Key Aspects and Best Practices for Financial Services

The EU General Data Protection Regulation (GDPR) will be implemented in May 2018. It replaces the Data Protection Directive 95/46/EC and was designed to harmonize data privacy laws across Europe, to protect and empower all EU citizens data privacy and to reshape the way organizations across the region approach data privacy. To achieve ist ambition the GDPR will introduce several new concepts, rights and duties. Some of these have a significant impact on financial services and may require a change to both the handling and use of personal data. The Keynote will give an introduction to the...

Webcast

Michael Backes - CollectAI: How an Innovative Financial Service Leverages AI from the Start

Since 2012 Otto Group Digital Solutions, the Otto Group's company builder, has worked to build strategically-relevant business models in the financial industry, combining the assets of the corporate ecosystem with entrepreneurial know-how and cutting-edge technology. This keynote will showcase how we leveraged AI in our latest startup, collectAI, in order to create a value proposition that combines the best of "Man and Machine." In addition, we will look at the potential for continuous improvement moving forward.

Webcast

Daniel Kjellén - Say Goodbye to the Service Formerly Known as Banking – A Case Study on the Changes We Expect to See Across Europe

  Everyone has been talking about how PSD2 will unlock retail banking, opening up the market to new entrants and decrease banks’ power on the market. But if you are looking at the future of finance, look no further than Sweden. Daniel Kjellén, CEO and co-founder of Tink, a Swedish fintech recently identified by UBS as ”the shape of the changes we expect to see across Europe in time”, will share a case study of Sweden’s journey from financial monopolies to a consumer led market which delivers money on autopilot.  Sweden is...

Webcast

Dr. Hans-Peter Güllich - Applying Artificial Intelligence for a New Age of Risk and Compliance Management

Misguided, mismanaged and misunderstood. How to provide easy to understand key information supporting fundamental C-Level decisions in the years ahead? Due to the sheer mass of available data organisations are missing an ongoing and real time monitoring of external and internal data and information allowing them to identify internal weak points (e.g. compliance failures, risk management issues, etc.), provide an early detection of risk relevant web content and comprehensively communicate the actual risk situation to all management levels.

Webcast

Yana Afanasieva - Licensing, AML and other Regulatory Requirements Applicable to Cryptocurrency Operators

Yana will address several of the most common misperceptions about cryptocurrency operations, and argue that they are, in fact, already regulated under existing rules,  such as PSD2, AMLD4, investor protection and consumer rights regulation. Yana will also make a case that transactions in cryptocurrencies do not necessarily increase AML risks of the operator, especially, not in comparison to transactions with cash. Several best practices of how to organize the compliance framework for a cryptocurrency-related service provider will be given.

Webcast

Best Practices and Essential Tools for GDPR Compliance

Join this KuppingerCole webinar to get practical, straightforward advice on how to prepare for GDPR, including:

  • Devising and maintaining a plan to detect a data breach,
  • Properly documenting evidence of compliance for auditors,
  • Evaluating the effectiveness of your security practices,
  • Minimizing costs by reducing the number of tools and processes needed,
  • Selecting the right technology platform or managed service

Webcast

Panel - PSD2 and the Identity Problem

Panel discussion at the Digital Finance World 2018 in Frankfurt, Germany

Webcast

Matthias Reinwarth - You Are Here! Assessing Your Organisation‘s GDPR Readiness

Presentation at the Digital Finance World 2018 in Frankfurt, Germany

Webcast

Parth Desai - Open Banking Challenges & Opportunities: Why AI is the Essential Business Enabler

Presentation at the Digital Finance World 2018 in Frankfurt, Germany

Webcast

Dr. Khanh Dang Ngo - Improving Smart Contracts with Civil Code

Presentation at the Digital Finance World 2018 in Frankfurt, Germany

Webcast

Mark Stephen Meadows - Why Bots Need License Plates

The consumer experience is changing radically, and globally. Today, AI-powered bots in the form of chatbots, voice assistants, and avatars, are responsible for the majority of traffic on the web and conversational systems.  And CPA chatbots or accountant avatars are now telling us what to do with our money – what to buy, where to buy it, and where to invest.  How can we trust these bots? After all, they are made by humans, and sadly not all humans have your best interest at heart. These bots need license plates. Bots and AI need authentication. They need regulation,...

Webcast

Martin Kuppinger - 2018 - The Year of Disruption: Why the Finance Business Will Never Be the Same Again

The year 2018 brings major changes to the financial industry. Two disruptive regulations (PSD2 and GDPR) come into effect early in the year and will have a far-reaching impact. Their implementation can be a challenge, but through these directives new opportunities will be created. Furthermore, the blockchain technology is becoming increasingly relevant and influential in the financial sector through its practical use. This Keynote will discuss the three game-changers, PSD2, GDPR and Blockchain impacting the industry and will give recommendations for the necessary actions. 

Webcast

Urs Zurbuchen - Revised Payment Service Directive: Understanding Its Technical Requirements for a Smooth and Secure Customer Experience

PSD2 will require 2 major technology thrusts: exposing and securing APIs for banking functions, and presenting strong authentication options for financial customers. Banks have to open up many of their core banking functions to enable the PSD2 ecosystem where Third Party Providers (TPPs) can directly initiate payment transfers and aggregate account information. Urs Zurbuchen will present how important a combined approach of web application security and identity access management is to fulfill the necessary compliance requirements. Especially for strong customer authentication the market is...

Webcast

John Erik Setsaas - A Blockchain Reality Check - Why Blockchain May Not Be the Answer to the Identity Challenges

Blockchain is everywhere, and blockchain promises to solve any kind of problem, including that of the digital identity. This presentation will take a critical look at the promises, and look at possible scenarios for identities on the blockchain, as well as why this may not be a good idea.

Webcast

Balázs Némethi - How Blockchain Will Connect the Material Space to the Foundation of the Digital Space: Identity

Presentation at the Digital Finance World 2018 in Frankfurt, Germany

Blog

Make Things Happen Rather Than Watch Things Happen With Vendor-Provided Compliance Solutions

In May 2017, my fellow KuppingerCole analyst Mike Small published the Executive Brief research document entitled “Six Key Actions to Prepare for GDPR” (then and now free to download). This was published almost exactly one year before the GDPR takes full effect and outlines six simple steps needed to adequately prepare for this regulation. “Simple” here means “simple to describe”, but not necessarily “simple to implement”.   However, while time has passed since then, and further regulations and laws are gradually gaining additional...

Executive View

Excutive View: Axiomatics APS - 70346

Axiomatics provides a complete enterprise-grade dynamic authorization solution that can address an organization's breadth of access control needs. The Axiomatics Policy Server (APS) makes available a suite of tools and services to manage an Attribute Based Access Control (ABAC) policy life-cycle efficiently.

Webinar

Apr 12, 2018: Cloud Data Protection Done Right: When Bringing Your Own Key Just Isn’t Enough

As companies continue to expand their adoption of cloud services for such benefits as improved flexibility and scalability, reduced time to market, and cost savings, protecting their sensitive data across a large number of SaaS platforms is becoming increasingly complicated. For heavily regulated industries, security and data protection have been the largest barriers to cloud adoption for years, but with the upcoming General Data Protection Regulation (GDPR)’s significantly tightened compliance controls and massive penalties for violations, protecting sensitive data in the cloud is becoming...

Blog

Not a Surprise: German Government Under (Cyber) Attack

Yesterday, the reports of the German government having become a victim of a cyber-attack spread the news. According to them, the attack affected the Ministry of Defense and the Department of Foreign Affairs. There is an assumption that the attack had been carried out by APT28, a group of Russian hackers. However, only very few details are available to the public.When reading the news, there are various points that made me raise my eyebrows. These include it has been a group of Russian hackers the attack is under control/isolated the German government network is well secured there has...

Executive View

Excutive View: Imprivata - 71514

On October 24, 2017, Imprivata significantly enhanced their healthcare-focused enterprise SSO offering with Identity Provisioning and Access Governance capabilities acquired from Caradigm. With that offering they are broadening their portfolio while remaining focused on the healthcare market segment.

Whitepaper

Whitepaper: GDPR Herausforderungen mit Delphix meistern - 70368

Mit der neuen Datenschutz-Grundverordnung (GDPR) führt die EU strenge Kontrollen bezüglich der Verarbeitung personenbezogener Daten von EU-Bürgern sowie hohe Geldstrafen bei Nicht-Einhaltung eben dieser ein. Die Compliance der Grundverordnung erfordert kostenintensive Kontrollen, die sich mit den direkten geschäftlichen Vorteilen der Verarbeitung personenbezogener Daten rechtfertigen lassen. Die Nutzung von personenbezogenen Daten für Nicht- Produktions-Zwecke, wie Entwicklung und Testing, birgt jedoch die gleichen Risiken und erfordert die gleichen...

Whitepaper

Whitepaper: Meeting GDPR Challenges with Delphix - 70368

GDPR introduces stringent controls over the processing of PII relating to people resident in the EU with high penalties for non-compliance.  Compliance requires costly controls that can be justified for processing of PII with direct business benefits.  However, using PII for non-production purposes such as development and test, incur the same risks and need the same costly controls.  Organizations can avoid these risks and costs by using data masking techniques to remove PII from data used for non-production purposes. The Delphix Dynamic Data Platform can help organizations...

Advisory Note

Advisory Note: Cloud Services and Security - 72561

This report provides a review of the major security risks from the use of cloud services, how responsibility for security is divided between Cloud Service Provider and customer and the key controls that an organization should implement to manage these risks. 

Webinar

May 03, 2018: Zero Trust: Solving IT Security’s Identity Crisis

Although companies are constantly increasing their cybersecurity budgets, this does not seem to help much: each day we learn about new large-scale data breaches. Considering that over 80% of hacking-related breaches leverage compromised user credentials, it’s mindboggling why so many organizations are still focusing on securing their network perimeters.

Webinar

Apr 19, 2018: Privileged Attack Vectors: Verständnis und Minimierung interner und externer Cyber-Risiken

Eine der unglücklichen Folgen des fortschreitenden Digitaltransformationsprozesses ist die ständig steigende Komplexität der IT-Infrastrukturen von Unternehmen. Die Einführung von Cloud-Technologien, der Ausbau der mobilen Arbeitskräfte und die zunehmende Abhängigkeit von ausgelagerten IT-Mitarbeitern haben dazu geführt, dass der sichere Unternehmensbereich nahezu vollständig verschwunden ist und die Überwachung und Kontrolle privilegierter Zugänge sehr komplex und teuer geworden ist. 

Webcast

How to Make Your IAM Program a Success

The best way to ensure the success of your company’s IAM program is to follow in the footsteps of organizations whose programs have proven successful, learn from their leading IAM experts and avoid common mistakes.
KuppingerCole has compiled a list of recommendations and best practices based on a series of interviews with enterprise security architects, IAM leads, CISOs and other executives from a number of large enterprise organizations in different industries across the globe.

Blog

GDPR and Financial Services – Imperatives and Conflicts

Over the past months two major financial services regulations have come into force. These are the fourth money laundering directive (4AMLD) and the Second Payment Services Directive (PSD II). In May this year the EU General Data Protection Regulation will be added. Organizations within the scope of these need to undertake a considerable amount of work to identify obligations, manage conflicts, implement controls and reduce overlap. The EU GDPR (General Data Protection Regulation), which becomes effective on May 25th, 2018, will affect organizations worldwide that hold or process personal...

Webcast

The Evolution of Identity Governance: From Basic Compliance to Federated Security Assurance

As the number of business applications across different platforms and environments is rapidly growing, the resulting complexity and heterogeneous nature of modern corporate IT infrastructures makes storing, analyzing and protecting this critical business information an incredibly complicated task. Nowadays, data may be spread across multiple networks and systems in a broad range of formats (structured and unstructured), accessed by a large number of users (not just employees, but contractors, partners and even customers) from multiple device platforms and governed by a wide range of...

Executive Meet Up

Jun 06, 2018: Executive Meet Up Frankfurt

KuppingerCole begrüßt sie persönlich zu einer exklusiven Gesprächsrunde mit anderen Entscheidungsträgern, moderiert von unserem Lead Advisor und Senior Analyst Matthias Reinwarth. Die Abendveranstaltung wird begleitet von einem Dinner und findet in der Kameha Suite, Taunusanlage 20, 60325 Frankfurt am Main, statt.

Blog

EBA Rules out Secure Open Banking?

On January 30th in London I attended a joint workshop between OpenID and the UK Open Banking community that was facilitated by Don Thibeau of OIX. This workshop included an update from Mike Jones on the work being done by OpenID and from Chris Michael Head of Technology, OBIE on UK Open Banking. Firstly, some background to set the context for this. On January 13th, 2018 a new set of rules for banking came into force that stem from the EU Directive 2015/2366 of 25 November 2015 commonly known as Payment Services Directive 2 (PSD2). While PSDII prevents the UK regulators from mandating a...

Advisory Note

Advisory Note: How to Assure Cloud Services - 72563

This report is one of a series of documents around the use of cloud services.  It identifies how standards as well as, independent certifications and attestations can be used to assure the security and compliance of cloud services.

Executive View

Executive View: VMware AppDefense - 70840

Fully integrated protection of virtual machines as part of the software defined data center. From capturing expected behavior to efficiently responding to detected threats: Intelligent endpoint security technology leveraging the insight, control and automation available within virtualized environments.

Whitepaper

Point of View Paper: One Identity - The Journey to IAM Success - 70226

Identity and Access Management (IAM) is many things. For some it’s all about streamlining the user experience through technologies and practices that make it easier for them to securely logon. For others, IAM is all about identity lifecycle management – ensuring that accounts are set up, modified, and retired in a timely, accurate, and secure manner. And for still others it’s focused on security and compliance through technologies and practices that make governance activities such as attestations easy and complete, or adding a layer of control and visibility to privileged...

Blog

Successful IAM Projects Are Not a Rocket Science – if You Do It Right

While we still regularly see and hear about IAM (Identity & Access Management) projects that don’t deliver to the expectations or are in trouble, we all see and hear about many projects that ran well. There are some reasons for IAM projects being more complex than many other IT projects, first and foremost the fact that they are cross-system and cross-organization. IAM integrates a variety of source systems such as HR and target systems, from the mainframe to ERP applications, cloud services, directory services, and many others. They also must connect business and IT, with the...

Webinar

Mar 13, 2018: Faktor Mensch: Wie man das schwächste Glied der IT-Infrastruktur Ihres Unternehmens schützt

Um im hart umkämpften und sich ständig verändernden globalen Markt bestehen zu können, sind Unternehmen gezwungen, ständig neue Technologien und Plattformen einzuführen, die unweigerlich zu einer erheblichen Erhöhung der Komplexität ihrer IT-Infrastrukturen führen. Da sensible Geschäftsdaten über mehrere geografische Standorte verteilt sind, wird die Anzahl der Angriffsvektoren, die vor Cyberangriffen geschützt werden müssen, immer größer.

Conference

Nov 20 - 22, 2018: Consumer Identity World APAC 2018

The Consumer Identity World Tour is the place where you get input for your perfect CIAM Strategy. Learn more about Privacy by Design, Consent Life Cycle Management and the needs of your customers. Get to know how to secure their personal information in a strategic and user-friendly way.

Conference

Oct 29 - 31, 2018: Consumer Identity World EUROPE 2018

The Consumer Identity World Tour is the place where you get input for your perfect CIAM Strategy. Learn more about Privacy by Design, Consent Life Cycle Management and the needs of your customers. Get to know how to secure their personal information in a strategic and user-friendly way.

Conference

Sep 19 - 21, 2018: Consumer Identity World USA 2018

The Consumer Identity World USA is the place where you get input for your perfect CIAM Strategy. Learn more about Privacy by Design, Consent Life Cycle Management and the needs of your customers. Get to know how to secure their personal information in a strategic and user-friendly way.

Blog

Free Tools That Can Save Millions? We Need More of These

When IT visionaries give presentations about the Digital Transformation, they usually talk about large enterprises with teams of experts working on exciting stuff like heterogeneous multi-cloud application architectures with blockchain-based identity assurance and real-time behavior analytics powered by deep learning (and many other marketing buzzwords). Of course, these companies can also afford investing substantial money into building in-depth security infrastructures to protect their sensitive data. Unfortunately, for every such company there are probably thousands of smaller ones,...

Webinar

Mar 15, 2018: Holistic Approach to Cyber Risk Governance in the GDPR Era

As we are getting closer to the dreaded May 25th deadline, when the General Data Protection Regulation will come into force, many companies are still struggling with implementing effective risk assurance programs that constitute a key requirement for any sensible cybersecurity and compliance strategy.

Leadership Compass

Leadership Compass: Enterprise Endpoint Security: Anti-Malware Solutions - 71172

This report provides an overview of the market for Enterprise Endpoint Security: Anti-Malware Solutions and provides you with a compass to help you to find the Anti-Malware product that best meets your needs.  We examine the market segment, vendor product and service functionality, relative market share, and innovative approaches to providing Anti-Malware solutions for enterprises.

Blog

UK Open Banking – Progress and Challenges

On January 13th, 2018 a new set of rules for banking came into force that open up the market by allowing new companies to offer electronic payment services. These rules follow from the EU Directive 2015/2366 of 25 November 2015 that is commonly referred to as Payment Services Directive II (PSDII). They promise innovation that some believed the large banks in the UK would otherwise fail to provide. However, as well as providing opportunities they also introduce new risks. Nevertheless, it is good to see the progress that has been made in the UK towards implementing this directive. Under...

Blog

Consolidation in Privilege Management Market Continues: Bomgar Acquires Lieberman Software

Just two weeks after One Identity has acquired Balabit, the news spread about the next acquisition in this market segment: Bomgar acquires Lieberman Software. Both vendors have been active in this market. While Bomgar entered the market a couple of years ago, having a long history in Remote Control solutions, Lieberman Software is one of the Privilege Management veterans. Looking at their portfolios, there is some functional overlap. However, while the strength of Bomgar comes from Session Management related to their Remote Control features, Lieberman Software is stronger in the Shared...

Press Release

Digital Finance World 2018

Wiesbaden, Januar 31, 2018 – am Mittwoch, den 28. Februar startet zum zweiten Mal KuppingerColes Digital Finance World (DFW) im House of Logistics (HOLM) in Frankfurt a.M.. Die zwei-tägige englischsprachige Konferenz bietet abwechslungsreiche Vorträge und Diskussionspanels zu relevanten Themen der digitalen Finanzindustrie. Die Themenschwerpunkte sind Blockchain (Smart Contracts, Identity...), Cyber risk und Cybersecurity, Artificial Intelligence, Regulatory Management und die neuen Gesetze und Grundverordnungen PSD2 und GDPR. Die Teilnehmer können mit einem...

Press Release

Digital Finance World 2018

Wiesbaden, January 31, 2018 - On Wednesday, February 28th, 2018, starts KuppingerCole’s Digital Finance World (DFW) at the House of Logistics (HOLM) in Frankfurt am Main, Germany for the second time. The two-day conference offers various Keynotes talks und Panel discussions relevant to the Digital Finance Industry. Topics discussed will be Blockchain (Smart Contracts, Identity…), Cyber risk and Cybersecurity, Artificial Intelligence, Regulatory Management, and disruptive legislations such as PSD2 and GDPR. Participants can interact with a targeted and engaged audience...

Webinar

Mar 08, 2018: Best Practices and Essential Tools for GDPR Compliance

With just over three months until the General Data Protection Regulation (GDPR) comes into force in the European Union, many organizations are still struggling to prepare for the new regulation.

Innovation Slam

May 14, 2018: Blockchain ID Innovation Night

Up to 10 presentations, 10 Minutes each. Your talk will be rated by a Jury (5+ industry experts, technology professionals, academia, journalists) and by the delegates. The best 2 will get a keynote slot (10 minutes as well) in the main EIC program in front of 800 EIC delegates. The overall winner will win a crypto-prizemoney AND will be nominated for a European Identity Award.

Executive View

Executive View: FSP Identity Governance & Administration Suite ORG - 70841

Die FSP Identity Governance & Administration Suite ist eine Lösung zur Verwaltung des Identitäts- und Zugriffslebenszyklus und bedient somit den Markt für Identity Provisioning und Access Governance, gerade in stark regulierten Branchen. Ein besonderer Vorteil des Produkts ist die Kombination von rollenbasierter und richtlinienbasierter Zugriffssteuerung in einer einzigen Lösung.

Executive View

Executive View: RSA SecurID® Access - 70323

RSA SecurID Access is an integrated offering for Adaptive Authentication, supporting a broad range of different authentication methods on virtually any type of endpoint and integration to a large range of on-premises applications and cloud services. It supports context-aware authentication and uses machine learning to assess user risk and simplify the user experience.

Blog

One Identity Acquires Balabit

Yesterday, One Identity announced that they have acquired Balabit, a company specialized on Privileged Management, headquartered in Luxembourg but with their main team located in Hungary. One Identity, a Quest Software business, counts amongst the leading vendors in the Identity Management market. Aside of their flagship product One Identity Manager, they deliver a number of other products, including Safeguard as their Privilege Management offering. Balabit, on the other hand, is a pure-play Privilege Management vendor, offering several products with particular strengths around Session...

Executive View

Executive View: SAP HANA Platform Security - 70272

SAP HANA Platform securely supports the IT applications and services needed by organizations to achieve digital transformation as well as the traditional IT systems of record. It offers a high - performance database through in - memory processing and provides enterprise grade security features that cover  the  confi dentiality, integrity and availability of the data being held and processed. 

Executive View

Executive View: BeyondTrust PowerBroker for Unix & Linux - 70363

PowerBroker for Unix & Linux von BeyondTrust bietet Server Privilege Management und Session Management speziell für Unix- und Linux-Server. Solche Server sind häufig Angriffen sowohl von böswilligen Insidern als auch externen Hackern ausgesetzt. PowerBroker for Unix & Linux bietet umfassenden Schutz für privilegierte Accounts auf Unix- und Linux-Plattformen.

Conference

Sep 19 - Nov 22, 2018: Consumer Identity World Tour 2018

The Consumer Identity World Tour is the place where you get input for your perfect CIAM Strategy. Learn more about Privacy by Design, Consent Life Cycle Management and the needs of your customers. Get to know how to secure their personal information in a strategic and user-friendly way.

Webinar

Feb 20, 2018: The Evolution of Identity Governance: From Basic Compliance to Federated Security Assurance

Whenever people are talking about the Digital Transformation, they usually think about modern technologies like cloud computing. However, although adopting new technologies is important for staying relevant and competitive in the rapidly changing market, this transformation primarily reflects the growing volume of digital information that is powering key business processes and unlocking new business models. In many cases, digital data even becomes a company’s primary product and most valuable asset.

Executive View

Executive View: Symantec CloudSOC™ - 70615

Many organizations are using cloud services, but the use of these services is often poorly governed. Cloud Access Security Brokers (CASBs) provide functionality to discover the use of the cloud, to control which cloud services can be accessed and to protect the data held in these services. This report provides an up to date review of Symantec CloudSOC™ which strongly matches KuppingerCole’s recommended functionality for CASBs. It provides a valuable tool that organizations can use to improve governance over their use of cloud services.

Executive View

Executive View: Osirium: Privileged Access Management - 70836

Osirium’s Privileged Access Management provides a secure, streamlined way to monitor privileged users for all relevant systems. It manages context-driven access over any number of systems across an infrastructure, and supports an innovative, task-based approach. Furthermore, it comes with a well-thought-out gateway approach for supporting downstream applications.

Leadership Brief

Leadership Brief: A Practical Approach to Enterprise Security Architecture (ESA) - 70222

An enterprise security architecture (ESA) is a critical component to an enterprise architecture (EA) that describes how IT services, processes, and technologies should be protected given a customer’s unique business, security, and compliance requirements.

Executive View

Executive View: Thycotic Privilege Manager - 70221

Thycotic Privilege Manager is a tool focused on Least Privilege management and enforcement on endpoint systems, supporting both Windows and Mac systems. It provides application control and privilege management features to restrict the access and use of highly privileged accounts and thus minimize risks caused by cyberattacks and fraudulent users.

Webinar

Feb 22, 2018: How to Make Your IAM Program a Success

Identity and Access Management (IAM) is one of the most important and challenging disciplines, involving multiple departments and systems across the enterprise and requiring constant communication between the business and IT. Without IAM, it is difficult to mitigate access risks, to comply with regulations and to deliver a consistent and frictionless user experience.

Blog

Spectre and Meltdown: A Great Start Into the New Year!

Looks like we the IT people have gotten more New Year presents than expected for 2018! The year has barely started, but we already have two massive security problems on our hands, vulnerabilities that dwarf anything discovered previously, even the notorious Heartbleed bug or the KRACK weakness in WiFi protocols. Discovered back in early 2017 by several independent groups of researchers, these vulnerabilities were understandably kept from the general public to give hardware and operating system vendors time to analyze the effects and develop countermeasures for them and to prevent hackers...

Quicklinks

Welcome to KuppingerCole

How can we help you

Send an inquiry

+49 211 237 077 33

Mo – Fr 8:00 – 17:00

Stay Connected

Spotlight

Modern Cybersecurity Trends & Technologies Learn more

Modern Cybersecurity Trends & Technologies

Companies continue spending millions of dollars on their cybersecurity. With an increasing complexity and variety of cyber-attacks, it is important for CISOs to set correct defense priorities and be aware of state-of-the-art cybersecurity mechanisms. [...]