News Archive

Leadership Compass

Leadership Compass: Identity API Platforms - 79012

Identity API Platforms expose APIs to capabilities ranging from IAM to Federation and more while supporting both the agile and DevOps paradigms that address the more complex IT environments seen today. This Leadership Compass will give you an overview and insights into the Identity API Platform market; providing you a compass to help you find the product that you need.

Whitepaper

Whitepaper: KRITIS - Kritische Infrastrukturen verstehen und schützen - 80194

Organisationen oder Institutionen, die für die Öffentlichkeit wichtig sind, werden als Kritische Infrastrukturen (KRITIS = "Kritische Infrastrukturen") bezeichnet. Als solche unterliegen sie umfassenden und strengen Richtlinien, bestehend aus Gesetzen und Vorschriften. Ihr Ausfall oder ihre erhebliche Beeinträchtigung kann zu anhaltenden Versorgungsengpässen, erheblichen Störungen der öffentlichen Sicherheit oder anderen drastischen Folgen führen. Ihr Schutz und der Schutz der Öffentlichkeit erfordern geeignete Konzepte, Prozesse und Technologien.

Whitepaper

Whitepaper: KRITIS – Understanding and protecting critical infrastructure - 80065

Organizations or institutions that are essential for the public are called Critical Infrastructure (KRITIS = “Kritische Infrastrukturen”). As such, they are subject to comprehensive and strict legal regimes consisting of laws and regulations. Their failure or significant impairments result in sustained supply shortages, significant disruptions to public safety or other drastic consequences. Their protection and the safeguarding of the public require appropriate concepts, processes and technologies.

Executive View

Executive View: Micro Focus® Data Protector - 80193

Ensuring the continuity of IT services is an essential component of business continuity planning. Organizations typically use data protection solutions that take copies of the IT service data which can be used to restore the service when needed. Most organizations now have a hybrid IT environment with a cloud first approach to choosing new applications and data protection solutions need to support the multiple service delivery methods that this involves. This report covers Micro Focus Data Protector and describes how it helps organization to meet their business continuity objectives in the...

Executive View

Executive View: Service Layers Managed IAM - 80129

Service Layers delivers a comprehensive managed IAM solution, based on best-of-breed IAM products. The solution is well-architected, following modern concepts including DevOps, container-based deployments, and microservices architectures. It thus can be run and operated on various infrastructures. Service Layers provides full operations support across global regions. With this solutions, customers can balance their need for individual IAM approaches with a managed IAM service supporting hybrid requirements.

Webinar

Nov 21, 2019: Fighting Fraud With Strong Authentication

Strong authentication is one cornerstone of web security. However, account enrollment and account recovery processes are leaving gaps in the credential management lifecycle that allow bad actors to perform account takeover and get into our networks. Increasingly, these bad actors aren’t even real. Stolen identity information that is used to create new fake IDs, known as synthetic identity fraud, is a fast-growing form of fraud.

Webinar

Oct 29, 2019: Complying With PSD2: Everything You Need to Know

With the Revised Payment Service Directive (PSD2) coming into full effect this fall, banks and online retailers need to adapt to changes that carry with them many regulatory and technical challenges. Acknowledging these extensive changes, Germany’s Federal Financial Supervisory Authority (BaFin) recently granted a period of grace for online retailers to implement the element of strong customer authentication (SCA), thus following the lead of other European financial regulatory authorities.

Blog

Security Vendor Imperva Reports a Breach

Imperva, a US-based cybersecurity company known for its web application security and data protection products, has disclosed a breach of their customer data. According to the announcement, a subset of the customers for its cloud-based Web Application Firewall solution (formerly known as Incapsula) had their data exposed, including their email addresses, password hashes, API keys, and SSL certificates. Adding insult to injury, this breach seems to be that of the worst kind: it happened long ago, probably in September 2017, and was unnoticed until a third party notified Imperva a week ago....

Blog

Mastercard Breach Shows Third Party Security Is Priceless

Reports of a data breach against Mastercard began surfacing in Germany early last week with Sueddeutsche Zeitung (in German) one of the first news outlets to report on the loss. As is often the case in major corporate breaches, the company was slow to react officially. On Monday it said only that it was aware of an “issue”. The next day the company had someone to blame: a third-party provider it said had lost data which included usernames, addresses and email addresses, but no credit card details.  By Wednesday however this statement was proved incorrect when persons...

Blog

VMware to Acquire Carbon Black and Pivotal, Aims at the Modern, Secure Cloud Vision

Last week, VMware has announced its intent to acquire Carbon Black, one of the leading providers of cloud-based endpoint security solutions. This announcement follows earlier news about acquiring Pivotal, a software development company known for its Cloud Foundry cloud application platform, as well as Bitnami, a popular application delivery service. The combined value of these acquisitions would reach five billion dollars, so it looks like a major upgrade of VMware’s long-term strategy with regards to the cloud. Looking back at the company’s 20-year history, one cannot but...

Whitepaper

Whitepaper: Identitäten richtig handhaben - damit Ihre digitale Geschäftsstrategie erfolgreich wird - 80297

Registrierung und Authentifizierung sind die ersten Schritte, die erfolgen, wenn ein Nutzer Kunde digitaler Dienstleistungen werden möchte. Funktionieren diese Schritte nicht wie vom Nutzer erwartet, leidet die Akzeptanz solcher Dienste und damit ist der Erfolg digitaler Geschäftsstrategien in Gefahr. Identitäts-API-Plattformen helfen beim Aufbau von standardisierten Lösungsansätzen für die Bereitstellung von vereinheitlichten Identitätsdiensten für Unternehmen. Solche Plattformen sind unerlässlich für den Erfolg im digitalen Zeitalter.

Blog

Don’t Blame the Cloud for Capital One’s Troubles

After the recent Capital One breach, some commentators have suggested that cloud security is fundamentally flawed. Like many organizations today, Capital One uses Amazon Web Services (AWS) to store data, and it was this that was targeted and successfully stolen. In the case of Capital One it was process, not technology, that failed. The company failed on three points to secure its data properly using the extended tool sets that AWS provides. It relied only on the default encryption settings in AWS, suggesting a lack of product knowledge or complacency in security teams. The Access Control...

Blog

Ransomware Criminals Have Raised the Stakes with Sodinokibi

A new strain of Sodinokibi ransomware is being used against companies in the United States and Europe. Already notable for a steep increase in ransoms demanded ($500,000 on average), the malware can now activate itself, bypassing the need for services users to click a phishing link for example. In addition, the Financial Times reports that criminals are targeting Managed Service Providers (MSPs) to find backdoors into their client’s data, as well as attacking companies directly. “They are getting into an administration system, finding lists of client privileged credentials and...

Press Release

KuppingerCole Analysts Optimizes Research Access with KC PLUS

With KC PLUS, KuppingerCole Analysts now offers an optimized format-independent research platform. Relevant content can now be accessed even easier than before by increased visibility.

Leadership Compass

Leadership Compass: IDaaS Access Management - 79016

A fast-growing market, IDaaS AM is largely characterized by cloud-based delivery of access management capabilities for business irrespective of the application and service delivery models. Improved time-to-value proposition prioritizes adoption of IDaaS for B2B, B2E and B2C access management use-cases, helping IDaaS AM to dominate new IAM purchases globally. This Leadership Compass discusses the market direction and provides a detailed evaluation of market players to offer necessary guidance for IAM and security leaders to make informed decisions.

Blog

EU EBA Clarifies SCA and Implementation Exceptions

The EU European Banking Authority issued clarifications about what constitutes Strong Customer Authentication (SCA) back in late June. The definition states that two or more of the following categories are required: inherence, knowledge, and possession. These are often interpreted as something you are, something you know, and something you have, respectively. We have compiled and edited the following table from the official EBA opinion:  Inherence elements Compliant with SCA?  Fingerprint scanning Yes  Voice recognition Yes  Vein recognition Yes...

Webinar

Sep 03, 2019: KuppingerCole’s Evaluation of Leading Vendors in the IDaaS Access Management Market

Identity-as-a-Service Access Management (IDaaS AM) has emerged as one of the fastest-growing markets of IAM, characterized by cloud-based delivery of traditional IAM services. KuppingerCole estimates the global IDaaS market will continue to grow at a CAGR of 24% in 2019.

Whitepaper

Whitepaper: Privileged Access Governance - 80015

Privileged Access Governance or PAG is fast becoming a crucial discipline of Privileged Access Management (PAM) to help organizations gain required visibility into the state of privileged access necessary to support the decision-making process and comply with regulations. Besides providing support for managing lifecycle events of privileged accounts, PAG includes privileged access certifications and provisions for customizable reporting and dashboarding of privileged access to sensitive data, critical systems and applications across an organization’s IT presence.

Leadership Brief

Leadership Brief: Access Reviews Done Right - 80195

Access reviews are considered important risk management controls in many organizations. They are intended to ensure that each user, process and system has always  only the minimum amount of access rights, which are necessary to perform associated tasks. In light of compliance, governance and the organizations's internal commitment to protecting itself from unwanted access, concepts are in demand that take account of the transition from compliance to risk-based operating models.

Executive View

Executive View: TrustBuilder Identity Hub - 80071

TrustBuilder Identity Hub is the Identity and Acess Management (IAM) platform from TrustBuilder that enables a context-aware and policy-driven approach to deliver a secure and seamless application integration. Targetted mostly at B2B and B2E use-case requirements, TrustBuilder is building on additional features to address the consumer IAM requirements.

Executive View

Executive View: ESET Endpoint Security - 80181

ESET Endpoint Security cover the widest variety of endpoint operating systems. This endpoint protection product consistently rates very highly in terms of detection in independent malware detection tests. The product also is one of the top-performing, lowest impact endpoint security agents available in the market today.

Blog

Coming soon: The KuppingerCole Leadership Compass IDaaS AM

We are about to release the update of the first of two KuppingerCole Leadership Compass documents on IDaaS (Identity as a Service). We have segmented this market into two categories: Access Management (AM) Identity Governance and Administration (IGA) A fast-growing market, IDaaS AM is largely characterized by cloud-based delivery of access management capabilities for business irrespective of the application and service delivery models. Improved time-to-value proposition prioritizes adoption of IDaaS for B2B, B2E and B2C access management use-cases, helping IDaaS AM to dominate new...

Blog

Technology Trend: The Road to Integrated, Hybrid and Heterogeneous IAM Architectures

Requirements for - and context of - the future Identity Fabric.  We call it Digital Transformation for lack of a better term, but it consists of much more than this buzzword is able to convey. Digital technologies are influencing and changing all areas of a company, and this is fundamentally reshaping the way communication takes place, how people work together and how customers are delivered value.  IT architectures, in turn, are undergoing profound structural transformations to enable and accelerate this creeping paradigm shift. This evolution reflects the changes resulting from the...

Blog

The changing role of Azure AD in Enterprise IAM Architectures

For many companies, Microsoft Azure Active Directory (Azure AD) was the basis for a coordinated step into the cloud, by extending the reach of their existing on-premises Active Directory to the cloud. For others, Azure AD was at the beginning just something that came with Microsoft Office 365 – just another target system when it comes to IAM (Identity and Access Management). However, we are talking to more and more corporate executives who are considering whether Azure AD's role should become a more strategic element within their IAM infrastructure.  There is no simple...

Whitepaper

Whitepaper: Do Identity Right – So Your Digital Business Strategy Succeeds - 80134

Registration and authentication are the first things that happen when someone becomes a user of digital business services. If these steps don’t work as the user wants, the acceptance of such services will suffer and the success of digital business strategies is at risk. Identity API Platforms help build a standardized approach for delivering unified identity services to businesses. Such platforms are essential for succeeding in the digital age.

KCx Talks

Sep 25, 2019: Women in Identity - Diverse Perspectives in Identity & Conclusion

Enjoy an evening with interesting lectures in a relaxed atmosphere together with experts from various fields. Take part in stimulating discussions and enjoy personal fireside chats on current digitalization and identity topics in various industries. Network and discuss with an exclusive circle of participants in a hip location of the city, with selected food and drinks.

Executive View

Executive View: SAST SUITE Der Akquinet AG - 80191

Die heutigen SAP-Sicherheitsanforderungen gehen weit über die traditionellen Access Governance-Anforderungen an Benutzer, deren Zugriff und Rollen hinaus. akquinet bietet eine vollwertige Produktsuite für GRC (Governance, Risk & Compliance) und Sicherheit für SAP-Umgebungen. Die bereitgestellten Module decken ein breites Spektrum an Funktionen in dem sensiblen Bereich der SAP-Sicherheit und von GRC ab.

Executive View

Executive View: SAST SUITE by akquinet AG - 80116

Today’s SAP security requirements go far beyond traditional Access Governance needs regarding users and their access and roles. AKQUINET offers a full-featured product suite for GRC (Governance, Risk & Compliance) and security for SAP environments. The provided modules cover a wide range of aspects in this sensitive area of SAP security and GRC.

Boot Camp

Nov 12, 2019: Incident Response Boot Camp

Webinar

Nov 07, 2019: Legacy IAM System vs. Modern IAM Platforms - Should You Stay or Should You Go?

Application and infrastructure architectures are continuously changing in order to mirror the demands and challenges of organizational needs. A common problem with legacy systems is the inability to understand and adapt to the new business models in an ever-changing world.

Webinar

Sep 25, 2019: Cybersecurity Budgeting 2020: Set Your Priorities Right

For the majority of businesses, the budgeting season is about to start. Some are done, some will be later, if the fiscal year differs from the calendar year. But usually, in September and October, this process is kicked off.

KCx Talks

Nov 12, 2019: Assess, Evaluate and Secure Your Enterprise Cybersecurity

Enjoy an evening with interesting lectures in a relaxed atmosphere together with experts from various fields. Take part in stimulating discussions and enjoy personal fireside chats on current digitalization and identity topics in various industries. Network and discuss with an exclusive circle of participants in a hip location of the city, with selected food and drinks.

Quicklinks

Welcome to KuppingerCole

How can we help you

Send an inquiry

+49 211 237 077 33

Mo – Fr 8:00 – 17:00

Stay Connected

Spotlight

AI for the Future of your Business Learn more

AI for the Future of your Business

AI for the Future of your Business: Effective, Safe, Secure & Ethical Everything we admire, love, need to survive, and that brings us further in creating a better future with a human face is and will be a result of intelligence. Synthesizing and amplifying our human intelligence have therefore the potential of leading us into a new era of prosperity like we have not seen before, if we succeed keeping AI Safe, Secure and Ethical. Since the very beginning of industrialization, and even before, we have been striving at structuring our work in a way that it becomes accessible for [...]