News Archive

Press Release

Cybersecurity Is More Than Just Defensive

When planning the cybersecurity strategy for any given company, IT teams should be aware that they are essentially doing damage control. It is not enough to bolster defense mechanisms because in the long run there is a big chance that they will not last a strong attack. This means that cybersecurity departments should prepare to fail, and have a water-proof plan on what to do after they have been successfully attacked.

Whitepaper

Whitepaper: Modern B2B Identity Management - 80135

With Business-to-Business (B2B) transformation comes digital initiatives to better connect B2B customer systems and supply chain services, and in doing so, Identity and Access Management (IAM) becomes a crucial consideration. IAM shares standard features that can be used in B2E or B2C use cases as well, but IAM in the B2B context has specific requirements that need to be addressed. B2B IAM services need to support customers, suppliers, and other partner organizations by providing capabilities such as support for multiple identity types, user delegation at different levels, strong...

Architecture Blueprint

Architecture Blueprint: Identity and Access Management - 72550

IAM has been one of the central security infrastructures for many years. The changing role and importance of digital identities leads to fundamental changes in IAM architectures. The challenges for a future proof IAM are complex, diverse and sometimes even conflicting. Organization demand for a blueprint to design and implement efficient and durable IAM architectures that meet current and future requirements need to follow a sustainable yet dynamic architectural design.

Blog

OVHCloud Bets on Shift Back to Private Cloud

There is more to the cloud than AWS, Azure, IBM and Google according to OVHCloud - the new name for OVH as it celebrates its 20th anniversary. While the big four have carved up the public cloud between them, the French cloud specialist believes that business needs are changing, which gives them an opportunity in the enterprise market it is now targeting. In short, OVHCloud believes there is a small, but discernible shift back to the private cloud - for security and compliance imperatives. That does not mean that OVHCloud is abandoning the public cloud to the Americans. At October’s...

Executive View

Executive View: IBM MaaS360 with Watson - 79067

IBM MaaS360 with Watson is an AI-enabled, cloud-based Unified Endpoint Management (UEM) platform designed to enable enterprises to manage and secure smartphones, tablets, laptops, desktops, wearables, and the Internet of Things (IoT). With an open platform for integration with existing apps and infrastructure, IBM MaaS360 is backed by around-the-clock customer support and services, and takes a cognitive approach to UEM that enables enterprises to search thousands of data sources to discover security risks and opportunities, assess their impact on users and endpoints, and act upon them.

Webcast

Legacy IAM System vs. Modern IAM Platforms - Should You Stay or Should You Go?

Application and infrastructure architectures are continuously changing in order to mirror the demands and challenges of organizational needs. A common problem with legacy systems is the inability to understand and adapt to the new business models in an ever-changing world.

Leadership Compass

Leadership Compass: Infrastructure as a Service – Global Providers - 80035

The KuppingerCole Leadership Compass provides an overview of vendors and their product or service offerings in a certain market segment.  This Leadership Compass focusses on Infrastructure as a Service (IaaS) from Cloud Service providers (CSP) with a global presence and with a specific focus on security and compliance.

Blog

There Is No “One Stop Shop” for API Management and Security Yet

From what used to be a purely technical concept created to make developers’ lives easier, Application Programming Interfaces (APIs) have evolved into one of the foundations of modern digital business. Today, APIs can be found everywhere – at homes and in mobile devices, in corporate networks and in the cloud, even in industrial environments, to say nothing about the Internet of Things. When dealing with APIs, security should not be an afterthought In a world where digital information is one of the “crown jewels” of many modern businesses (and even the primary...

Blog

Cyber-Attacks: Why Preparing to Fail Is the Best You Can Do

Nowadays, it seems that no month goes by without a large cyber-attack on a company becoming public. Usually, these attacks not only affect revenue of the attacked company but reputation as well. Nevertheless, this is still a completely underestimated topic in some companies. In the United Kingdom 43% of businesses experienced a cybersecurity breach in the past twelve months, according to the 2018 UK Cyber Security Breaches Survey. On the other hand, 74% say that cybersecurity is a high priority for them. So where is the gap, and why does it exist? The gap exists between the decision to...

Whitepaper

Whitepaper: Understanding Privileged Access Management - 80302

Privileged Access Management (PAM) is one of the most important areas of risk management and data security in any organization. Privileged accounts have traditionally been given to administrators and other users within an organization to access critical data and applications. But, changing business practices and digital transformation has meant that privileges accounts have become more numerous and widespread. If these are not managed securely, businesses are exposed to the risks of abandoned accounts, unmanaged shared accounts and criminals and hackers are becoming more adept at...

Webcast

KuppingerCole Identifies Leaders in Consumer Authentication

Organizations are adopting Consumer Identity and Access Management (CIAM) solutions or enhancing their existing customer-facing IAM solutions with modular authentication services, in order to deter fraud, comply with new regional and industry-specific regulations, and improve the customer experience. Most organizations have IAM products in place already for business-to-employee use cases. However, many are finding that their current solutions are not able to meet consumer expectations or security requirements.   KuppingerCole's Lead Analyst John Tolbert...

Advisory Note

Buyer's Compass: Endpoint Detection & Response (EDR) - 80213

Data loss via Advanced Persistent Threats (APT), Insider Threat, and other vectors remains a top concern of businesses worldwide. EDR tools are becoming more widely used to help detect and remediate these kinds of threats. This KuppingerCole Buyer’s Compass will provide you with questions to ask vendors, criteria to select your vendor, and requirements for successful deployments. This document will prepare your organization to conduct RFIs and RFPs for EDR tools.

Blog

Authentication and Education High on CISO Agenda

Multifactor authentication and end-user education emerged as the most common themes at a CISO forum with analysts held under Chatham House Rules in London. Chief information security officers across a wide range of industry sectors agree on the importance of multifactor authentication (MFA) to extending desktop-level security controls to an increasingly mobile workforce, with several indicating that MFA is among their key projects for 2020 to protect against credential stuffing attacks. In highly-targeted industry sectors, CISOs said two-factor authentication (2FA) was mandated at the...

Webinar

Dec 10, 2019: Identity Fabrics for True Digital Transformation

Business models are changing, customer relationships are changing, and business partnerships are far more volatile than ever before. Workloads are shifting to the cloud and to as-a-service models. Businesses are looking to provide more and more digital services to their customers and consumers via apps and integrate with devices and things. Digital Identity is at the center of these digital transformations.

Webcast

Getting a Grip on Your AI: Know What It Does. Understand the Risks and Rewards. Be Compliant

The case for integrating AI into business processes is ever stronger. Now it’s time to assess realistically what it can do for you. Existing successes and failures of AI beta-phase testing show how to resist the survivorship bias when implementing your own AI programs. Clarify the characteristics of AI data that may be problematic, and discover where investment should be concentrated on further customizing your AI solutions. Compliance with data protection standards remains an open question as both technology and public demand evolves. Over-enthusiasm in future...

Executive View

Executive View: Atos DirX Access - 80167

Atos DirX Access is a mature solution for Access Management, covering the full range of targets from legacy web applications to modern SaaS services. It comes with comprehensive support for modern standards, including FIDO 2.0. A specific strength is the support for specific capabilities such as session state sharing across servers, Dynamic Authorization Management, or integrated User Behavior Analytics. Atos DirX Access counts amongst the most feature-rich solutions on the market.

Executive View

Executive View: Ping Identity Data Governance - 70295

In the increasingly data-driven world today, it is essential to protect against unauthorized data access to prevent exposure and breaches, meet consumer expectations, and comply with the growing number of privacy regulations. PingDataGovernance provides the capabilities to control how data is accessed from data stores as well as giving data protection at the API layer.

Executive View

Executive View: One Identity Safeguard Suite - 80074

Privileged Access Management (PAM) has evolved into a set of crucial technologies that addresses some of the most urgent areas of cybersecurity today against a backdrop of digital transformation. One Identity Safeguard Suite is a PAM solution that uses a modular approach across password management, session management and privilege account analytics.

Webcast

Complying With PSD2: Everything You Need to Know

With the Revised Payment Service Directive (PSD2) coming into full effect this fall, banks and online retailers need to adapt to changes that carry with them many regulatory and technical challenges. Acknowledging these extensive changes, Germany’s Federal Financial Supervisory Authority (BaFin) recently granted a period of grace for online retailers to implement the element of strong customer authentication (SCA), thus following the lead of other European financial regulatory authorities.

Blog

Nok Nok Labs Extends FIDO-Based Authentication

Nok Nok Labs has made FIDO certified multi-factor authentication – which seeks to eliminate dependence on password-based security - available across all digital channels by adding a software development kit (SDK) for smart watches to the latest version of its digital authentication platform, the Nok Nok S3 Authentication Suite. In truth, the SDK is only for the Apple watchOS, but it is the first - and currently only - SDK available to do all the heavy lifting for developers seeking to enable FIDO-certified authentication via smart watches that do not natively support FIDO, and is a...

Executive View

Executive View: Microsoft Azure Active Directory - 79077

From small businesses to large enterprises, organizations today require a solid foundation for their Identity and Access Management (IAM) services. These services are increasingly delivered as cloud services or IDaaS (Identity as a Service). Microsoft Azure Active Directory (Azure AD) provides Directory Services, Identity Federation, and Access Management from the cloud in a single integrated solution with extensive integration opportunities.

Blog

AI for Governance and Governance of AI

Artificial Intelligence is a hot topic and many organizations are now starting to exploit these technologies, at the same time there are many concerns around the impact this will have on society. Governance sets the framework within which organizations conduct their business in a way that manages risk and compliance as well as to ensure an ethical approach. AI has the potential to improve governance and reduce costs, but it also creates challenges that need to be governed. The concept of AI is not new, but cloud computing has provided the access to data and the computing power needed to...

Leadership Brief

Leadership Brief: Hype vs. Reality in AI & ML: Where are the Concrete Business Benefits? - 80271

The conversation on artificial intelligence and machine learning is still largely driven by hype. But concrete business benefits exist for narrow AI solutions, and it is time to separate hype from reality. This leadership brief identifies the characteristics of successful AI use cases, provides examples across multiple industries and business departments, and provides recommendations on distinguishing AI solutions that can deliver value.

Blog

Akamai to Block Magecart-Style Attacks

Credit card data thieves, commonly known as Magecart groups, typically use JavaScript code injected into compromised third-party components of e-commerce websites to harvest data from shoppers to commit fraud. A classic example was a Magecart group’s compromise of Inbenta Technologies’ natural language processing software used to answer user questions by UK-based ticketing website, Ticketmaster. The Magecart group inserted malicious JavaScript into the Inbenta JavaScript code, enabling the cyber criminals to harvest all the customer credit card data submitted to the...

Leadership Brief

Leadership Brief: Defending Against Ransomware - 80235

Ransomware is an epidemic and continues to evolve. More than half of all companies and other organizations have been attacked with one form or ransomware or another. A multi-layered defense is the best strategy. Take steps now to reduce the likelihood of falling victim to it. Make sure you have good offline backups if you get hit. Don’t give up and pay the ransom.

Leadership Brief

Leadership Brief: Penetration Testing Done Right - 70359

Penetration Testing should be a key part of any business's assurance process, providing a level on independent testing that they are not wide open to hackers or other malicious actors; however, a penetration test is not a simple “off-the-shelf” test and needs careful design and planning.

Webcast

KuppingerCole’s Evaluation of Leading Vendors in the Identity API Platforms Market

Many different factors are driving Digital Transformation in the market today. One factor is the change in how businesses interact with their customers. Another factor is more on the technical side that addresses the implementation of new Digital Services that have become more complex due to the different environments and the many integration points to consider. This is driving the rapidly growing demand for exposing and consuming APIs. APIs are enabling organizations to create new business models, connect with partners and customers while providing a seamless experience by linking...

Leadership Brief

Leadership Brief: Do I need Network Threat Detection & Response (NDTR)? - 80296

NTDR products/services are getting a lot of attention at conferences and in the cybersecurity press. But does your organization need it? We’ll look at what NTDR products do, reasons to consider NTDR, and some high-level evaluation criteria regarding NTDR products.

Blog

Microsoft Partnership Enables Security at Firmware Level

Microsoft has partnered with Windows PC makers to add another level of cyber attack protection for users of Windows 10 to defend against threats targeting firmware and the operating system. The move is in response to attackers developing threats that specifically target firmware as the IT industry has built more protections into operating systems and connected devices. A trend that appears to have been gaining popularity since Russian espionage group APT28 – also known as Fancy Bear, Pawn Storm, Sofacy Group, Sednit, and Strontium – was found to be exploiting firmware...

Blog

Can Your Antivirus Be Too Intelligent Sometimes?

Current and future applications of artificial intelligence (or should we rather stick to a more appropriate term “Machine Learning”?) in cybersecurity have been one of the hottest discussion topics in recent years. Some experts, especially those employed by anti-malware vendors, see ML-powered malware detection as the ultimate solution to replace all previous-generation security tools. Others are more cautious, seeing great potential in such products, but warning about the inherent challenges of current ML algorithms. One particularly egregious example of “AI security...

Blog

Privileged Access Management Can Take on AI-Powered Malware to Protect Identity-Based Computing

Much is written about the growth of AI in the enterprise and how, as part of digital transformation, it will enable companies to create value and innovate faster. At the same time, cybersecurity researchers are increasingly looking to AI to enhance security solutions to better protect organizations against attackers and malware. What is overlooked is the same determination by criminals to use AI to assist them in their efforts to undermine organizations through persistent malware attacks. The success of most malware directed at organizations depends on an opportunistic model; sent out by...

Webcast

Facilitating Business with State-of-the-Art Identity Proofing Solutions

For traditional or Business-to-Employee (B2E) IAM, HR departments are responsible for gathering documentation from employees to determine their suitability for employment. For Business-to-Consumer (B2C) or CIAM, identity proofing can be more difficult. Depending on the nature of the business, the attributes that need to be collected and verified can differ widely. For example, Know Your Customer (KYC) and Anti-Money Laundering (AML) regulations govern the kinds of attributes and authoritative attributes that must be collected in the finance industry.

Press Release

Technology Is Key to Customer Satisfaction

A top challenge to online business is retaining customers throughout the registration and authentication process. “While regulations such as GDPR and PSD2 increase the pressure on the industry, they also create new opportunities,” says Martin Kuppinger, Principal Analyst at KuppingerCole.

Whitepaper

Whitepaper: Privileged Access Management requirements for Small to Medium Size Businesses (SMB) - 80123

Privileged Access Management (PAM) is fast becoming one of the most important areas of Identity and Access Management (IAM). Privileged accounts are given to admins and other users within an organization to access critical data and applications. However, if these are not managed securely, SMBs can find themselves having accounts still open for people who have left or for people who no longer need access or simply giving too many people privileged accounts. Criminals and hackers are becoming more adept at stealing and using credentials for privileged accounts. To reduce this risk, and...

Blog

Leading IDaaS Supplier OneLogin Aiming for the Top

OneLogin is among the leading vendors in the overall, product, innovation and market leadership ratings in KuppingerCole’s latest Leadership Compass Report on IDaaS Access Management, but is aiming to move even further up the ranks. In a media and analyst briefing, OneLogin representatives talked through key and recent product features and capabilities in an ongoing effort improve the completeness of products. Innovation is a key capability in IT market segments, and unsurprisingly this is an important area for OneLogin. The most recent innovations include Vigilance AI, the new...

Executive View

Executive View: Optimal IdM - Optimal Cloud - 80162

For many organizations, the adoption of cloud services has become a strategic imperative which includes moving security services to the cloud as well. Optimal IdM provides a comprehensive identity management solution that provides federation, single sign-on, and strong two-factor authentication all within a private cloud.

Blog

As You Make Your KRITIS so You Must Audit It

Organizations of major importance to the German state whose failure or disruption would result in sustained supply shortages, significant public safety disruptions, or other dramatic consequences are categorized as critical infrastructure (KRITIS). Nine sectors and 29 industries currently fall under this umbrella, including healthcare, energy, transport and financial services. Hospitals as part of the health care system are also included if they meet defined criteria. For hospitals, the implementation instructions of the German Hospital Association (DKG) have proven to be important. The...

Webinar

Dec 02, 2019: On the Way to Becoming a Cognitive Enterprise

The digitalization has resulted in the "digital enterprise". It aims at leveraging previously unused data and the information hidden in it for the benefit of the enterprise. The “cognitive enterprise” comes with the promise to use this information to do something productive, profitable and highly innovative for the enterprise.  The cognitive enterprise is the application of cognitive technologies in critical areas of a company.

Blog

Stell Dir vor, es ist KRITIS und keiner geht hin

„Kritische Infrastrukturen (KRITIS) sind Organisationen oder Einrichtungen mit wichtiger Bedeutung für das staatliche Gemeinwesen, bei deren Ausfall oder Beeinträchtigung nachhaltig wirkende Versorgungsengpässe, erhebliche Störungen der öffentlichen Sicherheit oder andere dramatische Folgen eintreten würden“. Neun Sektoren und 29 Branchen gelten derzeit als kritische Infrastrukturen, darunter die Gesundheitsversorgung, Energieversorgung, der Verkehr und Finanzdienstleistungen. Krankenhäuser als Teil des Gesundheitswesens fallen bei...

Blog

AI in the Auto Industry Is About More Than Self-Driving Cars

Car buyers gathering at the Frankfurt Motor Show last month will have witnessed the usual glitz as car makers went into overdrive launching new models, including of course many new electric vehicles reflecting big change in the industry. Behind the glamour of the show, the world’s biggest car makers are heavily investing in new technologies to remain competitive, including Artificial Intelligence (AI) and Machine Learning. While perfecting algorithms for self-driving cars is a longer-term goal and grabs the headlines, much is being done with AI to improve the design, manufacture and...

Blog

Do You Need a Chief Artificial Intelligence Officer?

Well, if you ask me, the short answer is – why not? After all, companies around the world have a long history of employing people with weird titles ranging from “Chief Happiness Officer” to “Galactic Viceroy of Research Excellence”. A more reasonable response, however, would need to take one important thing into consideration – what a CAIO’s job in your organization would be? There is no doubt that “Artificial Intelligence” has already become an integral part of our daily lives, both at home and at work. In just a few years, machine...

Webcast

Onboarding Your Business Partners to Your Services: B2B IAM in Practice

Virtually any business needs to grant business partners access to certain IT services. While employee IAM is a well-established discipline, where HR frequently delivers the information about joiners, movers, and leavers, and while Consumer IAM (CIAM) commonly relies on self-registration, B2B IAM comes with different challenges.

Executive View

Executive View: Curity Identity Server - 80159

Curity AB delivers a software-based API-driven identity server for businesses that need help connecting identity infrastructure, digital services, and cloud applications. Their solution adheres to many identity standards, to promote interoperability and to make it easier for clients to deploy necessary new features while shielding users from complexity.

Blog

Cognitive! - Entering a New Era of Business Models Between Converging Technologies and Data

Digitalization or more precisely the "digital transformation" has led us to the "digital enterprise". It strives to deliver on its promise to leverage previously unused data and the information it contains for the benefit of the enterprise and its business. And although these two terms can certainly be described as buzzwords, they have found their way into our way of thinking and into all kinds of publications, so that they will probably continue to exist in the future.  Thought leaders, analysts, software and service providers and finally practically everyone in between have...

Executive View

Executive View: Devolutions PAM Solution - 80070

Devolutions provides a PAM solution targeted at SMB customers that provides a good baseline set of PAM capabilities and easy to deploy and operate. The solution comes with a password vault, account discovery capabilities, and strong remote access features. While some of the more advanced capabilities of the leading-edge PAM solutions are lacking, the product fits well to the target group of SMBs.

Executive View

Executive View: AWS Control Tower - 80219

Managing access to applications, systems and resources is a key task for any organization and the hybrid IT deployment model has made this even more complex.  One area of concern is managing administrative access – administration is an essential process, but the administrator accounts provide the keys to the kingdom. This report describes how AWS Control Tower helps to customers to meet these requirements for their AWS environments.

Press Release

Convenience and Security Should Not Be a Trade-Off

For the sake of our convenience, everything is becoming interconnected. At home, at work and on the streets. But all interconnected devices are potential targets for cyber-attacks which is why adequate security controls are of paramount importance. At next week’s co-located CyberNext Summit and Borderless Cyber (organized by IACD and OASIS Open Consortium) we will discuss a great variety of aspects of cybersecurity including IoT and industrial IoT security , Critical Infrastructures, Endpoint Anti-malware Managementy , Information Protection Lifecycle and many more.

Blog

When Cyber "Defense" is no Longer Enough

The days in which having just an Identity and Access Management (IAM) system on-premises are long gone. With organizations moving to hybrid on-premises, cloud, and even multi-cloud environments, the number of cyber-attacks is growing. The types and sophistication of these attacks are continually changing to get around any new security controls put in place. In fact, it is much easier for the cyber attacker to change tactics than it is for organizations to bring in new solutions to mitigate current attack vulnerabilities. Organizations must realize that they will never be 100% secure, and...

Webinar

Nov 04, 2019: Getting a Grip on Your AI: Know What It Does. Understand the Risks and Rewards. Be Compliant

The case for integrating AI into business processes is ever stronger. Now it’s time to assess realistically what it can do for you. Existing successes and failures of AI beta-phase testing show how to resist the survivorship bias when implementing your own AI programs. Clarify the characteristics of AI data that may be problematic, and discover where investment should be concentrated on further customizing your AI solutions.

Webcast

How Leading Brands Build Trust With CIAM

In the age of digital transformation, consumers tend to have multiple digital identities across several devices deploying a variety of services. In this environment, digital trust is what sets brands apart from their competitors. Taking and storing customer data is a duty of care, and brands cannot afford data breaches or compromises.

Webinar

Nov 06, 2019: KuppingerCole Identifies Leaders in Consumer Authentication

Password-based authentication is insecure, leads to a poor customer experience, and is costly for businesses to maintain. Knowledge-based authentication, often used for password resets, is even more insecure given that the answers to individuals’ security questions are often found online. Consumer-facing online businesses are looking for stronger authentication options to reduce the risk of fraud and provide more pleasant user experiences.

Blog

HP Labs Renewed Focus on Endpoint Security Is Worth Watching

A visit to HP Labs offices in central Bristol, about 120 miles west of London, was a chance to catch up with the hardware part of the former Hewlett Packard conglomerate, which split in two four years ago. The split also meant that there are now two HP Labs, one for the HP business and the other for Hewlett Packard Enterprise. To perhaps position itself as a serious B2B vendor we were told that HP is an “endpoint infrastructure company”, which kind of works, but its US, Chinese and Taiwanese competition could conceivably claim the same. To counter this, HP is tapping into the...

Blog

GDP R U Compliant?

Almost one and a half years after the introduction of GDPR (EU General Data Protection Regulation), some companies still struggle with implementing appropriate measures to deal with Personally Identifiable Information (PII) in a compliant fashion. Last week the Commissioner for Data Protection and Freedom of Information of the city state Berlin Maja Smoltczyk imposed a 195,000 euro fine on the German food delivery service provider Delivery Hero after it had committed a series of data protection law violations with its subsidiaries Foodora, Lieferheld and Pizza.de. It is Germany’s...

Leadership Compass

Leadership Compass: Consumer Authentication - 80061

This report provides an overview of the market for Consumer Authentication products and services and provides you with a compass to help you to find the Consumer Authentication product or service that best meets your needs. We examine the market segment, vendor product and service functionality, relative market share, and innovative approaches to providing Consumer Authentication solutions.

Blog

Redefining the Role of the CISO – Cybersecurity and Business Continuity Management Must Become One

Cyberattack resilience requires way more than just protective and defensive security tools and training. Resilience is about being able to recover rapidly and thus must include BCM (Business Continuity Management) activities. It is time to redefine the role of CISOs. I made this point in yesterday’s webinar on cybersecurity budgeting. If you missed it, you can watch the webcast here. Prevention is key in limiting cyberattacks. A Chief Information Security Officer is responsible for prevention. Best practices of employees are responsible for prevention. From the top down the...

Webcast

Cybersecurity Budgeting 2020: Set Your Priorities Right

For the majority of businesses, the budgeting season is about to start. Some are done, some will be later, if the fiscal year differs from the calendar year. But usually, in September and October, this process is kicked off. Cybersecurity is one of the areas where virtually every business will need to invest, with ever-growing cyber risks and ever-tightening regulations. On the other hand, budgets always are tight and most businesses already have a zoo of different cybersecurity tools. Thus, it might be even worth considering retiring some and focus on the ones that really help...

Press Release

CIAM Is Many Things – KuppingerCole Tells You All You Need

Consumer Identity and Access Management (CIAM) is many things. For some, it’s all about streamlining the user experience through technologies and practices. For others, IAM is all about identity lifecycle management. And for still others, it focuses on security and compliance through technologies and practices. KuppingerCole Analysts deals with all forms of CIAM at Consumer Identity World 2019 kicking off today in Seattle. Three days of interesting and insightful keynotes, panels and sessions by thought leaders and industry experts are waiting.

Blog

Regulating AI's Limitless Potential

Regulation has the uncomfortable task of limiting untapped potential. I was surprised when I recently received the advice to think of life like a box. “The walls of this box are all the rules you should follow. But inside the box, you have perfect freedom.” Stunned as I was at the irony of having complete freedom to think inside the box, those at the forefront of AI development and implementation are faced with the irony of limiting projects with undefined potential. Although Artificial General Intelligence – the ability of a machine to intuitively react to situations...

Webcast

The Compelling Case for Risk-Based Adaptive Authentication

Consumers and employees are increasingly on-the-go, and that means that more transactions and more work originates from the mobile phone. Fraud and data loss rates have also been rising. A plethora of mobile-based digital identity technologies have entered the market over the last few years to help businesses and other organization meet these challenges.

Executive View

Executive View: Tremolo Security – A Different Approach - 80160

It’s time to consider a different way to manage and use identity information. We tend to deploy identity management suites and change our processes to suit. But this can constrain us and restrict our agility in deploying identity management services.

Tremolo Security breaks the mold and asks us to focus on the task to be performed, and then to deploy an optimal solution.

Blog

Meet the Next-Generation Oracle

Oracle OpenWorld 2019 has just wrapped yesterday, and if there is a single word that can describe my impressions of it, that would be “different”. Immediately noticeable was the absence of the traditional Oracle Red spilling into the streets around the Moscone Center in San Francisco, and the reason behind it is the new corporate design system called Redwood. You can already see its colors and patterns applied to the company’s website, but more importantly, it defines new UI controls for Oracle applications and cloud services. Design, however, is by far not the...

Leadership Brief

Leadership Brief: Responding to Cyber Incidents - 80209

The overwhelming majority of organizations now depend upon online services to support their business and this exposes them to cyber security risks. While most have security protection technologies in place few have a plan for how they would respond to a cyber incident. Today, the question is not if your organization will suffer a cyber incident but when - and this makes it essential to have a plan.

Webinar

Dec 03, 2019: Extending Beyond the Limits of Multi-Factor Authentication With Continuous Adaptive Trust

The Identity and Access Management (IAM) market is undergoing rapid and at times transformative change. A steady progression from on-premises to API and cloud platforms is visible as vendors innovate, but authentication tools are under attack from determined adversaries.

Webcast

Martin Kuppinger - New Technologies, New Challenges, New Opportunities: Finding The Right Balance

How and where AI, ML, Blockchain, CIAM, Libra, and others can help solving the challenges of Digitization, a changing competitive landscape, and new regulations such as PSD2 in the Finance Industry – and where not Both traditional Finance Industry and emerging FinTech are under pressure. The competitive landscape continues to change, with new players entering the market, new business models emerging, and new regulations requiring changes in the way business is done. Everyone is fighting for the customer and wants to be the “face to the customer” – the one who...

Press Release

Finance Industry Under Pressure in Fight for the Customer

New players and technologies are stirring up the finance industry, increasing the pressure on traditional players as well as emerging Fintechs alike. “Everyone is fighting for the customer and wants to be the “face to the customer” – the one who controls the business relationship and interaction,” says Martin Kuppinger, Principal Analyst at KuppingerCole.

Blog

Blockchain: It’s not About Technology, It Is About Use Cases

Today, the German Federal Government announced its Blockchain Strategy. What might sound as a great thing, falls short, for a number of reasons. One is that it is late: after the first hype and somewhere in the phase of disillusion. This should have happened much earlier, specifically with the intent of getting or keeping a leading position. And, notably, more important would be to foster innovation by supporting start-ups with simplified regulations and administration for that type of businesses, and a far better ecosystem for venture and growth finance. A second objection: It is too...

Advisory Note

Advisory Note: Demystifying the Blockchain: What Makes a Blockchain Useful to a Firm? - 80301

Blockchain technology – as the hype advertises – can be a value-adding solution for businesses and individuals. However, it is necessary to separate blockchain’s functionality from its fame before a firm can find an appropriate use case. This report deconstructs the main features that make blockchains unique from traditional database software and identify the ways that blockchain can be used to address the preexisting issues in a database.

Webcast

The Globalization of IAM for Manufacturing Businesses

Globalization has given many companies the opportunity to run factories and other operations in various countries. In doing so, manufacturers are faced with challenging regulations they have to comply with and that may differ in the U.S., EMEA, Russia, China, and other countries. IAM is an essential element for operating business, when it comes to employees, business partners such as suppliers, and customers.

Press Release

One of Blockchain’s Core Challenges: Identifying Right Application Areas

According to the German news outlet Tagesspiegel Background Digitalisierung & KI, Germany’s Federal Government will present its blockchain strategy tomorrow. KuppingerCole Lead Analyst Matthias Reinwarth believes that blockchain solutions can deliver great potential under certain conditions, so it does not come as a surprise that the industry is occupied with the potential of blockchain.

Executive View

Executive View: Oracle Data Safe - 80076

Oracle Data Safe is a cloud-based service that improves Oracle database security by identifying risky configuration, users and sensitive data, which allows customers to closely monitor user activities and ensure data protection and compliance for their cloud databases.

Whitepaper

Whitepaper: Ein schlanker Ansatz für Identity & Access Governance - 80107

Identity & Access Governance ist ein Muss für jedes Unternehmen. Leider ist die Art und Weise, wie es heute gehandhabt wird, ineffizient und schwerfällig. Es ist an der Zeit, die Ansätze zu Identity & Access Governance zu überprüfen und schlanke Konzepte umzusetzen, die Unternehmen helfen, sich effizient an die Vorschriften zu halten und gleichzeitig Geschäftsrisiken, die sich aus überhöhten Ansprüchen ergeben, wirksam zu mindern. Kleverware IAG ist eine Lösung, die sich auf einen solchen schlanken Ansatz konzentriert.

Whitepaper

Whitepaper: A Lean Approach on Identity & Access Governance - 80048

Identity & Access Governance is a must for every business. Unfortunately, the way it is commonly done today is inefficient and cumbersome. It is latest time to review the approaches on Identity & Access Governance and implement lean concepts that help businesses to comply in an efficient manner, while also effectively mitigating business risks that derive from excessive entitlements. Kleverware IAG is a solution that focuses on such lean approach.

Advisory Note

Advisory Note: The Future of Cryptocurrencies - 80263

Cryptocurrencies remain a speculative asset, but the launch of Facebook’s Libra could upset the status quo. There are many business opportunities which would stem from widespread adoption of cryptocurrencies, but also many challenges including data protection and tracking criminal activities. The relationship between government regulators, financial institutions, and cryptocurrencies is still being determined. This analysis sheds light on the current landscape of cryptocurrencies, their inherent strengths and weaknesses, and how the impending changes may affect key industries.

Blog

PSD2 in a Europe of Small Principalities

Europe’s consumers have been promised for some years now that strong customer authentication (SCA) was on its way. And the rules as to when this should be applied in e-commerce are being tightened. The aim is to better protect the customers of e-commerce services.  This sounds like a good development for us all, since we are all regular customers of online merchants or providers of online services. And if you look at the details of SCA, this impression is further enhanced. Logins with only username and password are theoretically a thing of the past, the risk of possible fraud on...

Blog

Need for Standards for Consumable Risk Engine Inputs

As cybercrime and concerns about cybercrime grow, tools for preventing and interdicting cybercrime, specifically for reducing online fraud, are proliferating in the marketplace. Many of these new tools bring real value, in that they do in fact make it harder for criminals to operate, and such tools do reduce fraud. Several categories of tools and services compose this security ecosystem. On the supply side there are various intelligence services. The forms of intelligence provided may include information about: Users: Users and associated credentials, credential and identity proofing...

Leadership Brief

Leadership Brief: PSD2: New business opportunities and risks - 80303

The Revised Payment Service Directive (PSD2) Regulatory Technical Specifications (RTS) take effect this autumn across the EU. The directive will provide new benefits and rights for consumers, and create new business opportunities in the financial sector. However, new opportunities also imply new risks.

Webinar

Nov 19, 2019: 6 Myths of Privileged Access Management Busted

Industry thought leaders have stated that if there is only one project you can tackle to improve the security of your organization it should be Privileged Access Management (PAM). But successfully securing and managing privileged access is a tough task and is only getting harder to solve.

Blog

What Does AI in Human Resources Mean for the Small Business?

Thanks to an incessant desire to remove repetitive tasks from our to-do lists, researchers and companies are developing AI solutions to HR – namely to streamline recruiting, improve the employee experience, and to assess performance. AI driven HR management will look different in small businesses than in large companies and multinationals. There are different barriers that will have to be navigated, but also different priorities and opportunities that small businesses will have with AI. Smaller budgets create price barriers to implementing an AI system, and likely psychological...

Leadership Brief

Leadership Brief: Top Cyber Threats - 72574

The way software is used today has clearly shifted towards "as-a-service". Classic on-premises applications are migrating more and more into the (managed) cloud and users are using hybrid scenarios from local and cloud applications on their devices. This Leadership Brief discusses top cyber threats—and shows how to overcome or manage them.

Webcast

How to Stop Attacker Movement in Your Network Before They Reach your “Crown Jewels”

Nearly all high-impact cyberattacks have a phase in which the attacker must conduct lateral movement from their initial landing point to their ultimate target. To do this, the attacker needs a combination of credentials and available connections between one system and another. This is the evasive process of “living off the land” using the connectivity native to the organization. During a normal workday, credentials and connections proliferate within a network. Once inside, attackers use Mimikatz and other attack tools to automate and accelerate credential harvesting, network...

Blog

The Best Security Tool Is Your Own Common Sense

Earlier this week, Germany’s Federal Office for Information Security (popularly known as BSI) has released their Digital Barometer 2019 (in German), a public survey of private German households that measured their opinions and experience with matters of cybersecurity. Looking at the results, one cannot but admit that they do not look particularly inspiring and that they probably represent the average situation in any other developed country… According to the study, every fourth respondent has been a victim of cybercrime at least once. The most common types of those include...

Leadership Brief

Leadership Brief: How to set up your IAM organization - 72548

A technology-oriented approach to identity and access management (IAM) is becoming less important as identities become more diverse and access requirements grow. As a result, CISOs and IAM Security Officers are struggling to promote and develop the maturity of skills in the silos of technical identity management services. Adapting the structure of IAM organizations so that they are based on a service capability model helps to address key challenges in managing a broad portfolio. In this Leadership Brief, the most important topics about a complete IAM organization and some of the pitfalls...

Leadership Brief

Leadership Brief: How to get a Grip on OT Cybersecurity - 72573

With the increasing demand for more connectivity, Operational Technology (OT) organizations will need to become more interconnected with IT over time. The convergence of IT and OT is inevitable, so get started now on getting a grip on your OT Cybersecurity.

Webcast

Regaining Control With IGA Solutions

Role management remains a pivotal challenge in many companies. Regulations (such as BAIT and VAIT in Germany) require companies not only to implement an IGA solution (Identity Governance & Administration), but also a uniform authorization concept and its regular review, including the assignment of access rights to the individual authorized persons.

Whitepaper

Whitepaper: Why Modern Enterprise IAM Must Be Rearchitected: Build Your Case for Containerized IAM and IDaaS - 80044

IT paradigms are under change. Containerized solutions, building on Microservice Architectures and exposing well-defined sets of APIs, are rapidly becoming the new normal. Such architectures provide clear benefits when used for IAM, allowing customers to shift from lengthy deployments of complex IAM tools to an agile deployment and operations approach, based on continuous innovation. Avatier supports that shift with its Avatier Identity Anywhere offering as a containerized IAM solution that can run everywhere, on premises or in the Cloud as full IDaaS (Identity as a Service).

Executive View

Executive View: Akamai Zero Trust Security - 80054

Akamai’s Intelligent Edge Platform offers a broad range of access management, threat protection, and application security services that will support you in your journey to Zero Trust, making it safe, scalable and easy to manage – delivered entirely from the cloud.

Executive View

Executive View: Uniken REL-ID Security Platform - 80045

When it comes to omni-channel and multi-device marketing and commerce, authentication is an important topic. The challenge is to achieve both security and the user experience as part of an integrated customer journey. UNIKEN REL-ID is a security platform that addresses that challenge across various channels, including mobile, web, voice, and chat.

Blog

Facebook Breach Leaves Half a Billion Users Hanging on the Line

It seems that there is simply no end to a long series of Facebook’s privacy blunders. This time, a security researcher has stumbled upon an unprotected server hosting several huge databases containing phone numbers of 419 million Facebook users from different countries. Judging by the screenshot included in an article by Techcrunch, this looks like another case of a misconfigured MongoDB server exposed to the Internet without any access controls. Each record in those databases contains a Facebook user’s unique ID that can be easily linked to an existing profile along with that...

Webcast

It’s Time to Forget Your Password and Settle for Multi-Factor Authentication

The majority of security breaches and attacks can be traced back to stolen and compromised passwords. Mobile devices are often particularly vulnerable because many users tend to avoid long passwords and special characters.

Blog

How Do You Protect Your Notebook?

The other day I found a notebook on a train. It was in a compartment on the seat of a first-class car. The compartment was empty, no more passengers to see, no luggage, nothing. And no, it wasn't a laptop or tablet, it was a *notebook*. One made of paper, very pretty, with the name of a big consulting company printed on it. So, it was either a promotional gift or one that employees use. Two thirds of it had been used, which could be seen from the edge of the paper. Everyone knows these notebooks, from simple A4 college pads with cheap ballpoint pens to expensive, leather-bound prestige...

Webinar

Oct 23, 2019: KuppingerCole’s Evaluation of Leading Vendors in the Identity API Platforms Market

Many different factors are driving Digital Transformation in the market today. One factor is the change in how businesses interact with their customers. Another factor is more on the technical side that addresses the implementation of new Digital Services that have become more complex due to the different environments and the many integration points to consider.

Blog

Could Artificial Intelligence Put Lawyers Out of Business?

Artificial intelligence (AI) and machine learning tools are already disrupting other professions. Journalists are concerned automation being used to produce basic news and weather reports. Retail staff, financial workers and some healthcare staff are also in danger, according to US public policy research organization, Brookings.  However, it may come as a surprise to learn that Brookings also reports that lawyers have a 38% chance of being replaced by AI services soon. AI is already being used to conduct paralegal work: due diligence, basic research and billing services. A growing...

Executive View

Executive View: AdNovum NEVIS Security Suite - 80066

A solution for managing secure access to online services, protected assets and sensitive data. Strong authentication, a broad spectrum of access management methods, sustainable maintenance processes of identities and authorization data form the basis for secure and auditable user access to applications.

Webcast

KuppingerCole’s Evaluation of Leading Vendors in the IDaaS Access Management Market

Identity-as-a-Service Access Management (IDaaS AM) has emerged as one of the fastest-growing markets of IAM, characterized by cloud-based delivery of traditional IAM services. KuppingerCole estimates the global IDaaS market will continue to grow at a CAGR of 24% in 2019.

Executive View

Executive View: Oracle Identity Cloud Service - 80156

Most organizations now have a hybrid IT environment with a cloud first approach to choosing new applications.  While this provides many benefits it also creates challenges around security and administration.  Managing identity and access in a consistent manner across all IT services, irrespective of how they are delivered, is key to meeting these challenges.  This report covers Oracle Identity Cloud Service (IDCS) and describes how it meets the needs of organizations in some typical use-case scenarios.

Whitepaper

Whitepaper: Oracle Identity Cloud Service: Identity for Business Applications in the Hybrid IT - 80155

Today, most businesses are using hybrid IT, with a mix on-premises and cloud applications and services. And hybrid IT is here to stay, given that many of the legacy applications are hard and costly to migrate. Thus, Identity Services must work well for all these applications and the entire hybrid IT  infrastructure. While they increasingly run from the cloud, as IDaaS (Identity as a Service), connecting back to on-premise applications and delivering comprehensive IAM capabilities for hybrid IT becomes essential. Oracle Identity Cloud Service is built for these environments, with...

Blog

Google Revelations Shatter Apple’s Reputation for Data Privacy

It’s not been a good couple of weeks for Apple. The company that likes to brand itself as superior to rivals in its approach to security has been found wanting. Early in August it was forced to admit that contractors had been listening in to conversations on its Siri network. It has now temporarily stopped the practice, claiming that only “snippets” of conversations were captured to improve data. At the end of last week, a much more serious security and privacy threat was made public. Google researchers revealed that hackers have put monitoring implants into iPhones for...

Executive View

Executive View: IBM Cloud Identity - 79065

IDaaS IAM is a fast growing market, characterized by cloud-based delivery of access management capabilities for business irrespective of the application and service delivery models. The promise of improved time-to-value proposition is prioritizing adoption of IDaaS for B2B, B2E and B2C access management use-cases, helping IDaaS to dominate new IAM purchases globally. This report is an introduction for organizations to IBM’s IDaaS product, IBM Cloud Identity.

Leadership Brief

Leadership Brief: Identity Fabrics - Connecting Anyone to Every Service - 80204

Digital technologies are now influencing and changing all areas within organizations. This is fundamentally reshaping the way communication takes place, how people work together and how value is delivered to customers. Ever-changing application and infrastructure architectures reflect the requirements of the evolving challenges that face companies, government agencies and educational institutions. Therefore, IAM as a whole needs to be reconsidered. It needs to be transformed step by step into a set of services which create unified, overarching architectures, making digital services...

Leadership Compass

Leadership Compass: Identity API Platforms - 79012

Identity API Platforms expose APIs to capabilities ranging from IAM to Federation and more while supporting both the agile and DevOps paradigms that address the more complex IT environments seen today. This Leadership Compass will give you an overview and insights into the Identity API Platform market; providing you a compass to help you find the product that you need.

Whitepaper

Whitepaper: KRITIS - Kritische Infrastrukturen verstehen und schützen - 80194

Organisationen oder Institutionen, die für die Öffentlichkeit wichtig sind, werden als Kritische Infrastrukturen (KRITIS = "Kritische Infrastrukturen") bezeichnet. Als solche unterliegen sie umfassenden und strengen Richtlinien, bestehend aus Gesetzen und Vorschriften. Ihr Ausfall oder ihre erhebliche Beeinträchtigung kann zu anhaltenden Versorgungsengpässen, erheblichen Störungen der öffentlichen Sicherheit oder anderen drastischen Folgen führen. Ihr Schutz und der Schutz der Öffentlichkeit erfordern geeignete Konzepte, Prozesse und Technologien.

Whitepaper

Whitepaper: KRITIS – Understanding and protecting critical infrastructure - 80065

Organizations or institutions that are essential for the public are called Critical Infrastructure (KRITIS = “Kritische Infrastrukturen”). As such, they are subject to comprehensive and strict legal regimes consisting of laws and regulations. Their failure or significant impairments result in sustained supply shortages, significant disruptions to public safety or other drastic consequences. Their protection and the safeguarding of the public require appropriate concepts, processes and technologies.

Executive View

Executive View: Micro Focus® Data Protector - 80193

Ensuring the continuity of IT services is an essential component of business continuity planning. Organizations typically use data protection solutions that take copies of the IT service data which can be used to restore the service when needed. Most organizations now have a hybrid IT environment with a cloud first approach to choosing new applications and data protection solutions need to support the multiple service delivery methods that this involves. This report covers Micro Focus Data Protector and describes how it helps organization to meet their business continuity objectives in the...

Executive View

Executive View: Service Layers Managed IAM - 80129

Service Layers delivers a comprehensive managed IAM solution, based on best-of-breed IAM products. The solution is well-architected, following modern concepts including DevOps, container-based deployments, and microservices architectures. It thus can be run and operated on various infrastructures. Service Layers provides full operations support across global regions. With this solutions, customers can balance their need for individual IAM approaches with a managed IAM service supporting hybrid requirements.

Webinar

Nov 21, 2019: Fighting Fraud With Strong Authentication

Strong authentication is one cornerstone of web security. However, account enrollment and account recovery processes are leaving gaps in the credential management lifecycle that allow bad actors to perform account takeover and get into our networks. Increasingly, these bad actors aren’t even real. Stolen identity information that is used to create new fake IDs, known as synthetic identity fraud, is a fast-growing form of fraud.

Webinar

Oct 29, 2019: Complying With PSD2: Everything You Need to Know

With the Revised Payment Service Directive (PSD2) coming into full effect this fall, banks and online retailers need to adapt to changes that carry with them many regulatory and technical challenges. Acknowledging these extensive changes, Germany’s Federal Financial Supervisory Authority (BaFin) recently granted a period of grace for online retailers to implement the element of strong customer authentication (SCA), thus following the lead of other European financial regulatory authorities.

Blog

Security Vendor Imperva Reports a Breach

Imperva, a US-based cybersecurity company known for its web application security and data protection products, has disclosed a breach of their customer data. According to the announcement, a subset of the customers for its cloud-based Web Application Firewall solution (formerly known as Incapsula) had their data exposed, including their email addresses, password hashes, API keys, and SSL certificates. Adding insult to injury, this breach seems to be that of the worst kind: it happened long ago, probably in September 2017, and was unnoticed until a third party notified Imperva a week ago....

Blog

Mastercard Breach Shows Third Party Security Is Priceless

Reports of a data breach against Mastercard began surfacing in Germany early last week with Sueddeutsche Zeitung (in German) one of the first news outlets to report on the loss. As is often the case in major corporate breaches, the company was slow to react officially. On Monday it said only that it was aware of an “issue”. The next day the company had someone to blame: a third-party provider it said had lost data which included usernames, addresses and email addresses, but no credit card details.  By Wednesday however this statement was proved incorrect when persons...

Blog

VMware to Acquire Carbon Black and Pivotal, Aims at the Modern, Secure Cloud Vision

Last week, VMware has announced its intent to acquire Carbon Black, one of the leading providers of cloud-based endpoint security solutions. This announcement follows earlier news about acquiring Pivotal, a software development company known for its Cloud Foundry cloud application platform, as well as Bitnami, a popular application delivery service. The combined value of these acquisitions would reach five billion dollars, so it looks like a major upgrade of VMware’s long-term strategy with regards to the cloud. Looking back at the company’s 20-year history, one cannot but...

Whitepaper

Whitepaper: Identitäten richtig handhaben - damit Ihre digitale Geschäftsstrategie erfolgreich wird - 80297

Registrierung und Authentifizierung sind die ersten Schritte, die erfolgen, wenn ein Nutzer Kunde digitaler Dienstleistungen werden möchte. Funktionieren diese Schritte nicht wie vom Nutzer erwartet, leidet die Akzeptanz solcher Dienste und damit ist der Erfolg digitaler Geschäftsstrategien in Gefahr. Identitäts-API-Plattformen helfen beim Aufbau von standardisierten Lösungsansätzen für die Bereitstellung von vereinheitlichten Identitätsdiensten für Unternehmen. Solche Plattformen sind unerlässlich für den Erfolg im digitalen Zeitalter.

Blog

Don’t Blame the Cloud for Capital One’s Troubles

After the recent Capital One breach, some commentators have suggested that cloud security is fundamentally flawed. Like many organizations today, Capital One uses Amazon Web Services (AWS) to store data, and it was this that was targeted and successfully stolen. In the case of Capital One it was process, not technology, that failed. The company failed on three points to secure its data properly using the extended tool sets that AWS provides. It relied only on the default encryption settings in AWS, suggesting a lack of product knowledge or complacency in security teams. The Access Control...

Blog

Ransomware Criminals Have Raised the Stakes with Sodinokibi

A new strain of Sodinokibi ransomware is being used against companies in the United States and Europe. Already notable for a steep increase in ransoms demanded ($500,000 on average), the malware can now activate itself, bypassing the need for services users to click a phishing link for example. In addition, the Financial Times reports that criminals are targeting Managed Service Providers (MSPs) to find backdoors into their client’s data, as well as attacking companies directly. “They are getting into an administration system, finding lists of client privileged credentials and...

Press Release

KuppingerCole Analysts Optimizes Research Access with KC PLUS

With KC PLUS, KuppingerCole Analysts now offers an optimized format-independent research platform. Relevant content can now be accessed even easier than before by increased visibility.

Leadership Compass

Leadership Compass: IDaaS Access Management - 79016

A fast-growing market, IDaaS AM is largely characterized by cloud-based delivery of access management capabilities for business irrespective of the application and service delivery models. Improved time-to-value proposition prioritizes adoption of IDaaS for B2B, B2E and B2C access management use-cases, helping IDaaS AM to dominate new IAM purchases globally. This Leadership Compass discusses the market direction and provides a detailed evaluation of market players to offer necessary guidance for IAM and security leaders to make informed decisions.

Blog

EU EBA Clarifies SCA and Implementation Exceptions

The EU European Banking Authority issued clarifications about what constitutes Strong Customer Authentication (SCA) back in late June. The definition states that two or more of the following categories are required: inherence, knowledge, and possession. These are often interpreted as something you are, something you know, and something you have, respectively. We have compiled and edited the following table from the official EBA opinion:  Inherence elements Compliant with SCA?  Fingerprint scanning Yes  Voice recognition Yes  Vein recognition Yes...

Webinar

Sep 03, 2019: KuppingerCole’s Evaluation of Leading Vendors in the IDaaS Access Management Market

Identity-as-a-Service Access Management (IDaaS AM) has emerged as one of the fastest-growing markets of IAM, characterized by cloud-based delivery of traditional IAM services. KuppingerCole estimates the global IDaaS market will continue to grow at a CAGR of 24% in 2019.

Whitepaper

Whitepaper: Privileged Access Governance - 80015

Privileged Access Governance or PAG is fast becoming a crucial discipline of Privileged Access Management (PAM) to help organizations gain required visibility into the state of privileged access necessary to support the decision-making process and comply with regulations. Besides providing support for managing lifecycle events of privileged accounts, PAG includes privileged access certifications and provisions for customizable reporting and dashboarding of privileged access to sensitive data, critical systems and applications across an organization’s IT presence.

Leadership Brief

Leadership Brief: Access Reviews Done Right - 80195

Access reviews are considered important risk management controls in many organizations. They are intended to ensure that each user, process and system has always  only the minimum amount of access rights, which are necessary to perform associated tasks. In light of compliance, governance and the organizations's internal commitment to protecting itself from unwanted access, concepts are in demand that take account of the transition from compliance to risk-based operating models.

Executive View

Executive View: TrustBuilder Identity Hub - 80071

TrustBuilder Identity Hub is the Identity and Acess Management (IAM) platform from TrustBuilder that enables a context-aware and policy-driven approach to deliver a secure and seamless application integration. Targetted mostly at B2B and B2E use-case requirements, TrustBuilder is building on additional features to address the consumer IAM requirements.

Executive View

Executive View: ESET Endpoint Security - 80181

ESET Endpoint Security cover the widest variety of endpoint operating systems. This endpoint protection product consistently rates very highly in terms of detection in independent malware detection tests. The product also is one of the top-performing, lowest impact endpoint security agents available in the market today.

Blog

The changing role of Azure AD in Enterprise IAM Architectures

For many companies, Microsoft Azure Active Directory (Azure AD) was the basis for a coordinated step into the cloud, by extending the reach of their existing on-premises Active Directory to the cloud. For others, Azure AD was at the beginning just something that came with Microsoft Office 365 – just another target system when it comes to IAM (Identity and Access Management). However, we are talking to more and more corporate executives who are considering whether Azure AD's role should become a more strategic element within their IAM infrastructure.  There is no simple...

Blog

Technology Trend: The Road to Integrated, Hybrid and Heterogeneous IAM Architectures

Requirements for - and context of - the future Identity Fabric.  We call it Digital Transformation for lack of a better term, but it consists of much more than this buzzword is able to convey. Digital technologies are influencing and changing all areas of a company, and this is fundamentally reshaping the way communication takes place, how people work together and how customers are delivered value.  IT architectures, in turn, are undergoing profound structural transformations to enable and accelerate this creeping paradigm shift. This evolution reflects the changes resulting from the...

Blog

Coming soon: The KuppingerCole Leadership Compass IDaaS AM

We are about to release the update of the first of two KuppingerCole Leadership Compass documents on IDaaS (Identity as a Service). We have segmented this market into two categories: Access Management (AM) Identity Governance and Administration (IGA) A fast-growing market, IDaaS AM is largely characterized by cloud-based delivery of access management capabilities for business irrespective of the application and service delivery models. Improved time-to-value proposition prioritizes adoption of IDaaS for B2B, B2E and B2C access management use-cases, helping IDaaS AM to dominate new...

Whitepaper

Whitepaper: Do Identity Right – So Your Digital Business Strategy Succeeds - 80134

Registration and authentication are the first things that happen when someone becomes a user of digital business services. If these steps don’t work as the user wants, the acceptance of such services will suffer and the success of digital business strategies is at risk. Identity API Platforms help build a standardized approach for delivering unified identity services to businesses. Such platforms are essential for succeeding in the digital age.

KCx Talks

Sep 25, 2019: Women in Identity - Diverse Perspectives in Identity & Conclusion

Enjoy an evening with interesting lectures in a relaxed atmosphere together with experts from various fields. Take part in stimulating discussions and enjoy personal fireside chats on current digitalization and identity topics in various industries. Network and discuss with an exclusive circle of participants in a hip location of the city, with selected food and drinks.

Executive View

Executive View: SAST SUITE Der Akquinet AG - 80191

Die heutigen SAP-Sicherheitsanforderungen gehen weit über die traditionellen Access Governance-Anforderungen an Benutzer, deren Zugriff und Rollen hinaus. akquinet bietet eine vollwertige Produktsuite für GRC (Governance, Risk & Compliance) und Sicherheit für SAP-Umgebungen. Die bereitgestellten Module decken ein breites Spektrum an Funktionen in dem sensiblen Bereich der SAP-Sicherheit und von GRC ab.

Executive View

Executive View: SAST SUITE by akquinet AG - 80116

Today’s SAP security requirements go far beyond traditional Access Governance needs regarding users and their access and roles. AKQUINET offers a full-featured product suite for GRC (Governance, Risk & Compliance) and security for SAP environments. The provided modules cover a wide range of aspects in this sensitive area of SAP security and GRC.

Boot Camp

Nov 12, 2019: Incident Response Boot Camp

Webinar

Nov 07, 2019: Legacy IAM System vs. Modern IAM Platforms - Should You Stay or Should You Go?

Application and infrastructure architectures are continuously changing in order to mirror the demands and challenges of organizational needs. A common problem with legacy systems is the inability to understand and adapt to the new business models in an ever-changing world.

Webinar

Sep 25, 2019: Cybersecurity Budgeting 2020: Set Your Priorities Right

For the majority of businesses, the budgeting season is about to start. Some are done, some will be later, if the fiscal year differs from the calendar year. But usually, in September and October, this process is kicked off.

KCx Talks

Nov 12, 2019: Assess, Evaluate and Secure Your Enterprise Cybersecurity

Enjoy an evening with interesting lectures in a relaxed atmosphere together with experts from various fields. Take part in stimulating discussions and enjoy personal fireside chats on current digitalization and identity topics in various industries. Network and discuss with an exclusive circle of participants in a hip location of the city, with selected food and drinks.

KCx Talks

Sep 18, 2019: AI in Finance - Boosting Efficiency Through Innovation

Enjoy an evening with interesting lectures in a relaxed atmosphere together with experts from various fields. Take part in stimulating discussions and enjoy personal fireside chats on current digitalization and identity topics in various industries. Network and discuss with an exclusive circle of participants in a hip location of the city, with selected food and drinks.

Whitepaper

Whitepaper: IAM for Healthcare: It’s time to act - 80029

Healthcare organizations deal with highly sensitive information. They face challenges in complying with ever-tightening regulations, combating ever-increasing cyber risks, and adapting to Digital Transformation. Comprehensive healthcare IAM, beyond pure SSO, helps Healthcare organizations to better cope with these challenges.

Blog

Account Takeovers on the Rise

Account Takeover (ATO) attacks are on the rise. The 2019 Forter Fraud Attack Index shows a 45% increase in this type of attack on consumer identities in 2018. ATOs are just what they sound like: cybercriminals gain access to accounts through various illegal means and use these take over accounts to perpetrate fraud. How do they get access to accounts? There are many technical methods that bad actors can use, such as consumers responding to phishing emails; grafting through fake websites; collection of credentials from keyloggers, rootkits, or botnets; harvesting cookie...

Executive View

Executive View: Xton Technologies Access Manager - 80128

Xton Technologies provides an integrated PAM (Privileged Access Management) solution covering the key capabilities in this area such as managing credentials of sensitive and shared account, session management and remote control access. Xton focuses on efficient implementation of these capabilities and is an interesting alternative to established players in the PAM market.

Executive View

Executive View: Symphonic – Intelligent Authorization - 80154

There are several trends that continue to make the use of identity information for access control more complex. The prevalence of smartphones as the end-user client of choice, the increasing use of API channels needing access to corporate data and the increasingly complex hybrid cloud environment all serve to increase the complexity of managing authorized access to protected resources.

Symphonic Software makes the task of orchestrating information points and resolving the complexities of modern authorization a little less daunting.

Leadership Brief

Leadership Brief: The Differences Between Endpoint Protection (EPP) and Endpoint Detection & Response (EDR) - 80186

Endpoint Detection & Response products are capturing a lot of mindshare in cybersecurity. But how do they differ from the more standard Endpoint Protection products? We’ll look at key features of each type of solution below.

Advisory Note

Advisory Note: Protect Your Cloud Against Hacks and Industrial Espionage - 72570

Hacks against on-premises and cloud infrastructure happen every day. Corporate espionage is not just the stuff of spy novels. Unethical corporate competitors and even government intelligence agencies use hacking techniques to steal data. Reduce the risk of falling victim to hackers and industrial espionage by implementing the proper security tools in your cloud-based environments.

Executive View

Executive View: Radiflow SCADA Security Suite - 80053

Radiflow SCADA Security Suite is a comprehensive set of hardware products, software solutions, and managed services offering risk-based insights into ICS/SCADA networks, intelligent detection of IT and OT-related cyberthreats, as well as proactive protection against any deviations from established security policies.

KCx Talks

Oct 22, 2019: Customer Identities as One of the Most Valuable Assets of a Company

Enjoy an evening with interesting lectures in a relaxed atmosphere together with experts from various fields. Take part in stimulating discussions and enjoy personal fireside chats on current digitalization and identity topics in various industries. Network and discuss with an exclusive circle of participants in a hip location of the city, with selected food and drinks.

Leadership Brief

Leadership Brief: Do I Need Endpoint Detection & Response (EDR)? - 80187

EDR products are getting a lot of attention at conferences and in the cybersecurity press. But does your organization need it? If so, do you have the expertise in-house to properly deploy, operate, and get value out of it? We’ll look at reasons to consider EDR or EDR as a managed service below.

Blog

How to Train Your AI to Mis-Identify Dragons

This week Skylight Cyber disclosed that they were able to fool a popular “AI”-based Endpoint Protection (EPP) solution into incorrectly marking malware as safe. While trying to reverse-engineer the details of the solution's Machine Learning (ML) engine, the researchers found that it contained a secondary ML model added specifically to whitelist certain types of software like popular games. Supposedly, it was added to reduce the number of false positives their "main engine" was producing. By dumping all strings contained in such a whitelisted application and simply appending them...

Webinar

Oct 01, 2019: How Leading Brands Build Trust With CIAM

In the age of digital transformation, consumers tend to have multiple digital identities across several devices deploying a variety of services. In this environment, digital trust is what sets brands apart from their competitors. Taking and storing customer data is a duty of care, and brands cannot afford data breaches or compromises.

Webcast

Privileged Access Management Needs a New Approach

As organizations accelerate their digitalization efforts to stay relevant and competitive in the marketplace, they must evaluate and embrace technologies that can not only support the enablement of their digitalization efforts but can also support the speed, scale and security required for such digitalization efforts.

Webcast

Digital Finance World 2019

Blog

Passwordless for the Masses

What an interesting coincidence: I’m writing this just after finishing a webinar where we talked about the latest trends in strong authentication and the ways to eliminate passwords within an enterprise. Well, this could not have been a better time for the latest announcement from Microsoft, introducing Azure Active Directory support for passwordless sign-in using FIDO2 authentication devices. Although most people agree that passwords are no longer an even remotely adequate authentication method for the modern digital and connected world, somehow the adoption of more secure...

Blog

Device Authentication and Identity of Things (IDoT) for the Internet of Things (IoT)

Security has seldom been the focus of device manufacturers who have historically taken their own approach for securing the devices in the IoT. Most devices in enterprise, consumer or industrial IoT continue to be developed and designed to perform specific functions and security is often a neglected theme in the majority of product development lifecycles. The proprietary protocols these devices operate on are primarily characterized by the purpose they are built to serve and offer very limited or no interoperability. With the increasing convergence of IT and OT towards IoT, lack of a common...

Blog

Assuming High Criticality: Resilience, Continuity and Security for Organizations and Infrastructures

Acronyms are an ever-growing species. Technologies, standards and concepts come with their share of new acronyms to know and to consider. In recent years we had to learn and understand what GDPR or PSD2 stand for. And we have learned that IT security, compliance and data protection are key requirements for virtually any enterprise. The following acronyms and more importantly the concepts behind them can teach us about what forward-looking organizations and their leaders should be thinking of.  MTPD stands for "Maximum Tolerable Period of Disruption". Its value determines the longest...

Blog

Benefits of IAM in Healthcare: Compliance, Security, Profits and More

Healthcare organizations must use IAM as an integral part of their IT infrastructure in order to cope with challenges in various fields, such as compliance, regulations, cybersecurity, and Digital Transformation. In this respect, IAM not only serves as a security technology but also as a mechanism that helps responding to new business challenges and drivers. While every industry currently has to deal with the disruptive nature of the Digital Transformation and ever-increasing cyberattacks, some of the developments are endemic to healthcare organizations. For instance, complying with new...

Webcast

The Passwordless Enterprise: Building A Long-Term Zero Trust Strategy

“The password is dead.” We have heard this statement for at least a decade, yet even in 2019, data breaches based on stolen user credentials continue to dominate the headlines. Why do passwords so stubbornly refuse to die?

Executive View

Executive View: Kaspersky Endpoint Security for Business - 80180

Kaspersky offers a full-featured Endpoint Security suite which includes one of the most advanced multi-mode anti-malware detection engines in the market, which is powered by their Global Research and Analysis Team (GreAT). Kaspersky’s endpoint security product covers a wide variety of endpoint operating systems, and usually rate very highly in independent malware detection tests.

Webinar

Sep 17, 2019: The Globalization of IAM for Manufacturing Businesses

Globalization has given many companies the opportunity to run factories and other operations in various countries. In doing so, manufacturers are faced with challenging regulations they have to comply with and that may differ in the U.S., EMEA, Russia, China, and other countries. IAM is an essential element for operating business, when it comes to employees, business partners such as suppliers, and customers.

Webcast

Security in the Age of the Hybrid Multi Cloud Environment

The way is clear for the hybrid multi-cloud environment! With an increase in cloud services, the mitigation of cyber risks within such environments becomes paramount. The value of traditional security tools for cloud applications is very limited and the misconfiguration of cloud platforms is a key threat to their security.

Webcast

Challenges for Managed Service Providers Offering Privileged Account Management as a Service

Insufficiently protected privileged accounts pose high risks to any given company today. Therefore, Privileged Account Management (PAM) is of paramount importance to a functional insider threat program, which is at the core of any modern cybersecurity strategy. While utilizing a variety of IaaS, PaaS and SaaS offerings, organizations often face difficulties in controlling the management of their privileged accounts due to a lack of time, budget and other resources.

Whitepaper

Whitepaper: ForgeRock Identity Platform for PSD2 & API Security - 80049

The Revised Payment Service Directive (PSD2) promises to make the European Union (EU) cross-border transactions further transparent, faster and more secure while increasing competition and choice for consumers. To do so, Banks and other financial service providers must quickly make the necessary technical infrastructure changes to prepare for PSD2. The ForgeRock Identity Platform provides the security features and supports the open standards needed to deliver the secure APIs required for PSD2.

Webcast

Under Pressure From the Auditor: Rapid Response by Rapid Access Reviews

Most organizations are aching under the pressure the feel from auditors in delivering information. A large portion of that is based on access reviews, i.e. demonstrating that the least privilege principle and related regulatory requirements are met.

Leadership Compass

Leadership Compass: Database and Big Data Security - 79015

This Leadership Compass provides an overview of the market for database and big data security solutions along with guidance and recommendations for finding the sensitive data protection and governance products that best meet your requirements. We examine the broad range of technologies involved, vendor product and service functionality, relative market shares, and innovative approaches to implementing consistent and comprehensive data protection across your enterprise.

Webinar

Sep 05, 2019: It’s Time to Forget Your Password and Settle for Multi-Factor Authentication

The majority of security breaches and attacks can be traced back to stolen and compromised passwords. Mobile devices are often particularly vulnerable because many users tend to avoid long passwords and special characters.

Webcast

Mit Access-Governance-Projekten neue Vorschriften erfüllen, ohne das Rad neu zu erfinden

IGA-Projekte (Identity Governance & Administration) bergen aufgrund ihrer Komplexität diverse Risiken. Diese ergeben sich meistens in der Vernetzung einer komplexen, heterogenen IT-Infrastruktur sowie durch den bereichsübergreifenden Charakter von IGA-Projekten. Wenn man nicht bei jedem Projekt immer wieder von Null anfangen möchte, und auf Erfahrungswerte zurückgreift, können viele Risiken sehr leicht vermieden werden.

Webinar

Sep 12, 2019: How to Stop Attacker Movement in Your Network Before They Reach your “Crown Jewels”

Nearly all high-impact cyberattacks have a phase in which the attacker must conduct lateral movement from their initial landing point to their ultimate target. To do this, the attacker needs a combination of credentials and available connections between one system and another. This is the evasive process of “living off the land” using the connectivity native to the organization.

Webinar

Sep 10, 2019: Regaining Control With IGA Solutions

Role management remains a pivotal challenge in many companies. Regulations (such as BAIT and VAIT in Germany) require companies not only to implement an IGA solution (Identity Governance & Administration), but also a uniform authorization concept and its regular review, including the assignment of access rights to the individual authorized persons.

Blog

Will the Stars Align for Libra?

This week, Facebook announced details about its cryptocurrency project, Libra. They expect it to go live for Facebook and other social media platform users sometime in 2020. The list of initial backers, the Founding Members of the Libra Association, is quite long and filled with industry heavyweights such as Coinbase, eBay, Mastercard, PayPal, and Visa. Other tech companies including Lyft, Spotify, and Uber are Founding Members, as well as Andreesen Horowitz and Thrive Capital.  Designed to be a peer-to-peer payment system, Libra will be backed by a sizable reserve and pegged to...

Webcast

The Dark Side of the API Economy

In a single decade, Application Programming Interfaces (APIs) have evolved from a purely technical concept into one of the foundations of modern digital business, delivering operational efficiency, scalability and profitability to companies from various industries. Nowadays, everything is API-enabled: corporate data is the product and APIs are the logistics of delivering it to customers and partners.

Webinar

Oct 10, 2019: Onboarding Your Business Partners to Your Services: B2B IAM in Practice

Virtually any business needs to grant business partners access to certain IT services. While employee IAM is a well-established discipline, where HR frequently delivers the information about joiners, movers, and leavers, and while Consumer IAM (CIAM) commonly relies on self-registration, B2B IAM comes with different challenges.

Webinar

Oct 17, 2019: Facilitating Business with State-of-the-Art Identity Proofing Solutions

For traditional or Business-to-Employee (B2E) IAM, HR departments are responsible for gathering documentation from employees to determine their suitability for employment. For Business-to-Consumer (B2C) or CIAM, identity proofing can be more difficult. Depending on the nature of the business, the attributes that need to be collected and verified can differ widely. For example, Know Your Customer (KYC) and Anti-Money Laundering (AML) regulations govern the kinds of attributes and authoritative attributes that must be collected in the finance industry.

Webinar

Sep 24, 2019: The Compelling Case for Risk-Based Adaptive Authentication

Consumers and employees are increasingly on-the-go, and that means that more transactions and more work originates from the mobile phone. Fraud and data loss rates have also been rising. A plethora of mobile-based digital identity technologies have entered the market over the last few years to help businesses and other organization meet these challenges.

Webcast

Getting Rid of the Password – How to Increase Safety Affordably

Despite compromised passwords being the leading cause of data breaches, most online businesses still rely on solely using passwords for logins. While getting rid of password authentication is desirable from a security standpoint, organizations fear that it is a costly endeavor that can also affect user experience.

Webcast

Image Video EIC 2019

Blog

API Security in Microservices Architectures

Microservice-based architectures allow businesses to develop and deploy their applications in a much more flexible, scalable and convenient way – across multiple programming languages, frameworks and IT environments. Like with any other new technology that DevOps and security teams started to explore in the recent years, there is still quite a lot of confusion about the capabilities of new platforms, misconceptions about new attack vectors and renewed discussions about balancing security with the pace of innovation. And perhaps the biggest myth of microservices is that their security...

Blog

M&A Activity in Cybersecurity and IAM

It seems almost every week in cybersecurity and IAM we read of a large company buying a smaller one. Many times, it is a big stack vendor adding something that may be missing to their catalog, or buying a regional competitor. Sometimes it’s a medium-sized technology vendor picking up a promising start-up. In the olden days (15+ years ago), start-ups hoped for going IPO. IPOs are far less common today. Why? Mostly because it’s an expensive, time-consuming process that doesn’t achieve the returns it once did. Many times, going IPO was an interim step to getting acquired by a...

Blog

Cybersecurity Pen-Tests: Time to Get Smart About Testing?

One of my favorite stories is of a pen-test team who were brought in and situated next door to the SOC (Security Operations Centre); and after a week on-site they were invited for a tour of the SOC where they queried a series of alarms [that they had obviously caused] only to be told “oh that’s normal, we’ve been getting these continuously all week”. People perform penetration tests (pen-tests) for a multitude of reasons; “I inherited a budget with an annual pen-test” or “it’s required by the audit committee” are the most common....

Webcast

Fine-Tuning ICS Threat Models to Prioritize Mitigations of the Most Vulnerable Devices

When discussing the matters of industrial cybersecurity with IT experts, lamenting the historical divide between OT and IT seems to be a popular topic: you would often hear that the OT engineers are stubbornly ignoring the latest cyberthreats and do not see security as a priority in general.

Whitepaper

Whitepaper: Radiant Logic and the Identity Integration Imperative - 80075

Digital transformation and the need for business agility are creating an explosion in the volume, variety and velocity of identity data that enterprises have to manage efficiently. And now regulators have sharply increased the liability of enterprises for assuring that identity data is safeguarded, only accessed appropriately, and accurate. An integrated identity capability can be the key to meeting both challenges.

Webcast

Leverage Enterprise Architecture to Achieve GDPR Compliance

Several measures have been undertaken by Organizations at various levels to comply with GDPR, most of which remain reactive, fragmented and largely ad-hoc. These controls are also not continuous in nature and therefore fail to satisfy ongoing compliance requirements. Organizational leaders (CISOs, CIOs, CDPOs or CROs) felt the need for better data controls that should be baked into organizational processes to ensure compliance by design.

Webcast

The Compelling Need for Privileged IT Process Automation

IT processes can often be repetitive and many of these tasks can take companies a lot of time and costs, putting pressure on highly skilled IT staff. By automating IT processes, companies can not only become more productive and efficient but also relieve the load on their IT department.

Webinar

Jul 11, 2019: The Passwordless Enterprise: Building A Long-Term Zero Trust Strategy

“The password is dead.” We have heard this statement for at least a decade, yet even in 2019, data breaches based on stolen user credentials continue to dominate the headlines. Why do passwords so stubbornly refuse to die?

Webcast

All the Roads Lead to the C, Paved with B2B

More and more organizations use CIAM for B2B use cases as such combination can help companies position themselves on the market. While no one argues that user experience journey for the B2B Customer is just as important as any other customer, they most certainly need a relatively different set of features.

Webinar

Jun 24, 2019: The Dark Side of the API Economy

In a single decade, Application Programming Interfaces (APIs) have evolved from a purely technical concept into one of the foundations of modern digital business, delivering operational efficiency, scalability and profitability to companies from various industries. Nowadays, everything is API-enabled: corporate data is the product and APIs are the logistics of delivering it to customers and partners.

Webcast

Nat Sakimura - OpenID in the Digital ID Landscape: a Perspective from the Past to the Future

Digital identity has been under a constant evolution for the last 30 years. It started from a simple access control via user account within a system to a shared credential among the systems, then to the federated identity and bring-your-own-identity (BYOI). Modern usages are not only for access control but include such purposes like digital on-boarding (account opening), employee and customer relationship management. Among the many technologies out there, OpenID seems to have gained popularity in the market that you are probably using it without knowing it. This session explains the...

Executive View

Executive View: Osirium Opus Privileged IT Process Automation - 79068

Osirium Opus is a specialized solution that focus on IT Process Automation for privileged tasks. It works standalone or in combination with other ITSM solutions such as Service Now. Opus allows for defining and managing granular tasks, that can be executed securely on the target systems. By doing so, the efficiency of service desks can increase significantly, while security risks are mitigated.

Webcast

Is Multilayered Cyber-Defense Out Already? Against Rising Breaches and Vulnerabilities, Data-Centric Security to the Rescue!

As the growing number of high-profile data breaches indicates, even the largest companies are still struggling with implementing consistent enterprise-wide information security measures. Setting up various security tools for numerous different applications, services, and heterogeneous systems and then making them work together efficiently is a massive challenge.

Blog

Oops, Google Did It Again!

Like many people with a long career in IT, I have numerous small computer-related side duties I’m supposed to perform for my less skilled friends and relatives. Among those, I’m helping manage a G Suite account for a small business a friend of mine has. Needless to say, I was a bit surprised to receive an urgent e-mail alert from Google yesterday, telling me that several users in that G Suite domain were impacted by a password storage problem. Turns out, Google has just discovered that they’ve accidentally stored some of those passwords unencrypted, in plain text....

Webcast

The No. 1 Rule of Secure Cloud Migration: Know Your Unstructured and Dark Data and Where It Is Located

With a huge amount of data around, cloud migration is the ideal solution today. A necessary stage in migrating data to the cloud is putting it in order. This is particularly important when it comes to unstructured, so-called dark data: files and documents that are undermanaged (excel files of budget estimates, PDFs containing important patents, Word documents containing personal employee or customer information), in general the data that is not managed in an orderly fashion such as structured database which is easily governed. Usually, this kind of data that tends to be misplaced, misused,...

Webinar

Jul 16, 2019: Privileged Access Management Needs a New Approach

As organizations accelerate their digitalization efforts to stay relevant and competitive in the marketplace, they must evaluate and embrace technologies that can not only support the enablement of their digitalization efforts but can also support the speed, scale and security required for such digitalization efforts.

Webinar

Jul 03, 2019: Security in the Age of the Hybrid Multi Cloud Environment

The way is clear for the hybrid multi-cloud environment! With an increase in cloud services, the mitigation of cyber risks within such environments becomes paramount. The value of traditional security tools for cloud applications is very limited and the misconfiguration of cloud platforms is a key threat to their security.

Press Release

EIC 2019 Attracts Almost 1,000 Visitors

Wiesbaden, May 17, 2019 – With the 13th European Identity & Cloud Conference 2019 coming to an end today, KuppingerCole Analysts AG can once again look back at a record-breaking event. While the number of registered delegates has grown since eight consecutive years, for the first time in its history, the EIC has attracted well over 900 delegates this year.

Webcast

European Identity & Cloud Conference 2019 Wrap-Up

Webcast

Impressions of the European Identity & Cloud Conference 2019

Webcast

Impressions of the AI Innovation Night at EIC 2019

Webcast

Martin Kuppinger - Closing Keynote & Announcement of EIC 2019s Gamification Winners

Webcast

European Identity & Cloud Awards Ceremony

The KuppingerCole Jury will once again honor outstanding Identity Management and Security Projects and Initiatives.

Press Release

KuppingerCole Analysts AG Proudly Presents Winners of European Identity & Cloud Awards

Wiesbaden, May 16, 2019 – Last night, KuppingerCole Analysts AG presented the winners of the European Identity & Cloud Awards at the peak of the 13th European Identity & Cloud Conference. For the 12th consecutive year, the company honored outstanding identity management and security projects and initiatives as part of the flagship event.

Whitepaper

Whitepaper: The Dark Side of the API Economy - 80019

Application Programming Interfaces (API) have become a crucial factor in delivering operational efficiency, scalability, and profitability for most businesses. Nowadays, everything is API-enabled: corporate data is the product and APIs are the logistics of delivering it to customers and partners. Unfortunately, many organizations still lack competence in the field of API security and tend to downplay API-related risks. Many are also overconfident in the capabilities of their existing tools. This paper aims to dispel several common API myths and provide recommendations on designing a...

Webcast

Andrea Rus - SAP Customer Experience: Delivering Trusted Relationships for Your B2B Customers and Partners

Driving growth through customer and partner engagement is critical for B2B business success. Yet, too often, companies struggle to meet this vital need. Why? For partner organizations, managing the end-to-end partner lifecycle is difficult using legacy technologies and manual practices. Each partner has varying needs for security roles, authorizations, and application permissions, and these elements must be handled efficiently so partners get to market quickly and so users can easily go about their day-to-day work. Meanwhile, the business’ most sensitive data must be protected...

Webcast

Mike Kiser, David Lee - Trust in Numbers: An Ethical (and Practical) Standard for Identity-Driven Algorithms

Who was the real Tara Simmons? On November 16, 2017, she sat before the Washington State Supreme Court. The child of addicts and an ex-addict and ex-felon herself, she had subsequently graduated near the top of her law school class. She was asking the court to trust her to become an attorney, and the outcome of her case rested whether or not her past could be used to predict her future. Algorithms that use the past to predict the future are commonplace: they predict what we’ll watch next, or how financially stable we will be, or, as in Tara’s case, how likely we are to commit...

Webcast

Dr. Karsten Kinast - The Global Race for AI – Is it Time to Regulate Now?

Not only is there no form of AI that understands what it says, can draw conclusions from it, and can base decisions on it, but it is not even known how such a synthetic intelligence could be created. In our time, let's say in the next two and a half decades, it is not primarily a question of developing an ethical code within which AI's can unfold as independent subjects, but rather of a far more profane view of responsibilities. If a self-propelled car decides to drive against a traffic light pole without any action on my part, who is responsible for the damage? Are there already...

Webcast

Henk Marsman - Blockchain & IAM: A Perfect Fit or a Squared Peg and a Round Hole?

Blockchain to some is the future solution for everything, or at least for managing identity information. Rabobank is piloting extensively with blockchain. In his presentation Henk will use a few cases on blockchain to see what works well and what doesn't, and where blockchain could be applied to managing identities, whether these are customer identities or employee identities. Or both.

Webcast

Dr. Sridhar Muppidi - Identity + Blockchain: Next Generation IAM is Closer Than You Think

Over the past 12-18 months, there has been a mounting interest in how Blockchain technology might support the next generation of IAM systems. The promises of decentralized and self-sovereign identity, which promote a frictionless user experience and improved privacy controls, are very appealing to any organization looking to reduce both costs and risks. But how do you get started? Many organizations are just starting their journey to cloud, so the idea of Identity + Blockchain may seem too futuristic. In this session, experts from IBM will share how clients are progressively moving towards...

Webcast

Todd Peterson - Rightsizing IGA – One Size Does Not Fit All

The Holy Grail of identity and access management is identity governance and administration (IGA). Unfortunately, getting IGA right is much easier said than done. From access request through provisioning and into identity lifecycle management; and from user access governance, through data governance, and into privileged access governance, the sheer volume of users, systems, and scenarios that must be addressed can be overwhelming. In this session, One Identity will discuss what IGA truly means, how to determine where to start, and where to go next once you are on the path. Don’t be...

Webcast

Maximilian Möhring - The Future of Digital Identity is Decentral, But Not Blockchain

This interdisciplinary talk will lead you through on why not just identities, but any identity-related information should not be stored on a blockchain. The main technical reason being that none of the blockchain USPs is applicable when it comes to identity (-related) data, especially assertions.The legal and business reason being that blockchain is not (yet) compatible with and accepted in our legal and regulatory framework. So what is the way to go? There's not many other areas where security and decentralisationis as important as when we're dealing with identity data. Max will...

Webcast

Mark Stephen Meadows - That Robot Overlord Is in Your Kitchen. Her Name's Alexa

If we look under Alexa’s hood and read between the technologies we find a disturbing reflection of our own identities and personal data. In your home Alexa is always listening and influencing your options. In your company’s product deployment Alexa is influencing your brand, your customers, and your user data.  We will discuss why this represents a geo-political shift more significant than the rise of social media. As a previous developer of Alexa skills and other AI systems I will share with you my lessons learned.

And we will examine alternatives.

Webcast

Kim Cameron - Turning the Web Right Side Up – Giving People What Is Theirs

A steady stream of trends has built up over the years fueling a growing momentum around Decentralized Identity.  Kim Cameron will report on why early adopters – enterprises both large and small – are already beginning to make Decentralized Identity part of their strategy for digital transformation.  He will argue that the underlying trends will only intensify – and that enterprises which figure out how to benefit early will benefit the most.

Webcast

Simon Moffat - Bot, Human, Friend or Foe?

Modern authentication and authorization services need to generate more than the traditional allow or deny result. Developing user discovery flows that capture and store contextual information, can allow authorization services to  deliver dynamic and fine grained data redaction and resource protection. It enables organizations to digitally transform their business and to develop future proof identity models and ecosystems focusing on zero trust and continually secure infrastructures.

Webcast

Panel: Tower Defense, Identity Edition: Zero Trust, Machine Learning, MFA & Passwordless - How to Prevent your Customers & Employees from Falling Victim to Hackers

The attackers are coming in ever increasing waves - come and learn how to set up your defenses so you have the lowest likelihood of account compromise, and accounts which do fall present minimal risk. 100's of thousands of accounts fall victim to hackers every day across consumer and enterprise Identity systems. Attacks are increasing in volume, and Identity takeover remains the "brass ring" for attackers. The good news? More than 99.9% of these compromises are easily preventable by using the principles of Zero Trust and modern Cybersecurity tools. Benefit from the analysis of more than...

Webcast

Ian Glazer - The Most Forgotten Thing in Identity Management

Passwords? No, it’s not passwords. I’ll give you a hint: we all use them. Everyday. Many many times a day. Still don’t know? It’s the humble username. The “middle child” of identity management, the username doesn’t get the same attention that its big brother “Password” and its little sister “Password-less” get. Instead, just does his job without thanks or recognition. But, failing to pay attention to username can have major negative impact in both B2B and B2C scenarios. In this talk, Mr. Glazer explores the critical aspects...

Webcast

Patrick Parker - Applying Microservice Design Principles to Cloud Security Management

The old paradigm of a centralized directory for security has been shattered into a thousand pieces and scattered across the Cloud. Identities, sensitive data and resources, and the management of who may access them are now distributed across hundreds of on-premise and Cloud systems each with its own idiosyncratic security model and none designed to be managed in unison. The shift to Microservices has accelerated the pace of this change. Given this monumental new challenge what is the solution for identity professionals? The answer lies in embracing this change and applying...

Webcast

Jim Taylor - Learning to Fly – Taking Infrastructure Software to the Next Level

Do you build your own car?  Do you buy all the components and put them together yourself?  Of course you don't.  You find vendors who have already assembled all of the pieces into a finished car, and then select the options for the car that fits it perfectly to your wish list.  Don't you think it’s time that you bought your software the same way?  Why spend your time and money running around trying to find all of the best pieces, and even more money trying to put them together.  Broadcom believes that there is a better way, and we intend...

Webcast

Ivana Bartoletti - AI and Identity Management: Considerations for Deployment

With Identity Management increasingly moving to Access management, this talk will explore how permitting access on the basis machine learning is the logical next step on from biometric ID, and to provide for improved security to implement access control.  The session will explore the necessary steps to undertake to deploy AI systems in a secure, privacy compliant and ethical manner.  Key takeaways: The potential of AI in digital identity and access management Assessing algorithms, an example of Algorithmic impact assessment Main privacy and ethical issue Getting...

Webcast

Joy Chik - Identity-Driven Security: The Key to Digital Privacy

In today’s world, organizations and people manage a complex web of digital relationships. To keep everyone safe, each digital interaction must be validated. Strong tools and technologies are now available to help organizations protect their resources, employees, business partners, and customers. But there are no similar tools—beyond legislation—for individuals trying to protect their private information. As an industry, we have a responsibility to provide technology tools that ensure privacy for individuals even while they strengthen security. This means supporting...

Webcast

Katryna Dow - Customer Personalisation: Bridging CIAM and SSID

With the rapid fusion of physical, biological and digital, identity is now more personal than ever. At the same time, data breaches, hacking and centralised honey pots mean that customers are more vulnerable than ever before. How we collect and process data in order to personalise services may be the difference between gaining trust or getting fined. Distributed ledger, Self-Sovereign Identity and Zero Knowledge Proofs offer new opportunities to build a trusted data and identity stack. Taking the best of CIAM together with increasing the rights and protections for customers will drive...

Webcast

Christian Goy - Is Data Really The New Oil?

Data, a massive amount of data, seems to be the holy grail in building more sophisticated AI’s, creating human-like chatbots and selling more products. But is more data actually better? With GDPR significantly limiting the way we generate intelligence through collecting personally identifiable data, what is next? How can we create a specific understanding of our customers to deliver superiority over our competition? During this keynote, we will share how our own expectations and the principle of behavioral economics can alter the way we approach product ideas, personalized...

Webcast

Gerald Beuchelt - Data Driven Identity Programs – Past, Present, and Future: End-User Experience is Key

A comprehensive and fully functioning identity program is an ever evolving mission. From creating security awareness that sticks with employees, getting executive buy-in, and assembling the right team, there’s a lot to do – and then deciding the correct mix of services and solutions that are required for the identity program can be quite the task. One thing is certain – security should not compromise user experience. If there is too much friction in the mix, users will avoid best practice. In this keynote, Gerald will look at some of the challenges as they exist today,...

Press Release

13th European Identity & Cloud Conference

Wiesbaden, May 14th, 2019 – KuppingerCole Analysts AG opens the doors to its 13th European Identity & Cloud Conference today, kicking off four days of insightful exchange among experts from the Information Security and Digital Identity industry. With more than 50 exhibitors and over 800 participants from all over the world, KuppingerCole once more brings together the world’s leading vendors, end users, thought leaders, visionaries and analysts at Europe’s leading event for Identity and Access Management (IAM), Privacy & GDPR, Blockchain ID, Cloud Security and...

Press Release

At KuppingerCole’s European Identity & Cloud Conference 2019: iC Consult Announces China and Russia Expansion

Wiesbaden, May 14th, 2019 – With the European Identity & Cloud Conference, the vendor-independent IAM system integrator iC Consult has chosen the KuppingerCole Analysts AG flagship event to announce the expansion with Service Layers to China and Russia in the fourth quarter of 2019.

Webcast

Dr. Emilio Mordini - "Das Sterben der Pythia" - On Humans, Artificial Intelligence and Oracles

Very often we hear the argument, that the way the internet has been influencing our lives can be compared to Gutenberg´s invention of the printing press. Emilio Mordini - Psychiatrist and one of the world´s most distinguished thought leaders on how future technology will change the way we think and live, says that the transition from analog to digital is much closer to the transition from the spoken to literacy than the printing press ever was, because it is changing the medium in which human thoughts are materialized. In his keynote, Dr. Mordini will refer to...

Webcast

Kelley Mak - Emerging Venture Capital Trends in Enterprise Cloud and Cybersecurity

For the past five years at Work-Bench, we’ve been investing in a total reimagining of the enterprise technology stack. The enterprise infrastructure stack that powers Fortune 1000 organizations is in the midst of a tectonic shift. This talk will highlight key trends in cloud and cybersecurity affecting the enterprise and where disruption lies for VC investment and corporate innovation. While there remains a lot of buzz around emerging technology, such as ML/AI and new infrastructure patterns like serverless, this keynote will cut through the noise and marketing hype and help bring to...

Webcast

Thom Langford - Facing the Post-GDPR Reality

Webcast

Jochen Werne - HUMAN. DIGITAL. CULTURE - Disruption or just Progress? Impacts of Artificial Intelligence on Business and Society

Webcast

Martin Kuppinger - Opening Keynote

Press Release

KuppingerCole Analysts AG Hosts AI Innovation Night

Wiesbaden, May 13th, 2019 – KuppingerCole Analysts AG hosts the Artificial Intelligence Innovation Night in Munich, Germany today. From 7:00 pm on, nine speakers will present various approaches to utilize AI techniques for IAM, Cybersecurity, Consumer Experience and Marketing Automation in slam-style talks.

Executive View

Executive View: Ideiio IGA - 80077

Identity Governance and Administration (IGA) is an important security and risk management discipline that builds the necessary foundation of any organization’s IT security portfolio. ideiio, a spun out from IAM systems integrator ProofID, is a new vendor in the IGA space offering IGA functions targeted at mid-market customers to meet their basic IGA requirements with minimal effort and investment.

Blog

CIAM as a Key Factor in the Digital Transformation

Digital Transformation is one of those buzzwords (technically a buzzphrase, but buzzphrase isn’t a buzzword yet) that gets used a lot in all sorts of contexts. You hear it from IT vendors, at conferences, and in the general media. But Digital Transformation, or DT as we like to abbreviate it, is much more than that. DT is commonly regarded as a step or process that businesses go through to make better use of technology to deliver products and services to customers, consumers, and citizens. This is true for established businesses, but DT is enabling and creating entirely new businesses...

Blog

Robotic Process Automation – an IAM Challenge

Don’t Run into Security Risks by Managing Robot Accounts the Wrong Way Robotic Process Automation (RPA) is one of the hot IT topics these days. By using robots that automatically perform tasks that humans executed before, companies unlock a significant potential for cost savings. AI (Artificial Intelligence) helps in realizing RPA solutions. However, if done wrong, the use of RPA can cause severe security challenges. It starts with the definition of the accounts used by the robots. There appears being a tendency of creating sort of “super-robot” accounts –...

Blog

Sustainable Data Management

Getting competitive advantage from data is not a new idea however, the volume of data now available and the way in which it is being collected and analysed has led to increasing concerns. As a result, there are a growing number of regulations over its collection, processing and use. Organization need to take care to ensure compliance with these regulations as well as to secure the data they use. This is increasing the costs and organizations need a more sustainable approach. In the past organizations could be confident that their data was held internally and was under their own control....

Webcast

Next-Gen Identity Analytics and Access Governance Approach

Identity Governance and Administration (IGA) is undoubtedly one of the most valued but complex and lengthy technology implementations. While IAM leaders are still trying to figure out the complexities of IGA, the massive cloud uptake with the advent of machine learning accelerates identity analytics and access governance for creation of Next-Gen IGA solutions. Machine Learning inspired IGA offers significant improvements to enhance identity analytics and access governance processes to enable IAM leaders support the business better by helping them make more informed decisions.

Leadership Brief

Leadership Brief: Blockchain ID & Self Sovereign Identity - 80105

As the hype around Blockchain is slowing down, the market is moving into a phase of maturity, focusing on business cases where Blockchain technology delivers concrete value, in combination with other types of technologies. Blockchain ID and the related concept of Self Sovereign Identity (SSI) are gaining momentum, in areas such as KYC (Know Your Customer), Consumer Authentication, and Consumer ID management. While most solutions are still in their early stages, they show the potential of Blockchain ID.

Advisory Note

Buyer’s Compass: Endpoint Protection - 80110

Malware remains a global cybersecurity threat. This KuppingerCole Buyer’s Guide will provide you with questions to ask vendors, criteria to select your vendor, and requirements for successful deployments. This document will prepare your organization to conduct RFIs and RFPs for endpoint protection.

Executive View

Executive View: Wallix Bastion - 79053

The WALLIX Bastion is a single gateway-based solution for PAM offering advanced session management, password management and access management capabilities, with built-in controls for access request management. Offering Single Sign-On (SSO) to target systems, the WALLIX Bastion provides detailed session recording, auditing and monitoring capabilities in easy-to-configure and scale multi-tenant deployments.

Webcast

Identity Governance - the Value of Leveraging IGA Functions from the Cloud

Even though companies need to implement Identity Governance & Administration (IGA) solutions in order to stay compliant and support their security, the deployment of IGA solutions still poses a challenge to many of them. Delivering a frictionless experience for users and employees while efficiently managing identities and access entitlements are key to a successful deployment.

Press Release

KuppingerCole Analysts AG Honors Identity Management and Security Projects at the 12th European Identity & Cloud Award Ceremony

Wiesbaden, May 07, 2019 – With the European Identity & Cloud Awards, KuppingerCole Analysts AG honors outstanding identity management and security projects and initiatives at the 13th European Identity & Cloud Conference 2019 on Wednesday, May 15, 2019, 7:20 pm. The winner projects will be announced live on stage during the festive Award Ceremony at the peak of EIC.

Executive View

Executive View: FIDO2 - 80059

The FIDO® Alliance has released new authentication specifications that enhance security and privacy, standardize the authentication experience and underlying APIs, improve the usability, and extend the FIDO paradigm to more types of devices, platforms, and environments. With the publication of FIDO2 (comprised of FIDO’s CTAP and W3C’s WebAuthn specification), FIDO has more effectively bridged the gaps between mobile devices, traditional computing devices, and web applications.

Executive View

Executive View: Darktrace Enterprise Immune System - 80003

Darktrace Enterprise Immune System is a cyber-defense platform that utilizes a self-learning AI-based technology to detect, investigate and neutralize various cyber-threats in real time, across the whole corporate IT infrastructure, including physical and virtualized environments, industrial control networks, cloud infrastructures, and SaaS applications.

Advisory Note

Buyer’s Compass: Consumer Identity and Access Management Solution - 80111

Consumer Identity is a fast-growing specialty solution. This KuppingerCole Buyer’s Guide will provide you with questions to ask vendors, criteria to select your vendor, and requirements for successful deployments. This document will prepare your organization to conduct RFIs and RFPs for selecting the right CIAM solution for your organization.

Executive View

Executive View: BeyondTrust Password Safe - 80067

BeyondTrust’s Produktportfolio bietet eine gut integrierte Privileged Access Management (PAM) Suite mit einer Reihe von Funktionen für die Erkennung und Minderung von Sicherheitsbedrohungen, die durch den Missbrauch von privilegierten Accounts und Zugriffsberechtigungen verursacht werden. BeyondTrust’s Password Safe stellt die branchenführenden Funktionen für das Passwortmanagement gemeinsam genutzter Accounts und für die Sitzungsverwaltung über ein breites Spektrum von Zielsystemen bereit.

Whitepaper

Whitepaper: Identity Governance. The Value of Leveraging IGA Functions from the Cloud - 80043

With IT functions gradually shifting to the cloud, it is time to rethink the way  supporting infrastructure and platform services such as IGA (Identity Governance and Administration) are implemented. While solutions running on premises, but also supporting cloud services were the norm until now, running IGA as a service, with support for the hybrid reality of IT infrastructures becomes the adequate solution.

Executive View

Executive View: Exostar Supplier Risk Management - 79074

Exostar Supplier Risk Management delivers advanced capabilities for identifying and managing risk and compliance with cybersecurity and other best practices and standards, along the entire supply chain. By building on the capabilities of the Exostar Platform as an industry collaboration network, it enables re-use of supplier representations and certifications with multiple buyers, thus efficiently reducing the workload involved and improving information consistency and accuracy in support of Supplier Relationship Management.

Webinar

May 29, 2019: The Compelling Need for Privileged IT Process Automation

IT processes can often be repetitive and many of these tasks can take companies a lot of time and costs, putting pressure on highly skilled IT staff. By automating IT processes, companies can not only become more productive and efficient but also relieve the load on their IT department.

Conference

Nov 26, 2020: cybernetix.world 2020 - Nigeria

cybernetix.world is the first sustainable decentralized event for global communities. This event offers you talks, panel discussions and workshops relevant for an enterprise executive but also for a private citizen. The events across the 2 continents will cover all aspects of digitalization and the interaction of humans and technology.

Leadership Brief

Leadership Brief: Artificial Intelligence in Cybersecurity - 70278

Artificial Intelligence remains the hottest buzzword in almost every segment of the IT industry nowadays, and not without reason. The very idea of teaching a machine to mimic the way humans think (but much, much quicker) without the need to develop millions of complex rules sounds amazing: instead, machine learning models are simply trained by feeding them with large amounts of carefully selected data. However, should we really expect AI to replace human analysts in the field of cybersecurity anytime soon?

Conference

Nov 24 - 25, 2020: cybernetix.world 2020 - Sweden

cybernetix.world is the first sustainable decentralized event for global communities. This event offers you talks, panel discussions and workshops relevant for an enterprise executive but also for a private citizen. The events across the 2 continents will cover all aspects of digitalization and the interaction of humans and technology.

Conference

Nov 24 - 26, 2020: cybernetix.world 2020 - Germany

cybernetix.world is the first sustainable decentralized event for global communities. This event offers you talks, panel discussions and workshops relevant for an enterprise executive but also for a private citizen. The events across the 2 continents will cover all aspects of digitalization and the interaction of humans and technology.

Conference

Nov 24 - 26, 2020: cybernetix.world 2020

cybernetix.world is the first sustainable decentralized event for global communities. This event offers you talks, panel discussions and workshops relevant for an enterprise executive but also for a private citizen. The events across the 2 continents will cover all aspects of digitalization and the interaction of humans and technology.

Webcast

Artificial Intelligence: Disruption Ahead?

When AI comes to mind, many people, maybe in Europe a bit more than in other parts of the world, fear some kind of terrestrial robot overlords taking over control, forcing us humans to surrender and devote our freedom to their understanding of a well-organized society without all those things that make our lives worth living. But the reality is different. We are many years away from what Terminator, ex Machina and all the other Hollywood puppets and figures would suggest: Artificial organisms which understand what they see, hear, say or do. So, what is it that creates such a hype around a...

Executive View

Executive View: One Identity Manager SAP Integration - 80073

One Identity Manager in combination with the cloud-based Starling Connect service delivers a broad range of integrations into both traditional and cloud-based SAP services. The integration capabilities count amongst the leading-edge solutions in IGA (Identity Governance and Administration) products.

Webcast

Adding Depth to Your IAM: Automating Microsoft Active Directory and Azure AD Administration

IAM and therein IGA (Identity Governance & Administration) focuses on managing identities and their access across a variety of systems. That is essential, particularly for heterogeneous environments. However, there are two aspects that aren’t well-addressed by many of today’s IGA products: In-depth management of Active Directory, Azure AD, Office 365 and other core infrastructure elements, from creating mailboxes to in-depth access control in AD and on file servers Lightweight implementations for SMBs that don’t need the full breadth in capabilities...

Webinar

Jun 27, 2019: Under Pressure From the Auditor: Rapid Response by Rapid Access Reviews

Most organizations are aching under the pressure the feel from auditors in delivering information. A large portion of that is based on access reviews, i.e. demonstrating that the least privilege principle and related regulatory requirements are met.

Congress

May 12 - 15, 2020: European Identity & Cloud Conference 2020

Come to the place where the Digital Transformation is happening. The European Identity & Cloud Conference, held from May 12-15, 2020, offers a mixture of best practice discussions, visionary presentations, and networking opportunities with a future-oriented community. More than 800 thought leaders, leading vendors, analysts, executives, and end-users get together in Munich to be inspired by a list of world-class speakers.

Executive View

Executive View: Kleverware IAG - 80106

Kleverware ist ein französisches Softwareunternehmen, das sich auf die Entwicklung einer schlanken Lösung für Identity & Access Governance (IAG) fokussiert hat. Kleverware IAG ermöglicht die schnelle Implementierung von Berechtigungsprüfungen und -berichten und kann auf einfache Weise Berechtigungsdaten in heterogenen, komplexen IT-Landschaften, einschließlich SaaS-Diensten und Geschäftsanwendungen sammeln und homogenisieren. Kleverware IAG bietet eine schlanke Alternative zu umfassenden IGA (Identity Governance & Administration) Implementierungen.

Blog

Could Less Data Be More Data?

Data, a massive amount of data, seems to be the holy grail in building more sophisticated AI’s, creating human-like chatbots and selling more products. But is more data actually better? With GDPR significantly limiting the way we generate intelligence through collecting personally identifiable data, what is next? How can we create a specific understanding of our customers to exceed their expectations and needs with less data? Many of us collect anything we can get our hands on from personal information, behavioral data, to “soft” data that one might run through a natural...

KCx Talks

Jun 04 - Dec 31, 2019: KCx Talks Series 2019

KCx Talks stand for expertise, exchange, and exclusivity. Enjoy an evening in a relaxed atmosphere together with experts from a wide range of disciplines. Exciting short lectures, rousing panel discussions and personal fireside chats on current digitization and identity topics in various industries await you. Network and discuss with an exclusive group of participants at a hip location in the city, with selected food and drinks. Be part of the community and secure your seat at one of the KCx Talks near you now!

Executive View

Executive View: BeyondTrust Password Safe - 80067

BeyondTrust’s portfolio of products provides a well-integrated Privileged Access Management (PAM) suite with a range of capabilities for  detection and mitigation of security threats caused by  abuse of privileged accounts and access entitlements. BeyondTrust’s Password Safe delivers market-leading shared account password management and session management capabilities across a wide range of target systems.

Webcast

Secure Login for Highly-Regulated Hybrid Environments: Avoid Being Forced Into the Cloud

The march of the cloud is unstoppable. Eager to outsource the tedious and expensive maintenance of their IT infrastructures to a reliable 3rd party, most companies would dream of becoming cloud-native, at least in the long term. Needless to say, letting someone else run your identity management out there sounds like a great idea as well, hence the rising popularity of Identity-as-a-Service solutions that combine the latest technology achievements with the flexibility of the cloud.

KCx Talks

Jun 12, 2019: Rise & Application of Artificial Intelligence

Artificial Intelligence (AI) has been around for decades. But now, with the increasing computational power available, and with significant investments from large technology companies like Google, IBM and Amazon, and from governments like China, we are experiencing AI on its way to developing a game changing impact on how we live, work and do business. In this KCx Talk we will look at the promise of current AI deployments, their challenges, implications, and risks, and we will discuss the way how AI will influence our future.

Blog

The Perfect Shot!

Shooting from the hip is easy, because it is fast and sound like you’re making an impact. But do you hit the mark? When you study the ‘art of shooting’ a bit there is a whole lot of practice to it, it takes time and every shot is highly contextual. No soldier goes into battle without a thorough preparation and training. The target, the terrain, the road in and the road out, weather, it all plays a role in hitting the mark. Becoming really good is hard, takes a long time, and ultimately also depends on context. Yet it always beats shooting from the hip. Every so often I...

Executive View

Executive View: Ubisecure Identity Platform - 79072

Ubisecure Identity Platform is an integrated consumer identity and access management suite for on-premise or cloud deployment. Ubisecure features strong federation capabilities, innovative standards support, and the ability to leverage some bank and national IDs. RapidLEI provides a way to manage organizational identity.  

KCx Talks

Jun 04, 2019: Treiber der Digitalen Transformation in der Finanzindustrie

Genießen Sie gemeinsam mit Experten aus verschiedenen Fachbereichen einen Abend mit interessanten Vorträgen in entspannter Atmosphäre. Nehmen Sie an anregenden Diskussionen teil und genießen Sie persönliche Kamingespräche zu den aktuellen Digitalisierungs- und Identitätsthemen in unterschiedlichen Branchen. Netzwerken und diskutieren Sie mit einem exklusiven Teilnehmerkreis in einer angesagten Location der Stadt, mit ausgewählten Speisen und Getränken.

Webinar

May 02, 2019: Artificial Intelligence: Disruption Ahead?

When AI comes to mind, many people, maybe in Europe a bit more than in other parts of the world, fear some kind of terrestrial robot overlords taking over control, forcing us humans to surrender and devote our freedom to their understanding of a well-organized society without all those things that make our lives worth living.

Webinar

Jun 25, 2019: Mit Access-Governance-Projekten neue Vorschriften erfüllen, ohne das Rad neu zu erfinden

IGA-Projekte (Identity Governance & Administration) bergen aufgrund ihrer Komplexität diverse Risiken. Diese ergeben sich meistens in der Vernetzung einer komplexen, heterogenen IT-Infrastruktur sowie durch den bereichsübergreifenden Charakter von IGA-Projekten. Wenn man nicht bei jedem Projekt immer wieder von Null anfangen möchte, und auf Erfahrungswerte zurückgreift, können viele Risiken sehr leicht vermieden werden.

Webinar

Jul 02, 2019: Challenges for Managed Service Providers Offering Privileged Account Management as a Service

Insufficiently protected privileged accounts pose high risks to any given company today. Therefore, Privileged Account Management (PAM) is of paramount importance to a functional insider threat program, which is at the core of any modern cybersecurity strategy. While utilizing a variety of IaaS, PaaS and SaaS offerings, organizations often face difficulties in controlling the management of their privileged accounts due to a lack of time, budget and other resources.

Blog

Artificial Intelligence in Cybersecurity: Are We There Yet?

Artificial Intelligence (along with Machine Learning) seems to be the hottest buzzword in just about every segment of the IT industry nowadays, and not without reason. The very idea of teaching a machine to mimic the way humans think (but much, much quicker) without the need to develop millions of complex rules sounds amazing: instead, machine learning models are simply trained by feeding them with large amounts of carefully selected data. There is however a subtle but crucial distinction between “thinking like a human” (which in academic circles is usually referred as...

Blog

Data Security and Governance (DSG) for Big Data and BI

Today, organizations are capturing trillions of bytes of data every day on their employees, consumers, services and operations through multiple sources and data streams. As organizations explore new ways to collect more data, the increased use of a variety of consumer devices and embedded sensors continue to fuel this exponential data growth. Large pools of data, often referred to as data lakes, are created as a result of this massive data aggregation, collection and storage – which remains the easiest of all processes in a Big Data and BI value chain. What’s concerning is the...

Blog

Smart Manufacturing: Locking the Doors You've Left Open When Connecting Your Factory Floor

Smart Manufacturing or, as the Germans tend to say, Industry 4.0, has already become a reality for virtually any business in manufacturing. However, as just recently demonstrated by the attack on Norsk Hydro, this evolution comes at a price: There are doors created and opened for attackers that are not easy to close again. These new challenges are not a surprise when looking at what the quintessence of Smart Manufacturing is from a security perspective. Smart Manufacturing is about connecting business processes to manufacturing processes or, in other words, the (business) value chain to...

Leadership Brief

Leadership Brief: Data Security and Governance (DSG) for Big Data and BI Environments - 80109

Increased relevance of BigData and BI environments in supporting business decisions requires a broad set of data points to be collected throughout the lifetime of an application and users’ interaction with it. Security and risk management leaders must ensure that the risks emerging from the abundance and extensive use of this data are identified and that the right security and governance controls are employed to address these risks.

Leadership Brief

Leadership Brief: The Limits of AI in Marketing Automation - 79007

Artificial intelligence and machine learning are megatrends in marketing analytics and automation—it's often seen as the holy grail of digital marketing, as its possibilities seem to be endless. But are they? This leadership brief discusses typical limits and risks of ML-based marketing automation—and shows how to overcome or manage them.

Webcast

The Fast Track to Regulatory Compliance: Lean, Efficient, and User-Centric Access Governance

Various regulations mandate businesses not only to implement an IGA (Identity Governance & Administration) solution, but as part of that to regularly review their access entitlements across the entire IT landscape, starting with an initial clean-up. This can result in complex projects with multi-year initiatives on defining business roles and cumbersome access review (recertification) processes, which annoy the business users. Factually, such approaches even might fail in fulfilling the regulatory requirements, just because they never get done and used.

Press Release

KuppingerCole Analysts Young Talents Community Offers Students Free Accreditation for European Identity & Cloud Conference

Wiesbaden, April 09, 2019 – KuppingerCole Analysts offers all students the opportunity to join the company’s Young Talents Community. Apart from other benefits, members of the community can attend KuppingerCole events such as the European Identity & Cloud Conference from May 14-17, 2019 in Munich free of charge.

Leadership Brief

Leadership Brief: Machine Learning, Marketing, and Privacy - 80032

Artificial intelligence and machine learning techniques are becoming more and more important for marketing. ML offers new possibilities to analyze customer data, enabling individual marketing measures to be delivered. Nevertheless, privacy is often a concern when it comes to ML. Furthermore, legislation based on GDPR has to be considered. This leadership brief gives an overview of the opportunities, privacy risks, and solutions regarding machine learning and marketing.

Webinar

Jun 13, 2019: Fine-Tuning ICS Threat Models to Prioritize Mitigations of the Most Vulnerable Devices

When discussing the matters of industrial cybersecurity with IT experts, lamenting the historical divide between OT and IT seems to be a popular topic: you would often hear that the OT engineers are stubbornly ignoring the latest cyberthreats and do not see security as a priority in general.

Leadership Brief

Leadership Brief: AI and Machine Learning – The Basics in a Nutshell - 80033

Artificial intelligence is becoming more and more important for various applications in almost all industrial sectors. This leadership brief gives a basic overview of the main principles of artificial intelligence (AI), with a strong focus on machine learning (ML). Typical use cases are illustrated based on some examples—with a marketing and identity management-oriented focus.

Executive View

Executive View: ManageEngine AD360 - 79070

ManageEngine AD360 is a tool targeted at the in-depth management of Microsoft Active Directory and connected systems such as Microsoft Office 365. It comes with capabilities that go beyond pure entitlement, by adding authentication features, UBA (User Behavior Analytics), and even Single Sign-On to several cloud services. However, the core of the product is supporting an efficient, automated management of Microsoft Active Directory and mitigating risks in these environments by automation and optimization of entitlements.

Executive View

Executive View: NRI SecureTechnologies: Uni-ID Libra 2.2 - 79079

Consumer Identity and Access Management (CIAM) is a rapidly growing market that offers a better user experience for the consumer and new challenges for the organization. NRI Secure’s Uni-ID Libra provides the necessary components of a CIAM solution with a focus on the Japanese market.

Executive View

Executive View: BigID - 80046

With today's mounting regulations to protect sensitive customer data, organizations are faced with new requirements, challenges and compliance risks. BigID assist organizations with their data compliance requirements by helping them find, categorize and map their data at scale.

Webinar

Jun 18, 2019: Getting Rid of the Password – How to Increase Safety Affordably

Despite compromised passwords being the leading cause of data breaches, most online businesses still rely on solely using passwords for logins. While getting rid of password authentication is desirable from a security standpoint, organizations fear that it is a costly endeavor that can also affect user experience.

Leadership Brief

Leadership Brief: Marketing, IoT, and Privacy - 80034

The Internet of Things (IoT) is an IT megatrend. Apart from offering new possibilities and experiences to its users, IoT is highly interesting for marketers as it offers new ways to communicate with consumers and customers, leading to new possibilities in terms of analytics and consumer engagement as well. But what about privacy when IoT comes into play? This Leadership Brief gives an overview of marketing opportunities and privacy challenges in terms of IoT, with a focus on European legislation based on GDPR.

Executive View

Executive View: Simeio IAM for SMB - 79071

Simeio offers a turnkey Identity and Access Management IDaaS solution for small-to-medium size businesses. IAM for SMB prioritizes ease-of-use for business owners and administrators as well as security. The solution provides comprehensive user management via workflows, which are accessible via mobile devices.

Executive View

Executive View: WSO2 Identity Server - 80060

Identity Management solutions need to address the growing number of identities associated with applications and endpoints, as well as the ability to integrate with the diversity of application and service APIs. WSO2 Identity Server provides a comprehensive and flexible solution for the modern enterprise.

Blog

There Is a Price to Pay for Using the Shiny, Bright Cloud Service

One of the slides I use most frequently these days is about Identity Brokers or Identity Fabrics, that manage the access of everyone to every service. This slide is based on recent experience from several customer advisories, with these customers needing to connect an ever-increasing number of users to an ever-increasing number (and complexity) of services, applications, and systems. This reflects the complex reality of most businesses. Aside of the few “cloud born” businesses that don’t have factory floors, large businesses commonly have a history in their IT. Calling...

Webcast

The Foundation for GDPR Compliance and PI/PII Protection: Understand Where Data Resides and Who Processes It

The EU GDPR requires covered organizations to be able to account for and document how personal data is collected, processed and shared.  What many companies often fail to realize is that this data is not only stored in specialized and appropriately secured silos such as databases.  In fact, the vast majority of their business information is in unstructured and semi-structured formats, distributed across multiple systems an services. Without consistent visibility into whose data is processed across these environments, organizations cannot adequately account for how personal data...

Webinar

Jun 05, 2019: Leverage Enterprise Architecture to Achieve GDPR Compliance

Several measures have been undertaken by Organizations at various levels to comply with GDPR, most of which remain reactive, fragmented and largely ad-hoc. These controls are also not continuous in nature and therefore fail to satisfy ongoing compliance requirements. Organizational leaders (CISOs, CIOs, CDPOs or CROs) felt the need for better data controls that should be baked into organizational processes to ensure compliance by design.

Executive View

Executive View: R&S®Trusted Gate von Rohde & Schwarz Cybersecurity - 80036

Verlässliche Kontrolle und Monitoring sensibler Informationen, die in öffentlichen Clouds und Kollaborationstools (Microsoft® SharePoint™, Office 365™) gespeichert sind durch Virtualisierung, Verschlüsselung und Datenfragmentierung. Sichere und benutzerfreundliche Zusammenarbeit an geschützten Dokumenten und transparente, datenzentrische Sicherheit für Cloud, On-Premises und Hybridspeicherumgebungen.

Executive View

Executive View: AWS Certificate and Key Management - 70365

A suite of fully managed encryption key and TLS certificate management services natively integrated with over 50 other AWS services to ensure data protection and regulatory compliance across the whole cloud footprints.

Webcast

Privileged Access Management - the Focal Point for Your IAM Today

PAM (Privileged Access Management) has grown over these years to become a crucial set of technologies that addresses some urgent cybersecurity issues today.

Executive View

Executive View: CyberArk Privileged Session Manager for Web - 79034

Securing and monitoring privileged access to cloud environments is a crucial security requirement, more so because privileged accounts are powerful, shared in nature and generally accessible from outside the organization. IAM leaders responsible for privileged access management (PAM) must evaluate their security requirements associated with administrative access to cloud platforms and services. Privileged Session Manager for Web enables secured administrative access to a hybrid cloud environment combined with multi-factor authentication.

Webinar

May 09, 2019: Next-Gen Identity Analytics and Access Governance Approach

Identity Governance and Administration (IGA) is undoubtedly one of the most valued but complex and lengthy technology implementations. While IAM leaders are still trying to figure out the complexities of IGA, the massive cloud uptake with the advent of machine learning accelerates identity analytics and access governance for creation of Next-Gen IGA solutions. Machine Learning inspired IGA offers significant improvements to enhance identity analytics and access governance processes to enable IAM leaders support the business better by helping them make more informed decisions.

Leadership Compass

Leadership Compass: Privileged Access Management - 79014

Privileged Access Management (PAM), over the last few years, has evolved into a set of crucial technologies that addresses some of the most urgent areas of Cybersecurity today. Continuing the growth trajectory, the PAM market has entered a phase of consolidation characterized by increased price competition and an intensified battle for market share. This Leadership Compass provides a detailed analysis of the PAM market and its key players to help security and IAM leaders find the right product(s) that best fit their cybersecurity needs.

Webinar

May 21, 2019: The No. 1 Rule of Secure Cloud Migration: Know Your Unstructured and Dark Data and Where It Is Located

With a huge amount of data around, cloud migration is the ideal solution today. A necessary stage in migrating data to the cloud is putting it in order. This is particularly important when it comes to unstructured, so-called dark data: files and documents that are undermanaged (excel files of budget estimates, PDFs containing important patents, Word documents containing personal employee or customer information), in general the data that is not managed in an orderly fashion such as structured database which is easily governed. Usually, this kind of data that tends to be misplaced, misused,...

Executive View

Executive View: Digital Shadows SearchLight™ - 79041

Digital Risk Protection as a Service. A combination of data loss protection, the securing of brands and reputation online and the reduction of the overall attack surface by identifying weaknesses in an organization’s infrastructure.

Webcast

Mitigate Identity-Related Breaches in the Era of Digital Transformation

Cyber attackers continue to be successful in gaining access to many different organizations, often by exploiting identities and weak authentication. To ensure they are protected, organizations should consider modern Adaptive Authentication techniques to increase identity security and thwart attacks.

Executive View

Executive View: Amazon GuardDuty - 80005

Amazon GuardDuty is a fully managed, simple, and affordable security monitoring and threat detection service that combines machine learning and anomaly detection to enable quick and uncomplicated identification of suspicious activities and malicious behavior across AWS cloud accounts and workloads.

Webinar

May 28, 2019: All the Roads Lead to the C, Paved with B2B

More and more organizations use CIAM for B2B use cases as such combination can help companies position themselves on the market. While no one argues that user experience journey for the B2B Customer is just as important as any other customer, they most certainly need a relatively different set of features.

Executive View

Executive View: Krontech SingleConnect - 80031

Krontech offers an integrated Privileged Access Management (PAM) platform comprising of several technology modules targeted at specific PAM functions. With a simplified approach to PAM, Krontech offers a promising alternative to other new market entrants, owing to its faster deployment cycle and its technological advantage in securing database privileges.

Blog

Oslo, We Have a Problem!

As you have certainly already heard, Norsk Hydro, one of the world’s largest aluminum manufacturers and the second biggest hydropower producer in Norway, has suffered a massive cyber attack earlier today. According to a very short statement issued by the company, the attack has impacted operations in several of its business areas. To maintain the safety and continuity of their industrial processes, many of the operations had to be switched to manual mode. The details of the incident are still pretty sparse, but according to the statement at their press conference, it may have been...

Webinar

May 23, 2019: Is Multilayered Cyber-Defense Out Already? Against Rising Breaches and Vulnerabilities, Data-Centric Security to the Rescue!

As the growing number of high-profile data breaches indicates, even the largest companies are still struggling with implementing consistent enterprise-wide information security measures. Setting up various security tools for numerous different applications, services, and heterogeneous systems and then making them work together efficiently is a massive challenge.

Executive View

Executive View: Thycotic Privilege Manager - 80004

Besides the fastest growing segment of Privileged Access Management (PAM) market, Endpoint Privilege Management (EPM) has become the most critical technology of PAM that has a direct impact on an organization’s security posture. Thycotic Privilege Manager is a market leading EPM product that provides endpoint threat protection for controlled desktop and server environments through a combination of least privilege and application control.

Webcast

API Security: Separating Truth from Fiction

APIs (application programming interfaces) have undergone a truly amazing transformation in recent years. From an obscure technical term only software developers were familiar with, they have developed into one of the foundations of today’s digital business. Nowadays, APIs are everywhere – they enable business communications with partners and customers, make applications from different vendors work together seamlessly, power large IoT networks and the whole cloud. For many companies, APIs have even become the very foundation of their business models and the primary source of...

Blog

Ignorance is Risk

#RSAC2019 is in the history books, and thanks to the expansion of the Moscone Center, there was ample space in the expo halls to house vendor booths more comfortably. In fact, there seemed to be a record number of exhibitors this year. As always, new IAM and cybersecurity products and services make their debut at RSAC. Despite the extra room, it can be difficult for the security practitioner and executive to navigate the show floor. Some plan ahead and make maps of which booths to visit, others walk from aisle 100 to the end. It can take a good deal of time to peruse and discover...

Webinar

Apr 30, 2019: Adding Depth to Your IAM: Automating Microsoft Active Directory and Azure AD Administration

IAM and therein IGA (Identity Governance & Administration) focuses on managing identities and their access across a variety of systems.

Blog

Building Trust by Design

Trust has somehow become a marketing buzzword recently. There is a lot of talks about “redefining trust”, “trust technologies” or even “trustless models” (the latter is usually applied to Blockchain, of course). To me, this has always sounded… weird. After all, trust is the foundation of the very society we live in, the key notion underlying the “social contract” that allows individuals to coexist in a mutually beneficial way. For businesses, trust has always been a resulting combination of two crucial driving forces – reputation...

Blog

The Wrong Click: It Can Happen to Anyone of Us

The Wrong Click: It Can Happen to Anyone of Us

Blog

AI Myths, Reality and Challenges

The dream of being able to create systems that can simulate human thought and behaviour is not new. Now that this dream appears to be coming closer to reality there is both excitement and alarm. Famously, in 2014 Prof. Stephen Hawking told the BBC: "The development of full artificial intelligence could spell the end of the human race”. Should we be alarmed by these developments and what in practice does this mean today? The origins of today’s AI (Artificial Intelligence) can be traced back to the seminal work on computers by Dr Alan Turing. He proposed an experiment that became...

Webcast

Matthias Reinwarth - The wrong click: it can happen to anyone of us

The wrong click: it can happen to anyone of us

Executive View

Executive View: Kleverware IAG - 80042

Kleverware is a French software company that is focused on delivering a lean, targeted solution for Identity & Access Governance (IAG). Their solution Kleverware IAG allows for rapidly implementing access reviews and entitlement reporting, and can easily collect and homogenize entitlement data across heterogeneous, complex IT landscapes, including SaaS services, business applications, and other tools. Kleverware IAG delivers a lightweight alternative to full IGA (Identity Governance & Administration) deployments.

Whitepaper

Whitepaper: PATECCO Privileged Access Management Services - 80037

Privilege Management is the set of critical cybersecurity controls that deal with the management of security risks associated with privileged access in an organization. Maintaining control over privileged users, extended privileges and shared accounts demands for a well-integrated solution, consisting of risk mitigation, well-defined processes und well-executed implementation.

Executive View

Executive View: Thales Vormetric Application Crypto Suite - 79069

Encryption, tokenization, and data masking are essential capabilities needed in today’s highly regulated environments. Protecting sensitive information requires these capabilities, beyond just network and file-level encryption. Vormetric Application Crypto Suite from Thales eSecurity provides an integrated, easy-to-use set of services covering the needs for such environments.

Boot Camp

May 17, 2019: Hybrid and Secure Cloud Boot Camp

Executive View

Executive View: Ilantus Compact Identity - 80052

IDaaS is fast becoming the new face of Identity and Access Management (IAM) with several vendors now delivering cloud-based IAM services to support the whopping cloud uptake by the business. Ilantus Compact Identity is an entry level enterprise IDaaS offering targeted at SMB customers to jump start their IAM with minimal effort and investment.

Blog

Ledger for the Masses: The Blockchain Has Come to Stay

Hype topics are important. They are important for vendors, startups, journalists, consultants, analysts, IT architects and many more. The problem with hypes is that they have an expiration date. Who remembers 4GL or CASE tools as an exciting discussion topic in IT departments? Well, exactly, that's the point... From that expiration date on, they either have to be used for some very good purposes within a reasonable period of time, or they turn out to be hot air. There have been quite a few hype topics lately. Think for example of DevOps, Machine Learning, Artificial Intelligence, IoT,...

Webcast

Consumer Identity World 2019

Executive View

Executive View: Veracode Application Security Platform - 79060

Veracode Application Security Platform is a cloud-based application security testing platform providing unified insights into software security risks at every stage of the development lifecycle.

Webinar

Apr 09, 2019: The Fast Track to Regulatory Compliance: Lean, Efficient, and User-Centric Access Governance

Various regulations mandate businesses not only to implement an IGA (Identity Governance & Administration) solution, but as part of that to regularly review their access entitlements across the entire IT landscape, starting with an initial clean-up. This can result in complex projects with multi-year initiatives on defining business roles and cumbersome access review (recertification) processes, which annoy the business users. Factually, such approaches even might fail in fulfilling the regulatory requirements, just because they never get done and used.

Webinar

Apr 25, 2019: Secure Login for Highly-Regulated Hybrid Environments: Avoid Being Forced Into the Cloud

The march of the cloud is unstoppable. Eager to outsource the tedious and expensive maintenance of their IT infrastructures to a reliable 3rd party, most companies would dream of becoming cloud-native, at least in the long term. Needless to say, letting someone else run your identity management out there sounds like a great idea as well, hence the rising popularity of Identity-as-a-Service solutions that combine the latest technology achievements with the flexibility of the cloud.

Executive View

Executive View: Bromium Secure Platform 4.1 - 71309

Windows endpoint protection from risky tasks and malicious files, through browser and application isolation within one-time disposable micro-virtual machines combined with user behavior monitoring and enhanced enterprise management capabilities.

Blog

Blockchain Just a Hype?

Blockchain - Just a Hype?

Blog

Web Access & Federation

An organization’s need to support communication and collaboration with external parties such as business partners and customers is just as an essential technical foundation today as it has been in the past. Web Access Management and Identity Federation are two vital and inseparable technologies that organizations can use to manage access to and from external systems, including cloud services, consistently. While the core Web Access Management and Identity Federation technologies have been well established for years, organizations will still need a strategic approach to address the...

Blog

Data Privacy & CX

Beyond the new data privacy regulations: how to improve customer understanding and the customer experience? When it comes to state-of-the-art sales and marketing, customer experience (CX) is a highly important topic. Creating and analyzing outstanding customer journeys while considering attractive and suitable marketing touchpoints are seen as key to success when it comes to omnichannel marketing. The customer experience depends on many factors, all of which have to be considered in terms of strategic and operational marketing. A key topic is the individualization of various marketing...

Webcast

Martin Kuppinger - Blockchain Just a Hype?

Blockchain Just a Hype?

Advisory Note

Advisory Note: Maturity Level Matrix for Cyber Security - 72555

KuppingerCole Maturity Level Matrixes for the major market segments within cyber security. These provide the foundation for rating the current state of your cyber security projects and programs.  

Architecture Blueprint

Architecture Blueprint: Hybrid Cloud Security - 72552

Organizations now commonly use multiple cloud services as well as on-premises IT. This KuppingerCole Architecture Blueprint provides a set of building blocks needed to design, implement and integrate security for the Hybrid Cloud.

Executive View

Executive View: R&S®Trusted Gate by Rohde & Schwarz Cybersecurity - 80036

Reliable control and monitoring of sensitive information stored in public clouds and collaboration tools (SharePoint, Office 365) through virtualization, encryption and fragmentation of data while enabling the safe and convenient cooperation with protected documents. Transparent, data-centric security for cloud, onpremises and hybrid storage environments.

Webcast

CCPA vs. GDPR: An Overview on Similarities and Differences

Over the last few years, the world has witnessed an increasing number of data breaches involving the credentials and PII of employees, citizens, and consumers. We've all experienced breach fatigue and/or been impacted by these losses.

Leadership Compass

Leadership Compass: Access Management and Federation - 71147

This Leadership Compass provides insights to the leaders in innovation, product features, and market reach for Web Access Management and Identity Federation on-premises platforms. Your compass for finding the right path in the market.

Executive View

Executive View: Hitachi ID Privileged Access Manager - 80030

Hitachi ID Privileged Access Manager (HIPAM) is a mature and feature-rich solution for Privileged Access Management (PAM). It covers all major areas of PAM and comes with sophisticated operational capabilities in the areas of service account management and real-time password synchronization. Organizations looking for enterprise-scale PAM solutions should consider HIPAM in their shortlists.

Webinar

May 07, 2019: Identity Governance - the Value of Leveraging IGA Functions from the Cloud

Even though companies need to implement Identity Governance & Administration (IGA) solutions in order to stay compliant and support their security, the deployment of IGA solutions still poses a challenge to many of them. Delivering a frictionless experience for users and employees while efficiently managing identities and access entitlements are key to a successful deployment.

Whitepaper

Whitepaper: ForgeRock Identity Platform capabilities for Authentication under PSD2 - 79080

The Revised Payment Service Directive (PSD2) will drive many changes in technical infrastructure at financial institutions across Europe.  Banks and other financial service providers must quickly prepare for PSD2. ForgeRock Identity Platform provides strong customer authentication capabilities that can help businesses meet the technical challenges posed by PSD2.

Executive View

Executive View: Checkmarx Software Exposure Platform - 71512

Checkmarx Software Exposure Platform combines application security testing tools, managed services, and training in a single solution that enables developers to detect, prioritize and mitigate software-related risks at every stage of the development life cycle.  
 

Boot Camp

May 17, 2019: Microservice & Identity Boot Camp

Whitepaper

Whitepaper: Cisco: Next-Generation Enterprise Security Delivered from the Cloud: Addressing Modern Cyber Threats with Cisco Umbrella - 80017

As businesses embrace the Digital Transformation and become increasingly cloud-native, mobile and interconnected, the corporate network perimeter is gradually disappearing, exposing users to malware, ransomware, and other cyber threats. Traditional perimeter security tools no longer provide adequate visibility, threat protection, and scalability, nor can they offer convenience and productivity for users on the go. There is a need for the next-generation enterprise security solutions delivered from the cloud.

Executive View

Executive View: comforte AG SecurDPS Enterprise - 80007

comforte AG SecurDPS Enterprise is a highly scalable data protection platform that combines stateless tokenization technology and hardened fault-tolerant architecture to ensure security and compliance of sensitive data in mission-critical business applications.

Executive View

Executive View: SAP Customer Data Cloud - 79001

SAP Customer Data Cloud provides a complete solution for Consumer Identity and Access Management.   Entirely cloud-based, SAP Customer Data Cloud delivers advanced customer identity, consent, profile management and marketing service functionality for enterprise customers.

Webinar

Mar 26, 2019: Privileged Access Management - the Focal Point for Your IAM Today

PAM (Privileged Access Management) has grown over these years to become a crucial set of technologies that addresses some urgent cybersecurity issues today. 

Webcast

IDaaS: Your Identity Fabric. Connecting Every User to Every Service, Seamlessly

Making your service available to everyone, everywhere, without losing control. On their digital journey, businesses are constantly launching new digital services, chased by competitive and innovative pressure.

Blog

Are You Prepared for a Cyber-Incident?

According to the Ponemon Institute - cyber incidents that take over 30 days to contain cost $1m more than those contained within 30 days. However, less than 25% of organizations surveyed globally say that their organization has a coordinated incident response plan in place. In the UK, only 13% of businesses have an incident management process in place according to a government report. This appears to show a shocking lack of preparedness since it is when not if your organization will be the target of a cyber-attack. Last week on January 24th I attended a demonstration of IBM’s new...

Webinar

Mar 21, 2019: Mitigate Identity-Related Breaches in the Era of Digital Transformation

Cyber attackers continue to be successful in gaining access to many different organizations, often by exploiting identities and weak authentication. To ensure they are protected, organizations should consider modern Adaptive Authentication techniques to increase identity security and thwart attacks.

Webinar

Apr 02, 2019: The Foundation for GDPR Compliance and PI/PII Protection: Understand Where Data Resides and Who Processes It

The EU GDPR requires covered organizations to be able to account for and document how personal data is collected, processed and shared. What many companies often fail to realize is that this data is not only stored in specialized and appropriately secured silos such as databases. In fact, the vast majority of their business information is in unstructured and semi-structured formats, distributed across multiple systems an services. Without consistent visibility into whose data is processed across these environments, organizations cannot adequately account for how personal data is processed...

Blog

Who's the Best Security Vendor of Them All?

This week I had an opportunity to visit the city of Tel Aviv, Israel to attend one of the Microsoft Ignite | The Tour events the company is organizing to bring the latest information about their new products and technologies closer to IT professionals around the world. Granted, the Tour includes other cities closer to home as well, but the one in Tel Aviv was supposed to have an especially strong focus on security and the weather in January is so warm, so here I was! I do have to confess however that the first day was somewhat boring– although I could imagine that around 2000...

Executive View

Executive View: SSH.COM PrivX - 70302

SSH.COM PrivX is an innovative solution for privileged access to sessions running on hosts in the cloud and on premises. Based on short-lived certificates and a policy- and role-based, automated access control, it is targeted at agile IT environments such as DevOps environments.

Blog

Can Autonomous Improve Security Posture?

Last week I attended the Oracle Open World Europe 2019 in London. At this event Andrew Sutherland VP of technology told us that security was one of the main reasons why customers were choosing the Oracle autonomous database. This is interesting for two reasons firstly it shows that security is now top of mind amongst the buyers of IT systems and secondly that buyers have more faith in technology than their own efforts. The first of these reasons is not surprising. The number of large data breaches disclosed by organizations continues to grow and enterprise databases contain the most...

Conference

Nov 12 - 14, 2019: Cyber Access Summit 2019

Willkommen zum Cyber Access Summit (CAS) 2019! Gestalten Sie die Zukunft der digitalen Transformation und diskutieren Sie mit Kollegen und Branchenexperten. Das Programm des deutschsprachigen Cyber Access Summit 2019 nimmt aktuelle Themen und Trends im Bereich des Identity und Access Managements in den Fokus.

Conference

Nov 12 - 14, 2019: Cybersecurity Leadership Summit 2019

In order to follow the footsteps of digital and technological advancements, have yourself prepared for the future and gain critical knowledge on emerging trends, KuppingerCole Analysts holds its second Cybersecurity Leadership Summit (#CSLS19) in Berlin, Germany, offering the remarkable world-class keynote speakers, panelists, moderators, and professionals. It is the unique opportunity to meet the peers concerned with the same issues and discuss actual topics ranging from the role of Artificial Intelligence in Cybersecurity, to Strong Authentication solutions, Privileged Access Management,...

Blog

Thoughts on the Acquisition of Janrain by Akamai

2019 started off with a very noteworthy acquisition in the identity and security space: the purchase of Janrain by Akamai. Janrain is a top vendor in the Consumer Identity market, as recognized in our recent Leadership Compass: https://www.kuppingercole.com/report/lc79059. Portland, OR-based Janrain provides strong CIAM functionality delivered as SaaS for a large number of Global 2000 clients. Boston-based Akamai has a long history of providing web acceleration and content delivery services. Last year, they entered into a partnership whereby Akamai provided network layer protection for...

Blog

CCPA: GDPR as a Catalyst for Improving Data Protection Outside the EU

It wasn't too long ago that discussions and meetings on the subject of digitization and consumer identity access management (CIAM) in an international environment became more and more controversial when it came to privacy and the personal rights of customers, employees and users. Back then the regulations and legal requirements in Europe were difficult to communicate, and especially the former German data protection law has always been belittled as exaggerated or unrealistic. However, in the past three years, during which I have given many talks, workshops and advisory sessions on the...

Webcast

Solving New Authentication Challenges While Finding Parity Between User Experience and Security

In an increasingly hostile world, where you don't know who to trust, companies still need to be able to deliver trusted, personalized experiences for users, without making them jump through hoops to prove who they are.

Webinar

Feb 12, 2019: CCPA vs. GDPR: An Overview on Similarities and Differences

Over the last few years, the world has witnessed an increasing number of data breaches involving the credentials and PII of employees, citizens, and consumers. We've all experienced breach fatigue and/or been impacted by these losses.

Conference

Nov 27 - 28, 2019: AImpact Summit 2019

AImpact Summit held on November 27 – 28, 2019 in Munich, offers the unique opportunity to get a deep insight on the hottest topics of Artificial Intelligence, network with like-minded people, connect with peers who recognize that now is the time for AI, meet the people changing the perspectives and transforming the way we do business today. As AI increasingly permeates every aspect of our life, knowing how to apply the cutting-edge technology to one’s competitive advantage or how to avoid risks and threats become vastly important.

Blog

Trends in Consumer Identity for 2019

2018 was a year of sweeping changes in Consumer Identity Management products and services. CIAM continues to be a fast-growing market. Research indicates that about half of all CIAM deals are still originating outside the tent of the CISO and IAM support organizations. More vendors entered the market and there were some noteworthy acquisitions. Lastly, many innovative improvements occurred across most all solutions, due in part to GDPR. What is driving CIAM growth? Businesses are realizing that efficient and effective digital identity solutions lead to more consumer engagement and a better...

Blog

AI in a Nutshell

What AI is and what not

Blog

BAIT and VAIT as Levers to Improving Security and Compliance (And Your IAM)

Usually, when we talk about special compliance and legal requirements in highly regulated industries, usually one immediately thinks of companies in the financial services sector, i.e. banks and insurance companies. This is obvious and certainly correct because these companies form the commercial basis of all economic activities. Although regulations and their obligations are often formulated on a relatively abstract level, they must be adapted over time to the changing business and technical circumstances. Sometimes they need to be made more concise, more actionable and more specific, to...

Executive View

Executive View: Safe-T Software Defined Access - 79075

Safe-T Software Defined Access delivers a software-based solution that provides data protection by controlling both access and usage of corporate data, services, and applications, protection is done by authenticating users prior to providing access. The solution supports a variety of use cases, including hybrid cloud deployments and access to cloud services such as Microsoft Office 365. It thus can become a central component, specifically in environments with high security requirements.

Webcast

Martin Kuppinger - AI in a Nutshell

What AI is and what not

Webinar

Mar 14, 2019: API Security: Separating Truth from Fiction

APIs (application programming interfaces) have undergone a truly amazing transformation in recent years. From an obscure technical term only software developers were familiar with, they have developed into one of the foundations of today’s digital business. Nowadays, APIs are everywhere – they enable business communications with partners and customers, make applications from different vendors work together seamlessly, power large IoT networks and the whole cloud. For many companies, APIs have even become the very foundation of their business models and the primary source of income.

Whitepaper

Whitepaper: OneSpan Intelligent Adaptive Authentication - 80026

Fraud reduction is a paramount concern in many industries today.  Finance, as well as healthcare and retail companies, are increasingly targeted by cybercriminals. New regulations in the financial industry are coming into force in many areas around the world. These regulations aim to improve security and reduce fraud. OneSpan Intelligent Adaptive Authentication provides strong and multi-factor authentication and transactional risk analysis capabilities that can help businesses strengthen their security posture, meet the technical challenges posed by these new regulations, and improve...

Blog

Top 5 CISO Topics for 2019

Where to put your focus on in 2019

Webcast

Martin Kuppinger's Top 5 CISO Topics for 2019

Where to put your focus on in 2019

Quicklinks

Welcome to KuppingerCole

How can we help you

Send an inquiry

+49 211 237 077 33

Mo – Fr 8:00 – 17:00

Stay Connected

Spotlight

AI for the Future of your Business Learn more

AI for the Future of your Business

AI for the Future of your Business: Effective, Safe, Secure & Ethical Everything we admire, love, need to survive, and that brings us further in creating a better future with a human face is and will be a result of intelligence. Synthesizing and amplifying our human intelligence have therefore the potential of leading us into a new era of prosperity like we have not seen before, if we succeed keeping AI Safe, Secure and Ethical. Since the very beginning of industrialization, and even before, we have been striving at structuring our work in a way that it becomes accessible for [...]