News Archive

Advisory Note

Advisory Note: Why High-Profile Digital Transformation Initiatives Fail: How to do better - 80289

A growing number of organizations are adapting their products, processes and strategies to capitalize on the benefits of digital technology, but some high-profile Digital Transformation (DX) initiatives have failed despite heavy investments. This Advisory Note looks at some of the main reasons DX initiatives fail and provides recommendations for avoiding these common pitfalls to ensure DX initiatives are sustainable and deliver long-term strategic benefits as well as short-term operational efficiencies. 

Advisory Note

Advisory Note: KRIs and KPI for Cyber Security - 80239

This report provides selected Key Risk Indicators (KRI) for the area of Cyber security. These indicators are easy to measure and provide organizations with a quick overview of the relevant risks and how these are changing. The indicators can be combined into a risk scorecard which then can be used in IT management and corporate management. 

Blog

Taking One Step Back: The Road to Real IDaaS and What IAM Really Is About

Shifting IAM to Modern Architecture and Deployment Models There is a lot of talk about IDaaS (Identity as a Service) these days, as the way to do IAM (Identity and Access Management). There are also fundamental changes in technology, such as the shift to containers (or even serverless) and microservice architectures, which also impact the technology solutions in the IAM market. However, we should start at a different point: What is it that business needs from IAM? If we step back and take a broader perspective, it all ends up with a simple picture (figure 1): The job of IAM is to provide...

Webinar

Nov 12, 2020: The Role of Customer Identity & Access Management in Digital Transformation

Companies and organizations have strategic decisions to make at the Customer Identity & Access Management (CIAM) front. First, they have to decide whether to invest into a dedicated CIAM solution or to build on existing infrastructure. If there is already a foundation, what should be their next steps to have a mature CIAM strategy in place? If they do not have a CIAM solution, where do they start? Applications, systems, identities tend to be siloed while as a business grows, it’s imperative they are cohesive and well-integrated in order to provide a superior customer experience.

Virtual Academy KC Master Class

Feb 18, 2020: Incident Response Management

In this KC Master Class you learn how to react adequately when a cyberattack has occurred in your company. Our analysts will prepare you for this worst case scenario by showing you how to rate risks realistically and integrate these ratings into your general incident response strategy. This strategy should include incident detection, administering responsibilities within company staff, defining a communication strategy for internals and externals and gaining a deep understanding of recovery processes.

Executive View

Executive View: Cleafy Advanced Threat Detection & Protection - 80309

Cleafy is a real-time clientless application risk assessment, threat detection and prevention platform for online services in highly regulated industries. Providing protection against advanced targeted attacks for unmanaged endpoints, it can prevent payment fraud, transaction tampering, credential theft, and other risks.

Executive View

Executive View: Callsign Intelligence Driven Authentication - 80174

Callsign is a provider of an identity platform that integrates consumer onboarding, authentication, and fraud management in a well-thought-out manner. In contrast to other solutions, all capabilities are tightly integrated. The platform uses AI/ML for risk analysis and supports passive and continuous authentication. It is feature-rich and easy to use, with flexible support for creating, managing, and testing user journeys.

Blog

The C5:2020 - A Valuable Resource in Securing the Provider-Customer Relationship for Cloud Services

KuppingerCole has accompanied the unprecedented rise of the cloud as a new infrastructure and alternative platform for a multitude of previously unimaginable services – and done this constructively and with the necessary critical distance right from the early beginnings (blog post from 2008). Cybersecurity, governance and compliance have always been indispensable aspects of this. When moving to the use of cloud services, it is most important to take a risk-based approach. There is nothing like “just the cloud”. It is not a single model but covers a wide and constantly...

Webcast

Improve Security With Critical Infrastructures Requirements

Organizations or institutions that are essential for the public are called Critical Infrastructures (KRITIS = “Kritische Infrastrukturen”). As such, they are subject to comprehensive and strict legal regimes consisting of laws and regulations. Their failure or significant impairments result in sustained supply shortages, significant disruptions to public safety or other drastic consequences. Their protection and the safeguarding of the public require appropriate concepts, processes and technologies. Watch this webcast and learn how your organization can benefit from...

Executive View

Executive View: Onegini Connect - 80168

Onegini provides a compelling no-code cloud-delivered solution for Consumer Identity and Access Management (CIAM) and B2B IAM. Onegini is headquartered in the Netherlands, is expanding across Europe, and has global ambitions. They have expertise in EU regulations such as GDPR, PSD2 and other industry-specific regulations. They are positioning their product as a CIAM solution for financial, pension and insurance industries with a strong mobile differentiator.

Webinar

Mar 03, 2020: Solving Problems in Privileged Access Management with Automation

While businesses race ahead with digital transformation, security and identity management are often being left behind. The complexity of modern organizations of all sizes has undermined the traditional concepts of privileged access management (PAM) and privileged account usage. Help desks and IT security teams are often too busy and understaffed to be able to give PAM the attention it deserves.

Blog

The Next Best Thing After "Secure by Design"

There is an old saying that goes like this: “you can lead a horse to water, but you can’t make it drink”. Nothing personal against anyone in particular, but it seems to me that it perfectly represents the current state of cybersecurity across almost any industry. Although the cybersecurity tools are arguably becoming better and more sophisticated, and, for example, cloud service providers are constantly rolling out new security and compliance features in their platforms, the number of data breaches and hacks continues to grow. But why? Well, the most obvious answer is...

Leadership Brief

Leadership Brief: Six Key Actions to Prepare for CCPA - 80353

From January 1st, 2020, when the California Consumer Privacy Act (CCPA) came into force, the requirements for managing personal data have changed.  This report identifies six key actions that IT needs to take to prepare for compliance.

Leadership Brief

Leadership Brief: Top Ten Trends in Cybersecurity - 80336

This report outlines 10 important trends and technologies in cybersecurity that KuppingerCole believes will shape security policies and solutions choice for organisations in the years ahead. 

Blog

Quantum Computing and Data Security - Pandora's Box or a Good Opportunity?

Not many people had heard of Schroedinger's cat before the CBS series "The Big Bang Theory" came out. Dr. Sheldon Cooper used this thought experiment to explain to Penny the state of her relationship with Lennard. It could be good and bad at the same time, but you can't be sure until you've started (to open) the relationship. Admittedly, this is a somewhat simplified version of Schroedinger's thoughts by the authors of the series, but his original idea behind it is still relevant 100 years later. Schroedinger considered the following: "If you put a cat and a poison, which is randomly...

Blog

Applying the Information Protection Life Cycle and Framework to CCPA

The California Consumer Privacy Act (CCPA) became effective on January 1, 2020. Enforcement is slated to start by July 1, 2020. CCPA is complex regulation which does bear some similarities with EU GDPR. For more information on how CCPA and GDPR compare, see our webinar. Both regulations deal with how organizations handle PII (Personally Identifiable Information). CCPA intends to empower consumers to give them a choice to disallow onward sales of their PII by organizations that hold that information.  A full discussion of what CCPA entails is out of scope. In this article, I want to...

Whitepaper

Whitepaper: Healthcare IAM: Enhance the Clinical Workflow - 80163

The Healthcare sector faces the common challenges of all businesses today: digital transformation, cyber-security, and increasingly stringent regulations. But Healthcare also has unique challenges because clinical operations depend on continual access to customers’ most sensitive personal information and require life-or-death decisions on a daily basis. This environment demands digital-identity capabilities that enable fast, anywhere/anytime access to clinicians while satisfying growing requirements for security, privacy and compliance.

Executive View

Executive View: Informatica: Customer 360 - 80290

When optimizing customer centricity and customer engagement, data is an important resource. To ensure an ideal customer experience, various challenges across the customer lifecycle must be solved. Informatica’s Customer 360 solution is designed to manage data across the entire customer lifecycle in a highly flexible way to meet various customer scenarios.

Executive View

Executive View: Apigee Edge API Management Platform - 80307

Apigee offers a comprehensive platform to support end-to-end API management at every stage of API lifecycle. From API design to publication, productization, and monetization to monitoring and securing live endpoints – everything is managed centrally across on-premises, cloud-based and hybrid environments.

Leadership Brief

Leadership Brief: Robotic Process Automation - 80333

Robotic Process Automation (RPA) is a type of automation technology with the potential to transform the way businesses operate by automating manual tasks within business processes by implementing (software) “robots” to perform these tasks instead of humans. This leadership brief looks at the most appropriate applications of RPA and the biggest potential business benefits.

Webcast

API Management and Security: Don’t Trade Protection for Convenience

Once a purely technical concept created to make developers’ lives easier, Application Programming Interfaces (APIs) have evolved into one of the foundations of modern digital business. As companies are struggling to maintain their business agility, to react to the ever-changing market demands and technology landscapes, the need to deliver a new application or service to customers as quickly as possible often trumps all other considerations. Often, security becomes an afterthought at best or, even worse, it is seen as a nuisance and an obstacle on the road to success. While the...

Blog

RPA and AI: Don’t Isolate Your Systems, Synchronize Them

We already hear a lot about artificial intelligence (AI) systems being able to automate repetitive tasks. But AI is such a large term that encompasses many types of very different technologies. What type of solutions are really able to do this? Robotic Process Automation (RPA) configures software to mimic human actions on a graphic user interface (GUI) to carry out a business process.  For example, an RPA system could open a relevant email, extract information from an attached invoice, and input it in an internal billing system. Although modern RPA solutions are already relying on...

Executive View

Executive View: Oracle Identity Governance - 80157

As the market, technology, and regulation forces change, Oracle offers a comprehensive Identity Governance solution that can meet the ever evolving enterprise needs. Oracle Identity Governance (OIG) addresses compliance at scale within the more modern cloud environments.

Blog

Proper Patch Management Is Risk-Oriented

With regard to cybersecurity, the year 2020 kicks off with considerable upheavals. Few days ago, my colleague Warwick wrote about the security problems that arise with some of Citrix's products and that can potentially affect any company, from start-ups and SMEs to large corporations and critical infrastructure operators. Just a few hours later, NSA and many others reported a vulnerability in the current Windows 10 and Windows Server 2016 and '19 operating systems that causes them to fail to properly validate certificates that use Elliptic Curve Cryptography (ECC). This results in an...

Executive View

Executive View: Microsoft Azure AI Platform - 80233

The Microsoft Azure AI platform provides a comprehensive enterprise solution for designing and implementing customized AI solutions. The cloud and hybrid deployment options, modular AI services, and management tools make the platform a strong choice for an AI-on-demand solution.

Executive View

Executive View: Saviynt Security Manager for Enterprise IGA - 80325

Saviynt offers a comprehensive compliance-as-a-service platform providing Identity Governance and Management, Application Risk and Governance, Cloud Security, and Cloud PAM functionality. Designed to be deployed as a cloud, hybrid, or on-premise solution, the Saviynt Security Manager for Enterprise IGA helps customers demonstrate assured compliance using their access governance and risk intelligence capabilities.

Online Boot Camp

Aug 20, 2020: Privileged Access Management (PAM) Boot Camp

In the age of digital transformation, our organizations must constantly reinvent themselves by being agile and more innovative. Emerging technology initiatives such as the digital workplace, DevOps, security automation, and the Internet of Things continue to expand the attack surface of organizations as well as introduce new digital risks. To stay competitive and compliant, organizations must actively seek newer ways of assessing and managing security risks without disrupting the business. Security leaders, therefore, have an urgent need to constantly improve upon the security posture of...

Blog

Mitigate Citrix Vulnerability in Face of PoC Exploits

Despite a Citrix warning in mid-December of a serious vulnerability in Citrix Application Delivery Controller (ADC) and Citrix Gateway (formerly NetScaler and NetScaler Gateway), thousands of companies have yet to put in place the recommended mitigations. In the meantime, several proof of concept (PoC) exploits have been published on GitHub, making it extremely easy for attackers to gain access to networks and impersonate authorized users. Thousands of Citrix systems still vulnerable Initial estimates put the number of vulnerable systems at 80,000 in 158 countries. Researchers reported...

Executive View

Executive View: AWS Security Analytics Solutions - 80220

AWS provides a comprehensive suite of services to monitor for threats, misconfigurations and compliance violations across its portfolio, with all security alerts aggregated, organized and prioritized within AWS Security Hub – an extensible cloud security and compliance management platform.

Webinar

Apr 28, 2020: The Security & Identity Challenges of Modern IT: Agile IT & DevOps Done Right & Secure

Security and identity must evolve in order to support today’s IT. While traditional IT appears being rather simple to secure, current security risks necessitate a greater degree of agility: shifting to DevOps paradigms, implementing a CI/CD chain, running services in hybrid cloud environments (or wherever else). This requires a security angle on DevOps, which you might name DevSecOps.

Leadership Brief

Leadership Brief: IAM for Robotic Process Automation: How to Avoid Security Challenges - 80383

Robotic Process Automation (RPA) is one of the trending topics in today’s IT environments. RPA promises to automate manual tasks within business processes by implementing (software) “robots” that perform these tasks instead of humans. Such software robots must have a digital identity, and the access rights of these robots must be kept under control for enforcing the Principle of Least Privilege and avoiding major security challenges. IAM for RPAs, therefore, must be carefully considered and planned.

Webinar

Mar 05, 2020: What Does the Future Hold for Passwordless Authentication and Zero Trust?

Enterprises of all types face a growing number of cyber threats today. Studies show that most data breaches begin with compromised passwords. Moreover, password management is expensive and not user-friendly. Enterprise workforce users are driving the consumerization of IT. They want the same kind of flexibility and ease-of-use from the authentication systems at work that they use at home; often, this means using mobile devices.

Webinar

Mar 10, 2020: The Perils of Today’s Approach on Access Governance: Start Protecting Data at Source

Protecting sensitive, valuable data is a must for every organization. Ever-increasing cyber-attacks and ever-tightening regulations mandate businesses to take action. Unfortunately, the common approaches of IGA (Identity Governance and Administration) that focus on managing static entitlements for systems and applications fall short in really securing the data at risk. They fail in managing data in motion. They are static. They don’t manage the usage of data well. Not to speak of all the challenges in role management projects and around regular access reviews.

Executive View

Executive View: F-Secure Rapid Detection & Response - 80182

Rapid Detection & Response is F-Secure’s Endpoint Detection & Response (EDR) solution. It runs on Windows and Mac clients, collecting and analyzing information to help security analysts determine if malicious activities have occurred. The solution also allows for pre-configured remediation actions to be executed when certain conditions are met and offers F-Secure expert service advice when needed.

Virtual Academy KC Master Class

Feb 04, 2020: PAM for the 2020s

Attend this KC Master Class to learn how to protect privileged accounts of your company. Based on many years of experience, KuppingerCole Analysts will deliver practical knowledge on password management and automatic rotation, enforcement of the least privilege principle, vulnerability identification, risk management, central analysis, session management and monitoring, and efficient, comprehensive auditing.

Blog

PAM Can Reduce Risk of Compliance Failure but Is Part of a Bigger Picture

The importance of privilege accounts to digital organizations and their appeal to cyber attackers has made Privilege Access Management (PAM) an essential component of an identity and access management portfolio. Quite often, customers will see this as purely as a security investment, protecting the company’s crown jewels against theft by organized crime and against fraudulent use by internals. More successful cyber-attacks are now enabled by attackers gaining access to privilege accounts. However, that is only part of the story. Organizations also must worry about meeting governance...

Webinar

Feb 18, 2020: Holen Sie sich das SIEM, das Sie schon immer wollten: intelligent, automatisiert, mit unbegrenzter Kapazität

Vor 15 Jahren wurden Security-Information-and-Event-Management-Produkte (SIEM) als die ultimative Lösung für alle Sicherheitsprobleme in Unternehmen gefeiert, und das nicht ohne Grund: Schließlich ist die zentrale Erfassung und Verwaltung sicherheitsrelevanter Daten über alle IT-Systeme eines Unternehmens hinweg eine wichtige Voraussetzung für eine schnelle Analyse und Reaktion auf Cyber-Bedrohungen.

Leadership Brief

Leadership Brief: Radically Lean: NoOps and Serverless Computing - 80305

Computing is continually getting leaner and becoming more like a utility as it moves increasingly further away from on-premise physical hardware by abstracting IT environments away from the underlying infrastructure. This trend towards NoOps computing that eliminates the need for operational teams to manage software and infrastructure has seen the introduction of Virtual Machines, Containers and Serverless Computing. This leadership brief identifies the most appropriate uses of Serverless Computing and provides recommendations on how to decide when this model is a good fit for a business.

Executive View

Executive View: Informatica Data Privacy Management - 80276

Informatica Data Privacy Management is an AI-enhanced unified data security platform for identifying, analyzing, quantifying and mitigating risk related to sensitive data to enable businesses to get the most out of company data and digital transformation processes without exposing the enterprise to increased risk. Data Privacy Management includes tools to identify and monitor sensitive data on premise and in the cloud as well as control who can access the data and how that data can be used. In addition to highlighting potential risks to improve security and ensure regulatory compliance,...

Blog

More SEs + TEEs in Products = Improved Security

Global Platform announced in 4Q2019 that more than 1 billion TEE (Trusted Execution Environment) compliant devices shipped in 2018, and that is a 50% increase from the previous year. Moreover, 6.2 billion SEs (Secure Elements) were shipped in 2018, bringing the total number of SEs manufactured to over 35 billion since 2010. This is good news for cybersecurity and identity management. TEEs are commonly found in most Android-based smartphones and tablets. A TEE is the secure area in the processor architecture and OS that isolates programs from the Rich Execution Environment (REE) where most...

Blog

The 20-Year Anniversary of Y2K

The great non-event of Y2K happened twenty years ago. Those of us in IT at that time weren’t partying like it was 1999, we were standing by making sure the systems we were responsible for could handle the date change. Fortunately, the hard work of many paid off and the entry into the 21st century was smooth. Many things have changed in IT over the last 20 years, but many things are pretty similar. What has changed? Pagers disappeared (that’s a good thing) Cell phones became smartphones IoT devices began to proliferate The cloud appeared and became a dominant computing...


Welcome to KuppingerCole

How can we help you

Send an inquiry

+49 211 237 077 33

Mo – Fr 8:00 – 17:00

Stay Connected

Spotlight

AI for the Future of Your Business Learn more

AI for the Future of Your Business

AI for the Future of your Business: Effective, Safe, Secure & Ethical Everything we admire, love, need to survive, and that brings us further in creating a better future with a human face is and will be a result of intelligence. Synthesizing and amplifying our human intelligence have therefore the potential of leading us into a new era of prosperity like we have not seen before, if we succeed keeping AI Safe, Secure and Ethical. Since the very beginning of industrialization, and even before, we have been striving at structuring our work in a way that it becomes accessible for [...]