News Archive

Blog

KuppingerCole Analyst Chat: How to Protect Data in a Hostile World

Matthias Reinwarth and John Tolbert are talking about the challenges of data protection in modern times.

Webcast

How to Protect Data in a Hostile World

In the first official episode of the KuppingerCole Analyst Chat podcast, Matthias Reinwarth and John Tolbert are talking about the challenges of data protection in modern times.

Blog

Was die IT in der Krise NICHT machen sollte

Martin Kuppinger spricht über die Dinge, die IT-Teams in der Krise in jedem Fall vermeiden sollten.

Leadership Brief

Leadership Brief: The Information Protection Life Cycle and Framework: Acquire and Assess - 80371

The modern economy is driven by information. Digital Transformation is made possible by information. But most forms of information must be protected to create and maintain value. The Information Protection Life Cycle and Framework provides concepts to organize the discovery, protection, and disposition of information objects. This article is the second in the series introducing the Information Protection Life Cycle and Framework.

Webcast

Was die IT in der Krise NICHT machen sollte

Martin Kuppinger spricht über die Dinge, die IT in jedem Fall in der Corona-Krise vermeiden sollte.

Blog

Top 5 Work from Home Cybersecurity Recommendations for Enterprises

Today, Lead Analyst John Tolbert gives his five work from home cybersecurity recommendations for enterprises.

Webcast

Data Sovereignty in Public Clouds

Just a few years ago, IT infrastructures resembled medieval fortresses: Firewalls, intrusion prevention systems and anti-virus programs were supposed to ward off attacks even before the attacker  could enter.

Webcast

Top 5 Work from Home Cybersecurity Recommendations for Enterprises

John Tolbert is talking about the current situation with regards the pandemic crisis and the cybersecurity-related things to consider for enterprises.

Blog

Die fünf wichtigsten Cybersecurity Maßnahmen für Unternehmen in Zeiten des Home Office

Martin Kuppinger spricht in seinem Video über die wichtigsten Cybersecurity-Maßnahmen für Unternehmen während der Corona-Pandemie.

Executive View

Executive View: IRM-Prot-On - 71313

Sharing enterprise information is both a security risk and a necessity of the modern enterprise. IRM-Prot-On of Groupo CMC is a strong provider of enterprise information protection services. The solution enables document and file protection, permissions management, and information classification.

Executive View

Executive View: Micro Focus Access Manager - 80311

The Micro Focus Access Manager counts amongst the established and mature solutions for Web Access Management and Identity Federation. Micro Focus is continuously improving the product, leveraging new technology and remaining responsive to client requirements for an agile and comprehensive solution to their access control requirements. Micro Focus Access Manager is a solution well-suited for supporting web services authentication requirements, federated authentication environments, and agile deployment scenarios.

Executive View

Executive View: R&S®Trusted Gate by Rohde & Schwarz Cybersecurity - 80400

Transparent, data-centric security for untrusted infrastructures. Reliable control and monitoring of sensitive information stored in public clouds and collaboration tools (e.g. Microsoft Office 365, SharePoint, Teams). Virtualization, encryption and fragmentation of data enabling secure and convenient collaboration for multi cloud, on-premises and hybrid storage environments and true data sovereignty.

Executive View

Executive View: CyberArk Privilege Cloud - 80122

Privileged Access Management (PAM) has evolved into a set of technologies that addresses some of the most urgent areas of cybersecurity today against a backdrop of digital transformation and industrial change. CyberArk Privilege Cloud is an as-a-service solution designed to protect and control privileged access across on-premises, cloud and hybrid infrastructures. It is part of a suite of solutions and technologies from one of the leaders in PAM.

Blog

Ransomware During the Pandemic Crisis

It is really astonishing how quickly the word “pandemic” has evolved from a subject of obscure computer games to the center of everyone’s daily conversations… However, when discussing the latest news about the coronavirus outbreak, one should not forget another pandemic that’s been causing massive damages to businesses, governments, and individuals around the world for several years already. Since its initial emergence in Eastern Europe about a decade ago, it has quickly evolved into one of the largest global cyberthreats, crippling hospitals and entire...

Webcast

Die fünf wichtigsten Cybersecurity Maßnahmen für Unternehmen in Zeiten des Home Office

Martin Kuppinger spricht über die wichtigsten Cybersecurity-Maßnahmen für Unternehmen während der Corona-Pandemie.

 

Blog

KuppingerCole Analyst Chat - Our New Regular Podcast

Today we're officially launching KuppingerCole Analyst Chat - our new soon-to-be-regular audio podcast. In the pilot episode Martin Kuppinger and I are discussing Identity & Access Management challenges so many are facing now while having to work from home. At the moment, you can subscribe to our podcast on Spotify or watch new episodes on our YouTube channel. Other platforms will follow soon. Stay tuned for more regular content from KuppingerCole analyst team!

Webinar

Apr 29, 2020: Access all Apps with Azure AD: A Single Identity Solution for Secure Access

Most businesses already rely on Azure Active Directory for secure, seamless access to Microsoft services like Office 365 and Azure. But with more applications being used than ever before, organizations are asking themselves what bigger role Azure Active Directory can play in securing their entire application ecosystem.

Webcast

Identity & Access Management Challenges - Work From Home Edition

Welcome to the pilot issue of the KuppingerCole Analyst Chat - our soon-to-be-regular podcast. Stay tuned for more episodes!

Leadership Brief

Leadership Brief: Typical Risks and Pitfalls for IGA Projects - 72580

As the number and types of digital identities proliferate in the digital era and the number of data protection regulations around the world continues to grow, the need for an effective Identity Governance & Administration (IGA) capability has never been greater. This leadership brief outlines common risks and pitfalls of enterprise IGA projects and how they can be avoided.

Whitepaper

Whitepaper: AI, Machine learning and Privileged Access Management - 80120

Choosing a PAM solution has become a complex, and potentially time consuming, decision for modern organizations but one they must get right. If trends such as customer identities or privileged accounts used by DevOps are to be managed securely, then the final purchasing decision rests on carefully selecting solutions with the right feature sets. New technologies such as machine learning and AI are now being added to PAM solutions.

Executive View

Executive View: iWelcome IDaaS and CIAM - 80328

iWelcome provides a mature Identity-as-a-Service platform with extensive support for B2C (Customer Identity & Access Management – CIAM) and B2B use cases with interfaces for end-users as well as app developers. As an EU-based company, iWelcome strives to fulfill regional requirements such as interoperability with various national IDs and GDPR compliance, and as such provides unparalleled consent management features. Although iWelcome provides a horizontal solution, it has a strong customer base in regulated industries.

Leadership Brief

Leadership Brief: Introduction to the Information Protection Life Cycle and Framework - 80370

Leadership Compass

Leadership Compass: Fraud Reduction Intelligence Platforms - 80127

This report provides an overview of the market for Fraud Reduction Intelligence Platforms and provides you with a compass to help you to find the solution that best meets your needs. We examine the market segment, vendor service functionality, relative market share, and innovative approaches to providing Fraud Reduction Intelligence Platform solutions.

Blog

AI and Healthcare

AI's role in reducing the impact of future pandemics As the coronavirus spreads fear and panic across the world, it’s perhaps timely to take a step back and consider the future of healthcare and how AI will help. But first let’s consider that the coverage and spread of the virus shows us precisely just why reliable data is needed to help us cope with new diseases. At time of writing, most official advice on coronavirus is not based on hard data led evidence on how the virus spreads, the best way to contain it, who is most vulnerable, what is the incubation period and so on....

Webinar

Apr 21, 2020: AI Governance From a Practical Perspective

How can you ensure that your Artificial Intelligence project does not become a liability? An improper implementation, a socially insensitive data label, or negligent data management can easily lead to an auditing nightmare. What are the best practices to safely utilize and govern AI?

Blog

Top 5 Work from Home Cybersecurity Recommendations for Enterprises

As the business world moves to rapidly enable work-from-home (WFH), enterprise IT teams need to shift resources and priorities to ensure that remote workers are protected. Already we see malicious actors adapting and targeting remote workers more. My colleague Alexei Balaganski published a list of recommendations for small businesses. The Situation CheckPoint reports 4,000 domains related to coronavirus have been registered since January 2020, of which 3% are malicious and 5% are suspicious. Phishing attacks are increasing, which aim to capture remote workers credentials. VPNs are...

Leadership Brief

Leadership Brief: Beyond Marketing: The Future of Customer Interaction - 80292

Customer interaction is much more than marketing—it comprises all touchpoints during the customer journey. And the borders are becoming more and more blurry as many areas, such as marketing, sales, service, support, and consultancy are part of customer experience (CX). Furthermore, technological aspects shape the future of customer interaction: artificial intelligence and the Internet of Things (IoT) are among the most important technological trends in the changing field of customer interaction.

Webinar

Apr 16, 2020: A Compass for Choosing the Right Fraud Reduction Intelligence Platform

Companies are turning to Fraud Reduction Intelligence Platforms to reduce account takeover (ATO), synthetic fraud, bots, and other forms of fraud, which continue to be a pervasive and revenue-draining problem across many industries.

Blog

5G and Identity

5G Identity and Authentication 5G is the next generation of cellular mobile communications intended to support the massive increase in capacity and connectivity that will be required for the future cloud of things and to provide the enhanced bandwidth needed for new mobile data services.  The security of both depend upon being to identify not only the people but also the things that are using the network services.  Organizations need to act now to take account of how 5G will impact on their identity and access management governance and processes. 5G identifiers First it is...

Buyer's Compass

Buyer's Compass: API Management and Security - 80215

The complexity and breadth of the challenges to discover, monitor and secure all APIs within your enterprise can be daunting. This KuppingerCole Buyer’s Compass will provide you with questions to ask vendors, criteria to select your vendor, and requirements for implementing consistent governance and security along the whole API lifecycle.

Blog

The DON’Ts of IT in the Times of Crisis

Truly we are living in interesting times (incidentally, this expression, commonly known as “the Chinese curse”, has nothing to do with China). Just a couple of weeks ago the world was watching China fighting the coronavirus outbreak as something that surely can never happen in other countries. Today Europe and the United States are facing the same crisis and we’re quickly coming to the realization that neither memes nor thoughts and prayers are going to help: many countries have already introduced substantial quarantine measures to limit social interactions and...

Blog

Home Office in the Times of Pandemic – a Blessing or a Curse?

One of the most interesting office work developments of the last 20-30 years, the home office has radically gained new relevance amid the developing coronavirus pandemic. With the goal of limiting the spread of the virus, many companies and employees must suddenly resort to the option of working entirely from home. This is not only self-evident but also urgently necessary and will support many companies in their continued existence at the same time. Home office as an immediate pandemic quarantine measure The advantages are clear: social contacts in real life will be reduced to a...

Blog

Malicious Actors Exploiting Coronavirus Fears

Security researchers are discovering a number of malicious attacks designed to exploit public fears around COVID-19, more commonly just called coronavirus. The attacks to date take two major forms: a map which looks legitimate but downloads #malware, and various document attachments that purport to provide health and safety information related to COVID-19. The coronavirus heat map may look legitimate, in that it takes information from Johns Hopkins University’s page, which is itself clean. However, nefarious actors have created a package for sale on the dark web called...

Virtual Academy KC Master Class

Apr 07, 2020: Business Resilience Management in a Pandemic Crisis 

Attend this KC Master Class to learn what actions you can take immediately to handle the current pandemic crisis. In a second stage, an in-depth course will help you bolster your business resilience in the future. In order to react to the current pandemic developments, this KC Master Class is conceptualized particularly flexible to fit your needs and time constraints.

Blog

Modernizing IAM Solutions Leveraging New Operating Models With the KuppingerCole Identity Fabric

Executive View

Executive View: Exabeam Security Management Platform - 80001

Exabeam is a highly modular platform for collecting, storing, managing and correlating security events across multiple IT systems, both on-premises and in the cloud, with integrated orchestration and automation capabilities to improve analysts’ productivity. It can augment an existing SIEM or completely replace it.

Webcast

Modernizing IAM solutions leveraging new operating models with the KuppingerCole Identity Fabric

Learn more about Legacy IAM and how to modernize IAM solutions leveraging new operating models with the KuppingerCole Identity Fabric.

Webcast

The Perils of Today’s Approach on Access Governance: Start Protecting Data at Source

Protecting sensitive, valuable data is a must for every organization. Ever-increasing cyber-attacks and ever-tightening regulations mandate businesses to take action. Unfortunately, the common approaches of IGA (Identity Governance and Administration) that focus on managing static entitlements for systems and applications fall short in really securing the data at risk. They fail in managing data in motion. They are static. They don’t manage the usage of data well. Not to speak of all the challenges in role management projects and around regular access reviews.

Executive View

Executive View: Atos DirX Identity - 80166

Atos DirX Identity is a mature offering for IGA (Identity Governance and Administration), delivering both leading-edge Identity Provisioning capabilities and a strong risk-based Access Governance feature set. Atos has made significant improvements when it comes to the ease and flexibility of customization and added a modern, responsive user interface together with RESTful interfaces.

Webinar

May 26, 2020: Protect, Detect, Respond, Mitigate: A Modern Security Paradigm for Modern Enterprises

The Antivirus has been proclaimed dead years ago – you’ve probably heard those stories many times. But did you realize that the EDR (Endpoint Detection and Response), which was once supposed to address all its shortcomings, isn’t doing well either? After all, with the sheer number and complexity of modern cyber threats, what’s the point of detecting each one if you have neither time nor qualified manpower to analyze and mitigate them before they turn into major disruptions?

Blog

High Assurance MFA Options for Mobile Devices

In recent years much of the focus in the authentication space has been on MFA, mobile devices, and biometrics. Many technical advances have been made which also serve to increase usability and improve consumer experiences. There are a few reasons for this. MFA Multi-factor authentication is the number 1 method to reduce ATO (account takeover) fraud and prevent data breaches. We all know password authentication is weak and the easiest way in for malicious actors. MFA has been mandated by security policy in many organizations and government agencies for years. MFA is now also required in...

Webcast

What Does the Future Hold for Passwordless Authentication and Zero Trust?

Enterprises of all types face a growing number of cyber threats today. Studies show that most data breaches begin with compromised passwords. Moreover, password management is expensive and not user-friendly. Enterprise workforce users are driving the consumerization of IT. They want the same kind of flexibility and ease-of-use from the authentication systems at work that they use at home; often, this means using mobile devices.

Leadership Brief

Leadership Brief: What to Consider When Evaluating Decentralized Identity? - 80451

Decentralized identity solutions that meet a range of enterprise use cases are on the market. Being a discerning consumer means knowing the right questions to ask. This Leadership Brief guides you through the critical aspects of decentralized identity solutions that are relevant to enterprise adoption.

Executive View

Executive View: Informatica CLAIRE Engine - 80391

Intelligent data management allows enterprises to identify, understand, and act upon trends in enterprise data and metadata, and is an essential addition to the digitized organization’s toolkit. Informatica’s CLAIRE is a AI and machine learning engine which powers its intelligent data platform that is built into Informatica’s data management products, and is a strong choice to address the data management needs of today.

Leadership Brief

Leadership Brief: Find Your Route from SIEM to SIP and SOAR - 80008

Security Information and Event Management (SIEM) platforms have been a key part of many enterprises’ cybersecurity infrastructures for over a decade. However, facing the growing number and sophistication of cyber threats, even the largest security operations centers built around them fail to respond to attacks in time. Are SIEMs a thing of the past already? This Leadership Brief provides some insights and recommendations.

Blog

Preparation Is Key: Where Prevention Ends, and Business Continuity and Incident Response Management Begins

Ensuring the availability of processes and services in the event of an incident or a cyber attack is a fundamental part of a company’s cybersecurity approach. Commonly used phrases when it comes to such cybersecurity strategies, are Incident Response Management (IRM) and Business Continuity Management (BCM). Both should be part of a company's cybersecurity strategy, but what is the difference, how are they connected, and at what point in time do they start? Identification and prevention are fundamental Every organization is under attack, and there is the risk of being hit by a major...

Advisory Note

Advisory Note: Business Continuity in the age of Cyber Attacks - 70361

Business continuity and cyber security remain largely in separate siloes. But changes in the IT and cyber threat landscapes mean there is an urgent need for organizations to alter their approach. This leadership brief identifies why there needs to be closer alignment and integration between business continuity and cyber security teams, and provides recommendations on how to achieve this to reduce the business impact of cyber attacks and ensure none is a business killer.

Webcast

Solving Problems in Privileged Access Management with Automation

While businesses race ahead with digital transformation, security and identity management are often being left behind. The complexity of modern organizations of all sizes has undermined the traditional concepts of privileged access management (PAM) and privileged account usage. Help desks and IT security teams are often too busy and understaffed to be able to give PAM the attention it deserves.

Leadership Brief

Leadership Brief: 10 Top Trends in IAM - 80335

Digital identities are at the core of Digital Transformation, Information Security and Privacy. It has never been more important for enterprises to ensure they have the capability to manage identities effectively in a rapidly changing business, regulatory and IT environment. This Leadership Brief looks at the main trends to help businesses evolve their Identity and Access Management (IAM) strategies to meet new, emerging and future requirements.

Blog

Compromise of IOTA

Turning a blind eye to security in favor of optimism If you have any take-away from reading KuppingerCole research, hopefully it is that APIs are a critical element to protect. This is true regardless of the industry. Even cryptocurrencies. IOTA, the blockchain-like cryptocurrency and transaction network was compromised in mid-February. The API access to the IOTA crypto wallet via a payment service was targeted and exploited for potentially two to three weeks. Approximately 50 accounts were compromised, leading to the eventual theft of around 2 million Euros. There is a risk in trusting...

Market Compass

Market Compass: Decentralized Identity: Blockchain ID & Self-Sovereign Identity Solutions - 80064

The KuppingerCole Market Compass provides an overview of product or service offerings in a certain market segment.  This Market Compass covers decentralized identity, specifically Blockchain Identity and Self-Sovereign Identity (SSI) solutions. This is a very dynamic space filled with visionary and innovative vendors that are applying decentralized identity to real enterprise use cases. Their development marks the entrance of blockchain technology into mainstream enterprise Identity and Access Management (IAM), and their progress will indicate the future evolution of digital identity.

Blog

5G - How Will This Affect Your Organization?

What is it that connects Covent Garden in London, The Roman Baths in Bath and Los Angeles? The answer is 5G mobile communications used by media organizations. On January 29th I attended the 5G Unleashed event at the IET in London. (The IET is the body that provides professional accreditation for Engineers in the UK). At this event there were several presentations describing real world use cases of 5G as well as deep dives into the supporting infrastructure. While 5G is being sold to consumers as superfast mobile broadband there is a lot more to it than that. It has the potential to impact...

Virtual Academy KC Master Class

Mar 18, 2020: Identity & Access Management (IAM) Essentials

In this KC Master Class you will get a deep understanding of the terms and concepts of Identity and Access Management (IAM). Our analysts will teach common use cases, the various types of technologies that are part of IAM, the interplay of IAM and other areas such as cybersecurity, IT Service Management, but also architecture and the organizational aspects such as policies, processes, and organization.

Leadership Brief

Leadership Brief: Explainable AI - 80362

One of the largest barriers to widespread machine learning (ML) adoption is its lack of explainability. Most ML models are not inherently explainable on a local level, meaning that the model cannot provide any reasoning to support individual decisions. The academic and private sectors are very active in developing solutions to the explainability issue, and this Leadership Brief introduces the main methods that make AI explainable.

Advisory Note

Advisory Note: Trends in Privileged Access Management for the Digital Enterprise - 71273

Privileged Access Management (PAM) is one of the most important areas of risk management and security in any organization. Privileged accounts have traditionally been given to administrators to access critical data and applications. But, changing business practices, agile software development and digital transformation has meant that privileged accounts have become more numerous and widespread. To reduce the risk of privileged accounts being hijacked or fraudulently used, and to uphold stringent regulatory compliance within an organization, an adequate PAM solution is essential.

Executive View

Executive View: Google's Cloud Identity - 80326

Identity as a Service (IDaaS) is fast becoming the new face of Identity and Access Management (IAM) with several vendors now delivering cloud based IAM services to support the growth in cloud-based applications in the enterprise. Google’s Cloud Identity provides access to many popular cloud applications and offers some endpoint management features.

Leadership Brief

Leadership Brief: Cybersecurity Trends & Challenges 2020 - 80502

2019 already has been a challenging year in cybersecurity. There have (again) been many severe cyberattacks and breaches, and there is no hope that this might change in 2020. Cyberattacks will continue to increase in frequency and perhaps severity, and the cyber risks to hyperconnected businesses will continue to grow. With everything and everyone being connected, the attack surface is expanding. This Leadership Brief will discuss the top 5 challenges and the top 5 trends that KuppingerCole sees for 2020, followed by recommendations to deal with those challenges.

Webinar

May 07, 2020: Digital Identities & Healthcare IAM: Balancing Efficiency in Clinical Workflows and the Need for Security & Privacy

IAM infrastructure is becoming increasingly critical to the business success of healthcare providers. This is driven in the first instance by digitization and connectivity of everything and the inevitable efforts of cyber-criminals to compromise the newly connected assets. At the same time, and especially in sectors like healthcare, whose business is based on the collection and use of lots of valuable consumer data, the public and governments are demanding more accountability for safeguarding and appropriate use of personal information.

Advisory Note

Advisory Note: Cyber Risk – Choosing the Right Framework - 80237

As organizations undergo Digital Transformation the business impact of cyber risks increases.  It is essential that organizations manage these risks.  There are several frameworks that organizations could adopt to help them to manage these risks, but they need guidance to choose which is right for them.  This report describes the main cyber risk management frameworks and identifies the factors that organizations should consider when choosing which one to use.

Leadership Brief

Leadership Brief: 5G Impact on Organizations and Security - 80238

5G is the next generation of cellular mobile communications. It will provide the capacity and connectivity required to industrialize IoT, Smart Cities and Smart Manufacturing. This report explains what it is and its likely impact on organizations and their security.

Blog

Ambient Intelligence Can’t Mature Without an Identity Protocol

Every day we are experiencing the intersection of IoT and AI. The interactions of users, sensors, robots, vehicles, smart buildings, and much more is creating a new status quo for digital experiences. This growing range of smart devices – both in the IoT sense and the intelligent AI sense – mean we are moving beyond a singular focus on the smartphone. This heightened immersion into increasingly distributed, decentralized digital networks is what KuppingerCole has termed “Ambient Intelligence”. The synergy of AI and IoT that Ambient Intelligence enables will be a key...

Leadership Brief

Leadership Brief: Leveraging Identity Fabrics on your way towards cloud based IAM - 80501

Webcast

Holen Sie sich das SIEM, das Sie schon immer wollten: intelligent, automatisiert, mit unbegrenzter Kapazität

Vor 15 Jahren wurden Security-Information-and-Event-Management-Produkte (SIEM) als die ultimative Lösung für alle Sicherheitsprobleme in Unternehmen gefeiert, und das nicht ohne Grund: Schließlich ist die zentrale Erfassung und Verwaltung sicherheitsrelevanter Daten über alle IT-Systeme eines Unternehmens hinweg eine wichtige Voraussetzung für eine schnelle Analyse und Reaktion auf Cyber-Bedrohungen. Auch heute noch sind SIEM-Plattformen weit verbreitet, um Security Operations Centers (SOC) in großen Unternehmen oder Managed Security Services für...

Webinar

Mar 26, 2020: Data Sovereignty in Public Clouds

Just a few years ago, IT infrastructures resembled medieval fortresses: Firewalls, intrusion prevention systems and anti-virus programs were supposed to ward off attacks even before the attacker  could enter.

Whitepaper

Whitepaper: Success in Digital Finance: Doing Digital Identities right for a positive Digital Experience - 80164

Success in Digital Finance is not a miracle, but a combination of having the right offerings and services, and delivering a seamless and modern digital experience to the customers. Digital Identities take a central role in such digital experience, from the identity verification and digital onboarding process to recurring authentication and efficient processes based on “electronic paper”, with signing, sealing, and so on. Oxyliom Solutions delivers an integrated platform that supports all parts of identity services for a modern digital experience in finance, supporting the...

Executive View

Executive View: ESET Enterprise Inspector - 80192

Enterprise Inspector is ESET’s Endpoint Detection & Response (EDR) solution. It currently runs on Windows with future plans to cover Linux, and Mac clients, collecting and analyzing information to help security analysts determine if malicious activities have occurred. The solution also allows for pre-configured remediation actions to be executed when certain conditions are met.

Blog

Top 5 Recommendations for Reducing Cyber Risks in 2020

The turn of the year has been an occasion for many cybersecurity news outlets to talk about trends and challenges in cybersecurity. Despite the importance of knowing what the trends and challenges are, we want to give you some hands-on recommendations to increase security for your company. Of course the following recommendations are just a selection out of many possible measures. We are happy to discuss with you in more detail the implications for your concrete business model. 1. Beyond detect, prevent, respond: recovery & Incident Response Management While AI helps in increasing...

Blog

Why C-SCRM Is Becoming so Essential for Your Digital Business

The current discussion around Huawei and whether or not it should be endorsed as a supplier for 5G mobile network hard- and software has reminded us on how dependent we are on the integrity and reliability of such manufacturers and how difficult it is to trust their products if they are closed source and proprietary or otherwise hard or impossible to examine. Due to its undisputed vicinity to the Chinese government, Huawei has come under suspicion primarily by the US authorities to provide undocumented access capabilities to Chinese intelligence agencies enabling them to globally wiretap...

Press Release

Heterogeneity of Web Application Firewalls Market Increases

For companies doing business with commercial partners and customers via web applications, it is business-critical to maintain and protect these web applications. Since companies have become increasingly dependent on web applications for doing business, the need for Web Application Firewalls (WAF) has increased as well.

Blog

Will 2020 Be the Year of Oracle Cloud?

Recently I had an opportunity to attend the Next Generation Cloud Summit, an event organized by Oracle in Seattle, WA for industry analysts to learn about the latest developments in Oracle Cloud strategy. This was the first Oracle’s analyst summit in Seattle and coincidentally my first time in the Cloud city as well… Apparently, that’s a legitimate nickname for Seattle for a few years already, since all notable cloud service providers are located there, with Google and Oracle joining AWS and Microsoft at their historical home grounds by opening their cloud offices in the...

Market Compass

Market Compass: Web Application Firewalls - 70324

The KuppingerCole Market Compass provides an overview of the product or service offerings in a specific market segment. This Market Compass covers Web Application Firewall (WAF) solutions that span the spectrum of on-premises, cloud, and hybrid IT delivery models.

Executive View

Executive View: PlainID Policy Manager - 80315

PlainID Policy Manager aims to be the single source of truth for all entitlements, coarse- or fine-grained in your enterprise, controlling secure access across all identities, systems, and applications with the help of centrally managed business-focused policies.

Blog

Moving Towards AI and IoT Solutions Beyond Machine Learning

Microsoft is currently running ads extoling the virtue of AI and IoT sensors in helping farmers produce more and better crops, with less waste and higher yields. Elsewhere in manufacturing, supply chain management is being transformed with digital maps of goods and services that reduce waste and logistical delays. In Finland, a combination of AI and IoT is making life safer for pedestrians. The City of Tampere and Tieto built a pilot system that automatically detects when a pedestrian is planning to cross the street at an intersection. Cameras at intersections accessed algorithms trained...

Webcast

Cybersecurity Trends and Challenges 2020

Digitalization evolves with the increased use of microcomputers in everyday objects like cars and smart fridges, but also in industrial applications. Therefore, communication between devices is growing accordingly. While connecting devices is supposed to make our lives easier, it poses a great challenge from a security standpoint. Every connection opens a potential backdoor for attackers to slip inside your network.

Blog

Three Critical Elements Required to Close the Cybersecurity Skills Gap

The status on cybersecurity is fairly clear: 82% of employers report that their cybersecurity skills are not enough to handle the rising number of cyber incidents (Center for Strategic & International Studies, 2019. The Cybersecurity Workforce Gap). There is a gap – a gap between the skills needed for strong cybersecurity, and the skills you actually have. It is an individual problem, but also an enterprise problem and a global problem. The vast majority of the world simply does not have the skills to keep up with the cyber risks that we know exist. Three Critical Elements to...

Executive View

Executive View: PingAccess - 80323

With the rising complexity of IT environments and the many integration points to consider, PingAccess provides a flexible architecture that includes Web and API Access Management, whether on-premises or in the cloud. Combining PingFederate with PingAccess offers a complete Web Access Management solution.

Boot Camp

May 15, 2020: Identity Fabric Boot Camp

With the concept of an Identity Fabric, KuppingerCole describes a paradigm for the Future of IAM, which allows serving different needs in a consistent manner. This boot camp will provide you with insights and recommendations on how to get to an IAM Program that is ready for the 2025 horizon and beyond, and that helps you in supporting the agility of your business.

Leadership Brief

Leadership Brief: Assessing the Maturity of Core AI Disciplines - 80390

There are several disciplines that contribute to the Artificial Intelligence field: Natural Language Processing, Machine Learning, Machine Reasoning, and others. This Leadership Brief addresses their varying maturity levels for enterprise use.

Advisory Note

Advisory Note: Why High-Profile Digital Transformation Initiatives Fail: How to do better - 80289

A growing number of organizations are adapting their products, processes and strategies to capitalize on the benefits of digital technology, but some high-profile Digital Transformation (DX) initiatives have failed despite heavy investments. This Advisory Note looks at some of the main reasons DX initiatives fail and provides recommendations for avoiding these common pitfalls to ensure DX initiatives are sustainable and deliver long-term strategic benefits as well as short-term operational efficiencies. 

Advisory Note

Advisory Note: KRIs and KPI for Cyber Security - 80239

This report provides selected Key Risk Indicators (KRI) for the area of Cyber security. These indicators are easy to measure and provide organizations with a quick overview of the relevant risks and how these are changing. The indicators can be combined into a risk scorecard which then can be used in IT management and corporate management. 

Blog

Taking One Step Back: The Road to Real IDaaS and What IAM Really Is About

Shifting IAM to Modern Architecture and Deployment Models There is a lot of talk about IDaaS (Identity as a Service) these days, as the way to do IAM (Identity and Access Management). There are also fundamental changes in technology, such as the shift to containers (or even serverless) and microservice architectures, which also impact the technology solutions in the IAM market. However, we should start at a different point: What is it that business needs from IAM? If we step back and take a broader perspective, it all ends up with a simple picture (figure 1): The job of IAM is to provide...

Virtual Academy KC Master Class

Feb 18, 2020: Incident Response Management

In this KC Master Class you learn how to react adequately when a cyberattack has occurred in your company. Our analysts will prepare you for this worst case scenario by showing you how to rate risks realistically and integrate these ratings into your general incident response strategy. This strategy should include incident detection, administering responsibilities within company staff, defining a communication strategy for internals and externals and gaining a deep understanding of recovery processes.

Executive View

Executive View: Cleafy Advanced Threat Detection & Protection - 80309

Cleafy is a real-time clientless application risk assessment, threat detection and prevention platform for online services in highly regulated industries. Providing protection against advanced targeted attacks for unmanaged endpoints, it can prevent payment fraud, transaction tampering, credential theft, and other risks.

Executive View

Executive View: Callsign Intelligence Driven Authentication - 80174

Callsign is a provider of an identity platform that integrates consumer onboarding, authentication, and fraud management in a well-thought-out manner. In contrast to other solutions, all capabilities are tightly integrated. The platform uses AI/ML for risk analysis and supports passive and continuous authentication. It is feature-rich and easy to use, with flexible support for creating, managing, and testing user journeys.

Blog

The C5:2020 - A Valuable Resource in Securing the Provider-Customer Relationship for Cloud Services

KuppingerCole has accompanied the unprecedented rise of the cloud as a new infrastructure and alternative platform for a multitude of previously unimaginable services – and done this constructively and with the necessary critical distance right from the early beginnings (blog post from 2008). Cybersecurity, governance and compliance have always been indispensable aspects of this. When moving to the use of cloud services, it is most important to take a risk-based approach. There is nothing like “just the cloud”. It is not a single model but covers a wide and constantly...

Webcast

Improve Security With Critical Infrastructures Requirements

Organizations or institutions that are essential for the public are called Critical Infrastructures (KRITIS = “Kritische Infrastrukturen”). As such, they are subject to comprehensive and strict legal regimes consisting of laws and regulations. Their failure or significant impairments result in sustained supply shortages, significant disruptions to public safety or other drastic consequences. Their protection and the safeguarding of the public require appropriate concepts, processes and technologies. Watch this webcast and learn how your organization can benefit from...

Executive View

Executive View: Onegini Connect - 80168

Onegini provides a compelling no-code cloud-delivered solution for Consumer Identity and Access Management (CIAM) and B2B IAM. Onegini is headquartered in the Netherlands, is expanding across Europe, and has global ambitions. They have expertise in EU regulations such as GDPR, PSD2 and other industry-specific regulations. They are positioning their product as a CIAM solution for financial, pension and insurance industries with a strong mobile differentiator.

Webinar

Mar 03, 2020: Solving Problems in Privileged Access Management with Automation

While businesses race ahead with digital transformation, security and identity management are often being left behind. The complexity of modern organizations of all sizes has undermined the traditional concepts of privileged access management (PAM) and privileged account usage. Help desks and IT security teams are often too busy and understaffed to be able to give PAM the attention it deserves.

Blog

The Next Best Thing After "Secure by Design"

There is an old saying that goes like this: “you can lead a horse to water, but you can’t make it drink”. Nothing personal against anyone in particular, but it seems to me that it perfectly represents the current state of cybersecurity across almost any industry. Although the cybersecurity tools are arguably becoming better and more sophisticated, and, for example, cloud service providers are constantly rolling out new security and compliance features in their platforms, the number of data breaches and hacks continues to grow. But why? Well, the most obvious answer is...

Leadership Brief

Leadership Brief: Six Key Actions to Prepare for CCPA - 80353

From January 1st, 2020, when the California Consumer Privacy Act (CCPA) came into force, the requirements for managing personal data have changed.  This report identifies six key actions that IT needs to take to prepare for compliance.

Leadership Brief

Leadership Brief: Top Ten Trends in Cybersecurity - 80336

This report outlines 10 important trends and technologies in cybersecurity that KuppingerCole believes will shape security policies and solutions choice for organisations in the years ahead. 

Blog

Quantum Computing and Data Security - Pandora's Box or a Good Opportunity?

Not many people had heard of Schroedinger's cat before the CBS series "The Big Bang Theory" came out. Dr. Sheldon Cooper used this thought experiment to explain to Penny the state of her relationship with Lennard. It could be good and bad at the same time, but you can't be sure until you've started (to open) the relationship. Admittedly, this is a somewhat simplified version of Schroedinger's thoughts by the authors of the series, but his original idea behind it is still relevant 100 years later. Schroedinger considered the following: "If you put a cat and a poison, which is randomly...

Blog

Applying the Information Protection Life Cycle and Framework to CCPA

The California Consumer Privacy Act (CCPA) became effective on January 1, 2020. Enforcement is slated to start by July 1, 2020. CCPA is complex regulation which does bear some similarities with EU GDPR. For more information on how CCPA and GDPR compare, see our webinar. Both regulations deal with how organizations handle PII (Personally Identifiable Information). CCPA intends to empower consumers to give them a choice to disallow onward sales of their PII by organizations that hold that information.  A full discussion of what CCPA entails is out of scope. In this article, I want to...

Whitepaper

Whitepaper: Healthcare IAM: Enhance the Clinical Workflow - 80163

The Healthcare sector faces the common challenges of all businesses today: digital transformation, cyber-security, and increasingly stringent regulations. But Healthcare also has unique challenges because clinical operations depend on continual access to customers’ most sensitive personal information and require life-or-death decisions on a daily basis. This environment demands digital-identity capabilities that enable fast, anywhere/anytime access to clinicians while satisfying growing requirements for security, privacy and compliance.

Executive View

Executive View: Informatica: Customer 360 - 80290

When optimizing customer centricity and customer engagement, data is an important resource. To ensure an ideal customer experience, various challenges across the customer lifecycle must be solved. Informatica’s Customer 360 solution is designed to manage data across the entire customer lifecycle in a highly flexible way to meet various customer scenarios.

Executive View

Executive View: Apigee Edge API Management Platform - 80307

Apigee offers a comprehensive platform to support end-to-end API management at every stage of API lifecycle. From API design to publication, productization, and monetization to monitoring and securing live endpoints – everything is managed centrally across on-premises, cloud-based and hybrid environments.

Leadership Brief

Leadership Brief: Robotic Process Automation - 80333

Robotic Process Automation (RPA) is a type of automation technology with the potential to transform the way businesses operate by automating manual tasks within business processes by implementing (software) “robots” to perform these tasks instead of humans. This leadership brief looks at the most appropriate applications of RPA and the biggest potential business benefits.

Webcast

API Management and Security: Don’t Trade Protection for Convenience

Once a purely technical concept created to make developers’ lives easier, Application Programming Interfaces (APIs) have evolved into one of the foundations of modern digital business. As companies are struggling to maintain their business agility, to react to the ever-changing market demands and technology landscapes, the need to deliver a new application or service to customers as quickly as possible often trumps all other considerations. Often, security becomes an afterthought at best or, even worse, it is seen as a nuisance and an obstacle on the road to success. While the...

Blog

RPA and AI: Don’t Isolate Your Systems, Synchronize Them

We already hear a lot about artificial intelligence (AI) systems being able to automate repetitive tasks. But AI is such a large term that encompasses many types of very different technologies. What type of solutions are really able to do this? Robotic Process Automation (RPA) configures software to mimic human actions on a graphic user interface (GUI) to carry out a business process.  For example, an RPA system could open a relevant email, extract information from an attached invoice, and input it in an internal billing system. Although modern RPA solutions are already relying on...

Executive View

Executive View: Oracle Identity Governance - 80157

As the market, technology, and regulation forces change, Oracle offers a comprehensive Identity Governance solution that can meet the ever evolving enterprise needs. Oracle Identity Governance (OIG) addresses compliance at scale within the more modern cloud environments.

Blog

Proper Patch Management Is Risk-Oriented

With regard to cybersecurity, the year 2020 kicks off with considerable upheavals. Few days ago, my colleague Warwick wrote about the security problems that arise with some of Citrix's products and that can potentially affect any company, from start-ups and SMEs to large corporations and critical infrastructure operators. Just a few hours later, NSA and many others reported a vulnerability in the current Windows 10 and Windows Server 2016 and '19 operating systems that causes them to fail to properly validate certificates that use Elliptic Curve Cryptography (ECC). This results in an...

Executive View

Executive View: Microsoft Azure AI Platform - 80233

The Microsoft Azure AI platform provides a comprehensive enterprise solution for designing and implementing customized AI solutions. The cloud and hybrid deployment options, modular AI services, and management tools make the platform a strong choice for an AI-on-demand solution.

Executive View

Executive View: Saviynt Security Manager for Enterprise IGA - 80325

Saviynt offers a comprehensive compliance-as-a-service platform providing Identity Governance and Management, Application Risk and Governance, Cloud Security, and Cloud PAM functionality. Designed to be deployed as a cloud, hybrid, or on-premise solution, the Saviynt Security Manager for Enterprise IGA helps customers demonstrate assured compliance using their access governance and risk intelligence capabilities.

Boot Camp

May 15, 2020: Privileged Access Management (PAM) Boot Camp

The PAM boot camp is an intensive training program helping you to prevent security breaches and credential thefts through defining and implementing the right cybersecurity controls for privileged users and privileged access in your organization.

Blog

Mitigate Citrix Vulnerability in Face of PoC Exploits

Despite a Citrix warning in mid-December of a serious vulnerability in Citrix Application Delivery Controller (ADC) and Citrix Gateway (formerly NetScaler and NetScaler Gateway), thousands of companies have yet to put in place the recommended mitigations. In the meantime, several proof of concept (PoC) exploits have been published on GitHub, making it extremely easy for attackers to gain access to networks and impersonate authorized users. Thousands of Citrix systems still vulnerable Initial estimates put the number of vulnerable systems at 80,000 in 158 countries. Researchers reported...

Executive View

Executive View: AWS Security Analytics Solutions - 80220

AWS provides a comprehensive suite of services to monitor for threats, misconfigurations and compliance violations across its portfolio, with all security alerts aggregated, organized and prioritized within AWS Security Hub – an extensible cloud security and compliance management platform.

Webinar

Apr 28, 2020: The Security & Identity Challenges of Modern IT: Agile IT & DevOps Done Right & Secure

Security and identity must evolve in order to support today’s IT. While traditional IT appears being rather simple to secure, current security risks necessitate a greater degree of agility: shifting to DevOps paradigms, implementing a CI/CD chain, running services in hybrid cloud environments (or wherever else). This requires a security angle on DevOps, which you might name DevSecOps.

Boot Camp

May 15, 2020: Incident Response Boot Camp

This boot camp will allow you to check your organization’s cyber incident response plan against best practices or help you to create a response plan if you don’t already have one! It will guide you to the best practices for responding to a cyber incident and the technologies that can help to reduce its impact. It will also help you to choose the kinds of partners that you may need when an incident occurs.

Boot Camp

May 15 - Nov 26, 2020: Boot Camp Series 2020

KuppingerCole organizes various boot camps where you can keep yourself informed about the latest techniques and trends in identity management, cloud access, and security. Boot camps are more informative than other presentation formats. It offers intense interaction possibilities, is dense with new information and is a perfect medium to equip attendees with practical skills and confidence in a specific subject by sharing experiences, learning new skills and techniques.

Leadership Brief

Leadership Brief: IAM for Robotic Process Automation: How to Avoid Security Challenges - 80383

Robotic Process Automation (RPA) is one of the trending topics in today’s IT environments. RPA promises to automate manual tasks within business processes by implementing (software) “robots” that perform these tasks instead of humans. Such software robots must have a digital identity, and the access rights of these robots must be kept under control for enforcing the Principle of Least Privilege and avoiding major security challenges. IAM for RPAs, therefore, must be carefully considered and planned.

Webinar

Mar 05, 2020: What Does the Future Hold for Passwordless Authentication and Zero Trust?

Enterprises of all types face a growing number of cyber threats today. Studies show that most data breaches begin with compromised passwords. Moreover, password management is expensive and not user-friendly. Enterprise workforce users are driving the consumerization of IT. They want the same kind of flexibility and ease-of-use from the authentication systems at work that they use at home; often, this means using mobile devices.

Webinar

Mar 10, 2020: The Perils of Today’s Approach on Access Governance: Start Protecting Data at Source

Protecting sensitive, valuable data is a must for every organization. Ever-increasing cyber-attacks and ever-tightening regulations mandate businesses to take action. Unfortunately, the common approaches of IGA (Identity Governance and Administration) that focus on managing static entitlements for systems and applications fall short in really securing the data at risk. They fail in managing data in motion. They are static. They don’t manage the usage of data well. Not to speak of all the challenges in role management projects and around regular access reviews.

Executive View

Executive View: F-Secure Rapid Detection & Response - 80182

Rapid Detection & Response is F-Secure’s Endpoint Detection & Response (EDR) solution. It runs on Windows and Mac clients, collecting and analyzing information to help security analysts determine if malicious activities have occurred. The solution also allows for pre-configured remediation actions to be executed when certain conditions are met and offers F-Secure expert service advice when needed.

Virtual Academy KC Master Class

Feb 04, 2020: PAM for the 2020s

Attend this KC Master Class to learn how to protect privileged accounts of your company. Based on many years of experience, KuppingerCole Analysts will deliver practical knowledge on password management and automatic rotation, enforcement of the least privilege principle, vulnerability identification, risk management, central analysis, session management and monitoring, and efficient, comprehensive auditing.

Blog

PAM Can Reduce Risk of Compliance Failure but Is Part of a Bigger Picture

The importance of privilege accounts to digital organizations and their appeal to cyber attackers has made Privilege Access Management (PAM) an essential component of an identity and access management portfolio. Quite often, customers will see this as purely as a security investment, protecting the company’s crown jewels against theft by organized crime and against fraudulent use by internals. More successful cyber-attacks are now enabled by attackers gaining access to privilege accounts. However, that is only part of the story. Organizations also must worry about meeting governance...

Webinar

Feb 18, 2020: Holen Sie sich das SIEM, das Sie schon immer wollten: intelligent, automatisiert, mit unbegrenzter Kapazität

Vor 15 Jahren wurden Security-Information-and-Event-Management-Produkte (SIEM) als die ultimative Lösung für alle Sicherheitsprobleme in Unternehmen gefeiert, und das nicht ohne Grund: Schließlich ist die zentrale Erfassung und Verwaltung sicherheitsrelevanter Daten über alle IT-Systeme eines Unternehmens hinweg eine wichtige Voraussetzung für eine schnelle Analyse und Reaktion auf Cyber-Bedrohungen.

Leadership Brief

Leadership Brief: Radically Lean: NoOps and Serverless Computing - 80305

Computing is continually getting leaner and becoming more like a utility as it moves increasingly further away from on-premise physical hardware by abstracting IT environments away from the underlying infrastructure. This trend towards NoOps computing that eliminates the need for operational teams to manage software and infrastructure has seen the introduction of Virtual Machines, Containers and Serverless Computing. This leadership brief identifies the most appropriate uses of Serverless Computing and provides recommendations on how to decide when this model is a good fit for a business.

Executive View

Executive View: Informatica Data Privacy Management - 80276

Informatica Data Privacy Management is an AI-enhanced unified data security platform for identifying, analyzing, quantifying and mitigating risk related to sensitive data to enable businesses to get the most out of company data and digital transformation processes without exposing the enterprise to increased risk. Data Privacy Management includes tools to identify and monitor sensitive data on premise and in the cloud as well as control who can access the data and how that data can be used. In addition to highlighting potential risks to improve security and ensure regulatory compliance,...

Blog

More SEs + TEEs in Products = Improved Security

Global Platform announced in 4Q2019 that more than 1 billion TEE (Trusted Execution Environment) compliant devices shipped in 2018, and that is a 50% increase from the previous year. Moreover, 6.2 billion SEs (Secure Elements) were shipped in 2018, bringing the total number of SEs manufactured to over 35 billion since 2010. This is good news for cybersecurity and identity management. TEEs are commonly found in most Android-based smartphones and tablets. A TEE is the secure area in the processor architecture and OS that isolates programs from the Rich Execution Environment (REE) where most...

Blog

The 20-Year Anniversary of Y2K

The great non-event of Y2K happened twenty years ago. Those of us in IT at that time weren’t partying like it was 1999, we were standing by making sure the systems we were responsible for could handle the date change. Fortunately, the hard work of many paid off and the entry into the 21st century was smooth. Many things have changed in IT over the last 20 years, but many things are pretty similar. What has changed? Pagers disappeared (that’s a good thing) Cell phones became smartphones IoT devices began to proliferate The cloud appeared and became a dominant computing...


Welcome to KuppingerCole

How can we help you

Send an inquiry

+49 211 237 077 33

Mo – Fr 8:00 – 17:00

Stay Connected

Spotlight

AI for the Future of Your Business Learn more

AI for the Future of Your Business

AI for the Future of your Business: Effective, Safe, Secure & Ethical Everything we admire, love, need to survive, and that brings us further in creating a better future with a human face is and will be a result of intelligence. Synthesizing and amplifying our human intelligence have therefore the potential of leading us into a new era of prosperity like we have not seen before, if we succeed keeping AI Safe, Secure and Ethical. Since the very beginning of industrialization, and even before, we have been striving at structuring our work in a way that it becomes accessible for [...]