Martin Kuppinger: Governance, Risk Management, Compliance
GRC (Governance, Risk Management, Compliance) is presently a core topic for every mid-sized and large organization. The number of regulations is growing. Auditors are focusing on Corporate Governance and IT Governance, are asking for risk managements and are looking on access controls and other specific IT aspects.
Thus it is no surprise that we observe an ever growing number of vendors with offerings to support GRC initiatives. But there is still a lot of discussion around GRC. Besides the feat of implementing GRC solutions in a consistent manner across the enterprise, covering business as well as IT, there are several people stating that GRC today is mainly about dealing with FUD - fear, uncertainty, doubt. In Kuppinger Cole's view however, if the potential of GRC is realised and implemented appropriately, it has far greater capacity than just dealing with this issue.
Felix Gaehtgens: Sun's new Access Manager is now OpenSSO Enterprise
Two months after unveiling the new strategy for its OpenSSO platform, Sun releases the next version of Access Manager. In keeping with Sun traditions, it's time for another product renaming exercise - from now on Access Manager will be known as OpenSSO Enterprise, and this version will incorporate the latest features from the OpenSSO Express version.
Felix Gaehtgens: Managed Identity Services: Talking the Talk with Covisint
At the last Digital ID World conference, I bumped into Douglas Anter by sheer luck at the Ping Identity party. He is responsible for Public and Analyst Relations at Compuware, the company that owns Covisint. Whether I would have some time for a briefing, he asked. You bet! I said.
Kuppinger Cole Roadmap Report Identity Management 2009
Kuppinger Cole, focusing on Identity and Access Management (IAM), GRC (Governance, Risk Management, Compliance), digital identities in companies, the Internet and society as well as Cloud Services and Computing, published their report "Identity Management Roadmap 2009.
The report for the first time presents Kuppinger Cole's Identity Management Roadmap in a comprehensive manner. This Roadmap describes the development of Identity Management and GRC infrastructures across four levels of maturity. This makes it a standardised, structured guide that allows companies to verify and further develop their own Identity Management strategies.
Martin Kuppinger: Trend Report IAM and GRC 2009-2019
Sebastian Rohr:Integration and convergence - for compliances´sake?
Product Report: Symlabs Virtual Directory and LDAP Proxy
Kuppinger Cole Blogs
Blog Martin Kuppinger
The economic turmoil - and its relationship to IT Risk Management
I had a very interesting briefing with one of the vendors for Privileged Account Management today. Like in most briefings, we also touched the current economic turmoil. The discussion we had convinced the expectations I have for the GRC and IAM markets: They probably will not be that heavily affected by the economic crisis than other IT market segments. The reason is simple - companies have learned that risk management is mandatory and the pressure on implementing a high level of GRC controls is increasing. Companies have to invest whether they like or not.
Novell is moving forward
Yesterday one of the vendors (not Novell), who was a little late in an analyst briefing call, said that he had to talk before to a journalist. He mentioned that this journalist was somewhat surprised by the large number of announcements in the Identity Management and GRC industry in these days. Novell is one of the vendors who should feel guilty - they are very active in providing news these days.
The identities of core business objects
In our new Roadmap Report Identity Management and GRC 2009, available from Oct 13th 2008, we describe the structured evolution of Identity Management and GRC infrastructures across multiple maturity levels, from basic, administration-focused deployments towards business- and service-oriented implementations.
Blog Felix Gaehtgens
It´s the authorisation, stupid!
As the US presidential election is in full swing, I thought it would be a great time to dust off Bill Clinton´s catchy statement from way back when and seize it for my own agenda. As the industry is increasingly focused on the identity metasystem that will delivering identity to applications, and much attention is given to strong authentication, I believe that authorisation is a very much neglected topic. Very unfortunately so.
Looking back at DIDW
Two weeks ago I was at Digital ID World in Anaheim, CA, followed by a briefing in Redmond. My mind is still returning to this action-packed event every once in a while, and I am still trying to make sense of it all. For me the most interesting aspect of DIDW has certainly been to meet face to face with lots of the usual suspects, some people I "know" virtually, but have never met face to face, and some new acquaintances. Over the next few week, as my busy research agenda allows, I will write up on some of the cool stuff, new technologies and new evolutions of products that I´ve learned about during those three days.
Blog Sebastian Rohr
Pilgrimmage to the Promised Land - Bay Area from Oct. 27th on
Hello World, hello Bay-Dwellers!
Either you look forward to meeting me or to avoid me - pay special attention between October 27th and November 13th as I will be in the Bay Area and Silicon Valley to meet some people. Especially the IIW in Mountain View at the end of the trip will be a highlight - but if you like to meet me before, please contact Levent or myself, so we can make an appointment. Looking forward to meet as many "gentle people" in SF as possible, regardless of flowers in their hair or big ideas on identity management in their brains!
breaking a habit - UNDO
Despite the fact that I clearly see CA´s recent acquisition of IDfocus LLC and their ACE technology as a plus to the whole offering of IAM technologies from CA, for me it is still sort of a "back to the roots".
More Crystal Balls... PKI v.2, convergence and the like
One of our jobs as analysts to provide insight and vision on what an when things are going to change and how it is going to happen. Sometimes though, my fellow analysts are far off with their predictions, sometimes one just underestimates the market pull or some impressive marketing stunt one of the vendors pulls to push the cause. Other times, for example with PKI, the real hype never materializes - but nevertheless the technology silently grows and matures and never really vanishes.
Humans are visual beings, or at least: I am game for eye-candy!
In spring this year I was accompanying a friend and business partner of mine to shadow him on a visit to one of the "Managed VoIP Service" vendors, as he (my friend) is also running a small System Integrator company.
Identity Management Events
Oct. 24, 2008 1 p.m. - 2 p.m. CEST (german)
Free Webinar: GRC Business Values
Nov. 18th - 19th, 2008, Frankfurt (german)
Governance, Risk Management & Compliance (GRC) Forum 2008
Nov.20th, 2008, Munich (german)
Kosten Senken durch Innovation - Lean IT mit Identity Management & GRC
Nov. 26th - 27th, 2008, Munich (german)
Enterprise Identity Management Best Practices
Feb. 11th - 13th, 2009, Istanbul
Identity Management & GRC Conference Istanbul
Managing digital identities and their access to your systems and information - wether they are your workforce, (online) customers, partners or suppliers - this is the core focus of identity and access management (IAM).
Traditional information security initiatives have focused on "keeping the bad guys out" through implementing firewalls and other network security devices, protecting the "inside" from the "outside". But what about the "bad guys" inside and the "good guys" outside? Traditional information security has missed to reflect the ever increasing need for more agility your enterprise requires to act in quickly changing market places and to respond to increasing compliance requirements.
March 22th - 25th, 2008, Las Vegas
The Experts Conference
Founded by NetPro in 2002, The Experts Conference (TEC) provides experienced Active Directory and identity administrators with advanced technical education from the industry´s top experts and Microsoft technology leadership.
May, 05th - 08th, 2009, Munich
European Identity Conference 2009
With more than 450 attendees from 23 countries, EIC is a major platform in Europe to create, support and foster the dialog between GRC and identity management thought leaders and users, but as well between thought leaders themselves, between Europeans and Americans, vendors, vendor partners and users, between open source initiatives and the market.