Reports

Digital identities are at the core of Digital Transformation, Information Security and Privacy, and therefore it has never been more important for enterprises to ensure they have the capability to manage identities effectively and efficiently in a rapidly changing business, regulatory and IT environment. This Advisory Note looks at the main trends and challenges to help businesses…

CCPA is the latest in a series of global privacy regulations. It comes with new requirements for dealing with personal data and is accompanied by severe penalties. Thus, businesses must take appropriate action to comply with CCPA. While handling consent and opt-outs are at the forefront, successful mitigation of risks starts with data-centric security – it is about understanding…

Axiomatics provides a complete enterprise-grade dynamic authorization solution that can address an organization's breadth of access control needs. The Axiomatics Policy Server (APS) makes available a suite of tools and services to manage an Attribute Based Access Control (ABAC) policy life-cycle efficiently both on-premises and in the cloud.

This Leadership Compass provides an overview of the market for API management and security solutions along with recommendations and guidance for finding the products which address your requirements in the most efficient way. We examine the complexity and breadth of the challenges to discover, monitor and secure all APIs within your enterprise and identify the vendors, their products,…

Digital Identities are at the heart of the Digital Transformation. Without the ability to unify identities and manage the access of everyone to everything  to every digital service effectively, transformation initiatives will fail. Business can’t afford to implement these capabilities on a per service basis – this will increase cost, slow down time-to-market and lead to…

Digital Transformation is ubiquitous. Creating new digital business services changes the way IAM needs to be done. Instead of managing existing applications, IAM has to provide identity services that can be consumed by digital services. Focus is shifting from modern UIs for managing existing applications to APIs that provide the identity services. Modern Identity Fabrics must serve both…

Blockchain identity solutions are developing into a viable segment in IAM. Because the market segment is still very heterogeneous and gaining maturity, selecting a vendor to provide blockchain ID solutions should be done with care. This KuppingerCole Buyer’s Compass will equip you with key criteria and questions to help select an appropriate vendor.

IBM Cloud Pak for Security is an innovative solution that can run in a variety of deployment models that supports security analytics and incident response for today’s complex, hybrid and multi-cloud environments. It provides a consolidated view on security and threat information across a range of sources from IBM and other vendors. It supports federated search across that data, plus…

Identity Automation’s RapidIdentity is an Identity and Access Management (IAM) solution that targets the specific requirements of healthcare organizations. Beyond delivering standard IAM capabilities, RapidIdentity helps healthcare organizations access a unified solution instead of relying on disparate point solutions. RapidIdentity’s cohesive suite of tools reduces…

When it comes to digital marketing, companies of all business sectors try to constantly improve customer experience (CX) and customer journeys. In many cases, there is a single focus on technological topics, such as machine learning or conversational interfaces. But, is technology the key to success? This leadership brief gives an overview of relevant topics regarding optimization of CX…

The IBM Decentralized Identityplatform is both an enterprise solution for individual companies and the foundation of a global decentralized identity ecosystem. IBM’s decentralized identity solution has prioritized interoperable protocols rooted in Hyperledger Indy and Aries to provide secure exchange of information. IBM’s decentralized identitysolution can help enterprises…

Privileged Access Management (PAM) ist einer der wichtigsten Bereiche des Risikomanagements und der Datensicherheit für jedes Unternehmen. Privilegierte Konten werden traditionell an Administratoren, aber auch weitere Benutzer innerhalb eines Unternehmens vergeben, um auf kritische Daten und Anwendungen zuzugreifen. Doch die sich ändernden Unternehmensabläufe und die…

An emerging market, IDaaS IGA is largely characterized by cloud-based delivery of Identity Provisioning and Access Governance capabilities for business irrespective of the application and service delivery models. Improved time-to-value proposition prioritizes adoption of IDaaS for traditional IGA use cases, helping IDaaS IGA to increasingly become the preferred choice of customers for IAM…

ForgeRock Access Management is a full-featured Identity and Access Management (IAM) system, and a primary component in their Identity Platform.  It provides numerous authentication options, an intelligent adaptive risk engine, identity federation, and advanced policy-based authorization capabilities.   ForgeRock supports open standards development, and that is reflected by…

With Business-to-Business (B2B) transformation comes digital initiatives to better connect B2B customer systems and supply chain services, and in doing so, Identity and Access Management (IAM) becomes a crucial consideration. IAM shares standard features that can be used in B2E or B2C use cases as well, but IAM in the B2B context has specific requirements that need to be addressed. B2B…

IAM has been one of the central security infrastructures for many years. The changing role and importance of digital identities leads to fundamental changes in IAM architectures. The challenges for a future proof IAM are complex, diverse and sometimes even conflicting. Organization demand for a blueprint to design and implement efficient and durable IAM architectures that meet current and…

IBM MaaS360 with Watson is an AI-enabled, cloud-based Unified Endpoint Management (UEM) platform designed to enable enterprises to manage and secure smartphones, tablets, laptops, desktops, wearables, and the Internet of Things (IoT). With an open platform for integration with existing apps and infrastructure, IBM MaaS360 is backed by around-the-clock customer support and services, and…

The KuppingerCole Leadership Compass provides an overview of vendors and their product or service offerings in a certain market segment.  This Leadership Compass focusses on Infrastructure as a Service (IaaS) from Cloud Service providers (CSP) with a global presence and with a specific focus on security and compliance.

Privileged Access Management (PAM) is one of the most important areas of risk management and data security in any organization. Privileged accounts have traditionally been given to administrators and other users within an organization to access critical data and applications. But, changing business practices and digital transformation has meant that privileges accounts have become more…

Data loss via Advanced Persistent Threats (APT), Insider Threat, and other vectors remains a top concern of businesses worldwide. EDR tools are becoming more widely used to help detect and remediate these kinds of threats. This KuppingerCole Buyer’s Compass will provide you with questions to ask vendors, criteria to select your vendor, and requirements for successful deployments.…

Atos DirX Access is a mature solution for Access Management, covering the full range of targets from legacy web applications to modern SaaS services. It comes with comprehensive support for modern standards, including FIDO 2.0. A specific strength is the support for specific capabilities such as session state sharing across servers, Dynamic Authorization Management, or integrated User…

In the increasingly data-driven world today, it is essential to protect against unauthorized data access to prevent exposure and breaches, meet consumer expectations, and comply with the growing number of privacy regulations. PingDataGovernance provides the capabilities to control how data is accessed from data stores as well as giving data protection at the API layer.

Privileged Access Management (PAM) has evolved into a set of crucial technologies that addresses some of the most urgent areas of cybersecurity today against a backdrop of digital transformation. One Identity Safeguard Suite is a PAM solution that uses a modular approach across password management, session management and privilege account analytics.

From small businesses to large enterprises, organizations today require a solid foundation for their Identity and Access Management (IAM) services. These services are increasingly delivered as cloud services or IDaaS (Identity as a Service). Microsoft Azure Active Directory (Azure AD) provides Directory Services, Identity Federation, and Access Management from the cloud in a single…

The conversation on artificial intelligence and machine learning is still largely driven by hype. But concrete business benefits exist for narrow AI solutions, and it is time to separate hype from reality. This leadership brief identifies the characteristics of successful AI use cases, provides examples across multiple industries and business departments, and provides recommendations on…

Ransomware is an epidemic and continues to evolve. More than half of all companies and other organizations have been attacked with one form or ransomware or another. A multi-layered defense is the best strategy. Take steps now to reduce the likelihood of falling victim to it. Make sure you have good offline backups if you get hit. Don’t give up and pay the ransom.

Penetration Testing should be a key part of any business's assurance process, providing a level on independent testing that they are not wide open to hackers or other malicious actors; however, a penetration test is not a simple “off-the-shelf” test and needs careful design and planning.

NTDR products/services are getting a lot of attention at conferences and in the cybersecurity press. But does your organization need it? We’ll look at what NTDR products do, reasons to consider NTDR, and some high-level evaluation criteria regarding NTDR products.

Privileged Access Management (PAM) is fast becoming one of the most important areas of Identity and Access Management (IAM). Privileged accounts are given to admins and other users within an organization to access critical data and applications. However, if these are not managed securely, SMBs can find themselves having accounts still open for people who have left or for people who no…

For many organizations, the adoption of cloud services has become a strategic imperative which includes moving security services to the cloud as well. Optimal IdM provides a comprehensive identity management solution that provides federation, single sign-on, and strong two-factor authentication all within a private cloud.

Curity AB delivers a software-based API-driven identity server for businesses that need help connecting identity infrastructure, digital services, and cloud applications. Their solution adheres to many identity standards, to promote interoperability and to make it easier for clients to deploy necessary new features while shielding users from complexity.

Devolutions provides a PAM solution targeted at SMB customers that provides a good baseline set of PAM capabilities and easy to deploy and operate. The solution comes with a password vault, account discovery capabilities, and strong remote access features. While some of the more advanced capabilities of the leading-edge PAM solutions are lacking, the product fits well to the target group…

Managing access to applications, systems and resources is a key task for any organization and the hybrid IT deployment model has made this even more complex.  One area of concern is managing administrative access – administration is an essential process, but the administrator accounts provide the keys to the kingdom. This report describes how AWS Control Tower helps to…

This report provides an overview of the market for Consumer Authentication products and services and provides you with a compass to help you to find the Consumer Authentication product or service that best meets your needs. We examine the market segment, vendor product and service functionality, relative market share, and innovative approaches to providing Consumer Authentication solutions.

It’s time to consider a different way to manage and use identity information. We tend to deploy identity management suites and change our processes to suit. But this can constrain us and restrict our agility in deploying identity management services. Tremolo Security breaks the mold and asks us to focus on the task to be performed, and then to deploy an optimal solution.

The overwhelming majority of organizations now depend upon online services to support their business and this exposes them to cyber security risks. While most have security protection technologies in place few have a plan for how they would respond to a cyber incident. Today, the question is not if your organization will suffer a cyber incident but when - and this makes it essential to…

Blockchain technology – as the hype advertises – can be a value-adding solution for businesses and individuals. However, it is necessary to separate blockchain’s functionality from its fame before a firm can find an appropriate use case. This report deconstructs the main features that make blockchains unique from traditional database software and identify the ways that…

Oracle Data Safe is a cloud-based service that improves Oracle database security by identifying risky configuration, users and sensitive data, which allows customers to closely monitor user activities and ensure data protection and compliance for their cloud databases.

Identity & Access Governance ist ein Muss für jedes Unternehmen. Leider ist die Art und Weise, wie es heute gehandhabt wird, ineffizient und schwerfällig. Es ist an der Zeit, die Ansätze zu Identity & Access Governance zu überprüfen und schlanke Konzepte umzusetzen, die Unternehmen helfen, sich effizient an die Vorschriften zu halten und gleichzeitig…

Identity & Access Governance is a must for every business. Unfortunately, the way it is commonly done today is inefficient and cumbersome. It is latest time to review the approaches on Identity & Access Governance and implement lean concepts that help businesses to comply in an efficient manner, while also effectively mitigating business risks that derive from excessive…

Cryptocurrencies remain a speculative asset, but the launch of Facebook’s Libra could upset the status quo. There are many business opportunities which would stem from widespread adoption of cryptocurrencies, but also many challenges including data protection and tracking criminal activities. The relationship between government regulators, financial institutions, and…

The Revised Payment Service Directive (PSD2) Regulatory Technical Specifications (RTS) take effect this autumn across the EU. The directive will provide new benefits and rights for consumers, and create new business opportunities in the financial sector. However, new opportunities also imply new risks.

The way software is used today has clearly shifted towards "as-a-service". Classic on-premises applications are migrating more and more into the (managed) cloud and users are using hybrid scenarios from local and cloud applications on their devices. This Leadership Brief discusses top cyber threats—and shows how to overcome or manage them.

A technology-oriented approach to identity and access management (IAM) is becoming less important as identities become more diverse and access requirements grow. As a result, CISOs and IAM Security Officers are struggling to promote and develop the maturity of skills in the silos of technical identity management services. Adapting the structure of IAM organizations so that they are based…

With the increasing demand for more connectivity, Operational Technology (OT) organizations will need to become more interconnected with IT over time. The convergence of IT and OT is inevitable, so get started now on getting a grip on your OT Cybersecurity.

IT paradigms are under change. Containerized solutions, building on Microservice Architectures and exposing well-defined sets of APIs, are rapidly becoming the new normal. Such architectures provide clear benefits when used for IAM, allowing customers to shift from lengthy deployments of complex IAM tools to an agile deployment and operations approach, based on continuous innovation.…

Akamai’s Intelligent Edge Platform offers a broad range of access management, threat protection, and application security services that will support you in your journey to Zero Trust, making it safe, scalable and easy to manage – delivered entirely from the cloud.

When it comes to omni-channel and multi-device marketing and commerce, authentication is an important topic. The challenge is to achieve both security and the user experience as part of an integrated customer journey. UNIKEN REL-ID is a security platform that addresses that challenge across various channels, including mobile, web, voice, and chat.

A solution for managing secure access to online services, protected assets and sensitive data. Strong authentication, a broad spectrum of access management methods, sustainable maintenance processes of identities and authorization data form the basis for secure and auditable user access to applications.

Most organizations now have a hybrid IT environment with a cloud first approach to choosing new applications.  While this provides many benefits it also creates challenges around security and administration.  Managing identity and access in a consistent manner across all IT services, irrespective of how they are delivered, is key to meeting these challenges.  This report…

Today, most businesses are using hybrid IT, with a mix on-premises and cloud applications and services. And hybrid IT is here to stay, given that many of the legacy applications are hard and costly to migrate. Thus, Identity Services must work well for all these applications and the entire hybrid IT  infrastructure. While they increasingly run from the cloud, as IDaaS (Identity as a…

IDaaS IAM is a fast growing market, characterized by cloud-based delivery of access management capabilities for business irrespective of the application and service delivery models. The promise of improved time-to-value proposition is prioritizing adoption of IDaaS for B2B, B2E and B2C access management use-cases, helping IDaaS to dominate new IAM purchases globally. This report is an…

Digital technologies are now influencing and changing all areas within organizations. This is fundamentally reshaping the way communication takes place, how people work together and how value is delivered to customers. Ever-changing application and infrastructure architectures reflect the requirements of the evolving challenges that face companies, government agencies and educational…

Identity API Platforms expose APIs to capabilities ranging from IAM to Federation and more while supporting both the agile and DevOps paradigms that address the more complex IT environments seen today. This Leadership Compass will give you an overview and insights into the Identity API Platform market; providing you a compass to help you find the product that you need.

Organisationen oder Institutionen, die für die Öffentlichkeit wichtig sind, werden als Kritische Infrastrukturen (KRITIS = "Kritische Infrastrukturen") bezeichnet. Als solche unterliegen sie umfassenden und strengen Richtlinien, bestehend aus Gesetzen und Vorschriften. Ihr Ausfall oder ihre erhebliche Beeinträchtigung kann zu anhaltenden Versorgungsengpässen,…

Organizations or institutions that are essential for the public are called Critical Infrastructure (KRITIS = “Kritische Infrastrukturen”). As such, they are subject to comprehensive and strict legal regimes consisting of laws and regulations. Their failure or significant impairments result in sustained supply shortages, significant disruptions to public safety or other drastic…

Ensuring the continuity of IT services is an essential component of business continuity planning. Organizations typically use data protection solutions that take copies of the IT service data which can be used to restore the service when needed. Most organizations now have a hybrid IT environment with a cloud first approach to choosing new applications and data protection solutions need…

Service Layers delivers a comprehensive managed IAM solution, based on best-of-breed IAM products. The solution is well-architected, following modern concepts including DevOps, container-based deployments, and microservices architectures. It thus can be run and operated on various infrastructures. Service Layers provides full operations support across global regions. With this solutions,…

Registrierung und Authentifizierung sind die ersten Schritte, die erfolgen, wenn ein Nutzer Kunde digitaler Dienstleistungen werden möchte. Funktionieren diese Schritte nicht wie vom Nutzer erwartet, leidet die Akzeptanz solcher Dienste und damit ist der Erfolg digitaler Geschäftsstrategien in Gefahr. Identitäts-API-Plattformen helfen beim Aufbau von standardisierten…

A fast-growing market, IDaaS AM is largely characterized by cloud-based delivery of access management capabilities for business irrespective of the application and service delivery models. Improved time-to-value proposition prioritizes adoption of IDaaS for B2B, B2E and B2C access management use-cases, helping IDaaS AM to dominate new IAM purchases globally. This Leadership Compass…

Privileged Access Governance or PAG is fast becoming a crucial discipline of Privileged Access Management (PAM) to help organizations gain required visibility into the state of privileged access necessary to support the decision-making process and comply with regulations. Besides providing support for managing lifecycle events of privileged accounts, PAG includes privileged access…

Access reviews are considered important risk management controls in many organizations. They are intended to ensure that each user, process and system has always  only the minimum amount of access rights, which are necessary to perform associated tasks. In light of compliance, governance and the organizations's internal commitment to protecting itself from unwanted access, concepts…

TrustBuilder Identity Hub is the Identity and Acess Management (IAM) platform from TrustBuilder that enables a context-aware and policy-driven approach to deliver a secure and seamless application integration. Targetted mostly at B2B and B2E use-case requirements, TrustBuilder is building on additional features to address the consumer IAM requirements.

ESET Endpoint Security cover the widest variety of endpoint operating systems. This endpoint protection product consistently rates very highly in terms of detection in independent malware detection tests. The product also is one of the top-performing, lowest impact endpoint security agents available in the market today.

Registration and authentication are the first things that happen when someone becomes a user of digital business services. If these steps don’t work as the user wants, the acceptance of such services will suffer and the success of digital business strategies is at risk. Identity API Platforms help build a standardized approach for delivering unified identity services to businesses.…

Die heutigen SAP-Sicherheitsanforderungen gehen weit über die traditionellen Access Governance-Anforderungen an Benutzer, deren Zugriff und Rollen hinaus. akquinet bietet eine vollwertige Produktsuite für GRC (Governance, Risk & Compliance) und Sicherheit für SAP-Umgebungen. Die bereitgestellten Module decken ein breites Spektrum an Funktionen in dem sensiblen Bereich…

Today’s SAP security requirements go far beyond traditional Access Governance needs regarding users and their access and roles. AKQUINET offers a full-featured product suite for GRC (Governance, Risk & Compliance) and security for SAP environments. The provided modules cover a wide range of aspects in this sensitive area of SAP security and GRC.

Healthcare organizations deal with highly sensitive information. They face challenges in complying with ever-tightening regulations, combating ever-increasing cyber risks, and adapting to Digital Transformation. Comprehensive healthcare IAM, beyond pure SSO, helps Healthcare organizations to better cope with these challenges.

Xton Technologies provides an integrated PAM (Privileged Access Management) solution covering the key capabilities in this area such as managing credentials of sensitive and shared account, session management and remote control access. Xton focuses on efficient implementation of these capabilities and is an interesting alternative to established players in the PAM market.

There are several trends that continue to make the use of identity information for access control more complex. The prevalence of smartphones as the end-user client of choice, the increasing use of API channels needing access to corporate data and the increasingly complex hybrid cloud environment all serve to increase the complexity of managing authorized access to protected resources.…

Endpoint Detection & Response products are capturing a lot of mindshare in cybersecurity. But how do they differ from the more standard Endpoint Protection products? We’ll look at key features of each type of solution below.

Hacks against on-premises and cloud infrastructure happen every day. Corporate espionage is not just the stuff of spy novels. Unethical corporate competitors and even government intelligence agencies use hacking techniques to steal data. Reduce the risk of falling victim to hackers and industrial espionage by implementing the proper security tools in your cloud-based environments.

Radiflow SCADA Security Suite is a comprehensive set of hardware products, software solutions, and managed services offering risk-based insights into ICS/SCADA networks, intelligent detection of IT and OT-related cyberthreats, as well as proactive protection against any deviations from established security policies.

EDR products are getting a lot of attention at conferences and in the cybersecurity press. But does your organization need it? If so, do you have the expertise in-house to properly deploy, operate, and get value out of it? We’ll look at reasons to consider EDR or EDR as a managed service below.

Kaspersky offers a full-featured Endpoint Security suite which includes one of the most advanced multi-mode anti-malware detection engines in the market, which is powered by their Global Research and Analysis Team (GreAT). Kaspersky’s endpoint security product covers a wide variety of endpoint operating systems, and usually rate very highly in independent malware detection tests.

The Revised Payment Service Directive (PSD2) promises to make the European Union (EU) cross-border transactions further transparent, faster and more secure while increasing competition and choice for consumers. To do so, Banks and other financial service providers must quickly make the necessary technical infrastructure changes to prepare for PSD2. The ForgeRock Identity Platform provides…

This Leadership Compass provides an overview of the market for database and big data security solutions along with guidance and recommendations for finding the sensitive data protection and governance products that best meet your requirements. We examine the broad range of technologies involved, vendor product and service functionality, relative market shares, and innovative approaches to…

Digital transformation and the need for business agility are creating an explosion in the volume, variety and velocity of identity data that enterprises have to manage efficiently. And now regulators have sharply increased the liability of enterprises for assuring that identity data is safeguarded, only accessed appropriately, and accurate. An integrated identity capability can be the key…

Osirium Opus is a specialized solution that focus on IT Process Automation for privileged tasks. It works standalone or in combination with other ITSM solutions such as Service Now. Opus allows for defining and managing granular tasks, that can be executed securely on the target systems. By doing so, the efficiency of service desks can increase significantly, while security risks are mitigated.

Application Programming Interfaces (API) have become a crucial factor in delivering operational efficiency, scalability, and profitability for most businesses. Nowadays, everything is API-enabled: corporate data is the product and APIs are the logistics of delivering it to customers and partners. Unfortunately, many organizations still lack competence in the field of API security and…

Identity Governance and Administration (IGA) is an important security and risk management discipline that builds the necessary foundation of any organization’s IT security portfolio. ideiio, a spun out from IAM systems integrator ProofID, is a new vendor in the IGA space offering IGA functions targeted at mid-market customers to meet their basic IGA requirements with minimal effort…

As the hype around Blockchain is slowing down, the market is moving into a phase of maturity, focusing on business cases where Blockchain technology delivers concrete value, in combination with other types of technologies. Blockchain ID and the related concept of Self Sovereign Identity (SSI) are gaining momentum, in areas such as KYC (Know Your Customer), Consumer Authentication, and…

Malware remains a global cybersecurity threat. This KuppingerCole Buyer’s Guide will provide you with questions to ask vendors, criteria to select your vendor, and requirements for successful deployments. This document will prepare your organization to conduct RFIs and RFPs for endpoint protection.

The WALLIX Bastion is a single gateway-based solution for PAM offering advanced session management, password management and access management capabilities, with built-in controls for access request management. Offering Single Sign-On (SSO) to target systems, the WALLIX Bastion provides detailed session recording, auditing and monitoring capabilities in easy-to-configure and scale…

The FIDO® Alliance has released new authentication specifications that enhance security and privacy, standardize the authentication experience and underlying APIs, improve the usability, and extend the FIDO paradigm to more types of devices, platforms, and environments. With the publication of FIDO2 (comprised of FIDO’s CTAP and W3C’s WebAuthn specification), FIDO has more…

Darktrace Enterprise Immune System is a cyber-defense platform that utilizes a self-learning AI-based technology to detect, investigate and neutralize various cyber-threats in real time, across the whole corporate IT infrastructure, including physical and virtualized environments, industrial control networks, cloud infrastructures, and SaaS applications.

Consumer Identity is a fast-growing specialty solution. This KuppingerCole Buyer’s Guide will provide you with questions to ask vendors, criteria to select your vendor, and requirements for successful deployments. This document will prepare your organization to conduct RFIs and RFPs for selecting the right CIAM solution for your organization.

BeyondTrust’s Produktportfolio bietet eine gut integrierte Privileged Access Management (PAM) Suite mit einer Reihe von Funktionen für die Erkennung und Minderung von Sicherheitsbedrohungen, die durch den Missbrauch von privilegierten Accounts und Zugriffsberechtigungen verursacht werden. BeyondTrust’s Password Safe stellt die branchenführenden Funktionen für…

With IT functions gradually shifting to the cloud, it is time to rethink the way  supporting infrastructure and platform services such as IGA (Identity Governance and Administration) are implemented. While solutions running on premises, but also supporting cloud services were the norm until now, running IGA as a service, with support for the hybrid reality of IT infrastructures…

Exostar Supplier Risk Management delivers advanced capabilities for identifying and managing risk and compliance with cybersecurity and other best practices and standards, along the entire supply chain. By building on the capabilities of the Exostar Platform as an industry collaboration network, it enables re-use of supplier representations and certifications with multiple buyers, thus…

Artificial Intelligence remains the hottest buzzword in almost every segment of the IT industry nowadays, and not without reason. The very idea of teaching a machine to mimic the way humans think (but much, much quicker) without the need to develop millions of complex rules sounds amazing: instead, machine learning models are simply trained by feeding them with large amounts of carefully…

One Identity Manager in combination with the cloud-based Starling Connect service delivers a broad range of integrations into both traditional and cloud-based SAP services. The integration capabilities count amongst the leading-edge solutions in IGA (Identity Governance and Administration) products.

Kleverware ist ein französisches Softwareunternehmen, das sich auf die Entwicklung einer schlanken Lösung für Identity & Access Governance (IAG) fokussiert hat. Kleverware IAG ermöglicht die schnelle Implementierung von Berechtigungsprüfungen und -berichten und kann auf einfache Weise Berechtigungsdaten in heterogenen, komplexen IT-Landschaften,…

BeyondTrust’s portfolio of products provides a well-integrated Privileged Access Management (PAM) suite with a range of capabilities for  detection and mitigation of security threats caused by  abuse of privileged accounts and access entitlements. BeyondTrust’s Password Safe delivers market-leading shared account password management and session management…

Ubisecure Identity Platform is an integrated consumer identity and access management suite for on-premise or cloud deployment. Ubisecure features strong federation capabilities, innovative standards support, and the ability to leverage some bank and national IDs. RapidLEI provides a way to manage organizational identity.  

Increased relevance of BigData and BI environments in supporting business decisions requires a broad set of data points to be collected throughout the lifetime of an application and users’ interaction with it. Security and risk management leaders must ensure that the risks emerging from the abundance and extensive use of this data are identified and that the right security and…

Artificial intelligence and machine learning are megatrends in marketing analytics and automation—it's often seen as the holy grail of digital marketing, as its possibilities seem to be endless. But are they? This leadership brief discusses typical limits and risks of ML-based marketing automation—and shows how to overcome or manage them.

Artificial intelligence and machine learning techniques are becoming more and more important for marketing. ML offers new possibilities to analyze customer data, enabling individual marketing measures to be delivered. Nevertheless, privacy is often a concern when it comes to ML. Furthermore, legislation based on GDPR has to be considered. This leadership brief gives an overview of the…

Artificial intelligence is becoming more and more important for various applications in almost all industrial sectors. This leadership brief gives a basic overview of the main principles of artificial intelligence (AI), with a strong focus on machine learning (ML). Typical use cases are illustrated based on some examples—with a marketing and identity management-oriented focus.

ManageEngine AD360 is a tool targeted at the in-depth management of Microsoft Active Directory and connected systems such as Microsoft Office 365. It comes with capabilities that go beyond pure entitlement, by adding authentication features, UBA (User Behavior Analytics), and even Single Sign-On to several cloud services. However, the core of the product is supporting an efficient,…

Consumer Identity and Access Management (CIAM) is a rapidly growing market that offers a better user experience for the consumer and new challenges for the organization. NRI Secure’s Uni-ID Libra provides the necessary components of a CIAM solution with a focus on the Japanese market.

With today's mounting regulations to protect sensitive customer data, organizations are faced with new requirements, challenges and compliance risks. BigID assist organizations with their data compliance requirements by helping them find, categorize and map their data at scale.

The Internet of Things (IoT) is an IT megatrend. Apart from offering new possibilities and experiences to its users, IoT is highly interesting for marketers as it offers new ways to communicate with consumers and customers, leading to new possibilities in terms of analytics and consumer engagement as well. But what about privacy when IoT comes into play? This Leadership Brief gives an…

Simeio offers a turnkey Identity and Access Management IDaaS solution for small-to-medium size businesses. IAM for SMB prioritizes ease-of-use for business owners and administrators as well as security. The solution provides comprehensive user management via workflows, which are accessible via mobile devices.

Identity Management solutions need to address the growing number of identities associated with applications and endpoints, as well as the ability to integrate with the diversity of application and service APIs. WSO2 Identity Server provides a comprehensive and flexible solution for the modern enterprise.

Verlässliche Kontrolle und Monitoring sensibler Informationen, die in öffentlichen Clouds und Kollaborationstools (Microsoft® SharePoint™, Office 365™) gespeichert sind durch Virtualisierung, Verschlüsselung und Datenfragmentierung. Sichere und benutzerfreundliche Zusammenarbeit an geschützten Dokumenten und transparente, datenzentrische Sicherheit…

A suite of fully managed encryption key and TLS certificate management services natively integrated with over 50 other AWS services to ensure data protection and regulatory compliance across the whole cloud footprints.

Securing and monitoring privileged access to cloud environments is a crucial security requirement, more so because privileged accounts are powerful, shared in nature and generally accessible from outside the organization. IAM leaders responsible for privileged access management (PAM) must evaluate their security requirements associated with administrative access to cloud platforms and…

Privileged Access Management (PAM), over the last few years, has evolved into a set of crucial technologies that addresses some of the most urgent areas of Cybersecurity today. Continuing the growth trajectory, the PAM market has entered a phase of consolidation characterized by increased price competition and an intensified battle for market share. This Leadership Compass provides a…

Digital Risk Protection as a Service. A combination of data loss protection, the securing of brands and reputation online and the reduction of the overall attack surface by identifying weaknesses in an organization’s infrastructure.

Amazon GuardDuty is a fully managed, simple, and affordable security monitoring and threat detection service that combines machine learning and anomaly detection to enable quick and uncomplicated identification of suspicious activities and malicious behavior across AWS cloud accounts and workloads.

Krontech offers an integrated Privileged Access Management (PAM) platform comprising of several technology modules targeted at specific PAM functions. With a simplified approach to PAM, Krontech offers a promising alternative to other new market entrants, owing to its faster deployment cycle and its technological advantage in securing database privileges.

Besides the fastest growing segment of Privileged Access Management (PAM) market, Endpoint Privilege Management (EPM) has become the most critical technology of PAM that has a direct impact on an organization’s security posture. Thycotic Privilege Manager is a market leading EPM product that provides endpoint threat protection for controlled desktop and server environments through a…

Kleverware is a French software company that is focused on delivering a lean, targeted solution for Identity & Access Governance (IAG). Their solution Kleverware IAG allows for rapidly implementing access reviews and entitlement reporting, and can easily collect and homogenize entitlement data across heterogeneous, complex IT landscapes, including SaaS services, business applications,…

Privilege Management is the set of critical cybersecurity controls that deal with the management of security risks associated with privileged access in an organization. Maintaining control over privileged users, extended privileges and shared accounts demands for a well-integrated solution, consisting of risk mitigation, well-defined processes und well-executed implementation.

Encryption, tokenization, and data masking are essential capabilities needed in today’s highly regulated environments. Protecting sensitive information requires these capabilities, beyond just network and file-level encryption. Vormetric Application Crypto Suite from Thales eSecurity provides an integrated, easy-to-use set of services covering the needs for such environments.

IDaaS is fast becoming the new face of Identity and Access Management (IAM) with several vendors now delivering cloud-based IAM services to support the whopping cloud uptake by the business. Ilantus Compact Identity is an entry level enterprise IDaaS offering targeted at SMB customers to jump start their IAM with minimal effort and investment.

Veracode Application Security Platform is a cloud-based application security testing platform providing unified insights into software security risks at every stage of the development lifecycle.

Windows endpoint protection from risky tasks and malicious files, through browser and application isolation within one-time disposable micro-virtual machines combined with user behavior monitoring and enhanced enterprise management capabilities.

KuppingerCole Maturity Level Matrixes for the major market segments within cyber security. These provide the foundation for rating the current state of your cyber security projects and programs.  

Organizations now commonly use multiple cloud services as well as on-premises IT. This KuppingerCole Architecture Blueprint provides a set of building blocks needed to design, implement and integrate security for the Hybrid Cloud.

Reliable control and monitoring of sensitive information stored in public clouds and collaboration tools (SharePoint, Office 365) through virtualization, encryption and fragmentation of data while enabling the safe and convenient cooperation with protected documents. Transparent, data-centric security for cloud, onpremises and hybrid storage environments.

This Leadership Compass provides insights to the leaders in innovation, product features, and market reach for Web Access Management and Identity Federation on-premises platforms. Your compass for finding the right path in the market.

Hitachi ID Privileged Access Manager (HIPAM) is a mature and feature-rich solution for Privileged Access Management (PAM). It covers all major areas of PAM and comes with sophisticated operational capabilities in the areas of service account management and real-time password synchronization. Organizations looking for enterprise-scale PAM solutions should consider HIPAM in their shortlists.

The Revised Payment Service Directive (PSD2) will drive many changes in technical infrastructure at financial institutions across Europe.  Banks and other financial service providers must quickly prepare for PSD2. ForgeRock Identity Platform provides strong customer authentication capabilities that can help businesses meet the technical challenges posed by PSD2.

Checkmarx Software Exposure Platform combines application security testing tools, managed services, and training in a single solution that enables developers to detect, prioritize and mitigate software-related risks at every stage of the development life cycle.    

As businesses embrace the Digital Transformation and become increasingly cloud-native, mobile and interconnected, the corporate network perimeter is gradually disappearing, exposing users to malware, ransomware, and other cyber threats. Traditional perimeter security tools no longer provide adequate visibility, threat protection, and scalability, nor can they offer convenience and…

comforte AG SecurDPS Enterprise is a highly scalable data protection platform that combines stateless tokenization technology and hardened fault-tolerant architecture to ensure security and compliance of sensitive data in mission-critical business applications.

SAP Customer Data Cloud provides a complete solution for Consumer Identity and Access Management.   Entirely cloud-based, SAP Customer Data Cloud delivers advanced customer identity, consent, profile management and marketing service functionality for enterprise customers.

SSH.COM PrivX is an innovative solution for privileged access to sessions running on hosts in the cloud and on premises. Based on short-lived certificates and a policy- and role-based, automated access control, it is targeted at agile IT environments such as DevOps environments.

Safe-T Software Defined Access delivers a software-based solution that provides data protection by controlling both access and usage of corporate data, services, and applications, protection is done by authenticating users prior to providing access. The solution supports a variety of use cases, including hybrid cloud deployments and access to cloud services such as Microsoft Office 365.…

Fraud reduction is a paramount concern in many industries today.  Finance, as well as healthcare and retail companies, are increasingly targeted by cybercriminals. New regulations in the financial industry are coming into force in many areas around the world. These regulations aim to improve security and reduce fraud. OneSpan Intelligent Adaptive Authentication provides strong and…

This report provides an overview of the market for Consumer Identity and Access Management and provides you with a compass to help you to find the Consumer Identity and Access Management product that best meets your needs.  We examine the market segment, vendor product and service functionality, relative market share, and innovative approaches to providing CIAM solutions.

Securely authenticating users remains a difficult problem. VeriClouds offers an Identity Threat Protection Platform that can provide a useful additional level of assurance against the reuse of compromised credentials.  There are many approaches, products, and services around user authentication, however, the VeriClouds Identity Threat Protection Platform is unique in what it offers. 

AI is a generic term that covers a range of technologies. Today some of those technologies are sufficiently mature for commercial exploitation and some are not. This leadership brief describes the current state of AI technologies and recommends the areas where they can be applied today.

Identity Verification is the first step in the journey of the digital customer. From there, Authentication is the first thing to do when returning. Balancing security & convenience and creating a seamless experience for customers is essential to keeping customers happy and minimizing churn rates: Identity Assurance done correctly is an essential step towards success in digital business.

How do you ensure secure and compliant access to cloud services without losing the agility and cost benefits that these services provide? This report gives you an overview of the market for Cloud Access Security Brokers and a compass to help you to find the product that you need.

Marketing automation systems are key when it comes to digital or omni-channel marketing. This KuppingerCole Buyer’s Guide will provide you with questions to ask vendors, criteria to select your vendor and requirements for successful deployments. It will also prepare your organization to conduct RFIs and RFPs to select the right marketing automation solution – in line with GDPR…

Saviynt provides a comprehensive platform for Identity Lifecycle Governance and Administration combined with Application GRC, IaaS Governance, Data Governance, and Privileged User Governance. The solution is designed to be deployed as a cloud, hybrid or on-premise solution. The Saviynt Security Manager helps customers demonstrate compliance using their access governance and risk…

Any Self-Sovereign Identity platform must strike a balance between the individual and the organization that uses it. The Sphere Identity platform provides not only primary support for B2B, but also economic incentives for both individuals and organizations through ease of use, privacy, and rewards for the individual, and reduced compliance risk, easy customer onboarding and integration…

Organizations need a detailed yet carefully guided and defensible approach to evaluate Identity and Access Management Services (IDaaS). This document provides the required guidance and criteria necessary for evaluating IDaaS providers and supporting the request for proposal (RFP) processes. Security leaders are encouraged to use the criteria laid out in this research for IDaaS evaluation…

As IAM is continuing to evolve based on the growing list of IT security requirements, so is IBM Security Access Manager (ISAM). Not only does ISAM provide the essentials of access management and federation use cases, but it also provides Risk-Based Access Control and Mobile capabilities, as well as providing flexible deployment models.

ThreatMetrix, a LexisNexis Risk Solutions Company, is a global fraud, identity and authentication company, helping customers deliver a unified experience  across their digital customer journey.  Built on a platform  providing a unified, global customer digitial identity, ThreatMetrix enables businesses to prevent fraud, reduce friction, and streamline the customer…

AWS is the largest global provider of Cloud infrastructure with extensive capabilities to suit a wide range of customer requirements for cloud-based services. The AWS platform now provides easy-to-use facilities to allow customer to better leverage their identity management environment.

Securonix Cloud is a next-generation security intelligence platform that provides comprehensive security information and event management, as well as user and entity behavior analytics offered as a fully managed Security Operations Platform in the cloud.

Zscaler is the world’s largest multi-tenant distributed cloud security platform that delivers a broad range of services without any on-premises hardware or software agents, including cybersecurity, network transformation, public cloud connectivity, and secure access to on-premises and cloud services.

Die FSP Identity Governance & Administration Suite ORG ist eine Lösung zur Verwaltung des Identitäts- und Zugriffslebenszyklus und bedient somit den Markt für Identity Provisioning und Access Governance, gerade in stark regulierten Branchen. Ein besonderer Vorteil des Produkts ist die Kombination von rollenbasierter und richtlinienbasierter Zugriffssteuerung in einer…

While many businesses have solutions for managing and reviewing access at a coarse-grain, cross-system level in place as part of their Identity & Access Governance solutions, they lack an integrated approach for governing access to unstructured data. However, for mitigating access risks to that data, expanding the aperture of identity governance programs is mandatory. This whitepaper…

Backed by closer integration of Identity Provisioning and Access Governance capabilities, the IGA market continues to evolve and enters mainstream market adoption with most vendors providing mature capabilities around the core IGA functions. This Leadership Compass provides insights into the IGA market and presents an evaluation of vendors based on criteria important for successful IGA…

This report provides an overview of the market for Cloud-based Multi-Factor Authentication (MFA) solutions and provides you with a compass to help you to find the service that best meets your needs. We examine the market segment, vendor service functionality, relative market share, and innovative approaches to providing Cloud-based MFA solutions.

Mit dem im Juli 2018 final vorgelegten Dokument „Versicherungsaufsichtliche Anforderungen an die IT“ (VAIT) gibt die BaFin (Bundesanstalt für Finanzdienstleistungsaufsicht) Versicherungsunternehmen konkretere Vorgaben für die Umsetzung ihrer Geschäftsprozesse mittels IT an die Hand. Diese stellen Herausforderungen dar, denen in betroffenen Unternehmen…

GRC covers the areas of Governance, Risk and Compliance and this report refers to GRC in the context of delivering IT services to meet organizational goals.  GRC is concerned with setting objectives, policies and controls and monitoring performance against these.  This report provides an architecture for the successful implementation of GRC within an organization.

This report provides an overview of the market for on-premise Adaptive Authentication solutions and provides you with a compass to help you to find the product that best meets your needs.  We examine the market segment, vendor product and service functionality, relative market share, and innovative approaches to providing on-premise Adaptive Authentication solutions.

Many changes are coming to Europe's financial landscape due to the Revised Payment Service Directive (PSD2). PSD2 will present new challenges to overcome, as well as potential benefits for Third Party Providers (TPPs) and consumers.  Account Information Service Providers (AISP) and Payment Initiation Service Providers (PISP) functions have historically been performed by banks;…

United Security Providers (USP) provides a web access management platform designed to provide a unified and efficient approach towards Web Application Firewall (WAF), Authentication, CIAM and Identity Federation capabilities for complex use cases and hybrid on-premises and cloud solutions.

With the continually evolving security requirements and challenges IT faces today, the capabilities of IAM must also advance to keep up. Evidian meets these modern IAM requirements by integrating Identity Governance and Administration, and Analytics & Intelligence into their IAM suite.

ObserveIT Insider Threat Management is a platform that combines the functionality of traditional User Behavior Analytics (UBA) and Data Loss Prevention (DLP) products in a lightweight and streamlined solution for detecting and mitigating various insider threats.

The Revised Payment Service Directive (PSD2) will drive many changes in technical infrastructure at financial institutions across Europe.  Banks and other financial service providers must quickly prepare for PSD2. RSA provides foundational technical capabilities in their SecurID, Adaptive Authentication, Web Threat Detection, and Archer products that can help businesses meet the…

Die Delphix Dynamic Data Platform ist eine integrierte Plattform für die Verwaltung, Absicherung und Replizierung von Daten in lokalen, cloudbasierten und Hybrid-Umgebungen. Sie kombiniert eine hochleistungsfähige Virtualisierung mit integriertem Data Masking und automatisierten Self-Service-Workflows. Auf diese Weise erhöht sie signifikant die Effizienz in Bezug auf Agile…

CA Technologies offers comprehensive Privileged Access Management (PAM) under CA Privileged Access Management Suite comprising of several modules bundled in a single product. The CA PAM solution blends well with CA’s popular IAM Suite to offer market leading PAM capabilities for large scale deployments requiring complex integrations and fine-grained command control.

A software platform designed to achieve a holistic assessment of an organization’s cybersecurity, compliance, risk and governance status by establishing risk governance, resilience and protection from cyber threats through the deployment of a standards-based risk governance framework.

ViewDS Cobalt is a cloud-architected identity platform flexible enough to support on-premises, cloud, and hybrid environments. With all aspects of the platform management fully accessible via APIs, Cobalt is uniquely positioned to support the automation and integration requirements of today’s modern IT environment.

Senrio Insight is an Industrial IoT cybersecurity platform utilizing passive nonintrusive network device discovery to provide visibility and analytics of industrial device behavior and rapid detection of abnormal activities.  

WidasConcepts offers a complete consumer identity and access management solution:  cidaas.  cidaas is developed and hosted in Germany. cidaas contains most standard and many innovative features, such IoT integration and consent management.  It is based on a micro-services architecture which enables continuous deployment of service enhancements.

Many organizations are using cloud services, but the use of these services is often poorly governed. Cloud Access Security Brokers (CASBs) provide functionality to discover the use of the cloud, to control which cloud services can be accessed and to protect the data held in these services. This report provides an up to date review of CipherCloud CASB+ which strongly matches…

Active Directory provides critical identify infrastructure for the enterprise. Semperis offers Active Directory change monitoring and forest recovery products. The Semperis DS-Protector product support change monitoring and rollback for a broad set of AD infrastructure objects.

1Kosmos BlockID is one of the first commercial implementations of a blockchain-based identity solution that works for both consumers and employees. It is well thought-out and implements the fundamental concepts of Self Sovereign Identity. It integrates well with existing identity and service providers. While there are still some challenges to solve, BlockID delivers on the promise of…

An ever-increasing number of devices, sensors and people are connected to the global internet and generate data.  The analysis of this data can help organizations to improve their effectiveness and make better decisions.  However, there are concerns over the trustworthiness of the data as well as the ethics of its use.  This report describes how good Information Stewardship…

MinerEye DataTracker is an AI-based application that identifies, classifies, and tracks unstructured information. It creates cluster of similar content across data sources and analyzes information about classified data in those clusters, to triggers applications such as DLP, IRM and Access control tools. It also provides deep insight into unstructured data based on sophisticated…

Cyber criminals regularly exploit vulnerabilities and poor practices around Microsoft Active Directory to obtain credentials that allow them to infiltrate organizational systems, cause damage and exfiltrate data.  This report describes StealthINTERCEPT, the real-time policy enforcement, change and access monitoring and Active Directory security component of the STEALTHbits’…

NRI Secure’s Uni-ID Libra is a relatively new entrant in the rapidly growing market for consumer identity management (CIAM). Focused for now completely on the Japanese market, the product emphasizes security, leveraging the company’s expertise in managed SOC services and security software. The near-term product roadmap includes enhanced consent management and support for FIDO…

Often, enterprise security is delivered as separate services such as Identity-as-aService (IDaaS), Enterprise Mobility Management (EMM) and Privileged Access Management (PAM). Centrify converges these market segments into a single platform to deliver the next generation of access management.

The Content Threat Removal Platform by Deep Secure operates at the network boundary, intercepts and analyzes incoming data, extracts only the useful business information while eliminating malicious content and then creates new, clean data for onward delivery. In this way, it defeats zero-day attacks and prevents covert data loss, all transparent to end users.

One Identity is one of the leading vendors in the field of IAM. With their recent acquisition of Balabit and the integration of their Privilege Management offerings into the Safeguard product portfolio, the company positions itself among the leaders in the Privilege Management market, delivering a comprehensive portfolio of Privilege Management capabilities.

RSA Identity Governance and Lifecycle is a complete solution for managing digital identities and their access, both inside and outside the enterprise. The RSA solution covers all aspects of governance from attestations to policy exceptions and identity lifecycle, from provisioning to entitlement assignment to access reconciliation to removal.

Delphix Dynamic Data Platform is an integrated platform for managing, securing and replicating data across on-premises, cloud and hybrid environments. Combining high-performance virtualization, integrated masking and automated self-service workflows, it significantly increases efficiency of agile development, data analytics, cloud migration, disaster recovery and other DataOps use cases.

Organizations now commonly use multiple cloud services as well as on premises IT. This KuppingerCole Buyer’s Guide focusses on IaaS services. It will provide you with questions to ask vendors, criteria to select your vendor, and the requirements for successful deployments. This report will prepare your organization to conduct RFIs and RFPs for IaaS as part of a Hybrid IT service…

Leaders in innovation, product features, and market reach for access governance & Intelligence. Delivering the capabilities for managing access entitlements, always knowing the state of these, and enforcing access and SoD policies across heterogeneous IT environments on premises and in the cloud. Your compass for finding the right path in the market.

Getting a grip on your data is a bigger challenge than ever before. While solutions for central IT environments such as SAP are quite established, a significant portion of critical data resides in unstructured data stores such as file servers or collaboration services. This includes PII (think “GDPR”), but also blueprints, financial data, and more. It is essential having tools…

Cayosoft Administrator is an integrated platform for management and automation of Active Directory and Office 365 environments, including hybrid deployments. The latest release adds new capabilities not available in native Microsoft tools, focusing on customers who have already completely moved to the cloud.

Onegini provides a compelling solution for Consumer Identity and Access Management (CIAM). Onegini is headquartered in Europe and has global ambitions. They have expertise in EU regulations such as GDPR and PSD2. They are positioning their product as a CIAM solution for financial, health care, and insurance industries with a strong mobile differentiator to enhance customer engagement.

The Internet of Things (IoT) has enormous potential to transform and benefit both consumers and industries, but along with it comes significant privacy and security implications. Addressing these challenges early on in an IoT project can go a long way to lowering potential security risks in the field.

Neue Regulierungen wie die Datenschutz-Grundverordnung (DSGVO) und die stetig wachsende Gefahr durch Cyber-Attacken führen zu einem hohen Druck auf Unternehmen. Es gibt aber auch Chancen, wenn man versteht, wo die wirklich wertvollen Daten liegen und sich darauf fokussiert, diese Daten im Unternehmen optimal zu nutzen und sie gezielt zu schützen, statt mit breitflächigen…

Well-designed IAM/IAG-architectures establish real-time visibility of all accounts of a person, thereby closing a formerly intrinsic security gap. Bridging between established governance silos within organizations enables full enforcement of Segregation of Duties rules for both business and privileged access. Thus, it substantially improves an organization's security posture.

Cyber-attacks often involve a complex process, including an insider threat element, which exploits compromised or illicit user credentials to gain access to data. StealthDEFEND is the real time file and data threat analytics component of the STEALTHbits’ Data Access Governance Suite. 

This report provides an executive summary of Oracle’s Database Security capabilities based on recently published KuppingerCole research. It covers both the company’s traditional database security solutions and the innovative Autonomous Database cloud platform.

In today’s modern digital environments, organizations need an IAM solution that can span the breadth of employees, consumers, and citizens. Pirean's Access: One provides a single point of access and control that can meet these need with support for secure mobility and flexible workflows.

Cleafy is an integrated real-time clientless threat detection and prevention platform for online services in highly regulated industries, providing protection against advanced targeted attacks for web applications and mobile apps.  

Radiant Logic’s federation suite evolves the directory to be a “single source of truth” about identity data in even the most complex hybrid enterprise. It provides an important building block at the center of an integrated identity management capability.

Most organizations today run in a hybrid IT environment. However, their IAM solutions have repeatedly been built for the traditional on-premises IT. IAM needs to become a service that supports the hybrid IT infrastructure organizations run today. This whitepaper describes the paradigm shift, the customer needs, and a solution to help businesses move forward in this hybrid IT environment.

ARCON offers a platform suite with multiple Privilege Management capabilities bundled in a single product offering. In addition to generic capabilities necessary for managing privileged access across a typical IT infrastructure, ARCON’s PAM suite offers distinct advantages to support the scalability and complexity requirements of large data centre deployments.

inWebo offers a cloud-based Two-Factor Authentication (2FA) solution, with some unique and proprietary authentication methods that can be less obtrusive and more user-friendly. The inWebo solution provides easy-to-deploy application plug-ins and SDKs for mobile authenticators.

With massive data breaches in the headlines and increased regulatory scrutiny of failures to implement effective cybersecurity controls, enterprise management of privileged user accounts has become a business imperative. This report provides an overview of Micro Focus’ NetIQ Privileged Account Manager.

The KuppingerCole Leadership Compass provides an overview of vendors and their product or service offerings in a certain market segment.  This Leadership Compass focusses on Infrastructure as a Service (IaaS) from Cloud Service providers (CSP) with a global presence and with a specific focus on security and compliance.

Identity and Access Management (IAM) for employees and partners is a foundational element in all digital environments today.  Consumer Identity and Access Management (CIAM) systems and services provide new technical capabilities for organizations to know their customers better.  Pirean’s solutions for IAM and CIAM can help companies deploy a single solution to meet both…

Microsoft Azure Information Protection creates a viable user experience for data classification and labeling of Office documents and emails. It enables sensitive data discovery; integrates data protection capabilities throughout Microsoft’s Azure, Office, and Windows environments; and is gaining third party support from Adobe and data leakage prevention (DLP) vendors among others.…

With today's ever-growing IT requirements for integrations between identity sources, applications and services whether on-premise, the cloud, or hybrid environments, an advanced identity provider service is required to bridge these disparate technologies. UNIFY Solutions overcomes these challenges with their Identity Broker.

The Revised Payment Service Directive (PSD2) mandates that banks provide APIs for Account Information Service Providers (AISPs) and Payment Initiation Service Providers (PISPs) to use.

Chatbots are a recent trend in marketing automation, designed to enhance customers’ digital journeys and elicit more information from consumers. This report evaluates the impact of GDPR will have on the use of chatbots and provides an overview of topics to be considered in order to ensure compliance.

The cloud provides an alternative way of obtaining IT services that offers many benefits including increased flexibility as well as reduced cost.   This document provides an overview of the approach that enables an organization to securely and reliably use cloud services to achieve business objectives.

The Revised Payment Service Directive (PSD2) mandates thatservice providersevaluatetransaction requests for signs of malware infection. In order for transactions to be considered low-risk, there must be no signs of malware infection in any sessions of authentication events.

Axiomatics provides a complete enterprise-grade dynamic authorization solution that can address an organization's breadth of access control needs. The Axiomatics Policy Server (APS) makes available a suite of tools and services to manage an Attribute Based Access Control (ABAC) policy life-cycle efficiently.

On October 24, 2017, Imprivata significantly enhanced their healthcare-focused enterprise SSO offering with Identity Provisioning and Access Governance capabilities acquired from Caradigm. With that offering they are broadening their portfolio while remaining focused on the healthcare market segment.

Mit der neuen Datenschutz-Grundverordnung (GDPR) führt die EU strenge Kontrollen bezüglich der Verarbeitung personenbezogener Daten von EU-Bürgern sowie hohe Geldstrafen bei Nicht-Einhaltung eben dieser ein. Die Compliance der Grundverordnung erfordert kostenintensive Kontrollen, die sich mit den direkten geschäftlichen Vorteilen der Verarbeitung personenbezogener…

GDPR introduces stringent controls over the processing of PII relating to people resident in the EU with high penalties for non-compliance.  Compliance requires costly controls that can be justified for processing of PII with direct business benefits.  However, using PII for non-production purposes such as development and test, incur the same risks and need the same costly…

This report provides a review of the major security risks from the use of cloud services, how responsibility for security is divided between Cloud Service Provider and customer and the key controls that an organization should implement to manage these risks. 

This report is one of a series of documents around the use of cloud services.  It identifies how standards as well as, independent certifications and attestations can be used to assure the security and compliance of cloud services.

Fully integrated protection of virtual machines as part of the software defined data center. From capturing expected behavior to efficiently responding to detected threats: Intelligent endpoint security technology leveraging the insight, control and automation available within virtualized environments.

Identity and Access Management (IAM) is many things. For some it’s all about streamlining the user experience through technologies and practices that make it easier for them to securely logon. For others, IAM is all about identity lifecycle management – ensuring that accounts are set up, modified, and retired in a timely, accurate, and secure manner. And for still others…

This report provides an overview of the market for Enterprise Endpoint Security: Anti-Malware Solutions and provides you with a compass to help you to find the Anti-Malware product that best meets your needs.  We examine the market segment, vendor product and service functionality, relative market share, and innovative approaches to providing Anti-Malware solutions for enterprises.

Die FSP Identity Governance & Administration Suite ist eine Lösung zur Verwaltung des Identitäts- und Zugriffslebenszyklus und bedient somit den Markt für Identity Provisioning und Access Governance, gerade in stark regulierten Branchen. Ein besonderer Vorteil des Produkts ist die Kombination von rollenbasierter und richtlinienbasierter Zugriffssteuerung in einer…

Oracle Autonomous Database is the world’s first fully automated cloud database platform powered by machine learning. By eliminating human factor from database management, it provides unprecedented security, reliability and performance for enterprise data management in the cloud.

RSA SecurID Access is an integrated offering for Adaptive Authentication, supporting a broad range of different authentication methods on virtually any type of endpoint and integration to a large range of on-premises applications and cloud services. It supports context-aware authentication and uses machine learning to assess user risk and simplify the user experience.

SAP HANA Platform securely supports the IT applications and services needed by organizations to achieve digital transformation as well as the traditional IT systems of record. It offers a high - performance database through in - memory processing and provides enterprise grade security features that cover  the  confi dentiality, integrity and availability of the data being held…

PowerBroker for Unix & Linux von BeyondTrust bietet Server Privilege Management und Session Management speziell für Unix- und Linux-Server. Solche Server sind häufig Angriffen sowohl von böswilligen Insidern als auch externen Hackern ausgesetzt. PowerBroker for Unix & Linux bietet umfassenden Schutz für privilegierte Accounts auf Unix- und Linux-Plattformen.

Many organizations are using cloud services, but the use of these services is often poorly governed. Cloud Access Security Brokers (CASBs) provide functionality to discover the use of the cloud, to control which cloud services can be accessed and to protect the data held in these services. This report provides an up to date review of Symantec CloudSOC™ which strongly matches…

Osirium’s Privileged Access Management provides a secure, streamlined way to monitor privileged users for all relevant systems. It manages context-driven access over any number of systems across an infrastructure, and supports an innovative, task-based approach. Furthermore, it comes with a well-thought-out gateway approach for supporting downstream applications.

An enterprise security architecture (ESA) is a critical component to an enterprise architecture (EA) that describes how IT services, processes, and technologies should be protected given a customer’s unique business, security, and compliance requirements.

Thycotic Privilege Manager is a tool focused on Least Privilege management and enforcement on endpoint systems, supporting both Windows and Mac systems. It provides application control and privilege management features to restrict the access and use of highly privileged accounts and thus minimize risks caused by cyberattacks and fraudulent users.

BeyondTrust’s PowerBroker for Unix & Linux delivers Server Privilege Management and Session Management specifically for Unix and Linux servers. These servers are common targets for attackers, both malicious insiders and external attackers. PowerBroker for Unix & Linux provides in-depth protection for privileged accounts on these platforms.

Ilantus IDaaS Next is an offering in the emerging market of IDaaS B2E, i.e. IDaaS offerings targeted at enterprise customers that must manage both SaaS services in the cloud and on-premise applications and who need more than just SSO capabilities. The service comes with some interesting features and a well-thought-out roadmap for further evolution.  

AlgoSec Security Management Suite ist eine hochautomatisierte und speziell für Unternehmen konzipierte integrierte Lösung zur Verwaltung von Netzwerksicherheitsrichtlinien und der Konnektivität von Geschäftsanwendungen für verschiedenste Geräte in heterogenen Umgebungen.

Duo Security provides a scalable multi-factor authentication solution that can support a small to enterprise-size user base. Duo Security focuses on reducing the complexity of user identity verification while monitoring the health of their devices before connecting them to the applications they use. Duo Security goes beyond 2FA with adaptive authentication, endpoint visibility, mobile…

ERPScan Smart Cybersecurity Platform for SAP is an Al-driven enterprise level solution for SAP that leverages machine learning. By addressing predictive, preventive, detective and responsive capabilities, and by leveraging vulnerability management, source code security and the analysis of Segregation of Duties (SoD) violations, it provides comprehensive security analytics covering all…

The Revised Payment Service Directive (PSD2) will drive many changes in technical infrastructure at financial institutions across Europe.  Banks and other financial service providers must quickly prepare for PSD2. Ergon’s Airlock Suite provides foundational technical capabilities that can help businesses meet the challenges posed by PSD2. 

Janrain provides a complete solution for Consumer Identity and Access Management (CIAM). Janrain is a pioneer in the field, creating the category of CIAM and developing the popular “ social login” authentication method .

AlgoSec Security Management Suite is a highly automated and business-focused integrated solution for managing network security policies and business application connectivity across a wide range of devices in heterogeneous environments.    

KuppingerCole Maturity Level Matrix for the degree of readiness for implementing EU GDPR (General Data Protection Regulation) requirements. Foundation for assessing the current status and identifying specific measures in your GDPR compliance projects and programs.

Securely governing access is increasingly important to ensure compliance as well as to defend against cyber-crime. STEALTHbits’ products provide a comprehensive set of solutions to address IT security risks covering Active Directory, Data Access Governance, Privileged Access Management, and Threat Detection.

Leaders in innovation, product features, and market reach for Identity Provisioning. Delivering the capabilities for managing accounts and entitlements across heterogeneous IT environments on premises and in the cloud. Your compass for finding the right path in the market.

Forum Sentry API Security Gateway is an integrated platform for API and service security, access management and legacy application modernization with a strong focus on “security by design”, certified encryption, and support for a broad range of Web Services, B2B, Mobile, Cloud and IoT APIs and other protocols.

ManageEngine, part of Zoho Corp., delivers a broad portfolio of solutions targeted at IT administrators. Among these, we find Password Manager Pro, a Privilege Management solution providing support for a variety of use cases such as Shared Account Password Management, Application-to-Application Privilege Management, or Session Management. The tool counts among the advanced, feature-rich…

Atos DirX Identity is a mature offering for IGA (Identity Governance and Administration), delivering both leading-edge Identity Provisioning capabilities and a strong Access Governance feature set. Atos has made significant improvements when it comes to the ease and flexibility of customization and added a modern, responsive user interface.

BeyondTrust’s PowerBroker product family provides a well-integrated solution with a broad range of capabilities for the mitigation of threats caused by the abuse or misuse of privileged system accounts and entitlements, on endpoints as well as server systems. With dedicated products for major system architectures, PowerBroker PAM delivers deep support for privilege management on…

Die DSGVO oder EU GDPR (General Data Protection Regulation), die ab dem 28. Mai 2018 voll wirksam ist, wird derzeit vor allem mit den Zustimmungsregeln zur Nutzung personenbezogener Daten (Consent) und den Rechten der Betroffenen wie beispielsweise dem „Recht auf Vergessen“ in Verbindung gebracht. Die DSGVO sieht aber auch den angemessenen Schutz von personenbezogenen Daten…

All organizations today are under constant attack, and high-privilege accounts are a primary target, allowing attackers to cause maximum damage by data theft and other attacks, due to their elevated privileges. While the number of external attacks continues to increase, internal attacks remain at a high level – perimeter security in itself does not protect sufficiently anymore.…

The upcoming EU GDPR will have significant impact on how business can collect PII of their customers and consumers. Business are well-advised to thoroughly review these changes and prepare. Managing consumer identities consistently across all apps, portals, and services is essential. Identity Platforms provide the foundation for moving to a consistent management of consumer identities and…

Securely authenticating users is a major problem given the increasing threats from cyber-crime. Entrust IdentityGuard for Enterprise provides a comprehensive solution for enterprises to select and manage the way in which organizational users are authenticated to access both physical and logical assets.

The ongoing task of maintaining cyber security and risk governance, while providing evidence and communicating efficiently with corporate stakeholders is getting increasingly more important for practically every organization. Understanding the risk posture and providing transparency while aligning cyber security efforts with corporate strategies is a major challenge. The current lack of…

Adaptive Authentication, or the practice of varying authentication methods based on runtime evaluation of risk factors, is a requirement for accessing applications, resources, devices, networks, and even cyber-physical systems.

Ubisecure Identity Server is an integrated consumer identity and access management suite for on-premise deployment. Ubisecure Identity Cloud is for cloud-based deployments. Ubisecure features strong federation capabilities and the ability to leverage some bank and national IDs.

Axiomatics provides a number of solutions for dynamic policy-driven data masking and access filtering for relational databases and Big Data stores. This suite applies an Attribute Based Access Control mechanism across multiple data stores, and centralizes policy-based authorization rules for access to corporate data.

Improve your level of compliance, gain up-to-date insight and reduce recertification workload. Add business risk scoring to your Access Governance Architecture, focus attention on high-risk access and extend your existing infrastructure to provide real-time access risk information. Re-think your existing Access Governance processes and understand upcoming IAM challenges and their impact…

OpenIAM provides a comprehensive suite for both Identity Management and Access Management, covering the full range from Identity Provisioning and Access Governance to Enterprise SSO, Cloud SSO, and Identity Federation. The product is based on a modern, well-thought-out software architecture and exposes its capabilities through a consistent API layer, which makes it an interesting option…

This report provides selected Key Risk Indicators (KRI) for the area of Access Governance. These indicators are easy to measure and provide organizations with a quick overview of the relevant risks and how these are changing. The indicators can be combined into a risk scorecard which then can be used in IT management and corporate management.

PlainID offers an authorization solution that provides Policy Based Access Control (PBAC) for common on-premise, SaaS, and even homegrown applications. PlainID’s scalable technology enables customers to easily externalize authorization decisions from applications, achieving higher efficiencies, more fine-grained access controls, and improved security.

iWelcome provides a complete solution for both Identity-as-a-Service and Consumer Identity and Access Management. As an EU-based company, iWelcome strives to help their customers with GDPR compliance, and as such as provides unparalleled consent management features.

Omada Identity Suite is a solution for IGA (Identity Governance and Administration), supporting both Access Governance and Identity Provisioning. It provides, amongst many other features, strong automation of entitlement management and insight into access risks, altogether with a high degree of automation in application onboarding.

Beta Systems Garancy IAM Suite combines the various modules for Identity and Access Management in the Beta Systems portfolio into one suite. The combined offering delivers a strong feature set with some outstanding capabilities such as the depth of application-specific connectors and role management capabilities.

TITUS Classification for Mobile is a solution that not only supports classification of documents and email on both iOS and Android platforms, but also delivers a secure document storage on these devices. It integrates with a variety of other tools and services and is easy to use.

Securely authenticating users remains a thorny problem and VeriClouds CredVerify service can provide a useful additional level of assurance.  There are many approaches, products and services for user authentication however, the CredVerify service is unique in what it offers.  

Consumer Identity is a fast-growing specialty solution. This KuppingerCole Buyer’s Guide will provide you with questions to ask vendors, criteria to select your vendor, and requirements for successful deployments. This document will prepare your organization to conduct RFIs and RFPs for selecting the right CIAM solution for your organization.

A business-driven approach to Access Governance and Intelligence, based on business processes and access risk. Supporting fine-grained SoD analysis for all environments, with strong support for SAP. Providing connectivity to target systems based on direct connectors and via IBM Security Identity Manager.

One Identity SafeGuard 2.0 is a re-architected, modular solution for Privilege Management, supporting both Shared & Privileged Account Password Management and Session Management, plus several additional capabilities. The product excels with its architecture, integration capabilities, and other features such as very strong workflow support.

SAP Fraud Management leverages the power and speed of the SAP HANA platform to detect fraud earlier, improve the accuracy of detection and uses predictive analytics to adapt to changes in fraud patterns.

How do you ensure secure and compliant access to cloud services without losing the agility and cost benefits that these services provide? This report gives you an overview of the market for Cloud Access Security Brokers and a compass to help you to find the product that you need.

eperi provides an encryption gateway for data stored in the cloud, based on a unique flexible approach based on templates that specify which data should be  encrypted and how. Combined with built-in indexing capabilities, the product enables fully transparent and infinitely extensible end-to-end cloud data  encryption with out-of-the-box support for popular SaaS applications.

SailPoint SecurityIQ counts amongst the leading Data Access Governance solutions, providing tight integration into SailPoint IdentityIQ and thus delivering full Data Access Governance capabilities. Amongst the outstanding features are the real-time and behavioral analytics features and the broad support for unstructured data stores such as file servers, NAS devices, and SaaS data stores.

Ransomware is a global cybersecurity threat. This KuppingerCole Buyer’s Guide will provide you with questions to ask vendors, criteria to select your vendor, and requirements for successful deployments. This document will prepare your organization to conduct RFIs and RFPs for ransomware protection.

Ransomware is a top security threat and continuously on the rise. Financial organizations, healthcare institutions, and manufacturing industries are the most vulnerable groups; however, individual users as well have been victims of ransomware. The purpose of this Advisory Note is to analyze the concept of ransomware, elaborate on its global reach and provide concrete advice on what to do…

Thycotic Secret Server is a mature enterprise - class offering for Privilege  Management, supporting the key areas of the market such as Shared Account and  Privileged Password Management, Session Monitoring, Account Discovery, and others. The solution convinces with its approach for rapid deployment and an overall strong feature set.

Auth0 has a flexible identity platform that can be used for both Consumer Identity and Access Management (CIAM), Business - to - Employee (B2E), and Business - to - Business (B2B) scenarios. Auth0’s Customer Identity Management solution is focused on developers an d as such is highly customizable to meet a variety of business requirements.    

À l’heure actuelle de la transformation numérique, la plupart des entreprises subissent fortement la pression du changement. Les modèles d’affaires évoluent et ceux qui émergent redéfi nissent profondément la relation aux clients et aux consommateurs. Si la connaissance de ces derniers gagne globalement en pertinence, la majeure…

La « Transformation numérique » révolutionne les modèles de gestion et les processus au sein des entreprises, ainsi que les services apportés aux clients. Elle conduit à une intégration étroite entre l‘activité opérationnelle et l‘infrastructure informatique sous-jacente. L’infrastructure…

Ausreichend und gut qualifiertes Personal für ihr Cyber Defense Center (oder den  IT - Sicherheitsbereich) zu finden ist schwierig. Die Antwort auf die Personalknappheit besteht aus drei Elementen: Ausbildung. Dienstleistungen. Werkzeuge.

The Content Threat Removal  Platform by Deep Secure provides comprehensive on - the - fly analysis of incoming data, extracting only the useful business information while eliminating malicious content and then reconstructing new clean data for delivery. In this way, it defeats zero - day attacks and prevents data loss, all transparent to end users.

Ransomware (Erpressungssoftware) ist eine Epidemie. Prävention ist die beste Strategie. Geben Sie nicht auf und bezahlen Sie kein Lösegeld.

Mit der kommenden EU-DSGVO (Datenschutz-Grundverordnung) im Mai 2018 verändern sich die Anforderungen an den Umgang mit personenbezogenen Daten. Dieser Report identifiziert sechs zentrale Aktivitäten, die innerhalb der IT unternommen werden sollten, um auf die Erfüllung dieser Anforderungen vorbereitet zu sein.

Die führenden Unternehmen im Privilege Management - Markt bezüglich Innovationen, Produktfunktionalität und Marktführerschaft. Wie kann man den Zugriff auf kritische Systeme und Geschäftsinformationen steuern und gleichzeitig sichere und optimierte Geschäftsvorgänge ermöglichen? Dieser Report bietet Ihnen einen Leitfaden, der Sie dabei…

Microsoft Azure Stack is an integrated hardware and software platform for delivering Infrastructure-as-a-Service (IaaS) and Platform-as-a-Service (PaaS) services of Microsoft Azure public cloud on premises, providing a truly consistent hybrid cloud platform for a wide variety of business use cases.

ForgeRock Identity Platform delivers a common set of capabilities, as well as  good  integration for the various ForgeRock components. It provides a common layer  for identity and access management services that customers require when  building new consumer - facing business applications and services, including consumer and industrial IoT support, on their way to the…

SecureAuth provides a strong, well-integrated set of identity management solutions covering Multi-Factor Authentication, Risk-based Adaptive Authentication, Single Sign-On, and User Self-Service.       

Unter der Bezeichnung Magenta Security werden alle Angebote für  Dienstleistungen und Managed Services des Telekom - Konzerns gebündelt. Magenta Security liefert ein sehr umfassendes Portfolio an Dienstleistungen und  zählt damit zu den ersten Adressen für Unternehmen, wenn es um die  Unterstützung und insbesondere Managed Services im Bereich …

Gigya provides a complete solution for  Consumer Identity and Access Management. Entirely cloud - based, Gigya delivers advanced consumer identity and marketing service  functionality for enterprise customers.

Signicat offers cloud-based services for secure access to applications, identity proofing, electronic signing, and long-time archiving of signed and sealed documents. Recently, their portfolio has been expanded to include a mobile authentication product to help customers meet PSD2 requirements.

Daon’s IdentityX® authentication platform is a universal mobile authentication framework that combines modern standard-based biometric technologies with broad support for legacy authentication systems to provide a flexible, frictionless and future-proof solution for managing risk, reducing fraud and securing critical infrastructures.

Codes of Conduct  can help organizations choose between suppliers.   This report  compares two recently announced codes for cloud service providers and how  these relate to GDPR .

Nexis Controle 3.0 setzt intelligente Analytics-Verfahren für Rollen und Identitäten um und legt damit die Grundlage für ein strategisches Lebenszyklusmanagement von Rollen, entweder als eigenständige Lösung oder als ergänzende Komponente zu bestehenden Identity- und Access Management-Infrastrukturen. Die bessere Einbindung von bestehendem Wissen im…

Leaders in innovation, product features, and market reach for Identity as a Service offerings targeting full Identity and Access Management and Governance capabilities for employees in hybrid environments, but also delivering Single Sign-On to the Cloud and providing support for other groups of users. Your compass for finding the right path in the market.

Nexis Controle 3.0 implements intelligent role and identity analytics while laying the foundation for strategic role lifecycle management as either a stand-alone solution or as a companion component to existing Identity and Access Management infrastructures. The integration of corporate business expertise through targeted workflow and interaction approaches means a leap forward towards…

Leaders in innovation, product features, and market reach for Identity as a Service offerings targeting Single Sign-On to the Cloud for all types of users, with primary focus on cloud services but some support for on-premise web applications. Your compass for finding the right path in the market.

The „Digital Transformation“ is changing business models, business processes, and the services provided to customers. With the Digital Transformation leading to a tight integration between business and the underlying IT infrastructure, that IT infrastructure must change as well for supporting the new business requirements on agility, innovativeness, and security. Identity…

Organizations are under pressure to change in the current age of Digital Transformation. Business models are changing and a common element of new business models is the changing relationship to customers and consumers. While managing consumer identities is increasing in relevance, most information still is held in on-premise systems. The combination of new regulations, such as the…

Enterprises deploying Consumer Identity and Access Management (CIAM) solutions are realizing the benefits, which range from increased brand loyalty and sales to enhanced regulatory compliance.

GDPR and PSD2 will pose enormous technical challenges. Learn more about the challenges and opportunities and how CIAM solutions can help organizations comply with these new regulations. This Leadership Brief shows the slides which correspond with the keynote KuppingerCole Lead Analyst John Tolbert held on June 20, 2017 during the Cloud Identity Summit in Chicago.

PingDirectory provides a flexible and scalable base for IAM and customer IAM.  With advanced functions for encryption, load-balancing, and virtual directory, PingDirectory can meet and exceed security requirements and SLAs.

Leaders in innovation, product features, and market reach for Privilege Management. How do you control access to your critical systems and business information while allowing secure and optimised day to day business operations? This report provides an overview of the market for Privilege Management and provides you with a compass to help you to find the Privilege Management product that…

This report provides an overview of the market for Consumer Identity and Access Management and provides you with a compass to help you to find the Consumer Identity and Access Management product that best meets your needs. We examine the market segment, vendor product and service functionality, relative market share, and innovative approaches to providing CIAM solutions.

The Internet of Things (IoT) is a computing concept that describes a future where everyday physical objects are connected to the Internet and communicate with other devices and human users. Adding notions of digital identity has been problematic to date, but identity management solutions are on the horizon that will improve usability and security for IoT.

From May 2018, when the upcoming EU GDPR (General Data Protection  Regulation) comes into force, the requirements for managing personal data will change. This report identifies six key actions that IT needs to take to prepare for  compliance.

Salesforce has been a pioneer in Software as a Service (SaaS) from the early days.  Digital identity has been an integral part of the Salesforce platform.  Salesforce Identity is an enterprise class CIAM and IDaas solution.

Nok Nok Labs S3 Authentication Suite is a unified strong authentication platform that incorporates FIDO Alliance specifications and other industry standards, as well as proprietary innovations. The S3 Authentication Suite provides a full stack of client- and server-side technologies for incorporating interoperable and future-proof risk-based biometric authentication into mobile and web…

Symantec Advanced Threat Protection is a unified platform for uncovering and remediating advanced cyber-attacks across endpoints, network and email, which augments existing Symantec endpoint protection and threat intelligence technologies with advanced security analytics capabilities.

CyberArk is a pioneer in Privileged Account Security, and is widely recognized as the leader in this sector. Building upon a strong base product, CyberArk has enhanced its offering to include the capabilities that organizations need to secure and manage pr ivileged  accounts and their credentials associated with users, applications, and other system assets across  an…

Securonix SNYPR is an open and modular next-generation security intelligence platform that combines log management, security information and event management, user and entity behavior analytics and fraud detection, serving as a foundation for a broad portfolio of specialized security analytics solutions.

Mastering authorization is critical for modern organizations  with multiple user constituencies, applications, and data types. Groups are necessary but not sufficient in complex environments. Roles are handy for adding manageability and assurance to coarse - or medium - grained  authorization but break down in the face o f dynamic environments or complex access policies. A…

EmpowerID provides  a complete solution for IAM, CIAM, and Adaptive  Authentication.  With a highly  customizable workflow and authorization engine,  EmpowerID delivers advanced functionality for  enterprise and government  customers.

Managing mobile device access to corporate applications and databases is a major requirement for all organizations. Mobile security, including a secure development environment for mobile apps and standardized authentication and authorization services are essential components of mobile strategies.

Strong authentication via smartphones is available today in many countries. GSMA’s Mobile Connect specification can improve security and help banks and third party providers comply with the EU’s Revised Payment Service Directiv e (PSD2).  

Getting sufficient and sufficiently skilled people for your Cyber Defense Center (or  your IT Security department) is tough. The answer to the skill gaps consists of  three elements: Education.  Services. Tools.

Hitachi ID offers an all - in - one IAM package to address enterprise business  requirements.   With an emphasis on  process automation and self - service, the  Hitachi ID IAM Suite helps businesses reduce their expenditures on identity - related administration and governance.

Ransomware is an epidemic.  Prevention is the best strategy.  Don’t give up and pay the  ransom.

As a long-term contractor to the Dept. of Defense in the United States, Jericho Systems have a history of developing technology that protects computing assets from unauthorized access. Their development activity has attracted a number of awards and the company has been granted patents over their intellectual property. Of late the company has developed a more diversified client base,…

The firewall is dead  – long live the firewall.... In today’s modern business the traditional firewall model, sitting at the corporate perimeter, has little value, and more often than not hinders business agility. In building a modern, resilient and defendable network the firewall may have a part to play, by using it in a role where it is actually able to be effective.

Identity Management, Endpoint Security, Mobile Device Management and Access Management are typically considered to be isolated disciplines. This can make administration and governance in these areas complex. Having a holistic approach for the administration and supervision  of all types of users, end user software and devices can foster efficiency, agility and security in many…

PingOne provides c loud - based Single Sign - On (SSO)  and Identity - as - a - Service  (IDaaS)  for employees, business partners, and  consumers . PingOne is a  key  component of PingIdentity’s Consumer Identity and Access Management SaaS  offering, supporting social logins, self - registration, and SSO to all popular SaaS  apps.

HexaTier provides an all-in-one database security and compliance solution across  multiple platforms with a strong focus on  cloud environments and Database-as-a-Service products.

Cisco Advanced Malware Protection (AMP) is an integrated enterprise security intelligence and malware protection solution. By combining global threat intelligence with dynamic malware analysis and continuous endpoint and network monitoring, AMP provides constant visibility and control across all environments before, during, and after a cyber-attack.

Customer Identity and Access Management systems and services provide new technical capabilities for organizations to know their customers better.  Implementing Ping Identity’s solutions for CIAM can provide better user experiences, generate additional revenue, and enhance brand loyalty.  

Database security is a broad section of information security that concerns itself with protecting databases against compromises of their integrity, confidentiality and availability. It covers various security controls for the information itself stored and processed in database systems, underlying computing and network infrastructures, as well as applications accessing the data.

The Finance Industry is facing a profound change with the introduction of PSD2, an update to the 2007 EU Directive on Payment Services. The directive, which comes into force on January 13, 2018, continues Europe´s goal to modernize, unify and open its financial landscape. In early 2017 KuppingerCole performed a survey amongst the industries affected by PSD2, such as banks and…

Many new biometric technologies and products have emerged in the last few years. Mobile biometric solutions offer multi-factor and strong authentication possibilities, as well as transactional authorization. Mobile biometrics will become an important architectural component in the financial services industry under the Revised Payment Services Directive (PSD2). However, there are several…

The Future of Banking: Innovation & Disruption in light of the revised European Payment Services Directive (PSD2) In early 2017 KuppingerCole performed a survey amongst the industries affected by PSD2. The primary focus of the survey was on Strong Customer Authentication, API Strategy and KYC & Customer Identity Management, in the context of the changing requirements imposed by…

Organizations are adopting a hybrid model for the delivery of IT services a consistent approach is needed to govern and secure data on-premise, in the cloud and when shared with external parties. NextLabs Data Centric Security Suite provides a proven tool that can protect data and ensure compliance in this hybrid environment.

The Revised Payment Service Directive (PSD2) mandates that banks provide APIs for Account Information Service Providers (AISPs), Payment Initiation Service Providers (PISPs) and any Third Party Providers (TPPs) to use.

Many new biometric technologies and products have emerged in the last few years.  Biometrics have improved considerably, and are now increasingly integrated into smartphones.  Mobile biometric solutions offer not only multifactor and strong authentication possibilities, but also transactional authorization.  However, there are a number of challenges with biometric…

PingFederate sets the standard for identity federation standards support. PingFederate can enable Single Sign-On (SSO) between business units, enterprises, and all popular SaaS applications. PingFederate works both on-premise or in the cloud, and is easy for administrators to install and maintain.

Many organizations are using cloud services but the use of these services is often poorly governed. Cloud Access Security Brokers (CASBs) provide functionality to discover the use of the cloud, to control which cloud services can be accessed and to protect the data held in these services. CensorNet Unified Security Service provide a valuable tool that organizations can use to improve…

Leaders in innovation, product features, and market reach for Adaptive Authentication. Your compass for finding the right path in the market.

Privileged Accounts are the high-risk accounts – and they are the target of attackers, both internals and externals. SOCs must implement modern Privilege Management as part of their overall toolset, for identifying and countering attacks. Session Monitoring and Privileged User Behavior Analytics are cornerstones of a modern SOC.

AWS Lambda is an event-driven serverless computing platform that completely abstracts the underlying cloud infrastructure to let developers focus on the core business functionality of their applications, providing transparent scalability and redundancy across multiple datacenters in the Amazon Cloud.

A comprehensive approach to data protection – one that combines all aspects of computing infrastructure– rather than the point products that comprise many organization’s cybersecurity environment, is a decided plus, provided the overall goal is achieved.

Centrify Privilege Service is a shared account password management and access auditing solution, available as a service or for deployment in the cloud or on-premise.  

RSA Identity Governance and Lifecycle is a complete solution for managing digital identities, both inside and outside the enterprise. The RSA solution covers all aspects of governance from attestations to policy exceptions and identity lifecycle, from provisioning to entitlement assignment to access reconciliation to removal.

RightsWATCH automatically classifies and protects any file format in accordance with corporate policy based on content, context or metadata-aware policy rules, extending the Microsoft Right Management facility to ensure that sensitive and confidential information is identified and classified appropriately.

SAP HANA Cloud Platform Identity Authentication and Provisioning is a cloud- based platform for provisioning and managing digital identities and access for SAP solutions and more.  

Industrial Computer Systems (ICS) are increasingly coming under attack as hackers are realizing the economic and reputational benefit of a successful operations technology system compromise. Organizations seeking to exploit their plant automation systems to drive business processes are deploying communications paths to their ICSs and raising the risk profile of their organizations.

Achieving risk governance and resilience, while ensuring protection from Cyber risks by creating a standards-based process framework focusing on a risk based approach and implemented using a complementary software platform.

Die FSP Identity Governance & Administration Suite ist eine Lösung zur Verwaltung des Identitäts- und Zugriffslebenszyklus und bedient somit den Markt für Identity Provisioning und Access Governance. Ein besonderer Vorteil des Produkts ist die Kombination von rollenbasierter und richtlinienbasierter Zugriffssteuerung in einer einzigen Lösung.

Role-based access control (RBAC) has become an important part of Access Management and Access Governance. However, defining, implementing and maintaining an enterprise role model remains a substantial task and many projects fail. This document describes best practice approaches towards the right data model, efficient processes and an adequate organization for implementing role management…

ForgeRock Access Management is a full-feature Identity and Access Management (IAM) system.  It provides numerous authentication options, an adaptive risk engine, identity federation, and advanced policy-based authorization capabilities.   ForgeRock supports open standards development, and that is reflected by the multi-protocol support in ForgeRock Access Management. …

Many organizations are using cloud services but the use of these services is often poorly governed. Cloud Access Security Brokers (CASBs) provide functionality to discover the use of the cloud, to control which cloud services can be accessed and to protect the data held in these services. CipherCloud Trust Platform provides a valuable tool that organizations can use to improve governance…

Many organizations are using cloud services but the use of these services is often poorly governed. Cloud Access Security Brokers (CASBs) provide functionality to discover the use of the cloud, to control which cloud services can be accessed and to protect the data held in these services. Skyhigh Cloud Security Platform provides a valuable tool that organizations can use to improve…

Well-designed, state-of-the-art compliance programs help in maintaining an adequate IT architecture and its underlying processes. Forward-thinking organisations understand compliance as a strategic and future-oriented business objective, and embed IT Compliance and security into their organizational process framework and transform compliance expenses into strategic budgets.

The data held in office productivity suites like Office 365 spans the whole operation of an organization from the board to the shop floor.  This makes it imperative that it is protected against risks of leakage and unauthorized disclosure.  Vaultive cloud data security provides an important solution for organizations seeking an approach for encrypting and otherwise protecting…

Leaders in innovation, product features, and market reach for Consumer Identity and Access Management Platforms.  Your compass for finding the right path in the market.

Consumer Identity and Access Management systems and services provide new technical capabilities for organizations to know their customers better. Implementing CIAM can provide better user experiences, generate additional revenue, and enhance brand loyalty. Enterprises want to collect, store, and analyse data on consumers in order to create additional sales opportunities and increase…

Data classification is a requirement of every security framework. More importantly it should be key part of any organization’s control framework, by clearly informing the person (or system) handing the information, whether an employee of the company or an external entity, how that information should be handled. Only by providing clear, unambiguous guidance can information be…

AIMS is a modular IAM/IAG suite emphasizing a quick ROI through easy GUI configuration while maintaining solid security.

Angesichts immer fortschrittlicherer und häufigerer Cyber-Angriffe sowie der Tatsache, dass die traditionelle Idee des Sicherheitsperimeters fast gänzlich ausgestorben ist, müssen Unternehmen ihre Strategien in Bezug auf Cyber-Sicherheit überdenken. Neue Lösungen für Security Intelligence in Echtzeit (Real-time Security Intelligence) kombinieren Big Data und…

As cyber-attacks are becoming increasingly advanced and persistent, and the traditional notion of a security perimeter has all but ceased to exist, organizations have to rethink their cybersecurity strategies. The new Real-Time Security Intelligence solutions are combining Big Data and advanced analytics to correlate security events across multiple data sources, providing early detection…

The Financial Services Industry (FSI) is undergoing unprecedented evolutionary and revolutionary change.  FSIs need to transform their business models to respond to today’s challenges and to position the business with the flexibility required to adapt to opportunities as the business landscape evolves. This report examines the issues and challenges FSIs face with market…

Blockchain seems to be one of the most important basic technologies of emerging business models and countless entrepreneurial initiatives using it have been started in the recent past. This report provides insights and a closer look at how blockchain technology is most probably improving the current state of Information Stewardship. It highlights the most relevant value proposition,…

AirKey Enterprise is a software smart card platform that is 100% compatible with existing standards and APIs for traditional smart cards, enabling high security, low cost, and unified management of a hybrid smart card infrastructure.

Securonix Platform provides advanced security analytics technology for collecting, analyzing and visualizing a wide range of business and security information, converting it into actionable intelligence and serving as a basis for a broad portfolio of specialized security solutions.

Threat intelligence is a vital part of cyber-defence and cyber-incident response. To enable and automate the sharing threat intelligence, OASIS recently made available the specifications for STIX™, TAXII™ and CybOX™ as international open standards. This report provides an overview of these specifications and their application to Real Time Security Intelligence. 

Many enterprises have decided on a “cloud first” strategy, or have seen heavy cloud adoption evolve spontaneously as their business units embrace cloud for cost savings, agility or other competitive imperatives. Security teams face challenges controlling, influencing or enabling cloud adoption. This document provides guidance on how IT security leadership should deal with the…

Sophos offers a range of security solutions as software, appliances and cloud services. These products exploit threat intelligence that is gathered by Sophos Labs, shared in real time between Sophos Next-Gen Firewall and Sophos Next-Gen Endpoint Protection, and integrated through Sophos Security Heartbeat. These products include the recently released Sophos Intercept X.

RSA NetWitness Suite is a security monitoring solution that combines log and network traffic analysis with endpoint-based visibility and automated threat intelligence to detect and investigate sophisticated cyber-attacks. 

VMware Identity Manager bridges the gap between IT Service delivery and access to applications. Available as both an on-premise and a cloud solution, VMware Identity Manager delivers instant SSO to a broad variety of applications and provides contextual experience to VMware WorkspaceOne.

LogRhythm provides a unified security intelligence platform combining next-generation SIEM, log management, network and endpoint monitoring and forensics with full threat lifecycle management and response orchestration.

Microsoft Advanced Threat Analytics combines deep packet inspection with Active Directory and SIEM integration to build an Organizational Security Graph and identify suspicious user and device activity within corporate networks.

Distributed and decentralised ledger technology with Smart Contracts and the Internet of Things (IoT) can enhance BPM (Business Process Management) and BPO (Business Process Optimisation) processes significantly. This report examines the role that blockchain-based technologies and IoT can play in streamlining and managing BPM/BPO. 

Ergon Informatik, a Swiss software vendor, delivers an integrated solution for Web Access Management, Identity Federation and Web Application Firewall capabilities that shows both breadth and depth in features. Furthermore, it comes with a good set of baseline identity lifecycle management functions, especially for external users. 

How do you ensure secure and compliant access to cloud services without losing the agility and cost benefits that these services provide? This report gives you an overview of the market for Cloud Access Security Brokers and a compass to help you to find the product that you need.

The core features of blockchains - decentralization and algorithmic consensus – can enable the creation of Life Management Platforms (LMPs) with better security and availability, as well as promote wider public adoption by providing independently-verifiable proof of personal data integrity. Even though there remain some requirements of LMPs that are not solvable with blockchains,…

Azure’s Blockchain-as-a-Service (BaaS) operates both as Infrastructure-as-a-Service and a Platform-as-a-Service. With its large number of strategic partnerships and template library of preconfigured Virtual Machines, developer templates and artefacts, Microsoft Azure’s BaaS offering can significantly lower technical complexity barriers to the adoption of blockchain-powered…

Many organizations are responding to incidents and audit failures by panicking and buying more point solutions. They need to take a more strategic approach to transform their IAM. 

With the new Garancy Recertification Center, Beta Systems is closing a previous gap in its portfolio in the Access Governance segment. The portal solution for recertification enables companies to run review campaigns of the users’ access rights in a business-friendly and intuitive browser interface – optimized for usage on desktops, tablets and also on mobile devices.

Managing provisioning into an identity repository is a basic organizational process that varies remarkably between organizations. Some companies have a highly functional process that minimizes manual input and maximizes efficiency. Others have very manual processes that are costly and open to abuse. Deep Identity has developed an easy-to-use solution that adopts a role-based provisioning…

IBM QRadar Security Intelligence Platform provides a unified architecture that combines security information with event management, real-time detection of advanced threats, attacks and breaches, forensic analysis and incident response, as well as automated regulatory compliance.

Sophos UTM is a suite of integrated security applications that provides the same layered protection for applications and data hosted in the AWS cloud as for on premise deployments. This report provides a review of the functionality provided by this set of products and an assessment of its strengths and challenges.

A blockchain is a data structure, originally used by bitcoin, that maintains a growing list of transaction records in a way that is extremely resistant to tampering. This technology is seen by many as the basis for creating distributed ledgers for a wide range of applications. This report considers the risks associated with the use of this technology and recommends an approach to managing…

Blockchains have the ability offer many solutions regarding the security concerns currently limiting the growth of the Internet of Things (IoT). Blockchains, combined with other decentralised, peer-to-peer technologies can improve IoT security by enabling authenticity and integrity assurance of connected things, scalable management of connected devices, and secure information transmission.

From trusted third parties to algorithmic consensus: new cybersecurity opportunities and challenges with blockchains. Blockchains can provide distributed and decentralised improvements to the merely distributed critical systems the internet depends on today, but we cannot yet completely replace trusted third parties and human judgement with algorithms.

SailPoint IdentityIQ is one of the leading products in the emerging market for Identity and Access Governance. The governance-based approach centralizes visibility and compliance, and minimizes risk by applying controls across all IAM services geared towards business users. They expand their libary of connectors and extend their integration of Mobile Device Management tools and cloud…

IBM’s Security Privileged Identity Manager is an across-the-board Privilege Management solution which protects, automates and audits the use of privileged identities and recourses across the extended enterprise, including cloud environments. It stands out from competitors for its fine-grained database privilege management capabilities and well-designed administrator endpoint monitoring.