Analyst details

John Tolbert Lead Analyst

Seattle / USA

Email    Blog    @john_tolbert_kc    Profile   

Background:

John is a lead analyst at KuppingerCole, with internationally recognized expertise in cybersecurity and identity management. John has consulted for national governments, and has 20 years of experience working in Aerospace, Defense, Manufacturing, and Financial industries.  John was honored as an OASIS Distinguished Contributor in 2014, and as an Associate Technical Fellow at Boeing in 2011.  In addition to working with OASIS, he has also participated in Kantara Initiative, Transglobal Secure Collaboration Program (TSCP), the FIDO Alliance.  He has numerous technical security publications, and is a frequent speaker at cybersecurity and identity management events.

 

Areas of expertise:

  • Identity and access management
  • Attribute-based access controls
  • Identity federation
  • Mobile security
  • Data classification and Data Loss Prevention
  • Cloud-based Marketing Technologies
  • B2C & B2B 
  • Marketing Automation

Recent blog posts

Blog

Without Prosecution, There Is No Protection

The Equifax data breach saga continues to unfold. In late 2017, the company admitted it had suffered significant data loss starting in March of last year. There were likely multiple data theft events over a number of months. At some point in May, they notified a small group of customers but…

Blog

2018 – the Turning Point for Social Networks

The Facebook data privacy story continues to be in the headlines this week. For many of us in IT, this event is not really a surprise. The sharing of data from social media is not a data breach, it’s a business model. Social media developers make apps (often as quizzes and games) that…

Blog

FIAM – Fake Identity and Access Management

Just when you thought we had enough variations of IAM, along comes FIAM. Fake digital identities are not new, but they are getting a lot of attention in the press these days. Some fake accounts are very sophisticated and are difficult for automated methods to recognize. Some are built using…

Blog

Administrative Security in Security Products

At KuppingerCole, cybersecurity and identity management product/service analysis are two of our specialties. As one might assume, one of the main functional areas in vendor products we examine in the course of our research is administrative security. There are many components that make…

Blog

The Need for Speed: Why the 72-hour breach notification rule in GDPR is good for industry

The EU’s General Data Protection Regulation (GDPR) will force many changes in technology and processes when it comes into effect in May 2018.  We have heard extensively about how companies and other organizations will have to provide capabilities to: Collect explicit…

Blog

CIAM Vendor Gigya to be Acquired by SAP Hybris

This past weekend we learned that Gigya will be acquired by SAP Hybris.  California-based Gigya has been a top vendor in our CIAM Platforms Leadership Compass reports . Gigya offers a pure SaaS CIAM solution, and has one of the largest customer bases in the market.  SAP’s…


Recent research documents

Executive View

Executive View: inWebo 2FA Platform - 79002

inWebo offers a cloud-based Two-Factor Authentication (2FA) solution, with some unique and proprietary authentication methods that can be less obtrusive and more user-friendly. The inWebo solution provides easy-to-deploy application plug-ins and SDKs for mobile authenticators.

Whitepaper

Whitepaper: Pirean: Orchestrated Identity for Meeting IAM & CIAM Requirements -70225

Identity and Access Management (IAM) for employees and partners is a foundational element in all digital environments today.  Consumer Identity and Access Management (CIAM) systems and services provide new technical capabilities for organizations to know their customers better. …

Leadership Brief

Leadership Brief: Securing PSD2 APIs - 79028

The Revised Payment Service Directive (PSD2) mandates that banks provide APIs for Account Information Service Providers (AISPs) and Payment Initiation Service Providers (PISPs) to use.

Leadership Brief

Leadership Brief: The Anti-Malware Requirement in PSD2 - 79027

The Revised Payment Service Directive (PSD2) mandates thatservice providersevaluatetransaction requests for signs of malware infection. In order for transactions to be considered low-risk, there must be no signs of malware infection in any sessions of authentication events.

Leadership Compass

Leadership Compass: Enterprise Endpoint Security: Anti-Malware Solutions - 71172

This report provides an overview of the market for Enterprise Endpoint Security: Anti-Malware Solutions and provides you with a compass to help you to find the Anti-Malware product that best meets your needs.  We examine the market segment, vendor product and service functionality,…


Recent webcasts

Webcast

An overview of the Leadership Compass: Endpoint Security Anti-Malware

Malware has been on the rise. Ransomware continues to grab the headlines. New malware variants proliferate by the millions. Old style manual malware analysis can't keep pace. But organizations are increasingly under attack. Fortunately, vendors have been enhancing and improving their…

Webcast

Martin Kuppinger, John Tolbert - Balancing User Experience, Privacy and Security for the Connected Consumer

Keynote at the Consumer Identity World 2017 EU in Paris, France

Webcast

Revised Payment Service Directive: Understanding Its Technical Requirements for a Smooth and Secure Customer Experience

When PSD2 takes effect, banks across the European Union will be required to expose their core banking functions to these TPPs via APIs. It is imperative that banks begin now to build and lock down APIs in preparation for PSD2. We will take a look at the Open Banking APIs as well as some…

Webcast

The 8 Critical Areas of Consumer Identity and Access Management to Prepare for in 2018

Many organizations are currently looking into deploying their own CIAM programs, because they recognize CIAM’s potential to provide better marketing insights, improve customer registration experience and increase security. However, in the light of the upcoming data protection…

Webcast

The Crucial Role of Identity in Securing Industrial IoT

As more and more consumers, businesses, public sector companies and even whole countries are embracing the Digital Transformation, smart devices of all types are proliferating in all areas of our daily lives. It is safe to say, however, that, after the initial rush of making every device in…


How can we help you

Send an inquiry

Call Us +49 211 2370770

Mo – Fr 8:00 – 17:00

Stay Connected

Spotlight

Privacy & the European Data Protection Regulation Learn more

Privacy & the European Data Protection Regulation

The EU GDPR (General Data Protection Regulation), becoming effective May 25, 2018, will have a global impact not only on data privacy, but on the interaction between businesses and their customers and consumers. Organizations must not restrict their GDPR initiatives to technical changes in consent management or PII protection, but need to review how they onboard customers and consumers and how to convince these of giving consent, but also review the amount and purposes of PII they collect. The impact of GDPR on businesses will be far bigger than most currently expect. [...]

News