Business GRC

Video

The Changing Scope of the NIS 2 EU Directive

The NIS Directive aimed at achieving a common standard of network and information security across all EU Member States, with a focus on operators of essential services, is scheduled for an update. Suppliers of utilities, healthcare, transport, communications, and other services need to know…

Video

Effective Identity Access Governance in Hybrid SAP Environments

Increased cyber threats and regulatory requirements for privacy and security make staying on top of user roles and access rights in hybrid IT environments more important and challenging than ever, which means it’s important to understand the real risks and how to mitigate them…

Webinar

Jun 14, 2022: The Changing Scope of the NIS 2 EU Directive

The NIS Directive aimed at achieving a common standard of network and information security across all EU Member States, with a focus on operators of essential services, is scheduled for an update. Suppliers of utilities, healthcare, transport, communications, and other services need to know…

Webinar

May 24, 2022: Effective Identity Access Governance in Hybrid SAP Environments

Increased cyber threats and regulatory requirements for privacy and security make staying on top of user roles and access rights in hybrid IT environments more important and challenging than ever, which means it’s important to understand the real risks and how to mitigate them effectively…

Blog

Complex Modern Business Needs Trusted IT Partners to Be Secure

In today’s business environment, companies have three major challenges – making a profit, finding great people, and staying ahead of the competition. That’s quite enough, but they also have major operational challenges with IT, cyber security, and compliance. For example,…

Blog

Google Cloud Digital Sovereignty Announcement

On September 8th, 2021 Google and T-Systems announced their intention to build and deliver sovereign cloud services for German enterprises, the public sector, and healthcare organizations.  So, what are a sovereign cloud services and why does this announcement matter? Sovereign Cloud…

Video

Access Risk Management for SAP and Beyond

Organizations are increasingly under pressure to deliver security, identity, compliance, governance, and risk management for all types of business applications. This challenge is exacerbated by the fact that most organizations have a heterogeneous landscape of business applications both in…

Blog

A First End to the Schrems II Limbo

Writing about legal topics is always a challenge. I am not a lawyer, but as an analyst and advisor, however, I almost inevitably encounter the implications of laws and current case law. Thus, this text describes only a personal assessment and is not intended to be, and should not be used as,…

Blog

Cloud Codes of Conduct Get the EU Green Light, but More Is Still Needed

Green Light On May 20th, 2021 it was announced that the EU Cloud Code of Conduct had received official approval by the Belgian Data Protection Authority, following the positive opinion issued by the European Data Protection Board.  At the same time, the European Data Protection…

Video

Marcus Scharra: Why PAM is crucial for DevOps security compliance

Video

Arndt Lingscheid: How to Build a Strong Security and Compliance Foundation for Your SAP Landscape

Cyber-attacks can have severe consequences when it comes to SAP S/4HANA applications. These attacks increasingly focus on the company’s application layer and use privileged user accounts. Unfortunately, many security departments see the SAP application layer as a “black…

Blog

Managing Access to Your Business Applications: Breadth vs. Depth

I’ve been in IT long enough to remember when business applications were home-grown and written in COBOL. In the early stages of my career, I even gave computer classes on the standard algorithms for good COBOL programming, such as sorting and grouping. In the more than three decades…

Blog

SailPoint to Strengthen Their SAP Access Control and SoD Control Capabilities by Acquiring ERP Maestro

This week, SailPoint announced their intent to acquire ERP Maestro, a SaaS-based solution for monitoring SoD controls and manage access controls in business applications such as SAP. This announcement fits well into the SailPoint strategy of expanding their core offerings IdentityIQ and…

Blog

Imagining Future Regulations on AI – Similarities to the GDPR?

There are ongoing discussions from high-level expert groups from the EU Commission about what regulation of Artificial Intelligence – particularly the algorithms that process data – will look like. There is a high priority to not only create alignment with the GDPR but to add…

Virtual Event

Jul 07, 2020: Privileged Access Management (PAM) for Your Enterprise

In this virtual event, KuppingerCole and other top experts in the industry will present crucial information on why companies need PAM and how PAM works best to prevent security breaches and credential thefts through defining and implementing the right strategy.

Hybrid Event

Sep 13 - 16, 2021: European Identity and Cloud Conference 2021

The European Identity and Cloud Conference returns fully digitalized, reacting to the global pandemic. We have collected a lot of experience in virtual conferencing throughout 2020 to be able to offer you a safe and hygienic event experience – on-site, virtual, and hybrid.

Video

What Does the Future Hold for Passwordless Authentication and Zero Trust?

Enterprises of all types face a growing number of cyber threats today. Studies show that most data breaches begin with compromised passwords. Moreover, password management is expensive and not user-friendly. Enterprise workforce users are driving the consumerization of IT. They want the…

Blog

Applying the Information Protection Life Cycle and Framework to CCPA

The California Consumer Privacy Act (CCPA) became effective on January 1, 2020. Enforcement is slated to start by July 1, 2020. CCPA is complex regulation which does bear some similarities with EU GDPR. For more information on how CCPA and GDPR compare, see our webinar. Both regulations deal…

Webinar

Mar 05, 2020: What Does the Future Hold for Passwordless Authentication and Zero Trust?

Enterprises of all types face a growing number of cyber threats today. Studies show that most data breaches begin with compromised passwords. Moreover, password management is expensive and not user-friendly. Enterprise workforce users are driving the consumerization of IT. They want the same…

Blog

The Information Protection Life Cycle and Framework

The Information Protection Life Cycle (IPLC) and Framework describes the phases, methods, and controls associated with the protection of information. Though other IT and cybersecurity frameworks exist, none specifically focus on the protection of information across its use life. The IPLC…

Video

Complying With PSD2: Everything You Need to Know

With the Revised Payment Service Directive (PSD2) coming into full effect this fall, banks and online retailers need to adapt to changes that carry with them many regulatory and technical challenges. Acknowledging these extensive changes, Germany’s Federal Financial Supervisory…

Blog

Akamai to Block Magecart-Style Attacks

Credit card data thieves, commonly known as Magecart groups, typically use JavaScript code injected into compromised third-party components of e-commerce websites to harvest data from shoppers to commit fraud. A classic example was a Magecart group’s compromise of Inbenta…

Blog

GDP R U Compliant?

Almost one and a half years after the introduction of GDPR (EU General Data Protection Regulation), some companies still struggle with implementing appropriate measures to deal with Personally Identifiable Information (PII) in a compliant fashion. Last week the Commissioner for Data…

Webinar

Oct 29, 2019: Complying With PSD2: Everything You Need to Know

With the Revised Payment Service Directive (PSD2) coming into full effect this fall, banks and online retailers need to adapt to changes that carry with them many regulatory and technical challenges. Acknowledging these extensive changes, Germany’s Federal Financial Supervisory Authority…

Blog

Assuming High Criticality: Resilience, Continuity and Security for Organizations and Infrastructures

Acronyms are an ever-growing species. Technologies, standards and concepts come with their share of new acronyms to know and to consider. In recent years we had to learn and understand what GDPR or PSD2 stand for. And we have learned that IT security, compliance and data protection are key…

Video

Mit Access-Governance-Projekten neue Vorschriften erfüllen, ohne das Rad neu zu erfinden

IGA-Projekte (Identity Governance & Administration) bergen aufgrund ihrer Komplexität diverse Risiken. Diese ergeben sich meistens in der Vernetzung einer komplexen, heterogenen IT-Infrastruktur sowie durch den bereichsübergreifenden Charakter von IGA-Projekten. Wenn man nicht…

Video

Leverage Enterprise Architecture to Achieve GDPR Compliance

Several measures have been undertaken by Organizations at various levels to comply with GDPR, most of which remain reactive, fragmented and largely ad-hoc. These controls are also not continuous in nature and therefore fail to satisfy ongoing compliance requirements. Organizational leaders…

Blog

Sustainable Data Management

Getting competitive advantage from data is not a new idea however, the volume of data now available and the way in which it is being collected and analysed has led to increasing concerns. As a result, there are a growing number of regulations over its collection, processing and use.…

Webinar

Jun 25, 2019: Mit Access-Governance-Projekten neue Vorschriften erfüllen, ohne das Rad neu zu erfinden

IGA-Projekte (Identity Governance & Administration) bergen aufgrund ihrer Komplexität diverse Risiken. Diese ergeben sich meistens in der Vernetzung einer komplexen, heterogenen IT-Infrastruktur sowie durch den bereichsübergreifenden Charakter von IGA-Projekten. Wenn man nicht bei jedem…

Video

The Foundation for GDPR Compliance and PI/PII Protection: Understand Where Data Resides and Who Processes It

The EU GDPR requires covered organizations to be able to account for and document how personal data is collected, processed and shared.  What many companies often fail to realize is that this data is not only stored in specialized and appropriately secured silos such as…

Webinar

Jun 05, 2019: Leverage Enterprise Architecture to Achieve GDPR Compliance

Several measures have been undertaken by Organizations at various levels to comply with GDPR, most of which remain reactive, fragmented and largely ad-hoc. These controls are also not continuous in nature and therefore fail to satisfy ongoing compliance requirements. Organizational leaders…

Blog

Building Trust by Design

Trust has somehow become a marketing buzzword recently. There is a lot of talks about “redefining trust”, “trust technologies” or even “trustless models” (the latter is usually applied to Blockchain, of course). To me, this has always sounded……

Blog

Data Privacy & CX

Beyond the new data privacy regulations: how to improve customer understanding and the customer experience? When it comes to state-of-the-art sales and marketing, customer experience (CX) is a highly important topic. Creating and analyzing outstanding customer journeys while considering…

Video

CCPA vs. GDPR: An Overview on Similarities and Differences

Over the last few years, the world has witnessed an increasing number of data breaches involving the credentials and PII of employees, citizens, and consumers. We've all experienced breach fatigue and/or been impacted by these losses.

Webinar

Apr 02, 2019: The Foundation for GDPR Compliance and PI/PII Protection: Understand Where Data Resides and Who Processes It

The EU GDPR requires covered organizations to be able to account for and document how personal data is collected, processed and shared. What many companies often fail to realize is that this data is not only stored in specialized and appropriately secured silos such as databases. In fact,…

Blog

CCPA: GDPR as a Catalyst for Improving Data Protection Outside the EU

It wasn't too long ago that discussions and meetings on the subject of digitization and consumer identity access management (CIAM) in an international environment became more and more controversial when it came to privacy and the personal rights of customers, employees and users. Back then…

Webinar

Feb 12, 2019: CCPA vs. GDPR: An Overview on Similarities and Differences

Over the last few years, the world has witnessed an increasing number of data breaches involving the credentials and PII of employees, citizens, and consumers. We've all experienced breach fatigue and/or been impacted by these losses.