Zero Trust

Championing Privileged Access Management With Zero Trust Security

A modern approach to securing privileged accounts is to apply the principle of Zero Trust: Never trust, always verify. While Zero Trust is not an off-the-shelf solution, it is modern vendors of PAM solutions that recommend using this security principle to cement the technical capabilities…

Continual Access Control, Policies and Zero Trust

Trust no one, always verify. We know that Zero Trust phrase already. But this principle is rather abstract - how and where exactly should we do that? Martin sits down with Jackson Shaw, Chief Strategy Officer at Clear Skye to discuss one very important part of Zero Trust: Identity and…

Implementing Zero Trust With Privileged Access Management Platforms

Among the many approaches to do that, Zero Trust is one where organizations apply the principle of “never trust – always verify”. Since Zero Trust is not a single product or solution, implementing processes that work accordingly can be a challenge to IT teams that want to…

Unify Identity and Security to Block Identity-Based Cyber Attacks

Join security and identity experts from KuppingerCole Analysts and ARCON as they discuss the importance of securing enterprise credentials, explain why a unified identity security approach in line with Zero Trust principles improve security and efficiency, and describe how to combine…

Effective IAM in the World of Modern Business IT

Digital Transformation promises lower costs, and increased speed and efficiency. But it also leads to a mix of on-prem and cloud-based IT infrastructure, and a proliferation of identities that need to be managed in a complex environment. Organizations adopting a Zero Trust approach to…

Enhancing Zero Trust in a ServiceNow Environment

Zero Trust has been established as the guiding principle for cybersecurity. The “don’t trust, always verify” approach stands for methods that don’t rely only on singular security tools, such as the traditional network perimeter firewall, to keep attackers out.…

Ask Just Anything

CSLS Wrap Up and Closing Keynote

Continuous Zero Trust Transformation using a Value and Risk Driven Approach

For big companies like Mercedes, there is no generic zero trust implementation to deliver the values for customer, workforce, suppliers and logistics.  It is unlikely to have a greenfield implementation as there is a rich fundament of processes, technologies and business uses cases…

Quantum Computers: The Ultimate Opponent for Data Protection

Panel | Looking into the International and German Governmental Cybersecurity Architecture

From Christina Rupp’s initial talk, we have seen that Germany’s governmental cybersecurity architecture is a complex ecosystem. In this Panel Session, we will discuss challenges and requirements of European institutional cybersecurity architectures and how such architectures…

R.O.N. - Return on Negligence – The Impact of Cybercrime

The cost of doing nothing is something that today we have to factor into many aspects of our lives.  Inaction hurts and we’ll briefly talk about the 6 degrees of separation for the connected areas that are impacted by Cybercrime.  There is more at risk than what can be…

Achievement Unlocked: Navigating the Labyrinth of Cyber Leadership

The role of a CISO has expanded beyond technical competence and compliance – an uncertain threat landscape calls for a technically competent leader with strategic oversight across the board, from engaging with multiple stakeholders to manage and get buy-in for cyber resilience…

Workshop | Strategy, Risk, and Security: Building Business Resilience for Your Organization

Every business should be equipped to understand for itself what most threatens and endangers its business model. This is the starting point for preparation measures for disruptions and crises that, if not properly managed, can endanger and even kill organizations as a whole.…

Workshop | Break the Kill Chain – An Intelligence-Led Model to Cyber Defence

CISO Panel | Mitigating State Sponsored Attacks in Cyber-Space

Attackers are expected to leverage the uncertain geopolitical landscape to carry out advanced cybercrime attacks, leaving businesses susceptible to intrusions that could have potential second and third-order effects on their operations. In this panel session, leading CISOs provide a…

Workshop | From Asset Management to Asset Intelligence: Crossing the CAASM

As the sprawl of devices, device types, and solutions continues to skyrocket, environments only grow more complex. But there's good news: asset management has evolved. Today’s “asset intelligence” moves from a spreadsheet approach to an API-driven, always up-to-date…

Germany's Cybersecurity Architecture and How it is Linked to International Actors

Christina Rupp has co-authored a publication of the Stiftung Neue Verantwortung, a Berlin based Think-Tank exploring the intersection of technology and society, on Germany’s Cybersecurity Architecture. In her introductory talk, she will provide insights into the development and…

New Security Fundamentals: Five Things CISOs and CTOs Should Consider

The old saying goes, ‘The more things change, the more they stay the same”. This has never been more true than today in the modern CTO and CISO’s life. As technology evolves, the attack surface and actors adapt. Are they really different? Or are they the same…

Software Bill of Material - a Way to Prevent Black Swan Events?

SBOM offers multiple ways of getting under the covers of your and other provider's software resilience. Implemented properly, SBOM not only increases code and library transparency with a a much better chance to catch hidden software flaws much more quickly and potentially ahead of your…

The Art of Becoming a Multifaceted CISO

The challenges to information security in companies are increasing every year. The focus is on serious attacks against small and large companies and the urgent need to protect their own information. It is no longer sufficient to view the protection of corporate information in a…

The European Cybersecurity Competence Center (ECCC) and the Future of Cybersecurity in Europe

Pools of Identity: Best Practices Start With Personal Password Behavior

Panel | Misinformation – Disinformation – Malinformation (MDM): The Next Big CISO Challenge?

Even though MDM has had a long history during war and times of high tension,  the digital era has been increasing reach and potential impact of weaponized misinformation. Sophisticated tools such as machine learning mechanisms and software bots is opening a huge battlefield for…

Why Threat Intelligence is Losing its Edge and How to Overcome Noise Overload

Security in the Face of Change: Past Lessons & Prospects for Our Future

The convergence of organizational decentralization, digitization, and global i nstability have raised the need to secure vital infrastructure. Can we learn from the past? Can we prioritize and plan future scenarios?  Join Elastic as we share insights and lessons from building…

Panel | Leadership Outlook: What Are the Key Attributes of the Next-Gen CISO?

In this exclusively curated panel session, top CISOs from across the world reflect on where they find themselves today, explore trends that will define the cyber ecosystem over the next decade and highlight the core attributes required for future CISOs to maneuver through the challenges…

Workshop | Implementation of a Risk Class Model Within Access Management

In this workshop, we will show you how to implement a risk class-based approach within access management with little effort in order to achieve the highest level of control, compliance and transparency in your own organization. All the necessary rules and templates (e.g., for password…

Model to Quantify Cyber Security Risks

Get a model and recommendations to quantify cyber security risks including the costs of fines, contractual compensations, service credits, and loss of income. The use of heatmaps with qualitative criteria and arbitrary cocktails of threat and control efficiency data prevents the secure…

Successfully tackling your Digital Supply Chain Risk

In this talk, Martin Kuppinger, Principal Analyst at KuppingerCole Analysts, will provide insights on Digital Supply Chain Risk. He will look at the areas of risks, from secure partner onboarding to software supply chain security and others. He will look at prominent examples and common…

Building Resilience After a Major Incident

This presentation will explore resilience measures to be taken immediately after a major incident.

Security Automation: Realizing Business Benefits, Without Adding Headcount

The next generation of cyber threats have arrived and there aren’t enough security people or budgets to handle the growing volume and complexity. This presentation will explore why organizations — and not just their security teams — need security automation. We…

Panel | Getting Started on Your Zero Trust Journey

As organizations continue to grapple with security issues, a 'zero-trust' approach to cybersecurity has been touted as a potential solution to enhance enterprise security. However, taking on Zero Trust architectures can be an overwhelming experience for even the most seasoned cybersecurity…

Enterprise Access Control for Zero Trust

With many privileges to manage within an organization, authorization within an Enterprise can be a challenge. As capabilities in any organization are often in a state of constant change and growing complexity, implied trust can easily creep into authorization frameworks and policies leading…

Zero Trust Is Table Stakes, Zero Knowledge Is the Next Evolution

Zero trust has been around in one shape or form in security for many years, usually under different names like the "Principle of least privilege" or "Mandatory Access Control'. It exists for a good reason, and needs to be re-enforced. But for any cloud native vendor, Zero Trust should be…

Zero Trust Journey, How We Moved from an Immature Organization to Zero Trust

This is the story of our journey to Zero Trust, from the initial analysis to its technical and effective implementation. As many organizations our starting point was not the best one (lack of proper asset management, mixed permissions, etc) but when we started to work on a Zero Trust…

Let’s Think Zero Trust – for IT, OT and Products

Over the past two years, Siemens has been on a mission to protect a global enterprise through the highest Zero Trust standards, and this journey is far from over. In this session, program lead Thomas Müller-Lynch share his experiences on the road to Zero Trust readiness of all…

Microshard Technology: An Enabler for GDPR/Schrems II Compliance

This session will examine the ruling of 16 July 2020, where the Court of Justice of the European Union (the Court) in its Case C-311/18 Data Protection Commissioner v Facebook Ireland and Maximillian Schrems (called “Schrems II case”) invalidated the EU-US Privacy Shield…

How to Build a Trusted Digital World Through Collaboration

Thanks to cybersecurity technologies such as Privilege Access Management and security concepts like Zero Trust, we now have the capacity to secure all digital access, from the cloud to IoT. Digital access in software and hardware must be secure by design to minimize risk as much as…

SASE v/s Zero Trust: Going Beyond Buzzwords

The concepts behind Zero Trust and SASE are not new, but recent developments in technological capabilities, changes in the way people are working, accelerated adoption of cloud and Edge computing, and the continued evolution of cyberthreats have resulted in both rising in prominence.  …

Reducing Complexity – Introducing a Practical Model for Security Classifications

Building and running cyber security in both worlds modern cloud security in combination and legacy on premises introduces extra complexity.  Some of the well known security patterns and models are not applicable in cloud systems while the modern security models like zero trust barely…

CISO Talk: Cloud as a Security Enabler

More organizations are now moving to the cloud.  From a security perspective – refactoring the applications provides a major opportunity to improve security posture.  This session explores how the right approach towards can save time, increase inherent security, and ensure…

Exploring the Impact of Cybersecurity Regulations in the Digital World

The European Commission is working on various legal initiatives for the European Union related to the digitial world, and they are in various states of being adopted. This presentation gives an overview on these, and a looks into the content matter they cover. What are the most important…

Learn How SD Worx Turned Its Cybersecurity Strategy Into a Business Enabler

Risk-Based Cyber Reporting Best Practices

Cybersecurity reporting is a critical mechanism to ensure effective commincation of significant security issues across different levels of your organization - from software architects to the Board. Yet, reporting today is far from being a formality and does not comprehensively highlight an…

Resilience and the Need for Privacy

This presentation will explore the role of privacy in building enterprise resilience.

Government's Role in Providing a Secure Framework for Digital Transformation

This keynote will explore the role of government in providing a secure framework for digital transformation.

Analyst Chat #146: Do You Still Need a VPN?

Virtual Private Networks (VPNs) are increasingly being promoted as an essential security tool for end users. This is not about the traditional access to corporate resources from insecure environments, but rather about privacy and security protection, but also about concealing one's actual…

Considerations for Reducing the Risk of Ransomware

In this paper, we will expand our view of ransomware and demonstrate how treating it as an isolated security challenge is not a sustainable approach. We will show why prevention is the best foundation for managing risk and consider some strategies to combat common ransomware tactics. A…

Jan 19, 2023: Championing Privileged Access Management With Zero Trust Security

In the age of hybrid working, global organizations urgently need a unified approach towards securing their privileged identities, such as user accounts, devices, admins , and more, against abuse and insider threats. If one or more of these privileged identities were compromised, the…

A Zero Trust Approach to Cyber Resilience

Security in many organizations is not evolving fast enough to keep up with business transformation, including migration to the cloud and to Industry 4.0. These changes, while essential to remain competitive, bring fresh security risks. A new approach is needed to ensure cyber…

Dec 15, 2022: Implementing Zero Trust With Privileged Access Management Platforms

There is no debate about the fact that ransomware is the fastest-growing kind of cybercrime. Due to their wide range of access rights and thus potential ransom leverage, privileged accounts are at the top of the target list for cybercriminals. Therefore, organizations need to pay special…

Dec 06, 2022: Unify Identity and Security to Block Identity Based Cyber Attacks

Compromised credentials are a top cyber-attack method. Identity-based attacks are on the rise, it is therefore vital that businesses can detect the misuse of enterprise identities to block attackers from getting unfettered insider access to IT systems and data. But that can be challenging in…

Modernizing Legacy IAM Systems

Legacy IAM systems can no longer meet the requirements of Digital Transformation. They often have a negative impact on business efficiency and customer experience. Such systems are too costly to maintain and are getting closer to reaching end-of-life. Today, organizations can be expected to…

Zero Trust Is Driving the Evolution of Authorization

Verifying what specific applications, files, and data that a human or non-human entity has access to, is at the heart of cybersecurity in the face of increasing theft of data for espionage or other criminal purposes. Authorization, therefore, is extremely important to security, but it is…

You Cannot Buy Zero Trust, But That’s Actually OK

Zero Trust is undoubtedly one of the hottest buzzwords in the IT industry. The idea that just by following a set of simple principles an organization can dramatically reduce the complexity of its IT infrastructure and significantly improve its security posture and resilience to cyberattacks…

Analyst Chat #138: Jumpstart Your Zero Trust Strategy With Zero Trust Network Access (ZTNA) Solutions

Zero Trust is rapidly gaining popularity as a modern alternative to traditional perimeter-based security. While it is (rightfully) mainly considered a concept rather than a product, a new market segment has developed. Those solutions apply this concept to network-based access to existing…

Nov 17, 2022: Effective IAM in the World of Modern Business IT

Digital Transformation promises lower costs, and increased speed and efficiency. But it also leads to a mix of on-prem and cloud-based IT infrastructure, and a proliferation of identities that need to be managed in a complex environment. Organizations adopting a Zero Trust approach to…

Zero Trust Network Access

This report is an overview of the market for Zero Trust Network Access (ZTNA) solutions and provides you with a compass to help you to find the solution that best meets your needs. We examine the market segment, vendor service functionality, relative market share, and innovative approaches…

Oct 11, 2022: A Zero Trust Approach to Cyber Resilience

Security in many organizations is not evolving fast enough to keep up with business transformation, including migration to the cloud and to Industry 4.0. These changes, while essential to remain competitive, bring fresh security risks. A new approach is needed to ensure cyber resilience.

Dealing Effectively with Modern, Industrialized Cyber Threats

The cyber threat landscape has become very complex, with state-of-the-art intrusion, ransomware, and cryptocurrency mining tools now readily available through online stores and service providers, and an expanding attack surface due to increased cloud computing and remote working. Keeping…

A Passwordless Future Begins with Credential Management

Although it enables a Zero Trust security approach, the journey to passwordless is often challenging and may require an organization to use multiple authentication methods to meet their varied use cases. Credential management is a practical means to have insight on the different types of…

The Role of Identity for Zero Trust

Identity is central to Zero Trust. Zero Trust as the established leading principle for cybersecurity is about continuous verification instead of trust into a one-time proof by a singular system. Verification is about identities, human and non-human, and their access entitlements to devices,…

Making Zero Trust a Reality: Basing Decisions on Valid Identity Data

Cloud computing and mobile workforces have resulted in an expanding attack surface and a complex web of identify information. This means that traditional perimeter-based security models are no longer effective. A Zero Trust model of strict access control for every user and device enables…

Ransomware in 2022

Cybercriminals continue to cause disruption for organizations in 2022. Depending on the cyberattack type, those disruptions lead to various consequences, such as reputational/brand damage, financial losses, and monetary penalties. One of the most prevalent types of cyberattacks is…

Zero Trust vs SASE

As discussed in the last edition of KC Navigator, public sector organizations are increasingly early adopters in digital identity, digital transformation, and cybersecurity, providing the opportunity for private sector organizations to learn from public sector implementations and follow…

Ever-Growing Attack Surface

The era we are living in has transformed the Internet and IT from being a convenience for people and organizations into a cyber liability. In an IT infrastructure, almost any system is now an integrated system that has internet connectivity. With assets, devices, resources, hardware, and…

Jun 29, 2022: Dealing Effectively with Modern, Industrialized Cyber Threats

The cyber threat landscape has become very complex, with state-of-the-art intrusion, ransomware, and cryptocurrency mining tools now readily available through online stores and service providers, and an expanding attack surface due to increased cloud computing and remote working. Keeping…

Public-Private Cooperation in Cyberspace

Managing business in today's geopolitical context In the face of a geopolitical crisis, concerns are growing about the threat of cyber-attacks to global supply chains and private organizations, which are already in a precarious state due to the Covid-19 pandemic. When a crisis occurs,…

And Now What? How to Approach Zero Trust for Success

Fabrizio has been working on Zero Trust Architectures since 2017. In this talk, he will show how to approach a Zero Trust initiative (or program) in the most successful way. The presentation will touch on both strategical and tactical approaches and what needs to be considered for each.

Siemens – heading towards our Zero Trust Vision and how we measure the implementation status

Getting a global IT company Zero Trust ready is a huge challenge. And now imagine you have to do that plus hundreds of factories, trains, and other machines as well as tools. Siemens is already in the middle of that enormous process. To give you an insight how to cope with such a…

Enterprise Readiness for Zero Trust

Preparing to embark on the Zero Trust journey for your Enterprise users can be daunting. Discussed will be a consolidated review of objectives, resources, policies, and other considerations required to honestly assess your current organization and plan your strategy for gracefully…

Panel | Best Practices to Get Started on Your Zero Trust Journey

As organizations continue to grapple with security issues, a 'zero-trust' approach to cybersecurity has been touted as a potential solution to enhance enterprise security. However, taking on Zero Trust architectures can be an overwhelming experience for even the most seasoned cybersecurity…

Standards and Zero Trust

While many in our industry see Zero Trust as the new security architecture paradigm that will increase security program effectiveness, reduce entropy of security architectures, and finally bring the advances in information security that were promised by de-perimeterization over a decade…

Pitfalls in the Road to Zero Trust

Zero trust promises better security in a highly interconnected world, but many of the tenets of zero trust are contradictory to entrenched practices and ideas. Getting beyond MFA into a true zero trust environment isn't an incremental change, it's a radical restructuring of how…

Interview with Eleni Richter

Practical Zero Trust: From Concepts to Quick Wins to a Strategy

So, you’ve heard a lot of impressive things about Zero Trust, and how implementing it in your organization should solve most of your security problems, especially these days, when people still primarily have to work remotely. Now you would like to start with Zero Trust as soon as…

Identity as the Key to Zero Trust Maturity

Okta’s vision is to enable everyone to safely use any technology. Trust is critical to our business and our customers' success. Markus Grüneberg will speak about the modern digital identity and how to use them to build a robust security strategy. In this…

Analyst Chat #117: Practical Zero Trust

This time Alexei Balaganski and Matthias look at practical approaches to actually implementing Zero Trust for specific, real-life use cases. On this occasion, they also finally unveil the connections between Zero Trust and Feng Shui.

Zero Trust: Putting Theory Into Practice

Now is the time to implement the Zero Trust security model because the traditional model of enforcing security at the network perimeter is no longer effective. However, moving from theory into practice can be challenging unless you start with a key element like effective endpoint management.

Zero Trust: CISOs No Longer Need to Choose Between Usability and Security

Among the longstanding challenges that information security leaders have grappled with for years, one stands out: the difficulty of balancing user experience and security. The traditional tug-of-war between ease of access to business-critical applications and resources and robust protection…

Die Rolle von Identity Security bei Zero Trust

„Zero Trust“ ist heute für die meisten CISOs ein regelmäßiges Gesprächsthema. Im Kern geht es bei Zero Trust um das Prinzip der kontinuierlichen und sorgfältigen Zugriffskontrolle an mehreren Stellen für alle Benutzer beim Zugriff auf Netzwerk- und…

May 18, 2022: Making Zero Trust a Reality: Basing Decisions on Valid Identity Data

Cloud computing and mobile workforces have resulted in an expanding attack surface and a complex web of identify information. This means that traditional perimeter-based security models are no longer effective. A Zero Trust model of strict access control for every user and device enables…

Zero Trust: Now Is the Time and PBAC Is Key

Now is the time to implement the Zero Trust security model because the traditional model of enforcing security at the network perimeter is no longer effective with users, devices and workloads moving outside the corporate network, but success depends on understanding the essential…

Mar 17, 2022: Zero Trust: Putting Theory Into Practice

Now is the time to implement the Zero Trust security model because the traditional model of enforcing security at the network perimeter is no longer effective. However, moving from theory into practice can be challenging unless you start with a key element like effective endpoint management.

Feb 24, 2022: Die Rolle von Identity Security bei Zero Trust 

„Zero Trust“ ist heute für die meisten CISOs ein regelmäßiges Gesprächsthema. Im Kern geht es bei Zero Trust um das Prinzip der kontinuierlichen und sorgfältigen Zugriffskontrolle an mehreren Stellen für alle Benutzer beim Zugriff auf Netzwerk- und Systemressourcen ebenso wie Daten. Das ist…

Security Operations in the Age of Zero Trust

How must security operations transform to effectively deliver the comprehensive and integrated value of zero trust implementations? Security operations for Zero Trust must take a comprehensive approach, and deliver insights, competencies and skillsets, cost impact of transformed operating…

Prediction #5 - Zero Trust: The Next Level

Zero Trust will continue to play a crucial role in cybersecurity and identity management. In this session, KuppingerCole Analysts Martin Kuppinger and Paul Fisher will discuss with Sergej Epp from Palo Alto Networks on how to apply Zero Trust thinking to converge IAM, UEM, MDM, XDR,…

Nov 08 - 10, 2022: Cybersecurity Leadership Summit 2022

For the 5th time, the Cybersecurity Leadership Summit brings together cybersecurity executives, analysts, and top CISOs from global players like Mercedes-Benz, Deutsche Bank, Nordea, Bank of Montreal, Deutsche Bahn, E.ON, Siemens, and Mastercard to help delegates drive decision-making…

Implementing SASE

Secure Access Service Edge (SASE) architectures promise to prevent multiple types of cyber-attacks, but deciding whether SASE is right for your organization will require understanding whether SASE is a fit for your use cases in IT. This Advisory Note looks at the definition and promise of…

Feb 09, 2022: Zero Trust: Now Is the Time and PBAC Is Key

Now is the time to implement the Zero Trust security model because the traditional model of enforcing security at the network perimeter is no longer effective with users, devices and workloads moving outside the corporate network, but success depends on understanding the essential components…

Mar 23, 2022: Zeroing in on Zero Trust

As organizations across the world continue to adopt a hybrid working model, there is a clear need for a new security model that adapts to the complexity of a mobile workforce. The Zero Trust security approach moves away from a default trust model towards one that is centered around the core…

EIC Speaker Spotlight: Kay Chopard on Driving Digital Trust

Kay Chopard, Executive Director of the Kantara Initiative is to host a workshop entitled Driving Digital Trust on Monday, September 13 starting at 9:00 am at EIC 2021. To give you a sneak preview of what to expect, we asked Kay some questions about Kantara’s planned workshop.…

Zero Trust Through Dynamic Authorization and Policy Driven Access

As workers become more mobile and workloads move into the cloud, the traditional model of enforcing security at the network perimeter becomes ineffective. A Zero Trust model of strict access control for every user or device protects your organization from advanced security threats enabling…

EIC Speaker Spotlight: Peter Busch on Trust as the Key Concept

Peter Busch, Product Owner Distributed Ledger Technologies Mobility at Robert Bosch Group, is to deliver a presentation entitled Trust as the Key Concept in Future Mobility on Tuesday, September 14 starting at 3:30 pm. at EIC 2021. To give you sneak preview of what to expect, we asked Peter…

Analyst Chat #86: Zero Trust Means Zero Blind Spots

The path toward a Zero Trust architecture to improve cybersecurity for modern enterprises in a hybrid IT landscape often seems overly complex and burdensome. Alexei Balaganski is this week's chat partner for Matthias and he draws attention to an often overlooked benefit of such an…

Zero Trust Through Identity-Based Segmentation

As workers become more mobile and workloads move into the cloud, the traditional model of enforcing security at the network perimeter becomes ineffective. A Zero Trust model of strict identity verification and access control for every user or workload offers an alternative that secures data…

Zero Trust Means Zero Blind Spots

The traditional model of enforcing security at the network perimeter is no longer effective. The nature of the corporate network is changing with mobile and cloud computing. A Zero Trust model offers an alternative that secures data while ensuring it is accessible to employees, regardless…

Access Management Trends Towards a Zero-Trust Paradigm

Organizations around the world have been rapidly modernizing their access management infrastructures in response to increased cyber-attacks and data breaches, enactment of security and privacy regulations, and a shift to remote working. Access management modernization is quick shift away…

Technological Approaches to a Zero Trust Security Model

The traditional model of enforcing security at the network perimeter is no longer valid as employees, devices and workloads move outside the corporate network. A Zero Trust model offers an alternative that secures data while ensuring it is accessible from wherever employees are working. But…

Cloud Codes of Conduct Get the EU Green Light, but More Is Still Needed

Green Light On May 20th, 2021 it was announced that the EU Cloud Code of Conduct had received official approval by the Belgian Data Protection Authority, following the positive opinion issued by the European Data Protection Board.  At the same time, the European Data Protection…

Finding Your Path to Zero Trust

As users, devices and application workloads move outside the corporate network, the traditional model of enforcing security at the network perimeter is no longer effective. A Zero Trust model offers an alternative that secures data while ensuring it is accessible to employees, regardless of…

Martin Kuppinger: Modern IGA Capabilities & Zero Trust Identity

Panel: No Zero Trust Without Strong IAM - What You Need in IGA and Beyond for Enabling Zero Trust

IGA in a World of Zero Trust

Zero Trust is a key paradigm for cybersecurity today, used well beyond the security circles. The goal is building cybersecurity that “never (blindly) trusts”, but “always verifies.” This traditionally meant verifying Who has access to What resource. In the past, the…

Analyst Chat #73: Cybersecurity Vulnerabilities of Remote Work

Shikha Porwal and Matthias Reinwarth have a coffee conversation over the security risks of working remotely. They talk through the vulnerabilities of a home network, and touch base with the pandemic related end point security threats, employee behavior and finally, Zero trust.  

RadiantOne: Identity Integration for Zero-Trust and Digital Transformation

Transition to a fully distributed and agile digital enterprise is increasingly seen as a matter of organizational survival. The COVID-19 pandemic overwhelmed any lingering doubt about its urgency. It is also clear that a new cyber-security model is required to secure the assets of the…

Maturing a Zero-Trust Strategy for the Extended Enterprise

In the digital era, a 20th century perimeter-based approach to security is no longer appropriate or effective in securing the modern extended enterprise. Instead, a more flexible, identity-based approach is required that can be implemented at every layer of IT, from devices and networks to…

Insights of a CISO: Interview with Thomas Malta

Analyst Chat #64: Applying The Zero Trust Principle To The Software Supply Chain

Martin Kuppinger is one of the founders and the principal analyst of KuppingerCole and he is steering the overall development of the topics covered in KC's research, events and advisory. He joins Matthias to talk about the importance of extending Zero Trust to cover software security, for…

Eleni Richter: Zero Trust Use Cases

Matthias Reinwarth: Zero Trust for Reducing the Risks of Security Incidents

Panel - Zero Trust in the Enterprise

Henk Marsman: From Trust to Zero - Lessons from Halfway in a Large Enterprise Environment

Filipi Pires: Trust or Not Trust? Is there new mindset about CyberSecurity using Zero Trust?

Roger Halbheer: Zero Trust - Security Through a Clearer Lens

Join us to understand how Zero Trust transforms your security strategy and makes you more resilient to a range of attacks. We will share a roadmap for leaders, architects, and practitioners, as well as talk about some quick wins and incremental progress on this journey.

Dimitri Lubenski, Dr. Jan Herrmann: The Role of IAM within Zero Trust Architectures at Siemens

Paul Simmonds: Alignment of Zero Trust with Business Strategy

Expert Chat: Interview with Stefan Würtemberger

Scott Rose: Zero Trust 101

Rebecca Nielsen: What is Strong Authentication in a Zero Trust Environment

Panel - Zeroing in on Zero Trust: A Paradigm Shift in Cybersecurity

Bryan Meister: Navigating Enterprise Enablement and Zero Trust

John Tolbert: Zero Trust for Reducing the Risks of Security Incidents

Mar 18, 2021: Maturing a Zero-Trust Strategy for the Extended Enterprise

In the digital era, a 20th century perimeter-based approach to security is no longer appropriate or effective in securing the modern extended enterprise. Instead, a more flexible, identity-based approach is required that can be implemented at every layer of IT, from devices and networks to…

The Next Level of Zero Trust: Software Security and Cyber Supply Chain Risk Management

The recent SolarWinds incident has shed a light on an area of cybersecurity that is not frequently in focus. Better said, it is “again has shed a light”, if we remember the Heartbleed incident that happened back in 2014. Back then, my colleague Alexei Balaganski wrote in a blog…

Zero Trust: We’re Nowhere Near the End of the Story Yet

Oh, how time flies! It seems that the whole story of Zero Trust as a revolutionary concept for designing computer networks began just yesterday, but it’s been over a decade already. In fact, the very idea that was later somewhat awkwardly named “de-perimeterization” was…

The Evolution of Access Control

The purpose of an identity management system is to support access control to an organization’s sensitive systems and protected resources. Contemporary access control has progressed from static entitlements, still used in many organisations. Not only manual interventions are necessary…

The Non-Zero Elements of Zero Trust

The ongoing SolarWinds incident illustrates that the much-lauded Zero Trust security paradigm is, in fact, based on trust. Zero Trust is about authenticating and authorizing every action within a computing environment. It is putting the principle of least privilege into action. In an ideal…

Making Zero Trust Work With the NIST Framework

There’s lots of hype around Zero Trust Security in the context of our changing mobile and cloud-centric working environments. Moving towards a modern and agile Zero Trust security concept is essential in today's mobile first, work-securely-from-anywhere world.

Feb 17, 2021: Making Zero Trust a Reality

Join the KCLive Event on Zero Trust on February, 17, 2021 to gain expert insights that help you to successfully implement Zero Trust in your organization.

Ivanti’s Zero Trust Journey

Ivanti has completed its acquisition of MobileIron and Pulse Secure. Ivanti, headquartered in Salt Lake City, had its roots in desktop management (LANDESK), evolved into endpoint and patch management, and had added full IT asset, service, and workspace management, as well as IAM…

Zero Trust for the Workforce

While the concept of zero-trust networking is nearly a decade old, the last few years have seen its popularity in industry discussions grow exponentially.

Analyst Chat #56: The Project Road Towards Zero Trust - What to Do and Where to Start

This podcast has already looked at the Zero Trust concept as a challenging architectural paradigm for security and an important component of modern and future-oriented security architectures from various angles. This time Christopher and Matthias focus on a phased project approach towards…

Analyst Chat #55: What Keeps Organizations From Adopting Zero Trust

The Zero Trust concept comes with the promise to adequately secure our modern, hybrid IT world at any time and any place. Manufacturers, consultants and even analysts agree as rarely as they do that this changed architectural paradigm is an important component of modern and future-oriented…

The Interplay between Zero Trust and IAM

Martin Kuppinger and Danna Bethlehem, Director of Product Marketing at Thales discuss their perspectives on the interplay of Zero Trust and Identity and Access Management.

Jan 26, 2021: The Evolution of Access Control

The purpose of an identity management system is to support access control to an organization’s sensitive systems and protected resources. Contemporary access control has progressed from static entitlements, still used in many organisations. Not only manual interventions are necessary to…

Data-Driven Decision Making for Identity Security

Symantec Enterprise: With more informed decisions comes more automated security. In today’s Zero Trust world, where the principle of least privilege is ubiquitous, enterprises are struggling to balance security while simultaneously enabling a highly agile business environment. There…

Dec 16, 2020: Making Zero Trust Work With the NIST Framework

There’s lots of hype around Zero Trust Security in the context of our changing mobile and cloud-centric working environments. Moving towards a modern and agile Zero Trust security concept is essential in today's mobile first, work-securely-from-anywhere world.

Dec 01, 2020: Zero Trust for the Workforce

While the concept of zero-trust networking is nearly a decade old, the last few years have seen its popularity in industry discussions grow exponentially.

Analyst Chat #41: NIST’s Zero Trust Architecture

John Tolbert and Matthias Reinwarth look at SP 800-207, the NIST special publication on Zero Trust architecture and discuss how it aligns with KuppingerCole's own vision of this topic (spoiler: it does align very well!)

A Look at NIST’s Zero Trust Architecture

NIST, the US National Institute for Standards and Technology, recently released SP 800-207 Zero Trust Architecture. The NIST special publication examines the principles of and motivations for ZTA, as well as implementation considerations, security concerns, and suggestions for improvements…

We Need to Talk About Passwords – Urgently!

Passwords have been used for authentication for decades and continue to proliferate. Yet we know they create friction for users, slow down business productivity, and are a weak form of user authentication. Users are always forgetting them or use weak passwords that are easily cracked by…

Jul 28, 2020: We Need to Talk About Passwords – Urgently!

Passwords have been used for authentication for decades and continue to proliferate. Yet we know they create friction for users, slow down business productivity, and are a weak form of user authentication. Users are always forgetting them or use weak passwords that are easily cracked by…

Analyst Chat #18: Zero Trust from the Cloud

Matthias Reinwarth and Alexei Balaganski look at the potential alternatives to VPNs and security gateways.

KuppingerCole Analyst Chat: Zero Trust as a Concept for … Trust and Security

Matthias Reinwarth and Martin Kuppinger dispel a few myths about Zero Trust.

Analyst Chat #15: Zero Trust as a Concept for … Trust and Security

Matthias Reinwarth and Martin Kuppinger dispel a few myths about Zero Trust.

Access all Apps with Azure AD: A Single Identity Solution for Secure Access

Most businesses already rely on Azure Active Directory for secure, seamless access to Microsoft services like Office 365 and Azure. But with more applications being used than ever before, organizations are asking themselves what bigger role Azure Active Directory can play in securing their…

Zero Trust Paradigm for the Future of Security

Martin Kuppinger explains the meaning behind the popular buzzword.

Zero Trust Paradigm for the Future of Security

Martin Kuppinger explains the meaning behind the popular buzzword.

Apr 29, 2020: Access all Apps with Azure AD: A Single Identity Solution for Secure Access

Most businesses already rely on Azure Active Directory for secure, seamless access to Microsoft services like Office 365 and Azure. But with more applications being used than ever before, organizations are asking themselves what bigger role Azure Active Directory can play in securing their…

What Does the Future Hold for Passwordless Authentication and Zero Trust?

Enterprises of all types face a growing number of cyber threats today. Studies show that most data breaches begin with compromised passwords. Moreover, password management is expensive and not user-friendly. Enterprise workforce users are driving the consumerization of IT. They want the…

Mar 05, 2020: What Does the Future Hold for Passwordless Authentication and Zero Trust?

Enterprises of all types face a growing number of cyber threats today. Studies show that most data breaches begin with compromised passwords. Moreover, password management is expensive and not user-friendly. Enterprise workforce users are driving the consumerization of IT. They want the same…