Zero Trust

Making Zero Trust a Reality: Basing Decisions on Valid Identity Data

Cloud computing and mobile workforces have resulted in an expanding attack surface and a complex web of identify information. This means that traditional perimeter-based security models are no longer effective. A Zero Trust model of strict access control for every user and device enables…

Ransomware in 2022

Cybercriminals continue to cause disruption for organizations in 2022. Depending on the cyberattack type, those disruptions lead to various consequences, such as reputational/brand damage, financial losses, and monetary penalties. One of the most prevalent types of cyberattacks is…

Zero Trust vs SASE

As discussed in the last edition of KC Navigator, public sector organizations are increasingly early adopters in digital identity, digital transformation, and cybersecurity, providing the opportunity for private sector organizations to learn from public sector implementations and follow…

Ever-Growing Attack Surface

The era we are living in has transformed the Internet and IT from being a convenience for people and organizations into a cyber liability. In an IT infrastructure, almost any system is now an integrated system that has internet connectivity. With assets, devices, resources, hardware, and…

Public-Private Cooperation in Cyberspace

Managing business in today's geopolitical context In the face of a geopolitical crisis, concerns are growing about the threat of cyber-attacks to global supply chains and private organizations, which are already in a precarious state due to the Covid-19 pandemic. When a crisis occurs,…

Standards and Zero Trust

While many in our industry see Zero Trust as the new security architecture paradigm that will increase security program effectiveness, reduce entropy of security architectures, and finally bring the advances in information security that were promised by de-perimeterization over a decade…

And Now What? How to Approach Zero Trust for Success

Fabrizio has been working on Zero Trust Architectures since 2017. In this talk, he will show how to approach a Zero Trust initiative (or program) in the most successful way. The presentation will touch on both strategical and tactical approaches and what needs to be considered for each.

Practical Zero Trust: From Concepts to Quick Wins to a Strategy

So, you’ve heard a lot of impressive things about Zero Trust, and how implementing it in your organization should solve most of your security problems, especially these days, when people still primarily have to work remotely. Now you would like to start with Zero Trust as soon as…

Enterprise Readiness for Zero Trust

Preparing to embark on the Zero Trust journey for your Enterprise users can be daunting. Discussed will be a consolidated review of objectives, resources, policies, and other considerations required to honestly assess your current organization and plan your strategy for gracefully…

Siemens – heading towards our Zero Trust Vision and how we measure the implementation status

Getting a global IT company Zero Trust ready is a huge challenge. And now imagine you have to do that plus hundreds of factories, trains, and other machines as well as tools. Siemens is already in the middle of that enormous process. To give you an insight how to cope with such a…

Pitfalls in the Road to Zero Trust

Zero trust promises better security in a highly interconnected world, but many of the tenets of zero trust are contradictory to entrenched practices and ideas. Getting beyond MFA into a true zero trust environment isn't an incremental change, it's a radical restructuring of how…

Interview with Eleni Richter

Panel | Best Practices to Get Started on Your Zero Trust Journey

As organizations continue to grapple with security issues, a 'zero-trust' approach to cybersecurity has been touted as a potential solution to enhance enterprise security. However, taking on Zero Trust architectures can be an overwhelming experience for even the most seasoned cybersecurity…

Identity as the Key to Zero Trust Maturity

Okta’s vision is to enable everyone to safely use any technology. Trust is critical to our business and our customers' success. Markus Grüneberg will speak about the modern digital identity and how to use them to build a robust security strategy. In this…

Analyst Chat #117: Practical Zero Trust

This time Alexei Balaganski and Matthias look at practical approaches to actually implementing Zero Trust for specific, real-life use cases. On this occasion, they also finally unveil the connections between Zero Trust and Feng Shui.

Zero Trust: Putting Theory Into Practice

Now is the time to implement the Zero Trust security model because the traditional model of enforcing security at the network perimeter is no longer effective. However, moving from theory into practice can be challenging unless you start with a key element like effective endpoint management.

Zero Trust: CISOs No Longer Need to Choose Between Usability and Security

Among the longstanding challenges that information security leaders have grappled with for years, one stands out: the difficulty of balancing user experience and security. The traditional tug-of-war between ease of access to business-critical applications and resources and robust protection…

Die Rolle von Identity Security bei Zero Trust

„Zero Trust“ ist heute für die meisten CISOs ein regelmäßiges Gesprächsthema. Im Kern geht es bei Zero Trust um das Prinzip der kontinuierlichen und sorgfältigen Zugriffskontrolle an mehreren Stellen für alle Benutzer beim Zugriff auf Netzwerk- und…

May 18, 2022: Making Zero Trust a Reality: Basing Decisions on Valid Identity Data

Cloud computing and mobile workforces have resulted in an expanding attack surface and a complex web of identify information. This means that traditional perimeter-based security models are no longer effective. A Zero Trust model of strict access control for every user and device enables…

Zero Trust: Now Is the Time and PBAC Is Key

Now is the time to implement the Zero Trust security model because the traditional model of enforcing security at the network perimeter is no longer effective with users, devices and workloads moving outside the corporate network, but success depends on understanding the essential…

Mar 17, 2022: Zero Trust: Putting Theory Into Practice

Now is the time to implement the Zero Trust security model because the traditional model of enforcing security at the network perimeter is no longer effective. However, moving from theory into practice can be challenging unless you start with a key element like effective endpoint management.

Feb 24, 2022: Die Rolle von Identity Security bei Zero Trust 

„Zero Trust“ ist heute für die meisten CISOs ein regelmäßiges Gesprächsthema. Im Kern geht es bei Zero Trust um das Prinzip der kontinuierlichen und sorgfältigen Zugriffskontrolle an mehreren Stellen für alle Benutzer beim Zugriff auf Netzwerk- und Systemressourcen ebenso wie Daten. Das ist…

Prediction #5 - Zero Trust: The Next Level

Zero Trust will continue to play a crucial role in cybersecurity and identity management. In this session, KuppingerCole Analysts Martin Kuppinger and Paul Fisher will discuss with Sergej Epp from Palo Alto Networks on how to apply Zero Trust thinking to converge IAM, UEM, MDM, XDR,…

Feb 09, 2022: Zero Trust: Now Is the Time and PBAC Is Key

Now is the time to implement the Zero Trust security model because the traditional model of enforcing security at the network perimeter is no longer effective with users, devices and workloads moving outside the corporate network, but success depends on understanding the essential components…

Mar 23, 2022: Zeroing in on Zero Trust

As organizations across the world continue to adopt a hybrid working model, there is a clear need for a new security model that adapts to the complexity of a mobile workforce. The Zero Trust security approach moves away from a default trust model towards one that is centered around the core…

EIC Speaker Spotlight: Kay Chopard on Driving Digital Trust

Kay Chopard, Executive Director of the Kantara Initiative is to host a workshop entitled Driving Digital Trust on Monday, September 13 starting at 9:00 am at EIC 2021. To give you a sneak preview of what to expect, we asked Kay some questions about Kantara’s planned workshop.…

Zero Trust Through Dynamic Authorization and Policy Driven Access

As workers become more mobile and workloads move into the cloud, the traditional model of enforcing security at the network perimeter becomes ineffective. A Zero Trust model of strict access control for every user or device protects your organization from advanced security threats enabling…

EIC Speaker Spotlight: Peter Busch on Trust as the Key Concept

Peter Busch, Product Owner Distributed Ledger Technologies Mobility at Robert Bosch Group, is to deliver a presentation entitled Trust as the Key Concept in Future Mobility on Tuesday, September 14 starting at 3:30 pm. at EIC 2021. To give you sneak preview of what to expect, we asked Peter…

Analyst Chat #86: Zero Trust Means Zero Blind Spots

The path toward a Zero Trust architecture to improve cybersecurity for modern enterprises in a hybrid IT landscape often seems overly complex and burdensome. Alexei Balaganski is this week's chat partner for Matthias and he draws attention to an often overlooked benefit of such an…

Zero Trust Through Identity-Based Segmentation

As workers become more mobile and workloads move into the cloud, the traditional model of enforcing security at the network perimeter becomes ineffective. A Zero Trust model of strict identity verification and access control for every user or workload offers an alternative that secures data…

Zero Trust Means Zero Blind Spots

The traditional model of enforcing security at the network perimeter is no longer effective. The nature of the corporate network is changing with mobile and cloud computing. A Zero Trust model offers an alternative that secures data while ensuring it is accessible to employees, regardless…

Access Management Trends Towards a Zero-Trust Paradigm

Organizations around the world have been rapidly modernizing their access management infrastructures in response to increased cyber-attacks and data breaches, enactment of security and privacy regulations, and a shift to remote working. Access management modernization is quick shift away…

Technological Approaches to a Zero Trust Security Model

The traditional model of enforcing security at the network perimeter is no longer valid as employees, devices and workloads move outside the corporate network. A Zero Trust model offers an alternative that secures data while ensuring it is accessible from wherever employees are working. But…

Cloud Codes of Conduct Get the EU Green Light, but More Is Still Needed

Green Light On May 20th, 2021 it was announced that the EU Cloud Code of Conduct had received official approval by the Belgian Data Protection Authority, following the positive opinion issued by the European Data Protection Board.  At the same time, the European Data Protection…

Finding Your Path to Zero Trust

As users, devices and application workloads move outside the corporate network, the traditional model of enforcing security at the network perimeter is no longer effective. A Zero Trust model offers an alternative that secures data while ensuring it is accessible to employees, regardless of…

Martin Kuppinger: Modern IGA Capabilities & Zero Trust Identity

Panel: No Zero Trust Without Strong IAM - What You Need in IGA and Beyond for Enabling Zero Trust

IGA in a World of Zero Trust

Zero Trust is a key paradigm for cybersecurity today, used well beyond the security circles. The goal is building cybersecurity that “never (blindly) trusts”, but “always verifies.” This traditionally meant verifying Who has access to What resource. In the past, the…

Analyst Chat #73: Cybersecurity Vulnerabilities of Remote Work

Shikha Porwal and Matthias Reinwarth have a coffee conversation over the security risks of working remotely. They talk through the vulnerabilities of a home network, and touch base with the pandemic related end point security threats, employee behavior and finally, Zero trust.  

Maturing a Zero-Trust Strategy for the Extended Enterprise

In the digital era, a 20th century perimeter-based approach to security is no longer appropriate or effective in securing the modern extended enterprise. Instead, a more flexible, identity-based approach is required that can be implemented at every layer of IT, from devices and networks to…

Insights of a CISO: Interview with Thomas Malta

Analyst Chat #64: Applying The Zero Trust Principle To The Software Supply Chain

Martin Kuppinger is one of the founders and the principal analyst of KuppingerCole and he is steering the overall development of the topics covered in KC's research, events and advisory. He joins Matthias to talk about the importance of extending Zero Trust to cover software security, for…

Matthias Reinwarth: Zero Trust for Reducing the Risks of Security Incidents

Eleni Richter: Zero Trust Use Cases

Roger Halbheer: Zero Trust - Security Through a Clearer Lens

Join us to understand how Zero Trust transforms your security strategy and makes you more resilient to a range of attacks. We will share a roadmap for leaders, architects, and practitioners, as well as talk about some quick wins and incremental progress on this journey.

Paul Simmonds: Alignment of Zero Trust with Business Strategy

Expert Chat: Interview with Stefan Würtemberger

John Tolbert: Zero Trust for Reducing the Risks of Security Incidents

Panel - Zero Trust in the Enterprise

Henk Marsman: From Trust to Zero - Lessons from Halfway in a Large Enterprise Environment

Filipi Pires: Trust or Not Trust? Is there new mindset about CyberSecurity using Zero Trust?

Rebecca Nielsen: What is Strong Authentication in a Zero Trust Environment

Panel - Zeroing in on Zero Trust: A Paradigm Shift in Cybersecurity

Bryan Meister: Navigating Enterprise Enablement and Zero Trust

Scott Rose: Zero Trust 101

Dimitri Lubenski, Dr. Jan Herrmann: The Role of IAM within Zero Trust Architectures at Siemens

Mar 18, 2021: Maturing a Zero-Trust Strategy for the Extended Enterprise

In the digital era, a 20th century perimeter-based approach to security is no longer appropriate or effective in securing the modern extended enterprise. Instead, a more flexible, identity-based approach is required that can be implemented at every layer of IT, from devices and networks to…

The Next Level of Zero Trust: Software Security and Cyber Supply Chain Risk Management

The recent SolarWinds incident has shed a light on an area of cybersecurity that is not frequently in focus. Better said, it is “again has shed a light”, if we remember the Heartbleed incident that happened back in 2014. Back then, my colleague Alexei Balaganski wrote in a blog…

Zero Trust: We’re Nowhere Near the End of the Story Yet

Oh, how time flies! It seems that the whole story of Zero Trust as a revolutionary concept for designing computer networks began just yesterday, but it’s been over a decade already. In fact, the very idea that was later somewhat awkwardly named “de-perimeterization” was…

The Evolution of Access Control

The purpose of an identity management system is to support access control to an organization’s sensitive systems and protected resources. Contemporary access control has progressed from static entitlements, still used in many organisations. Not only manual interventions are necessary…

The Non-Zero Elements of Zero Trust

The ongoing SolarWinds incident illustrates that the much-lauded Zero Trust security paradigm is, in fact, based on trust. Zero Trust is about authenticating and authorizing every action within a computing environment. It is putting the principle of least privilege into action. In an ideal…

Making Zero Trust Work With the NIST Framework

There’s lots of hype around Zero Trust Security in the context of our changing mobile and cloud-centric working environments. Moving towards a modern and agile Zero Trust security concept is essential in today's mobile first, work-securely-from-anywhere world.

Feb 17, 2021: Making Zero Trust a Reality

Join the KCLive Event on Zero Trust on February, 17, 2021 to gain expert insights that help you to successfully implement Zero Trust in your organization.

Ivanti’s Zero Trust Journey

Ivanti has completed its acquisition of MobileIron and Pulse Secure. Ivanti, headquartered in Salt Lake City, had its roots in desktop management (LANDESK), evolved into endpoint and patch management, and had added full IT asset, service, and workspace management, as well as IAM…

Zero Trust for the Workforce

While the concept of zero-trust networking is nearly a decade old, the last few years have seen its popularity in industry discussions grow exponentially.

Analyst Chat #56: The Project Road Towards Zero Trust - What to Do and Where to Start

This podcast has already looked at the Zero Trust concept as a challenging architectural paradigm for security and an important component of modern and future-oriented security architectures from various angles. This time Christopher and Matthias focus on a phased project approach towards…

Analyst Chat #55: What Keeps Organizations From Adopting Zero Trust

The Zero Trust concept comes with the promise to adequately secure our modern, hybrid IT world at any time and any place. Manufacturers, consultants and even analysts agree as rarely as they do that this changed architectural paradigm is an important component of modern and future-oriented…

The Interplay between Zero Trust and IAM

Martin Kuppinger and Danna Bethlehem, Director of Product Marketing at Thales discuss their perspectives on the interplay of Zero Trust and Identity and Access Management.

Jan 26, 2021: The Evolution of Access Control

The purpose of an identity management system is to support access control to an organization’s sensitive systems and protected resources. Contemporary access control has progressed from static entitlements, still used in many organisations. Not only manual interventions are necessary to…

Data-Driven Decision Making for Identity Security

Symantec Enterprise: With more informed decisions comes more automated security. In today’s Zero Trust world, where the principle of least privilege is ubiquitous, enterprises are struggling to balance security while simultaneously enabling a highly agile business environment. There…

Dec 16, 2020: Making Zero Trust Work With the NIST Framework

There’s lots of hype around Zero Trust Security in the context of our changing mobile and cloud-centric working environments. Moving towards a modern and agile Zero Trust security concept is essential in today's mobile first, work-securely-from-anywhere world.

Dec 01, 2020: Zero Trust for the Workforce

While the concept of zero-trust networking is nearly a decade old, the last few years have seen its popularity in industry discussions grow exponentially.

Analyst Chat #41: NIST’s Zero Trust Architecture

John Tolbert and Matthias Reinwarth look at SP 800-207, the NIST special publication on Zero Trust architecture and discuss how it aligns with KuppingerCole's own vision of this topic (spoiler: it does align very well!)

A Look at NIST’s Zero Trust Architecture

NIST, the US National Institute for Standards and Technology, recently released SP 800-207 Zero Trust Architecture. The NIST special publication examines the principles of and motivations for ZTA, as well as implementation considerations, security concerns, and suggestions for improvements…

We Need to Talk About Passwords – Urgently!

Passwords have been used for authentication for decades and continue to proliferate. Yet we know they create friction for users, slow down business productivity, and are a weak form of user authentication. Users are always forgetting them or use weak passwords that are easily cracked by…

Jul 28, 2020: We Need to Talk About Passwords – Urgently!

Passwords have been used for authentication for decades and continue to proliferate. Yet we know they create friction for users, slow down business productivity, and are a weak form of user authentication. Users are always forgetting them or use weak passwords that are easily cracked by…

Analyst Chat #18: Zero Trust from the Cloud

Matthias Reinwarth and Alexei Balaganski look at the potential alternatives to VPNs and security gateways.

KuppingerCole Analyst Chat: Zero Trust as a Concept for … Trust and Security

Matthias Reinwarth and Martin Kuppinger dispel a few myths about Zero Trust.

Analyst Chat #15: Zero Trust as a Concept for … Trust and Security

Matthias Reinwarth and Martin Kuppinger dispel a few myths about Zero Trust.

Access all Apps with Azure AD: A Single Identity Solution for Secure Access

Most businesses already rely on Azure Active Directory for secure, seamless access to Microsoft services like Office 365 and Azure. But with more applications being used than ever before, organizations are asking themselves what bigger role Azure Active Directory can play in securing their…

Zero Trust Paradigm for the Future of Security

Martin Kuppinger explains the meaning behind the popular buzzword.

Zero Trust Paradigm for the Future of Security

Martin Kuppinger explains the meaning behind the popular buzzword.

Apr 29, 2020: Access all Apps with Azure AD: A Single Identity Solution for Secure Access

Most businesses already rely on Azure Active Directory for secure, seamless access to Microsoft services like Office 365 and Azure. But with more applications being used than ever before, organizations are asking themselves what bigger role Azure Active Directory can play in securing their…

What Does the Future Hold for Passwordless Authentication and Zero Trust?

Enterprises of all types face a growing number of cyber threats today. Studies show that most data breaches begin with compromised passwords. Moreover, password management is expensive and not user-friendly. Enterprise workforce users are driving the consumerization of IT. They want the…

Mar 05, 2020: What Does the Future Hold for Passwordless Authentication and Zero Trust?

Enterprises of all types face a growing number of cyber threats today. Studies show that most data breaches begin with compromised passwords. Moreover, password management is expensive and not user-friendly. Enterprise workforce users are driving the consumerization of IT. They want the same…

The Passwordless Enterprise: Building A Long-Term Zero Trust Strategy

“The password is dead.” We have heard this statement for at least a decade, yet even in 2019, data breaches based on stolen user credentials continue to dominate the headlines. Why do passwords so stubbornly refuse to die?

Jul 11, 2019: The Passwordless Enterprise: Building A Long-Term Zero Trust Strategy

“The password is dead.” We have heard this statement for at least a decade, yet even in 2019, data breaches based on stolen user credentials continue to dominate the headlines. Why do passwords so stubbornly refuse to die?

Building Trust by Design

Trust has somehow become a marketing buzzword recently. There is a lot of talks about “redefining trust”, “trust technologies” or even “trustless models” (the latter is usually applied to Blockchain, of course). To me, this has always sounded……

Solving New Authentication Challenges While Finding Parity Between User Experience and Security

In an increasingly hostile world, where you don't know who to trust, companies still need to be able to deliver trusted, personalized experiences for users, without making them jump through hoops to prove who they are.