KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Compare solution offerings and follow predefined best practices or adapt them to the individual requirements of your company.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
Join Matthias Reinwarth and Senior Analyst Mike Small in a quick chat on the evolution of Cloud Security Posture Management (CSPM). They discuss its proactive approach, the challenges in implementation, and the role of overarching platforms like Cloud Native Application Protection Platforms (CNAPP). Mike shares insights for smaller organizations and highlights the impact of geopolitics and AI on cybersecurity. Don't miss cyberevolution in Frankfurt this November for deeper insights.
Mike Neuenschwander, Vice President at KuppingerCole in the U.S. and Global Head of Research Strategy, recently had some thoughts about passwordless authentication and wrote a blog about it. Today, he joined Matthias for further discussion about that topic, delving deeper into entropy and how it applies to passwords, and his 2nd Law of AuthN Dynamics.
In this episode, host Matthias and guest Warwick Ashford dive into the EU's Digital Operational Resilience Act (DORA). They discuss its impact on the financial sector's cybersecurity and operational resilience, focusing on key objectives and challenges. The conversation also covers practical aspects like ICT Risk Management, third-party risks, operational resilience testing, and cyber threat intelligence sharing. A must-listen for IT professionals navigating DORA's complexities.
In this episode, host Matthias Reinwarth is joined by guest Alexei Balaganski to discuss the implications of quantum computing for cybersecurity. The conversation covers the fundamentals of quantum computing and its distinction from classical computing. They also address the immediate and potential threats that quantum computing poses to existing cryptographic systems. The episode further explores the state of quantum-resistant encryption methods and the concept of cryptographic agility. The advancements in quantum cryptography are also discussed.
Today, host Matthias and expert Alejandro Leal discuss the dynamic realm of Access Management. They'll touch on its evolution beyond traditional capabilities, the intertwined nature of Access Management and Identity Federation, and the industry-wide shift driven by Covid-19 towards modern solutions. As passwordless authentication and decentralized identities rise, the duo will highlight the potential for innovation and cost-saving in this space.
In this episode, Matthias sits down with Nitish Deshpande to cover the intricacies of 'Securing the Autonomous World by Reinforcing Cybersecurity.' From understanding the challenges posed by automation to the cybersecurity landscape, to the pivotal role of humans amidst rising automation, Nitish offers invaluable insights. They discuss the complexities of training data for ML models, the verification of these models, and the ever-evolving nature of cybersecurity. Nitish also sheds light on the significance of contextual understanding in automation and shares his vision for the future of cybersecurity in an increasingly autonomous world. Finally, Nitish provides his top recommendations for fortifying cybersecurity infrastructure in this dynamic era.
Read the blog
Dive into the world of Privileged Access Management (PAM) and its significance in today's rapidly evolving security landscape with Lead Analyst Paul Fisher and Saviynt's Chris Owen. They explore the challenges organizations face, customer expectations, and the need to reset aspirational goals. Discover the shift towards zero standing privilege, just-in-time access, and the convergence of identity and PAM solutions. Learn about the future of PAM, the role of cloud infrastructure entitlement management, and how user experience is becoming a critical factor in PAM adoption.
In the latest episode of Kuppinger Analyst Chat, host Matthias sits down with KuppingerCole's CEO Berthold Kerl and the Director of the Practice Cybersecurity Christopher Schütze to discuss the upcoming cyberevolution event.
Berthold Kerl highlights the event's unique positioning, emphasizing its blend of evolutionary continuity with revolutionary tech disruptions. Set in the heart of Europe, cyberevolution focuses on future predictions, current innovations, and the essence of collaboration. Berthold also mentions a diverse attendee list, from over 30 CISOs to students, spanning continents from Europe to Africa.
Christopher Schütze touches on AI as the event's central theme and describes various formats, including keynotes, panels, and interactive workshops. He also introduces the Capture the Flag segment, providing insights into its competitive nature. Berthold spotlights the Pitch Night and its competitive spirit, while Christopher highlights workshop topics like ChatGPT and Ransomware Simulation.
In conclusion, Berthold articulates cyberevolution's vision: to complement global conferences like RSA by converging innovation, business resilience, and policy in Europe.
Alexei Balaganski and Matthias discuss the current state and future of AI in cybersecurity. The conversation explores the role of AI, machine learning, and deep learning in bolstering cybersecurity defenses against evolving threats like malware, ransomware, and phishing attacks. Discover the practical applications of AI, its limitations, and the cautious optimism surrounding its potential impact on the cybersecurity landscape.
Read Alexei's blog here.
Join John Tolbert, Director of Cybersecurity Research at KuppingerCole, in this insightful episode featuring George Tarasov, Product Manager at Qrator Labs. Explore the world of multi-vector DDoS attacks and bot detection as they shed light on the increasing complexities and challenges faced by organizations. Learn about the evolution of multi-vector attacks, the rise of bad bots, and the strategies used by attackers to overwhelm target companies. Discover key insights and mitigation techniques to fortify your defenses against these sophisticated threats.
In this episode of the Analyst Chat podcast, host Matthias Reinwarth invites cybersecurity expert Martin Kuppinger to discuss access control tools for business application environments. They focus on two Leadership Compasses authored by Martin, which provide a comprehensive overview of the market for access control solutions centered around SAP and non-SAP systems.
Martin shares insights on market segments, vendors, product functionality within the access control landscape. They explore innovative approaches to enhancing security, such as access restriction and controlling break-glass access. Furthermore, Martin and Matthias also explore the organizational aspects of access governance in dynamic LoB application environments. They discuss the challenges that arise when transitioning between new vendors, adopting SaaS solutions, and managing access control in multicloud environments.
Join Matthias as he delves into the world of deep fakes with Research Analyst Alejandro Leal. Deep fakes are manipulated media that can be difficult to distinguish from real footage, posing threats in remote identity proofing attacks and disinformation campaigns.
Alejandro discusses the challenges of detecting and countering deep fakes, emphasizing the need for a multifaceted approach involving media forensics, machine learning, public awareness, and policy developments to mitigate the associated risks.
In this episode of the KuppingerCole Analyst Chat, host Matthias Reinwarth continues his conversation with guest research analyst Marina Iantorno to discuss the evolving landscape of artificial intelligence (AI) in cybersecurity. They delve into how attackers are leveraging AI to exploit system vulnerabilities and execute targeted attacks.
The conversation also covers the risks associated with AI manipulation by cybercriminals, including the creation of deepfakes. The duo explores the potential of AI in cyber defense, highlighting its role in threat identification, incident response, and predictive threat intelligence.
They also discuss the challenges in implementing AI-based cybersecurity solutions, emphasizing the importance of human expertise in this domain. Regulatory and legal implications of using AI in cybersecurity are also addressed. Finally, they provide practical advice on how businesses and individuals can protect themselves from AI-driven threats.
In this episode, Matthias engages in a conversation with Senior Analyst Warwick Ashford about the future cybersecurity landscape and threats. They discuss the notion that there's "nothing new under the sun" in cybersecurity, exploring how attackers use familiar tools and techniques in new ways. They emphasize the importance of understanding the evolving technology landscape and expanding attack surfaces.
The discussion also covers strategies for organizations to protect themselves, achieve cyber resilience, and foster collaboration within communities. Attendees of the upcoming cyberevolution event in Frankfurt will have the opportunity to delve deeper into these topics and gain valuable insights into securing emerging technologies. Don't miss this engaging conversation on future cybersecurity threats and the need for a collective approach to defense.
In this episode of the KuppingerCole Analyst Chat, host Matthias and guest Marina Iantorno discuss the risks of deepfakes and the ethical challenges and biases in AI-driven cybersecurity.
They explore AI ethics, which includes the importance of fairness, explainability, robustness, transparency and privacy in AI systems. They look at issues of algorithmic bias in AI and the cybersecurity threats posed by deepfakes. Beyond the fundamentals, they discuss mitigation strategies, which are techniques to reduce bias and counter deepfakes, including diverse datasets and adversarial training.
They highlight the role of industry, academia, society and regulators in addressing these challenges and promoting ethical AI practices. The episode emphasizes the need for a multi-pronged approach to create a safe and inclusive cybersecurity environment.
In this podcast episode, Christopher Schütze and Matthias explore the Strategy Navigator by KuppingerCole Analysts, a lean and efficient advisory service designed to tackle common challenges faced by cybersecurity leaders.
Learn how it can help optimize your cybersecurity portfolio, increase IAM efficiency, and guide your organization towards a modern Target Operating Model. We discuss the benefits of expert-led workshops, targeted information, and personalized coaching, all aimed at driving impactful action and ensuring robust protection for your organization. Leverage the strategy navigator to discover how to navigate the path towards Zero Trust or to modernize your infrastructure in a multi-hybrid world.
Learn more about our Advisory Services.
In the episode of the KuppingerCole Analyst Chat series, Martin Kuppinger and host Matthias engage in a detailed discussion about the challenges associated with the integration of Identity Governance and Administration (IGA) into identity management systems based on on-premises Active Directories.
They dissect the structural and deployment aspects of Active Directories, highlighting how these often conflict with contemporary access governance paradigms. Martin explains why these contradictions can make the overlay of IGA on Active Directories extremely challenging, if not entirely unfeasible.
Join host Matthias and expert guest Alexei Balaganski in this episode of the KuppingerCole Analyst Chat. They discuss the recently updated Open Web Application Security Project (OWASP) API Security Top 10 guidelines and the shifting landscape of web security, highlighting the critical role of APIs.
In addition, they emphasize the importance of Identity and Access Management (IAM) in securing APIs effectively. Tune in for valuable insights into API security, web security, and the significance of IAM.
This episode's guest is Marina Iantorno, Research Analyst at KuppingerCole, who is talking about the highlights and key topics discussed at the European Identity and Cloud Conference (EIC) 2023.
Matthias and Marina discuss subjects such as identity and cybersecurity, trust and protocols, privacy and data protection, ethics in identity and machine learning, and the role of generative AI. Marina shares her experience as a speaker and panel moderator at the conference and provides insights into the trends and future of identity access management, cyber insurance, and decentralized identity.
Marina's and Martin's Research Study (free download)
Entdecken Sie die Bedeutung von IT Service Management und wie es Ihr Unternehmen voranbringen kann. In diesem Video teilen Bert Kondruß von der USU AG und Martin Kuppinger wertvolle Einblicke über die Lösungen von USU und den Mehrwert von Software as a Service (SaaS). Optimieren Sie Ihre IT-Services und erreichen Sie Ihre Unternehmensziele schneller.
Matthias invites John Tolbert to discuss Fraud Reduction Intelligence Platforms (FRIP) with him. Discover the evolving landscape of fraud prevention and detection, the key technologies used in FRIPs, and their broader applications beyond fraud reduction.
Gain valuable insights from the latest edition of KuppingerCole's Leadership Compass and explore how these platforms are shaping the future of identity assurance and security.
Join Matthias Reinwarth, Director of Identity and Access Management, and Nitish Deshpande, Research Analyst, as they delve into one of the most critical challenges faced by organizations today: visibility. Discover why organizations struggle with understanding user access and the potential risks of this lack of visibility.
In this episode, they explore the key capabilities of access governance, such as access review, certification, risk management, request management, and analytics, and how these capabilities enable organizations to gain comprehensive visibility into their assigned accesses. Don't miss this insightful discussion on enhancing control and mitigating risks through effective access governance.
Graham Williamson, Fellow Analyst with KuppingerCole, shares his insights and expertise with our host Matthias Reinwarth as they discuss the lessons learned from Graham's research on secrets management. They also explore the concept of "Machine Identity" and why it's important for businesses to understand. Finally, they discuss how companies can best utilize the information presented in Graham's research to improve their secrets management strategies.
The European Union’s regulation on Digital Identity, eIDAS, is currently being overhauled to adopt decentralized identity principles. The goal is to provide all citizens and residents across the EU with highly secure and privacy preserving digital wallets that can be used to manage various digital credentials, from eIDs to diplomas to payment instruments. Decentralized identity principles aim at giving freedom of choice and control to the end-user. Ensuring security and interoperability, however, will be challenging — especially in the enormous scale in terms of users and use cases the EU is aiming at. The choices made in eIDAS will have a huge impact on digital identity in the EU and beyond.
The so-called “Architecture and Reference Framework” (ARF) defines the technical underpinnings of eIDAS v2. Many experts from the member states and the Commission have been working on this framework over the last year, trying to select the best combination of technologies and standards out of the enormous number available in the market today. This talk will introduce the ARF and explain what architectural patterns and technical standards are adopted and how the challenges mentioned above are addressed in order to leverage on the vision of the eIDAS v2 regulation.
In 2005, Kim Cameron excitedly told me about digital identity and set my life on a course to “Build the Internet’s missing identity layer”. In this talk I’ll tell key stories from my identity journey – stories of the people, ideas, and lessons learned along the way. I’ll speak of technology and collaboration, usability and business models, solving problems people actually have, and building new ecosystems. Come with me on this journey of exploration, trials, triumphs, and humor as I recount touchstones of the human endeavor that is digital identity.
From digital identity to full scale digital trust, this session is perfect for anyone new to identity, as well as identity professionals who are trying to get a handle on what decentralization is all about and why it is so important for Internet-scale digital trust.
In this session, we will cover a brief history of how the identity landscape has gone through an evolution from the dreaded username and password, through centralized, federated and social logins, to now the need for decentralized solutions that support digital trust for both human and objects.
We will explain the various actors involved in a decentralized identity trust triangle, what role technology plays (e.g., digital wallets and digital credentials), and how governance of an ecosystem fits in to create the trust diamond. We will discuss various technical components that may be employed and what is required — and more importantly what is not? We will also present how decentralized trust solutions can support the trust of objects that have nothing to do with human identity, but are necessary to create a digital trust landscape that enables digital transactions to happen seamlessly, efficiently, and automatically.
We’ll also touch on how the traditional identity solutions and emerging decentralization can co-exist in context appropriate settings.
You heard about Verifiable Credentials and decided to learn more. You found some stuff online, but despite knowing your way thru identity, you still can't really tell how they work in practice (wallets? presentations?) or how the boldest claims (no more centralized DBs! Apps cannot save PII!) will play out. This session will dive into VCs and separate the hype from their true, remarkable potential.
In 2022, several standards organizations and open source groups made great progress defining protocol specifications and code for the issuance of digital credentials. In this session, learn about and discuss some of the emerging issuance protocols, and compare their features, capabilities and trade offs.
Companies today are being faced with business-critical yet seemingly conflicting topics; how to build trust, loyalty and personalized experiences that fuel growth in a world of fading cookies and GDPR. There has never been more urgency than now to focus on strategy and technology to meet the demands of the privacy-conscious consumer. The collection of data and its management is core to this challenge, but current identity methods are missing the opportunity to solve it with legacy approaches and risk-based thinking. At IndyKite, we believe that facing this mounting challenge requires us to make leaps in both our thinking and technology implementations. Join us as we challenge the current operating state and discuss what the world might look like when we have the tools to power a truly customer-centric ecosystem - one where consumer data ownership and personalized services that fuel growth are no longer at odds.
The act of identifying oneself to a website or service is a ceremony so common that we don’t often pay attention to it. The muscle memory we have built up over years of performing this ceremony over and over, day after day, obscures both potential changes to this not-always-so-simple act and ways we could make these ceremonies easier and more effective.
In this talk, Ian Glazer, will:
In this episode, Martin Kuppinger and Matthias are discussing the business case for decentralized identity, and why it is finally gaining traction in the enterprise world.
They are exploring the benefits of using decentralized identity for employee onboarding, especially in the context of remote work. They look at the importance of trust and the full lifecycle management in the decentralized identity ecosystem, and how it can lead to more secure and efficient business processes.
This topic is particularly relevant for the upcoming EIC, where experts and thought leaders will be gathering to discuss the latest trends and developments in digital identity. Join KuppingerCole as we explore the world of decentralized identity and its impact on the future of business.
In this video, Anders Askåsen of Okta and Martin Kuppinger, Principal Analyst at KuppingerCole Analysts, discuss the lessons that organizations can learn from the financial services industry on compliance and multi-factor authentication (MFA). They focus on DORA and NIS, upcoming regulations that will impact the financial services industry and other organizations. They discuss the need for strong MFA and the importance of context in authentication. They also explore what other industries can learn from the financial services sector's experience.
Graham Williamson and Matthias explore the world of authentication strategies and the impact of FIDO2. They are discussing why shifting left in our authentication strategy is essential and how FIDO2 can help achieve this. They also delve into the impact that FIDO2 holds for enterprise authentication environments and give their predictions for FIDO2 authenticator devices.
Matthias is joined by Marina Iantorno in this episode to discuss the trends and predictions for IGA beyond 2023. Marina sheds light on the diverse market segment through KuppingerCole's analysis of the market and provides valuable insights into its evolution.
In a world where data breaches are becoming more and more frequent, keeping data secure has become an increasingly challenging task. Join Matthias and Alexei Balaganski in this episode as they delve into the current market trends and existing vendors in the data security industry. The discussion delves into a crucial aspect of enterprise data security architecture, including the best alternatives for safeguarding data, covering everything from security control over stored data to the fundamental network infrastructure. Tune in to learn more about keeping your data secure in 2023.
In this episode, Matthias is joined by Paul Fisher to delve deeper into the sub-series on Trends and Predictions for 2023 and beyond. The world is constantly evolving and a lot has changed and is still changing in the PAM market, which is expanding and undergoing significant transformation. Paul offers insights on the current trends for Privileged Access Management, the significance of CIEM, and the impact of mergers and new players in this crucial market segment.
All things PAM:
Protecting data is a responsibility for any company, regardless of whether it is considered their most valuable asset or not. Data loss can occur due to human error or malicious intent, emphasizing the need for comprehensive protection measures. In this episode of the Analyst Chat, Warwick shares insights into effective Data Leakage Prevention systems and highlights key methods for safeguarding data.
The topic of passwordless authentication holds immense significance in today's digital landscape. Security experts believe that passwords comprise a significant weakness in security and advocate for their elimination. However, does the elimination of passwords guarantee the ultimate solution?
André Durand states that passwordless authentication is not the Holy Grail but the next evolution in the user experience of authentication. Join André and Martin in their thought-provoking discourse about the next steps after passwordless authentication.
In the ongoing Analyst Chat sub-series, Matthias and Martin delve deeper into the topic of Trends and Predictions for 2023 and beyond, focusing on the critical concept of Policy Based Access Control (PBAC). Martin highlights the significance of well-defined policies for ensuring robust cybersecurity and access control, laying the groundwork for a robust zero trust approach.
Get ready to hear a new take on generative pre-trained transformers! This week, Matthias sat down with Jörg Resch, Co-founder of KuppingerCole Analysts, to discuss the exciting possibilities of ChatGPT. Unlike Alexei, Jörg is an avid user and firm believer in the positive impact that these technologies can have on our daily lives and work. While acknowledging the risks involved, Jörg advocates for a balanced and creative approach to the potential of generative AIs. Brace yourself for a thought-provoking conversation that may just change the way you view the future.
Matthias and Martin continue their sub-series of the Analyst Chat about Trends and Predictions in 2023 and beyond. This time, it’s about Passwordless Authentication. Martin elaborates on the importance of Passwordless Authentication for the whole Access Management process. Companies should implement a passwordless authentication solution soon to get rid of poor user experience and security risks.
Everything we do in the digital world, is done by our digital representation of the physical world. Asanka Abeysinghe of WSO2 invented the idea of the "digital double" - a replication of people and things in a digital ecosystem.
He is a guest on our videocast and discusses with Martin Kuppinger how the digital double can become a reality, its benefits and how it relates to consumer identity management.
In this podcast episode, Alexei Balaganski and Matthias discuss the increasing use of ChatGPT and other machine learning-based technologies in research and the potential risks associated with their use. Alexei offers a strong opinion on the topic, describing the risks of plagiarism and lack of originality that can result from over-reliance on automated tools. He argues that human analysts provide invaluable opinions and genuine research that cannot be replicated by machines. He strongly discourages their use and reliance, and encourages the creativity and innovation of human researchers.
In this podcast episode, Martin Kuppinger and Matthias explore the upcoming trend of IGA (Identity Governance and Administration) solutions to have an increasing level of integration with Data Governance and Software Security products.
The integration of these solutions will provide a comprehensive coverage of ownership not only of systems and authorization objects, but also of data and code, ensuring a complete chain of custody. They delve into the importance of this integration, the benefits it offers, and how it will help organizations manage their identities and data more efficiently and securely. They also discuss the potential challenges and considerations that organizations need to be aware of while integration these solutions.
With the rapid expansion of IT environments, adoption of the cloud, and the ongoing Digital Transformation, the need to provide secure access to organizational resources has become paramount. Secure Access Service Edge (SASE) solutions are designed to consolidate network and security components, simplify management and licensing, and improve usability.
SASE is the union of a number of different networking and security technologies designed to improve security posture as well as connectivity for remote offices, cloud services, contractors, and remote employees, while driving down the cost of connectivity. John Tolbert is a guest in the Analyst Chat again and will give us some insight into this topic.
Cyberattacks have been intensifying over the past few years as cybercriminals continue to devise new strategies to launch sophisticated attacks and gain unauthorized access. The tactics, techniques, and procedures (TTPs) that were once only used by well-funded state actors are being commoditized by cybercriminals. As a result, some vendors realized that the traditional approaches and tools of cybersecurity have failed to keep up.
Parallel to SIEM solutions, a class of incident investigation and response platforms has emerged focusing on creating more streamlined and automated workflows for dealing with security incidents. Security Orchestration, Automation, and Response (SOAR) products are the latest iteration of this evolution. SOAR vendors provide solutions that offer centralized coordination, collaboration, and management for forensic analysis and incident response.
Sometimes a company comes to a point where new software or a new tool is required. This is never an easy decision to make quickly.
Dr. Phillip Messerschmidt has worked with many different clients who have found themselves in this situation. He will explain five of the most common misconceptions and problems he has encountered in his experience - and offer some recommendations on how to avoid them.
Is digital data really every organization's most precious possession, its "crown jewels"? Alexei Balaganski takes a different perspective towards a widely accepted opinion. He instead claims that data is not your most valuable asset. In fact, it can be a toxic liability without intrinsic value, since business value is only created when data is moving or transforming, producing insights, analytics, etc.
Who has not heard of the statement that "Data is the new Oil". But oil needs to be refined and so does data. The challenge of gathering, integrating, cleansing, improving, and enriching data across the complete range of data sources in an organization, for enabling use of that data as well as enabling data governance and supporting data security initiatives, that is the topic of this episode. Martin Kuppinger joins Matthias and explains this market segment and its relevance on the occasion of the publishing of a new Leadership compass covering "Data Quality and Integration Solutions".
Discover and Compare Cybersecurity Solutions for Free
Optimize your decision-making process with the most comprehensive and up-to-date market data available.
Configure your individual requirements to find the right vendor for your business or follow the best practice recommendation of an unbiased research analyst.
Passwordless Authentication coming in Q1 2023!
Learn more: https://go.kuppingercole.com/open-select
The PAM market is changing and expanding. Paul Fisher talks about the latest trends for Privileged Access Management, the role of CIEM, mergers and newcomers in this important market segment.
A new year brings along a new service from KuppingerCole Analysts. Our host Matthias sits down with Christie Pugh, Digital Products Manager to discuss KC Open Select, our new interactive shortlisting service, the concept behind it, how it helps you prepare for the future, how it compares to our Leadership Compasses, and more.
The landscape of solutions in a market segment can be overwhelming. KC Open Select helps you to get a clearer overview of the market for free. Check it out now!
Trust no one, always verify. We know that Zero Trust phrase already. But this principle is rather abstract - how and where exactly should we do that? Martin sits down with Jackson Shaw, Chief Strategy Officer at Clear Skye to discuss one very important part of Zero Trust: Identity and Access Management. Because you can only verify what or who you know - they need an identity to get access.
