KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Compare solution offerings and follow predefined best practices or adapt them to the individual requirements of your company.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
Results from a recenty published KuppingerCole Leadership Compass on Consumer Identity and Access Management Platforms
When organizations start looking at managing consumer identities in a more consistent, integrated way, they quickly observe the challenge that many parties are involved. Sales owns the CRM, marketing might own the consumer-facing web-sites and apps, while the Information Security or a dedicated IAM (Identity and Access Management) team will claim the responsibility for technically managing identities, their authentication, and their access. And when we start talking about KYC, Corporate Audit also comes into play. Not to forget the Chief Digital Officer (CDO) and some other parties. To succeed with Consumer Identity Management, CIAM, and KYC, organizations need to define responsibilities and rethink their organizational structures. They have to make decisions, both at the organizational level and at the technical levels. Decisions bear consequences. Splitting Enterprise IAM and Consumer IAM might lead to disparate, complex-to-integrate IT environments, but might bring the agility needed in the Digital Transformation. Having too many stakeholders might result in slowdowns of projects, killing the agility you need in the Digital Transformation. Lacking an integrated approach might result in security and compliance risks as well as overly high investments into technology.
Potential advantages of cloud services over on-premise solutions, like cost savings and higher resilience, are even more significant when it comes to large scale use cases like managing your customers´ identities. In this talk, Kim Cameron guides you through experiences and conclusions from a number of recent implementations and provide you with insights on how CIAM will evolve over the coming years.
Azure AD is here. It can act as a domain controller. It helps you managing your partners. It is ready-made for managing your customers. The application proxy builds the bridge back to your on-premise applications. That raises an important question for all organizations running AD on-premises: What is the future role for on-premise AD? What is the right strategy? Who can and should get rid of on-premise AD now or in the near future, who should focus on a hybrid strategy? Where is the overlap?
Security breaches and cyber attacks have become a daily occurrence. Worse, in some cases it can take an organization months to realize they’ve been breached. Open the pages of the latest breach forensic report and you will find a litany of basic IAM errors that read like a horror story. Many companies are missing the basic IAM best practices that can help prevent, detect and mitigate attack. In this session, SailPoint's CTO Darran Rolls presents the anatomy of a typical cyber attack and explains where and how IAM controls should be applied to better enable close-loop cyber protection for enterprise systems. You may not be able to prevent an attack, but you can minimize the damage and your exposure.
This session looks at the responsibilities and liabilities of organisations involved in the ‘smart manufacturing’ process both internally (e.g. towards employees) and externally (e.g. other organisations, suppliers, consumers, the environment) and at the difficulties of attributing liability in a complex web of stakeholders that might include cloud service providers. We also discuss the importance of contractual and non-contractual liability as well as statutory and common law liability, including fault-based and strict liability. This session also looks at why these legal questions are important and at potential ways to clarify issues of attribution of liability in Industry 4.0.
In most cases, the terms Industry 4.0 and Industrial Internet of Things (IIoT) are used interchangeably. But these two terms, though referring to similar technologies and applications, have different origins and meanings. Industry 4.0 is focused specifically on the manufacturing industry and the goal of ensuring its competitiveness in a highly dynamic global market. The IIC is more focused on enabling and accelerating the adoption of Internet-connected technologies across industries, both manufacturing and non-manufacturing. That’s why it’s important to understand the differences between Industry 4.0 and the "Industrial Internet of Things" and where our mindset and approaches best fit.
What often gets overlooked in the conversation on cloud security is the subject of “deletability" of cloud data. During this session our expert panel explore the topic of whether cloud data that is “deleted” by an end-user is actually completely removed from the cloud? By end-user we mean the consumer and the cloud administrators.
The idea of this trends & innovation panel is to give each panelist the opportunity to tell the audience what company or companies out there are doing something innovative, what it is, why it is important and why the audience should care track the company. For example, one of the panelists might talk about how the perimeter is disappearing and it’s important to be thinking about governance, security and privacy for cloud properties like Salesforce, Workday, etc. The only restriction on panelists is that they are not allowed to talk about their own products or products from anyone on the panel.
How is trust established without trusted third parties? Although it is not possible to offer a prediction of how distributed ledger technology with change society, the assertion that new and publically-accessible technology such as the internet, file sharing and social networks would empower individuals and lead to a more transparent and equitable society has been made before. While the advent of the internet has led to unparalleled global communication capabilities, it has also allowed for a situation of total, mass surveillance. The blockchain offers a trustless information security model, replacing human judgement with proof-of-work algorithms and perimeter security with total transparency.
One of the most promising use-case for distributed ledgers in financial services is the implementation of compliance and risk management solutions. In this session, we will analyze how the blockchain technology can be used to build trusted registries of identity and ‘know your customer’ data about individuals or companies, with concrete examples. We will also highlight the difficulties of such approaches and discuss the possible scenarios of evolution in this domain.
For the last few months, every day there has been a new announcement of a major corporate (successfully ?) trialing blockchain technology in a Proof-of-Concept. For anyone outside of the blockchain space and hype, it has become difficult to discern the signal from the noise. We give a brief introduction into the true technical innovation of these open multi-user platforms and present several use cases where businesses can benefit: From IT security to data privacy to IoT.
Blockchain is not yet ready to support industrial use cases. In this panel session we discuss the requirements across industries and how to improve and accelerate the maturity of this shared ledger technology through an open and coordinated approach.
Recent research estimates that there are 1.5 billion individuals who do not have any means to prove their legal identity. Failing states lacking to perform even the most basic administrative tasks, supressed ethnic groups, and of course all those who have to flee their home due to conflicts or disasters.
New thinking is required to make identification available to all humans, and to help refugees and displaced people to cross borders and to apply for asylum. In this panel discussion, we will try to outline a blockchain based supranational identity infrastructure under the roof of an organization like UN.
During the first part of the blockchain track at EIC 2016, we have learned a lot about the concept and technology of Blockchain Identity. In this session we build on this and have a look at what happens in different use case scenarios, if blockchain, the internet of things, identity and the need for privacy "collide". Has blockchain been the missing link to put the "platform" thought away from "Life Management Platforms" to make it a universally available privacy by design representation of humans in a digital world?
We are on the brink of a machine learning revolution in which computers won't just speed up existing security processes but enable the automation of processes and decisions too complex for the human mind to imagine. The machine-reengineering revolution will leverage powerful algorithms and the immense lakes of organizational data to drive changes in business processes that will fundamentally change the way security is managed. This session provides an overview of machine learning and big data technologies as they apply to Identity and Access Management.
In this session, find out how customer-obsessed businesses are increasing their audiences and creating trusted, customized experiences across devices and platforms in exchange for first-party data. We provide case studies of how leading brands are leveraging customer identity and access management (CIAM) to create personal relationships at scale while maintaining high degrees of data privacy and security.
Big Data meets Security: Analyzing systems logs to understand behavior has become one of the main applications of big data technology. Open source initiatives as well as commercial tools and applications for big data integration, collection and analytics become more important building blocks of cyber attack resilience through better collection and analysis of very large sets of log and transaction data, real-time analysis of current events and potentially also prediction of future behavior.
A large proportion of time spend securing IT systems involves managing user risk in a variety of guises. Balancing the need to be secure against the needs of users to be productive in their day-to-day activities is an on-going challenge. In this session I will show how you can deliver reductions in user risk without impacting their productivity. How IT Security can empower users to do more with less risk.
Last year we had our first discussion of risk and value related to IoT. Over the last 12 months we have gone from “What is this IoT?” to IoT becoming a driver of digital transformation. All of the major platform (PaaS) players have made IoT a key part of their strategies. In this session Jackson will highlight how the IoT landscape has changed from a risk & security perspective for both consumers and enterprises, how it is driving digital transformation and why it is even more important for you to be planning your IoT strategy now.
The Cloud is turning out to have important “emergent properties” – features not previously observed in computing systems, never imagined by cloud architects, and not yet widely discussed or understood. They will be key to determining which strategies prevail in meeting cloud era challenges. Kim Cameron discusses how this impacts the world of identity – leading to better applications and simpler identity solutions for people and things.
Blockchain technology is certainly at the peak of the hype cycle. In this keynote, Sebastien will give you the keys to understand the reality of blockchain beyond the myths and anticipate the next steps.
Privileged accounts have been at the center of each recent high-profile attack. This session will explain how hackers that successfully exploit these accounts are able to gain a privileged foothold, allowing them unfettered access to elevate privileges and move about the network freely without detection.
Axel Springer becoming a truly digital publisher and further investing in digital expansion. Meaning and selling of Identity and Access Management in a media company like Axel Springer. A way to bundle forces and gain buy-in from related parties and sponsors. Increasing importance of Identity and Access Management to manage cloud services.
It's all too easy to pretend to be someone else, whether it's organised crime, social engineers, hackers or paedophiles. The financial impact of this impersonation runs to 100's of billions of dollars per annum. As a result business costs increase, not only because of the increasing losses, transactional friction increases as do the processes that business implements to increase their level of trust.
Transitioning the NSTIC from the 2nd goal to the 4th and how we plan to finish the job, as, US President Barack Obama stated it, NSTIC was really a 10-year effort. In this keynote, Paul Grassi talks about modularization and performance-based standards, future proofing by leveraging a diverse marketplace, transition to the next phase of Connect.gov which will be moving from pilot to production, and landing high-risk, large user volume of transactions.
How many times do you change your hat per day? In the new age, the CISOs will change their roles as much as they can for making decisions about how to affront new risks. Compliance, Governance, legislation, data protection, cybersecurity, intelligence, cyberdefense, cyberfusion…. how can we deal with them?
In this keynote session, Christian Loeffler talks about: project conduction, architecture definition, IDaaS election and implementation,key challenges for business and IT, lessons learned.
We all understand that the concept of username/password to control access is insecure and out of date in a world where anything is connected and a new approach is needed. But how can we make the password obsolete?
KuppingerCole's Founder and Principal Analyst Martin Kuppinger provides his summary of this year's European Identity & Cloud Conference.
Thank you for attending the European Identity & Cloud Conference 2016. See you next year!
We see a development towards the open enterprise with multiple access points to critical information. At the same time, customers and consumers want to make sure their information is kept confidential and secure. As result, there is an increasing focus on identity and access management. Cyber security and data privacy have become an imperative for any organization.
Governments can use policy to drive market behavior. When it comes to the issue of Trust, those policies have been on the increase globally. The EU PSD2, Network and Information Security (NIS) Directive and General Data Protection Regulation (GDPR) combined with the US Cyber Threat Info Sharing are just some examples.
Don’t only survive the Digital Transformation. Become the Transformational Leader.
There rarely has been so much disruptive change driven by innovations in IT ever before. Distributed Ledgers and Blockchain are at the forefront of these changes and will massively impact the business models of many organizations, well beyond the Finance industry and FinTechs. IoT is becoming a standard element, closely connected to Smart Manufacturing and Industry 4.0. Again, business processes and business models will change massively in the hyper connected world.
The cloud is coming to your business, like it or not. With cloud-based systems come inherent challenges. These are further complicated as personal data subject to privacy regulation inevitably moves into the cloud. This combination, putting private information into the cloud, creates risk which must be understood and managed. Is data privacy in the cloud a business issue? We will de-mystify the complexity of cloud-based systems and their inherent risks, enabling appropriate technical and administrative safeguards to be put in place.
The European Identity & Cloud Awards honor outstanding projects and initiatives in Identity & Access Management (IAM), Governance, Risk Management and Compliance (GRC), as well as Cloud Security. Numerous projects have been nominated by vendors and end-user companies during the last 12 months. Winners have been chosen by KuppingerCole Analysts among the most outstanding examples of applications and ideas in the areas of IAM, GRC, and Cloud security. Do not miss this glamorous ceremony where KuppingerCole honors the winners of seven categories and one Special Award.
Security is as Security does. It is it’s own benefit and it’s own justification. We need to use shock and awe tactics to get the business to do what we want to ensure the security of the business.
Right?
NO! We are not the special flower of the business, we are just one part of it, working in harmony with the others. We help the business do more, better, and for less just like everyone else. So if we can’t shock and awe, and if we no longer have special privileges, how can we be more effective?
Trust always involves some level of vulnerability on the actions of another. When we trust others, we are relying on them and consequently we are making ourselves more vulnerable. A bit naively, some scholars argue that trust decisions are based on a cost/benefit analysis, which is maybe theoretically true but it rarely happens in real life. In reality, many other elements play an important role, and they are critical in the case of the blockchain. "In a wilderness of mirrors. What will the spider do?" (Gerontion, T.S. Eliot 1920)
New thinking is required with regards to identity management for forced migrants and the role supranational institutions can play to help solve some of the problems regarding aid distribution and settlement.
Tune in to PATECCOs interview with Martin Kuppinger in regards to managing Customer and Partner Identities in a hybrid world.
Listen to some Do’s and Don’ts out of previous projects.
Remember when we used to pay for a TCP/IP stack? It’s hard to believe that companies used to pay for networking stacks, but we did. And once network stacks became free, the networking profession didn’t die out… instead it flourished. Today, the identity industry is going through a similar transformation, one which will present a series of moments upon which we must capitalize.
When cyber attackers can bring down something as impactful as the power grid, the way we think about security needs to change.
Michael Kleist of CyberArk explains more.
People are the weak link in security. Most data breaches start with bad actors using stolen user credentials and this is fundamentally an identity problem. For too long Identity & Access Management has been viewed as silo often walled off from the security group but this must change. Now, more than ever Identity & Access Management must be viewed as a key security control that can help minimize and mitigate security intrusions.
Everyone operates on the risk-reward continuum. It's true for CEOs, CMOs, CPOs, CIOs...and consumers. What does this mean for each of them in a digitally connected world, when the lines have blurred not only between organization A and organization Z, but also between cars and clouds, washing machines and webs, cradles and cybernets? With new consent regulations, standards, and tools on the scene, now is the time to think strategically about solutions that don't force awkward compromises when it comes to privacy, business growth, and consumer trust.
It is probably the greatest group of current and former analysts with IAM focus from all around the world who will come together for this plenary panel at EIC 2016 and discuss the future of identity & access management in the Age of Digital Transformation, where agility is key and cyber threats increase pressure on the availability of solid and reliable identity services and processes.
The European Identity & Cloud Conference 2016, taking place May 10 – 13, 2016 at the Dolce Ballhaus Forum Unterschleissheim, Munich/Germany, is Europe’s leading event for Identity and Access Management (IAM), Governance, Risk Management and Compliance (GRC), as well as Cloud Security. For the 10th time KuppingerCole brings together exhibitors and more than 600 participants including most of Europe’s and the world’s leading vendors, end users, thought leaders, visionaries and analysts.
