KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
For over 12 years, Helsana used an IAM solution based on NetIQ Identity Manager, which was extended and adapted to individual needs. Not only did the system's maintainability suffer as a result, but its usability also no longer met today's expectations. A new, leaner and more modern system with SailPoint IdentityIQ should not only help to standardize the processes, but also offer the possibility to tackle old and new challenges in the field of IAM/IAG. It shows where Helsana was at the beginning of the project, where she is today and what the company has learned along the way.
The Internet of Things tends to mean different things to different people. This diversity of understandings makes it hard to pick up speed in joint efforts to improve the security of IoT. Fortunately, recent developments in international collaboration, particularly in standardisation initiatives, have started to bear fruits in this direction. This talk will introduce the landscape of standardisation IoT security, highlighting particular areas of technical significance to security and where improvements are challenging. In addition, areas where standardisation initiatives have been converging towards common goals - and making progress - will be identified and presented.
Too often those of us in the cybersecurity space get wrapped up in comparing, deploying, and managing point solutions. While this is a necessary consequence of both the fragmented nature of the market and the highly specialized nature of our work, sometimes we need to step back and look at the big picture. What kind of information am I charged with protecting? How can I discover and keep track of it all? What kinds of controls can I apply? How can data be protected in different environments, on different platforms, etc? We'll look at the various stages in the life and death of information and how to best manage and protect it.
The term Cyber sounds very attractive and everyone wants to use this term nowadays. Although many people talk about cybersecurity, however only some of them pay some attention to cybersecurity governance.
On the one hand, it is a challenge for top management to govern cybersecurity on the other hand it is challenge for internal audit to give an appropriate assurance on cybersecurity. Should Internal Audit give an assurance on cybersecurity – that is one of the most difficult questions? If yes – how? If not – who should?
Cybersecurity is more about people, management and risk management and less about technologies. Although there are plenty of important, highly recommended technical fixes, new tools and techniques to adopt and implement, however if organizations’ management do not show appropriate leadership, if organizations do not have appropriate structure and processes for cybersecurity governance, than these organizations will be victims of hackers today or tomorrow.
We see stories on data breaches every week, happening due to weak cyber security. Massive fines are issued based on GDPR, PCI, and consumer protection around the world. Proactive. fast & efficient handling of cyber security incidents is a key to survival for any organisation, but there are also costs that are rarely mentioned: the personal consequences for those affected by a data breach.
Voting is said to be the first of all citizens duties. No matter what is to be decided: Not voting is said to be a societal taboo.
Scandals around the world raise questions about the security of voting and election systems: Manipulations by election staff, inside jobs at polling locations and blatantly insecure systems. All this has been there since decades, but why does it happen again and again? What can be done to mitigate risk? And how can the current discussion about digital trust and privacy help identify solutions for the future? Acquire an in-depth overview of the key facts and challenges and how leading cybersecurity measures can help to address them.
There is no other computer related issue that affects more people globally and more frequently than passwords. We can easily authenticate
100 times day using pins, passwords, biometrics, cards and other technologies. At the same time we see time and again that weaknesses, vulnerabilities and flaws in these mechanisms are exploited to gain unlawful access to systems and data. New consensus on passwords & digital authentication exist, but a major challenge persist: how do convince everyone we've done passwords wrong for 30 years, and need to change everything? This talk will provide fascinating insights into the psychology & technology of passwords, with good advice, humor and the best news you have received in a very long time!
With the preview-release of Azure Sentinel, Microsoft has shifted some features from Azure Security Center to its new threat hunting solution. But how do all the security tools Microsoft offers nowadays integrate with each other? How can you find a way through this security jungle? And how do you make sure to have the right tools in place when it comes to protecting your IT environments and hunting threats?
Join cloud security expert and Microsoft MVP Tom Janetscheck for this demo-rich session to get all these questions answered and to learn how to protect your resources easily and efficiently.
Cybersecurity is by far no temporary fashion. The automotive industry now realizes the importance of cybersecurity for its organization and particularly for its products. However, a large gap exists between the requirements that result from new standards and the existing knowledge within the organization. This frequently results in diffuse solutions to establish required principles of cybersecurity. In this context, many enterprises still underestimate that cybersecurity needs to be applied along the entire product lifecycle. Due to this, many companies try to close the knowledge gap via new employees or external trainings and consultancies. In addition to a limited offer of specialists in this field existing concepts are often not solution oriented or do not solve the task holistically. For this reason, a solution is elaborated in which an external consultancy and an enterprise from the automotive sector have jointly developed a cybersecurity training.
IT security departments are no longer just responsible for securing digital assets and appliances. They must - with equal priority - help create a secure environment that inspires productivity and empowers employees to innovate.
In this talk, we discuss challenges faced by large enterprises around embracing the Human Factor (security awareness, phishing / social engineering, password hygiene/policies, etc.). We also share insights into how key security indicators such as overall vulnerability levels and basic security hygiene can be measured and compared across organizations, industries, and countries.
We introduce our approach to prioritizing IT security initiatives that have the most valuable immediate impact on hackability and discuss some common mistakes that can be easily fixed at little or no cost
As a result of the continous evolution of IT platforms, new environments and applications show up to simplify our lives. Some receive them with suspicion, others embrace them. But security challenges don't change, they just multiply. Visibility and segmentation cannot be a roadblock on the never-ending quest for innovation and business agility.
Ola Sergatchov, Vice President of Corporate Strategy at Guardicore, in her presentation, will explore how we can deliver more with less. How to accelerate while reducing security risks, and most importantly, align security, DevOps and business objectives without major IT overhaul.
Globalisation has spread business and production sites all over the world. Companies are faced with distributed IT systems as well as with different and demanding regulations in various countries, spanning from USA through to Europe and Asia, especially China and Russia. For many businesses IAM is a central part when it comes to managing employees, partners, customer, things and APIs in a secure and reliable way.
Artificial Intelligence is surely one of the hottest topics in nearly every industry nowadays, and not without reason. Some of its practical applications have already become an integral part of our daily lives – both at home and in offices; others, like driverless cars, are expected to arrive within a few years. With AIs beating humans not just in chess, but even in public debating, surely, they’ve already matured enough to replace security analysts as well?
Phishing attacks on companies have become increasingly sophisticated in recent years. The high success rates in tactics such as CEO fraud, ransomware or cryptojacking have led to hackers spending much more time and resources manipulating their targets. This is also reflected in the increased incidence of spear phishing attacks and voice phishing operations. At the same time, technological developments in the field of machine learning (e.g. in natural language processing) offer a dangerous basis for new applications in this area. Dr. Niklas Hellemann gives an overview of new social engineering tactics, e.g. the a fraudulent AI-based voice bot that mimmicks the voice of top managers. In addition, hints are given on how companies can prepare themselves for advanced phishing methods, e.g. also using AI-based awareness solutions that simulate such attacks.
This talk intents to provide thought leadership on how AI & ML is currently being used for defensive purposes and will soon be used for offensive purposes. It covers both sides, defence and offence, and provides examples of how AI either is currently used to augment defensive measures or how AI will be used to augment cyber offence.
On the defensive side we have seen an explosion in the vendor landscape using narrow AI to varying levels of success. What is undeniable is that there is improvements in blue teaming & cyber defence thanks to AI. Max will give a handful of practical examples of where AI has caught and stopped extremely sophisticated cyber attackers. AI in defence is already a reality.
On the other hand, cyber attacks are becoming increasingly fast and sophisticated. WannaCry & NotPetya denominated a first paradigm shift - from low & slow attacks to fast-moving, spreading & destructive malware.
Relying on signature-based / hard-threshold-based & maintaining the mentality of 'keeping bad out' instead of 'assuming breach' is not adequate in today's threat landscape any more.
Numerous malware variants are being created daily. To adjust to this evolution, machine learning tools are being utilized by security companies to detect the novel threats and new attack vectors. Same for the threat hunting, where the ML helps in proactively and iteratively parsing through networks detecting the advance threats. Important question is where we want to apply these advanced techniques. The technology should be applied in a smart way to tackle specific problems. In this panel we will discuss the current state of AI in cybersecurity and what the future will hold.
There are many challenges business are facing when they are implementing IAM and Cybersecurity, be it role management and access controls or efficient analytics in the SOC that narrows down the incidents to put the focus of investigation on. As AI augments us increasingly in our daily live activities as well as workers on the factory floor, it also already is able to augment us in doing Identity Management and Cybersecurity better. Martin Kuppinger will look at the areas where AI already is used and where we expect AI to hep us revolutionizing the way we do Cybersecurity and IAM. He will provide perspective that rate the impact and maturity of technologies and deliver guidance on how to pick the best technology for your use cases.
How and where AI, ML, Blockchain, CIAM, Libra, and others can help solving the challenges of Digitization, a changing competitive landscape, and new regulations such as PSD2 in the Finance Industry – and where not
Both traditional Finance Industry and emerging FinTech are under pressure. The competitive landscape continues to change, with new players entering the market, new business models emerging, and new regulations requiring changes in the way business is done. Everyone is fighting for the customer and wants to be the “face to the customer” – the one who controls the business relationship and interaction.
On the other hand, there are many new technologies such as payment systems, Blockchain ID, the potential AI & ML promise, and many more.
In his talk, Martin Kuppinger will look at the big picture of the Finance Industry and its change in the Digital Era, with specific focus on how the various players in this market can benefit from focused use of emerging technologies to strengthen their competitiveness.
Digital identity has been under a constant evolution for the last 30 years. It started from a simple access control via user account within a system to a shared credential among the systems, then to the federated identity and bring-your-own-identity (BYOI). Modern usages are not only for access control but include such purposes like digital on-boarding (account opening), employee and customer relationship management. Among the many technologies out there, OpenID seems to have gained popularity in the market that you are probably using it without knowing it. This session explains the positioning of OpenID in the digital ID landscape and explores the future potential for both corporations and individuals for the coming years.
Not only is there no form of AI that understands what it says, can draw conclusions from it, and can base decisions on it, but it is not even known how such a synthetic intelligence could be created. In our time, let's say in the next two and a half decades, it is not primarily a question of developing an ethical code within which AI's can unfold as independent subjects, but rather of a far more profane view of responsibilities. If a self-propelled car decides to drive against a traffic light pole without any action on my part, who is responsible for the damage?
Are there already solutions in our current legal system for the regulation of such matters, in which only the former of the "basic manifestos" of injustice - the constituent elements of the offense, illegality, and guilt - still plays a role, or must a new category be devised for this?
This keynote will offer an interesting reflection on the current and future situation.
Over the past 12-18 months, there has been a mounting interest in how Blockchain technology might support the next generation of IAM systems. The promises of decentralized and self-sovereign identity, which promote a frictionless user experience and improved privacy controls, are very appealing to any organization looking to reduce both costs and risks. But how do you get started? Many organizations are just starting their journey to cloud, so the idea of Identity + Blockchain may seem too futuristic. In this session, experts from IBM will share how clients are progressively moving towards a decentralized identity solution today while maintaining and integrating it into their existing identity management systems. Learn, how use cases like passwordless authentication for law enforcement personnel and digital job credentials are becoming a reality. Moving to cloud-based IAM is the first step in the process, and with the right strategy, the next generation IAM is closer than you think.
If we look under Alexa’s hood and read between the technologies we find a disturbing reflection of our own identities and personal data. In your home Alexa is always listening and influencing your options. In your company’s product deployment Alexa is influencing your brand, your customers, and your user data. We will discuss why this represents a geo-political shift more significant than the rise of social media. As a previous developer of Alexa skills and other AI systems I will share with you my lessons learned.
And we will examine alternatives.
This interdisciplinary talk will lead you through on why not just identities, but any identity-related information should not be stored on a blockchain. The main technical reason being that none of the blockchain USPs is applicable when it comes to identity (-related) data, especially assertions.The legal and business reason being that blockchain is not (yet) compatible with and accepted in our legal and regulatory framework. So what is the way to go?
There's not many other areas where security and decentralisationis as important as when we're dealing with identity data. Max will explain how to take advantage of already-existing technology (even edge technology) to ensure convenience for the enterprises as well as cost reduction while at the same time making sure there is maximum convenience for the identity owners (humans, machines and other enterprises).
Who was the real Tara Simmons? On November 16, 2017, she sat before the Washington State Supreme Court. The child of addicts and an ex-addict and ex-felon herself, she had subsequently graduated near the top of her law school class. She was asking the court to trust her to become an attorney, and the outcome of her case rested whether or not her past could be used to predict her future.
Algorithms that use the past to predict the future are commonplace: they predict what we’ll watch next, or how financially stable we will be, or, as in Tara’s case, how likely we are to commit a crime. Over the last several years, the identity industry noted the influence of algorithms on human well-being and the inherent biases in many of them. How can we as identity practitioners employ algorithms while at the same time ensure that they promote justice and fairness?
As we follow the case of Tara Simmons and others like her, we’ll develop a practical ethical standard for evaluating algorithms from a uniquely identity-centric standpoint. Learn how to ask the right questions, use open-source tools, and develop an assessment model to ensure that your systems prioritize well-being, demonstrate accountability, provide transparency in decision-making, promote fairness, and provide for user data rights.
Driving growth through customer and partner engagement is critical for B2B business success. Yet, too often, companies struggle to meet this vital need. Why? For partner organizations, managing the end-to-end partner lifecycle is difficult using legacy technologies and manual practices. Each partner has varying needs for security roles, authorizations, and application permissions, and these elements must be handled efficiently so partners get to market quickly and so users can easily go about their day-to-day work. Meanwhile, the business’ most sensitive data must be protected against breaches in order to not risk breaking the partner’s trust. For B2B marketing and sales teams, business customers today are accustomed to more relevant and transparent experiences as consumers and expect that same treatment in their B2B buyer journeys. This means that marketing and sales teams must deliver personalized, content-driven digital experiences, transparency around data collection and processing, and meaningful control for prospects and customers over their personal data. Finally, many B2B businesses have been slow to respond to the European Union’s General Data Protection Regulation (GDPR) and, as a result, are losing ground to more compliant competitors while putting their brand reputation in jeopardy.
To overcome these challenges, you need a single solution to centrally manage the entire lifecycle of external digital identity, consent, authentication, and authorization, to help reduce risk, lower costs and improve customer and partner user experience. Does this sound too good to be true?
Learn how the new SAP® Customer Identity and Access Management for B2B (SAP CIAM for B2B) solution can help your business achieve measurable results through enhanced B2B customer and partner engagement.
Blockchain to some is the future solution for everything, or at least for managing identity information. Rabobank is piloting extensively with blockchain. In his presentation Henk will use a few cases on blockchain to see what works well and what doesn't, and where blockchain could be applied to managing identities, whether these are customer identities or employee identities. Or both.
The Holy Grail of identity and access management is identity governance and administration (IGA). Unfortunately, getting IGA right is much easier said than done. From access request through provisioning and into identity lifecycle management; and from user access governance, through data governance, and into privileged access governance, the sheer volume of users, systems, and scenarios that must be addressed can be overwhelming.
In this session, One Identity will discuss what IGA truly means, how to determine where to start, and where to go next once you are on the path. Don’t be fooled by vendors pitching a myopic or siloed approach to IGA, or a heavy-handed solution that may be more complex and expensive than you can handle. To get IGA right takes designing a program that satisfies YOUR objective and fits within YOUR budget and skillset. It can be done, but it takes a fresh look at the age-old challenge.
A steady stream of trends has built up over the years fueling a growing momentum around Decentralized Identity. Kim Cameron will report on why early adopters – enterprises both large and small – are already beginning to make Decentralized Identity part of their strategy for digital transformation. He will argue that the underlying trends will only intensify – and that enterprises which figure out how to benefit early will benefit the most.
Do you build your own car? Do you buy all the components and put them together yourself? Of course you don't. You find vendors who have already assembled all of the pieces into a finished car, and then select the options for the car that fits it perfectly to your wish list. Don't you think it’s time that you bought your software the same way? Why spend your time and money running around trying to find all of the best pieces, and even more money trying to put them together. Broadcom believes that there is a better way, and we intend to deliver it to our customers. Come hear how we are merging DevOps with Security to deliver a one-stop shop for purchasing everything you need to deliver apps and services to your customers.
The old paradigm of a centralized directory for security has been shattered into a thousand pieces and scattered across the Cloud. Identities, sensitive data and resources, and the management of who may access them are now distributed across hundreds of on-premise and Cloud systems each with its own idiosyncratic security model and none designed to be managed in unison. The shift to Microservices has accelerated the pace of this change. Given this monumental new challenge what is the solution for identity professionals?
The answer lies in embracing this change and applying Microservice design patterns to Identity and Access Management. As an example, IAM can play a key role in an organizations Microservices design by acting as what is known as an "Anti-Corruption Layer". The Anti-Corruption Layer Design pattern isolates systems having different models by translating communications between them, allowing one system to remain unchanged while the other can avoid compromising its design and technological approach. In this case, IAM can be the glue that translates between an organizations security practices and the multitude of ever-changing Cloud applications and their local security.
Passwords? No, it’s not passwords. I’ll give you a hint: we all use them. Everyday. Many many times a day. Still don’t know? It’s the humble username. The “middle child” of identity management, the username doesn’t get the same attention that its big brother “Password” and its little sister “Password-less” get. Instead, just does his job without thanks or recognition. But, failing to pay attention to username can have major negative impact in both B2B and B2C scenarios. In this talk, Mr. Glazer explores the critical aspects of usernames, highlights downsides of getting username wrong, and offers some best practices when designing username schemes.
The attackers are coming in ever increasing waves - come and learn how to set up your defenses so you have the lowest likelihood of account compromise, and accounts which do fall present minimal risk. 100's of thousands of accounts fall victim to hackers every day across consumer and enterprise Identity systems. Attacks are increasing in volume, and Identity takeover remains the "brass ring" for attackers.
The good news? More than 99.9% of these compromises are easily preventable by using the principles of Zero Trust and modern Cybersecurity tools. Benefit from the analysis of more than 18B logins and 300M deflected attacks each day, tenant configuration, and attacker pattern to get clear ideas of the most effective patterns for protecting identity systems (and plenty of motivation to apply them!)
Modern authentication and authorization services need to generate more than the traditional allow or deny result. Developing user discovery flows that capture and store contextual information, can allow authorization services to deliver dynamic and fine grained data redaction and resource protection. It enables organizations to digitally transform their business and to develop future proof identity models and ecosystems focusing on zero trust and continually secure infrastructures.
A comprehensive and fully functioning identity program is an ever evolving mission. From creating security awareness that sticks with employees, getting executive buy-in, and assembling the right team, there’s a lot to do – and then deciding the correct mix of services and solutions that are required for the identity program can be quite the task. One thing is certain – security should not compromise user experience. If there is too much friction in the mix, users will avoid best practice. In this keynote, Gerald will look at some of the challenges as they exist today, some of the solutions that will help into the future, and what mix of solutions can help you deliver an effective identity program that is both robust and flexible.
With the rapid fusion of physical, biological and digital, identity is now more personal than ever. At the same time, data breaches, hacking and centralised honey pots mean that customers are more vulnerable than ever before.
How we collect and process data in order to personalise services may be the difference between gaining trust or getting fined. Distributed ledger, Self-Sovereign Identity and Zero Knowledge Proofs offer new opportunities to build a trusted data and identity stack. Taking the best of CIAM together with increasing the rights and protections for customers will drive connected use-cases, lower costs and enable new business models.
This session will focus on how incorporating SSID, ZKP and progressive disclosure enables enterprise to personalise products and services without putting customers at risk. Bridging CIAM and SSID means less data and more insight.
In today’s world, organizations and people manage a complex web of digital relationships. To keep everyone safe, each digital interaction must be validated. Strong tools and technologies are now available to help organizations protect their resources, employees, business partners, and customers. But there are no similar tools—beyond legislation—for individuals trying to protect their private information. As an industry, we have a responsibility to provide technology tools that ensure privacy for individuals even while they strengthen security. This means supporting citizens’ rights by putting them in control of their data and providing standards-based solutions for interoperability, portability, and protection for the entire data lifecycle.
With Identity Management increasingly moving to Access management, this talk will explore how permitting access on the basis machine learning is the logical next step on from biometric ID, and to provide for improved security to implement access control. The session will explore the necessary steps to undertake to deploy AI systems in a secure, privacy compliant and ethical manner.
Data, a massive amount of data, seems to be the holy grail in building more sophisticated AI’s, creating human-like chatbots and selling more products. But is more data actually better? With GDPR significantly limiting the way we generate intelligence through collecting personally identifiable data, what is next? How can we create a specific understanding of our customers to deliver superiority over our competition? During this keynote, we will share how our own expectations and the principle of behavioral economics can alter the way we approach product ideas, personalized marketing, artificial intelligence and even what the future might/could look like, let's say, for self-driving cars or smart cities.
Very often we hear the argument, that the way the internet has been influencing our lives can be compared to Gutenberg´s invention of the printing press. Emilio Mordini - Psychiatrist and one of the world´s most distinguished thought leaders on how future technology will change the way we think and live, says that the transition from analog to digital is much closer to the transition from the spoken to literacy than the printing press ever was, because it is changing the medium in which human thoughts are materialized. In his keynote, Dr. Mordini will refer to Dürrenmatt´s Short Story "Das Sterben der Pythia" and describe why he thinks that "digital predictions" are always and unavoidably self-fulfilling prophecies.
For the past five years at Work-Bench, we’ve been investing in a total reimagining of the enterprise technology stack. The enterprise infrastructure stack that powers Fortune 1000 organizations is in the midst of a tectonic shift. This talk will highlight key trends in cloud and cybersecurity affecting the enterprise and where disruption lies for VC investment and corporate innovation. While there remains a lot of buzz around emerging technology, such as ML/AI and new infrastructure patterns like serverless, this keynote will cut through the noise and marketing hype and help bring to the fore what's truly transforming the enterprise technology landscape.