KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
Workflows, integration, automation, low & no code – whatever reduces complexity and manual workload will be an even hotter topic in 2022. KuppingerCole Analysts Martin Kuppinger and Paul Fisher will discuss with Clear Skye´s Jackson Shaw on the new era of platform services and how they will help automating Identity & Access Management.
Zero Trust will continue to play a crucial role in cybersecurity and identity management. In this session, KuppingerCole Analysts Martin Kuppinger and Paul Fisher will discuss with Sergej Epp from Palo Alto Networks on how to apply Zero Trust thinking to converge IAM, UEM, MDM, XDR, SIEM, SOAR to a seamless and holistic cybersecurity infrastructure.
The increased importance of a frictionless user experience as a digital business success factor on the one side, and a big wave of ransomware and similar attacks with user credentials as a main entry point are forcing us to rethink authentication and finally get rid of the password. Interview guests of this session will be KC Analyst Martin Kuppinger, Paul Fisher and Jochen Koehler from HYPR.
The pandemic has dramatically accelerated the shift to online transactions in most industries, with the financial industry as an example for a heavily regulated sector being in the forefront of a movement to establish a global standard that leverages the assurance level of online identity vetting (the onboarding process of a digital identity) with traditional face-to-face methods. In this session, KuppingerCole Analysts Martin Kuppinger and Paul Fisher together with ForgeRock's Eve Maler will discuss the relevance of identity proofing for your enterprise and why it will be one of the key topics 2022.
Website www.forgerock.com, email eve.maler@forgerock.com, LinkedIn https://www.linkedin.com/in/evemaler/
It is the same set of drivers – first and foremost remote workforce requirements and seamless customer interaction, that make our infrastructure and service even more complex as they used to be, with multiple public and private clouds, on-site IT, all of them with identity silos. In this session, KuppingeCole´s Analyst Martin Kuppinger and Paul Fisher, will talk with André Priebe from iC Consult on how to leave silos behind and take advantage of global identity proofing networks, Decentralized (DID/SSI) or chain-agnostic (GAIN etc.) and how CIEM/DREAM can help reducing complexity.
Paul Fisher and Matthias present their very subjective summary of a really special and, in particular, especially challenging past year, 2021. They cannot do without the word 'pandemic' after all, but they also try to reach a first perspective on the year 2022 from the past 12 months.
The announcement of the GAIN initiative for the secure distribution of verified and assured identity data has been made at EIC in September. While the core concepts of this initiative have been discussed in earlier episodes, Martin and Anni sit down with Matthias to do a deeper dive into further aspects of GAIN, including the use beyond customer-related IAM and the challenge of privacy in such a hyper-connected network for PII.
Raj Hegde is joined by Sebastian Manhart - Technical Advisor on Digital Identity for the German Chancellery to explore governmental reform and understand stakeholder expectations behind the rollout of digital identity projects in the post-COVID era.
Tune in to this episode to learn how governments can transition from risk-averse waterfall approaches, improve human factors in public services and navigate through the government-private sector nexus to promote citizen access to essential services.
Senior Analyst Graham Williamson joins Matthias from down under to talk about edge computing. Starting from the definition and relevant use cases, they focus on where the edge brings value. They discuss what the key criteria for a successful deployment are and what needs to be looked at to do edge computing while preserving security and privacy.
Lead analyst Alexei Balaganski joins Matthias for an episode on Data-Centric Security. Starting with a definition behind that term, they look at relevant technologies and market segments and discuss adequate ways of adding Data-Centric Security to an organization's cybersecurity strategy.
From November 9th to 11th, the Cybersecurity Leadership Summit 2021 took place in Berlin and virtually online. The Monday after, Martin Kuppinger and Matthias sat together to talk about some first impressions and insights from this event.
The recordings and slide decks are available for participants and those interested.
In the past, servers and applications were rather static, and entitlements too were static. But this has changed. Organizations must deal with a multi-cloud, multi-hybrid IT. Entitlements and access in today’s cloud environments are dynamic, just like workloads. Martin Kuppinger joins Martin to explore the area of Dynamic Resource Entitlement and Access Management (DREAM). Together they look at policies and automation as one key building block for managing today's volatile IT.
No big celebration, but at least a mention: this is the 100th episode of the KuppingerCole analyst chat. Martin Kuppinger joins Matthias to discuss the increasingly important topic of "everything as code" and how to define proper strategies for approaching this, especially in the context of the BASIS concept. For more on this, both recommend revisiting Martin's opening keynote from this year's EIC.
John Tolbert sits down with Matthias and shares his insights into current approaches for protecting and defending essential enterprise systems beyond traditional, often office-focused cybersecurity. Safeguarding Operational Technology (OT), Industrial Control Systems (ICS), and the Industrial Internet of Things (IIoT) is getting increasingly important. John explains that modern approaches like Network Detection and Response (NDR) and especially Distributed Deception Platforms (DDP) can be valuable building blocks in an overall strategy for defending, for example, the factory floor or critical clinical systems.
Annie Bailey and Matthias take a deeper look at the emerging concept of the Global Assured Identities Network (GAIN) and also seek a broader perspective on the benefits and challenges of reusable identities in general.
The idea of low-code/no-code (LC/NC) application development is for end users to create their own custom applications, perhaps using a graphical design tool, selecting from a library of existing building blocks, or perhaps even with the assistance of artificial intelligence. Alexei Balaganski explains the concepts behind this new development, takes a look at the current market and, finally, highlights the challenges and security issues that may be hidden behind the use of such application development.
In this episode, Raj Hegde sits with Dr. Michele Nati - Head of Telco and Infrastructure Development at #IOTA Foundation to understand how decentralization offers a fresh perspective towards marketplace transactions.
Tune in to this episode to explore how an international initiative comprising of banks, universities and telco providers comes together to safeguard the e-commerce ecosystem.
While moderating and speaking at KuppingerCole's flagship EIC 2021 event in Munich, Matthias also took the opportunity to sit down one-on-one with his fellow analysts in the conference studio for some EIC special analyst chat episodes. In the third and final special episode, Martin Kuppinger and Matthias look at how current technologies and concepts complement each other to improve security and convenience for users of modern technologies at the same time.
KuppingerCole's flagship event EIC 2021 took place very successfully in Munich and online in September. Of course, Matthias took the opportunity to sit down with his fellow analysts in person for some EIC Special Analyst Chat episodes. Building on the themes of his Opening Keynote, Martin Kuppinger explains the concepts behind "Deconstructing the User Journey".
EIC 2021 finally took place in Munich in a hybrid format between on-site and online. Of course, Matthias took the opportunity to sit down with his analyst colleagues in person for some EIC special analyst chat episodes. In the first of three specials, Christopher Schütze talks to him about the findings from his pre-conference workshop on defending against ransomware, and they also turn their attention to a promising new approach to creating globally secured identities.
CIEM (Cloud Infrastructure Entitlement Management) is a SAAS delivered, converged approach to next generation, ideally AI driven multi-cloud security, managing access and privileges in the cloud. It is playing across the disciplines Identity Management & Governance, Access, Privilege Management and Authentication, addressing the complexity of multi-cloud adoption with privilege & access management working differently for each provider.
In an attempt to protect users from excessive tracking and surveillance, the last couple of years have witnessed major browser vendors introducing increasingly restrictive anti-tracking measures. Identity protocols and features got caught in the crossfire, however, forcing identity software vendors and developers to hastily introduce changes to restore functionality that browser changes broke. Is this the new normal? What will we do when a change will break an identity feature beyond repair?
This session will review the main browser changes that have affected identity over the last few years – Chrome’s SameSite and Safari’s ITP2 in particular, interpreting them as part of a larger trend and attempting to predict what the future will look like for identity customers and practitioners.
Disciples of decentralized identity have preached for years that DIDs are the only true path to giving users control over their identity, AKA self sovereign identity. The lack of widespread adoption is evidence that a more pragmatic approach is needed.
Identity management is critical for digital transformation and continues to evolve and gain importance as the business environment changes in today's hyperconnected world, where employees, business partners, devices, and things are all tightly interwoven. Deploying an identity security solution – regardless of your business size or industry is a fundamental requirement today to facilitate secure communications and reliable transactions.
This panel explores identity security strategies that enable your business to take full advantage of your solution’s capabilities.
"Act quickly; allow me to think less; protect me from risk." These incongruent objectives are being asked of IT departments and their staff. We are living through a great digital transformation that is rewriting our way of working and means of producing goods and services. Underlying and enabling this transformation is an increasingly complex, obscure, and challenging myriad of interwoven software systems spanning organizational and technological boundaries. IT complexity is no longer isolated to back-office nerds conversing in technobabble and pushing us aside to remedy our newb problems. All portions of the workforce are more exposed and dependent on technology to complete their day-to-day duties.
As organizations are recovering from the pandemic, the need to adapt to rapid technology, organization and social changes makes many of them embark on a digital transformation at high speed. Investments to drive online business, powered by customer insights and an attractive user experience, yet secure and compliant to rules and regulations, have never been bigger.
Integrating Marketing and Customer Relationship Management (CRM) functions with Customer Identity & Access Management (CIAM), if done well, can help business owners achieve the ROI they are looking for.
Join Gerald Horst, who leads PwC's Digital Identity team in EMEA, as he explains how powerful Customer Identity & Access Management can be when you are transforming your organization to become successful in doing business online. Gerald will share relevant client experiences, demonstrate some key capabilities and give his view on future client demands in this context.
Key takeaways:
Martin Kuppinger and Matthias discuss the high-priority topic of how to achieve automation of management and security across the entire multi-hybrid, multi-cloud IT infrastructure based on well-defined policies.
Cybersecurity is one of the areas where virtually every business will need to invest because of ever-growing cyber risks and ever-tightening regulations, and in the post-Covid era, the cybsersecurity market continues to evolve and grow, having gained even greater importance. Warwick Ashford joins Matthias to discuss the factors driving the trends in this market and what businesses should be considering when making cybersecurity investments.
Tune in to this episode to explore ways to navigate tradeoffs between privacy and accessibility in decentralized identity and learn about interesting user-centric approaches that can be applied to modern identity protocols.
P.S.: You do not want to miss out on our little surprise at the end of this episode 😉
Christopher Schütze provides the fundamentals for a pivotal topic in cybersecurity, namely how to create processes and systems for comprehensive and continuously improving vulnerability management. Together with Matthias, he provides an overview of elementary aspects that need to be considered.
The market segment of products and services that are designed to manage and secure APIs as essential resources in a multitude of different environments is constantly evolving. On the occasion of the publication of the latest edition of his Leadership Compass "API Management and Security", Alexei Balaganski explains the fundamentals and current developments of these products and services.
Raj Hegde sits down with Peter Busch, DLT Product Owner at Bosch, to discuss how decentralization is enabling a wide range of exciting use cases across industries. Tune in to this episode to explore the concept of machine economy, understand the needs of machines and dive deep into the intersection of decentralized identity and the Internet of Things.
Business Intelligence is the discipline of deriving business insights from raw enterprise data to inform decision making. Although this is a mature market, new trends are stirring up this market sector. Annie Bailey joins Matthias to explain what is changing and what 'Next-generation BI platforms' are.
Graham Williamson, Senior Analyst at KuppingerCole, is to deliver a presentation entitled Meeting Expectations – 5 pillars for IoT project success on Tuesday, September 14 starting at 7:20 pm. at EIC 2021.
To give you sneak preview of what to expect, we asked Graham some questions about his planned presentation.
Paul Fisher has researched the topic of Data Governance Platforms extensively, and he published a Market Compass on this topic at KuppingerCole Analysts just a few weeks ago. In the current episode of Analyst Chat, he explains this market segment to Matthias and provides insight into current developments.
The path toward a Zero Trust architecture to improve cybersecurity for modern enterprises in a hybrid IT landscape often seems overly complex and burdensome. Alexei Balaganski is this week's chat partner for Matthias and he draws attention to an often overlooked benefit of such an infrastructure. One key idea of Zero Trust is to actually reduce complexity and unnecessary effort and instead focus on what really needs to be protected.
In his talk, Martin Kuppinger will deconstruct the term Access Management and look at the various elements and concepts behind. Access Management is multi-facted and includes many concepts. On the other hand, many of the areas we should find being supported in Access Management are still missing in most implementations. So: What does it need for a modern, comprehensive Access Management? How will this look differently from now? Will we get rid of the burden of annoying authentication procedures or reviewing static entitlements we don’t understand? Which roles should policies play? Could we move forward to just-in-time entitlements? And will we finally get rid of passwords.
Martin Kuppinger will cover trends that are already visible, options you can take today, but also evolutions that are just visible at the horizon and innovations vendors should focus on today.
He will deliver you a high-level playbook for tactical and strategic steps for evolving what you have in Access Management towards a broader, future-proof solution.
This episode concludes the four-part series on hybrid IT. To wrap things up, Mike Small and Matthias focus on the latest developments in hybrid infrastructures, between containers, hyperconverged, edge and cloud in a box.
"Progress is the process by which the miraculous becomes mundane.” says Doc Searls, the next guest on our popular podcast series - Frontier Talk. In this episode, Raj Hegde sits down with one of the most prolific technology thinkers of our generation to understand the problems of the identity status quo and to determine the boundary conditions required to usher in a new era in identity - one that gives individuals independence and better ways to engage with businesses.
Part three of the four-part series on hybrid IT looks at approaches to appropriately manage and evolve hybrid architectures. Mike Small and Matthias put the focus not only on technical management, but also on appropriate governance in particular.
Even though the pandemic has been the main driver for digital workplace productivity as a strategic requirement, this topic will not go away after it is over. The Digital Business workforce needs to be “anywhere-enabled”. In order to support this Secure & Flexible Infrastructures for the Digitally Transformed Enterprise is necessary.
Developing a digital workplace strategy contains several layers:
In this KC live event, we will discuss the future workplace trends such as De-Materialization & Anywhere Computing, Workplace-Consumerization, KyE (Know Your Employee), How to balance Zero Trust requirements with easy access and more.
Our expert speakers will share insights on how a solid digital workforce strategy, incorporating technologies like automation, collaboration, and artificial intelligence, can help propel your business forward.
Mike Small and Matthias continue their four-part series on hybrid IT, looking at the increasing complexity: they look at multiple dimensions of the challenges that come with deploying and operating hybrid IT architectures.
This is the kickoff of a four-part series of podcast episodes around hybrid IT. Mike Small and Matthias explore the fundamentals of modern architectures between the cloud and the traditional data center.
Christopher provides a deep-dive on the intersection of ITSM and ServiceNow
In episode seven of this podcast, John Tolbert and Matthias first looked at Fraud Reduction Intelligence Platforms more than a year ago. Much has happened in this market segment since then, and on the occasion of the release of the updated Leadership Compass, they look at the latest innovations.
Anne Bailey has just completed extensive research into the new market segment of AI Service Clouds. In this episode, she explains this innovative concept, which aims to overcome the lack of qualified personnel and bring artificial intelligence and machine learning to more companies.
IAM (Identity und Access Management) ist ein Kernelement jeder Strategie im Bereich der Cybersicherheit. Kontext- und risikobasierte Zugriffssteuerung und adaptive Authentifizierung sind Kernelemente jeder funktionierenden Sicherheitsstrategie. Gerade für Zero Trust mit seinem Grundsatz „Nicht vertrauen – überprüfen!“ ist ein gutes, modernes IAM essentiell, um eben diese Überprüfung durchführen und Zugriffe in Abhängigkeit vom Risiko steuern zu können.
Martin Kuppinger wird in seinem Vortrag auf die Bedeutung von Zero Trust-Strategien ebenso wie für SASE (Secure Access Service Edge) eingehen, aber auch für die Möglichkeiten, IT insgesamt zu modernisieren. Dabei wird er aufzeigen, wie ein modernes IAM die heutigen Anforderungen unterstützen kann und dabei hilft, eine IT zu schaffen, in der Zusammenarbeitsmodelle mit Partnern und Kunden ebenso wie neue Arbeitsformen für Mitarbeiter flexibel und sicher unterstützt werden und die bereit für alle Varianten von Deployment-Modellen ist.
Your DNS server knows what websites you use, what the name of your mail server is, and which corporate services you use while working from your home office. And there are even broader challenges when it comes to protecting sensitive personal data in that context. Alexei Balaganski and Matthias continue their conversation about a fundamental Internet resource, the Domain Name System, this time walking the fine line between technology and trust.
Some internet services are so deeply woven into the core infrastructure, that they are just taken for granted or even ignored in our daily digital life. One example is the Domain Name System. Alexei and Matthias discuss the basics of DNS, look at current cybersecurity threats targeted at it, and explain how they can be mitigated.
Identity and access management is evolving. Originating in centralized enterprise systems, IAM must now reflect the complex realities of modern organizations and our post-pandemic society. It is driven by the need for a seamless user experience for all types of identities with all types of devices while maintaining security, compliance and governance. Matthias Reinwarth, Director of KuppingerCole's IAM Practice, exemplifies the path to a big picture for IAM that combines federated and decentralized IAM with traditional IAM and promotes trust through verifiable credentials and the concept of an autonomous, sovereign user.
Maintaining finer grained access by administering AD groups through dedicated and delegated application administrators is the reality in many organizations. Martin Kuppinger and Matthias discuss these types of indirect authorization management and why they are no good choice, even more when AD becomes legacy.
CIEM is one of the latest entries to the set of 3- and 4-letter acronyms in IAM technology. Martin Kuppinger and Matthias take a look at the functionality behind it and its role within an Identity Fabric.
In this episode, Raj Hegde sits down with Dr. Carsten Stöcker, Founder & CEO of Spherity to understand how #decentralized identity is transforming the end-to-end supply chain lifecycle.
Tune in to this episode to explore the increasingly important role of provenance in helping build a better world and learn about the intersection of exciting concepts such as non-fungible tokens (NFTs) and decentralized identifiers (DIDs).
Martin Kuppinger joins Matthias for a first hybrid audio plus video episode of the Analyst Chat. They talk about horizontal (capabilities like AM, IGA, and PAM) and vertical siloes (identities like things, robots, customers, partners, or employees). And they lay out a proper approach to strategically get rid of these siloes in the long run.
Building on the first three podcast episodes of this series with Annie and Shikha, Paul Fisher and Matthias turn their attention to the Privileged Access Management aspect in the context of WfH and its Cybersecurity Threat Landscape. They look at the role PAM plays in the particular WfH use cases for administrators, as well as for business users. And they look at the potential changes that this will bring for the further development of PAM in the future.
Often missed as a niche part of IT, “admin” access is the holy grail for the bad-guys attacking your business. Thus, its crucial to understand why a strategic approach to PAM and Credential management will improve your corporate security posture.
This talk will look at:
In this keynote address, Senior KuppingerCole Analyst Paul Fisher will explain how PAM will further develop to become a central component of modern IT infrastructures and enable frictionless but secure access to data and services. Included in this talk:
The Internet of Things is everywhere around us. Almost every device we use is connected to the internet. But are they really smart or intelligent? An most important – what are we and will we be doing about their security?
Join Thom from SentinelOne and Alexei as they discuss what AI and IoT really are to learn how many IoT devices Alexei has at home and how long we have to wait until "The Terminator" will be al real thing.
Shikha Porwal and Matthias Reinwarth have a coffee conversation over the security risks of working remotely. They talk through the vulnerabilities of a home network, and touch base with the pandemic related end point security threats, employee behavior and finally, Zero trust.
Annie and Matthias continue their conversation on the COVID-related trends in 2021. They conversate about different technology and internet usage trends, and also mention some potential topics that will become more prominent in the future as a learning from these trends.
Defining strategies on governance, risk management, compliance, security, and identity beyond the SAP silo
Business applications are under change. While some remain on-premises and in traditional architectures, others have shifted to the cloud – and several of these being provided by specialist vendors such as Workday or Salesforce. The established vendors such as SAP also are changing their platforms, applications, and delivery models, while also acquiring SaaS vendors such as SuccessFactors and Ariba. The days of homogeneous, vendor-focused, one-stop-shopping business applications are past. Most organizations are dealing with a heterogeneous landscape of business applications, regarding both vendors and deployment models. While this raises the more fundamental questions whether IT organizations that still have a SAP unit are still reflecting today’s reality, or should undergo fundamental change, there is an ever more pressing need for delivering governance, risk management, compliance, security, and identity for all types of business applications and beyond to other parts of the IT services such as ESM/ITSM (Enterprise/IT Service Management) and newly born digital services.
Martin Kuppinger will look at this evolution and discuss what to change and how to balance depth of capabilities for certain environments with the need for a broad support of heterogeneous (business) applications
While the world tries to cope up with the on-going pandemic, cybercriminals have got their hands on a gold mine. Annie and Matthias sit down again to chat about the overall picture of cyberattacks, including COVID-related lures.
Raj Hegde sits down with Dr. Harry Behrens, Head of Blockchain Factory at Daimler Mobility, to discuss how decentralization is transforming the fragmented mobility industry. Tune in to this exciting episode for a deep dive on decentralized identity, explore the rise of the platform economy and access the playbook required to kick start decentralization initiatives at your organization.
Annie Bailey and Matthias continue their conversation around privacy, targeted marketing and the end of the era of the 3rd party cookie, that they started two weeks ago. They discuss the characteristics and the pros and cons of upcoming approaches, while this technology area is still continuing to evolve.
Frontier Talk goes beyond technical jargon to stimulate conversations that matter. In this series, we take you inside the minds of influential leaders, innovators, and practitioners from eclectic areas (enterprise, startups, academia, venture capital, etc.) to extract their experience working with emerging technologies such as Blockchain and AI.
Join Raj Hegde on this journey to redefine the ‘I’ in Identity!
Dr. Phillip Messerschmidt is an experienced practitioner with extensive background knowledge in all things IAM. He helps us to take a step back and look at IAM in daily life. Drawing on simple, understandable definitions, he provides practical recommendations for successful and efficient identity and access management.
The traditional paradigm of investing in protection of known threats alone has been declining over recent years, as attackers become more adaptable and capable. Combine this with increased threats and attacker ingenuity it is small wonder that a CISO’s role has become more complex. This leads to the inevitability of a security incident where the complex environments and inventive attacks collide.
This presentation looks at three fundamentals:
Why traditional protective approaches are no longer effective enough.
How complexity has made the CISO’s ability to respond more difficult.
The importance of automation in the response process to address this paradigm shift CISOs now face
Tracking of users via 3rd party cookies has been a constant issue regarding compliance and user privacy. This is about to change, as 3rd party cookies are being more and more blocked in browsers like Firefox and Safari. And Google has announced the same step for Chrome in upcoming versions. What does this mean for the ad business, what are new approaches for addressing targeted marketing in a potentially more privacy preserving manner? Annie Bailey joins Matthias to discuss recent developments in this field.
How can PAM technologies fit into a Zero Trust architecture and model? How could a PAM technology help us sleep better at night, as many are anxious about falling victim to an attack similar to the Solar Winds attack? Is there a future in deploying PAM in DevOps environments? And how can PAM technologies help to address regulatory compliance? Join Paul and Jim as they talk about different current topics around PAM - Privileged Access Management.
Recent forensic evidence shows that IAM solutions and infrastructure are a strategic attack vector. In today’s complex and highly distributed enterprise security supply chain, are you adequately protecting the identity and access administration capabilities at the center of your security architecture?
In this session, former CTO and CISO Darran Rolls will provide a unique perspective on the critical steps required to secure your Identity Governance and Administration infrastructure. Whether you employ on-prem or SaaS technology to meet your provisioning and governance needs, this session will highlight the obligations and best practices for securing your processes and your infrastructure. IGA holds the keys to your kingdom – do you know who has access to it?
We will give you a sneak peek on Telia Company’s current journey towards IGA system modernization. After the presentation you will have a good overview and some insight in what is cooking right now and where we are going with focus on Cloud strategy VS National Security which is the next challenge after our Phase 1 Go-live this year.
IGA (Identity Governance & Administration) is an established area within IAM. Since the early days of Identity Provisioning some 20 years ago, more and more vendors have entered that market, and technologies have matured. However, 20 years of maturity are a lot for IT, also indicating that some concepts may benefit from modernization.
In his talk, Martin Kuppinger will look at four areas:
As organizations go through digital transformation, they increasingly turn to using cloud services. One aspect of the digital transformation plan that is often forgotten is ensuring business continuity. Mike Small joins Matthias to explain why business continuity is essential for cloud services, especially in light of current events.
In the early years of this millennia Finland was already at the forefront in utilizing strong authentication for online services. Banks had been issuing two-factor authenticators to their customers already in the '90s. These means of strong authentication were quickly adopted by public and private sector services that required more than passwords. Mobile network operators began to offer PKI based SIM authentication. These two solutions and their somewhat legacy protocols conquered the strong authentication market and were the de-facto methods subscribing to or accessing services. Advances in technology, eIDAS, PSD2, and user expectations required a complete overhaul of the strong authentication landscape for the whole country. What happened and why? What were the lessons learned?
Leveraging what you have and extending it by new services and architectures to support today’s and tomorrow’s business demand on IAM.
IAM (Identity and Access Management) is no longer just an administrative tool or a solution supporting your regulatory compliance requirements. It is a business enabler, as well as an IT enabler. It is a central element of every cybersecurity strategy. It enables managing and access control for everyone from employees to consumers and everything from things to software robots. It is a foundation for your success in digital transformation. It also enables IT transformation, by managing access to all the clouds and services you have to deal with.
But: How to get to a modern IAM form where you may be today? What to preserve, what to extend, what to add, what to retire? And how to do such a migration in a way that you can serve the business demand rapidly, while gaining the time you need for more complex migrations – and while preserving investments in times of tight budgets?
Martin Kuppinger, Principal Analyst at KuppingerCole, will discuss these aspects and explain how the paradigm of an Identity Fabric can help you in successfully modernizing your IAM, at your own pace. He also will shed a light on the state of the market and the maturity of offerings serving the Identity Fabrics model.
Cloud is here to fundamentally change the way Identity and Access Management services are delivered. It is an imperative but also an opportunity to re-visit and challenge a few tried and tested approaches to delivering core IAM capabilities. It also provides an important pause to design the IAM capability of the future. The speaker will share his experiences in deploying a native cloud-based IAM solution at scale, the challenges, pitfalls, and the watch-outs.
Many organizations are undergoing new modes of operation, which is enabling them to develop a "digital instinct" for their customer's needs. A correctly designed consumer identity management platform allows those organizations to excel, in an agile, secure, and business-enabling way. What does success look like in the CIAM world and how do identity fabrics enable it?
Logging in is such a common process, it’s easy to take for granted. However, that entry point to your application or service is also when organizations become responsible for the user’s digital identity. And with the increase in innovation, and use of technology to deliver products and services, there is an explosion in the number of sources from which users can gain access. Overlaying all of that is the constant evolution of the threat landscape and regulations that inevitably follow.
Tech leaders who want to grow their position in the market must balance two goals: delivering security and customer experience.
Join Auth0 as we discuss, and provide some insights on how to utilize a strategic approach to digital identities, that has helped customers such as Siemens, HolidayCheck, and EnBW to:
Organizations are in a constant race when it comes to cybersecurity. Identity and Access Management has a more relevant role than ever in this ruthless fight against cyber enemies that may cause fatal operational, monetary and reputational damage to organizations. IAM teams must offer a set of security solutions and processes to safeguard and protect the business, and nowadays the teams are expected to deploy those faster and more efficiently than ever. The presentation will go through how to implement an efficient, centralized IAM approach that makes no compromises and shows no mercy for any attempt to unauthorized access outside the IAM solution. It will also be explained how the approach can be implemented in an agile manner during an on-going IAM project.
In a world where you never meet our customers or employees face to face, it’s critical to anchor their real identity to their digital one.
It’s only by doing this that you can securely provision access, verify high-risk actions, and deliver on an experience that keeps them engaged. In this session, Olli Krebs (VP Central EMEA at Onfido) will examine how document and biometric verification can seamlessly enable trust throughout the identity lifecycle.
An organization’s Identity and access management have always been a busy scene, even if the economy is growing or shrinking. IAM operations- the lifecycle management and maintenance of Identities is a resource intensive and costly process. By leveraging the right automation technology, CISOs can bring down the risk involved in IAM operations; Robotic Process Automation (RPA) being one among them.
We all know that communication is the most critical success factor of any human undertakings, and IAM initiatives are no exception. However, whether you are:
…the one critical thing we are all missing is a consistent and accurate vocabulary. Throughout decades of academic work, many authors proposed definitions for IAM terms and concepts. Yet, as a discipline, as an industry, as a career specialization, and as a research field, we failed to consolidate this and build a reference IAM dictionary, allowing us to communicate with precision and clarity.
In this session, I will present you with the TOME community project. Its goal is to become that reference dictionary. It is built as an open wiki to allow all experts to contribute. It is free of charge and licensed under Creative Commons to facilitate its widespread adoption. It is rooted in science with pervasive references from the literature to stand on the shoulders of giants.
Alexei Balaganski covers a broad range of security-related topics: from database, application and API security to information protection, cryptography and AI-based security automation. He joins Matthias to give a first insight into a fascinating new approach towards access encrypted data "in use", while maintaining privacy and security of data and processing. He explains the concepts behind homomorphic encryption, the current status, the technology required and he talks about first pioneering use cases.
Martin Kuppinger is one of the founders and the principal analyst of KuppingerCole and he is steering the overall development of the topics covered in KC's research, events and advisory. He joins Matthias to talk about the importance of extending Zero Trust to cover software security, for software in any form (embedded, COTS, as-a-service) and regardless of whether it’s home-grown or externally procured.
Join us to understand how Zero Trust transforms your security strategy and makes you more resilient to a range of attacks. We will share a roadmap for leaders, architects, and practitioners, as well as talk about some quick wins and incremental progress on this journey.
Many enterprises are nowadays dealing with the modernization of their Identity & Access Management. Modernizing Identity Governance and Administration (IGA) and well as Access Management at the same time can become too complex.
In this video blog post, Martin gives practical advice on how enterprises can get their priorities straight.
Privileged user accounts are significant targets for attacks as they have elevated permission, access to confidential data and the ability to change settings. And if compromised, the amount of damage to an organization can be disastrous. No wonder that this is on the mind of our chief information security officers. Join our CEO Berthold and Rob Edmondson, Technology Strategist at Thycotic in this conversation!
The press, security vendors, politicians and analysts alike currently often focus only on the recent SolarWinds security incident and its exceptional features and effects While this is in fact an extremely important topic to learn from and to clean up, the shadow of this hype causes that at the same time it is often neglected that even very basic cybersecurity aspects are poorly addressed in many organizations. Alexei and Matthias look beyond the hype and discuss the need for new initiatives to achieve an actual adoption of proper measures to improve basic cybersecurity hygiene in essentially all organizations.
The Security Operations Center-as-a-Service (SOCaaS) market has emerged and continues to develop in response to demand for security monitoring, analysis, detection, response, and improvement recommendations either instead of or as a supplement to permanent on-premises SOCs. KuppingerCole Analyst Warwick Ashford joins Matthias for this week's episode and shares some insights into this evolving market segment he gained during his recent research.
There are several external drivers that are putting pressure on the way we manage identity, made especially clear over the last year: digitalization, privacy, user-centricity, and reuse.
Rather than resist the change, let us consider what would happen to identity if we translated these pressures into requirements. Which capabilities are accelerated from the sidelines to being star players? What approaches best fit these future requirements? And how does decentralized identity come into play?
In this talk, Anne Bailey will pull from the insights of the upcoming Market Compass Providers of Verified Identity and consider where identity is going in 2021 and beyond.
More than a month into the post-SolarWinds-incident era Alexei joins Matthias to discuss further lessons learned and strategic approaches towards improving security in organizations depending on diverse cyber supply chains and their imminent threats. But they go beyond and look at the necessary changes between management awareness and software development security.
Although not really brand new, there are still a lot of interesting developments around DevOps when it comes to cybersecurity and more. Paul Fisher shares some trends and insights with Matthias and tells us what to expect in this rapidly evolving segment.
The SolarWinds incident made the news in December 2020 and continues to impact many organizations. John Tolbert joins Matthias to give a short introduction of what decision makers need to know at this stage and which measures to look at first.
