KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
Another year gone already! It's time to take a look back at 2022. Martin Kuppinger and Matthias talk about what happened in the past year and identify top trends in IAM and Cybersecurity. They go beyond technology but also look at processes and business models. By this, they also provide an outlook to what to expect in 2023.
With this episode, the Analyst Chat goes into a short Christmas break. We'll return on January 16th.
The application landscape in organizations is getting more and more complex. Applications from vendors are more plentiful - or they differ very much from each other - and the combination of on-prem and cloud applications is no longer unusual. It's easy to lose track of all the different risks that are coming with that. Application access governance helps in unifying the different security perspectives. Martin sat down with Keri Bowman from Saviynt to take a deeper look into this topic.
Alejandro and Matthias continue their conversation about passwordless authentication. This time, the topic is the use of biometrics (and possible security and privacy concerns related to their use) as an authentication factor.
Research Analyst Marina Iantorno works on determining market sizing data as a service for vendors, service providers, but especially for investors. She joins Matthias to explain key terms and metrics and how this information can be leveraged for a variety of decision-making processes.
Identity Governance and Administration (IGA) combines the traditional User Access Provisioning (UAP) and Identity and Access Governance (IAG) markets. Nitish Deshpande joins Matthias for the first time on the occasion of the publication of the Leadership Compass IGA 2022, which he has created. They both have a look at this evolving and fascinating market segment.
Ksenia Iliuk, Head of Research at Detector Media, Ukraine tells us about some key findings of their research in the media landscape of Ukraine. Find out what she has to say about Telegram and what it has to do with #cybersecurity.
Only a week has passed since John Tolbert, our Cybersecurity Research Director, spoke at CSLS about ransomware and how to combat it. Today, he reports on specific threats posed by ransomware attacks to the healthcare industry, particularly in the US. But in the end, these are just examples of the threats against any user of IT.
Links to the mentioned ransomware attacks:
Helpful documents for cybersecurity in healthcare:
Deep Fakes, AI as friend and foe, Business Resilience, Mis-, Dis- and Malinformation: The Cybersecurity Leadership Summit has taken place in Berlin and covered all of this and much more. Martin Kuppinger and Matthias look back on the event and identify their Top 5 Trends from CSLS2022 in Cybersecurity and beyond.
When speaking about cybersecurity, Hollywood has made us think of hooded figures in a dark alley and real-time cyber defense while typing at the speed of light. However, proper cyber security means, above all, good, clean and clear security practices that happen before-hand and all day, everyday. This is particularly true for Identity and Access Management, which is a component of every domain within Cyber Security, and it's identified as a cause for more than 80% of data breaches. IAM is rarely about white-hat hackers counter-attacking an ongoing intrusion. It's mainly about a set of good practices, clearly defined processes and, overall, good hygiene in the way we manage our identities, our resources, our entitlements, and the way they relate to each other.
Even though MDM has had a long history during war and times of high tension, the digital era has been increasing reach and potential impact of weaponized misinformation. Sophisticated tools such as machine learning mechanisms and software bots is opening a huge battlefield for creating and spreading manipulated information at scale even for those with limited technical skills. From nation state attacks through organized crime down to that one single customer who feels treated unwell – they all can use such tools. What does this trend mean for your organization and what ist he CISO´s role combating MDM attacks? In this extra-long panel session we will try to find answers on how MDM will affect our organizations and how we can increase antoi-MDM resilience.
"Passwordless authentication" has become a popular and catchy term recently. It comes with the promise of getting rid of the risk associated with passwords, however, organizations will add a significant layer to the overall security of their IT infrastructure. Research analyst Alejandro Leal rejoins Matthias to explain how this can be achieved in reality with today's products and services. He gives an overview of the market, the technologies and recent developments in this area.
CIAM solutions are designed to address specific technical requirements that consumer-facing organizations have that differ from traditional “workforce” or Business-to-Employee (B2E) use cases. John Tolbert has revisited this market segments for the updated Leadership Compass CIAM and provides an update to the analyst chat episode 58 from December 2020.
Cybersecurity Leadership Summit takes place on November 8 – 10 in Berlin and online. Join us there.
In this milestone episode, Raj Hegde sits with Lasse Andresen – Founder and CEO of IndyKite to explore company building, the metaverse, and identity applications beyond security. Tune in to this episode to learn about Lasse’s inspiring journey since founding ForgeRock, his playbook for building dynamic teams from scratch, and his thoughts on where the identity ecosystem is heading. All of this and much more on episode 10 of the Frontier Talk podcast!
Virtual Private Networks (VPNs) are increasingly being promoted as an essential security tool for end users. This is not about the traditional access to corporate resources from insecure environments, but rather about privacy and security protection, but also about concealing one's actual location on the Internet. Alexei analyzes the operation and effectiveness of these tools and explains his view on the question of whether VPNs are really needed for security and privacy.
Cybersecurity Leadership Summit takes place on November 8 – 10 in Berlin and online. Join us there.
The question whether using a cloud service alters risk is not simple to answer. Mike Small sits down with Matthias and explains, that every organization has its own set of circumstances, and the answer needs to take these into account. He explains the important factors to look at, and what organizations should understand when assessing their risks in a cloud and hybrid world.
Cybersecurity Leadership Summit takes place on November 8 – 10 in Berlin and online. Join us there.
Cybersecurity often seems like a dry subject. And as long as it is practiced successfully, its benefits can only be seen in the absence of damage. However, Marina Iantorno, who is taking part in the Analyst Chat for the first time, will discuss the actual risks associated with inadequate IT security and how they affect organizations specifically.
Cybersecurity Leadership Summit takes place on November 8 – 10 in Berlin and online. Join us there.
As enterprises adopt new ways of collaboration and working, the area that has seen some of the biggest impact is the evolution of identity metadata to support improved and secure forms of access to IT infrastructure and services. Yet, this is still the most underrepresented aspect in target design conversations for most Identity Management programmes. As we move towards IAM 2.0 with the panes of evolution changing from what our approaches were in the pre-pandemic world, there is an opportunity for us to build our programmes based on sound Identity fabrics thereby leveraging the true power of cloud-based capabilities, drive agility in adopting and delivering new Identity services and reducing unmanaged technical debt significantly. The presenter will talk from his own viewpoint of having delivered IAM programmes and legacy transformation at scale using the sound principles of the Identity Fabrics.
Sometimes Vulnerability Management has to take care of current threats very quickly: Christopher Schütze is today's guest in this episode and explains which processes are necessary when a system needs to be updated very quickly, for example because there is a current threat, e.g. a "zero day" attack actively being exploited or a vendor recommends an update....
A key issue for many companies beyond technical cybersecurity is cyber resilience. This refers to the ability to protect data and systems in organizations from cyber attacks and to quickly resume business operations in the event of a successful attack. Martin Kuppinger, Mike Small, and John Tolbert will explore this important topic at the Cybersecurity Leadership Summit in Berlin.
For this special episode of Analyst Chat, they join Matthias for a virtual panel discussion to identify key actions on the path to a cyber resilient enterprise.
How do you implement modern cybersecurity leadership between compliance, threat protection, privacy and business enablement? To answer this question, Matthias invited the CEO of KuppingerCole Analysts, Berthold Kerl, who was and is active in various roles as a leader in cybersecurity. Together they explore questions such as how important the knowledge of basic cybersecurity technologies is and what the necessary management tasks are in an organization?
It is always easy to blame people, i.e. users, for data breaches and ransomware attacks. But is that really still true today? Martin Kuppinger and Matthias discuss this cybersecurity myth and finally defend users against unjustified accusations.
Meet us at the Cybersecurity Leadership Summit!
Verified identity refers to digital identities that have been verified to describe a real-world identity in digital form. A growing range of service providers support organizations to achieve this for customers, citizens and employees alike. Annie Bailey rejoins Matthias and gives an overview of what "Providers of verified identity" are and which types of services and benefits beyond mere verification should be considered.
The Leadership Compass is available here.
Zero Trust is rapidly gaining popularity as a modern alternative to traditional perimeter-based security. While it is (rightfully) mainly considered a concept rather than a product, a new market segment has developed. Those solutions apply this concept to network-based access to existing applications and other systems by creating a logical identity- and context-based overlay over existing (and presumed hostile) networks. Alexei Balaganski has examined this new market for KuppingerCole Analysts research and talks to Matthias about how this can speed up ZT deployments.
Customer Data Platforms (CDP) are a fairly new addition to the pool of consumer identity centric management solutions. KuppingerCole Fellow Analyst Roland Bühler joins Matthias for the first time and he explains the full picture of consumer identity and detail what differentiates CDPs from other solutions, such as DMP, CRM or Marketing Automation Solutions.
Here are the links to the documents that Matthias and Roland are talking about: Customer Data Platforms, Machine Customers - The Impact of Customer Bots on Customer Journeys
Microservices are increasingly becoming the new normal for enterprise architectures, no matter where they are deployed. Alexei Balaganski and Matthias discuss why doing this properly is essential and which aspects need to be considered, way beyond just talking about transport encryption or API security.
The IT environments have become complex, and this will not stop as more technologies such as Edge Computing start to take hold. Paul Fisher looks at the full scope of entitlements across today's multi-hybrid environments. He explains how this new market segment between the cloud, on-premises, privileged accounts, and DevOps has developed and what DREAM means in this context.
How can the Cybersecurity Leadership Summit help you become a great digital leader? Raj Hegde, Product Manager, tells us what the 3 core qualities of the digital leaders of the future are, and how you can strengthen them by joining us on 8-10 November in Berlin.
Europe is on a "Path to a Digital Decade", which envisions 80% of EU citizens using a digital ID card by 2030. A part of that journey will be self-sovereign identities. Research Analyst Alejandro Leal joins Matthias to continue their discussion on the digital transformation in public services. Self-sovereign identities, the new eIDAS regulation, and the impact of both on how interactions between citizens and the state will change, are a controversial topic in the public discussion as well.
Web Application Firewalls (WAF) have been around for quite some time to protect web applications through the inspection of HTTP traffic. But with a changing nature of web applications and the ever changing threats landscape they nee to evolve constantly. Richard Hill sits down with Matthias to explain newest developments in the market of WAFs, that is demanding increasingly for intelligent solutions.
With CYFIRMA's products, you can take a look at your business through the eyes of a cybercriminal. But to know what they know, they need to take steps into the dark side of the World Wide Web. Osman interviews Kumar Ritesh from CYFIRMA about their work on the Dark Web.
Imagine paying your taxes digitally on your mobile phone by using your digital ID that is also used for easily applying for a parking permit online. Sounds like the future? In Estonia, this has been a reality for 20 years. Research Analyst Alejandro Leal joins Matthias for the first time for the Analyst Chat. They talk about the changing landscape of citizen-facing government processes and the impact of the digital transformation on the public sector, how Estonia can be a role model and what we can learn from their limitations.
Do you know what information about your company is out there and can be used by cybercriminals? What are they interested in? Are they actually targeting your company and planning to exploit it? These are many questions that you may want to consider answering. After all, part of a good defense strategy is knowing your enemy. Kumar Ritesh wanted to solve this challenge and founded CYFIRMA to help others with a complete, comprehensive view, on one platform. Learn more about how they help you look through the eyes of cybercriminals.
Graham Williamson has teamed up with John Tolbert to research the current state of the Operational Technology (OT) and Industrial Control Systems (ICS) sectors. They documented the ability of the main industry players to support a coordinated approach to detecting, responding to, and recovering from, cybersecurity attacks and intrusions. Graham joins Matthias to provide insight into this market on the occasion of the publication of the Market Compass Cybersecurity for Industrial Control Systems.
The previously distinct but now converged fields and product lines of Endpoint Protection (EPP) and Endpoint Detection & Response (EDR) are covered in the brand new KuppingerCole Analysts Leadership Compass on EPDR (Endpoint Protection Detection & Response). Lead Analyst John Tolbert joins Matthias to give a sneak peek into this market segment and shares some results of the evaluation as well.
Secure Collaboration solutions focus on enabling data-centric security to facilitate virtual collaboration. Annie Bailey talks with Matthias about this market segment that provides increasingly flexible, interoperable, and therefore even more secure solutions.
Consumer Identity and Access Management (CIAM) is an emerging market with a strong demand for solutions. Especially with the increasing digitization of the workplace, the market is growing and there are more and more vendors entering this market. Our analyst John met with Sadrick Widmann from cidaas, one of the leading IAM solutions in Europe, to talk about the importance and relevance of CIAM.
Martin Kuppinger and Matthias conclude their conversation about the opening keynote Martin held at EIC 2022 in Berlin. They look at how future IT will look like and how the overall transformation towards this future state can be managed.
Martin Kuppinger and Matthias discuss topics from the opening keynote Martin held at EIC 2022 in Berlin. They start with the role of leaders and decision makers in a consistently changing global environment.
The Identity Fabric paradigm manifests an important cornerstone of the KuppingerCole Analysts AG research and advisory. Products in that area cover a wider range of capabilities including Access Management and IGA, and beyond. Martin Kuppinger joins Matthias to provide more details about this evolving market sector, and on which vendors and which products/services to watch.
Access Management refers to the group of capabilities targeted at supporting an organization's access management requirements traditionally found within Web Access Management & Identity Federation solutions, such as Authentication, Authorization, Single Sign-On, Identity Federation. Richard Hill joins Matthias for the first time to talk about this topic and the recent developments in that area as reflected in his Leadership Compass on Access Management.
Shortly before EIC, Graham Williamson and Matthias sat together virtually and discussed the recent publication of the Market Compass on "Policy Based Access Management". In this episode Graham gives a great introduction in this evolved market segment and talks about hybrid and cloud-native use cases. They hint at several sessions on policy-based and cloud-native access control at EIC as well, so for those interested in learning even more on modern authorization, either the Market Compass itself or the EIC recordings are perfect starting points after listening to/watching this episode.
In talking about a "Post Platform Digital Future", it is all about a Vision, or better: mission to not let the current platform dominance grow any further and create the foundations for a pluralistic digital society & business world where size would not be the only thing that matters. To get there, we need open Standards, Protocols and Alliances that help individuals, as well as businesses of any size, to participate in a digital future inside the metaverse and beyond - just like trade unions helped the working class during the industrial revolution to fight for their rights. In this panel session, we will discuss about the enablers of such a different approach and the requirements to actually be successfull.
Customer Identity & Access Management (CIAM) has made us learn about reducing friction in the way customers access and consume our services, and to add value to the relationship. It is time now to apply CIAM learnings to workforce identity.
With a highly prioritized digital tranfsformation towards a composable enterprise, it will be inevitable to work with multi-cloud solutions to achieve the level of agility and flexibility required. If it was to avoid vendor lock-in or to consequently go for best-of-breed solutions - in this cloud expert panel we will discuss approaches to manage multi-clouds efficently and to avaid increased complexity.
SOCaaS (Security Operations Center as a Service) is a growing trend in cybersecurity, where core security functions are uniformly delivered to enterprises from the cloud. Warwick Ashford explored this in a recently published Market Compass and provides an overview of his findings.
John Tolbert and Matthias discuss the question of whether companies in retail, finance, healthcare, insurance, etc. are really able to keep up with the scale and sophistication of attacks aimed at committing fraud? Are they considering FRIP solutions for specific use cases?
A recently published study shows that the use of strong authentication in enterprise environments is at a very low level. John Tolbert explains this finding to Matthias and together they discuss how to find a way out of this situation.
Securing containers along their lifecycle and wherever they are deployed is a cybersecurity challenge. And it is a new topic for KuppingerCole Analysts. Alexei Balaganski joins Matthias to talk about the just recently completed Leadership Compass on Container Security.
Martin Kuppinger gives Matthias one of these rare insights into the process of creating and delivering the next great opening keynote of an event. With EIC 2022 being already in sight in May 2022 in Berlin, they talk about the composable enterprise and more perceived or actual buzzwords, and how to make sense of this in a business context.
On March 25th, 2022 the European Commission and the US government announced a new agreement governing the transfer of data between the EU and the US. Mike Small and Annie Bailey join Matthias to have a first look as analysts (not lawyers) at this potential milestone for data privacy between the European and the US regions.
This time Alexei Balaganski and Matthias look at practical approaches to actually implementing Zero Trust for specific, real-life use cases. On this occasion, they also finally unveil the connections between Zero Trust and Feng Shui.
GAIN (the Global Assured Identities Network) is entering a new phase. On March 2, the technical proof-of-concept group was launched to actually test the concepts. Annie Bailey and Matthias have a look at the list of participants, the agenda, and the potential outcomes of this PoC. And provide a sneak peek at more about GAIN at the upcoming EIC 2022 in Berlin in May.
Online tracking is a highly visible privacy issue that a lot of people care about. Third-party cookies are most notorious for being used in cross-site tracking, retargeting, and ad-serving. Annie Bailey and Matthias sit down to discuss the most recently proposed approach called „Topics API“.
In this episode, Raj Hegde is joined by Mike Kiser - Director of Strategy and Standards at SailPoint to explore the relevance of #storytelling in enterprise and to help you become a world-class business communicator. Tune in to this episode to learn about storytelling frameworks, the power of #curiosity, reading a room, narrative arcs, etc. Find your voice via episode 9 of the Frontier Talk podcast!
Subscribe to Frontier Talk!
Apple Podcasts: https://podcasts.apple.com/podcast/frontier-talk/id1561982846
Access control tools for application environments, which include SAP in particular, but also a growing number of other business applications, are becoming increasingly important for compliance and cybersecurity. They also serve as a basis for granting proper access to employees efficiently. Martin Kuppinger and Matthias look at this market segment and at new, innovative solutions, on the occasion of very recent research that has just been published.
Data catalogs and metadata management solutions help capture and manage data from all enterprise data sources to enable the use of that data and support data governance and data security initiatives. This interesting and growing market segment is the topic this week when Martin Kuppinger and Matthias sit down for the Analyst Chat podcast.
The conclusion of a tool choice process is usually the consideration of commercial aspects, i.e. software costs and licensing. Martin Kuppinger and Matthias look at this central aspect and discuss different approaches to make different offers comparable, but also give recommendations to vendors on how they can make decisions easier for their potential customers.
A comprehensive cybersecurity strategy typically includes the use of modern, intelligent Security Information and Event Management (SIEM) platforms. These go far beyond simply aggregating and analyzing log files. Alexei Balaganski outlines the latest market developments based on his recently published Leadership Compass on "Intelligent SIEM Platforms" and explains the differences to other market segments together with Matthias.
The importance of efficient and secure cloud backup and recovery is often underestimated. Mike Small explains these two disciplines to Matthias and looks at the market of available solutions on the occasion of his recently published Leadership Compass. He also provides valuable guidance on what a strategy and its successful implementation can look like in this area.
The three biggest threats to business resilience are IT Risk, Compliance Risk, and Vendor Risk. Integrated Risk Management Platforms address these risks. KuppingerCole's Lead Analyst Paul Fisher has analyzed this market segment recently and he joins Matthias to talk about recent developments and the market in general.
"Privacy and Consent Management" is an exciting topic in a continuously changing market. Annie Bailey has just completed her latest Leadership Compass, which researches this market segment. To mark the release of this document, she joined Matthias for an Analyst Chat episode where she talks about the innovations and current developments.
In A Nutshell
In the episode 108 “Privacy & Consent Management” Matthias hosts Anne Bailey.
Q: “From a definition point of view, what do we need to think of when we talk about privacy and consent management?”
Anne: “Yeah. So this is one of those terms where you could spin it in a lot of different ways, you know, privacy is so much in the public discourse that it doesn't really have a concrete definition anymore. So I thought it might be useful to get us all on the same page before we talk any more about it. So the way at least I have defined privacy and consent management in this most recent report. It's, of course, considering organizations and it's their administrative and governance capabilities over data privacy within their organization and of course, the tools and the solutions that are there to make that happen. So you could think of it then in a simplified manner about the capabilities that such a tool or a solution would have to the first group of capabilities, would then to be able to manage any incoming signals about privacy and consent. So these are things like being able to manage cookies and trackers that are on websites, being able to accept and then implement those consent or preference choices that an end user would make. And that would be over the range of different channels. So on a smart TV, on a mobile device, on a website, over the phone, via email in person interactions as well, should be considered. So that's all about managing the incoming signals. But what's also very important as well is the organization's ability to take care of their own internal management of privacy. So being able to govern sensitive data, which is in the organization and private data, being able to document their steps towards compliance and something which is a buzzword in this most recent report is being able to operationalize privacy.”
Q: “Recently, you published an updated version of your Leadership Compass report, which compares providers and services. What are the changes in the market that you can observe that you want to share with us?”
Anne: “Yeah. So this is an especially dynamic market area. Things are always changing. And so we can see some pretty big market changes between the report which published 18 months ago or so and the one which just came out this week. And that's in the types of vendors that were interested in participating. So what we saw in the last report were a lot of vendors that really focused on being able to manage those incoming signals, so being very focused on cookie management, on being able to collect consents and preferences and make sure that those are all able to be implemented in the many different connected systems within an organization and all the downstream vendors that may impact. Very focused on this incoming flow of information from end users. And what we saw, which was different in this report, is that there were more vendors that are really focused on data governance and using that as a foundation for privacy. So being able to operationalize and take action within the organization to further their privacy goals. And so we could think of that as an example. So being able to identify a privacy weakness of some sort in a process and then from that same administrative screen, then be able to do something to address that weakness. I guess we could go into more concrete details on what that could be. So, you know, if there was a scan done on a database and that scan returns the notification that there is private information in this database, there would then be the chance to leverage automation to go and anonymize those sensitive fields. So you're then connecting information about the status of privacy in the organization with an action to then improve it. So that was something that we noticed among several of the vendors that they're moving more in this direction. And that also does connect back to the relationship between the end user and the organization. So there was a big focus on being able to provide support for data subject requests and being able to process those. So in the same way of operationalizing privacy, if a consumer then submits a data subject request, the administrator would then be able to scan and automatically compile a report containing their personal information rather than needing to do that manually.”
Q: “Vendors offer products and services globally. Do you think they can catch up with changing privacy and consent requirements?”
Anne: “Mm-Hmm. Yeah. And frankly, this is really hard to stay up to date with because given our very globalized presence on the internet and connection with consumers all around the world, many organizations do have to stay up to date with the regulations that are not just for their own jurisdiction and in the region where they reside, but they have to pay attention to where their customers are, where any of their downstream suppliers or, you know, MarTech partners may reside and where this data is moving. So they have to be aware of a much wider legal domain than they've been used to before. And as I mentioned before, this is a really dynamic space. And part of that is because there are many privacy regulations which are being released all around the world. So this is something that we've identified as a really key capability in privacy and consent management tools, is that having some basis, some support from legal experts in-house to be able to keep up with all of these changing regulations and be able to pass that knowledge down to their customers is a really valuable thing.”
A new year, and 2022, like 2021, again begins with a look back at a far-reaching security incident. Cybersecurity Analyst Alexei Balaganski and Matthias take the topic of Log4j as an opportunity to look at code quality and cyber supply chain risk management. They also mention Mike Small's excellent blog post, which can be read here.