KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
In the ongoing Analyst Chat sub-series, Matthias and Martin delve deeper into the topic of Trends and Predictions for 2023 and beyond, focusing on the critical concept of Policy Based Access Control (PBAC). Martin highlights the significance of well-defined policies for ensuring robust cybersecurity and access control, laying the groundwork for a robust zero trust approach.
Get ready to hear a new take on generative pre-trained transformers! This week, Matthias sat down with Jörg Resch, Co-founder of KuppingerCole Analysts, to discuss the exciting possibilities of ChatGPT. Unlike Alexei, Jörg is an avid user and firm believer in the positive impact that these technologies can have on our daily lives and work. While acknowledging the risks involved, Jörg advocates for a balanced and creative approach to the potential of generative AIs. Brace yourself for a thought-provoking conversation that may just change the way you view the future.
Matthias and Martin continue their sub-series of the Analyst Chat about Trends and Predictions in 2023 and beyond. This time, it’s about Passwordless Authentication. Martin elaborates on the importance of Passwordless Authentication for the whole Access Management process. Companies should implement a passwordless authentication solution soon to get rid of poor user experience and security risks.
In this podcast episode, Alexei Balaganski and Matthias discuss the increasing use of ChatGPT and other machine learning-based technologies in research and the potential risks associated with their use. Alexei offers a strong opinion on the topic, describing the risks of plagiarism and lack of originality that can result from over-reliance on automated tools. He argues that human analysts provide invaluable opinions and genuine research that cannot be replicated by machines. He strongly discourages their use and reliance, and encourages the creativity and innovation of human researchers.
In this podcast episode, Martin Kuppinger and Matthias explore the upcoming trend of IGA (Identity Governance and Administration) solutions to have an increasing level of integration with Data Governance and Software Security products.
The integration of these solutions will provide a comprehensive coverage of ownership not only of systems and authorization objects, but also of data and code, ensuring a complete chain of custody. They delve into the importance of this integration, the benefits it offers, and how it will help organizations manage their identities and data more efficiently and securely. They also discuss the potential challenges and considerations that organizations need to be aware of while integration these solutions.
With the rapid expansion of IT environments, adoption of the cloud, and the ongoing Digital Transformation, the need to provide secure access to organizational resources has become paramount. Secure Access Service Edge (SASE) solutions are designed to consolidate network and security components, simplify management and licensing, and improve usability.
SASE is the union of a number of different networking and security technologies designed to improve security posture as well as connectivity for remote offices, cloud services, contractors, and remote employees, while driving down the cost of connectivity. John Tolbert is a guest in the Analyst Chat again and will give us some insight into this topic.
Cyberattacks have been intensifying over the past few years as cybercriminals continue to devise new strategies to launch sophisticated attacks and gain unauthorized access. The tactics, techniques, and procedures (TTPs) that were once only used by well-funded state actors are being commoditized by cybercriminals. As a result, some vendors realized that the traditional approaches and tools of cybersecurity have failed to keep up.
Parallel to SIEM solutions, a class of incident investigation and response platforms has emerged focusing on creating more streamlined and automated workflows for dealing with security incidents. Security Orchestration, Automation, and Response (SOAR) products are the latest iteration of this evolution. SOAR vendors provide solutions that offer centralized coordination, collaboration, and management for forensic analysis and incident response.
Sometimes a company comes to a point where new software or a new tool is required. This is never an easy decision to make quickly.
Dr. Phillip Messerschmidt has worked with many different clients who have found themselves in this situation. He will explain five of the most common misconceptions and problems he has encountered in his experience - and offer some recommendations on how to avoid them.
Is digital data really every organization's most precious possession, its "crown jewels"? Alexei Balaganski takes a different perspective towards a widely accepted opinion. He instead claims that data is not your most valuable asset. In fact, it can be a toxic liability without intrinsic value, since business value is only created when data is moving or transforming, producing insights, analytics, etc.
Who has not heard of the statement that "Data is the new Oil". But oil needs to be refined and so does data. The challenge of gathering, integrating, cleansing, improving, and enriching data across the complete range of data sources in an organization, for enabling use of that data as well as enabling data governance and supporting data security initiatives, that is the topic of this episode. Martin Kuppinger joins Matthias and explains this market segment and its relevance on the occasion of the publishing of a new Leadership compass covering "Data Quality and Integration Solutions".
The PAM market is changing and expanding. Paul Fisher talks about the latest trends for Privileged Access Management, the role of CIEM, mergers and newcomers in this important market segment.
A new year brings along a new service from KuppingerCole Analysts. Our host Matthias sits down with Christie Pugh, Digital Products Manager to discuss KC Open Select, our new interactive shortlisting service, the concept behind it, how it helps you prepare for the future, how it compares to our Leadership Compasses, and more.
The landscape of solutions in a market segment can be overwhelming. KC Open Select helps you to get a clearer overview of the market for free. Check it out now!
Another year gone already! It's time to take a look back at 2022. Martin Kuppinger and Matthias talk about what happened in the past year and identify top trends in IAM and Cybersecurity. They go beyond technology but also look at processes and business models. By this, they also provide an outlook to what to expect in 2023.
With this episode, the Analyst Chat goes into a short Christmas break. We'll return on January 16th.
Alejandro and Matthias continue their conversation about passwordless authentication. This time, the topic is the use of biometrics (and possible security and privacy concerns related to their use) as an authentication factor.
Research Analyst Marina Iantorno works on determining market sizing data as a service for vendors, service providers, but especially for investors. She joins Matthias to explain key terms and metrics and how this information can be leveraged for a variety of decision-making processes.
Identity Governance and Administration (IGA) combines the traditional User Access Provisioning (UAP) and Identity and Access Governance (IAG) markets. Nitish Deshpande joins Matthias for the first time on the occasion of the publication of the Leadership Compass IGA 2022, which he has created. They both have a look at this evolving and fascinating market segment.
Only a week has passed since John Tolbert, our Cybersecurity Research Director, spoke at CSLS about ransomware and how to combat it. Today, he reports on specific threats posed by ransomware attacks to the healthcare industry, particularly in the US. But in the end, these are just examples of the threats against any user of IT.
Links to the mentioned ransomware attacks:
Helpful documents for cybersecurity in healthcare:
Deep Fakes, AI as friend and foe, Business Resilience, Mis-, Dis- and Malinformation: The Cybersecurity Leadership Summit has taken place in Berlin and covered all of this and much more. Martin Kuppinger and Matthias look back on the event and identify their Top 5 Trends from CSLS2022 in Cybersecurity and beyond.
"Passwordless authentication" has become a popular and catchy term recently. It comes with the promise of getting rid of the risk associated with passwords, however, organizations will add a significant layer to the overall security of their IT infrastructure. Research analyst Alejandro Leal rejoins Matthias to explain how this can be achieved in reality with today's products and services. He gives an overview of the market, the technologies and recent developments in this area.
CIAM solutions are designed to address specific technical requirements that consumer-facing organizations have that differ from traditional “workforce” or Business-to-Employee (B2E) use cases. John Tolbert has revisited this market segments for the updated Leadership Compass CIAM and provides an update to the analyst chat episode 58 from December 2020.
Cybersecurity Leadership Summit takes place on November 8 – 10 in Berlin and online. Join us there.
Virtual Private Networks (VPNs) are increasingly being promoted as an essential security tool for end users. This is not about the traditional access to corporate resources from insecure environments, but rather about privacy and security protection, but also about concealing one's actual location on the Internet. Alexei analyzes the operation and effectiveness of these tools and explains his view on the question of whether VPNs are really needed for security and privacy.
Cybersecurity Leadership Summit takes place on November 8 – 10 in Berlin and online. Join us there.
The question whether using a cloud service alters risk is not simple to answer. Mike Small sits down with Matthias and explains, that every organization has its own set of circumstances, and the answer needs to take these into account. He explains the important factors to look at, and what organizations should understand when assessing their risks in a cloud and hybrid world.
Cybersecurity Leadership Summit takes place on November 8 – 10 in Berlin and online. Join us there.
Cybersecurity often seems like a dry subject. And as long as it is practiced successfully, its benefits can only be seen in the absence of damage. However, Marina Iantorno, who is taking part in the Analyst Chat for the first time, will discuss the actual risks associated with inadequate IT security and how they affect organizations specifically.
Cybersecurity Leadership Summit takes place on November 8 – 10 in Berlin and online. Join us there.
Sometimes Vulnerability Management has to take care of current threats very quickly: Christopher Schütze is today's guest in this episode and explains which processes are necessary when a system needs to be updated very quickly, for example because there is a current threat, e.g. a "zero day" attack actively being exploited or a vendor recommends an update....
A key issue for many companies beyond technical cybersecurity is cyber resilience. This refers to the ability to protect data and systems in organizations from cyber attacks and to quickly resume business operations in the event of a successful attack. Martin Kuppinger, Mike Small, and John Tolbert will explore this important topic at the Cybersecurity Leadership Summit in Berlin.
For this special episode of Analyst Chat, they join Matthias for a virtual panel discussion to identify key actions on the path to a cyber resilient enterprise.
How do you implement modern cybersecurity leadership between compliance, threat protection, privacy and business enablement? To answer this question, Matthias invited the CEO of KuppingerCole Analysts, Berthold Kerl, who was and is active in various roles as a leader in cybersecurity. Together they explore questions such as how important the knowledge of basic cybersecurity technologies is and what the necessary management tasks are in an organization?
It is always easy to blame people, i.e. users, for data breaches and ransomware attacks. But is that really still true today? Martin Kuppinger and Matthias discuss this cybersecurity myth and finally defend users against unjustified accusations.
Meet us at the Cybersecurity Leadership Summit!
Verified identity refers to digital identities that have been verified to describe a real-world identity in digital form. A growing range of service providers support organizations to achieve this for customers, citizens and employees alike. Annie Bailey rejoins Matthias and gives an overview of what "Providers of verified identity" are and which types of services and benefits beyond mere verification should be considered.
The Leadership Compass is available here.
Zero Trust is rapidly gaining popularity as a modern alternative to traditional perimeter-based security. While it is (rightfully) mainly considered a concept rather than a product, a new market segment has developed. Those solutions apply this concept to network-based access to existing applications and other systems by creating a logical identity- and context-based overlay over existing (and presumed hostile) networks. Alexei Balaganski has examined this new market for KuppingerCole Analysts research and talks to Matthias about how this can speed up ZT deployments.
Customer Data Platforms (CDP) are a fairly new addition to the pool of consumer identity centric management solutions. KuppingerCole Fellow Analyst Roland Bühler joins Matthias for the first time and he explains the full picture of consumer identity and detail what differentiates CDPs from other solutions, such as DMP, CRM or Marketing Automation Solutions.
Here are the links to the documents that Matthias and Roland are talking about: Customer Data Platforms, Machine Customers - The Impact of Customer Bots on Customer Journeys
Microservices are increasingly becoming the new normal for enterprise architectures, no matter where they are deployed. Alexei Balaganski and Matthias discuss why doing this properly is essential and which aspects need to be considered, way beyond just talking about transport encryption or API security.
The IT environments have become complex, and this will not stop as more technologies such as Edge Computing start to take hold. Paul Fisher looks at the full scope of entitlements across today's multi-hybrid environments. He explains how this new market segment between the cloud, on-premises, privileged accounts, and DevOps has developed and what DREAM means in this context.
Europe is on a "Path to a Digital Decade", which envisions 80% of EU citizens using a digital ID card by 2030. A part of that journey will be self-sovereign identities. Research Analyst Alejandro Leal joins Matthias to continue their discussion on the digital transformation in public services. Self-sovereign identities, the new eIDAS regulation, and the impact of both on how interactions between citizens and the state will change, are a controversial topic in the public discussion as well.
Web Application Firewalls (WAF) have been around for quite some time to protect web applications through the inspection of HTTP traffic. But with a changing nature of web applications and the ever changing threats landscape they nee to evolve constantly. Richard Hill sits down with Matthias to explain newest developments in the market of WAFs, that is demanding increasingly for intelligent solutions.
Imagine paying your taxes digitally on your mobile phone by using your digital ID that is also used for easily applying for a parking permit online. Sounds like the future? In Estonia, this has been a reality for 20 years. Research Analyst Alejandro Leal joins Matthias for the first time for the Analyst Chat. They talk about the changing landscape of citizen-facing government processes and the impact of the digital transformation on the public sector, how Estonia can be a role model and what we can learn from their limitations.
Graham Williamson has teamed up with John Tolbert to research the current state of the Operational Technology (OT) and Industrial Control Systems (ICS) sectors. They documented the ability of the main industry players to support a coordinated approach to detecting, responding to, and recovering from, cybersecurity attacks and intrusions. Graham joins Matthias to provide insight into this market on the occasion of the publication of the Market Compass Cybersecurity for Industrial Control Systems.
The previously distinct but now converged fields and product lines of Endpoint Protection (EPP) and Endpoint Detection & Response (EDR) are covered in the brand new KuppingerCole Analysts Leadership Compass on EPDR (Endpoint Protection Detection & Response). Lead Analyst John Tolbert joins Matthias to give a sneak peek into this market segment and shares some results of the evaluation as well.
Secure Collaboration solutions focus on enabling data-centric security to facilitate virtual collaboration. Annie Bailey talks with Matthias about this market segment that provides increasingly flexible, interoperable, and therefore even more secure solutions.
Martin Kuppinger and Matthias conclude their conversation about the opening keynote Martin held at EIC 2022 in Berlin. They look at how future IT will look like and how the overall transformation towards this future state can be managed.
Martin Kuppinger and Matthias discuss topics from the opening keynote Martin held at EIC 2022 in Berlin. They start with the role of leaders and decision makers in a consistently changing global environment.
The Identity Fabric paradigm manifests an important cornerstone of the KuppingerCole Analysts AG research and advisory. Products in that area cover a wider range of capabilities including Access Management and IGA, and beyond. Martin Kuppinger joins Matthias to provide more details about this evolving market sector, and on which vendors and which products/services to watch.
Access Management refers to the group of capabilities targeted at supporting an organization's access management requirements traditionally found within Web Access Management & Identity Federation solutions, such as Authentication, Authorization, Single Sign-On, Identity Federation. Richard Hill joins Matthias for the first time to talk about this topic and the recent developments in that area as reflected in his Leadership Compass on Access Management.
Shortly before EIC, Graham Williamson and Matthias sat together virtually and discussed the recent publication of the Market Compass on "Policy Based Access Management". In this episode Graham gives a great introduction in this evolved market segment and talks about hybrid and cloud-native use cases. They hint at several sessions on policy-based and cloud-native access control at EIC as well, so for those interested in learning even more on modern authorization, either the Market Compass itself or the EIC recordings are perfect starting points after listening to/watching this episode.
SOCaaS (Security Operations Center as a Service) is a growing trend in cybersecurity, where core security functions are uniformly delivered to enterprises from the cloud. Warwick Ashford explored this in a recently published Market Compass and provides an overview of his findings.
John Tolbert and Matthias discuss the question of whether companies in retail, finance, healthcare, insurance, etc. are really able to keep up with the scale and sophistication of attacks aimed at committing fraud? Are they considering FRIP solutions for specific use cases?
A recently published study shows that the use of strong authentication in enterprise environments is at a very low level. John Tolbert explains this finding to Matthias and together they discuss how to find a way out of this situation.
Securing containers along their lifecycle and wherever they are deployed is a cybersecurity challenge. And it is a new topic for KuppingerCole Analysts. Alexei Balaganski joins Matthias to talk about the just recently completed Leadership Compass on Container Security.
Martin Kuppinger gives Matthias one of these rare insights into the process of creating and delivering the next great opening keynote of an event. With EIC 2022 being already in sight in May 2022 in Berlin, they talk about the composable enterprise and more perceived or actual buzzwords, and how to make sense of this in a business context.
On March 25th, 2022 the European Commission and the US government announced a new agreement governing the transfer of data between the EU and the US. Mike Small and Annie Bailey join Matthias to have a first look as analysts (not lawyers) at this potential milestone for data privacy between the European and the US regions.
This time Alexei Balaganski and Matthias look at practical approaches to actually implementing Zero Trust for specific, real-life use cases. On this occasion, they also finally unveil the connections between Zero Trust and Feng Shui.
GAIN (the Global Assured Identities Network) is entering a new phase. On March 2, the technical proof-of-concept group was launched to actually test the concepts. Annie Bailey and Matthias have a look at the list of participants, the agenda, and the potential outcomes of this PoC. And provide a sneak peek at more about GAIN at the upcoming EIC 2022 in Berlin in May.
Online tracking is a highly visible privacy issue that a lot of people care about. Third-party cookies are most notorious for being used in cross-site tracking, retargeting, and ad-serving. Annie Bailey and Matthias sit down to discuss the most recently proposed approach called „Topics API“.
Access control tools for application environments, which include SAP in particular, but also a growing number of other business applications, are becoming increasingly important for compliance and cybersecurity. They also serve as a basis for granting proper access to employees efficiently. Martin Kuppinger and Matthias look at this market segment and at new, innovative solutions, on the occasion of very recent research that has just been published.
Data catalogs and metadata management solutions help capture and manage data from all enterprise data sources to enable the use of that data and support data governance and data security initiatives. This interesting and growing market segment is the topic this week when Martin Kuppinger and Matthias sit down for the Analyst Chat podcast.
The conclusion of a tool choice process is usually the consideration of commercial aspects, i.e. software costs and licensing. Martin Kuppinger and Matthias look at this central aspect and discuss different approaches to make different offers comparable, but also give recommendations to vendors on how they can make decisions easier for their potential customers.
A comprehensive cybersecurity strategy typically includes the use of modern, intelligent Security Information and Event Management (SIEM) platforms. These go far beyond simply aggregating and analyzing log files. Alexei Balaganski outlines the latest market developments based on his recently published Leadership Compass on "Intelligent SIEM Platforms" and explains the differences to other market segments together with Matthias.
The importance of efficient and secure cloud backup and recovery is often underestimated. Mike Small explains these two disciplines to Matthias and looks at the market of available solutions on the occasion of his recently published Leadership Compass. He also provides valuable guidance on what a strategy and its successful implementation can look like in this area.
The three biggest threats to business resilience are IT Risk, Compliance Risk, and Vendor Risk. Integrated Risk Management Platforms address these risks. KuppingerCole's Lead Analyst Paul Fisher has analyzed this market segment recently and he joins Matthias to talk about recent developments and the market in general.
"Privacy and Consent Management" is an exciting topic in a continuously changing market. Annie Bailey has just completed her latest Leadership Compass, which researches this market segment. To mark the release of this document, she joined Matthias for an Analyst Chat episode where she talks about the innovations and current developments.
In A Nutshell
In the episode 108 “Privacy & Consent Management” Matthias hosts Anne Bailey.
Q: “From a definition point of view, what do we need to think of when we talk about privacy and consent management?”
Anne: “Yeah. So this is one of those terms where you could spin it in a lot of different ways, you know, privacy is so much in the public discourse that it doesn't really have a concrete definition anymore. So I thought it might be useful to get us all on the same page before we talk any more about it. So the way at least I have defined privacy and consent management in this most recent report. It's, of course, considering organizations and it's their administrative and governance capabilities over data privacy within their organization and of course, the tools and the solutions that are there to make that happen. So you could think of it then in a simplified manner about the capabilities that such a tool or a solution would have to the first group of capabilities, would then to be able to manage any incoming signals about privacy and consent. So these are things like being able to manage cookies and trackers that are on websites, being able to accept and then implement those consent or preference choices that an end user would make. And that would be over the range of different channels. So on a smart TV, on a mobile device, on a website, over the phone, via email in person interactions as well, should be considered. So that's all about managing the incoming signals. But what's also very important as well is the organization's ability to take care of their own internal management of privacy. So being able to govern sensitive data, which is in the organization and private data, being able to document their steps towards compliance and something which is a buzzword in this most recent report is being able to operationalize privacy.”
Q: “Recently, you published an updated version of your Leadership Compass report, which compares providers and services. What are the changes in the market that you can observe that you want to share with us?”
Anne: “Yeah. So this is an especially dynamic market area. Things are always changing. And so we can see some pretty big market changes between the report which published 18 months ago or so and the one which just came out this week. And that's in the types of vendors that were interested in participating. So what we saw in the last report were a lot of vendors that really focused on being able to manage those incoming signals, so being very focused on cookie management, on being able to collect consents and preferences and make sure that those are all able to be implemented in the many different connected systems within an organization and all the downstream vendors that may impact. Very focused on this incoming flow of information from end users. And what we saw, which was different in this report, is that there were more vendors that are really focused on data governance and using that as a foundation for privacy. So being able to operationalize and take action within the organization to further their privacy goals. And so we could think of that as an example. So being able to identify a privacy weakness of some sort in a process and then from that same administrative screen, then be able to do something to address that weakness. I guess we could go into more concrete details on what that could be. So, you know, if there was a scan done on a database and that scan returns the notification that there is private information in this database, there would then be the chance to leverage automation to go and anonymize those sensitive fields. So you're then connecting information about the status of privacy in the organization with an action to then improve it. So that was something that we noticed among several of the vendors that they're moving more in this direction. And that also does connect back to the relationship between the end user and the organization. So there was a big focus on being able to provide support for data subject requests and being able to process those. So in the same way of operationalizing privacy, if a consumer then submits a data subject request, the administrator would then be able to scan and automatically compile a report containing their personal information rather than needing to do that manually.”
Q: “Vendors offer products and services globally. Do you think they can catch up with changing privacy and consent requirements?”
Anne: “Mm-Hmm. Yeah. And frankly, this is really hard to stay up to date with because given our very globalized presence on the internet and connection with consumers all around the world, many organizations do have to stay up to date with the regulations that are not just for their own jurisdiction and in the region where they reside, but they have to pay attention to where their customers are, where any of their downstream suppliers or, you know, MarTech partners may reside and where this data is moving. So they have to be aware of a much wider legal domain than they've been used to before. And as I mentioned before, this is a really dynamic space. And part of that is because there are many privacy regulations which are being released all around the world. So this is something that we've identified as a really key capability in privacy and consent management tools, is that having some basis, some support from legal experts in-house to be able to keep up with all of these changing regulations and be able to pass that knowledge down to their customers is a really valuable thing.”
A new year, and 2022, like 2021, again begins with a look back at a far-reaching security incident. Cybersecurity Analyst Alexei Balaganski and Matthias take the topic of Log4j as an opportunity to look at code quality and cyber supply chain risk management. They also mention Mike Small's excellent blog post, which can be read here.
Paul Fisher and Matthias present their very subjective summary of a really special and, in particular, especially challenging past year, 2021. They cannot do without the word 'pandemic' after all, but they also try to reach a first perspective on the year 2022 from the past 12 months.
The announcement of the GAIN initiative for the secure distribution of verified and assured identity data has been made at EIC in September. While the core concepts of this initiative have been discussed in earlier episodes, Martin and Anni sit down with Matthias to do a deeper dive into further aspects of GAIN, including the use beyond customer-related IAM and the challenge of privacy in such a hyper-connected network for PII.
Senior Analyst Graham Williamson joins Matthias from down under to talk about edge computing. Starting from the definition and relevant use cases, they focus on where the edge brings value. They discuss what the key criteria for a successful deployment are and what needs to be looked at to do edge computing while preserving security and privacy.
Lead analyst Alexei Balaganski joins Matthias for an episode on Data-Centric Security. Starting with a definition behind that term, they look at relevant technologies and market segments and discuss adequate ways of adding Data-Centric Security to an organization's cybersecurity strategy.
From November 9th to 11th, the Cybersecurity Leadership Summit 2021 took place in Berlin and virtually online. The Monday after, Martin Kuppinger and Matthias sat together to talk about some first impressions and insights from this event.
The recordings and slide decks are available for participants and those interested.
In the past, servers and applications were rather static, and entitlements too were static. But this has changed. Organizations must deal with a multi-cloud, multi-hybrid IT. Entitlements and access in today’s cloud environments are dynamic, just like workloads. Martin Kuppinger joins Martin to explore the area of Dynamic Resource Entitlement and Access Management (DREAM). Together they look at policies and automation as one key building block for managing today's volatile IT.
No big celebration, but at least a mention: this is the 100th episode of the KuppingerCole analyst chat. Martin Kuppinger joins Matthias to discuss the increasingly important topic of "everything as code" and how to define proper strategies for approaching this, especially in the context of the BASIS concept. For more on this, both recommend revisiting Martin's opening keynote from this year's EIC.
John Tolbert sits down with Matthias and shares his insights into current approaches for protecting and defending essential enterprise systems beyond traditional, often office-focused cybersecurity. Safeguarding Operational Technology (OT), Industrial Control Systems (ICS), and the Industrial Internet of Things (IIoT) is getting increasingly important. John explains that modern approaches like Network Detection and Response (NDR) and especially Distributed Deception Platforms (DDP) can be valuable building blocks in an overall strategy for defending, for example, the factory floor or critical clinical systems.
Annie Bailey and Matthias take a deeper look at the emerging concept of the Global Assured Identities Network (GAIN) and also seek a broader perspective on the benefits and challenges of reusable identities in general.
The idea of low-code/no-code (LC/NC) application development is for end users to create their own custom applications, perhaps using a graphical design tool, selecting from a library of existing building blocks, or perhaps even with the assistance of artificial intelligence. Alexei Balaganski explains the concepts behind this new development, takes a look at the current market and, finally, highlights the challenges and security issues that may be hidden behind the use of such application development.
While moderating and speaking at KuppingerCole's flagship EIC 2021 event in Munich, Matthias also took the opportunity to sit down one-on-one with his fellow analysts in the conference studio for some EIC special analyst chat episodes. In the third and final special episode, Martin Kuppinger and Matthias look at how current technologies and concepts complement each other to improve security and convenience for users of modern technologies at the same time.
KuppingerCole's flagship event EIC 2021 took place very successfully in Munich and online in September. Of course, Matthias took the opportunity to sit down with his fellow analysts in person for some EIC Special Analyst Chat episodes. Building on the themes of his Opening Keynote, Martin Kuppinger explains the concepts behind "Deconstructing the User Journey".
EIC 2021 finally took place in Munich in a hybrid format between on-site and online. Of course, Matthias took the opportunity to sit down with his analyst colleagues in person for some EIC special analyst chat episodes. In the first of three specials, Christopher Schütze talks to him about the findings from his pre-conference workshop on defending against ransomware, and they also turn their attention to a promising new approach to creating globally secured identities.
Martin Kuppinger and Matthias discuss the high-priority topic of how to achieve automation of management and security across the entire multi-hybrid, multi-cloud IT infrastructure based on well-defined policies.
Cybersecurity is one of the areas where virtually every business will need to invest because of ever-growing cyber risks and ever-tightening regulations, and in the post-Covid era, the cybsersecurity market continues to evolve and grow, having gained even greater importance. Warwick Ashford joins Matthias to discuss the factors driving the trends in this market and what businesses should be considering when making cybersecurity investments.
Christopher Schütze provides the fundamentals for a pivotal topic in cybersecurity, namely how to create processes and systems for comprehensive and continuously improving vulnerability management. Together with Matthias, he provides an overview of elementary aspects that need to be considered.
The market segment of products and services that are designed to manage and secure APIs as essential resources in a multitude of different environments is constantly evolving. On the occasion of the publication of the latest edition of his Leadership Compass "API Management and Security", Alexei Balaganski explains the fundamentals and current developments of these products and services.
Business Intelligence is the discipline of deriving business insights from raw enterprise data to inform decision making. Although this is a mature market, new trends are stirring up this market sector. Annie Bailey joins Matthias to explain what is changing and what 'Next-generation BI platforms' are.
Paul Fisher has researched the topic of Data Governance Platforms extensively, and he published a Market Compass on this topic at KuppingerCole Analysts just a few weeks ago. In the current episode of Analyst Chat, he explains this market segment to Matthias and provides insight into current developments.
The path toward a Zero Trust architecture to improve cybersecurity for modern enterprises in a hybrid IT landscape often seems overly complex and burdensome. Alexei Balaganski is this week's chat partner for Matthias and he draws attention to an often overlooked benefit of such an infrastructure. One key idea of Zero Trust is to actually reduce complexity and unnecessary effort and instead focus on what really needs to be protected.
This episode concludes the four-part series on hybrid IT. To wrap things up, Mike Small and Matthias focus on the latest developments in hybrid infrastructures, between containers, hyperconverged, edge and cloud in a box.
Part three of the four-part series on hybrid IT looks at approaches to appropriately manage and evolve hybrid architectures. Mike Small and Matthias put the focus not only on technical management, but also on appropriate governance in particular.
Mike Small and Matthias continue their four-part series on hybrid IT, looking at the increasing complexity: they look at multiple dimensions of the challenges that come with deploying and operating hybrid IT architectures.
This is the kickoff of a four-part series of podcast episodes around hybrid IT. Mike Small and Matthias explore the fundamentals of modern architectures between the cloud and the traditional data center.
In episode seven of this podcast, John Tolbert and Matthias first looked at Fraud Reduction Intelligence Platforms more than a year ago. Much has happened in this market segment since then, and on the occasion of the release of the updated Leadership Compass, they look at the latest innovations.
Anne Bailey has just completed extensive research into the new market segment of AI Service Clouds. In this episode, she explains this innovative concept, which aims to overcome the lack of qualified personnel and bring artificial intelligence and machine learning to more companies.
Your DNS server knows what websites you use, what the name of your mail server is, and which corporate services you use while working from your home office. And there are even broader challenges when it comes to protecting sensitive personal data in that context. Alexei Balaganski and Matthias continue their conversation about a fundamental Internet resource, the Domain Name System, this time walking the fine line between technology and trust.
Some internet services are so deeply woven into the core infrastructure, that they are just taken for granted or even ignored in our daily digital life. One example is the Domain Name System. Alexei and Matthias discuss the basics of DNS, look at current cybersecurity threats targeted at it, and explain how they can be mitigated.
Maintaining finer grained access by administering AD groups through dedicated and delegated application administrators is the reality in many organizations. Martin Kuppinger and Matthias discuss these types of indirect authorization management and why they are no good choice, even more when AD becomes legacy.
CIEM is one of the latest entries to the set of 3- and 4-letter acronyms in IAM technology. Martin Kuppinger and Matthias take a look at the functionality behind it and its role within an Identity Fabric.
Martin Kuppinger joins Matthias for a first hybrid audio plus video episode of the Analyst Chat. They talk about horizontal (capabilities like AM, IGA, and PAM) and vertical siloes (identities like things, robots, customers, partners, or employees). And they lay out a proper approach to strategically get rid of these siloes in the long run.
Building on the first three podcast episodes of this series with Annie and Shikha, Paul Fisher and Matthias turn their attention to the Privileged Access Management aspect in the context of WfH and its Cybersecurity Threat Landscape. They look at the role PAM plays in the particular WfH use cases for administrators, as well as for business users. And they look at the potential changes that this will bring for the further development of PAM in the future.
Shikha Porwal and Matthias Reinwarth have a coffee conversation over the security risks of working remotely. They talk through the vulnerabilities of a home network, and touch base with the pandemic related end point security threats, employee behavior and finally, Zero trust.
Annie and Matthias continue their conversation on the COVID-related trends in 2021. They conversate about different technology and internet usage trends, and also mention some potential topics that will become more prominent in the future as a learning from these trends.
While the world tries to cope up with the on-going pandemic, cybercriminals have got their hands on a gold mine. Annie and Matthias sit down again to chat about the overall picture of cyberattacks, including COVID-related lures.
Annie Bailey and Matthias continue their conversation around privacy, targeted marketing and the end of the era of the 3rd party cookie, that they started two weeks ago. They discuss the characteristics and the pros and cons of upcoming approaches, while this technology area is still continuing to evolve.
Dr. Phillip Messerschmidt is an experienced practitioner with extensive background knowledge in all things IAM. He helps us to take a step back and look at IAM in daily life. Drawing on simple, understandable definitions, he provides practical recommendations for successful and efficient identity and access management.
Tracking of users via 3rd party cookies has been a constant issue regarding compliance and user privacy. This is about to change, as 3rd party cookies are being more and more blocked in browsers like Firefox and Safari. And Google has announced the same step for Chrome in upcoming versions. What does this mean for the ad business, what are new approaches for addressing targeted marketing in a potentially more privacy preserving manner? Annie Bailey joins Matthias to discuss recent developments in this field.
As organizations go through digital transformation, they increasingly turn to using cloud services. One aspect of the digital transformation plan that is often forgotten is ensuring business continuity. Mike Small joins Matthias to explain why business continuity is essential for cloud services, especially in light of current events.
Alexei Balaganski covers a broad range of security-related topics: from database, application and API security to information protection, cryptography and AI-based security automation. He joins Matthias to give a first insight into a fascinating new approach towards access encrypted data "in use", while maintaining privacy and security of data and processing. He explains the concepts behind homomorphic encryption, the current status, the technology required and he talks about first pioneering use cases.
Martin Kuppinger is one of the founders and the principal analyst of KuppingerCole and he is steering the overall development of the topics covered in KC's research, events and advisory. He joins Matthias to talk about the importance of extending Zero Trust to cover software security, for software in any form (embedded, COTS, as-a-service) and regardless of whether it’s home-grown or externally procured.
The press, security vendors, politicians and analysts alike currently often focus only on the recent SolarWinds security incident and its exceptional features and effects While this is in fact an extremely important topic to learn from and to clean up, the shadow of this hype causes that at the same time it is often neglected that even very basic cybersecurity aspects are poorly addressed in many organizations. Alexei and Matthias look beyond the hype and discuss the need for new initiatives to achieve an actual adoption of proper measures to improve basic cybersecurity hygiene in essentially all organizations.
The Security Operations Center-as-a-Service (SOCaaS) market has emerged and continues to develop in response to demand for security monitoring, analysis, detection, response, and improvement recommendations either instead of or as a supplement to permanent on-premises SOCs. KuppingerCole Analyst Warwick Ashford joins Matthias for this week's episode and shares some insights into this evolving market segment he gained during his recent research.
More than a month into the post-SolarWinds-incident era Alexei joins Matthias to discuss further lessons learned and strategic approaches towards improving security in organizations depending on diverse cyber supply chains and their imminent threats. But they go beyond and look at the necessary changes between management awareness and software development security.
Although not really brand new, there are still a lot of interesting developments around DevOps when it comes to cybersecurity and more. Paul Fisher shares some trends and insights with Matthias and tells us what to expect in this rapidly evolving segment.
The SolarWinds incident made the news in December 2020 and continues to impact many organizations. John Tolbert joins Matthias to give a short introduction of what decision makers need to know at this stage and which measures to look at first.
John Tolbert joins Matthias and shares insights about the results from the just recently published Leadership Compass CIAM. They talk about the overall maturing of the market and the areas of innovation in products, standards and integration scenarios.
Annie joins Matthias to talk about the topic of Verified Digital Identity. They explore what these are, why they are becoming increasingly important and where they add new aspects to the concept of digital identity. A special focus is put on existing and emerging use cases, where verified digital identities can be beneficial to all types of real life entities in their day by day interaction.
This podcast has already looked at the Zero Trust concept as a challenging architectural paradigm for security and an important component of modern and future-oriented security architectures from various angles. This time Christopher and Matthias focus on a phased project approach towards implementing Zero Trust in a well-paced, phased, "one-bite-at-a-time" manner.
The Zero Trust concept comes with the promise to adequately secure our modern, hybrid IT world at any time and any place. Manufacturers, consultants and even analysts agree as rarely as they do that this changed architectural paradigm is an important component of modern and future-oriented security architectures. Alexei and Matthias address the question why in practice only a few powerful zero trust architectures deliver on this promise. They try to answer the question what organizations need to consider in order to get off to a good start.
The PAM market continues to evolve and many organizations are adopting the DevOps paradigm where critical access and sensitive accounts are required in fast moving and agile environments. Paul Fisher meets Matthias for this episode and shares his research on PAM for DevOps. They talk about the challenges of this area of application, but also about the differences and similarities with "classic" PAM. And about the opportunities on a path towards a hybrid approach to PAM in today's organizations, in the midst of the Digital Transformation.
John Tolbert has just taken a close look at the market for SOAR tools (Security Orchestration, Automation and Response) to prepare a Leadership Compass. This has just been published and this gives John and Matthias the opportunity to take a closer look at this market segment of security infrastructures.
In this first of two episodes, Annie Bailey and Matthias Reinwarth lay the foundations for the topic "Emerging Technologies in Healthcare". Beyond hype and half-knowledge, they look at the use of AI, machine learning, block chain, and modern digital identities for the comprehensive improvement of processes and systems in healthcare.
This analyst chat episode is the 50th and therefore a bit different. This time Matthias talks to two experienced analysts, Martin Kuppinger and Alexei Balaganski, about the ECSM, the European Cyber Security Month, which is to provide information and awareness on cyber security in October 2020. The particular aim they pursue is to go beyond awareness to arrive at specific measures that can benefit individuals and organizations alike.
When asked to describe IAM processes, managers tend to think first of traditional lifecycle management processes such as Joiner, Mover and Leaver (JML). While these are clearly essential for identity governance in interplay with authoritative sources, a comprehensive process framework for IAM and beyond encompasses many other areas. Martin Kuppinger and Matthias Reinwarth explore some of these additional areas between convenience and compliance.
Dynamic, risk-based, attribute- and context-related authorizations are becoming increasingly important for many enterprises. Graham Williamson and Matthias Reinwarth take a look at the market sector for dynamic authorization management and policy-based permissions in light of the recent publication of a Market Compass on this topic.
Warwick Ashford and Matthias Reinwarth talk about business resilience again, focusing on cyber supply chain risk management.
Alexei Balaganski and Matthias Reinwarth look at the citizen development movement and discuss the potential risks of letting business users create their applications without proper governance and security.
Warwick Ashford and Matthias Reinwarth discuss the prerequisites and challenges of making a business able to adapt quickly to risks and disruptions.
Anne Bailey and Matthias Reinwarth discuss the findings of the recently published Leadership Compass on Privacy and Consent Management.
Alexei Balaganski and Matthias Reinwarth discuss the concept of ephemeral credentials and its benefits for privilege management, DevOps and beyond.
John Tolbert and Matthias Reinwarth look at SP 800-207, the NIST special publication on Zero Trust architecture and discuss how it aligns with KuppingerCole's own vision of this topic (spoiler: it does align very well!)
Alexei Balaganski and Matthias Reinwarth try to make sense of the current state of quantum computing and talk about the risks it poses for information security.
John Tolbert and Matthias Reinwarth discuss benefits and limitations of agentless security solutions.
Christopher Schütze and Matthias Reinwarth discuss Enterprise Risk Management. What is it all about? What large and small companies should be focusing on? What role do IT and cybersecurity play here?
Anne Bailey and Matthias Reinwarth discuss how decentralized identities and verifiable credentials help respond to the pandemic by powering contact tracing applications, immunity passports and other important use cases.
Alexei Balaganski and Matthias Reinwarth discuss the security challenges for enterprises moving to the cloud and explain why security in the cloud is still your responsibility.
Anne Bailey and Matthias Reinwarth talk about the technologies that enable employees working remotely or from home access sensible corporate information from personal devices without compromises between productivity and security.
Matthias Reinwarth and Martin Kuppinger discuss the challenges of integrating IT service management with identity governance within an enterprise.
Matthias Reinwarth and Jonh Tolbert discuss the ongoing consolidation of the cybersecurity market and talk about its reasons and potential consequences.
Matthias Reinwarth and Martin Kuppinger talk about governance and security of data across a variety of sources and formats and the need for maintaining data lineage across its complete life cycle.
Christopher Schuetze and Matthias Reinwarth discuss a security architecture blueprint that implements the concept of Security Fabric.
Graham Williamson and Matthias Reinwarth talk about consent: what does it mean for identity professionals, service providers or lawyers and how to reconcile all those different views in modern IAM environments.
Warwick Ashford and Matthias Reinwarth discuss the standards, technologies and organizational changes needed to finally get rid of the password-based authentication once and for all.
Christopher Schuetze and Matthias Reinwarth introduce Security Fabric - a new architectural approach towards cybersecurity with the goal to achieve consistent and fully managed security across the whole corporate IT.
John Tolbert and Matthias Reinwarth talk about network detection and response solutions: what are the threats they are looking for and how they complement endpoint protection tools to ensure consistent protection against advanced attacks.
Paul Fisher and Matthias Reinwarth continue talking about privileged access management, discussing the core capabilities of modern PAM solutions.
Matthias Reinwarth and Alexei Balaganski talk about the reasons many companies are still failing to protect themselves from cyberattacks and data breaches even after spending so much on security tools.
In a follow-up to an earlier episode, Matthias Reinwarth and Anne Bailey discuss practical approaches and recommendations for applying AI governance in your organization.
Matthias Reinwarth and John Tolbert talk about profound implications of security products not having their administrative interfaces sufficiently secured with technologies like multi-factor authentication.
Matthias Reinwarth and Anne Bailey talk about Artificial Intelligence and various issues and challenges of its governance and regulation.
Matthias Reinwarth and Christopher Schütze talk about the importance of processes to make your IAM projects successful.
Matthias Reinwarth and Paul Fisher launch a new series of talks about privileged access management.
Matthias Reinwarth and John Tolbert discuss the latest "innovations" fraudsters are using during the pandemic crisis and the methods to mitigate them.
Matthias Reinwarth and Alexei Balaganski look at the potential alternatives to VPNs and security gateways.
Matthias Reinwarth and Martin Kuppinger explain how to protect your users from phishing attacks when they're all working from home...
Learn more about how to continue successful business with Senior Analyst Warwick Ashford's Analyst Advice on Business Resilience Management.
Matthias Reinwarth and Alexei Balaganski talk about making the right choice of a database engine to power your next cloud project.
Matthias Reinwarth and Martin Kuppinger dispel a few myths about Zero Trust.
Matthias Reinwarth and Alexei Balaganski discuss the plethora of acronyms for security analytics solutions: from SOC and SIEM to UEBA and SOAR.
Matthias Reinwarth and Christopher Schütze talk about how to efficiently identify and rate your investments into Cybersecurity.
Christopher Schütze and Matthias Reinwarth explain the importance of having an incident response plan.
Matthias Reinwarth and Martin Kuppinger discuss the measures necessary for securing your favorite online communication platform.
Matthias Reinwarth and Graham Williamson are talking about managing IAM projects properly.
Matthias Reinwarth and Alexei Balaganski discuss the challenges of explosive API growth without proper security controls in place.
Matthias Reinwarth and Graham Williamson are talking about designing an IAM project architecture.
Matthias Reinwarth and John Tolbert explain the meaning behind the term and talk about various factors that help identify fraudulent transactions in different industries.
Matthias Reinwarth and Martin Kuppinger identify the key topics for cybersecurity in the times of crisis. Get a complete overview on Business Resilience Management for free and read the Analyst Advice from Senior Analyst Warwick Ashford!
Matthias Reinwarth and Christopher Schütze are taking a look at five different phases of cyber security.
Matthias Reinwarth and Martin Kuppinger explain what you could be doing wrong with regards to cybersecurity priorities.
Matthias Reinwarth and Alexei Balaganski discuss the history of ransomware and the measures needed to protect yourself against it.
Read also: Business Resilience Management (Crisis Roadmap for Beginners)
Matthias Reinwarth and Martin Kuppinger are discussing the security challenges enterprises are now facing with the majority of employees working from home.
In the first official episode of the KuppingerCole Analyst Chat podcast, Matthias Reinwarth and John Tolbert are talking about the challenges of data protection in modern times.
Welcome to the pilot issue of the KuppingerCole Analyst Chat - our soon-to-be-regular podcast. Stay tuned for more episodes!