KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Compare solution offerings and follow predefined best practices or adapt them to the individual requirements of your company.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
More and more it becomes difficult to Insure yourself against a Cyber attack. Understanding all the different vectors of your risk posture, the flood of different tools and checklists that need to be taken into account and the way to consolidate this risk into an overarching risk dashboard is an immense challenge for CISO's, Risk Managers and their senior leadership. Because of this major challenge and a non-standard way of calculating the risk; more and more Insurance companies are putting a high demand on the information provided in order to get a proposal for a Cyber Insurance and then, if and when a Cyber Insurance is offered, the premiums and coverage become another big challenge and financial burden on companies.
The presentation will highlight these challenges and will provide hints and tips on how to deal with this problem, ensuring to get Cyber Insurance at the lowest possible premium and with the highest coverage.
More and more it becomes difficult to Insure yourself against a Cyber attack. Understanding all the different vectors of your risk posture, the flood of different tools and checklists that need to be taken into account and the way to consolidate this risk into an overarching risk dashboard is an immense challenge for CISO's, Risk Managers and their senior leadership. Because of this major challenge and a non-standard way of calculating the risk; more and more Insurance companies are putting a high demand on the information provided in order to get a proposal for a Cyber Insurance and then, if and when a Cyber Insurance is offered, the premiums and coverage become another big challenge and financial burden on companies.
The presentation will highlight these challenges and will provide hints and tips on how to deal with this problem, ensuring to get Cyber Insurance at the lowest possible premium and with the highest coverage.
Italy has two National Digital Identity schemes, namely: SPID and CieID (leveraging the national ID card). Both of them are based on SAML2 and are on their way to supporting OpenID Connect. The reasons for this decision are numerous, and they are primarily related to OpenID Connect Core features such as flexibility, ease of implementation, better support for mobile applications, and widespread adoption, particularly in the private sector. To manage this transition, we considered several documents by the OAuth working group describing security best Current Practices and the OpenID Foundation specifying a profile for iGov and a framework for federation. In particular, the latter defines a hierarchical federation model with high security, interoperability, scalability, and transparency based on dynamic delegation mechanisms; Italy is an enthusiastic early adopter.
In this talk, we introduce the Italian OpenID Connect profile based on the iGov and federation profiles and explain the main security measures that we considered within our design from the aforementioned standards and available best current practices. We also discuss how the Italian OpenID Connect profile contributes to the iGov and OpenID Connect Federation documents. We conclude the presentation with a brief discussion of eIDAS 2.0 and some of the ongoing preliminary works in the context of the Italian digital identity ecosystem to move toward an SSI-based solution using the Italian OpenID Connect profile as a starting point.
The Identity Governance and Administration (IGA) market is continuing to evolve through more integrated Identity Lifecycle Management and Access Governance solutions that are now increasingly aided by intelligent features. In this session, KuppingerCole´s Nitish Deshpande will share with you insights into the IGA market, providing you a compass to help you find the products that can meet the criteria necessary for successful IGA deployments.
By now, organizations are well aware of the need for better protecting data and application with modern access management and authentication.
Thales and Microsoft partner to help organizations going passwordless to fight against phishing attacks. Thales and Microsoft experts Sarah Lefavrais and Thomas Detzner will talk about the role of Fido and other phishing resistant authentication methods like CBA in achieving Zero Trust approach.
How do we control what we do not see?
Supply chains are like that. The problem is that while you may have sight of your nearest third-party relationships, if you look further out to their relationships, things start to become a bit obscured. And that is where the risk lies.
In recent years Okta, Toyota and Morgan Stanley have all suffered data breaches that originated with an attack on the supply chain.
In this presentation, we explore the complex nature of supply chains/digital ecosystems and all the parties involved. We’ll look at the pattern of some recent third-party attacks, examine their root cause and what lessons we can learn.
Finally, we'll explore the critical capabilities that are needed as the foundation for a solid third-party strategy; one that provides active, continuous monitoring while reducing the overhead for compliance.
After several tumultuous years, the cyber insurance safety net is in question as costs rise and coverage contracts. Research conducted with IT security professionals to understand the real-life experiences companies have in obtaining and using cyber insurance.In this session we’ll unpack the survey findings and put them in context. Join the discussion to prepare for your next cyber insurance assessment so you end up with coverage and rates that accurately reflect your organization’s risk profile.
Joe Carson will talk about
And help you find answers to these questions
A digital twin is a virtual representation of a real-life subject. This mapping encompasses its entire lifecycle, is updated from real-time data, and uses simulation, machine learning, and reasoning to support decision-making.
Human beings and their behavior can also be copied and simulated by digital twins. During the last talk at the EIC conference, we already looked at the threats, challenges and opportunities creating digital twins in cybersecurity.
This time we want to discuss how we can dive into a world through a digital twin of a cybercriminal to change perspectives and to understand the cybercriminals behavior.
Imagine having a tool that can perform these simulations at the highest level. Why not use it to our own advantage?
A digital twin that not only simulates the approach and behavioral patterns of cyber criminals but can also predict ahead of time. What if we can turn the tables on cybercriminals by fighting fire with fire?
As ecosystems of customers, workforce, partners and suppliers become increasingly intertwined, companies face the challenge of managing access consistently. Companies often install different access systems for different populations, with different types of accounts and different lifecycle management.
This session presents an approach whereby different populations can be managed with a single system and a single user profile. Key in this approach is that the user profile indicates to which population (or more than one population) the user belongs. The approach also enables delegated administration and temporary accounts in a very intuitive way.
While eIDAS 2.0 is still under legislative process, closing to the end, the European Commission prepares the framework for the EUDI Wallet reference implementation, and standardization bodies are working on developing new technical standards.
There is a real need for updated information on all efforts around eIDAS 2.0, as the implementing deadlines are very tight.
The session will shed light on latest developments and impact on the market.
Germany's healthcare sector will introduce its own ID wallet called "Sectoral IDP" for all statutorily insured persons on 01.01.2024. The issuers of the wallet are the health insurance companies, and approval will be granted in accordance with the extensive specifications of gematik (the regulatory authority). The ID attributes are issued by 2 issuers: PID and health insurer. The sectoral IDP is based on the OpenID Connect (core and Federation), Open Authorization 2.0 (OAuth 2) and JSON Web Token (JWT) standards. The presentation will describe the specific gematik requirements for product and operations of the ID wallet as well as their possible implementation. Despite the closed system in eHealth (Telematics Infrastructure) by definition, bridges to developments of ID wallets outside the sector such as EU, AML and eIDAS will be shown.
The Art of CIAM is to converge user Experience (UX) , security and privacy in a way that is seamless and unobtrusive for the user. In this panel session we will discuss the role of decentralized technologies, biometrics, and AI in Digtal ID, allowing for more secure and efficient authentication processes.
Join this session if you want to learn how a globally operating science and technology company introduced a faster and phishing-resistant sign-in – driven by the open-industry standard FIDO.
Employees use Biometrics or Pin, instead of Password & SMS, Call or App.
A “Detached Authentication” feature enables apps without FIDO/WebAuthn support and allow us to globally enforce the phishing-resistant sign-in – without fallback to other MFA methods.
Identity Verification is required for the registration and recovery of Biometrics or Pin. SaaS or self-developed identity verification methods can be used and combined.
The infrastructure for authentication and registration of Biometrics and Pin runs in a self-hosted environment. It allows us to stay true to our principles: Own Identities, Credentials and Authentication.
# What makes it unique
Passwordless Sign-in
– Biometrics of device-in-use
Biometrics sign-in available for all apps
– Detached Authentication for apps without WebAuthn
Biometrics sign-in enforced for all users
– No SMS, Call or Authentication Apps
Onboarding, Registration, Recovery, Password Reset
– Self-services secured with identity verification
Centrally stored FIDO-Credentials for multiple IdPs
– Self-hosted infrastructure with IdP plugins