KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Compare solution offerings and follow predefined best practices or adapt them to the individual requirements of your company.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
Authorization (AuthZ) and Authentication (AuthN) go hand in hand in ensuring zero-trust in your system landscape. But while scaling identity can be done by centralizing it in an IAM solution, centralizing authorization is seldom a scalable solution. Increased latency, varying requirements and maintainability are all key reasons to want a more decentralized solution that can adapt and scale.
In this talk we will describe how to use Open Policy Agent (OPA) to achieve decentralized authorization in a multi-platform API landscape, including both modern and legacy platforms, while simultanously ensuring centralized compliance controls and enforcement.
Authorization (AuthZ) and Authentication (AuthN) go hand in hand in ensuring zero-trust in your system landscape. But while scaling identity can be done by centralizing it in an IAM solution, centralizing authorization is seldom a scalable solution. Increased latency, varying requirements and maintainability are all key reasons to want a more decentralized solution that can adapt and scale.
In this talk we will describe how to use Open Policy Agent (OPA) to achieve decentralized authorization in a multi-platform API landscape, including both modern and legacy platforms, while simultanously ensuring centralized compliance controls and enforcement.
Companies are facing increasingly complex security threats. Many are struggling to assess their own security risks due to an inability to address potential issues as they arise, due to the breakneck pace at which issues are disclosed, and teams' ability to address said issues as they accumulate and because the huge number of security tools in use create diagnostic fatigue.
Vulnerability management programs rarely ever match the overall scale of the organization, boosting the number of potential points of exposure. What's more, besides vulnerabilities, attackers are increasingly leveraging exposures such as misconfigurations and stolen credentials to gain access to companies' core business. Because of this, attack paths to critical assets are often overlooked or identified too late.
Instead of looking at vast numbers of isolated issues, XM Cyber aggregates them into an attack graph to proactively identify hidden attack paths and weaknesses in both the cloud and on-premises. XM Cyber helps organizations efficiently address the issues that can have the greatest impact on organizational risk. Then teams can eliminate attack paths at critical junctures, i.e., choke points, in order to achieve ultra-efficient risk remediation.
More and more it becomes difficult to Insure yourself against a Cyber attack. Understanding all the different vectors of your risk posture, the flood of different tools and checklists that need to be taken into account and the way to consolidate this risk into an overarching risk dashboard is an immense challenge for CISO's, Risk Managers and their senior leadership. Because of this major challenge and a non-standard way of calculating the risk; more and more Insurance companies are putting a high demand on the information provided in order to get a proposal for a Cyber Insurance and then, if and when a Cyber Insurance is offered, the premiums and coverage become another big challenge and financial burden on companies.
The presentation will highlight these challenges and will provide hints and tips on how to deal with this problem, ensuring to get Cyber Insurance at the lowest possible premium and with the highest coverage.
As an identity professional, you're constantly studying and reviewing new technologies, new protocols, and new products within the space but you struggle for the best way to extract the value of these new shiny, items to benefit your organization. You've been told that a well-developed identity architecture plan is the best way solve business challenges and produce concrete results but your research and fully-notated diagrams have failed to engage your peers. |
PAM (Privileged Access Management) is one of the established core disciplines within IAM. PAM also is the IAM discipline that is changing most from what it has been in the past.
On one hand, there is the impact of CIEM & DREAM, Cloud Infrastructure Entitlement Management or Dynamic Resource Entitlement & Access Management. This is about the expansion of PAM beyond humans accessing servers and selected applications towards any type of human and non-human (silicon) identity accessing any type of workload, from servers to dynamic cloud resources. This also implies an expansion from serving static data center infrastructures to dynamic workloads in today’s agile IT. PAM is changing, with more parties involved – a “PAMocracy”, as KuppingerCole Analyst Paul Fisher recently named it.
These changes also require expansions in integration to other IT services. There needs to be a dynamic governance approach, where IGA comes into play. It requires rethinking whether PAM tools really should care for authentication. There is no need for authentication point solutions in an age where most organizations have a strong Access Management solution with MFA, passwordless authentication and adaptive, risk- and context-based access in place. Finally, this new PAM must integrate with the DevOps tools chain for permanent updates about new code and the resources used as well as with IT Asset Management for an always up-to-date insight into the ever-changing, dynamic IT landscape that needs to be protected.
Also worth to think about is integration with further security solutions, beyond the standard SIEM/SOAR integration. AI-powered security solutions are one aspect. Integration to Cloud Security Posture Management is another example.
In this panel, the state and requirements on the future PAM will be discussed.
Finding the right passwordless solution can be a daunting task. Searching the web for a passwordless authentication solution will present many options for various use cases. With so many options, how do you choose the solution that best meets your requirements?
This presentation will help guide you through the different FIDO standards, Passkeys and provide real-world examples of how they are being used today. We'll explore the benefits of FIDO, including increased security and improved user experience, and discuss the challenges and limitations.
If you're ready to say goodbye to passwords and embrace the future of passwordless authentication, join us and learn how to find the right FIDO solution for your passwordless needs.
Decentralized Identity is enabling individuals and organizations to have control over their own personal data, providing self-sovereignty, privacy and security. But, is a relatively new concept with high development and standardization dynamics. In this session we will look into what we should do today to take full advantage of this promising concept.
There are several sessions at this year’s EIC looking at the roles of policies in IAM, for modernizing and efficiency gains in IGA, for authentication and fraud detection, and for authorization. In his keynote, Martin Kuppinger, Principal Analyst at KuppingerCole Analysts, will take a broader perspective and look at why the future of IAM and cybersecurity must and will be policy-based. This involves policies in IGA, policies in cybersecurity, hierarchies of policies, policies for application developers and IaaS administrators, policies in Zero Trust, overcoming static entitlements, policies in the context of DID (decentralized identities), and other topics. He also will discuss what needs to be done where, such as Policy Governance, Data Governance, and Policy Lifecycle Management, and why the shift to policy-based approaches requires a multi-speed approach, with policies in new digital services coming faster than policies for modernizing legacy IAM.
You are shifting through RFIs for a new mobile app based multi-factor authentication solution for your company. The vendors claim that their products are 100% secure and we all know that there's no such thing as a 100% secure solution, but it's marketing and you know how marketing sometimes goes overboard. How do you determine if the solution is actually fit for your appetite for risk? Can you be sure development time dev credentials have been cleaned up? Is the rooting detection any good? Does the app store plaintext credentials? Is it vulnerable or can someone build a scalable attack against the product you are about to acquire to protect your crown jewels? Let's take a look at different options out there and talk a little bit about what you can request from the vendors.
This decade may well be labeled “the decade of the digital credential.” From COVID passports to mobile driver’s licenses, digitized credentials transforming to “born digital” credentials, and governments and large tech companies developing their own wallets, personal information has never been easier to share with the wave of a device. The convenience is amazing, and the privacy implications are terrifying.
Even scoping the issue down to government-issued credentials or credentials directly derived from government data, there are a variety of requirements feeding into this growing ecosystem:
In this session, Heather Flanagan and Mike Kiser will discuss the outcomes of the recently released white paper on government-issued credentials and the privacy landscape (publication date expected in April 2023). The issues at hand are not solely about policy, nor are they only about technology. It is about closing the policy and protocol gaps that exist between today’s disparate solutions and services and providing a vision of a privacy-preserving, globally viable privacy landscape.
In many respects, identity programs are inherently vulnerable because they often rely on something that is shareable; something that a person knows or something that they have.
Join iProov to hear how biometrics can improve security for both digital and physical access. Included in this presentation will be guidance on: aligning biometrics to high-risk inflection points in the identity lifecycle; important considerations for inclusivity; and how to mitigate the risk of generative AI in modern attack methodologies.
Web3 is a revolutionary changing aspect of technology in the current era but protecting Web3 will be a challenge considering how smart contracts are challenging. New businesses utilizing blockchain technology are more focused on business while their different assets need eyes, such as the most vulnerable DApps and Web3 services.
Decentralized applications, commonly referred to as dApps, are not controlled by a single point of authority. Instead, they run on a blockchain or a P2P network, making them more complex and riskier than traditional applications.
In this talk, we'll discuss how hackers are utilizing their techniques to attack web3 and smart contracts and what are best practices for enterprises to prepare for the challenge.