KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Compare solution offerings and follow predefined best practices or adapt them to the individual requirements of your company.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
The Digital Transformation of Business is unstoppable. It affects virtually all industries. The IoT (Internet of Things) is just a part of this transformation, at the technical level. However, without changing business models, organizations will not succeed. Furthermore, connecting things with apps and services is imposing new challenges. These include product security and liability issues, but also appropriately dealing with customer “big” data. Identity, Access, and Security become critical success factors for the Digital Transformation of Business. Martin Kuppinger talks about how IT has to transform and how Information Security can become a business enabler for the Digital Transformation of Business.
The Digital Transformation of Business is unstoppable. It affects virtually all industries. The IoT (Internet of Things) is just a part of this transformation, at the technical level. However, without changing business models, organizations will not succeed. Furthermore, connecting things with apps and services is imposing new challenges. These include product security and liability issues, but also appropriately dealing with customer “big” data. Identity, Access, and Security become critical success factors for the Digital Transformation of Business. Martin Kuppinger talks about how IT has to transform and how Information Security can become a business enabler for the Digital Transformation of Business.
So this being said, I would like to invite for the first and traditional keynote, the founder and principal Analyst of a call Martin. Thank you, Shar. So Martin, how old is coping a call now?
Oh, it's more than 10 years. I think 12 years close to 12 years right now, 12 years already. Right.
So, and they've been massive changes in that time, right? So how, how did keeping a call see the change in the last 12 into 12 years? So what were the biggest changes that we've seen?
Oh, I think the, the clearly biggest change overall is that a lot of the things we are looking at moved from administrative topics towards more to business topics. And I attempted to tell the people when, when I go back some five years or seven years, it took me five minutes to explain what I'm doing. Okay. Identity, access security, right now. It takes me 10 seconds, 20 seconds or something like that because everyone is aware of identity.
Everyone, everyone is aware of the security issues. So I think this is really a fundamental change. Okay. Do you see any new topics around the corner?
Oh, I think overall, you know, when, when I look at what we are doing, we started in the identity access management field. Right now we are looking at all of information security and branching out and related areas. So I think all the transformation stuff is related to security. It has to do a lot of security, not only, but there's a lot of security and, but even within information security, we see really the, the shift from preventing towards getting better in detecting realtime detection and responding rapidly, responding on what is happening.
So I think this is one of the fundamental changes together is the ever growing threat landscape we were facing. Okay. So basically the information security arena is maturing in some sense.
So we, we are moving away from just doing something and hope that doesn't happen towards actually knowing what's happening and taking the right action. Did copy our call. Hopefully indeed.
The copy, our call adapt with its scope. So has coping our call as an organization, having new offerings in That area. Yes. I think this is what, what really gradually changed over time. So for instance, around mid of this year, we will publish a leadership compass on the realtime security intelligence market is emerging market, which is about managed realtime security services and that type of stuff.
So, so really moving forward. And so we more and more do things in that area. We just are in the brokers of publishing a report in SCADA. We did things on realtime security intelligence on the IOT, on the digital transformation. So we are broadening this and we also bringing in some other services, which really should help customers to mitigate the risks, to better tackle the challenges they are facing. Great. So you're going, you're going to give us a glimpse of that right. In the keynote specifically, if I got it right on internet of things and the digital zero, how we say in Germany. Yeah.
It's, it's very much about what we need to do. And as the title indicates digital transformation and what is about digital risk mitigation and the age of transformation, because I think this is really one of the most challenging things. And when I go back to my keynote last year, I already touched this area and said, you know, most likely something will go really wrong in that space over the next few years. And I still believe that something will go really wrong.
And what we really have to do is to understand what we need to do to mitigate a risk and identity access security are very fundamental things in this business transformation to not fail when doing this shift. Okay. Understood. So thank you very much. Thank you, ser. Okay. Welcome. Also from my side to all of the attendees, as I already said, I will talk about digital transformation, the new role of identity access and security. It's not only about identity access security. It's really a little bit broader.
And I put together some eight fundamentals for digital risk mitigation in the age of transformation. So there's an abstract. I will Trump directly to the next slide. My first fundamental is the digital transformation affects every organization. So there is virtually no organization which isn't affected. We have to smart Watchers. So we see a lot of organizations are, are companies trying to invent smart things. We have to connected vehicles which fundamentally affect the automotive industry. Probably the biggest change this industry has seen since the introduction of the automobile file.
We see the smart homes affecting a lot of different industries. So from the fridge to the utilities, to whatever else, a lot of industries are affected by smart homes, smart grids.
Again, the utility industry, which is, is changing fundamentally eBooks. If you look at all the publishers and so on, this already has changed. There are different business models. There are different distribution channels. Also start writing books without traditional publisher directly publishing them as an ebook, whatever else, digital music. I think few industries have gotten such fundamental change as the, the music industry in many countries. There's far more music downloaded than sold in traditional formats. We have online retail.
Also one of the areas where we have seen a massive change over the last few years, online payment affecting the finance industry, new players in that field, apple, PayPal, whomever else manufacturing. So that's something I will talk a little bit more later. If you look at all this talk about in Germany, we call it industry for those or smart manufacturing, connected production, whatever else it's affecting, very traditional industries. And it's a major change.
And I think it's, it's very important for any organization to understand that there is a fundamental change going on and that we have to think about what is the new role, the new business model, etc of any organization. And this is also another fundamental, which is here and will be a way in one or two years. It's here to stay. I think this is another very important thing to understand. And when we go back to history, there have been so many quotes around, oh, this will just, just a passing phenomenon. No.
So Kaiser Han two from Germany, believed in the horror and Saudi automobile was just a passing phenomenon. He was wrong and there are still, also no Kaiser anymore. Here. Canon of deck said there is no reason in 1977 is that there's no reason anyone would want a computer in their home. Okay. Charlie Chaplin, the cinema is little more than a fad. What audiences really want to see is flesh and glued on stage.
Yeah, the cinema still here of theaters are as well. But clearly the movie industry is quite big. There is C of 20th century, Fox, 90, 46 television. Won't be able to hold on to any market that captures after the first six months.
In fact, people will get bored by TV. Cetera. I think most of us have a TV at home these days and probably for many, many years now, the variety magazine set on rock and roll in 1955, it will be gone by tune. I think they thought about tune 55 and that whatever tune will come at some point of time, several priests of the British post office that the Americans have a need of the telephone. But we do not. We have plenty of messenger boys.
And again, I started with AIA Ryan with AIA. So Kaiser Wilhem one before Wilhem two said, no one will pay good money to get from Berlin to Potsdam by rain, which is a 20 kilometer distance or something like this in one hour by train, when he can ride his horrors, they're in one day for free. Maybe we need horses these days, given that the German ban has another strike. But overall, I think there is a good reason for having trains and for acceptance of trains.
So I, I think we shouldn't be the next ones in that list saying the digital transformation will be history in a few months or years. No, it will not. It is here to stay it's inable it's and is change. And it's changing a lot of things. It is affecting our products. So products are changing. We have different products, services. A lot of industries will see that they earn more money with services in future than with the physical products. And a lot of industries not necessarily related to the transformation, but a lot of industries already have underground that change.
So if you trust, look at printers and other things in some areas, the add-ons are more valuable than the machine. And we will see other things for services are more valuable than the product itself. And we have to think about what are the services we sell? What is our business model, which in fact means yes, our business models will change. Our organizations have to change when we are selling services. When we are have, when we have different business models, we need a different organization. We need organizational change. This is quite tough to change an organization.
And that will be the real challenging part aside of inventing products and services that sell well, we will need a different ecosystem in organizations. So who is the one who we are partnering with, who sells our services, our products, all these things are subject to change.
Another, I think important aspect is digital transformation is more than just the internet of things. So sometimes it's quite related when we look at what is currently discussed and happening. So digital transformation is quite related in many publications and many things we hear to the internet of things. It's far more than that. And I've split this fundamental into four sort of sub fundamentals or building blocks probably when we talk about fundamentals, building blocks might be quite good terms. So the first one is it's already a reality in many industries without any connected things.
If you look at okay, you could argue in music, the music industry, you have a smartphone in other devices, but it's not that they're primarily selling things, but music in a digital format. If you look at eBooks, you can read them without an ebook reader. So it's not about the connected thing. It's about the new delivery model, the new format, the new product, the new services around us. So it's not only the internet of things.
The other thing is that when we look at industry four oh, or the smart manufacturing, this is about connecting manufacturing environments and it's operational technology. So this type of it, we commonly find on the manufacturing area, this industrial control system, stone age bus systems, and a lot of other quite antique technology, sometimes, sometimes also more modern, but infrequently, frequently quite antique technology and what we are, if we wanted put it into the IOT box, it would be very big things we are talking about here.
So in the production lines, there are sometimes quite big things we would find. So I wouldn't put this into the OT box it's but it's about transformation. So transformation is far bigger than the IOT. And the other thing we shouldn't forget is we still need the right business model and the right services to succeed. It's not about having things for his sake of things or whatever. It's about understanding what can be the business, what are the consumers and customers interested in? What is the real value we have?
And as with any fundamental change, we also will see some great failures in that area. Things which just disappear, which is I think, quite normal. So over time we have some learning curves and some things might reappear in different format later on become successful, start disappearing again, or changing its format, et cetera.
So I, I had a tablet PC, I think more than 10 years ago. It took a little while until we have tablets and touch screens as a standard, which is more and more common today. And there was some period where we didn't have much around that.
So again, we need to understand what is the business model? Why do we do it? This is really the point behind us. And I also think that in many cases I expected in many cases, the main revenue stream will not be from selling the thing that touched this before, but from selling additional services, which is also quite challenging. And you know, particularly in our industry, I think a lot of few, the ones working at vendors already are facing such type of change, which is not around changing from things to services or whatever, physical products to services.
But from on-premise I software licenses, you have been sold for many years to cloud services where you have a subscription based model, which is also sort of that type of change. And we, we all know that it has been scary for most organizations at the beginning saying, okay, you know, I earned so much by shipping boxes and right now I should rely on a subscription model. Will it work? What does it mean for us? And the same, we will see in many, many other industries and there can be success and there will be failure.
The really important thing is that you understand, what do you need to change in your organization? What is your business model? What do you sell? How much your organization look like? So there's no success without the adequate organization, digital transformation mandates organizational change. So no success without agility, particularly agility is a key thing. The markets are getting faster. New players enter that market take payment where people, apple and others come in. So you have to react and you have to react quickly. And this is true for many, many other markets.
Sometimes it will be tougher for new players because of the market entry barriers. So when you have a lot of tech complex technology, it might be more difficult. If it's only software it's intend seek quite easy. So reinvent yourself, becoming innovative, understand that there's a need for rapid go to market. So don't miss opportunities, but that doesn't mean that you have to take every opportunity still think about, does it make sense or not continuous improvement? I don't believe in dev ops, I believe in dev sec ops.
So development with security and operations with security in mind, I think currently a lot of things which are going on in the DevOps field are just ignoring the need for security done, right? It will make you far more at trial. If you rely on standardized security services and well thought out services, that of security as an afterthought, but we need to improve continuously, but we shouldn't forget about security. And at the end of the day, what we are talking about is be, is really business it, integration business. It alignment. Is that so to speak?
No, I don't say that it's, it's it's past, we, it's not about business. It alignment. It's about integration because all of the things we are will sell in future, the connected things mean it is a part of it. So we can't say we have it here. And we have our other business here. It's something which has to fully merge. So we also will see new and changing roles in the organization. We should think about chief business development officers. So the person driving innovation go to market improvement. The role of the CIO will change. It might be sort of the C DBO.
It might be also someone who's more managing the traditional business. It, so the underlying stuff, the traditional OT or everything, the CISO I think is increasingly important, overseeing the full picture of security across all these areas, up to the products, the services cetera we selling and this transformed industries, we have product it, which really has to become as of that fully integrated with the business metrics organizations in that space from my perspective are amassed. And the rest of it has to become fully service oriented, getting rid of silos.
So there's definitely no room for it silos in your it organization anymore. It's not feasible. It might look like this. That's something we published last think three or four years ago as an paradigm for a future it organization. There's some report out on that. So fundamental number five, everything, and everyone becomes connected. So you might notice picture it's our computing drug, which we are showing for se several years right now with cloud social, mobile, still relevant. All these areas. We are moving to the cloud. We have more and more types of users.
We have the mobile stuff, but the things are getting more complex. And this is probably the picture you will see most frequently equipping our core presentations over the next 12 months. So instead of the Kar, this will be sort of my standard introduction picture. We have the people they're related to organizations they're related to two devices and things, devices and things are related. Devices might belong to an organization or to an individual. Things might communicate with organizations, provide information back there might be owned by organizations.
So it's a quite complex field of relationships we have here between those organizations, people, devices, and apps, and services and organizations and the things. This is really what we have to understand and what we have to manage in future. So APIs will become quite important here between services at the back end, between the apps on the devices and between whatever we call the software and the things, maybe the single lots, where all these things merge together. So this understanding this connection and what are the identities of these things, what are the relations?
This is, and securing the communication between the, between the managing the access is a extremely important thing for the future. So this is really the new ABC, the at trial business connected. Then we have another very important aspect to think about when we talk about transformation, which is we are talking about OT and manufacturing environments, industrial control systems, all that stuff on one hand with specific requirements and on the it side where we look at it from a different angle. So there's increasingly sort of a discussion around security versus safety.
From my perspective, it's not a tummy. So when we look at operation technology security, there's number one safety of humans and equipment.
Yes, for a good reason, reliability doing the things always the same time availability of technology. On the other hand, we have the it security area, which is around confidentiality, integrity, availability of information. We might add some other requirements on both ends, but from my perspective, we can't say, okay, we can do either one or the other. We have to find ways where we do serve both types of requirements.
So in this sort of brave new world of smart manufacturing, we have people which are using devices, which are accessing services and they use their device and say, oh, I want to change the color of my car, which is trust under production. And then manufacturing has to react. So we have some sort of control. And if you look at all the presentations around smart manufacturing industry photo, though, all of them are around. We have quite direct impact on what is happening in the production line. So we are connecting these things, and this is something which is happening.
So in most scenarios, there will be, be directional communication. So if there's communication to the manufacturing environment, a system, or who can connect, can potentially attack. So we have to merge these two views of security, OT, and it security and sync security. In addition. So it's not about safety versus security is about safety and security. It's time to rethink OT. I think from that perspective.
So we have underground a shift towards software defined networking, software, defined storage, et cetera, relying on standard technology, which is easy to change, which is quite standardized, quite good to control. I think this is something where we have to start syncing in OT, which is probably a, quite a journey, but we have to do it because it's not about death by attackers versus death, by patching because systems are not reliable anymore. It's about avoiding both types of death. Security is a risk fundamental number theme, and it's an opportunity.
So we should look at security as something which is painful and costly, et cetera. So there are opportunities enabling at Trinity and fostering innovation. If we have a good standard approach on security, by design privacy, by design, we are more at agile. We are faster innovation. We enable the connected enterprise. If we understand how to manage all of these identities, we can implement all these business models. We can deal with our customers, consumers, new types of identities, cetera. We can risk mitigate risks.
So product security puts your business case, your reputation and more at risk. So if product security fails, so not security puts it at risk, but lack in product security. It helps in cost saving difficult argument that no, but if you look at compare compared to doing nothing, then there are a lot of arguments for saying, I in west in security, it's approach collaboration, communication. So how can we build trust? How can we work as people? How can we do a lot of things? All of this is around security. Clearly there's the cost part.
So in red, we have to invest to achieve compliance. It's a burden. We have to avoid breach notifications, but there are many opportunities in doing security, right? And so it's not only a risk. It's not only a cost driver, it's often opportunity. And finally, my fundamental number eight identity in this changing landscape and this digital transformation is the clue and access control is what we need. So I've had this picture of people's and devices and things and organizations, complex relationships. A lot of people involved, very, very complex, yeah.
Scenarios and, and ecosystems we are facing. And we have to understand who can access which information, how do these things cooperate, who owns what, who can use, what, which is different from owning, et cetera, cetera. So we understand the identities and there will be a lot of talks around identity, relationship management and the like here for a good reason, there are complex identity relations of the identity of things, the identity of a service, the identity of a app of device, whatever we need to understand and handle.
And here I go back to something I've published probably some six months ago or so, which I call the seven fundamentals for future identity and access management, which are it's more than humans. It's about all types of identities. We will have multiple identity providers, not only one. So we will not manage all identities internally anymore, but we will need to trust. And distrust will vary.
We have, we'll have multiple attribute providers providing different and additional information, helping us to verify things, et cetera. We have multiple identities. So many users will use different identities or personas and flexibly switch between these. And we need to understand still the same person. Just think about people using today, the Facebook login tomorrow, they might use something totally different. Most of the young people don't use Facebook anymore. So obviously at some point the login will change multiple authentics.
There's no single authenticator that works for all identity relationships. We must map humans to things, to devices and apps. Things are already touched and context, identity, and access varies in context. There's no room for black and white identity management anymore. It's about understanding that in different context, context, different people will have different access something. By the way. I think Dave started talking about in the keynote, Dave current from our teams, I think seven years ago at EIC when we talked, started talking about the context.
So these are my eight fundamentals for mitigating the risks and digital transformation. And we will have a lot of discussions sessions around these topics. We have a lot of research on that. That's it from my side for this opening keynote. Thank you. Thank you very much, Martin. This was a lot of stuff to digest there's as the whole tool is all from internet of things, all the security, different activities. So a lot of things to discuss and to do.
Yeah, but I missed some topics. For instance, I didn't talk about big data, but I saw I can't squeeze everything in.
Well, yes, It's in there. It's in there. Yes. It's in there.
You can't, you can't do these security analytics and the, the reactive part without having big data analytics competence. So it's also about protecting access to big data. It's about deciding what you can and will not what to use when and so on. Yeah.
So you, big data is under played everywhere in the security arena. That's true. I very much liked specifically your formulation stone age bus systems. Can you explain that to me? What you mean by this stone age bus System? So is like, I think it would be ideally a question for my colleague regress, but I tried to answer it correctly anyway.
So, so if you look at, at many of the things in, in the traditional manufacturing environment, but also even in all older approaches for smart homes, etcetera, you will find approaches for bus systems, which are, I would, wouldn't say, I would say are not a hundred percent of the, this level of technology you could have today to say it carefully. So, okay. Industrial, even it is this, For instance, A lot of things, this zone age, The K K and X plus for instance, I think is quite good example. Yeah. For home automation, indeed. Yes.
And you know, these are technologies which were infected. If you're honest, they were outdated when they were introduced. Yeah. Another question I, you said it and OT need to come together and you explain how the, it say delivery model must adopt to this new way of looking at things. But what does that mean for the it department, for the people? Do you have any, any idea or any view on what's going to happen? You know, I think I touched some part and I think clearly some part of it has to move into the business organization.
So if you have a product which has it in, then you have to have it in the same organizational entity and the rest of the, it has to become far service oriented, well structured. So we had this future paradigm a while ago and I think clearly segmenting it in the, to a service organization with well defined services where you also can switch between different, different delivery models. This is what, what we need to do. Okay. Are there reports On this?
Oh, there's a lot of reports. I think we already have. I think in the first four months of this year, we published 49 reports. So in January to April with somewhere following these days, I think today we had number 50 and we have, I think overall modern 400 reports available currently from cooking our cold. So quite a big number and I would say a good reason for a subscription. Okay. Thank you very much, Martin. Thank.
