KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Compare solution offerings and follow predefined best practices or adapt them to the individual requirements of your company.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
How can this aim be achieved in an complex global enviroment? The approach is based on an overall process of Identity & Access Management operated by a multi-level control system. Following the 3 LOD-model different layers are linked in order to reduce digital risk via connected activities (e.g. recertification, SOD-checks, …). Combined with strict processes, an intense communication with the business and measurement by key indicators.
How can this aim be achieved in an complex global enviroment? The approach is based on an overall process of Identity & Access Management operated by a multi-level control system. Following the 3 LOD-model different layers are linked in order to reduce digital risk via connected activities (e.g. recertification, SOD-checks, …). Combined with strict processes, an intense communication with the business and measurement by key indicators.
Well-managed organizations address unique and emerging risks, such as networked data and identity-related risks in the context of their overall risk profile, and seek to implement solutions that can cost-effectively address organizational risk at multiple levels. As new online and networked system risks associated with data and identity handling systems have surfaced, pre-existing risks still remain relevant; and together they vie for the attention of managers around the world, causing them many sleepless nights. How are emerging risks similar to and different from traditional risks faced by enterprises? How can traditional risk mitigation strategies inform, or mislead, managers seeking to address emerging risks?
Keynote at the European Identity & Cloud Conference 2015
As value propositions for organizations have changed, risks and risk mitigation strategies have changed along with them. When value was derived chiefly from physical property, risk involved more traditional theft or destruction of property and the technologies of fences and vaults, and fire extinguishers and insurance were developed to mitigate such risk to physical property. When value propositions migrated increasingly to services, risk of loss of proprietary secrets emerged, and mechanisms of secrets and confidential information were deployed to mitigate the risk of loss of such intangibles. The digitization of information led to new intangibles markets and new risk mitigation (in the form of information flow controls such as DRM and encryption).
The modern reality is that even the most technology conservative companies are thinking to shift some of their valuable assets to the cloud. However, since anyone with a credit card can purchase cloud services with a single click, the governance and control of organisations are frequently being circumvented. This can create various challenges for organisations that wish to adopt the cloud securely and reliably.
This session will lead you through various approaches on how to assess and mitigate risks for onboarding cloud solutions.
Digital Identities are transforming the way companies architect their IT environment. They adapt and optimize by moving to cloud, adopting mobile technologies and interacting with customers through social platforms. These open enterprises now have little control over how users are entering their networks to access corporate information. As such, Identity has become a key security parameter that businesses can control. Watch this session to learn how organizations can manage the identity context across all security domains by implementing a threat-aware approach to IAM.
Thank you for attending the EIC 2015. See you next year!
As organizations race to transplant onsite infrastructure and applications to the Cloud, strong yet flexible control over authorization will play a critical role. Each Cloud vendor approaches the challenge of role and attribute-based authorization in a completely different manner and the facilities they offer are undergoing a rapid evolution. This session offers an overview of the authorization capabilities offered by the Microsoft Azure and Amazon AWS platforms and include best practice suggestions.
European Identity & Cloud Conference 2015, taking place May 5 – 8, 2015 at the Dolce Ballhaus Forum Unterschleissheim, Munich/Germany, is the place where identity management, cloud and information security thought leaders and experts get together to discuss and shape the Future of secure, privacy-aware agile, business- and innovation driven IT.
SAML, OpenID, OpenID Connect, WS-Federation all support identity federation – cross domain authentication. But, can we always expect all the parties in a connected environment to support SAML, OpenID or OpenID Connect? Most of the federation systems we see today are in silos. It can be a silo of SAML federation, a silo of OpenID Connect federation or a silo of OpenID federation. Even in a given federation silo how do you scale with increasing number of service providers and identity providers? Each service provider has to trust each identity provider and this leads into the Spaghetti Identity anti-pattern.
Federation Silos and Spaghetti Identity are two anti-patterns that need to be addressed. This talk presents benefits, risks and challenges in a connected identity environment.
Various types of shared economic interests and risks create communities of interest where separate organizations work together such as in myriad supply chains worldwide. How can COIs come together in structured settings such as technical and policy standards initiatives, government programs, markets and other regulatory and self regulatory contexts to identify common needs and design, develop and deploy mutually acceptable solutions?
In the last years we see that privileged accounts in Operational Technology (OT) environments (e.g. critical infrastructure) have an even higher importance and criticality than in the traditional IT. OT networks and the Internet of Things (IoT) implementations are taking shape and are being connected to enterprise networks and to the internet. This brings many business advantages but also opens these once isolated technologies to advance threats. Securing these privileged account and their privileged sessions are a critical security practice for enterprises and critical infrastructure operators.
When moving to the use of cloud services it is most important to take a risk based approach. However the process involved is often manual and time consuming; a tool is needed to enable a more rapid and consistent assessment of the risks involved. This session describes why a risk based approach to the use of cloud services is needed. It introduces the KuppingerCole Cloud Rapid Risk Assessment Tool developed by KuppingerCole to help organizations assess the risks around their use of cloud services together in a rapid and repeatable manner.