KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Compare solution offerings and follow predefined best practices or adapt them to the individual requirements of your company.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
The threat landscape became wicked and rougher. Governments are desperately trying to fight the cyber threats. But their efforts will never satisfy the needs. As a company, community or individual you remain a vulnerable target. Applying a layered information security strategy can effectively reduce your risk exposure. Define your drivers and long term security goals; involve your stakeholders; engage your customers, employees and suppliers; clearly communicate and achieve your targets by implementing the security roadmap are the key steps for becoming a security intelligent company who will be better protected against the next attack.
The threat landscape became wicked and rougher. Governments are desperately trying to fight the cyber threats. But their efforts will never satisfy the needs. As a company, community or individual you remain a vulnerable target. Applying a layered information security strategy can effectively reduce your risk exposure. Define your drivers and long term security goals; involve your stakeholders; engage your customers, employees and suppliers; clearly communicate and achieve your targets by implementing the security roadmap are the key steps for becoming a security intelligent company who will be better protected against the next attack.
Cloud adoption is rapidly increasing, many organisations struggle to establish a sustainable contracting process. The one-size-fits-all aspect of cloud computing is often reflected in the limited flexibility of cloud service providers during contract negotiations. More and more organizations are left with the choice of signing standard terms and conditions. This strongly increases the need for organizations to define their contract requirements prior to selecting a cloud solution. The specific types of data (e.g. confidential data, privacy sensitive data) to be stored in the future cloud service, the related risks and applicable legal domains (e.g. data privacy, trade controls) should determine the contract requirements. These requirements have to be taken into account in order to ensure compliance with laws and regulations after accepting any terms and conditions.
The holy grail of security is to ensure the right people have access to the right things, always, anywhere, everywhere and all the time. Is it simply coincidence or a premonition of fate that the mission of the Identerati is to enable the same thing? With identity becoming the control point, the backplane and the new perimeter in a world with shifting borders, it's time to rethink our overall approach to information security. Identity defined security is moving to center stage and this session will explore the patterns and architectures of this new approach to security.
eIDAS Regulation 910/2014 on electronic identification and trust services provides the legal framework for the cross-border recognition of electronic identification means, ensures the legal certainty and interoperability of trust services (namely electronic signatures, electronic seals, electronic registered delivery services, electronic time stamp and web site authentication) and establishes the non-discrimination of electronic documents vis-à-vis their paper equivalent. The presentation focuses on the role of eIDAS in realising the digital single market and on the actions at the EU level to support the uptake of electronic identification and trusts services and the Regulation in the EU.
In this presentation, the risk of privacy in the modern communication technology, both Internet and mobile networks, is analyzed. It turns out, that users have to negotiate the risk of privacy between refraining from services, trusting services, using self-data-protection methods and trusting privacy enhancing technologies. Services, on the other hand, have to present themselves as trustworthy with respect of their competent and decent way to handle user data. This presentation identifies the privacy principles and related trust areas and protection means.
Self-determination, decisional autonomy, privacy enablement, and meaningful choice are not just tools for customer satisfaction: They’re also tools and characteristics for identity management in the enterprise that’s ready for digital transformation. How has user-managed identity and access shaped up so far, in terms of technology, processes, and adoption? And what progress can we expect in the decade to come? Join ForgeRock innovation VP Eve Maler to learn about the exciting ride we’ll all be on — one you’ll actually enjoy, because last we checked, enterprise IT experts are people too.
Various types of shared economic interests and risks create communities of interest where separate organizations work together such as in myriad supply chains worldwide. How can COIs come together in structured settings such as technical and policy standards initiatives, government programs, markets and other regulatory and self regulatory contexts to identify common needs and design, develop and deploy mutually acceptable solutions?
Risk is akin to the multitude of bacteria found in the human body; without it the body does not flourish. If you think your risk assessments and risk registers keep you safe from risk, then think again. Risk is a vital part of business, one that helps prompt correct decision making, open up greater rewards and helps grow an organisation and keep it healthy. Learn from clear examples and understand when risk can be embraces and when it can be avoided.
Much has been written about “Black Swans”: unpredicted, massively game-changing and, in hindsight completely foreseeable events. Why do they happen and why are we surprised? More importantly, what can we do to mitigate against the unforeseeable?
The potential for game-changing risks is becoming more frequent and more impactful, due to global drivers and trends: from the technology front (speed of technical advance and disintermediation of technology) to the business front (concentration risk from outsourcing and interdependencies of supply chains) to the political front (Eurozone consolidation and global terrorism).
As organizations race to transplant onsite infrastructure and applications to the Cloud, strong yet flexible control over authorization will play a critical role. Each Cloud vendor approaches the challenge of role and attribute-based authorization in a completely different manner and the facilities they offer are undergoing a rapid evolution. This session offers an overview of the authorization capabilities offered by the Microsoft Azure and Amazon AWS platforms and include best practice suggestions.
In the last years we see that privileged accounts in Operational Technology (OT) environments (e.g. critical infrastructure) have an even higher importance and criticality than in the traditional IT. OT networks and the Internet of Things (IoT) implementations are taking shape and are being connected to enterprise networks and to the internet. This brings many business advantages but also opens these once isolated technologies to advance threats. Securing these privileged account and their privileged sessions are a critical security practice for enterprises and critical infrastructure operators.
Risk is often seen as a dirty word in business. It is a thing that needs to be reduced to nothing, and has no possible good use in an organization, especially a security programme. This couldn’t be more wrong! Risk is an inherent part of any business, and yet it is often poorly recognized and leveraged in the security organisation.
In this presentation Thom looks at three areas of the risk conundrum to open the veil on the elusive art of understanding and ultimately measuring risk:
Hanns Proenen takes you on a small journey through traditional IT security, as it was until recently, and how he is observing and experiencing the shift to information security and IT risk. He talks about the tasks for the IT Risk Officer and how to build a firewall between the digital and the analogue world.