KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Compare solution offerings and follow predefined best practices or adapt them to the individual requirements of your company.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
Cloud services have enabled organizations to exploit leading edge technologies without the need for large capital expenditure. In addition, to survive the COVID pandemic, organizations have had to accelerate their use of these services. The market for these services is forecast to grow significantly as organizations complete their digital transformation and move, migrate, or modernize their IT systems. However, according to some estimates only around 4% of enterprise workloads have currently been moved to the public cloud. The factors limiting this growth are the challenges faced by organizations of managing the security and compliance of this new complex hybrid IT environment. This presentation will describe how we expect the market for cloud services to evolve and the key changes needed to help organizations to manage these challenges.
Cloud services have enabled organizations to exploit leading edge technologies without the need for large capital expenditure. In addition, to survive the COVID pandemic, organizations have had to accelerate their use of these services. The market for these services is forecast to grow significantly as organizations complete their digital transformation and move, migrate, or modernize their IT systems. However, according to some estimates only around 4% of enterprise workloads have currently been moved to the public cloud. The factors limiting this growth are the challenges faced by organizations of managing the security and compliance of this new complex hybrid IT environment. This presentation will describe how we expect the market for cloud services to evolve and the key changes needed to help organizations to manage these challenges.
One crucial component to SSI is end-users being able to interact with verifiers directly, without relying on a third-party provider or having to operate their own hosted infrastructure.
Most of the companies today are handling all external users with HR processes using HR systems, which can cause friction and inefficiency when managing external users' lifecycle.
To date, Digital Identity Trust Frameworks have generally been light touch regarding the specification of fraud controls, relying on the theoretical protection a Digital ID offers through more robust authentication. It is true that improvements in authentication methods, such as soft tokens and biometrics, mean the ID theft vector of phishing for a user’s password may be removed. However, ID fraudsters will continue to use stolen ID information to create an ID in the victim’s name. They will continue to create synthetic IDs. They will also continue to try and take over victim’s accounts, using online account recovery and voice helpdesk channels to replace a strong authentication method with one that the fraudster controls.
In recognition of this ongoing threat from fraudsters, the Open Identity Exchange (OIX) has produced a comprehensive Guide to Fraud Controls for Digital ID Ecosystems.
The guide covers the processes and channels that need to be considered from a fraud risk point of view. It identifies the different types of fraud controls that should be applied in each channel, including ecosystem wide syndicated fraud controls, such as shared signals. The process of dealing with a suspected fraud is examined: how should these be prioritised, what investigation process should be followed, and how should victims be informed. Finally, it covers legal considerations when implementing fraud controls, in particular when sharing information and collaborating across the ecosystem to act as a joined-up defence against fraud attack.
This presentation / panel session will provide discuss these topics and how the guide can help those implementing Digital ID and provide the audience a chance to speak about their own fraud challenges with the authors and how the recommendations in the guide might be applied to help
Applying the principles of self-sovereign identity to financial and social media sourced data points will enable businesses to make better and informed decisions about retention, acquisition and eligibility whilst relieving them of most of their obligations under GDPR. |
Traditional IAM models have focused on users, policies, and roles, which met the needs of web applications in years past but as application development has evolved to APIs, an innovative approach to identity management is required. It is no longer just users, roles, and permissions. APIs must be integrated into the identity and access management framework to ensure adequate governance and security. |
- Why API security requires more than traffic policy management and course-grained enforcement. |
As a byproduct of the current activity across industry, government, and regulatory sectors, digital identity leaders face unprecedented opportunities- and challenges.
Covid has accelerated the global imperative to establish a strong and safe global digital economy that is enabled by a secure, interoperable, digital identity ecosystem. One of the most daunting challenges is how, where and when to start.
The reality is that the target global ecosystem will be years in the making despite the widely held view that better identity is crucial to achieving a trusted digital-first marketplace. The fact is that the target state is the quintessential “it takes a village” challenge. It is this speaker’s strongly held view that the leaders who move the market now will be best positioned to substantively shape the government, regulatory and legal frameworks that might otherwise hamper ecosystem growth.
The focus of this session is to speak to the market movers in the audience and provide food-for-thought in devising a strategy to move forward. The ‘right’ strategy will attract global relying parties, identity service providers and the digitally-enabled consumer audience writ large (‘the village.’) The global ecosystem will take time to evolve but the time to build the foundation is now.
Balancing usability and security is a well-known challenge in the field of identity. With increasing threats to personal and critical business data posed by nation-states and other bad actors, organizations are moving to a default posture of Zero Trust with more and more technology vendors and service providers delivering solutions in the form of complex monitoring and policies designed to keep the bad guys out. Knowledge workers, including an increasing population of frontline workers, require and expect seamless collaboration and productivity without barriers that waste time and require technical expertise. And businesses of all sizes are looking for solutions that can be operated by managers and program owners who are not necessarily identity and security experts. At the same time, individuals are drowning in a sea of passwords and clamoring to maintain their privacy and preventing compromise in their personal lives. With more signals, potentially come more annoyances, and with more annoyances come to the proliferation of unsafe practices. As vendors and enterprises dedicated to secure and seamless identity, it is our responsibility to invest in a more secure future while remaining dedicated to solutions that guarantee higher security but are even easier and more delightful to use than today's conventional solutions. FIDO2 and the move towards passwordless solutions are getting more adoption, but still carry with them some experience challenges in onboarding and recovery. Innovations like distributed identity show promise in decentralizing ownership of personal data and putting control back in the hands of end-users but are in very early days. EIC represents the industry and our commitment to creating trustworthy frameworks that protect organizations and people. Join a panel of experts to share their thoughts on how we can continue on a pace of innovation in zero-trust while maintaining trust and usability for everyday people in a digital world. |
- innovation requires investment across security, privacy, and usability Paul Fisher, Senior Analyst, KuppingerCole
Robin Goldstein, Partner Group Program Manager, Microsoft
Alexander Koch, VP Sales DACH & CEE, Yubico
|
Mobility-as-a-service is changing the way people move. From mobility based on driving your own car, it is converging to the consuming of various services using multiple modes of transportation. Ranging from eScooters, bicycles, ride-sharing to car-sharing, ride-hailing and public transport.
There are various ways that client applications may need to log in when going beyond passwords. With a username and password, client development is easy -- just collect a couple of inputs from the user and match them on the server. When going beyond these though, how can client applications be deployed and maintained in a way that the server still dictates what the client should present and obtain from the user when authenticating them?
Identity on AWS may be well trodden ground, but that doesn’t necessarily make it any more inviting for enterprise practitioners who may not have had occasion to yet dive into the topic when tasked with an implementation.
The onslaught of account takeover attacks from insecure passwords is driving the rapid adoption of passwordless solutions. While the risk reduction benefits are substantial, eliminating passwords is just the first step on the path to fundamentally strong authentication. In the “new normal” era of work from anywhere, and rapidly increasing cloud adoption, organizations are moving to a new risk-based authentication model. Advanced organizations are validating users, their devices, and inspecting the security posture of the device for each login. Strong and continuous authentication is a fundamental building block of Zero Trust. Learn how you can make it happen without making the user experience miserable.
Discussion topics include:
Takeaways: