KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Compare solution offerings and follow predefined best practices or adapt them to the individual requirements of your company.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
“It’s about the journey, not the destination” they said. “It’s basically just Don’t Trust But Check, what’s the real difference?” they said. “ What’s the big deal?” They said.
Zero trust has been the panacea to everyone’s security problems, for a really long time now, and yet we are still talking about it, and not just doing it. It’s no surprise that there is a certain level of cynicism then that zero trust was all marketing and no trousers.
If 2021 brought us anything though, it was finally some clarity that zero trust really does have a role to play in the enterprise, just not by itself. Various vendors and enterprises have finally conceded that while it is important, it is just one part of the puzzle to help organisations manage their ever changing, digitally transformed, hybrid working, flexible, work from home environments.
Everything changed with zero trust, and now it is actually helping us to change again. In this talk, learn from;
Where zero trust came from, and where it is now
What the new working paradigm means for CISOs…
… and how zero trust environments and working models can help, not hinder, even without a final destination
“It’s about the journey, not the destination” they said. “It’s basically just Don’t Trust But Check, what’s the real difference?” they said. “ What’s the big deal?” They said.
Zero trust has been the panacea to everyone’s security problems, for a really long time now, and yet we are still talking about it, and not just doing it. It’s no surprise that there is a certain level of cynicism then that zero trust was all marketing and no trousers.
If 2021 brought us anything though, it was finally some clarity that zero trust really does have a role to play in the enterprise, just not by itself. Various vendors and enterprises have finally conceded that while it is important, it is just one part of the puzzle to help organisations manage their ever changing, digitally transformed, hybrid working, flexible, work from home environments.
Everything changed with zero trust, and now it is actually helping us to change again. In this talk, learn from;
Where zero trust came from, and where it is now
What the new working paradigm means for CISOs…
… and how zero trust environments and working models can help, not hinder, even without a final destination
When dealing with digital identity, emphasis is often put on the identification and authentication part. An equally important aspect is digital signing (or more broadly: electronic signing). Qualified electronic signatures have the same legal status as handwritten signatures in the EU. In this session, we shall look at the advantages and challenges that come with them from a Nordic-Baltic perspective. What is their role today and in the future; both independently, and in connection with the upcoming eIDAS2-wallet? Concrete use cases will be demonstrated from the point of view of the citizen, the public sector and businesses.
For the last 30 years virtually every company, agency and organization has been forced to accept the risks associated with identity management and control for third parties and all the other identities that are not directly addressed by today's workforce or customer access management solutions. The universe of "all other identities" is enormous, numbering in the billions and maybe even the trillions of distinct and unique identities. In the absence of solutions and processes to actively manage and control the identities of contractors, service providers, agencies, franchisees and all the possible variations of people, devices and entities that your organization interacts with, accepting risk but not being able to mitigate it has been the normal course of business. It is past time that these risks are acknowledged, addressed, and mitigated. Richard Bird explains the current state of third and n-th party identity risk, how to recognize it and what to do about it in this presentation on a new frontier in security and risk.
This session will be about the journey of Kubernetes and Crossplane at Deutsche Bahn, to provide platform consumers with access to a unified API for deployments, infrastructure provisioning and applications in a manner that is independent from the cloud, addressing compliance and cross-cutting concerns while providing a Kubernetes "native" experience.
The journey has not been without challenges, where the platform team has managed technical and functional requirements including an access model in an enterprise environment, user expectations of cloud native infrastructure usage, and issues with excessive API load, shared resources, as well as controllers written by the team and open sourced along the way.
OPA is a fast rising star in the Authz market. In this deep dive we will cover lessons learned and best practice from early adopters on how to deploy OPA at scale and in production. How can you ensure consistent polices, how do you test and life cycle policies, how do connect with external data sources.
Once again, analysts from KuppingerCole come together to showcase outstanding Identity Management and Security projects, standards and people. The winners will be honored live on stage during the award ceremony.
David will talk aboout a new technology that allows the person owning a public key to prove that they have memorized a passphrase, from which they could at any time easily compute the private key.
One example use is for votexx.org elections, which are conducted remotely without polling places. The ballot-casting in such elections is done by a signature that is publicly verifiable as corresponding to a particular public key posted in advance by the election authority. The voter registration authority would require a proof that the voter knows the corresponding passphrase and hence ensures that the voter has irrevocable access to the private key corresponding to the posted public key. This lets the voter give all of their keys (in an extreme case) to a vote buyer and/or coercer – while the voter is never able to give up knowledge of the passphrase and the ability that it confers to secretly cancel any vote made with the corresponding private key. This is just one example David will feature in his presentation.
The Kantara Initiative is developing a standard and requirements so that organizations can demonstrate to their stakeholders that their commitments to privacy and data protection go beyond transactional and technical trust. At the end of the day people trust, or don't trust, organizations - not the technologies that the organizations use. This session will provide you with an up-to-date report on the development of these standards and requirements and also provide you with an opportunity to provide input into their development.
Security vs experience. Platform vs best of breed. Fast vs thorough. The identity technology world forces us to make trade-offs. These difficult decisions are an endless exercise in technical and logistical nuances like developer and IT resources, product licenses, integrations, and deployment methods.
Get ready! We are entering an era where IAM professionals can rise above those tradeoffs, and rapidly evolve from technical experts to experience artists by using solutions that customize, code, and integrate for you. This means humans can focus on what humans do best: creating amazing experiences, differentiating from competitors, reacting to market trends, leveraging innovations like decentralized identity and partnering with business owners to anticipate and exceed user expectations.
The third iteration of the Web, Web 3, aims to put more control over web content in users’ hands. It promises to be built on blockchain, eliminating all big intermediaries, including centralized governing bodies. The vision for a Web3 world is for people to control their own data and be able to bounce around from social media to email to shopping using a single personalized account, creating a public record on the blockchain of all of that activity. What does this mean from an identity management point of view? We will explore some important questions that should be addressed as the future of the internet unfolds, including the impact that limited oversight in crypto currency will have, including poor authentication; the role of decentralized identities and private key management; and finally, the privacy aspects of having transaction data on the blockchain and what that means for attackers that can potentially compile new identities or further identity theft as we know it today. Whether it is Web3 or beyond, these issues will be critical to build trust on the internet of the future.
Drone operations are estimated to bring €10bn/yr to the EU economy by 2035. A critical e-Government issue is the ability to fly drones in regulated airspace around airports. Unauthorised drone operations in the flightpath of passenger aircraft can endanger lives and cause huge financial loss for airport operators. Heathrow Airport has invested >£10M in security systems to track and destroy unauthorised drones. Digitising the entire drone flight approvals process will involve many steps, but the major one we are addressing is verifying pilot training credentials. SSI could radically improve this currently cumbersome and low-trust process. In an Innovate-UK grant funded project (Fly2Plan), we developed an SSI PoC for a drone pilot training company to issue training certificates as verifiable credentials to drone pilots, which can be verified by Heathrow Airport. In this talk we present our learnings and future work. |