KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
Most OAuth deployments today use bearer tokens – tokens that can be used by anyone in possession of a copy of them, with no way to distinguish between legitimate uses of them and those that stole them and used them for nefarious purposes. The solution to this is proof-of-possession tokens, where the legitimate client supplies cryptographic material to the issuer that is bound to the token, enabling it to cryptographically prove that the token belongs to it – something attackers cannot do because they don’t possess the proof-of-possession cryptographic material.
The OAuth DPoP (Demonstration of Proof of Possession) specification defines a simple-to-implement means of applying proof of possession to OAuth access tokens and refresh tokens. We will describe real attacks occurring every day against bearer tokens and how they are mitigated by DPoP, providing defense in depth and making real deployed systems substantially more secure with minimal implementation and complexity costs.
These attacks and mitigations are particularly relevant to high-value enterprise deployments, such as in the financial, manufacturing, critical infrastructure, and government sectors.
It is well known that women face various challenges when working in the IT industry. These challenges lead to the fact that only about 20% of employees in IT are women. The situation in security and identity is even worse, as some studies have shown. "Women in Identity" is a global organization whose mission is to develop solutions with diverse teams. This presentation will look at the various WID initiatives on a global and local level that support women in the industry and create solutions “for everyone built by everyone”.
Performing accidentally wrong or intentionally bad configuration changes by administrators, scripts or systems can lead to serious security vulnerabilities or unintentional visibility or leakage of data. This applies to on-premises systems, but especially to systems and applications in cloud environments.
With a comprehensive change auditing and reporting in hybrid environments, such critical changes and conditions can be quickly identified and remediated.
This session will deal with this topic in general and with a solution approach in particular.
Portable, verifiable and, most importantly, reusable representations of personal data can enable high-touch, high-trust and low-cost engagement between customers and networks of complementary service providers. The EU is already adjusting to the opportunities of Self-Sovereign Identity, but the private sector needs to demonstrate more high-value use cases in order to force beneficiary regulations and an enabling environment for the technology. The tools and techniques of Self-Sovereign Identity (SSI), including the no-code capabilities provided by ProofSpace, can be used to create trust networks within an organization’s existing technical infrastructure in order, for example, to verify that a credential shared by a customer was issued by a trusted partner. A valuable use case for this is re-usable Know Your Customer verification. Other high-value use cases for SSI trust networks include: networks of affiliated hospitality services referring and on-boarding customers; networks of educational institutions verifying academic credentials; networks of employers verifying employment histories; and web 3.0 and DAO communities verifying member reputation and voting rights for management and governance purposes. A brilliant case study for this is ProofSpace’s work with the pro-democracy opposition of Belarus, where Self-Sovereign Identity enables a decentralized and secure “virtual country”, offering private and public services to unite, serve and empower the pro-democracy community.
This session will be about the journey of Kubernetes and Crossplane at Deutsche Bahn, to provide platform consumers with access to a unified API for deployments, infrastructure provisioning and applications in a manner that is independent from the cloud, addressing compliance and cross-cutting concerns while providing a Kubernetes "native" experience.
The journey has not been without challenges, where the platform team has managed technical and functional requirements including an access model in an enterprise environment, user expectations of cloud native infrastructure usage, and issues with excessive API load, shared resources, as well as controllers written by the team and open sourced along the way.
As digital business pushes organizations towards an accelerated multi-cloud adoption, CIEM (Cloud Infrastructure Entitlements Management) emerges as a strong enabler for securing access and entitlements across an increasingly distributed cloud environment. Traditional PAM and IGA tools aren't natively designed to manage cloud infrastructure entitlements and therefore can't be easily re-purposed to discover and remediate excessive cloud permissions across multiple IaaS and PaaS platforms. The confusion arising from un-identically structured CSPs and misaligned cloud terminology is further aggravated by the quest of IAM, PAM and Cloud Security providers to enter CIEM space and capture market share.
In this session, we will focus on how the CIEM market has been evolving over the last few years to manage the critical cloud security gaps left unaddressed by CSPM (Cloud Security Posture Management) and CWP (Cloud Workload Protection) tools, and how CIEM complements these tools to offer a wholistic cloud security advantage. We will also discuss how CIEM addresses some of the most critical security tenets of your organization's cloud adoption program and future planning.
As for the key takeaways of this session, you will be able to understand and articulate: