KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
The Internet had been created without an identity layer, leaving it to websites and applications to take care for authentication, authorization, privacy and access. We all know the consequences - username and password still being the dominant paradigm and, even more important, users not having control over information that personally identifies them. The risk of data misuse, of being hacked or manipulated has become a significant challenge and and requires a new approach in times of an emerging web3 and its core capability of transferring value. Is decentralized, DLT based Identity the solution that finally will enable DeFi, NFTs and DAOs? Join this awesome keanote panel to controversially discuss this topic.
Privacy is one of the most challenging aspects to protect in identity solutions.
The entities that stand to gain the most from surveilling users can use convenience as a bargaining chip. Users understand and appreciate convenience, but they often don't appreciate the costs of loss of privacy, as the consequences often play out well after the violation occurred.
Identity practitioners often take the need to preserve privacy for granted, and in so doing fail to help users and solution designers understand the concrete impact privacy violations can have on the lives of users. This session will arm you with the concrete scenarios you need to instill in customers and colleagues a new awareness of the real costs privacy violations can have.
As an incubator for innovation in air travel, Aruba has chosen to use verifiable digital credentials to manage entry requirements and health testing for travel to the island. This decentralized, open-source technology, which provides secure authentication while preserving traveler privacy, was developed by SITA and Indicio.tech and donated to Linux Foundation Public Health as Cardea. In this session, representatives from Aruba’s government, Indicio, and SITA will discuss why they chose a decentralized approach, how they created a trusted data ecosystem, and why the ability to verify personal data without having to check in with the source of that data will transform air travel, healthcare, and tourism
A practical approach to cyber security architectures: In a hybrid ecosystem we have not only to find a suitable security model for IT but also for OT like in production environments. And after all cloud services are adding another dimension of complexity. We will take a short look at the security basics, compare some outdated, updated and up-to-date security models finding suitable models for IT-security, OT-security and cloud-security. Finally we will put it all together in combined scenarios. This presentation will focus on practical security architecture rather than on formal compliance.
* IT-security, OT-security, cloud-security
* Cyber security: from basics, perimeter, air gap to zero trust
* Hybrid world: isolation or integration
* Tops and flops in practical cyber security
As customer identity programs mature, they bring new opportunities and risks. In the rush to launch new customer experiences, personal data is over-exposed and over-replicated. The default is to ship all identity attributes, to all systems, on every request in order to make access decisioning easier for application developers.
This approach disperses identity information across the application stack; which increases risks of data breach, data loss, and compromised identities. As a result, consumers lose trust and new business opportunities falter; or worse, customers like the new experience, but its success creates security and compliance liabilities that expand exponentially. To remediate the risk, data teams enter a never-ending cycle of costly data analysis and audits.
Identity architects and developers need to address privacy requirements earlier - not in post-collection data management, but instead in the application development process. While Privacy by Design and Privacy by Default principles are a helpful framework, they offer little practical guidance for developers to actually build privacy-preserving applications.
We will discuss how to use identity data at run-time, in the context of the application; how to retrofit existing applications with privacy requirements; and how to easily evolve applications over time.
Recent years have seen significant Artificial Intelligence (AI) development across all domains of business and society. This panel aims to bring attention to societal impacts of AI – benefits and challenges, by bringing thought leaders and practitioners from different parts of the world to leverage diverse viewpoints around AI governance that continue to drive AI development across borders.
The disruptive changes in the SSI paradigm will not be effortlessly adopted by the industry worldwide without technological enablers. Indeed, before transitioning to a fully decentralized ecosystem, standard enterprise IAM solutions and canonical IGA disciples will need to adapt and integrate verifiable credentials. This talk will explore the hybrid decentralization paradigm, offering pointers and insights into the uncontestable evolutionary needs of enterprises. After all, industry IAM solutions must evolve to include VCs issuing and verification capabilities to fully embrace the trustless trust paradigm while retaining complete control of authorization flows.
Two decades of digital transformation and cloud migration have been slowly eroding the traditional network perimeter and with the past two years of transition to more remote work, the walls have come tumbling down. Privileged credentials from access tools (like VPN and RDP) that have been left on endpoints are a valuable target for attack. SAAS applications and Cloud access further expand the proliferation of potentially exposed identities. Once an attacker establishes initial access it becomes trivial for lateral attack movement to take control over critical systems or the entire network. The network perimeter is obsolete. Identity is the new perimeter. Organizations must discover, mitigate and protect their identity risks.
The Kantara Initiative is developing a standard and requirements so that organizations can demonstrate to their stakeholders that their commitments to privacy and data protection go beyond transactional and technical trust. At the end of the day people trust, or don't trust, organizations - not the technologies that the organizations use. This session will provide you with an up-to-date report on the development of these standards and requirements and also provide you with an opportunity to provide input into their development.
Digital identities of consumers, customers, business partners, employees, but also devices, things, or services are at the core of the digital business. Unfortunately, most digital identities reside in siloes. Building a modern Identity Fabric that delivers seamless yet secure and controlled access from everyone and everything to every service requires breaking down the legacy identity siloes, and building a modern, flexible, identity data foundation.