KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Compare solution offerings and follow predefined best practices or adapt them to the individual requirements of your company.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
PAM (Privileged Access Management) is one of the established core disciplines within IAM. PAM also is the IAM discipline that is changing most from what it has been in the past.
On one hand, there is the impact of CIEM & DREAM, Cloud Infrastructure Entitlement Management or Dynamic Resource Entitlement & Access Management. This is about the expansion of PAM beyond humans accessing servers and selected applications towards any type of human and non-human (silicon) identity accessing any type of workload, from servers to dynamic cloud resources. This also implies an expansion from serving static data center infrastructures to dynamic workloads in today’s agile IT. PAM is changing, with more parties involved – a “PAMocracy”, as KuppingerCole Analyst Paul Fisher recently named it.
These changes also require expansions in integration to other IT services. There needs to be a dynamic governance approach, where IGA comes into play. It requires rethinking whether PAM tools really should care for authentication. There is no need for authentication point solutions in an age where most organizations have a strong Access Management solution with MFA, passwordless authentication and adaptive, risk- and context-based access in place. Finally, this new PAM must integrate with the DevOps tools chain for permanent updates about new code and the resources used as well as with IT Asset Management for an always up-to-date insight into the ever-changing, dynamic IT landscape that needs to be protected.
Also worth to think about is integration with further security solutions, beyond the standard SIEM/SOAR integration. AI-powered security solutions are one aspect. Integration to Cloud Security Posture Management is another example.
In this panel, the state and requirements on the future PAM will be discussed.
Like many businesses, you started the MFA journey and might even consider it at a level of maturity. Yet, when questioned to rate compliance coverage or cyber insurance requirements for strong authentication business-wide, do you have a moment?
Workforce identity workflows are complicated, with an extensive portfolio of assets and legacy applications that create gaps in strong authentication coverage. However, organizations need to trust nothing and no one - and have to prove strong authentication is in place to regulators and cyber insurance underwriters.
In this session we will explore ways to strengthen your authentication system and fill coverage gaps:
Digital sovereignty has become an important topic for individuals as well as a strategic issue for countries and businesses, allowing them to operate in an environment that they trust and can control. This necessitates technology that is not overly reliant on third parties, where there is a risk of misuse of trust or non-compliance.
In this session, we will explore 3 dimensions of digital sovereignty related to identity:
You have probably heard about Cyber Resilience, and how about Cyber Resistance? What should be the differences between the two terms in the context of Cybersecurity? Cyber Resistance is the same or not?
Prioritizing where to focus efforts first when attack scenarios are almost endless is a complex task. There are often millions of potential attack paths. Most organizations do not know what those paths are or how to prioritize which ones to close first if they can be closed at all.
During this presentation, we will be understanding the differences between Cyber Resistance and Cyber resilience, and how we can apply both concepts to our current technology landscape, besides understanding how we can identify the High-Value Target (HVT) in your organization.
Data is foundational to business intelligence - but how do you translate that into identity governance? Today’s enterprise has unprecedented levels of real-time, rich identity data across multiple parallel sources. More data leads to more predictive power in machine learning algorithms. These runtime data driven insights can become a central component to a systematic compliance and risk management strategy. This session will highlight how identity data can be used to uncover patterns, anomalies, and outliers and radically improve decision making, supporting your Identity First Security strategy.
Digital transformation came with a wide range of advantages, but it also opened the door to potential cyberattacks. Every organization faces the risk to be the target of a cybercrime, but the transition to business digitalization leaves a greater room to present vulnerabilities in the system, and if attackers happen to identify them, the attack will occur. The world is changing rapidly, and companies must change with it, and so insurers see their possibility to break into the market. Is it worth to have a cyber-insurance policy? Does it cover all the damages? What is the extent of insurers responsibilities and the company one? Could these cases go to court and under what conditions?
Privilege escalation is also one of the most common techniques attackers use to discover and exfiltrate sensitive valuable data. From a hacker’s perspective, privilege escalation is the art of increasing privileges from the initial access, which is typically that of a standard user or application account, all the way up to administrator, root, or even full system access. With NT AuthoritySystem access or on Linux the root account, attackers have full access to one system. With Domain Administrator access, they own the entire network.
• Top Methods of Privilege Escalation on Windows and Linux
• Common Tools used to identify Privilege Escalation
• And more...
How Self-Sovereign Identity (SSI) enables decentralized Identity and Access management for Things
From SSI zero to hero – ETO`s digital & IoT transformation in practice
IAM and security leaders end up certifying far more access than necessary, owing to a failure to classify business resources. Furthermore, business users pay the price because they must spend an inordinate amount of time filling out these lengthy surveys. Benoit will show how to reduce certification fatigue through robust role management, which helps business users achieve better results while taking less time out of their day.
Germany's healthcare sector will introduce its own ID wallet called "Sectoral IDP" for all statutorily insured persons on 01.01.2024. The issuers of the wallet are the health insurance companies, and approval will be granted in accordance with the extensive specifications of gematik (the regulatory authority). The ID attributes are issued by 2 issuers: PID and health insurer. The sectoral IDP is based on the OpenID Connect (core and Federation), Open Authorization 2.0 (OAuth 2) and JSON Web Token (JWT) standards. The presentation will describe the specific gematik requirements for product and operations of the ID wallet as well as their possible implementation. Despite the closed system in eHealth (Telematics Infrastructure) by definition, bridges to developments of ID wallets outside the sector such as EU, AML and eIDAS will be shown.
Digital identity wallets are central components for Decentralized and Self-Sovereign Identity (SSI) approaches. They are the interface for users to manage their identities and gain access to services. Hence, the usability and user experience of these wallets is pivotal for the adoption of those popular and privacy friendly identity management concepts. This talk will summarize research findings into naming some of the Best and Worst Practices to be considered in the further development of the user experience of Digital Wallets.
This talk would highlight multiple studies, publications, and projects that I have done on this topic. However, if you would prefer another topic, I could propose another talk idea that would be related to other identity topics in either the Digital Wallets, mGov/eGov Services, or Trust Management.
Since IDPro began its skills survey in 2018, we have seen technologies rise and fall and how IAM practitioners continue to struggle to feel proficient in their field. From the decline in directories to the power of personal identity, the IAM field is certainly not boring! |