KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Compare solution offerings and follow predefined best practices or adapt them to the individual requirements of your company.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
There are several sessions at this year’s EIC looking at the roles of policies in IAM, for modernizing and efficiency gains in IGA, for authentication and fraud detection, and for authorization. In his keynote, Martin Kuppinger, Principal Analyst at KuppingerCole Analysts, will take a broader perspective and look at why the future of IAM and cybersecurity must and will be policy-based. This involves policies in IGA, policies in cybersecurity, hierarchies of policies, policies for application developers and IaaS administrators, policies in Zero Trust, overcoming static entitlements, policies in the context of DID (decentralized identities), and other topics. He also will discuss what needs to be done where, such as Policy Governance, Data Governance, and Policy Lifecycle Management, and why the shift to policy-based approaches requires a multi-speed approach, with policies in new digital services coming faster than policies for modernizing legacy IAM.
There are several sessions at this year’s EIC looking at the roles of policies in IAM, for modernizing and efficiency gains in IGA, for authentication and fraud detection, and for authorization. In his keynote, Martin Kuppinger, Principal Analyst at KuppingerCole Analysts, will take a broader perspective and look at why the future of IAM and cybersecurity must and will be policy-based. This involves policies in IGA, policies in cybersecurity, hierarchies of policies, policies for application developers and IaaS administrators, policies in Zero Trust, overcoming static entitlements, policies in the context of DID (decentralized identities), and other topics. He also will discuss what needs to be done where, such as Policy Governance, Data Governance, and Policy Lifecycle Management, and why the shift to policy-based approaches requires a multi-speed approach, with policies in new digital services coming faster than policies for modernizing legacy IAM.
The adoption of multiple clouds is accelerating across all industries. While multi-cloud brings many benefits, it also results in new challenges. Organizations must manage platform-specific access policies in the bespoke policy syntax of each cloud.
Security and risk gaps arise between cloud identity systems due to the increased policy fragmentation and technical complexity that can obscure visibility and make it difficult to determine who has access to what.
These challenges grow exponentially when you consider the various access policies (and system languages) associated with each data, network, and platform layer (and vendor) in an organization’s tech stack.
This session will describe an open-source solution to multi-cloud access policy fragmentation: Identity Query Language (IDQL) and Hexa Orchestration. IDQL and Hexa are two sides of the same coin that together perform policy orchestration across incompatible cloud platforms.
IDQL is the universal declarative policy language that can be translated into a target system's proprietary or bespoke access policy format. Hexa is the open-source reference software that brings IDQL to life and makes it operational in the real world by connecting to target systems and performing the three main functions of discovery, translation, and orchestration.
Hexa Policy Orchestration was recently accepted as a Cloud Native Computing Foundation (CNCF) sandbox project. The session will include a technical review of Hexa plus a demonstration of current capabilities.
You often think service providers should build identity and API security infrastructure by themselves to have full control and flexibility so that it can fit into their business and technology stack. But it tends to be time consuming and costly due to lack of expertise to do so. Buying a heavy-weight solution is another considerable option, but it reluctantly leads dependency on the particular vendor of the solution, which may have redundant features and may not accommodate to customize in a cost-effective and timely manner. In this session, we will discuss a third option to “buy and build” that can combine the best of both worlds and give you control by building from scratch, as well as minimize the time and resource by leveraging “Identity Components as a Service.”
The past few years have seen a startling increase in decentralized technologies for Digital Identities. So far, much of their adoption has been limited to academic or proof-of-concept integrations (barring some shining examples) rather than consolidated production-ready use cases.
Generally, there isn't an enforced link between real-world and digital identities, and rightfully so. Still, enterprises' policies and regulations mandate companies to ensure restricted access to reserved data and undeniable attribution, which collides with general anonymity and distributed principles. Albeit SSI technologies aim at filling this gap with trusted-yet-privacy-preserving solutions, companies still need to consolidate digital identities and collapse them into a well-defined entity. We will talk about a hybrid approach to classic IAM for workforce management including W3C native credential integration with solidified and well-established SSO federations. In other words, delegate to the end users the choice of which identity technology to use as long as they can provide a trust chain that the companies can verify.
The term secure access service edge (SASE) has become popular in recent months and has been adopted by numerous vendors. SASE stands for a concept that integrates a range of cloud-native security services including cloud access security brokers (CASB), firewall as a service (FWaaS), secure web gateways (SWG), and zero-trust network access (ZTNA), with wide-area network (WAN) capabilities for delivering both directly to any edge computing location. In this session, KuppingerCole´s John Tolbert will give an overview of the market for SASE solutions and provide a compass to help buyers find the product that best meets their needs. KuppingerCole examines the market segment, vendor capabilities, relative market share, and innovative approaches to providing SASE solutions.
The Common Ground movement of the Dutch municipalities is developing innovative solutions for greater interoperability. An important part of this is the data landscape, where functionality is accessed through microservice API’s. In the analysis of this architecture, one aspect is barely touched upon: The Access Control aspect in API’s is not appropriately co-developed.
The Municipality of The Hague has performed a Proof Of Architecture (the POA) to demonstrate that it is possible to unlock an existing API in which access is not explicitly modeled, or that still uses traditional Role Based Access Control methods internally, restricting interoperability across contexts.
The POA is done in an effective and efficient way through innovative 'zero trust architecture' concepts, such as Policy Based Access Control. Security and privacy are thus demonstrably realized in accordance with legal requirements. The POA proves that it is technically feasible to add input-filtering of access requests to ignore the restricting RBAC method and thereby open doors for municipalities for interoperability in an autonomous and secure way.
During the presentation the working principles of API access from a perspective of Identity & Access Management are explained, but also how these principles can be applied in practice in an existing application landscape.
The presentation will be a joint presentation between the lead architect of the City of The Hague, Jan Verbeek, and access strategist André Koot.
Rotating credentials of some privileged accounts is a risky task, which might lead to a business shutdown when things go wrong. But the alternative of not rotating them opens the door for attackers to take hold of your organization - thus leading to a business shutdown as well. This is a lose-lose situation.
So what should we do ? Rotate or not rotate credentials of privileged accounts ?
In this session we will discuss about the challenges and solutions.
In this session, KuppingerCole´s Paul Fisher will give an overview of the market for Privilege Access Management (PAM) platforms and provide a compass to help buyers find the product that best meets their needs. KuppingerCole examines the market segment, vendor capabilities, relative market share, and innovative approaches to providing PAM solutions. He will also explain how the new Pamocracy is affecting the market.
The enterprise perimeter is now its data objects, APIs, applications, and its users are now the workforce, customers, partners and in many cases, machines. In this new, decentralized, and highly segmented world, CISOs and IAM leaders find themselves struggling with multiple systems and interfaces that control the most basic question: Who has access to what and when?
In this session, we will present a new architecture for Identity First Security based on Centralized Access and Authorization Policy Management Platform, and discuss pro and cons, specific real-world implementations.
OAuth 2.0 is a widely adopted standard for authorization, but it can be complex to implement correctly. It's not uncommon for developers to have difficulty understanding the nuances of the OAuth 2.0 flow and instead rely on simpler approaches such as using API keys in "god mode." |
An Identity Fabric Program program moves beyond established tooling and focuses on outcomes and the elimination of technical debt or heavy customizations that hinder the organization’s ability to deploy at scale. Identity Fabrics shift the focus from tactical or manual operations to more strategic functions that are optimized to business objectives. Identity Fabrics are key to successful digital transformations and therefore a sustainable deployment strategy will deliver recognized business value and a significant competitive advantage.