KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Compare solution offerings and follow predefined best practices or adapt them to the individual requirements of your company.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
Data is foundational to business intelligence - but how do you translate that into identity governance? Today’s enterprise has unprecedented levels of real-time, rich identity data across multiple parallel sources. More data leads to more predictive power in machine learning algorithms. These runtime data driven insights can become a central component to a systematic compliance and risk management strategy. This session will highlight how identity data can be used to uncover patterns, anomalies, and outliers and radically improve decision making, supporting your Identity First Security strategy.
Data is foundational to business intelligence - but how do you translate that into identity governance? Today’s enterprise has unprecedented levels of real-time, rich identity data across multiple parallel sources. More data leads to more predictive power in machine learning algorithms. These runtime data driven insights can become a central component to a systematic compliance and risk management strategy. This session will highlight how identity data can be used to uncover patterns, anomalies, and outliers and radically improve decision making, supporting your Identity First Security strategy.
Identity has been always an ambiguous term. Identities exist in a sociocultural and organizational context and in technical ones. We have Digital Identities and eIDs and not only do individuals have identities but so do organizations and non-humans, especially in technical contexts.
Identities had been always under threat, starting with theft of individuals’ identities and credentials in the physical world, such as credit cards and passports. However, these threats have not been on a large scale. We all know that this has changed dramatically with the digitization of everyone and everything. Social engineering, phishing emails, buying credentials in the dark web have become a serious threat to businesses and individuals. These threats have reached new heights with the numerous attacks on identity infrastructures, be it corporate directories or government eID infrastructure.
In this panel, we will explore the identity threats to individuals and organizations, how they are managed, and how identity security can be achieved from a prevention, detection, and management perspective.
The claim or desire for authorizations, permissions and the rights set in practice often have a wide divergence. Typically, more rights are assigned unconsciously than were actually required.
The resulting vulnerabilities can have significant consequences therefore, it is essential to be able to monitor the true permissions at any time, regardless of how the permissions have been set. It is almost impossible to manage monitoring manually, even in small environments. Therefore, independent automatisms that can automatically explore, analyze and report the real settings are becoming a requirement.
In this session we will show you how Cygna Labs can support you in these challenging tasks and thereby ensure and improve security in your company.
What started as a simple blog post from Google has rapidly ballooned into an industry movement. Major vendors have implemented the Continuous Access Evaluation Protocol / Profile (CAEP) and analysts, practitioners and decision makers agree that it is critical to the future of zero-trust. This keynote, by the inventor of CAEP, goes into the pain points that led to the development of CAEP, the process to recast it as a part of the Shared Signals working group in the OpenID Foundation and the trends that make it an indispensable component of any zero-trust architecture. CAEP’s non-prescriptive nature makes it easy for anyone to implement their own policies and the Shared Signals Framework makes communicating changes efficient and nearly instantaneous. A future powered by Shared Signals and CAEP enables enterprises and vendors to break information silos to create a highly secure outcome.
Good security gets out of the way of users while getting in the way of adversaries. Passwords fail on both accounts. Users feel the pain of adhering to complex password policies. Adversaries simply copy, break, or brute-force their way in. Why, then, have we spent decades with passwords as the primary factor for authentication?
The industry needs to trust passwordless authentication (FIDO2). Adversaries and then criminals have circumvented our authentication controls for decades. From the very first theft of cleartext passwords to the very latest bypass of a second-factor, time and again improvements in defenses are met with improved attacks.
What holds us back from getting rid of passwords? Trust. In this session, we will propose a framework of technical controls to ensure only trusted sessions authenticate, regardless of faults or failures in any one factor, and to reassess based on shared signals (CAEP). We will share a path forward for increasing trust in passwordless authentication.
End-users have become accustomed to shopping, dining, traveling, learning, and caring for their health in an ever-more-digital fashion. Unfortunately, bad actors have put personal data at greater risk by perfecting a loop of using previously breached data to drive new data-rich breaches. We’ll examine:
The shift to multi-cloud introduces a wide range of cloud security risks that remain unaddressed due to the siloed approach and limited focus of existing cloud security tools. Most cloud security tools offer highly focused solutions that are limited in scope and capabilities to address the growing spectrum of multi-cloud security risks. The convergence of IAM and multi-cloud security tools (CSPM, CWP and CIEM) offer a cloud security platform that takes an integrated approach to securely manage identities and their access entitlements to cloud resources for cloud-native application development, deployment and operations in the cloud. In this session, we will discuss:
Digital identity wallets are central components for Decentralized and Self-Sovereign Identity (SSI) approaches. They are the interface for users to manage their identities and gain access to services. Hence, the usability and user experience of these wallets is pivotal for the adoption of those popular and privacy friendly identity management concepts. This talk will summarize research findings into naming some of the Best and Worst Practices to be considered in the further development of the user experience of Digital Wallets.
This talk would highlight multiple studies, publications, and projects that I have done on this topic. However, if you would prefer another topic, I could propose another talk idea that would be related to other identity topics in either the Digital Wallets, mGov/eGov Services, or Trust Management.
The Identity Governance and Administration (IGA) market is continuing to evolve through more integrated Identity Lifecycle Management and Access Governance solutions that are now increasingly aided by intelligent features. In this session, KuppingerCole´s Nitish Deshpande will share with you insights into the IGA market, providing you a compass to help you find the products that can meet the criteria necessary for successful IGA deployments.
This presentation will provide an overview of the terminology and basics of AI and ML in the context of Identity and Access Management (IAM) and Identity Governance and Administration (IGA). It will explore a number of current use cases for leveraging ML in IAM, demonstrating the benefits of automation and enhanced security that ML can bring to identity management. The presentation will conclude with strategic considerations for using ML in IAM, highlighting the importance of considering business value, available data, and existing technologies when implementing ML-based solutions for identity management.
PAM (Privileged Access Management) is one of the established core disciplines within IAM. PAM also is the IAM discipline that is changing most from what it has been in the past.
On one hand, there is the impact of CIEM & DREAM, Cloud Infrastructure Entitlement Management or Dynamic Resource Entitlement & Access Management. This is about the expansion of PAM beyond humans accessing servers and selected applications towards any type of human and non-human (silicon) identity accessing any type of workload, from servers to dynamic cloud resources. This also implies an expansion from serving static data center infrastructures to dynamic workloads in today’s agile IT. PAM is changing, with more parties involved – a “PAMocracy”, as KuppingerCole Analyst Paul Fisher recently named it.
These changes also require expansions in integration to other IT services. There needs to be a dynamic governance approach, where IGA comes into play. It requires rethinking whether PAM tools really should care for authentication. There is no need for authentication point solutions in an age where most organizations have a strong Access Management solution with MFA, passwordless authentication and adaptive, risk- and context-based access in place. Finally, this new PAM must integrate with the DevOps tools chain for permanent updates about new code and the resources used as well as with IT Asset Management for an always up-to-date insight into the ever-changing, dynamic IT landscape that needs to be protected.
Also worth to think about is integration with further security solutions, beyond the standard SIEM/SOAR integration. AI-powered security solutions are one aspect. Integration to Cloud Security Posture Management is another example.
In this panel, the state and requirements on the future PAM will be discussed.