KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Compare solution offerings and follow predefined best practices or adapt them to the individual requirements of your company.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
Matthias Reinwarth and Martin Kuppinger discuss the challenges of integrating IT service management with identity governance within an enterprise.
Matthias Reinwarth and Martin Kuppinger discuss the challenges of integrating IT service management with identity governance within an enterprise.
Matthias Reinwarth and Graham Williamson are talking about designing an IAM project architecture.
Graham Williamson and Matthias explore the world of authentication strategies and the impact of FIDO2. They are discussing why shifting left in our authentication strategy is essential and how FIDO2 can help achieve this. They also delve into the impact that FIDO2 holds for enterprise authentication environments and give their predictions for FIDO2 authenticator devices.
This podcast has already looked at the Zero Trust concept as a challenging architectural paradigm for security and an important component of modern and future-oriented security architectures from various angles. This time Christopher and Matthias focus on a phased project approach towards implementing Zero Trust in a well-paced, phased, "one-bite-at-a-time" manner.
The idea of low-code/no-code (LC/NC) application development is for end users to create their own custom applications, perhaps using a graphical design tool, selecting from a library of existing building blocks, or perhaps even with the assistance of artificial intelligence. Alexei Balaganski explains the concepts behind this new development, takes a look at the current market and, finally, highlights the challenges and security issues that may be hidden behind the use of such application development.
EIC 2021 finally took place in Munich in a hybrid format between on-site and online. Of course, Matthias took the opportunity to sit down with his analyst colleagues in person for some EIC special analyst chat episodes. In the first of three specials, Christopher Schütze talks to him about the findings from his pre-conference workshop on defending against ransomware, and they also turn their attention to a promising new approach to creating globally secured identities.
This time Alexei Balaganski and Matthias look at practical approaches to actually implementing Zero Trust for specific, real-life use cases. On this occasion, they also finally unveil the connections between Zero Trust and Feng Shui.
Join host Matthias and expert guest Alexei Balaganski in this episode of the KuppingerCole Analyst Chat. They discuss the recently updated Open Web Application Security Project (OWASP) API Security Top 10 guidelines and the shifting landscape of web security, highlighting the critical role of APIs.
In addition, they emphasize the importance of Identity and Access Management (IAM) in securing APIs effectively. Tune in for valuable insights into API security, web security, and the significance of IAM.
Imagine paying your taxes digitally on your mobile phone by using your digital ID that is also used for easily applying for a parking permit online. Sounds like the future? In Estonia, this has been a reality for 20 years. Research Analyst Alejandro Leal joins Matthias for the first time for the Analyst Chat. They talk about the changing landscape of citizen-facing government processes and the impact of the digital transformation on the public sector, how Estonia can be a role model and what we can learn from their limitations.
Microservices are increasingly becoming the new normal for enterprise architectures, no matter where they are deployed. Alexei Balaganski and Matthias discuss why doing this properly is essential and which aspects need to be considered, way beyond just talking about transport encryption or API security.
It is always easy to blame people, i.e. users, for data breaches and ransomware attacks. But is that really still true today? Martin Kuppinger and Matthias discuss this cybersecurity myth and finally defend users against unjustified accusations.
Meet us at the Cybersecurity Leadership Summit!
Join Matthias Reinwarth, Director of Identity and Access Management, and Nitish Deshpande, Research Analyst, as they delve into one of the most critical challenges faced by organizations today: visibility. Discover why organizations struggle with understanding user access and the potential risks of this lack of visibility.
In this episode, they explore the key capabilities of access governance, such as access review, certification, risk management, request management, and analytics, and how these capabilities enable organizations to gain comprehensive visibility into their assigned accesses. Don't miss this insightful discussion on enhancing control and mitigating risks through effective access governance.
"Privacy and Consent Management" is an exciting topic in a continuously changing market. Annie Bailey has just completed her latest Leadership Compass, which researches this market segment. To mark the release of this document, she joined Matthias for an Analyst Chat episode where she talks about the innovations and current developments.
In A Nutshell
In the episode 108 “Privacy & Consent Management” Matthias hosts Anne Bailey.
Q: “From a definition point of view, what do we need to think of when we talk about privacy and consent management?”
Anne: “Yeah. So this is one of those terms where you could spin it in a lot of different ways, you know, privacy is so much in the public discourse that it doesn't really have a concrete definition anymore. So I thought it might be useful to get us all on the same page before we talk any more about it. So the way at least I have defined privacy and consent management in this most recent report. It's, of course, considering organizations and it's their administrative and governance capabilities over data privacy within their organization and of course, the tools and the solutions that are there to make that happen. So you could think of it then in a simplified manner about the capabilities that such a tool or a solution would have to the first group of capabilities, would then to be able to manage any incoming signals about privacy and consent. So these are things like being able to manage cookies and trackers that are on websites, being able to accept and then implement those consent or preference choices that an end user would make. And that would be over the range of different channels. So on a smart TV, on a mobile device, on a website, over the phone, via email in person interactions as well, should be considered. So that's all about managing the incoming signals. But what's also very important as well is the organization's ability to take care of their own internal management of privacy. So being able to govern sensitive data, which is in the organization and private data, being able to document their steps towards compliance and something which is a buzzword in this most recent report is being able to operationalize privacy.”
Q: “Recently, you published an updated version of your Leadership Compass report, which compares providers and services. What are the changes in the market that you can observe that you want to share with us?”
Anne: “Yeah. So this is an especially dynamic market area. Things are always changing. And so we can see some pretty big market changes between the report which published 18 months ago or so and the one which just came out this week. And that's in the types of vendors that were interested in participating. So what we saw in the last report were a lot of vendors that really focused on being able to manage those incoming signals, so being very focused on cookie management, on being able to collect consents and preferences and make sure that those are all able to be implemented in the many different connected systems within an organization and all the downstream vendors that may impact. Very focused on this incoming flow of information from end users. And what we saw, which was different in this report, is that there were more vendors that are really focused on data governance and using that as a foundation for privacy. So being able to operationalize and take action within the organization to further their privacy goals. And so we could think of that as an example. So being able to identify a privacy weakness of some sort in a process and then from that same administrative screen, then be able to do something to address that weakness. I guess we could go into more concrete details on what that could be. So, you know, if there was a scan done on a database and that scan returns the notification that there is private information in this database, there would then be the chance to leverage automation to go and anonymize those sensitive fields. So you're then connecting information about the status of privacy in the organization with an action to then improve it. So that was something that we noticed among several of the vendors that they're moving more in this direction. And that also does connect back to the relationship between the end user and the organization. So there was a big focus on being able to provide support for data subject requests and being able to process those. So in the same way of operationalizing privacy, if a consumer then submits a data subject request, the administrator would then be able to scan and automatically compile a report containing their personal information rather than needing to do that manually.”
Q: “Vendors offer products and services globally. Do you think they can catch up with changing privacy and consent requirements?”
Anne: “Mm-Hmm. Yeah. And frankly, this is really hard to stay up to date with because given our very globalized presence on the internet and connection with consumers all around the world, many organizations do have to stay up to date with the regulations that are not just for their own jurisdiction and in the region where they reside, but they have to pay attention to where their customers are, where any of their downstream suppliers or, you know, MarTech partners may reside and where this data is moving. So they have to be aware of a much wider legal domain than they've been used to before. And as I mentioned before, this is a really dynamic space. And part of that is because there are many privacy regulations which are being released all around the world. So this is something that we've identified as a really key capability in privacy and consent management tools, is that having some basis, some support from legal experts in-house to be able to keep up with all of these changing regulations and be able to pass that knowledge down to their customers is a really valuable thing.”