KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Compare solution offerings and follow predefined best practices or adapt them to the individual requirements of your company.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
Passwordless authentication counts amongst the hot topics in IAM. In this session, the variants of passwordless authentication will be explained. Phishing resistance, device binding, secure elements, and many of the other technical aspects will be explained, put into context, and rated regarding their relevance for different use cases. The session also will discuss use cases and their specific needs, from simplified access to office solutions to a unified passwordless authentication for the entire IT environment.
Passwordless authentication counts amongst the hot topics in IAM. In this session, the variants of passwordless authentication will be explained. Phishing resistance, device binding, secure elements, and many of the other technical aspects will be explained, put into context, and rated regarding their relevance for different use cases. The session also will discuss use cases and their specific needs, from simplified access to office solutions to a unified passwordless authentication for the entire IT environment.
How Self-Sovereign Identity (SSI) enables decentralized Identity and Access management for Things
From SSI zero to hero – ETO`s digital & IoT transformation in practice
OpenID Foundation leaders and contributors will brief the EIC community on the latest progress and outlook for the OpenID Foundation. As part of this workshop we will cover:
Please join us early to be part of the conversation. Workshop presenters include Nat Sakimura, Gail Hodges, Kristina Yasuda, Torsten Lodderstedt, Tim Cappalli and others.
More and more it becomes difficult to Insure yourself against a Cyber attack. Understanding all the different vectors of your risk posture, the flood of different tools and checklists that need to be taken into account and the way to consolidate this risk into an overarching risk dashboard is an immense challenge for CISO's, Risk Managers and their senior leadership. Because of this major challenge and a non-standard way of calculating the risk; more and more Insurance companies are putting a high demand on the information provided in order to get a proposal for a Cyber Insurance and then, if and when a Cyber Insurance is offered, the premiums and coverage become another big challenge and financial burden on companies.
The presentation will highlight these challenges and will provide hints and tips on how to deal with this problem, ensuring to get Cyber Insurance at the lowest possible premium and with the highest coverage.
Decentralized identity has made its waves in the EU with European Blockchain Services Infrastructure (EBSI) and in the US with various funded projects. A vast market in south-east Asia stays untapped. We have enabled our partner organization ZADA to build a decentralized identity ecosystem that connects various southeast Asian countries with numerous cases like 'Decentralized Vaccination TravelPass', 'Employment IDs', and 'Government issued Educational Credentials'. The journey of a decentralized identity platform from ideation to MVP and to a scalable production system can bring tremendous insights. We were able to successfully enable the public sector in Myanmar to engage with self-sovereign identity and bring value to its citizens by issuing over more than a quarter million digital credentials. Monetization of these credentials was an essential factor for us. These self-sovereign identity credentials varied in use cases and were verified by Singapore immigration, Public sector hospitals, the Education Ministry of Myanmar, the Health Ministry of Myanmar, and various other private sector vendors. Our journey covers various use cases in EdTech, HealthTech, IAM, and KYC. Explored right, these cases can help us dive into how enterprises can engage with the southeast Asian identity market.
Access control is a key part of cyber security, however traditional approaches do not work well for modern business IT environments that nowadays typically include a mix of applications on-prem and across multiple cloud environments.
Most modern companies tend to struggle with access management for a variety of reasons. These include the fact that it is difficult to make the necessary connections to the many disparate IT systems for which they need to provision access, role-based access management is challenging, static role-based entitlements are difficult to manage and typically require regular recertification processes, and traditional approaches are focused on granting access to resources required by an individual to perform their job function, but do not cover how those rights are actually used to stop any abuse of entitlements.
In addition, course-grained authorization is no longer sufficient because modern applications and sensitive data assets in cloud-native, containerized and DevOps environments require fine grained authorization capabilities that can also supply identity attributes and context variables.
A policy-based approach can address many of the pain points experienced by organizations today by enabling a centralized, consistent, dynamic, on-demand (just-in-time) way of managing access to IT resources. In this panel session we will discuss nothing less than the future of Access Management.
Good security gets out of the way of users while getting in the way of adversaries. Passwords fail on both accounts. Users feel the pain of adhering to complex password policies. Adversaries simply copy, break, or brute-force their way in. Why, then, have we spent decades with passwords as the primary factor for authentication?
The industry needs to trust passwordless authentication (FIDO2). Adversaries and then criminals have circumvented our authentication controls for decades. From the very first theft of cleartext passwords to the very latest bypass of a second-factor, time and again improvements in defenses are met with improved attacks.
What holds us back from getting rid of passwords? Trust. In this session, we will propose a framework of technical controls to ensure only trusted sessions authenticate, regardless of faults or failures in any one factor, and to reassess based on shared signals (CAEP). We will share a path forward for increasing trust in passwordless authentication.
Learn how Raiffeisen Bank International heads toward decentralized identity to empower their customers across Europe and set the gold standard for privacy protection.
The increased mobility of users and their demand for personalized, unified omnichannel access experiences has stretched federated IAM beyond its limits. Meanwhile, the need for organizations to collaborate more to compete, and build communities of trust and value for those same users affordably and securely, cannot be met by existing federated IAM solutions. Learn how Raiffeisen Bank International (RBI) will embrace the new paradigm of decentralized identity to improve existing experiences and create the opportunity for new, valuable user experiences and increased levels of engagement and collaboration withbusiness partners across multiple jurisdictions, without the need to replace their infrastructure. Simultaneously, understand why starting their journey now, enables RBI to future-proof their ecosystem to rapidly support the EU Digital Wallet and official digital credentials that will become available. Get a glimpse into the solution architecture being deployed at RBI and an understanding of the benefits and how they can be communicated to executive leadership and business partners. Yes, decentralized identity may be great for web3 someday; however, learn from RBI how it can also solve today’sproblems in a practical way and work in harmony with existing IAM systems enhancing existing federationplatforms.
The Trust Over IP Foundation (ToIP) is focused on the centerpiece of the ToIP stack: the trust spanning protocol that will do for identity interchange what the Internet Protocol did for data interchange. This panel will explore how this will enable ubiquitous, trusted, interoperable identity exchange.
The internet was designed without a trusted identity layer to connect physical entities to the digital world. This layer is now emerging in the form of decentralized digital identity systems based on digital wallets and digital credentials. ToIP was founded by a pan-industry group of leading organizations with a mission to provide a robust, common set of standards forming a complete architecture for internet-scale digital trust. The ToIP Technical Architecture Specification V1 was completed earlier this year. Now ToIP is focusing on the keystone to ubiquitous identity, the ToIP Trust Spanning Protocol. This protocol will do for identity interchange what the Internet protocol did for data interchange.
This interactive panel, moderated by ToIP’s Executive Director, will explore the views of its member organizations for a lively and engaging debate on how we finally establish trust in the digital age. Come to this panel to understand the why, how, and when of this new protocol.
Phishing, hacking, threats, fraud, and malicious behavior online of all types all share a common root: verification. In this session we’ll go beyond identity and explain how decentralized identity and verifiable credentials can provide a complete, secure system for exchanging different types of information between multiple parties. Learn how Trusted Data Ecosystems can connect people, machines, companies or any two entities to multiple businesses and jurisdictions without sharing private information. In this conversation, long-time community contributor at Hyperledger, working group leader at Decentralized Identity Foundation, and Indicio Senior Engineer Sam Curren will share more about digital trust and describe the critical importance of digital verification to decentralized healthcare, finance, the metaverse, and to the interaction of digital objects and non-digital objects in the spatial web—the “Internet of Everything.”
Companies today are being faced with business-critical yet seemingly conflicting topics; how to build trust, loyalty and personalized experiences that fuel growth in a world of fading cookies and GDPR. There has never been more urgency than now to focus on strategy and technology to meet the demands of the privacy-conscious consumer. The collection of data and its management is core to this challenge, but current identity methods are missing the opportunity to solve it with legacy approaches and risk-based thinking. At IndyKite, we believe that facing this mounting challenge requires us to make leaps in both our thinking and technology implementations. Join us as we challenge the current operating state and discuss what the world might look like when we have the tools to power a truly customer-centric ecosystem - one where consumer data ownership and personalized services that fuel growth are no longer at odds.
You often think service providers should build identity and API security infrastructure by themselves to have full control and flexibility so that it can fit into their business and technology stack. But it tends to be time consuming and costly due to lack of expertise to do so. Buying a heavy-weight solution is another considerable option, but it reluctantly leads dependency on the particular vendor of the solution, which may have redundant features and may not accommodate to customize in a cost-effective and timely manner. In this session, we will discuss a third option to “buy and build” that can combine the best of both worlds and give you control by building from scratch, as well as minimize the time and resource by leveraging “Identity Components as a Service.”
