KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Compare solution offerings and follow predefined best practices or adapt them to the individual requirements of your company.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
The realm of cloud security has been extensively covered in books and articles, yet a crucial aspect remains ripe for exploration. It revolves around the fundamental understanding of what your cloud service provider offers and, equally vital, where your responsibilities lie in the realm of cloud security.
When embarking on the journey of adopting a cloud service, the foremost question to answer is, "What aspects of security do I need to oversee?" In a traditional on-premises setting, roles are distinct: IT manages infrastructure, information and cybersecurity handles security, and application developers bear the responsibility for code integrity. However, the landscape is evolving, with many organizations embracing DevOps, where these responsibilities are often shared, and the lines between development and operations blur or vanish.
Regardless of organizational structure, the majority of security obligations reside within your company's domain when you use an on-prem environment. Transitioning from an on-premises environment to a cloud environment presents one of the most intricate challenges—a more intricate shared responsibility model for security.
In the context of cloud security, two paramount concerns need close attention.
The first is the risk of misconfiguration. In a cloud environment, misconfigurations can inadvertently expose sensitive data and vulnerabilities, underscoring the critical importance of ensuring that cloud services and resources are set up correctly to mitigate such risks.
The second concern is insider attacks. Cloud users often lack influence over the staff of cloud service providers, making it essential to consider the possibility of insider threats. While cloud service providers typically promise robust security measures in place, it's crucial for organizations to implement their own layers of security to safeguard against insider attacks and unauthorized access, fortifying the shared responsibility model in the cloud.
In my presentation, I will delve into these intricacies, providing valuable insights and real-world examples of what your cloud service provider can do, irrespective of your specific needs and/or preferences.
The realm of cloud security has been extensively covered in books and articles, yet a crucial aspect remains ripe for exploration. It revolves around the fundamental understanding of what your cloud service provider offers and, equally vital, where your responsibilities lie in the realm of cloud security.
When embarking on the journey of adopting a cloud service, the foremost question to answer is, "What aspects of security do I need to oversee?" In a traditional on-premises setting, roles are distinct: IT manages infrastructure, information and cybersecurity handles security, and application developers bear the responsibility for code integrity. However, the landscape is evolving, with many organizations embracing DevOps, where these responsibilities are often shared, and the lines between development and operations blur or vanish.
Regardless of organizational structure, the majority of security obligations reside within your company's domain when you use an on-prem environment. Transitioning from an on-premises environment to a cloud environment presents one of the most intricate challenges—a more intricate shared responsibility model for security.
In the context of cloud security, two paramount concerns need close attention.
The first is the risk of misconfiguration. In a cloud environment, misconfigurations can inadvertently expose sensitive data and vulnerabilities, underscoring the critical importance of ensuring that cloud services and resources are set up correctly to mitigate such risks.
The second concern is insider attacks. Cloud users often lack influence over the staff of cloud service providers, making it essential to consider the possibility of insider threats. While cloud service providers typically promise robust security measures in place, it's crucial for organizations to implement their own layers of security to safeguard against insider attacks and unauthorized access, fortifying the shared responsibility model in the cloud.
In my presentation, I will delve into these intricacies, providing valuable insights and real-world examples of what your cloud service provider can do, irrespective of your specific needs and/or preferences.
Time is moving fast in the IT-Security industry. The rise of AI brings new attacks for example as new and better redacted phishing emails. What are the risks and chances for Security Operations? What is the impact on identity and access management. How can AI be used to improve threat hunting. These are some of the topics presented here.
The presentation will provide a framing to help attendees navigate the rapid transition from yesterday’s industrial age security paradigms to future approaches for sustaining reliable information systems.
The talk will identify 13 emerging non-technical information risk trends, ranging from human hallucination and cognitive narcissism to institutional paradigm collapse and perimeter fetishism to Capitalist power overreach (and several others) that are having current, real-world security impacts, but which remain unaddressed in cybersecurity strategies and deployments.
Solutions will be suggested and explored across business, operating, legal, technical, social, political, economic, biological and even evolutionary pathways, offering a toolkit of options that attendees can immediately apply in their organizations’ security program. Specific strategies for managing, de-risking and leveraging near and long-term personal and professional interactions in this steep part of the curve of exponential change will be suggested.
This session aims to explore the practicalities and paradigms of integrating AI identities into current and future digital infrastructures. Topics will include the regulatory and governance challenges posed by autonomous AI operations, the technical requirements for creating and managing AI identities, and the technical and even legal considerations of recognizing AI as identifiable entities, focusing on accountability and traceability within various frameworks.
As artificial intelligence continues its upward trajectory, a radical proposition emerges: Could AI take the helm of cybersecurity leadership? This bold discourse dives into the heart of this debate, exploring whether AI can effectively shoulder responsibilities traditionally assigned to a chief information security officer. Areas of exploration include AI's potential in threat detection, vulnerability assessment, and incident response.
But where does human judgment fit into this AI-dominated picture? Is the seasoned expertise of a CISO irreplaceable? This electrifying discussion stirs the pot of the future of cybersecurity leadership, grappling with the balance between emerging AI capabilities and indispensable human expertise.
Paul Fisher delves into the multifaceted approach required to foster trustworthiness within complex software supply chains. This discussion begins by delineating the critical components of software supply chains and the potential risks associated with each link—from development and deployment to maintenance and decommissioning.
Key to establishing a chain of confidence is the adoption of transparent processes and tools that provide verifiable evidence of security at each step. The audience will be introduced to Software Bill of Materials (SBOM), cryptographic signing, and continuous integration/continuous deployment (CI/CD) pipelines fortified with automated security checks.
The talk will also consider the human aspect, emphasizing the need for cultivating a culture of security awareness and collaboration among stakeholders. This includes not only developers and security professionals but also suppliers, distributors, and end-users.
Finally, the talk will provide actionable insights and strategies for organizations to audit, monitor, and continuously improve their software supply chains.
Matthias offers a critical analysis of the EU's NIS2 Directive's intricate demands, drawing attention to the limitations of one-size-fits-all solutions. He advocates for customized compliance plans, underscoring the unique challenges across various entities, with special attention to the constraints faced by SMEs. And obviously the future interpretation of this EU directive into national regulation adds another layer of complexity.
Essential strategies such as comprehensive risk evaluations, continuous educational efforts, and advanced incident management protocols are emphasized as crucial for effective compliance, integrating cybersecurity deeply into the organization's core values beyond just adherence. The talk concludes with a perspective that views NIS2 compliance as a dynamic goal necessitating enduring dedication and flexible approaches.
This presentation delves into the imperative task of redefining risk management in the era of Artificial Intelligence (AI). As AI reshapes industries, it also introduces unique risks and challenges. This abstract offers a glimpse into how traditional risk management approaches must evolve to effectively address the intricacies of AI-related uncertainties. Through real-world examples, it explores emerging concerns like algorithmic bias, privacy infringements, and unforeseen consequences. Attendees will gain insights into proactive strategies, including leveraging AI itself for risk assessment and mitigation. By the presentation's conclusion, participants will grasp the essential steps needed to navigate the uncharted territory of AI-driven risks, ensuring responsible and secure integration of this transformative technology.
When it comes to cybersecurity, many people focus on red/blue teams and technical measures such as servers, firewalls, encryption, and intrusion prevention systems. However, one crucial factor that is often overlooked is the human factor. All of these technical measures will count for nothing when it comes to matter of insider threats. Even the most robust cybersecurity measures can be rendered ineffective by social engineering threats.
In this keynote, I will present several use cases to demonstrate why it is essential to consider the human factor in any organization’s cyber threat landscape.
IT Security – In a General Perspective:
Closing the Gap with HP Wolf Security
Anomaly & outlier detection today is far beyond human capacities. Artificial intelligence has become an important technology in cybersecurity, as algorithms can solve many problems better and faster than humans. AI-Driven data intelligence automates the discovery, management, and control of all user access. This allows you to not only make better and faster access decisions, but also to quickly spot and respond to potential threats. It empowers every worker with correct and timely access when they need it, proactively engages business users to identify risky access, and helps security professionals intelligently create and maintain access models in today’s dynamic IT environment. After all, Identity Governance is not just about security. It is Trust and Reputation Management.
In today's interconnected European digital ecosystem, the importance of robust cybersecurity measures is more pronounced than ever. The Network and Information Security Directive and the Digital Operational Resilience Act emerge as pivotal landmarks in the EU's regulatory response to these challenges.
