Analyst Chat

Analyst Chat #168: Trends and Predictions for 2023 - Next-Generation PAM

Show description
Speakers
Lead Analyst
KuppingerCole Analysts AG
Paul Fisher is a Senior Analyst who researches primarily on cybersecurity and identity and access management (IAM). He also studies trends in AI, IoT and data governance for different industry sectors including automotive. Paul is responsible for managing relevant quantitative research at...
View profile
IAM Practice Director / Head of Advisory
KuppingerCole Analysts AG
Having worked for his whole professional life in Identity and Access Management, Matthias joined KuppingerCole in 2014. In his role of the Director of the Practice IAM he works on maintaining the leading role of KuppingerCole in all facets of the topic of digital identities and their access to...
View profile
Playlist
KuppingerCole Analyst Chat
Analyst Chat
Analyst Chat #158: The Crown Jewels Are a Lie
Jan 30, 2023

Is digital data really every organization's most precious possession, its "crown jewels"? Alexei Balaganski takes a different perspective towards a widely accepted opinion. He instead claims that data is not your most valuable asset. In fact, it can be a toxic liability without intrinsic value, since business value is only created when data is moving or transforming, producing insights, analytics, etc.

Analyst Chat
Analyst Chat #117: Practical Zero Trust
Mar 21, 2022

This time Alexei Balaganski and Matthias look at practical approaches to actually implementing Zero Trust for specific, real-life use cases. On this occasion, they also finally unveil the connections between Zero Trust and Feng Shui.

Analyst Chat
Analyst Chat #40: Is Quantum Computing an Imminent Security Threat?
Aug 17, 2020

Alexei Balaganski and Matthias Reinwarth try to make sense of the current state of quantum computing and talk about the risks it poses for information security.

Analyst Chat
Analyst Chat #75: Get Rid of IAM Siloes
May 10, 2021

Martin Kuppinger joins Matthias for a first hybrid audio plus video episode of the Analyst Chat. They talk about horizontal (capabilities like AM, IGA, and PAM) and vertical siloes (identities like things, robots, customers, partners, or employees). And they lay out a proper approach to strategically get rid of these siloes in the long run.

 

Analyst Chat
Analyst Chat #99: Protecting OT and ICS
Oct 18, 2021

John Tolbert sits down with Matthias and shares his insights into current approaches for protecting and defending essential enterprise systems beyond traditional, often office-focused cybersecurity. Safeguarding Operational Technology (OT), Industrial Control Systems (ICS), and the Industrial Internet of Things (IIoT) is getting increasingly important. John explains that modern approaches like Network Detection and Response (NDR) and especially Distributed Deception Platforms (DDP) can be valuable building blocks in an overall strategy for defending, for example, the factory floor or critical clinical systems.

Analyst Chat
Analyst Chat #192: Exploring Cloud Security Posture Management (CSPM)
Oct 02, 2023

Join Matthias Reinwarth and Senior Analyst Mike Small in a quick chat on the evolution of Cloud Security Posture Management (CSPM). They discuss its proactive approach, the challenges in implementation, and the role of overarching platforms like Cloud Native Application Protection Platforms (CNAPP). Mike shares insights for smaller organizations and highlights the impact of geopolitics and AI on cybersecurity. Don't miss cyberevolution in Frankfurt this November for deeper insights.

Analyst Chat
Analyst Chat #8: Making IAM Projects Succeed - Why You Need a Solution Architecture
Apr 27, 2020

Matthias Reinwarth and Graham Williamson are talking about designing an IAM project architecture.

Analyst Chat
Analyst Chat #152: How to Measure a Market
Dec 05, 2022

Research Analyst Marina Iantorno works on determining market sizing data as a service for vendors, service providers, but especially for investors. She joins Matthias to explain key terms and metrics and how this information can be leveraged for a variety of decision-making processes.

Analyst Chat
Analyst Chat #184: Unlock Security for Your Business - Access Control for SAP and Non-SAP Environments
Aug 07, 2023

In this episode of the Analyst Chat podcast, host Matthias Reinwarth invites cybersecurity expert Martin Kuppinger to discuss access control tools for business application environments. They focus on two Leadership Compasses authored by Martin, which provide a comprehensive overview of the market for access control solutions centered around SAP and non-SAP systems.

Martin shares insights on market segments, vendors, product functionality within the access control landscape. They explore innovative approaches to enhancing security, such as access restriction and controlling break-glass access. Furthermore, Martin and Matthias also explore the organizational aspects of access governance in dynamic LoB application environments. They discuss the challenges that arise when transitioning between new vendors, adopting SaaS solutions, and managing access control in multicloud environments.

Analyst Chat
Analyst Chat #48: Policy-based and Dynamic Authorization Management
Oct 05, 2020

Dynamic, risk-based, attribute- and context-related authorizations are becoming increasingly important for many enterprises. Graham Williamson and Matthias Reinwarth take a look at the market sector for dynamic authorization management and policy-based permissions in light of the recent publication of a Market Compass on this topic.

Analyst Chat
Analyst Chat #108: Privacy and Consent Management
Jan 17, 2022

"Privacy and Consent Management" is an exciting topic in a continuously changing market. Annie Bailey has just completed her latest Leadership Compass, which researches this market segment. To mark the release of this document, she joined Matthias for an Analyst Chat episode where she talks about the innovations and current developments.

In A Nutshell

In the episode 108 “Privacy & Consent Management” Matthias hosts Anne Bailey.

Q: “From a definition point of view, what do we need to think of when we talk about privacy and consent management?”

Anne: “Yeah. So this is one of those terms where you could spin it in a lot of different ways, you know, privacy is so much in the public discourse that it doesn't really have a concrete definition anymore. So I thought it might be useful to get us all on the same page before we talk any more about it. So the way at least I have defined privacy and consent management in this most recent report. It's, of course, considering organizations and it's their administrative and governance capabilities over data privacy within their organization and of course, the tools and the solutions that are there to make that happen. So you could think of it then in a simplified manner about the capabilities that such a tool or a solution would have to the first group of capabilities, would then to be able to manage any incoming signals about privacy and consent. So these are things like being able to manage cookies and trackers that are on websites, being able to accept and then implement those consent or preference choices that an end user would make. And that would be over the range of different channels. So on a smart TV, on a mobile device, on a website, over the phone, via email in person interactions as well, should be considered. So that's all about managing the incoming signals. But what's also very important as well is the organization's ability to take care of their own internal management of privacy. So being able to govern sensitive data, which is in the organization and private data, being able to document their steps towards compliance and something which is a buzzword in this most recent report is being able to operationalize privacy.”

Q: “Recently, you published an updated version of your Leadership Compass report, which compares providers and services. What are the changes in the market that you can observe that you want to share with us?”

Anne: “Yeah. So this is an especially dynamic market area. Things are always changing. And so we can see some pretty big market changes between the report which published 18 months ago or so and the one which just came out this week. And that's in the types of vendors that were interested in participating. So what we saw in the last report were a lot of vendors that really focused on being able to manage those incoming signals, so being very focused on cookie management, on being able to collect consents and preferences and make sure that those are all able to be implemented in the many different connected systems within an organization and all the downstream vendors that may impact. Very focused on this incoming flow of information from end users. And what we saw, which was different in this report, is that there were more vendors that are really focused on data governance and using that as a foundation for privacy. So being able to operationalize and take action within the organization to further their privacy goals. And so we could think of that as an example. So being able to identify a privacy weakness of some sort in a process and then from that same administrative screen, then be able to do something to address that weakness. I guess we could go into more concrete details on what that could be. So, you know, if there was a scan done on a database and that scan returns the notification that there is private information in this database, there would then be the chance to leverage automation to go and anonymize those sensitive fields. So you're then connecting information about the status of privacy in the organization with an action to then improve it. So that was something that we noticed among several of the vendors that they're moving more in this direction. And that also does connect back to the relationship between the end user and the organization. So there was a big focus on being able to provide support for data subject requests and being able to process those. So in the same way of operationalizing privacy, if a consumer then submits a data subject request, the administrator would then be able to scan and automatically compile a report containing their personal information rather than needing to do that manually.”

Q: “Vendors offer products and services globally. Do you think they can catch up with changing privacy and consent requirements?”

Anne: “Mm-Hmm. Yeah. And frankly, this is really hard to stay up to date with because given our very globalized presence on the internet and connection with consumers all around the world, many organizations do have to stay up to date with the regulations that are not just for their own jurisdiction and in the region where they reside, but they have to pay attention to where their customers are, where any of their downstream suppliers or, you know, MarTech partners may reside and where this data is moving. So they have to be aware of a much wider legal domain than they've been used to before. And as I mentioned before, this is a really dynamic space. And part of that is because there are many privacy regulations which are being released all around the world. So this is something that we've identified as a really key capability in privacy and consent management tools, is that having some basis, some support from legal experts in-house to be able to keep up with all of these changing regulations and be able to pass that knowledge down to their customers is a really valuable thing.”

 

Analyst Chat
Analyst Chat #83: Hybrid IT 2 - The Challenges
Jul 05, 2021

Mike Small and Matthias continue their four-part series on hybrid IT, looking at the increasing complexity: they look at multiple dimensions of the challenges that come with deploying and operating hybrid IT architectures.