KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Compare solution offerings and follow predefined best practices or adapt them to the individual requirements of your company.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
None of us in this industry work with bricks and mortar or other tangible, real objects. Everything we do (in IT, not just Identity and Access) is instead a digital representation, an abstraction, of something that might exist in the real world.
Identity and Access is the glue for many of those digital representations, and this concept of representation may be the most important thing to understand when considering the different possible meanings of words.
People new to Identity and Access quickly find that many of the words they encounter have different meanings than they first thought. Most frequently encountered are probably “user” and “identity” - do they represent the same type of entity or is a difference intended? Do they refer to the physical, real life person or do they refer to a virtual, digital object somewhere within the IT systems? Or both at the same time? And since people are often reluctant to show weakness in front of perceived experts, questions are too often not being asked when unsure.
In any industry, a typical consequence of miscommunication is that the end product or project will have lower quality or take longer to get delivered. This presentation highlight how this problem of misunderstanding may be larger in our industry of Identity and Access than in others, discuss why that is, and what might be done to counter it.
The presentation offers examples of where terms are ambiguous (where definitions seem to vary across the industry) and it discusses ways to perhaps improve the situation.
The presentation is based on a corresponding article in the IDPro Body of Knowledge.
None of us in this industry work with bricks and mortar or other tangible, real objects. Everything we do (in IT, not just Identity and Access) is instead a digital representation, an abstraction, of something that might exist in the real world.
Identity and Access is the glue for many of those digital representations, and this concept of representation may be the most important thing to understand when considering the different possible meanings of words.
People new to Identity and Access quickly find that many of the words they encounter have different meanings than they first thought. Most frequently encountered are probably “user” and “identity” - do they represent the same type of entity or is a difference intended? Do they refer to the physical, real life person or do they refer to a virtual, digital object somewhere within the IT systems? Or both at the same time? And since people are often reluctant to show weakness in front of perceived experts, questions are too often not being asked when unsure.
In any industry, a typical consequence of miscommunication is that the end product or project will have lower quality or take longer to get delivered. This presentation highlight how this problem of misunderstanding may be larger in our industry of Identity and Access than in others, discuss why that is, and what might be done to counter it.
The presentation offers examples of where terms are ambiguous (where definitions seem to vary across the industry) and it discusses ways to perhaps improve the situation.
The presentation is based on a corresponding article in the IDPro Body of Knowledge.
This decade may well be labeled “the decade of the digital credential.” From COVID passports to mobile driver’s licenses, digitized credentials transforming to “born digital” credentials, and governments and large tech companies developing their own wallets, personal information has never been easier to share with the wave of a device. The convenience is amazing, and the privacy implications are terrifying.
Even scoping the issue down to government-issued credentials or credentials directly derived from government data, there are a variety of requirements feeding into this growing ecosystem:
In this session, Heather Flanagan and Mike Kiser will discuss the outcomes of the recently released white paper on government-issued credentials and the privacy landscape (publication date expected in April 2023). The issues at hand are not solely about policy, nor are they only about technology. It is about closing the policy and protocol gaps that exist between today’s disparate solutions and services and providing a vision of a privacy-preserving, globally viable privacy landscape.
For many years public concern about technological risk has focused on the misuse of personal data, with GDPR, most hated and loved at the same time as one of the results. With the huge success of LLMs and generative AIs such as ChatGPT, artificial intelligence soon will be omnipresent in products and processes, which will shift regulator´s attention to the potential for bad or biased decisions by algorithms. Just imagine the consequences of a false medical diagnose, or of a correct diagnose created by an AI and then not accepted by the doctor. Not to mention all the other fields where bad AI can be harmful, such as autonomous cars or algorithms deciding on your future credibility. Inevitably, many governments will feel regulation is essential to protect consumers from that risk.
In this panel discussion we will try to jointly create a list of those risks that we need to regulate the sooner the better and try to create an idea on how this future regulation will impact the way we use AI in our bsuiness and private lives.
One of the fundamental problems of identity and access governance lies in very unclear relationships between real business needs, access policies and decision making about allowing certain action on the assets. For years we are trying to develop access policies which at the same time corresponds to business expectations, digital security rules and regulations, and people-centric to minimize deviations.
In this session, we will discuss human factor in IGA program and how to provide human factor analytics in access governance using new three-dimensional model called NPR (need, policy and resolution). We will show how NPR reports will help the organization to determine necessary adjustments of the policies and their implementation in Identity Governance workflows and processes to improve maturity, decrease risk of breaches, policy deviations by users and cost of managing and enforcing policies also known as Costidity. We will also show the sample reports based on data from higher education customer.
A digital twin is a virtual representation of a real-life subject. This mapping encompasses its entire lifecycle, is updated from real-time data, and uses simulation, machine learning, and reasoning to support decision-making.
Human beings and their behavior can also be copied and simulated by digital twins. During the last talk at the EIC conference, we already looked at the threats, challenges and opportunities creating digital twins in cybersecurity.
This time we want to discuss how we can dive into a world through a digital twin of a cybercriminal to change perspectives and to understand the cybercriminals behavior.
Imagine having a tool that can perform these simulations at the highest level. Why not use it to our own advantage?
A digital twin that not only simulates the approach and behavioral patterns of cyber criminals but can also predict ahead of time. What if we can turn the tables on cybercriminals by fighting fire with fire?
How Self-Sovereign Identity (SSI) enables decentralized Identity and Access management for Things
From SSI zero to hero – ETO`s digital & IoT transformation in practice
This panel discussion is addressing what is currently happening to make the travel and tourism ecosystem ready for the use of a digital identity that has the level of assurance to cross an international border, board a flight and sign in to a hotel. The travel ecosystem still revolves around a physical passport/ID card or drivers licence and this is about to see incremental, but pivotal changes. The digital wallet will also ad to the way we get ready to travel and add verifiable credentials that travellers can share in advance of their trip.
The Trust Over IP Foundation (ToIP) is focused on the centerpiece of the ToIP stack: the trust spanning protocol that will do for identity interchange what the Internet Protocol did for data interchange. This panel will explore how this will enable ubiquitous, trusted, interoperable identity exchange.
The internet was designed without a trusted identity layer to connect physical entities to the digital world. This layer is now emerging in the form of decentralized digital identity systems based on digital wallets and digital credentials. ToIP was founded by a pan-industry group of leading organizations with a mission to provide a robust, common set of standards forming a complete architecture for internet-scale digital trust. The ToIP Technical Architecture Specification V1 was completed earlier this year. Now ToIP is focusing on the keystone to ubiquitous identity, the ToIP Trust Spanning Protocol. This protocol will do for identity interchange what the Internet protocol did for data interchange.
This interactive panel, moderated by ToIP’s Executive Director, will explore the views of its member organizations for a lively and engaging debate on how we finally establish trust in the digital age. Come to this panel to understand the why, how, and when of this new protocol.
2022 brought a lot of activity in web3/crypto identity solutions: Soul Bound Tokens, Verifiable Credentials, and even web5?! In this year-in-review we'll examine the varying approaches, the problems they were trying to solve, and discuss how this can inform all of our user-centric identity efforts.
Passwordless helps in reducing ATO fraud, provides better security, and smoother experience. But the passwordless approach for each organization and region is fundamentally different, in large part because the journeys or flows that your customers will take are unique. In this session Huzefa Olia will talk about the various options that an organization can introduce for Passwordless access for their customers.