KuppingerCole's Advisory stands out due to our regular communication with vendors and key clients, providing us with in-depth insight into the issues and knowledge required to address real-world challenges.
Meet our team of analysts and advisors who are highly skilled and experienced professionals dedicated to helping you make informed decisions and achieve your goals.
Meet our business team committed to helping you achieve success. We understand that running a business can be challenging, but with the right team in your corner, anything is possible.
John Tolbert joins Matthias and shares insights about the results from the just recently published Leadership Compass CIAM. They talk about the overall maturing of the market and the areas of innovation in products, standards and integration scenarios.
Annie joins Matthias to talk about the topic of Verified Digital Identity. They explore what these are, why they are becoming increasingly important and where they add new aspects to the concept of digital identity. A special focus is put on existing and emerging use cases, where verified digital identities can be beneficial to all types of real life entities in their day by day interaction.
Congratulations. Your AI business case is crisp; you already have a data strategy in place; your proof-of-concept looks and feels great; you have the right talent to build the AI product or service which will push your organisation directly into the digital age. Sounds familiar? It is at this stage where most organisations give up on the AI initiatives due to lack of value creation. Why is that, one might ask? The business case was already locked, among other aspects, where's the problem at? One word: Production. AI products and services are notoriously different in terms of production than any other SW, and traditional workflows do not work anymore. This is what we are going to talk about. I will share my vision, blue print and personal stories across telecom, manufacturing and automotive industries, including both corporate and start-up experiences. I will tell you how to go from a shiny proof-of-concept to AI production systems, what challenges we faced, and the best practices to avoid the pitfalls.
Key takeaways: 1) Vision and strategy to create value out of AI - The last mile
2) How to go from a shiny proof-of-concept to AI production systems
3) AI production challenges and pitfalls
4) Multi-industry use cases across corporate and start-up ecosystems
Over the last year, an unprecedented scale of digital transformation has resulted in exponential growth of organisational data, which could impact decision making. Using machine learning approaches to mine and reason through masses of data is ineffective. In this session you will learn that while the first wave of AI involved many narrow applications, the next wave will help generate a dynamic understanding of relationships and patterns in a corpus of information. This understanding primarily happens through explainable AI. It will become a key part of enterprise digital transformation initiatives that fundamentally change how organizations make sense of real-world information.
Cybernetix is not a new discipline. However, it appears being more important than ever before. It is ubiquitous when it comes to AI (Artificial Intelligence). And when AI meets industrial IoT (Internet of Things) and OT (Operational Technology) , it is about the cybernetic model. In contrast to past times, it is about hundreds of signals per second per thing, device, and machine, which needs to be processed and used for optimization. No way doing so without AI.
When looking at public infrastructures such as the ones making connected vehicles drive without (too many, too severe) accidents, when it comes to smart services (cities, utilities,…), it all is about immense amounts of signals that need to be delivered (5G) and stored (blockchains and beyond, e.g. IOTA), and processed (AI again).
All with security in mind, in the context of users and their settings, their consent, their preferences.
Fast and efficient, without too much of latency.
Cybernetix brings together all these technical evolutions that are discussed today.
In his talk, Martin Kuppinger will look at how all this is connected and why we need taking a broader perspective, beyond single innovations, towards what makes the modern world move: Cybernetix.
So far, AI relies totally on human intelligence, in the form of human-written programs in classical AI or the human-provided sample data of deep learning. The pursuit of AI over the last five decades has been caught within a fixed conceptual framework. Given the current level of tremendous attention, investment, technological infrastructure and application potential, maybe we are just a simple fundamental change in perspective away from a tremendous technological explosion.
This podcast has already looked at the Zero Trust concept as a challenging architectural paradigm for security and an important component of modern and future-oriented security architectures from various angles. This time Christopher and Matthias focus on a phased project approach towards implementing Zero Trust in a well-paced, phased, "one-bite-at-a-time" manner.
The Zero Trust concept comes with the promise to adequately secure our modern, hybrid IT world at any time and any place. Manufacturers, consultants and even analysts agree as rarely as they do that this changed architectural paradigm is an important component of modern and future-oriented security architectures. Alexei and Matthias address the question why in practice only a few powerful zero trust architectures deliver on this promise. They try to answer the question what organizations need to consider in order to get off to a good start.
Martin Kuppinger spricht über die Herausforderungen von IAM im Zeitalter der Digitalen Transformation und die sich ändernden Anforderungen, die heute weit über ein „Mitarbeiter-IAM“ hinausgehen. Er zeigt auf, wie man das IAM fit für die neuen Herausforderungen machen kann, vom Betriebsmodell zur Bedienung hybrider Zielsysteme bis hin zur Unterstützung aller Benutzergruppen wie Partner, Konsumenten und Mitarbeiter, aber auch von weiteren Identitäten wie denen von Dingen, Software-Robotern (Robotic Process Automation) oder Geräten. Gleichzeitig erläutert er auch, wie man hier einen schrittweisen, selbstgesteuerten Übergang schaffen kann, bei dem ein schneller Nutzern für das Business erreicht wird.
In seiner Keynote beleuchtet Jochen Werne aus historischer Sicht warum Verfügungsmacht über Werte, jedoch auch über Informationen immer schon ein politisches und wirtschaftliches Machtinstrument war. Er zeigt auf wie leicht wir die Hoheit und die Verfügungsmacht über unsere Daten abgegeben haben und dies unabhängig vom COVID-Kontext. An Best-Practice Beispielen wird ein Überblick geschaffen mit welchen neuen Konzepten wir uns in einer vernetzten und mit KI-Technologien durchdrungenen Welt auseinandersetzen werden.
Markus Malewski, Head of SOC / SIEM at thyssenkrupp gives an insight how thyssenkrupp re-formed the Security division after the Winnti attack in 2016, why the company is so well prepared for current and future challenges and how the solutions of Elastic help to achieve those. Jörg Hesske, AVP CEMEA at Elastic shows how Elastic Security helps SecOps teams to protect their company against threats quickly and precisely with an integrative security approach.
In unserem praxisorientierten Workshop legen wir im ersten Teil den Fokus auf das Thema Integration in bestehende Infrastrukturen unserer Kunden. Mit dem Fokus auf eine SIEM-Integration zeigen wir auf, wie sich Ihre IT- Sicherheit durch die Investition in eine PAM-Lösung signifikant erhöht.
Im zweiten Teil gehen wir speziell auf die Anforderungen unserer Kunden ein. Wir bereiten eine Teststellung vor und zeigen den großen Mehrwert auf, den auch bereits getätigte Investitionen in die IT-Sicherheit durch die Implementierung einer PAM Lösung erfahren.
Brought to you by Prisma™ Cloud, our Cloud Native Security Camp is a three-hour virtual workshop for professionals focused on learning more about how to help their organizations develop the people, processes and tools necessary to secure their cloud-native deployments. Attend to learn:
You’ll have the chance to network with peers to get insights into securing a cloud-native environment for your organization, get hands-on to see how Prisma Cloud addresses security risks throughout the development lifecycle, and enjoy some spirited competition.
Homeoffice und remote Zusammenarbeit werden durch ein weites und attraktives Angebot von cloudbasierten Collaborations-Tools begünstigt. Die aktuelle Covid-19 pandemische Situation hat zu einem großflächigen Aussetzen der Präsenzzusammenarbeit geführt. Ein nicht unerheblicher Teil der digitalen Collaboration findet - unter Access Management Gesichtspunkten betrachtet - mäßig bis schlecht organisiert statt. Wie bekommt man solche Collaborations-Szenarien (wieder) unter Kontrolle? Wie verhält es sich mit ad-hoc Szenarien? Der Vortrag wirft einen kritischen Blick auf Cloud-Collaboration und stellt einige hilfreiche praxiserprobte Lösungsansätze und Patterns im IAM-Umfeld dar.
Key Topics:
* Remote Zusammenarbeit und digitale Collaboration
* Typische Situationen: ad-hoc, Homeoffice, Beteiligungen und Partner
* Typische Cloud-Tool-Landschaft
* Patterns und Antipatterns zu Access-Management und Collaboration
95% der IT-Führungskräfte sehen die Nutzung von Passwörtern als Risiko. Dank Enterprise Identity- und Access Management können Unternehmen die Sicherheit erhöhen und Mitarbeitern gleichzeitig einfacheren Zugriff ermöglichen. Gerald Beuchelt, CISO bei LogMeIn, geht in diesem Vortrag auf die aktuelle Situation der Absicherung von Remote-Arbeitsplätzen ein und die Zukunftsvision des passwortfreien Arbeitens.
Privilege Access Management (PAM) sollte ein Schlüsselelement in Ihrer Sicherheitsstrategie sein. Daher müssen Sie sicherstellen, dass sich die von Ihnen gewählte Lösung leicht in Ihre Geschäftsprozesse und -vorgänge integrieren lässt. Erstens muss die Lösung schnell in Ihrer Umgebung implementiert werden können und möglichst wenig Reibung im täglichen Geschäftsbetrieb verursachen. Darüber hinaus muss sie sich nahtlos in andere Geschäftsvorgänge wie IGA, DevOps, Robotische Prozessautomatisierung und Active Directory integrieren, um Just-in-Time-Privilegien zu bieten, die Zero Trust ermöglichen. Außerdem muss die Verhaltensanalyse genutzt werden, um Risiken in Echtzeit zu beheben. Bevor Sie weitere Schritte mit Ihrem aktuellen PAM-Projekt unternehmen, nehmen Sie an dieser Sitzung teil, um zu sehen, wie das PAM-Portfolio der nächsten Generation von One Identity den Schutz, die Sichtbarkeit und den Umfang bietet, den Sie benötigen, um die schnellste Wertschöpfung und die niedrigsten Gesamtbetriebskosten zu erzielen.
Die Präsentation zeigt, wie ein großes international tätiges Telekommunikationsunternehmen auf Basis einer umfangreichen, historisch gewachsenen Systemlandschaft ein modernes IAM-System aufbaut und in der Praxis in einem länderübergreifenden Systemharmonisierungsprojekt umsetzt. Der Fokus liegt auf den notwendigen organisatorischen Änderungen, dem Aufbau eines unternehmensweit gültigen Rollenkonzepts, der Etablierung von Compliance- und SoD-Kontrollen und anwenderfreundlichen Mitarbeiter-Rezertifizierungen.
Beim Übergang von einer dezentralen, rechenzentrumsbasierten IT-Infrastruktur in die Cloud wird IAM oft zu einer zusätzlichen Hürde. Die Cloud setzt zwingend zentrale, konsistent betriebene IAM-Strukturen voraus, die in der Legacy-Infrastruktur nicht erforderlich waren. Alpha Barry zeigt anhand von Fallbeispielen auf, wie die Cloud-Transformation durch den Einsatz moderner IAM-Technologien signifikant vereinfacht werden kann, und welchen Beitrag IAM zur Absicherung der Cloud-Infrastruktur leisten kann.
Anhand der Darstellung konkreter Business Cases betont der Vortrag die enorme Wichtigkeit von Zugangskontrollen für die IT-Sicherheitsstrategie von Unternehmen. Er beschreibt, welche Risiken und Schwachstellen damit gezielt adressiert werden. Sie erfahren außerdem, wie der Aufbau eines Security-Konzeptes auf Basis von sicherem Access Management konkret gestaltet werden sollte und welchen Mehrwert die Integration einer Access Management Lösung in eine bestehende IT- Infrastruktur generiert.
Viele Organisationen stehen vor der Herausforderung Richtlinien für das Arbeiten aus dem Home-Office zu implementieren, um unter anderem eine stetig steigende Anzahl an Remote- und Hybrid-Mitarbeitern zu unterstützen. Während ein hybrides Arbeitsmodell eine interessante und aufregende Entwicklung darstellt, waren viele Organisationen nicht auf diese rasche, anfängliche Verlagerung der Arbeitsstruktur in Hybrid- oder Remote-Modelle vorbereitet. Die Nutzung einer Privileged Access Management-Lösung kann federführend dabei unterstützen, Sicherheitsauswirkungen dieser wachsenden Remote- und Hybrid-Belegschaft zu minimieren. Der Vortrag zeigt auf, wie diese neuen Arbeitsmodelle sicher supported sowie weiter ausgebaut werden können und legt dar, welche Rolle ein ganzheitlicher Privileged Access Management-Ansatz hierbei spielt.
Ferner behandelt der Vortrag:
Verteilte IT-Umgebungen, der Einsatz einer Vielzahl von SaaS-Anwendungen, hybride IT und Multi-Cloud-Strategien: All das führt zu einer unübersichtlichen Zahl verteilter Identitäten in den zugrundeliegenden Systemen. Eine solche jenseits des Perimeters gewachsene IT-Landschaft bietet neue Angriffsfläche für Cyberangriffe und birgt Sicherheitsrisiken. Zero Trust ist die Antwort. Doch wie baut man das notwendige Vertrauen in einer Zero Trust Welt auf?
Learn how the latest security capabilities in the Elastic Stack enable interactive exploration, incident management and automated analysis, as well as unsupervised machine learning to reduce false positives and spot anomalies — all at the speed and scale your security practitioners need to defend your organization. Additionally, we'll be talking about the new protection and detection capabilities of the free Elastic Endpoint, now also part of Elastic Security, as well as EQL - the event query language, which brings new query and detection capabilities to Elastic Security.
In his keynote, Bryan will talk on how automating Identity and Access Management can evolve your operational maturity and strengthen your security programs.
The PAM market continues to evolve and many organizations are adopting the DevOps paradigm where critical access and sensitive accounts are required in fast moving and agile environments. Paul Fisher meets Matthias for this episode and shares his research on PAM for DevOps. They talk about the challenges of this area of application, but also about the differences and similarities with "classic" PAM. And about the opportunities on a path towards a hybrid approach to PAM in today's organizations, in the midst of the Digital Transformation.
A flexible architecture is an absolute must in order to keep pace with new challenges within a constantly evolving landscape. Christopher Schütze, Cybersecurity Practice Director and Lead Analyst at KuppingerCole, will look at methodologies that help to structure, reorganize, and extend the existing Cybersecurity landscape within your organization. He will examine current topics such as “Information is the new oil” and “Trust only with verification – Zero Trust” and how you can integrate this into your strategy. Information security and ensuring a high level of trust must be a fundamental part of Cybersecurity strategies in the years to come. This will help you to make the right choices and improve overall security, and learn how to be safer with security.
When navigating a big ship, it is crucial to know your position and the course you set. In this case, the ship is a symbol for a company planning its investment in cyber security. In practice, the overall strategic view is often obscured or missing. An assessment of the cyber maturity level will give a better understanding of the position as well as the direction, considering the specific risks. A risk-based approach allows investments in cybersecurity to have the greatest possible, measurable impact.
Security is Culture – and culture starts with people (not technology!) The complex topic of SAP-security is a massive challenge for the almost 500.000 companies worldwide using SAP. The challenges are the same for everyone, and it is the combined corporate responsibility of the C-Level and all employees to protect the enterprise from threats. These core applications can be secured by focusing on the 3 main attack vectors: People, Processes, and Technology. Within this keynote, Jochen Fischer shares what needs to be done to define clear ownership and responsibilities for SAP-security. Enabling people to understand the risk in SAP is fundamental to design a sustainable strategy that is based on the individual risk profile of each individual company. It is time to stop the monkey business when it comes to mission-critical topics like security. As independent expert, Jochen Fischer provides state-of-the-art methodologies to deliver the right people the suitable skills required to protect SAP without burning money on tools that have no or limited effect on corporate cyber resilience.
In this talk, you will learn about the results of the recent KuppingerCole Survey on top Cybersecurity Topics for 2021.
In her key note Hila Meller will explain how the new normal impacted by the Covid-19 global pandemic is reflected in the Cyber Security Space.
She will explain the changing threats in this new reality as well as the steps and strategies used by BT to globally adapt to the news ways of working, combined with a wider global view based on inputs and collaboration with large multi-national organizations.
This talk aims to share the experience achieved during Q-Secure Net, a 2020's project co-financed by the European Institute of Technology (EIT) and Italtel, Cefriel, Politecnico di Milano, CNR, UPM and Telefonica. Q-Secure Net will provide a cost-effective and flexible network solution for unconditionally secure communication services based on Quantum Key Distribution (QKD) thought for fiber-optic networks.
The talk will also present an application of Blockchain Atomic Swaps for the exchange of securities and cryptocurrencies, developed in the project and based on QKD. Atomic Swaps have great potentials for financial scenarios regarding securities, crypto exchanges and cryptocurrencies but have specific security threats.
The QKD market is expected to grow over $980 million by 2024. In the long term, the QKD will be strategic for the design of new architectures in many sectors like telco, defence and transports and 5G sectors. QKD's infrastructural security and its ability to mitigate cyber-risks, also allow a whole new class of approaches and applications for Decentralised Finance.
Key Takeaways:
- QKD Features
- Capabilities for Fintech applications
- Atomic Swap and Crypto Exchanges
- How QKD can mitigate risk in applications like smart contracts for Decentralised Finance Scenarios (for example in the Atomic SWAP use case)
The machine learning deployment, integration, and release pipeline is unique and unlike any typical software, application or detection life cycle. A SOC has a blend of infrastructure, team dynamics, disparate logs and data sets, a SEIM, ticketing systems and a need for analytics to better serve and improve their defenses, cyber security posture and incident response. Proper implementation of using machine learning for cyber security defenses can be done with both team and engineering integrations. This talk will walk through an example of machine learning implementation for the SOC in an enterprise environment with lessons learned and best practices.
In 2020 organizations have been forced to accelerate their digital transformation plans to meet the needs of a more digital engaged end user. From remote workforces to shifts to online commerce, nearly every industry has had to adopt to this new reality. This has resulted in rapid cloud service adoption and a need for integration of existing on-premises investments with them. But today's Hybrid Cloud reality needs a comprehensive security policy that encompasses newly acquired cloud technologies all the way down to legacy on premises applications which provide business critical capabilities. In this presentation, we will discuss the characteristics needed in an Identity and Access Management platform that will allow organizations to quickly get address new security issues while allowing for a smooth digital transformation at their own pace.
Experts define Operational Technology (OT) as «hardware and software that detects or causes a change, through the direct monitoring and/or control of industrial equipment, assets, processes and events.»
OT differs from IT, in terms of functionalities, the culture of operators and threats. In recent months, we witness an increasing convergence of IT and OT systems. This area is a novel and rapidly expanding one for both cybercrime and industry. Recent IBM’s 2020 X-Force Threat Intelligence Index summarizes that attacks targeting operational technology (OT) infrastructure increased by over 2000 per cent in 2019 compared to the previous year. The COVID-19 pandemic accelerated these trends: it is the digital accelerant of the decade and accelerated companies’ digital transformations by approximately a global average of 6 years.
For example, one of the impacts of COVID-19 –at least until a vaccine is discovered– is the reduction of on-site staff. In the case of OT systems, this put a strain on the already limited resources and required an increase in external connectivity. The result is the numerous industrial plants exposed to, for example, ransomware attacks.
From a bird-fly point of view, IT and OT are still missing a holistic approach that includes cybersecurity, physical security and cyber-physical security, an integrated cyber-risk estimation and governance models able to span across IT and OT domains. Overall the primary need concentrates around as reconciliation of IT Security (typically built on Confidentiality-Integrity-Availability paradigm) with OT Cybersecurity (which fundamental properties are instead Safety-Reliability-Productivity).
Key Takeaways:
- Status of IT and OT security
- long term impacts of the pandemic on the digital transformation agenda of industry
- Main challenges and trends for the IT and OT security
- Some possible solutions
Is your cybersecurity as fast as your business? Finding the right strategy to secure the growing speed and diversity of DevOps driven application development and dynamic infrastructures is hard. To master this journey, organisations have not only to adapt new security controls but in most cases to redefine their cybersecurity strategy and traditional approaches such as Defence-in-Depth and Zero Trust Architectures from scratch.
In this session, you will learn the FIRST PRINCIPLES how to align the pace of your cybersecurity to your business speed from both perspectives: a cybersecurity expert and a former developer.
You don’t have to go far these days to find security professionals complaining about skills shortages, and countless media outlets relaying their views. But there are at least two sides to this argument and the situation requires a more balanced approach. The security industry needs to rebuild its narrative to attract more raw talent at all levels.
The way people are working has changed fundamentally. Cybersecurity is even more essential than before. Martin Kuppinger, Principal Analyst at KuppingerCole, will look at the factors that drive the relevance of cybersecurity, but also change the way cybersecurity is done right. He then will look at the trends in cybersecurity and how new technologies and methods help in mitigating cyber risks and improving cyber attack resilience. This includes looking at the impact of Work from Home, changing attack vectors, or the impact of AI on cybersecurity, and discussing what new technologies such as SOAR and Cyber Ranges can provide for getting better in cybersecurity. He also will look at the need for doing a thorough cybersecurity portfolio assessment, to optimize spending and getting a grip on the zoo of cybersecurity tools most businesses already have to pay for and to manage.
Cybersecurity technologies to identify, protect, detect, respond and recover are extremely important, but not sufficient. HumanOS upgrade is required to safely use the Internet and It is not only about training and awareness. It is about the way users must behave online and IT community must openly acknowledge system vulnerabilities. Humans are the weakest and strongest links in Cybersecurity.
John Tolbert has just taken a close look at the market for SOAR tools (Security Orchestration, Automation and Response) to prepare a Leadership Compass. This has just been published and this gives John and Matthias the opportunity to take a closer look at this market segment of security infrastructures.
In this keynote we are looking at practically moving existing infrastructures towards the Decentralized Identity world – widely known as Self-Sovereign Identity (SSI). Leveraging the Credential-based Access Control (CrBAC) paradigm, implementing SSI in an enterprise is easier than most people think. We will learn why and how SSI is such a bright way out of the complex and interwoven IAM world still predominant today, more than 11 years after “Dos and Dont´s when Introducing a Compliance Management Tool” in a Role-based Access Control (RBAC) context at EIC 2009.
Customer registration, identity verification, and multi-factor authentication are all critical to reduce fraudulent activity and protect your customers’ identity data. However, they don’t offer the same warm welcome as an instore employee. Join this keynote presentation to learn how to seamlessly convert, engage, and manage millions of customers online—without sacrificing security.
With the July 2020 decision of the Court of Justice of the European Union, the „Privacy Shield“ called framework that allowed personal information to be transferred between the EUC und the US; had been invalidated with immediate effect. The only remaining justification to keep on exchanging such information have been the „Standard Contractual Clauses“ (SCC, although they do not fully replace the Privacy Shield. Therefore, the questions now are:
This Keynote session with Dr. Karsten Kinast, LL.M, and KuppingerCole´s CEO Berthold Kerl will be a combination of an initial interview and a q+a part, where you directly can ask your questions.
Consumer identity and access management (CIAM) has arrived in the business processes of digital enterprises. Customers, prospects, devices, things and their relationships are becoming increasingly important. At the same time, the innovation cycles for customer-oriented applications are becoming shorter and shorter. And CIAM itself is facing continuously changing challenges.
The service-oriented paradigm of the KuppingerCole Identity Fabric provides the perfect foundation for a steady evolution. This applies both to the CIAM system itself and to CIAM as a building block of a company-wide identity infrastructure.
Thus the KuppingerCole Identity Fabric serves as the umbrella for an entire IAM architecture. It supports distinctive features for CIAM where required, while ensuring efficiency and reuse wherever possible.
The KCLive Award honors outstanding projects, standards, or people in the field of Identity Management, Cybersecurity and AI.
|
Consumer identity and access management (CIAM) is the connective technology between consumers and brands. CIAM is an important consideration when navigating routes to market for your products and services. A consumer’s journey navigating solutions to problems is where you can leverage the CIAM building blocks — capture, engage, manage and administration — for more personalized campaigns and direct consumer engagement. Read on to learn the meaning and drivers of these building blocks. |
|
Capture: Every business will need to capture users’ identities and profiles to engage with them in a personal manner. |
Earlier in 2020, the European Union published “A European Strategy for Data” outlining its vision for a connected single digital market where the benefits of the digital economy could enhance the lives of its citizens, residents and trade partners.
However, we now find ourselves at a very real crossroad. A post-pandemic world will be a new type of normal. Amidst the tragic loss of lives there have been breakthroughs in science, new ways of working along with embracing new digital tools.
We are at the beginning of a new design and architectural phase where just because technology can, doesn’t mean it should. Personal data linked to identity, fuelled by AI sits at the centre of these decisions.
Enabling citizens, students, patients, passengers and consumers to more equitably join the value chains fuelled by data will ultimately lead to greater trust and personalisation, resulting in a more prosperous society. However, this will require new commercial models, enforceable regulation and the digital tools to transform our connected society.
This session will focus on the implementation of real-world case studies including standards, commercial models and technology choices.
Many solutions in CIAM focus on authentication, while others have their strengths in integrating with marketing automation. However, there is an additional angle, relevant for both highly regulated industries but also any other industries. It is the onboarding process, regardless of whether specific KYC (Know Your Customer) requirements must be formally met or not.
Martin Kuppinger will talk about the role and approaches of Identity Verification in the context of CIAM and how this maps to the entire onboarding process as well as recurring authentication. He will look at new technologies such as DID (Decentralized Identity), but also discuss how registration can be simplified if lesser requirements apply – e.g. by rethinking the flow and putting registration and verification to the end (or even further back – think about using the first successful shipping as part of verification).
Consumers are now accessing gated content, customer portals or smart devices in ways and at a scale never seen before. The most successful companies aren’t just focused on providing secure, seamless and painless access for the end-user. They’re also passionate about delivering a customer experience that will help them drive growth. And it starts at the login box.
The challenge is to offer user-friendly login procedures via social media accounts, passwords or biometric devices while securing and respecting personal data at the same time. This combination must be taken seriously to provide a smooth Customer Experience (CX) and to guarantee that every consumer can control the access to his personal information. Join this panel to hier the best practise advises of experts in the branch.
In this first of two episodes, Annie Bailey and Matthias Reinwarth lay the foundations for the topic "Emerging Technologies in Healthcare". Beyond hype and half-knowledge, they look at the use of AI, machine learning, block chain, and modern digital identities for the comprehensive improvement of processes and systems in healthcare.
This analyst chat episode is the 50th and therefore a bit different. This time Matthias talks to two experienced analysts, Martin Kuppinger and Alexei Balaganski, about the ECSM, the European Cyber Security Month, which is to provide information and awareness on cyber security in October 2020. The particular aim they pursue is to go beyond awareness to arrive at specific measures that can benefit individuals and organizations alike.
When asked to describe IAM processes, managers tend to think first of traditional lifecycle management processes such as Joiner, Mover and Leaver (JML). While these are clearly essential for identity governance in interplay with authoritative sources, a comprehensive process framework for IAM and beyond encompasses many other areas. Martin Kuppinger and Matthias Reinwarth explore some of these additional areas between convenience and compliance.
Dynamic, risk-based, attribute- and context-related authorizations are becoming increasingly important for many enterprises. Graham Williamson and Matthias Reinwarth take a look at the market sector for dynamic authorization management and policy-based permissions in light of the recent publication of a Market Compass on this topic.
As ITSM platforms evolve into strategic tools for service deliver across a range of busines functions, it is tempting for organizations to build in identity access management, governance, and administration functionality to provide a one-stop-shop for all employee requests and eliminate the cost of a separate IAM/IGA system.
Warwick Ashford, senior analyst at KuppingerCole will explain why this is a risky strategy and discuss the benefits of and some use cases for aligning ITSM with IAM/IGA systems instead.
With all of the different IGA approaches available these days, have you ever wondered how global companies have success in centrally and seamlessly managing their mountains of requests while still maintaining critical workflows and compliance standards? Get the strategies you need to navigate and win from Todd Wiedman, Chief Information Security Officer, Landis+Gyr. Todd will be sharing insights and learnings from his successful implementation using the Clear Skye IGA solution natively running on the ServiceNow (NOW) Platform in this ‘not to be missed’ session.
Central to the ability to identify, authenticate and authorise individuals and allow them access to resources is the validation of the requirements to ensure that someone is who they claim to be, possess the requisite academic or professional qualifications, work experience, skills and understanding their competency within any given skill. Ie. I may have a driving licence with allows me the right to drive but if subsequent to a test I have never had the opportunity my competency will be almost non-existent. And of course ensuring the binding of the identity throughout the lifecycle of an individual to the claimed identity from onboarding through operation and eventual retirement, along with the credentials I’ve just highlighted.
Why have things like cell phones and automobiles become more advanced, intuitive and cost effective over time while managing Identity, particularly Identity Governance, has remained complex and expensive? The time and resources it takes to implement an identity project hinders the business and slows any hope of digital transformation. The frustration is real and ripping and replacing has not proved to be the answer. So what’s it going to take to truly get IGA right? In this thought-provoking session, Jackson Shaw, an experienced thought leader in IGA will discuss the need to rethink the core of identity and why it’s time for an IDENTITY REVOLUTION.
This session will compare and contrast characteristics of Identity Access Governance built on traditional platforms, with those built on top of ServiceNOW, taken from an field perspective. Session will review implementation costs, common outcomes, and ultimately how to decide which is the most appropriate solution based on business needs.
ITSM is going well beyond ITIL and IT ticketing these days: It’s becoming the portal and workflow platform
Not that long ago, ITSM (IT Service Management) was what the name means: A technology used within IT to manage IT services and facing to the end user when it comes to IT requests. IT requests led to tickets as the tasks to be performed by workers in IT. And yes, there was and is ITIL (IT Infrastructure Library) describing common IT processes, there were and are Service Catalogs, and there were and are CMDBs (Configuration Management Databases).
However, this is changing. ITSM platforms are shifting from IT solutions to business solutions and becoming strategic tools for organizations, for service delivery (and thus service definition, service management, and so on) across a range of business functions. They have become a widely used interface for users to a wide range of services, and they support the workflows and process automation behind these interfaces.
With IAM providing interfaces and with workflows and processes being a vital part of every IAM, it is obvious that there is a logical link between IAM and ITSM (or the other way round).
Martin Kuppinger, Principal Analyst at KuppingerCole, in his talk will look at the journey of ITSM and where ITSM is heading. He will look at the overlaps and links between IAM and ITSM. And he will take a high-level perspective on where integration is expected to become deeper and where IAM capabilities might shift to ITSM, specifically in the context of IAM evolving from monolithic platforms to modern, microservice-based architectures that can well make use of existing ITSM services, microservices, and APIs.
Warwick Ashford and Matthias Reinwarth talk about business resilience again, focusing on cyber supply chain risk management.
While properly defined and tool-supported identity and access governance (IGA) is prevalent in regulated industries to ensure compliance, it is still fairly uncommon in mid-sized or even larger companies in non-regulated industry sectors. This has not been a problem in the past, when classical, data-center based IT infrastructure was dominant. Mr. Barry will point out why a lack of IGA can become a major issue when introducing hybrid or cloud-based IT infrastructure, and will explain why tool-based IGA can even add long term value in automating the administration of a hybrid infrastructure environment.
In this session PlainID will discuss how organizations can rethink, redesign and modernize their Identity and Access Management (IAM) architecture by implementing PBAC (Policy Based Access Control). This service should be a central service supporting not only one specific set of applications but rather act as a focal point (or a “brain” if you like) for different IAM technologies. This new architecture pattern has evolved to better support more applications and more advanced use cases.
In this session Mr. Darran Rolls with provide a unique perspective on the emergence, growth and future advancement of IGA technology. In it, he provides an assessment of where we stand today with existing solutions and deployment approaches, and highlights where the industry needs to focus regarding program oversight, cross-system orchestration and integration with cloud and DevOps processes.
I’ll start working on the content this week and have some questions on format and delivery:
Alexei Balaganski and Matthias Reinwarth look at the citizen development movement and discuss the potential risks of letting business users create their applications without proper governance and security.
Virtually every cybersecurity breach today involves the exploitation of privileged access. Privileges are initially exploited to infiltrate an IT environment; once compromised by threat actors, privileges are further leveraged to move laterally, access assets, install malware, and inflict damage.
In this session, learn 10 key steps to achieving Universal Privilege Management, and how it is used to secure every user, session, and asset across your IT environment. Covered topics include:
We will also share how the BeyondTrust Privileged Access Management (PAM) platform enables absolute control over every privilege in your environment to drastically reduce your attack surface and windows of exposure, while boosting business productivity.
In the early hours of March 18th, 1990, two men entered the Gardner Museum. They left 81 minutes later with 13 artworks, including two Rembrandts, a Vermeer, a Degas, and ancient Chinese vase. The heist remains unsolved today, with no leads and no suspects — and the museum is offering a $10 million prize for the safe return of the pieces.
Given that background, you might assume that this was another session about zero trust. It’s not.
Recently, a growing emphasis on data privacy has sought to treat identities and their associated data as valuable works of art as well, worthy of protection and compensation for use. Through the lens of the Gardner Theft, we’ll evaluate the current proposals and concepts around user-owned data and explore the benefits and pitfalls of each.
We'll step through the heist, recreate those 81 minutes, and discover how identity data is the new Vermeer. Note: If we somehow crack the case together, we'll split the $10 million between us all.
Technology is evolving quickly and keeping pace requires deep knowledge and experience. Enterprises are also evolving quickly and demand advanced but simple identity solutions to successfully fast track digital transformation, cloud adoption and Zero Trust initiatives. By utilizing “Best of Breed” solutions, organizations can take advantage of the key benefits that only a multi-vendor solution can offer. Join this session to learn about the core principle of best of breed solutions and hear about some examples of what organizations have done to build the right foundation for Enterprise Identity Success.
IAM implementations are not all same, but for sure there is not as many implementations as there are situations.I have selected 3 major factors which defined our IAM project. Of course, final result was a consequence of lot more things.
And yes, we succeeded to implement full Identity lifecycle in the enterprise where starting point is a complex matrix of requirements like multiple legal entities, multiple contracts, kinds of work relationships, several account directories, manual processes.
Just name any situation, we had it. We were on the edge of failure and almost ready to add yet another failed IAM project to the list. But we made it and if I had to do it yet again in another place, in another situation, I would take these 3 with me.
Takeaways:
-Correct data is vital for every IT project, IAM is not special. But where to exactly look in the IAM project? Which issues with the data are toxic?
-The analysis of the system drives implementation architecture and design. Thereby the steering must be correct.
-And finally, how to bring it out in the enterprise scale if you cannot do big bang but same time you cannot left anybody behind?
Warwick Ashford and Matthias Reinwarth discuss the prerequisites and challenges of making a business able to adapt quickly to risks and disruptions.
Anne Bailey and Matthias Reinwarth discuss the findings of the recently published Leadership Compass on Privacy and Consent Management.
Alexei Balaganski and Matthias Reinwarth discuss the concept of ephemeral credentials and its benefits for privilege management, DevOps and beyond.
As Enterprises transitions to IaaS, Cloud Security and specifically IAM strategy and execution becomes crucial. IAM controls for IaaS/Public Cloud need to identify, secure and monitor Privilege Assets at the same time deal with the inherent elasticity, scalability and agility of the Public Cloud . As such a Privileged Access Management Program for Cloud i.e Cloud PAM is required to meet the increasingly stringent compliance and audit regulations and keep enterprises secure.
As the adoption of cloud applications and services accelerates, organizations across the globe must understand and manage the challenges posed by privileged access from remote employees, third parties, and contractors. With 77% of cloud breaches due to compromised credentials, making sure your users get easy and secure access to the cloud should be a top priority.
Join Thycotic chief security scientist and author Joseph Carson as he explains a practical approach to help you define and implement privileged access cloud security best practices. He will also share how Thycotic’s new Access Control solutions can safeguard cloud access by both IT and business users.
SSH.COM polled 625 IT and application development professionals across the United States, United Kingdom, France, and Germany to find out more about their working practices. We found that cloud and hybrid access solutions, including privileged access management software, slow down daily work for IT and application development professionals. These hurdles encourage users to take risky shortcuts and workarounds that put corporate IT data at risk.
Join SSH.COM’s David Wishart, VP Global Partnerships, to learn:
Paul Fisher will expand on his analysis of how Privileged Access Management platforms will develop support for DevOps and other key users. This will mean that certain PAM functions will be embedded within the technology stack, opening up password free and secure access paths and enable rapid task fulfilment.
John Tolbert and Matthias Reinwarth look at SP 800-207, the NIST special publication on Zero Trust architecture and discuss how it aligns with KuppingerCole's own vision of this topic (spoiler: it does align very well!)
The new normal demands organizations to enable remote workplace in a rapid and secure way.
The new normal requires privileged asset owners to make intelligent, informed and right decisions even with a fragmented view of risk.
The new normal requires governance to be integrated and inherent with privileged access workflows and not an after-thought.
This session would give insights and best practices to create the least privileged model, minimizing the risks associated with standing privileges and prepare enterprises to rapidly transform themselves through secure digital transformation.
Alexei Balaganski and Matthias Reinwarth try to make sense of the current state of quantum computing and talk about the risks it poses for information security.
John Tolbert and Matthias Reinwarth discuss benefits and limitations of agentless security solutions.
Christopher Schütze and Matthias Reinwarth discuss Enterprise Risk Management. What is it all about? What large and small companies should be focusing on? What role do IT and cybersecurity play here?
Digital privacy is a central concern for pretty much everyone. But what does ‘privacy’ really mean? How do you get it and what does it cost you? The identity community has been hard at work on a new identity model that gives people a path to take control of their online identities and personal information, making privacy convenient for individuals and practical for the organizations they interact with. In this keynote, Joy Chik will share why this identity model is necessary, how it’s becoming real, and what steps will catalyze adoption.
Working with the NHS, we are connecting our verifiable credentials infrastructure to its COVID-19 tests database so that we will be able to issue COVID-19 verifiable credentials to people in real time. Our unique design provides selective disclosure and conformance to GDPR for both the issuer (the NHS) and the verifier (e.g. a restaurant or a care home), without the need for a blockchain, revocation infrastructure or zero knowledge proofs. We will describe the architecture of our system, provide screen shots of the mobile phone interfaces, and describe the user trials we are shortly to carry out with care homes in Kent during the next few months.
Blockchain is a reaction to real security and privacy concerns. Whether or not you choose to adopt any blockchain solution, these concerns do exist and should be addressed in the way you manage enterprise Identity and Access Management. This session is for those who want to know what components to consider when implementing a blockchain ID system, and for those who wouldn’t touch blockchain with a 10-foot stick but still value the insights that come from a different identity paradigm.
Modeled from KuppingerCole’s Blockchain ID Buyer’s Compass, this session identifies the use cases most applicable to Blockchain ID, the functional components to look for in a solution, technical and organizational prerequisites, and key questions to ask a Blockchain ID vendor.
Anne Bailey and Matthias Reinwarth discuss how decentralized identities and verifiable credentials help respond to the pandemic by powering contact tracing applications, immunity passports and other important use cases.
The U.S. Department of Homeland Security (DHS) has supported Self-Sovereign Identity technologies such as Decentralized Identifiers (DIDs) and Verifiable Credentials for several years. Now, a number of companies have been selected to work with DHS on implementing digital versions of identity documents such as the Permanent Resident Card (Green Card). In this use case, the issuer of Verifiable Credentials is USCIS (United States Citizenship and Immigration Services), and the verifier is TSA (Transportation Security Administration).
The overall objective is to make use of SSI technologies in order to increase security and efficiency as well as user control and transparency. Another key parameter of the project is that all technical components must be interoperable and based on standardized interfaces.
An overview of a number of problem-driven use cases for SSI technology, focusing on a number of different domains; healthcare, distributed machine learning and education. A recap of research undertaken at the Blockpass Identity Lab over the last year.
In the future, you will not only decide where your data is stored, but also with whom you want to share your data. If you share data, everything will be logged for you and you will always have an overview of who has received data from you. This is what transparency looks like and this is what SSI promises you.
But, what are the challenges when trying to implement SSI paradigms in the real world, and where do we may have to change the overall reception on digital identities? Get first-hand insights from our experience on a project to initiate self-sovereign identity in Germany.
Enterprise wants to focus on the value identity can bring beyond verified access.
Whilst reducing identity management compliance risk and storage costs, more organizations are giving customers their identity ownership back. They are using intelligent agents, real-time data updates and new conferred trust verification methods to leverage (consented-for) identity data insights for cross-sell and up-sell - and to better service customers, employees and partners.
Distributed graph technology is enabling this. It guarantees privacy, anonymity and security – ensuring no unauthorized access to any user data. And it solves blockchain scalability, compliance and speed limitations – offering data compliance for both organizations and their stakeholders. A million graph vaults for a million customers – not one database or ledger block holding a million customer records.
We'll explain why intelligence-driven identity verification, sovereign identity ownership and compliant identity security built from the bottom up can offer enterprise the value-add they seek.
Alexei Balaganski and Matthias Reinwarth discuss the security challenges for enterprises moving to the cloud and explain why security in the cloud is still your responsibility.
Anne Bailey and Matthias Reinwarth talk about the technologies that enable employees working remotely or from home access sensible corporate information from personal devices without compromises between productivity and security.
Matthias Reinwarth and Martin Kuppinger discuss the challenges of integrating IT service management with identity governance within an enterprise.
Matthias Reinwarth and Jonh Tolbert discuss the ongoing consolidation of the cybersecurity market and talk about its reasons and potential consequences.
Matthias Reinwarth and Martin Kuppinger talk about governance and security of data across a variety of sources and formats and the need for maintaining data lineage across its complete life cycle.
Hours ago the EU Court ruled that the Privacy Shield called EU-US Data Protection Agreement is invalid, while it considers Standard Contractual Causes to be valid. Also, intersting in this context is the US Cloud Act. This may be of some impact to existing and future transcontinental relationships and the usage of US-based services within the EU. In this interview, Annie Bailey and Mike Small will discuss these new developments and implications.
Christopher Schuetze and Matthias Reinwarth discuss a security architecture blueprint that implements the concept of Security Fabric.
Consumer Identity Management (CIAM) ensures privacy, consent management, security, personalization and user experience for external users, especially consumers and customers. Although the drawbacks of building yet another data silo are obvious, many organizations still view CIAM as an isolated system. But this ignores significant potential. Matthias Reinwarth talks about the range of opportunities that can be gained by converging CIAM into an overall IAM concept, but also by integrating CIAM into broader cybersecurity and marketing infrastructures.
The PAM market has never been so dynamic and competitive as it reacts to changes in demands from organizations grappling with the effects of digital transformation on security and compliance. The findings from this year’s KuppingerCole PAM Leadership Compass reflect this dynamism as the vendors innovate across the board and add much needed functionality. Join Paul Fisher, Senior Analyst at KuppingerCole, as he discusses the findings from the report and what they mean for PAM in your own organization.
Graham Williamson and Matthias Reinwarth talk about consent: what does it mean for identity professionals, service providers or lawyers and how to reconcile all those different views in modern IAM environments.
As organizations are quickly advancing into the digital transformation, there is a growing need to secure access to critical infrastructure assets. IT security leaders have identified the need for a Privileged Access Management solution but, as their infrastructures expand and are increasingly subjected to cyber threats, they too often struggle with deployment and operational challenges. This conference will highlight how modern solutions can adapt to the evolving needs that IT leaders have to address by providing scalable deployment, operational simplicity, and reduced total cost of ownership.
Privileged Access Management (PAM) is essential to every business – just because every business is under attack, and privileged accounts are what (targeted) attacks are focusing on. Thus, there is a need for PAM, with organization, processes, policies, controls, and technology. But PAM must not be an isolated initiative. It is tightly linked to both cybersecurity and IAM initiatives, and there is also an interplay to ITSM. In his talk, Martin Kuppinger will look at how PAM relates to other areas and how to set up a comprehensive initiative that focuses on mitigating risks and improving security, by linking PAM to the rest of IT in a well-thought-out manner.
Warwick Ashford and Matthias Reinwarth discuss the standards, technologies and organizational changes needed to finally get rid of the password-based authentication once and for all.
Christopher Schuetze and Matthias Reinwarth introduce Security Fabric - a new architectural approach towards cybersecurity with the goal to achieve consistent and fully managed security across the whole corporate IT.
John Tolbert and Matthias Reinwarth talk about network detection and response solutions: what are the threats they are looking for and how they complement endpoint protection tools to ensure consistent protection against advanced attacks.
Paul Fisher and Matthias Reinwarth continue talking about privileged access management, discussing the core capabilities of modern PAM solutions.
Matthias Reinwarth and Alexei Balaganski talk about the reasons many companies are still failing to protect themselves from cyberattacks and data breaches even after spending so much on security tools.
Cloud Security best practices arise from the shared responsibility model for cloud computing, which states that customers are responsible for the security of data in the cloud. This session will cover the latest trends in cloud security, cloud provider shared security models, and the use of data encryption as a best practice. With cloud encryption key lifecycle management seen by many as a problem yet to be solved, the session will wrap with an overview of CipherTrust Cloud Key Manager from Thales.
In a follow-up to an earlier episode, Matthias Reinwarth and Anne Bailey discuss practical approaches and recommendations for applying AI governance in your organization.
Join the conversation as we help you explore laying the foundation of identity and security into your cloud-first strategy. If the following questions have crossed your mind, we're happy you found your way to this session.
A. Business-critical apps are constantly being migrated to the cloud to keep up with business. How do I know who is accessing what and if it is appropriate? Can I eliminate persistent accounts and provide JIT access?
B. Native compliance controls are provided from each of my cloud providers making it difficult, inefficient, and costly to obtain overall visibility and proof of continuous compliance monitoring. Am I continuously meeting my compliance controls in the shared responsibility model?
All organizations need to consider the risks related to the availability of their business-critical data and take appropriate measures to mitigate these risks. In most cases this will involve investing in backup and disaster recovery products and services. In today’s hybrid IT environment these must cover both on-premises and cloud delivered services in a consistent way. This session will cover KuppingerCole’s research into this area and summarize our Market Compass Cloud Backup and Disaster Recovery.
In his Opening Keynote, Martin Kuppinger, Principal Analyst at KuppingerCole, will talk about the practical consequences of having a “cloud first” strategy in place. Declaring such a strategy is simple. Successfully executing it is the bigger beast to tame. Martin Kuppinger will look at the success factors for executing a “cloud first” strategy and identify what it needs in the organization, operations, integration, vendor selection, risk assessment, management, security, and identity. He also will look at the various levels of such cloud first strategies, from full multi-tenant public cloud to basic “lift & shift”, as well as the interoperability with the remaining on-premises infrastructure as well as the role Edge Computing will play in future.
Matthias Reinwarth and John Tolbert talk about profound implications of security products not having their administrative interfaces sufficiently secured with technologies like multi-factor authentication.
Matthias Reinwarth and Anne Bailey talk about Artificial Intelligence and various issues and challenges of its governance and regulation.
Matthias Reinwarth and Christopher Schütze talk about the importance of processes to make your IAM projects successful.
As the recent widely publicized revelations have shown, the risk of purchasing hard- and software with deliberately or accidentally built-in weaknesses is much higher than we could have estimated – but it is not the only element of Supply Chain Risk. Supply chains can only be as strong as their weakest link. In a world where enterprises must focus on what they can do best and outsource everything else, it is necessary to know these weak spots and to limit the risks occurring from them.
Ensuring business continuity is a challenge during times of crisis such as the pandemic caused by the Covid-19 virus. Companies were and are facing an increasing number of cyber-attacks which can cause damage to their finances, reputation, and growth. Today, most people continue to work from home, hence the attack surface is dramatically increased. In such trying times, the effective cybersecurity measures are of utmost importance. It is essential for businesses to understand that cybersecurity has become part of business continuity and modern, innovative approaches together with a high level of communication with the company is essential to overcome the challenges posed by cyber adversaries.
Businesses face various risks when deploying external products and services. Among them is the possibility of cyber intrusion which can pose a major challenge to the company’s infrastructure and require a re-think of cybersecurity strategy. A well thought-out and properly structured management of a supplier base classified as trustworthy is just as much a part of this discipline as the use of standardized certification procedures for such products. In this panel we will discuss the importance of cyber supply chain risk management (C-SCRM) and its effect on resilience of a digital business.
While governments and public healthcare specialists are looking into the timing and manner of reopening the economy, it is clear that at some point in the hopefully not-too-distant future restrictions will be eased and businesses will return to normal operations. Returning to recently-vacated offices will certainly signify a return to normality, and for most, that will be a welcome relief after working from home for an extended period. However, just as the shift to working from home required organizations to adapt and act differently, so will the return to the office. In this keynote, we discuss the preparation CISOs should consider making to offset a number of security implications that arise from returning your workforce from home and back to the office.
Security teams were already going through a fundamental shift in how they protect the business, even before the acceleration to remote working due to Covid-19. Given that Identity and Access Management (IAM) is now undeniably the first line of defense for organisations worldwide, how can security leaders turn the challenges, both legacy and new, into opportunities to mitigate risk and add value to the business? And all this in a way that will elevate the position, and change the perception, of security at the same time?
Based on a recent study Barry McMahon from LastPass looks at the challenges facing security teams and details five drivers where Identity and Access Management can support the business needs to benefit both the business and security team. There is also some excellent guidance on how best to engage the senior decision makers and speak in a language they understand.
Matthias Reinwarth and Paul Fisher launch a new series of talks about privileged access management.
Matthias Reinwarth and John Tolbert discuss the latest "innovations" fraudsters are using during the pandemic crisis and the methods to mitigate them.
Matthias Reinwarth and Alexei Balaganski look at the potential alternatives to VPNs and security gateways.
Matthias Reinwarth and Martin Kuppinger explain how to protect your users from phishing attacks when they're all working from home...
Learn more about how to continue successful business with Senior Analyst Warwick Ashford's Analyst Advice on Business Resilience Management.
Matthias Reinwarth and Alexei Balaganski talk about making the right choice of a database engine to power your next cloud project.
Matthias Reinwarth and Martin Kuppinger dispel a few myths about Zero Trust.
Matthias Reinwarth and Alexei Balaganski discuss the plethora of acronyms for security analytics solutions: from SOC and SIEM to UEBA and SOAR.
Identity Management is on the change. It will never be the same again. It is already more than Employee IAM. The segregation between various parts of IAM is blurring. Digital business require advanced identity services, well beyond the human identities. Identity Fabrics are the model for your Future IAM. They are about a consistent set of capabilities and services in a modern architecture, supporting your business and IT use cases. They deliver the Identity Services for your new digital services, ready-to-use and supporting the time-to-value in the digital transformation of your business. However, they also provide a path for modernizing and consolidating your legacy IAM into a modern set of IAM services, at your own pace. Thus, Identity Fabrics enable your IAM expansion and transition. Martin Kuppinger will explain the fundamental concepts of Identity Fabrics and explain why these are the cornerstone of forward-looking IAM strategies.
Every business today is faced with a digital transformative imperative. In a digital world, where everyone is connected to everything, secure access is key for employees, partners, customers and even things. Organizations are challenged however by the need for controlling and staying on top of constant change and at the same time allowing continuous innovation of both technology and business models. How do you keep up with the speed of change and the need for security? In his keynote, Tim Barber will discuss the concept of Identity Fabrics - platforms that provide all of the required services with a strong digital identity backend and discuss the essential technologies required to build, deliver and innovate at the speed of business.
The KuppingerCole Virtual Awards Series 2020 honors outstanding Identity Management and Security projects, standards or people during the upcoming virtual conferences. Today's award category considers Enterprise IAM projects, including Identity Governance & Administration, Identity Federation, Privileged Access Management, and other technologies. These projects may cover all types of identities but should include employee identities and focus on managing hybrid environments. Join the live award ceremony as the KuppingerCole jury announces the Best Enterpise IAM Project winner.
The current healthcare crisis has drastically changed how and where work is done, and the way organizations operate. To get to this point, it was a battle for IT admins that oversee your Active Directory infrastructure.
Then what happens when this crisis is over? How can your organisation quickly and smoothly bounce back from the identity management challenges brought on all the forced change?
Matthias Reinwarth and Christopher Schütze talk about how to efficiently identify and rate your investments into Cybersecurity.
Christopher Schütze and Matthias Reinwarth explain the importance of having an incident response plan.
Matthias Reinwarth and Martin Kuppinger discuss the measures necessary for securing your favorite online communication platform.
Matthias Reinwarth and Graham Williamson are talking about managing IAM projects properly.
Matthias Reinwarth and Alexei Balaganski discuss the challenges of explosive API growth without proper security controls in place.
Matthias Reinwarth and Graham Williamson are talking about designing an IAM project architecture.
Matthias Reinwarth and John Tolbert explain the meaning behind the term and talk about various factors that help identify fraudulent transactions in different industries.
Matthias Reinwarth and Martin Kuppinger identify the key topics for cybersecurity in the times of crisis. Get a complete overview on Business Resilience Management for free and read the Analyst Advice from Senior Analyst Warwick Ashford!
Matthias Reinwarth and Christopher Schütze are taking a look at five different phases of cyber security.
Matthias Reinwarth and Martin Kuppinger explain what you could be doing wrong with regards to cybersecurity priorities.
Matthias Reinwarth and Alexei Balaganski discuss the history of ransomware and the measures needed to protect yourself against it.
Read also: Business Resilience Management (Crisis Roadmap for Beginners)
Matthias Reinwarth and Martin Kuppinger are discussing the security challenges enterprises are now facing with the majority of employees working from home.
In the first official episode of the KuppingerCole Analyst Chat podcast, Matthias Reinwarth and John Tolbert are talking about the challenges of data protection in modern times.
Welcome to the pilot issue of the KuppingerCole Analyst Chat - our soon-to-be-regular podcast. Stay tuned for more episodes!
