Blog by Martin Kuppinger

Blog
Passwordless Authentication 101
by Martin Kuppinger
Passwordless authentication has become a trending topic in IT over the past two years. This comes to no surprise, with all the password-related security incidents that happened in the past years. Passwords are known as a security risks, and passwords are inconvenient to the users. Passwordless authentication bears the promise of increasing security and reducing friction. Done right, this is true. Passwordless authentication can overcome the notion of “balancing security with convenience”, which factually says that convenience goes down when the level of security increases, to a...
Read More
Blog
Enhancing Zero Trust in a ServiceNow Environment
by Martin Kuppinger
Zero Trust has been established as the guiding principle for cybersecurity. The “don’t trust, always verify” approach stands for methods that don’t rely only on singular security tools, such as the traditional network perimeter firewall, to keep attackers out. Instead, Zero Trust builds on layered security and repeated or  continuous verification. The concept of Zero Trust has evolved beyond a network perspective, restricting lateral movements of users once they have passed the firewall. It involves a broader model that looks at many different layers of...
Read More
Blog
Martin Kuppinger's Must Watch Sessions
by Martin Kuppinger
CSLS (Cybersecurity Leadership Summit) 2022, a fully hybrid event taking place Nov 8th to 10th in Berlin, is approaching quickly. Being asked to pick few must watch sessions, I had the challenge of selecting only a few, instead of a long list of sessions worthwhile to attend or stream. Here are my five favorites.  Frank Fischer, CISO of the Deutsche Bahn, will talk about the role a Software Bill of Materials (SBOM) can potentially play in increasing cyber resilience. Just a hype or the one thing we need to tackle Cybersecurity Supply Chain Security?  With...
Read More
Blog
Training Non-techies on Cybersecurity Awareness
by Martin Kuppinger
Most users are just a bit techie. Some more, some less. But as we all know, real cybersecurity experts are rare. Thus, it is best to assume that the ones you want to educate on cybersecurity awareness and response are no technical, nor cybersecurity experts.  However, with everyone of us being a user of devices in personal life, and everyone being in danger of cyber-attacks, cybersecurity awareness training has become way easier. The approach I take for several years now is to focus on what this means on the own device, in the personal life, and then to transfer to the business...
Read More
Blog
Thales Acquires OneWelcome: Beyond CIAM
by Martin Kuppinger
Thales, a global provider of advanced technology solutions, with more than 80,000 employees worldwide, and an established business unit for Digital Identity and Security, has announced the acquisition of OneWelcome, one of the leading European providers of CIAM (Consumer IAM). While the acquisition will provide OneWelcome with a go-to-market capability on a global scale, there are interesting options beyond that. OneWelcome delivers CIAM and B2B management capabilities, consent management, authentication support, and policy-based access control. Thales, on the other hand, has a variety...
Read More
Blog
Trending at EIC 2022: Identity Proofing & Fraud Reduction
by Martin Kuppinger
Aside from the convergence of decentralized and centralized identities and the return of policy-based access controls, here is my #3 on the list of hot topics at EIC 2022: Identity proofing & fraud reduction. These are two closely related topics, with fraud covering not only the initial proof of an identity, but also the recurring access and user behavior. Massive market uptake We have seen a massive uptake in both fields, with identity proofing also having a close link to decentralized identities and the reusable proofs in identity wallets. Identity proofing as the reliable...
Read More
Blog
Trending at EIC 2022: The Return of Policy-Based IAM
by Martin Kuppinger
Following my recent blog post on trending topics at EIC 2022, where I discussed the integration of decentralized and centralized identities, there are other topics I’d like to highlight. My #2 on the list of outstanding topics at EIC 2022, is the return of policy-based IAM. More than a decade ago, XACML (eXtensible Access Control Markup Language) was a trending topic, as a standard that allows applications to send a request to an authorization server at run-time. The server then checked this request and either granted or revoked access (or granted access with restrictions)....
Read More
Blog
Trending at EIC 2022: Integrating Decentralized & Centralized Identity
by Martin Kuppinger
At this year’s European Identity & Cloud Conference (EIC 2022) that we hosted in Berlin from May 10 th to 13 th , some topics stood out from all the vibrant discussions and enlightening presentations. My #1 topic is the emergence of integration between decentralized identity (DID) - also referred to Self-Sovereign Identity (SSI) or as verifiable credentials - and traditional, centralized IAM (Identity & Access Management) and CIAM (Consumer IAM). DID has been a hot topic at EIC for many years, but more as an innovation that is somewhat separate from traditional IAM....
Read More
Blog
The Changing Market for Access Control & Risk Management for Business Applications
by Martin Kuppinger
Pathlock’s acquisition tour is changing the market dynamics A few days ago, Pathlock, one of the leading providers in the market for Access Control & Risk Management for Business Applications , has announced a merger with Appsian and Security Weaver, and the acquisition of CSI Tools and SAST Solutions. With that, five of the vendors in this market segment, become one. In our recent Leadership Compass on Access Control Solutions for SAP and other LoB (Line of Business) Applications , we had covered overall 23 vendors. With five of these merging into one, it becomes apparent...
Read More
Blog
The European Identity & Cloud Conference Celebrates Its 15th Edition – Time for Looking Back
by Martin Kuppinger
As one of the founders of KuppingerCole Analysts, I’m also an EIC (European Identity & Cloud Conference) veteran. Looking back to the start in 2007, a lot has changed since then, but the core of EIC is what it has been from the very beginning: A conference that provides both thought leadership and best practices from the field. A conference that brings together end users, vendors, analysts, and other experts, for close interaction and exchange. A conference that, I dare to say (and I’m proud of), is the most relevant gathering on identity topics globally. Time to make a...
Read More
1 2 3 4 5 6 7 Next