Click on the slide!

EMV and Payment Security

Coming Up!               Learn why EMV is not the only answer to Payment Security on…

Click on the slide!

Building a Secure, Compliant Cloud.

Coming Up!               Learn best practices with us on Sept. 24th!

Click on the slide!

Are You Securing Hadoop?

Coming Up!               Learn about Securing Hadoop by adopting a Data-Centric Approach.

Click on the slide!

Risk-Based ePHI Security Planning

On-Demand               Compliance does not equal security! View now on-demand!

Frontpage Slideshow (version 2.0.0) - Copyright © 2006-2008 by JoomlaWorks
Martin Kuppinger
KuppingerCole

  • From preventive to detective and corrective IAM
    Controls in security and GRC (Governance, Risk Management, and Compliance) systems are commonly structured in preventive, detective, and reactive controls. When we look at IAM/IAG (Identity and Access Management/Governance), we can observe a journey from the initial focus on preventive controls towards increasingly advanced detective and corrective controls. Initially IAM started with a preventive focus. […]

  • Can EU customers rely on US Cloud Providers?
    The recent US court decision has added to the concerns of EU customers (and of other regions such as APAC) regarding the use of Cloud services from US-based providers. The decision orders Microsoft to turn over a customer’s emails stored in Ireland to the US government. The decision required the company to hand over any […]

  • IBM to acquire CrossIdeas – further expanding its IAM/IAG portfolio
    A while ago I blogged about IBM being back as a leader in the IAM/IAG (Identity Access Management/Governance) market. Today the news that IBM is to acquire CrossIdeas, an Italian vendor in the Access Governance market, hit the wire. CrossIdeas is a key player in Access Governance in its home market, but also had some […]

  • More questions IAM buyers should ask
    Earlier this year, I published the Buyer’s Guide: Access Governance and Provisioning. That document provides condensed information about key selection criteria for Identity Provisioning and Access Governance products, while also posing questions that buyers should ask of vendors. I focused on “top 10 non-functional selection criteria” or “top 10 questions to ask the vendors”. As […]

  • Extending your Active Directory to the Cloud
    Most organizations have a Microsoft Active Directory in place. The Active Directory (or, in short, AD) builds the foundation of their on-premises infrastructure for managing users, performing their primary network authentication and authentication to AD-integrated applications such as Microsoft Exchange Server, and some network infrastructure services including client configuration management based on Group Policies. AD […]

  • Dynamic Authorization Management and ABAC: The journey is the reward
    Chinese philosopher Confucius is said to be the originator of the saying “the journey is the reward”. What does it mean? In its historic meaning, it says that by moving forward people will benefit, even while they might not reach perfection. Applied to projects, it means that continuous improvements, new understandings and small successes over […]

  • How to identify attacks? Know your enemies – and what they already might do.
    In a panel discussion I had at EIC 2014 with Roy Adar, Vice President of Product Management at CyberArk, Roy brought up an interesting number: according to research, attacks start on average 200 days before they are detected. Taking into account the Gaussian distribution behind this average, some attackers might have been active for years […]

  • The Future of Corporate IT
    When looking at today’s IT, it is driven by some major evolutions. Everything which is done in IT has to take these evolutions into account. One is Social Computing. The second evolution is Mobile Computing. The third evolution is Cloud Computing. All these trends affect IT fundamentally. The consumerization and deperimeterization of IT are logical […]

  • Real world face recognition and where paper beats the smartphone
    A few days ago, I was I was travelling in a local train, together with a business partner, from my office in Germany to an event in another city. We both learned a lot about the real world challenges of face recognition. While I already had a 24-hour ticket for travelling in and around that […]

  • Real-time Security Intelligence – more than just “next generation SIEM”
    Recently  a spotlight has been shed on the need for investing in Information Security solutions. The increase in cyber-attacks, the consistently high level of internal challenges, the appearance of more sophisticated types of long-running attacks (sometimes called Advanced Persistent Threats or APTs), the concerns regarding cyber-security following the Snowden revelations, the permanent challenge of dealing […]

  • The end of the Social Login begins: FIDO Alliance, Samsung, and PayPal to redefine authentication
    Recently, the FIDO Alliance announced that PayPal and Samsung were enabling consumer payments with fingerprint authentication on the new Samsung Galaxy S5. My valued colleague Dave Kearns and I have written various posts about the FIDO Alliance and the impact we expect they will have on the market of strong authentication and BYOI (Bring Your […]

  • The Mt. Gox Bitcoin disaster and the need for innovation in the finance industry
    A few days ago, Tokyo-based Bitcoin exchange Mt. Gox appeared to be in trouble. When looking at their website Friday morning, I only found meaningless announcements. They are “working very hard to find a solution to our recent issues”. Looking at the situation realistically, chances are high that the owners of the Bitcoins have lost […]

  • The new ABC: Agile businesses – connected
    Agility is a key capability of successful organizations. Agility is the ability to quickly adapt the organization and the business model to new customer demands, innovations, and a changing competitive landscape. We live in a time where virtually all business relies on IT. Whether this is retail, finance, or life sciences – business requires IT. […]

  • Secure Information Sharing: Which approach to choose?
    There are various approaches to Secure Information Sharing (SIS), as I have explained in previous posts. However, which one is the best? As always, there is no simple answer. It depends on the requirements of the customers. Nevertheless, the various product categories have their strengths and limitations. Let’s look at the categories within SIS first: […]

  • Why Apple’s culture of secrecy is your biggest risk in BYOD
    The news of the bug in Apple operating systems has spread this week. As Seth Rosenblatt wrote on cnet, Apple’s culture of secrecy again has delayed a security response. While there is a patch available for iOS, the users of OS X still have to wait. I have written before about the risks Apple’s culture […]