Click on the slide!

PCI 3.0 and VISA in 2015

Live Webcast!             Join our expert roundtable as we give some tips to prepare for PCI DSS 3.0 and…

Click on the slide!

Securing Payments in 2015

Live Webcast!             Join us as we explain how to implement EMV, End-to-end encryption (E2EE), and Tokenization.

Frontpage Slideshow (version 2.0.0) - Copyright © 2006-2008 by JoomlaWorks
Martin Kuppinger
KuppingerCole

  • Gemalto feels secure after attack – the rest of the world does not
    In today’s press conference regarding the last week’s publications on a possible compromise of SIM cards from Gemalto by the theft of keys the company has confirmed security incidents during the time frame mentioned in the original report. It’s difficult to say, however, whether their other security products have been affected, since significant parts of […]

  • Gemalto fühlt sich weiter sicher – der Rest der Welt ist es nicht
    In einer Pressekonferenz zu den Veröffentlichungen von vergangener Woche zu einer möglichen Kompromittierung von SIM-Karten von Gemalto durch den Diebstahl von Schlüsseln hat Gemalto heute bekannt gemacht dass es Vorfälle gegeben hat – ob wirklich keine anderen Produkte betroffen waren kann man aber nicht sagen, weil wesentliche Teile des Angriffs, insbesondere in den wirklich sensitiven […]

  • Operational Technology: Safety vs. Security – or Safety and Security?
    In recent years, the area of “Operational Technology” – the technology used in manufacturing, in Industrial Control Systems (ICS), SCADA devices, etc. – has gained the attention of Information Security people. This is a logical consequence of the digital transformation of businesses as well as concepts like the connected (or even hyper-connected) enterprise or “Industry […]

  • UMA and Life Management Platforms
    Back in 2012, KuppingerCole introduced the concept of Life Management Platforms. This concept aligns well with the VRM (Vendor Relationship Management) efforts of ProjectVRM, however it goes beyond in not solely focusing on the customer to vendor relationships. Some other terms occasionally found include Personal Clouds (not a very concrete term, with a number of […]

  • Adaptive Policy-based Access Management (APAM): The Future of Authentication and Authorization
    It’s not RBAC vs. ABAC – it’s APAM. Over the past several years, there have been a lot of discussions around terms such as RBAC (Role Based Access Control), ABAC (Attribute Based Access Control), Dynamic Authorization Management (DAM) and standards such as XACML. Other terms such as RiskBAC (Risk Based Access Control) have been introduced […]

  • UMA in the Enterprise: There’s far more potential for UMA
    UMA, the upcoming User Managed Access Protocol, is a profile of OAuth 2.0. The specification itself defines the role of UMA as follows: “UMA defines how resource owners can control protected-resource access by clients operated by arbitrary requesting parties, where the resources reside on any number of resource servers, and where a centralized authorization server […]

  • Minimal disclosure becoming reality
    This week, the EU-funded project ABC4Trust, led by Prof. Dr. Kai Rannenberg, Goethe University Frankfurt, announced that they successfully implemented two pilot projects. The target of the project has been what Kim Cameron in his Seven Laws of Identity has defined as law #2, “Minimal disclosure for a constrained use”. It also observes law #1, […]

  • How CSPs could and should help their EU customers in adopting the Cloud
    Many customers, especially in the EU (European Union) and particularly in Germany and some other countries, are reluctant regarding cloud adoption. There are other regions with comparable situations, such as the Middle East or some countries in the APAC region. Particularly public cloud solutions provided by US companies are seen skeptical. While the legal aspect […]

  • Seven Fundamentals for Future Identity and Access Management
    Identity and Access Management is changing rapidly. While the traditional focus has been on employees and their access to internal systems, with an emphasis on the HR system as the leading source for identity information, Identity Management has to address a far more complex environment today. Over the past several years, we have already seen […]

  • Read your cloud contract well: Your cloud service might become disruptive to your business
    There is a lot of talk about disruptive technology and disruptive innovation – not only in the context of fundamental technology changes, but also in the context of innovating your business by being disruptive. Cloud Computing has a potential for fostering such innovation in business, for various reasons: It makes IT services available to organizations […]

  • Amazon opens data center in Germany
    Today, AWS (Amazon Web Services) announced the opening of their new region, located in Frankfurt, Germany. The new facilities actually contain two availability zones, i.e. at least two distinct data centers. AWS can now provide a local solution to customers in mainland Europe, located close to one of the most important Internet hubs. While on […]

  • Mobile, Cloud, and Active Directory
    Cloud IAM is moving forward. Even though there is no common understanding of which features are required, we see more and more vendors – both start-ups and vendors from the traditional field of IAM (Identity and Access Management) – entering that market. Aside from providing an alternative to established on-premise IAM/IAG, we also see a […]

  • SAP enters the Cloud IAM market – the competition becomes even tougher
    The market for Cloud IAM and in particular Cloud User and Access Management – extending the reach of IAM to business partners, consumers, and Cloud applications through a Cloud service – is growing, both with respect to market size and service providers. While there were a number of start-ups (such as Ping Identity, Okta and […]

  • From preventive to detective and corrective IAM
    Controls in security and GRC (Governance, Risk Management, and Compliance) systems are commonly structured in preventive, detective, and reactive controls. When we look at IAM/IAG (Identity and Access Management/Governance), we can observe a journey from the initial focus on preventive controls towards increasingly advanced detective and corrective controls. Initially IAM started with a preventive focus. […]

  • Can EU customers rely on US Cloud Providers?
    The recent US court decision has added to the concerns of EU customers (and of other regions such as APAC) regarding the use of Cloud services from US-based providers. The decision orders Microsoft to turn over a customer’s emails stored in Ireland to the US government. The decision required the company to hand over any […]