KuppingerCole Analysts

Securing containers along their lifecycle and wherever they are deployed is a cybersecurity challenge. And it is a new topic for KuppingerCole Analysts. Alexei Balaganski joins Matthias to talk about the just recently completed Leadership Compass on Container Security.

Martin Kuppinger gives Matthias one of these rare insights into the process of creating and delivering the next great opening keynote of an event. With EIC 2022 being already in sight in May 2022 in Berlin, they talk about the composable enterprise and more perceived or actual buzzwords, and how to make sense of this in a business context.

On March 25th, 2022 the European Commission and the US government announced a new agreement governing the transfer of data between the EU and the US. Mike Small and Annie Bailey join Matthias to have a first look as analysts (not lawyers) at this potential milestone for data privacy between the European and the US regions.

This time Alexei Balaganski and Matthias look at practical approaches to actually implementing Zero Trust for specific, real-life use cases. On this occasion, they also finally unveil the connections between Zero Trust and Feng Shui.

GAIN (the Global Assured Identities Network) is entering a new phase. On March 2, the technical proof-of-concept group was launched to actually test the concepts. Annie Bailey and Matthias have a look at the list of participants, the agenda, and the potential outcomes of this PoC. And provide a sneak peek at more about GAIN at the upcoming EIC 2022 in Berlin in May.

Online tracking is a highly visible privacy issue that a lot of people care about. Third-party cookies are most notorious for being used in cross-site tracking, retargeting, and ad-serving. Annie Bailey and Matthias sit down to discuss the most recently proposed approach called „Topics API“.

Access control tools for application environments, which include SAP in particular, but also a growing number of other business applications, are becoming increasingly important for compliance and cybersecurity. They also serve as a basis for granting proper access to employees efficiently. Martin Kuppinger and Matthias look at this market segment and at new, innovative solutions, on the occasion of very recent research that has just been published.

Data catalogs and metadata management solutions help capture and manage data from all enterprise data sources to enable the use of that data and support data governance and data security initiatives. This interesting and growing market segment is the topic this week when Martin Kuppinger and Matthias sit down for the Analyst Chat podcast.

The conclusion of a tool choice process is usually the consideration of commercial aspects, i.e. software costs and licensing. Martin Kuppinger and Matthias look at this central aspect and discuss different approaches to make different offers comparable, but also give recommendations to vendors on how they can make decisions easier for their potential customers.

A comprehensive cybersecurity strategy typically includes the use of modern, intelligent Security Information and Event Management (SIEM) platforms. These go far beyond simply aggregating and analyzing log files. Alexei Balaganski outlines the latest market developments based on his recently published Leadership Compass on "Intelligent SIEM Platforms" and explains the differences to other market segments together with Matthias.

The importance of efficient and secure cloud backup and recovery is often underestimated. Mike Small explains these two disciplines to Matthias and looks at the market of available solutions on the occasion of his recently published Leadership Compass. He also provides valuable guidance on what a strategy and its successful implementation can look like in this area.

The three biggest threats to business resilience are IT Risk, Compliance Risk, and Vendor Risk. Integrated Risk Management Platforms address these risks. KuppingerCole's Lead Analyst Paul Fisher has analyzed this market segment recently and he joins Matthias to talk about recent developments and the market in general.

"Privacy and Consent Management" is an exciting topic in a continuously changing market. Annie Bailey has just completed her latest Leadership Compass, which researches this market segment. To mark the release of this document, she joined Matthias for an Analyst Chat episode where she talks about the innovations and current developments.

A new year, and 2022, like 2021, again begins with a look back at a far-reaching security incident. Cybersecurity Analyst Alexei Balaganski and Matthias take the topic of Log4j as an opportunity to look at code quality and cyber supply chain risk management. They also mention Mike Small's excellent blog post, which can be read here: https://www.kuppingercole.com/blog/small/log4j-how-well-did-you-perform

Paul Fisher and Matthias present their very subjective summary of a really special and, in particular, especially challenging past year, 2021. They cannot do without the word 'pandemic' after all, but they also try to reach a first perspective on the year 2022 from the past 12 months.

The announcement of the GAIN initiative for the secure distribution of verified and assured identity data has been made at EIC in September. While the core concepts of this initiative have been discussed in earlier episodes, Martin and Anni sit down with Matthias to do a deeper dive into further aspects of GAIN, including the use beyond customer-related IAM and the challenge of privacy in such a hyper-connected network for PII.

Senior Analyst Graham Williamson joins Matthias from down under to talk about edge computing. Starting from the definition and relevant use cases, they focus on where the edge brings value. They discuss what the key criteria for a successful deployment are and what needs to be looked at to do edge computing while preserving security and privacy.

Lead analyst Alexei Balaganski joins Matthias for an episode on Data-Centric Security. Starting with a definition behind that term, they look at relevant technologies and market segments and discuss adequate ways of adding Data-Centric Security to an organization's cybersecurity strategy.

From November 9th to 11th, the Cybersecurity Leadership Summit 2021 took place in Berlin and virtually online. The Monday after, Martin Kuppinger and Matthias sat together to talk about some first impressions and insights from this event. The recordings and slide decks are available for participants and those interested at https://www.kuppingercole.com/events/csls2021/

In the past, servers and applications were rather static, and entitlements too were static. But this has changed. Organizations must deal with a multi-cloud, multi-hybrid IT. Entitlements and access in today’s cloud environments are dynamic, just like workloads. Martin Kuppinger joins Martin to explore the area of Dynamic Resource Entitlement and Access Management (DREAM). Together they look at policies and automation as one key building block for managing today's volatile IT.

No big celebration, but at least a mention: this is the 100th episode of the KuppingerCole analyst chat. Martin Kuppinger joins Matthias to discuss the increasingly important topic of "everything as code" and how to define proper strategies for approaching this, especially in the context of the BASIS concept. For more on this, both recommend revisiting Martin's opening keynote from this year's EIC.

John Tolbert sits down with Matthias and shares his insights into current approaches for protecting and defending essential enterprise systems beyond traditional, often office-focused cybersecurity. Safeguarding Operational Technology (OT), Industrial Control Systems (ICS), and the Industrial Internet of Things (IIoT) is getting increasingly important. John explains that modern approaches like Network Detection and Response (NDR) and especially Distributed Deception Platforms (DDP) can be valuable building blocks in an overall strategy for defending, for example, the factory floor or critical clinical systems.

Annie Bailey and Matthias take a deeper look at the emerging concept of the Global Assured Identities Network (GAIN) and also seek a broader perspective on the benefits and challenges of reusable identities in general.

The idea of low-code/no-code (LC/NC) application development is for end users to create their own custom applications, perhaps using a graphical design tool, selecting from a library of existing building blocks, or perhaps even with the assistance of artificial intelligence. Alexei Balaganski explains the concepts behind this new development, takes a look at the current market and, finally, highlights the challenges and security issues that may be hidden behind the use of such application development.

While moderating and speaking at KuppingerCole's flagship EIC 2021 event in Munich, Matthias also took the opportunity to sit down one-on-one with his fellow analysts in the conference studio for some EIC special analyst chat episodes. In the third and final special episode, Martin Kuppinger and Matthias look at how current technologies and concepts complement each other to improve security and convenience for users of modern technologies at the same time.

KuppingerCole's flagship event EIC 2021 took place very successfully in Munich and online in September. Of course, Matthias took the opportunity to sit down with his fellow analysts in person for some EIC Special Analyst Chat episodes. Building on the themes of his Opening Keynote, Martin Kuppinger explains the concepts behind "Deconstructing the User Journey".

EIC 2021 finally took place in Munich in a hybrid format between on-site and online. Of course, Matthias took the opportunity to sit down with his analyst colleagues in person for some EIC special analyst chat episodes. In the first of three specials, Christopher Schütze talks to him about the findings from his pre-conference workshop on defending against ransomware, and they also turn their attention to a promising new approach to creating globally secured identities.

Martin Kuppinger and Matthias discuss the high-priority topic of how to achieve automation of management and security across the entire multi-hybrid, multi-cloud IT infrastructure based on well-defined policies.

Cybersecurity is one of the areas where virtually every business will need to invest because of ever-growing cyber risks and ever-tightening regulations, and in the post-Covid era, the cybsersecurity market continues to evolve and grow, having gained even greater importance. Warwick Ashford joins Matthias to discuss the factors driving the trends in this market and what businesses should be considering when making cybersecurity investments.

Christopher Schütze provides the fundamentals for a pivotal topic in cybersecurity, namely how to create processes and systems for comprehensive and continuously improving vulnerability management. Together with Matthias, he provides an overview of elementary aspects that need to be considered.

The market segment of products and services that are designed to manage and secure APIs as essential resources in a multitude of different environments is constantly evolving. On the occasion of the publication of the latest edition of his Leadership Compass "API Management and Security", Alexei Balaganski explains the fundamentals and current developments of these products and services.

Business Intelligence is the discipline of deriving business insights from raw enterprise data to inform decision making. Although this is a mature market, new trends are stirring up this market sector. Annie Bailey joins Matthias to explain what is changing and what 'Next-generation BI platforms' are.

XDR (eXtended Detection & Response) solutions are an emerging category of security tools that are designed to consolidate and replace multiple point solutions. John Tolbert and Alexei Balaganski join Matthias and share their views on this market, the existing offerings, and how it might evolve.

Paul Fisher has researched the topic of Data Governance Platforms extensively, and he published a Market Compass on this topic at KuppingerCole Analysts just a few weeks ago. In the current episode of Analyst Chat, he explains this market segment to Matthias and provides insight into current developments.

The path toward a Zero Trust architecture to improve cybersecurity for modern enterprises in a hybrid IT landscape often seems overly complex and burdensome. Alexei Balaganski is this week's chat partner for Matthias and he draws attention to an often overlooked benefit of such an infrastructure. One key idea of Zero Trust is to actually reduce complexity and unnecessary effort and instead focus on what really needs to be protected.

This episode concludes the four-part series on hybrid IT. To wrap things up, Mike Small and Matthias focus on the latest developments in hybrid infrastructures, between containers, hyperconverged, edge and cloud in a box.

Part three of the four-part series on hybrid IT looks at approaches to appropriately manage and evolve hybrid architectures. Mike Small and Matthias put the focus not only on technical management, but also on appropriate governance in particular.

Mike Small and Matthias continue their four-part series on hybrid IT, looking at the increasing complexity: they look at multiple dimensions of the challenges that come with deploying and operating hybrid IT architectures.

This is the kickoff of a four-part series of podcast episodes around hybrid IT. Mike Small and Matthias explore the fundamentals of modern architectures between the cloud and the traditional data center.

In episode seven of this podcast, John Tolbert and Matthias first looked at Fraud Reduction Intelligence Platforms more than a year ago. Much has happened in this market segment since then, and on the occasion of the release of the updated Leadership Compass, they look at the latest innovations.

Anne Bailey has just completed extensive research into the new market segment of AI Service Clouds. In this episode, she explains this innovative concept, which aims to overcome the lack of qualified personnel and bring artificial intelligence and machine learning to more companies.

Your DNS server knows what websites you use, what the name of your mail server is, and which corporate services you use while working from your home office. And there are even broader challenges when it comes to protecting sensitive personal data in that context. Alexei Balaganski and Matthias continue their conversation about a fundamental Internet resource, the Domain Name System, this time walking the fine line between technology and trust.

Some internet services are so deeply woven into the core infrastructure, that they are just taken for granted or even ignored in our daily digital life. One example is the Domain Name System. Alexei and Matthias discuss the basics of DNS, look at current cybersecurity threats targeted at it, and explain how they can be mitigated.

Maintaining finer grained access by administering AD groups through dedicated and delegated application administrators is the reality in many organizations. Martin Kuppinger and Matthias discuss these types of indirect authorization management and why they are no good choice, even more when AD becomes legacy.

CIEM is one of the latest entries to the set of 3- and 4-letter acronyms in IAM technology. Martin Kuppinger and Matthias take a look at the functionality behind it and its role within an Identity Fabric.

Martin Kuppinger joins Matthias for a first hybrid audio plus video episode of the Analyst Chat. They talk about horizontal (capabilities like AM, IGA, and PAM) and vertical siloes (identities like things, robots, customers, partners, or employees). And they lay out a proper approach to strategically get rid of these siloes in the long run.  

Building on the first three podcast episodes of this series with Annie and Shikha, Paul Fisher and Matthias turn their attention to the Privileged Access Management aspect in the context of WfH and its Cybersecurity Threat Landscape. They look at the role PAM plays in the particular WfH use cases for administrators, as well as for business users. And they look at the potential changes that this will bring for the further development of PAM in the future.

The Internet of Things is everywhere around us. Almost every device we use is connected to the internet. But are they really smart or intelligent? An most important – what are we and will we be doing about their security? Join Thom from SentinelOne and Alexei as they discuss what AI and IoT really are to learn how many IoT devices Alexei has at home and how long we have to wait until "The Terminator" will be al real thing.

Shikha Porwal and Matthias Reinwarth have a coffee conversation over the security risks of working remotely. They talk through the vulnerabilities of a home network, and touch base with the pandemic related end point security threats, employee behavior and finally, Zero trust.  

Annie and Matthias continue their conversation on the COVID-related trends in 2021. They conversate about different technology and internet usage trends, and also mention some potential topics that will become more prominent in the future as a learning from these trends.