KuppingerCole Blog

Navigator
IGA, the key to security and compliance
by Warwick Ashford
Securing data and complying with the growing number of associated local, regional, and international regulations are two of the biggest challenges facing most modern organizations as they become increasingly reliant on complex IT environments. Key to achieving both data security and regulatory compliance is the ability to manage identities effectively and enforce policy-based access controls to ensure only authorized people and things have access to IT systems and data under the correct circumstances. This has become increasingly challenging with the proliferation of digital...
Read More
Navigator
Reducing Risk Through Effective Access Management
by Warwick Ashford
Business is increasingly reliant on IT, from critical line-of-business applications, productivity and collaboration applications to e-commerce, and online customer services. In the modern world, it is more important than ever to ensure that the right people have access to the right systems at the right time, but that has become increasingly challenging. Not only are IT systems distributed across on-prem installations and multiple cloud providers, but attackers typically use compromised or stolen credentials as their primary way of gaining access to company networks and systems....
Read More
Navigator
The Evolving Role of the CISO
by Warwick Ashford
The role of the Chief Information Security Officer (CISO) has long been a topic for debate. Almost ever since the role first emerged as organizations saw the need to focus on information security, there has been discussion about the how role could or should evolve. With information security now more important than ever before, the role of the CISO continues to evolve and gain in importance, with responsibilities extending way beyond the IT department and technical issues to include processes, policy, strategy, regulatory requirements and collaboration with peers, technology developers...
Read More
Blog
Enhancing Zero Trust in a ServiceNow Environment
by Martin Kuppinger
Zero Trust has been established as the guiding principle for cybersecurity. The “don’t trust, always verify” approach stands for methods that don’t rely only on singular security tools, such as the traditional network perimeter firewall, to keep attackers out. Instead, Zero Trust builds on layered security and repeated or  continuous verification. The concept of Zero Trust has evolved beyond a network perspective, restricting lateral movements of users once they have passed the firewall. It involves a broader model that looks at many different layers of...
Read More
Navigator
Cyber Resilience
by Warwick Ashford
In the post-pandemic world, most people understand the concept of resiliency, which refers to the capacity to recover quickly from some form of adversity - be that Covid-19 infection, cyber-attack, natural disaster, geo-political tensions, and even cyber and kinetic conflict. Business leaders are increasingly understanding the benefits of taking steps to prevent business disruption because the pandemic has made it clear that businesses need to ensure resiliency at all levels to mitigate any disruption to normal business operations. Due to the increase reliance of businesses on...
Read More
Blog
Preventing Supply Chain Attacks
by Marius Goeddert
  What are your top 3 cybersecurity priorities? And have they changed much in recent years? So, my top three cybersecurity priorities haven't actually really changed over the years. They actually changed in content and severity but not over all. So, a major concern, of course, are we seeing enough, do we know whether we are somehow compromised or not? The second question, of course, are we protected enough to actually avoid this happening in the first place, and as a regulated entity our third thought is already around regulatory compliance because security and...
Read More
Blog
Oracle CloudWorld Impressions
by Alexei Balaganski
Last week, I had an opportunity to visit Oracle CloudWorld, the company’s new flagship conference for customers and partners, which is also the reincarnation of the familiar OpenWorld after the three-year break caused by the Covid pandemic. With the new title and location - the event has moved from San Francisco to Las Vegas - everything I felt after stepping into the venue was somehow different and yet the same. On the one hand, I was glad to meet the same crowd and fellow analysts, as well as see many Oracle employees in person after years of just Zoom sessions. On the other...
Read More
Blog
What We Can Learn from DeFi and Crypto Exchange Attacks
by Anne Bailey
Some attacks on decentralized finance (DeFi) platforms are financial in nature – the manipulation of token prices in the Mango Market attack for example. However, many other attacks are much more mundane but with an important lesson – best practices in cybersecurity are always relevant. Code Vulnerabilities The widespread use of open-source code is a potential vulnerability of decentralized crypto exchanges. Open-source code libraries, and their potential vulnerabilities, are visible to anyone who chooses to investigate. Malicious or not. The Wormhole hack in...
Read More
Navigator
Passwordless Authentication
by Warwick Ashford
Passwords have not been fit for purpose for a long time. They are too easy to guess, crack, discover, and steal. Passwords are also costly and time consuming to manage, and password reuse is a major problem. However, after talking about getting rid of passwords for years, it is beginning to happen at last, thanks to advances in technology and standards that are finally making passwordless authentication a real option that is practical and scalable. Given that the Passwordless Authentication market is dynamic, exciting, and competitive means that organizations no longer have any excuse...
Read More
Blog
Do You Really Need a VPN?
by Alexei Balaganski
It looks like we are halfway through the Cybersecurity Awareness Month of October already, and I thought it might be the appropriate time to talk about VPNs. Again. Haven’t we talked about them enough, you might ask? Every time KuppingerCole analysts bring up the topic of Zero Trust ,  we feel obliged to mention how VPNs have long outlived their purpose, and how organizations have to finally get rid of them and move to more modern solutions . I’m fairly certain, there will even be a bunch of sessions at the upcoming Cybersecurity Leadership Summit talking about them....
Read More
Previous 3 4 5 6 7 8 9 Next