• Governance, Compliance & Risk
• SOA
• Business Information Management
• User Centric Identity
• Unified Communications
• Cloud Computing
• Identity Federation
• Internet Scale Identity
• Mobile Identity
• Identity Driven Security
• Context Based Authentication
• eHealth
• eGovernment
• Automotive & Manufacturing
• Finance

Kuppinger Cole News

• Cloud Security ? the market is evolving
• Martin Kuppinger: IT-Herausforderung Berechtigungsmanagement
• Martin Kuppinger: Externalisierte Sicherheit � richtig gemacht
• Product Report: Cyber-Ark Privileged Identity Management Suite (PIM)
• Product Report: Zscaler Cloud Security

Articles

Martin Kuppinger: GRC and IT Security - where is the link? 18.02.2010 Martin Kuppinger

GRC became one of the really hot topics in business and IT, especially in larger organizations, over the course of the last few years. However, there is a lot of confusion about the terms associated with GRC. In many organizations, few people have a clear view of what GRC involves and requires, and few organizations have an organizational structure for GRC with clearly defined responsibilities. Of these organizations, many have limited their GRC initiatives either to some aspects like �business only�, �risk only� or �IT only�. Read the article

Martin Kuppinger: Why CIO should put GRC on the New Year�s resolution list 30.12.2009 Martin Kuppinger

GRC (Governance, Risk Management, Compliance) is one of the best-known and least understood buzzwords in IT today. As is too often the case, a variety of stakeholders have seized on the expression and defined it any way they choose. Nevertheless, GRC belongs right up there on your list of New Year�s resolutions because it is (or should be) an essential part of overall IT strategy. Read the article

Martin Kuppinger: How to fight �GRC Anarchy� 19.10.2009 Martin Kuppinger

GRC (Governance, Risk Management, Compliance) has become a leading issue not only for IT professionals, but for senior management as well. However, it isn�t always clear who�s in charge. Responsibility for GRC is set to become a major issue in the coming months.. Read the article

Martin Kuppinger: GRC � a heavily segmented market 01.10.2009 Martin Kuppinger

GRC � Governance, Risk Management, Compliance. A typical buzzword, but well established right now. However, the problem of all emerging markets associated with a buzzword arises here as well: There are many different vendors with different types of offerings, all claiming to solve the GRC problem. But: The GRC problem has many facets and is (beyond �we have to manage risk, we have to be compliant�) largely undefined. We�ll publish a report these days on a GRC reference architecture followed by, probably in early November, a market segmentation report, placing vendors in one or more appropriate segments. Like every valid and successful emerging market, GRC will move from a large set of different solutions towards a market with some well defined segments of vendors. Read the article

Martin Kuppinger: Compliance as a risk? 02.04.2009 Martin Kuppinger

GRC (Governance, Risk Management, and Compliance) has become a core issue for any CIO over the course of the last few years. SOX brought popularity to IT compliance � and nowadays everyone seems to talk about GRC. But sometimes, the approaches chosen seem to increase risk instead of mitigating it. Read the article

Martin Kuppinger: The need for a holistic approach to IAM, GRC, DLP, PAM, and IRM 04.03.2009 Martin Kuppinger

IT is very well-known for first its ability to create three-letter acronyms and second the mix-up of different marketing terms, leading to overlapping and sometimes pretty unclear market segments. Besides, many vendors try to convince people that their (and only their) solution is sort of the holy grail for all problems. Read the article

Martin Kuppinger: Enterprise Role Management 16.12.2008 Martin Kuppinger

The Kuppinger Cole definition of generic GRC tools which support a consistent platform approach to GRC requirements, includes role management capabilities as one of the core functional areas. To efficiently implement GRC, organizations should consider an enterprise role management approach. Read the article

Felix Gaehtgens: ArisID is born � a next generation Identity Framework for Developers 15.12.2008 Felix Gaehtgens

The Liberty Alliance has announced the availability of ArisID and Project Aristotle. In a recent Webcast, Oracle�s Phil Hunt presented ArisID and demonstrated its usefulness to software developers. This innovation makes it easier to develop applications that are becoming increasingly less dependent on where identity information is stored, making applications easier to deploy in an identity management infrastructure. Read the article

Martin Kuppinger: The need for an integrated risk management 27.11.2008 Martin Kuppinger

During our GRC Forum 2008 which we�ve held in Frankfurt, one of the important discussions was around the way risk management should be implemented. There was broad agreement on the thesis that IT Risk Management and Enterprise Risk Management can�t be separated � at least not beyond the part which deals with strategic risks. Read the article

Martin Kuppinger: Governance, Risk Management, Compliance 20.10.2008 Martin Kuppinger

GRC (Governance, Risk Management, Compliance) is presently a core topic for every mid-sized and large organization. The number of regulations is growing. Auditors are focusing on Corporate Governance and IT Governance, are asking for risk managements and are looking on access controls and other specific IT aspects. Read the article

Martin Kuppinger: Trend Report IAM and GRC 2009-2019 29.09.2008 Martin Kuppinger

Investments in IAM and GRC have to solve current needs - but what about the future? With IAM and GRC building the cornerstones of a holistic security infrastructure, decisions within these areas are fundamentally influencing corporate IT and therefore should remain valid beyond a scope of some two or five years from now. For sure, things will change and technologies will evolve. But there are trends which can help in supporting decisions on IAM and GRC investments and reducing the risk of these decisions. Read the article

MARTIN KUPPINGER: GRC � one needs it 12.08.2008 Martin Kuppinger

It is presently discussed, especially in USA, whether GRC (Governance, Risk Management, Compliance) or to be exact, standardized solutions are more significant for GRC. It is interesting to note the blog-contributions from Archie Reed, HP on this. I also commented on the same in one of my current blog-contributions. Read the article

Mike Small�s Keynote at EIC 2008 21.05.2008 Joerg Resch

If you put together 40 years of experience in computer industry, an extra portion of extra-dry British humor and excellent thought leadership, you�ll get the right mix to really understand, wether Security, Privacy and Trust are a mission impossible. Thank you Mike Small (CA) for this great keynote. Read the article

Marne Gordan�s Keynote at EIC 2008 21.05.2008 Joerg Resch

Marne�s brilliant keynote on the 32 Billion $ (2008) GRC Market. Talking about some famous examples in finance and health industries, she reminds us, that it is all about human behavior, when it gets down to the question, why GRC is so important. Read the article

GRC and Role Management 19.04.2008 Martin Kuppinger

GRC (Governance, Risk Management, Compliance) is amongst the most important emerging market segments in IT. KCP expects that there will be tools which integrate analysis, attestation, authorization management, risk management, and role management functionalities to provide an overall GRC solution which can be applied to all applications and all Compliance regulations which are relevant to any organization. Read the article

Identity Theft ? state of affairs 28.09.2007 Martin Kuppinger

Identity Theft is anything but new, but still an exigent as well as unsolved problem. Only recently, Reto Hartinger, initiator of internet-briefing-ch, told me about a rather glaring case of Identity Theft, described and discussed in detail in his blog Read the article

Role management - where is it heading? 15.07.2007 Martin Kuppinger

I am working on a comprehensive report on standard tools for Role Management and their vendors. This has long been an item on my to-do list, but only now it has gained top priority. The reason is of course that Role Management was a cutting-edge issue on KPC`s European Identity Conference. Read the article

Trends in Provisioning 05.07.2007 Martin Kuppinger

What will be ?the next big thing? of Identity Management? I think there will be two development steps both deserving to be described like this. Read the article

Identity Management and Business 05.07.2007 Martin Kuppinger

I always appreciate feedback on my newsletter articles ? especially positive feedback, of course. Recently I was able to do so twice: The first positive feedback concerned my article about Roles Management in one of our latest newsletters, the second referred to the text on Data Quality some time before. In both cases, I would like to add some important thoughts to the discussion. Read the article

The future of role management 29.06.2007 Martin Kuppinger

In connection with Identity Federation, a discussion repeatedly circulating about Role Management is being renewed. A closer look at the discussion, however, reveals as a main focus the question how to best model roles ? suggesting that no big change is in sight! Read the article

Governance automation 29.06.2007 Martin Kuppinger

Recently, the term Compliance Automation has become quite common. But ? as often with new terms ? a consistent comprehension of its meaning is still missing. In the following I would like to try a definition and a contextual placement. Read the article

Reports

Business Report: GRC Market Structure 02.05.2010 Martin Kuppinger €165.00

GRC stands for Governance, Risk Management, Compliance. It is used to describe Information Tech-nology which supports these specific business requirements. This report provides a segmentation of the overall GRC market with its different elements, from the C-level dashboards down to technical elements which are required to provide information for automated controls and the automated re-mediation in case that defined thresholds of controls aren’t met. The core elements are Business GRC Operational GRC Generic IT GRC and CCM (Continuous Controls Monitoring) Specialized IT GRC tools Technical “support” tools We recommend drawing a big picture as target for an integrated GRC view, like the Enterprise GRC architecture shown in this report. This can act as the guideline for GRC initiatives across the entire organization – and it addresses some specific project risks, especially because it mandates interoperability between different elements within this...

Order the report

Product Report: SAP Business Objects GRC Access Control 15.04.2010 Sachar Paulus €95.00

The SAP BusinessObjects GRC Access Control (in short AC) solution is a powerful set of tools that help to automate risk analysis and mitigation for user and authorization management in SAP and non-SAP systems. It is a strong product for the SAP ABAP world, and is able to cover non-SAP systems using real-time adapters from Greenlight. It covers a substantial subset of the overall GRC requirements – it provides a leading-edge solution for SAP environments, which are at the centre of many IT environments and is able to perform as a realtime cross-platform solution. The core of the product suite - Risk Analysis and Remediation (RAR) - is the most valuable part and helps effectively to reduce risks in ABAP-based SAP systems - and correspondingly in the implemented business processes - mostly by the set of predefined risks delivered with the product. RAR also supports non-SAP systems in real time due to the risk definition at business process level and the mapping to...

Order the report

Technology Report: Access Governance Architectures 23.03.2010 Martin Kuppinger €165.00

Access Governance is about the governance and management of access controls in IT systems and thus about mitigating access-related risks. These risks include the theft of information, fraud through changing information, and the abuse of IT systems for example in banking for illegal actions, to name just a few. The large number of prominent incidents within the last few years proves the need to address these issues – in any industry. There is an increasing number of tools for Access Governance. However, the implementation has to be well-thought, given that there are many different architectural approaches for Access Governance. It is no surprise that the vendors of Access Governance tools tend to position their tools as the core element of at least the IT GRC infrastructure. From the KuppingerCole perspective, the role shouldn’t be overhyped. Access governance is important with respect to the high relevance of access risks. However, Access Governance might be...

Order the report

Overview Report: A GRC Reference Architecture 05.10.2009 Sachar Paulus €195.00

Governance, Risk & Compliance - these three terms, in short "GRC" are pretty widely used in these days. Unfortunately, there is great confusion in how this term is used. The reason for this confusion is with high probability the fact that it allows to sell pretty easily all kind of technology under the umbrella of "Risk" and "Compliance" solutions. But there are very precise areas that GRC should cover, and other that it shouldn't, for example "IT-GRC", the area of tools and methodologies to assure internal control within IT operations, should be part of it, but "Financial Risk" - a core activity of the financial department - shouldn't. This report aims to clarify the term GRC by defining a reference architecture, what exactly should be part of a GRC framework and how the different parts interact. It looks at GRC from a company-wide point of view, assembling all activities that have a certain internal control nature, yet...

Order the report

Market Report: GRC 2009 02.05.2009 Martin Kuppinger €165.00

GRC (Governance, Risk Management, Compliance) is amongst the most important emerging market segments in IT. Kuppinger Cole observes an trend towards tools which integrate analysis, attestation, authorization management, risk management, Segregation of Duties controls, and role management functionalities to provide an overall GRC solution with focus on access controls and authorization which can be applied to all applications and all compliance regulations which are relevant to any organization in a first step. Beyond that we expect to see more complete GRC solutions which cover other aspects as well like the management of security events and incidents or availability and business continuity, to fully support the requirements on IT Governance. Beyond that we as well expect advancements in the integration of enterprise-driven approaches, mainly for risk management (Enterprise Risk Management, ERM) and IT-driven approaches, e.g. IT Risk Management (IRM). Today there are partial...

Order the report

Vendor Report: IBM�s IAM and GRC offerings 27.03.2009 Martin Kuppinger €95.00

IBM is amongst the vendors which have entered the IAM market early. Right now, IBM can deliver in most areas of the IAM market, with only few missing elements in their overall portfolio. In the GRC market, the current focus of IBM is more towards SIEM-related GRC issues and log analysis, whilst IBM offers no specific platform for IAM-GRC. Anyhow, we expect IBM to be able to provide solutions through partnerships if required. Besides this, the approach chosen by IBM positions the company pretty well for the emerging trend towards GRC platforms which support any aspect of GRC require-ments and which aren’t limited to the IAM-related parts of GRC (e.g. access/authorization analysis and management). Given that IBM has entered the market early, IBM can provide a relatively mature software portfolio for IAM, with some recent additions like their Enterprise Single Sign-On solution and some new inte-grations for example between Enterprise Single Sign-On and the Tivoli Federated...

Order the report

Business Report: Key Risk/Performance Indicators IAM and GRC 09.02.2009 Martin Kuppinger €165.00

The concept of Key Performance Indicators is well established at the corporate level, using scorecards as a tool for a quick overview on the progress of organizations. Key Risk Indicators add risk metrics to that view, relating the progress of indicators to changes in risks. The report provides 25 selected Key Risk Indicators (KRI) for the area of IAM and GRC. These indicators are easy to measure and provide a quick overview of the risk status and its changes for organizations. The indicators can be combined in a risk scorecard which then can be continuously used in IT management and corporate management. Kuppinger Cole strongly recommends using KRI concepts as tool within IT and specifically IAM and GRC. Many KRIs are easy to use and provide quick results. Thus, risks can become a key control for IT, providing insight in risks and support decisions on IT investments.

Order the report

Trend Report: Enterprise Role Management 16.01.2009 Martin Kuppinger €125.00

Enterprise Role Management describes an enterprise-wide approach for defining role models and roles for every type of system which requires roles, going beyond IAM and GRC requirements. Within that concept, there are typically three levels of roles, which we define as Business Roles, IT-functional Roles, and System-level Roles. These concepts are accepted and implemented by an increasing number of organizations. The report provides, beyond some numbers on the role management market, guidelines for imple-menting Enterprise Role Management successfully. The information in this report is based on a survey Kuppinger Cole has run in November/December 2008 amongst role management responsible from organizations of any size and on the current, ongo-ing research of Kuppinger Cole.  

Order the report

KCP Webinar Identity Management und GRC - Trends 2009-2019 10.10.2008 Martin Kuppinger

This document is only available to our subscribed customers. If you have a subscription, please log in to download it.

Download

Trend Report IAM and GRC 2009-2019 24.09.2008 Martin Kuppinger €295.00

Order the report

Market Report: GRC 2008 19.04.2008 Martin Kuppinger €165.00

GRC (Governance, Risk Management, Compliance) is amongst the most important emerging market segments in IT. KCP expects that there will be tools which integrate analysis, attestation, authorization management, risk management, and role management functionalities to provide an overall GRC solution which can be applied to all applications and all Compliance regulations which are relevant to any organization.

Order the report

Events

Congress: European Identity Conference 2011 10.05. - 13.05.2011 , Munich

With its world class list of speakers, a unique mix of best practices presentations, panel discussions, thought leadership statements and analyst views, EIC has become an absolute must-attend event for enterprise IT leaders from all over Europe. Information

Webinar: The Business Value of Log Management Best Practices 26.01.2011 , 3pm (CET), 2pm (UK)

Although log management recently has been gaining more attention as a key element of any information security strategy, many even large organizations have not yet developed and implemented log management best practices. In this webinar, Kuppinger Cole�s Pricipal Analyst Martin Kuppinger will discuss with you the business value of best practices for log management. Followed by Martin, Pascal Oetiker from Novell will describe his view on how to develop and implement log management best practices. Information

Webinar: Building Operational Governance for SharePoint 2010 09.12.2010 , 5:00pm CET, 11:00am EST

During this free webinar, Martin Kuppinger will give an overview on SharePoint Governance, followed by SharePoint expert Joel Oleson who will show you how to simplify SharePoint 2010 management with operations plans that include governance and change management policies as well as governance best practices. Information

Webinar: 5 Key Challenges for Cloud Computing Governance 02.12.2010 , 15:00 CET, 2pm UTC

Cloud Computing is adding a number of challenges to IT governance. In this opening session to the 2010 Kuppinger Cole Cloud Computing Virtual Conference, Martin Kuppinger will talk about the 5 key challenges to be aware of, if you want to extend your IT governance to cloud computing. Information

Webinar: Cloud Computing Risk Areas 02.12.2010 , 16:00 CET, 3pm UTC

Before jumping into the cloud, you should know about the risks, so that you can ask the right questions to your provider. In this webinar session, we will discuss the main risk areas of cloud computing, such as data location, transparency, privileged user access, Recovery and data segregation, and how to keep them under control. Information

Webinar: Privileged Cloud Identity Management 30.11.2010 , 11:00 Uhr

In diesem Webinar wird zun�chst Martin Kuppinger von KuppingerCole eine grundlegende Einf�hrung in das Management privilegierter Benutzer im Unternehmen, innerhalb von Outsourcing-Verh�ltnissen und in der Public Cloud geben. Der Schwerpunkt wird hier insbesondere auf der Frage liegen, welche Anforderungen an einen Public Cloud oder Outsourcing Dienstleister zu stellen sind, damit Ihr internes (PUM) durch die Hinzunahme von Cloud Services nicht kompromittiert wird. Jochen Koehler vom Privileged Identity Management Spezialisten Cyber-Ark wird daran anschliessend einen �beraus interessanten Einblick in die Praxis geben und die Strategie seines Unternehmens zur Absicherung Ihrer Cloud-Strategie erl�utern. Information

Webinar: Integrating Enterprise GRC and IT-GRC Programs on a Single Framework 19.11.2010 , 16:00 CET, 10am EST

This webinar will highlight how organizations can manage risk better across their IT and business processes, thus enabling them to determine potential impact considering both IT and business controls. Information

Webinar: Governance, Risk Management & Compliance in der Cloud 18.11.2010 , 11:00 - 11:45

Zwischenzeitlich haben sich sehr viele Unternehmen daf�r entschieden, Dienste aus der Cloud zu nutzen. Teilweise auch schon seit Jahren, bevor der Begriff des Cloud Computing �berhaupt entstanden war. Wenn es aber um die Verteilung unternehmenskritischer Informationen geht, dann ist die Zur�ckhaltung sehr viel gr��er und der Zielkonflikt zwischen einer "Hochverf�gbarkeit" von Informationen und deren Sicherheit wird mit dem fortschreitenden Siegeszug des Cloud Computing immer st�rker. F�r interne Systeme ist ein funktionierender GRC-Ansatz die Regel. Wie aber sieht es in der Cloud aus? In diesem Webinar spricht Martin Kuppinger dar�ber, wie Sie Ihren GRC-Ansatz erfolgreich in die Cloud bringen. Information

Webinar: SharePoint Governance: Vom Site Chaos zur vertrauensw�rdigen Plattform 12.11.2010 , 14:00 Uhr

SharePoint-Umgebungen tendieren dazu, sich den GRC-Anforderungen Ihres Unternehmens widersetzen zu wollen. In diesem Webinar beschreibt Martin Kuppinger einen holistischen Ansatz zur Einbung Ihrer SharePoint-Umgebung in ein unternehmensweites GRC und Identity Management. Dr. martin Kuhlmann von Omada wird daraufhin detailliert darstellen, wie sich dieser Ansatz effektiv umsetzen l�sst. Information

Webinar: Zugriffe im Griff: Von der �bersicht zur Risikominimierung 28.10.2010 , 11:00

Martin Kuppinger von KuppingerCole geht in diesem Webinar auf die Trends im Bereich der Access Governance und die Rolle, die Access Governance in GRC-Strategien spielen kann und muss ein. Er definiert Anforderungen an Access Governance-L�sungen und liefert eine Checkliste f�r die Auswahl solcher L�sungen. Klaus Hild von Novell spricht anschlie�end �ber Best Practices f�r die schrittweise Entwicklung und Umsetzung von Access Governance-L�sungen. Information

Webinar: How to Deploy Identity Management When You're Not a Top Fortune 500 Company 25.10.2010 , 16:00 CEST, 2pm UTC

Medium-to-large enterprises face specific challenges in implementing identity management. Quite often, solutions are tailored for very large companies, making deployments an uneasy fit. In this Webinar, Martin Kuppinger will show how, by adding focused added value step-by-step, enterprises can accumulate quick wins and reach identity workflow and compliance safely. Followed by Martin, St�phane Vinsot from Evidian will lead you through some Best Practices and will talk about Evidian�s experiences with identity management deployments in medium-to-large enterprises. Information

Webinar: Policy Based Access Control with XACML 3.0 22.10.2010 , 17:00 CET

Version 3 of the XACML standard could be a large stride forward towards a flexible and versatile access management. As opposed to traditional role-based access control systems, XACML is policy driven, not role driven. So, should we throw away now role-based access control? In this webinar, Kuppinger Cole�s Senior Analyst Felix Gaehtgens will talk about the improvements achieved with this new standard version and describe, how these improvements can influence current and future access control initiatives. Felix will be followed by former Burton Group Analyst and now Axiomatics Americas President Gerry Gebel, who will present together with his collegue David Brossard an impressive XACML 3.0 best practice with 200 Million users. Information

Seminar: Enterprise Cloud Security Summit 19.10.2010 , 09:45 - 16:00

Innerhalb weniger Jahre hat sich das Cloud Computing zu einem dominierenden Trend entwickelt, der sich zudem wie kaum ein Trend zuvor ver�ndernd auf die IT-Infrastruktur auswirkt. Im Gegensatz zu typischen, Technologie-getriebenen Trends, geht die Nachfrage nach Cloud Computing Services von den Fachabteilungen aus, bisweilen unter Umgehung der "klassischen" internen IT-Infrastruktur. F�r die IT-Abteilungen bedeutet dies, einer ganzen Reihe von neuen Sicherheitsrisiken begegnen zu m�ssen. Im KuppingerCole Enterprise Cloud Security Summit diskutieren erfahrene Analysten mit Ihnen dar�ber, wie das Cloud Computing den klassischen Security-Ansatz ver�ndert, und wie ein Nebeneinander von internen und externen Services reibungslos funktionieren kann. Information

Webinar: Best Practices for Enterprise Log Management 30.09.2010 , 15:00 CEST, 1pm UTC, 9am EDT

Not only since cloud computing has become a hype, traditional perimeters have been more and more disappearing. Managing risks and securing compliance in such "cloudy" environments has become a critical priority. At the same time, an ever increasing number of different systems and devices create floods of IT events and monitoring those events and find out those in real time, which indicate a threat. Managing logs therefore has become a complex task. Join us in this webinar to discuss best practices for log management. Information

Webinar: Managing Identities in Hybrid Cloud Environments 17.09.2010 , 15:00 CEST, 1pm UTC, 2pm BST

It is easy to understand, why the cloud computing model appeals to senior executives, as it promises to enable enterprises to rapidly and cost efficiently adapt to changes in their business environment. Agility is key to success, but budgets are tight - that�s where cloud computing scenarios fit in perfectly. Adding cloud services to your existing enterprise IT - how does that fit with your identity management? This is the key question, when it comes to security in such hybrid environments. In this webinar, we will discuss with you about identity infused compliance in hybrid cloud/internal IT environments. Information

Webinar: Access Governance and Access Auditing at Triodos Bank 15.09.2010 , 16:00 CEST, 2pm UTC

Information

Congress: European Identity Conference 2010 04.05. - 07.05.2010 , Munich

With its world class list of speakers, a unique mix of best practices presentations, panel discussions, thought leadership statements and analyst views, EIC has become an absolute must-attend event for enterprise IT leaders from all over Europe. Information

Congress: CLOUD 2010 04.05. - 07.05.2010 , Munich

Kuppinger Cole are proud to announce the Cloud Computing Flagship Event for Europe: CLOUD 2010. Making Cloud Computing work for your enterprise, how to prepare for it and what the risks involved with a cloud strategy are - Join us in Munich for an exciting event beyond the hype. Information

Webinar: Information Security and Governance for Microsoft SharePoint Environments 26.04.2010 , 16:30-17:30 CEST, 10:30am Eastern

In this webinar, we will look at the SharePoint Security and the SharePoint Security Add-On market, with specific focus on what you need to fulfill the GRC requirements in SharePoint environments and how to do that integrated with other information systems. Information

Congress: GRC-Forum 2009 03.11. - 05.11.2009

Eine direkte Verkn�pfung zentraler Gesch�ftsprozesse mit einem unternehmensweiten GRC-Management bringt klare wirtschaftliche Vorteile und reduziert die Risiken. Das GRC-Forum 2009 unterst�tzt Sie bei der Einf�hrung und Verbesserung eines solchen GRC-Managements und einer darauf abgestimmten Strategie f�r Ihre Unternehmens-IT. Information

Webinar: The Role of Entitlement Management in Governance, Risk and Compliance Management 13.10.2009 , 16:00 CEST

Modern IT infrastructures empower their users and thereby introduce new risks. The effectiveness and efficiency of control frameworks and GRC programs are therefore becoming an increasingly important focus area for IT and business managers alike. Yet, GRC initiatives tend to be reactive, striving to optimize monitoring, surveillance and auditing capabilities and the GRC overhead keeps growing. Instead we need risk-intelligence built into our IT-infrastructures. This is what Entitlement Management helps achieve. Entitlement Management provides real-time enforcement of policy-based access controls based on policy modeling implementing regulatory compliance and risk mitigation plans. This enables a shift from reactive surveillance to proactive enforcement which reduces the GRC overhead and improves control efficiency. This webinar is supported by Axiomatics. Information

Seminar: Governance, Risk und Compliance � mehr als nur Regeln 22.09.2009 , 9:00 - 14:00

Zuverl�ssigkeit ist das wichtigste Merkmal einer guten Identit�ts- und Sicherheitsmanagementl�sung. Mit der schriftlichen Niederlegung der Management- und Sicherheitsverfahren allein ist es aber nicht getan � Sie m�ssen die Gewissheit haben, dass Sie mit der gew�hlten L�sung auch alle Richtlinien und Vorschriften erf�llen, umsetzen und kontrollieren k�nnen. Das Ziel hei�t �Making IT Work As One!� Information

Congress: Identity Management & GRC Conference Istanbul 24.06. - 26.06.2009 , Istanbul/Turkey

ID-Conf Istanbul is the place to meet with enterprise technologists, thought leaders and experts to learn about, discuss and shape the market in most significant IT-Security related topics such as Identity Management, Governance, Risk Management and Compliance (GRC) and Service Oriented Architecture (SOA). With it�s world class list of speakers, a unique mix of best practices presentations, panel discussions, thought leadership statements and analyst views, ID-Conf Istanbul is an absolute must-attend event for enterprise IT leaders from all over Europe. Information

Congress: European Identity Conference 2009 05.05. - 08.05.2009 , Munich

With its world class list of 130+ speakers, a unique mix of best practices presentations, panel discussions, thought leadership statements and analyst views, EIC has become an absolute must-attend event for enterprise IT leaders from all over Europe. Information

Webinar: Wer war Root? 19.03.2009 , 14:00 - 14:45

Der Umgang mit privilegierten Benutzerkonten, wie beispielsweise "ROOT", birgt hohe Risiken. In diesem Webinar f�hren wir Sie in die Grundlagen des Privileged Account Management (PAM) ein und geben Ihnen wertvolle Praxistipps, wie Sie Ihr Netzwerk wirksam gegen interne und externe Bedrohung sch�tzen k�nnen. Information

Webinar: Fraud Prevention and Multi-factor Authentication 11.03.2009 , 17:00 - 17:45

In this webinar, Kuppinger Cole�s founder and principal analyst will give you an overview on the market for risk- and context-based, multi-factor authentication and authorization solutions for fraud detection, followed by Stefan Dodel, middleware solutions specialist at Oracle, who will talk about his experiences from numerous projects. Information

Webinar: Business Roles, Business Rules, Claims � What is it all about? (CANCELLED) 26.02.2009 , 17:00 CET, 4pm UTC

The webinar will discuss the questions and outline the future trends for business roles, business rules, and claims. Information

Webinar: Risk Management Trends 19.02.2009 , 17:00 CET, 4pm UTC

The webinar will discuss risk management trends as well as the evolution of the market for risk management tools. Information

Webinar: Reducing Compliance Costs through Risk-Based Segregation of Duties Management 12.02.2009 , 17:00 CET, 4pm UTC

In this Webinar, Kuppinger Cole�s Principal Analyst Martin Kuppinger will highlight the challenges of risk based segregation of duties management, and will discusses technology solutions for continuous monitoring that deliver affordable and effective compliance. Information

Seminar: Enterprise Identity Management Best Practices 26.11. - 27.11.2008 , M�nchen

In einer jungen Disziplin wie der des Identity Management ist es ganz besonders wichtig, sich regelm��ig �ber aktuelle Entwicklungen zu informieren und sich mit Projektverantwortlichen anderer Unternehmen auszutauschen. Diese 2-t�gige, von Martin Kuppinger moderierte Veranstaltung kombiniert Informationen zu aktuellen Trends mit Best Practices und der unabh�nigen, neutralen Expertise von Kuppinger Cole. Information

Conference: Governance, Risk Management & Compliance (GRC) Forum 2008 18.11. - 19.11.2008 , Frankfurt am Main

Je komplexer die IT-Infrastruktur, desto angreifbarer ist sie und desto h�her die Aufw�nde (und Kosten) f�r Compliance. F�r die erfolgreiche Einf�hrung einer unternehmensweiten GRC-Plattform ist es deshalb von entscheidender Bedeutung, einerseits deren Fundament in Form einer zukunftsorientierten Identity Management Strategie darauf auszulegen, aussagekr�ftige Informationen zur Verf�gung zu stellen, und andererseits durch einen Risk-orientierten Compliance-Ansatz die Kunst der Beschr�nkung auf das Wesentliche zu �ben. Die Kuppinger Cole Governance, Risk Management & Compliance (GRC) Jahresveranstaltung 2008 fokussiert Strategien und Vorgehensweisen, Technologien und Werkzeuge, die Ihre Unternehmensf�hrung in die Lage versetzen, wettbewerbs- und kostenrelevante Entscheidungen in Kenntnis aller wesentlichen Informationen und Risiken zu treffen - ohne dass Ihre Compliancekosten ausufern. Information

Webinar: Trendstudie Rollenmanagement 13.11.2008 , 13:30 - 14:30

Die Beweggr�nde f�r die Einf�hrung eines unternehmensweiten Rollenmanagements sind sehr unterschiedlich. W�hrend es bei vielen Unternehmen h�ufig zun�chst um die Reduktion von Komplexit�t geht, stehen in anderen Unternehmen Compliance-Aspekte im Mittelpunkt. Entsprechend unterschiedlich ist die Herangehensweise an das Thema Rollen und h�ufig auch das Resultat. Kuppinger Cole f�hrt deshalb derzeit eine Umfrage unter Anwenderunternehmen durch, deren Ergebnisse in diesem Webinar pr�sentiert werden. Information

Webinar: Integration - die Zukunft des Risikomanagements 06.11.2008 , 15:00 - 16:00

Unterschiedliche Rogue Trading Vorf�lle und die Finanzmarktkrise haben es nochmals deutlich gezeigt: Das traditionelle Risikomanagement scheint nicht dazu geeignet zu sein, Unternehmen vor selbstvernichtendem Handeln zu bewahren. Einerseits war es im operativen Gesch�ft wohl h�ufig so, dass man glaubte, die Grunds�tze eines internen Risikomanagements zu Gunsten externer Ratings �ber den Haufen werfen zu k�nnen. Andererseits fehlte (und fehlt) ein ganzheitlicher Ansatz, der die Risiken nicht nur der wertsch�pfenden, sondern auch der nicht-wertsch�pfenden Prozesse aufdeckt und f�r Entscheidungsprozesse zug�nglich macht. Wie l��t sich ein unternehmensweit integriertes Risikomanagement umsetzen? Zu dieser Frage bieten wir Ihnen das folgende Webinar: Information

Webinar: Enterprise Role Management - die 5 wichtigsten Regeln 31.10.2008 , 14:00 - 15:00

Die Berechtigungsvergabe auf Basis von Business-Rollen ist ein wesentlicher Bestandteil des Identity Managements und wichtige Grundlage f�r eine GRC-Strategie. Ist das so? Geht es auch ohne? Fakt ist, dass sehr viele Projekte, bei denen das Rollenmanagement eine wichtige oder die Hauptrolle spielt, entweder aus Budget- und Zeitrahmen laufen, oder gar scheitern. In diesem Webinar sprechen wir �ber die 5 wichtigsten Regeln f�r ein erfolgreiches Enterprise Role Management. Information

Webinar: GRC Business Values 24.10.2008 , 13:00 - 14:00

Dieses Webinar f�hrt Sie in das Konzept einer GRC-Plattform ein und gibt Ihnen einen �berblick �ber die wichtigsten Kriterien f�r die Einf�hrung einer solchen Plattform. Information

Workshop: SOA Governance Best Practices 13.10.2008 , 09:00 - 17:00 , Stuttgart

F�r die Nachhaltigkeit einer Investition in eine serviceorientierte Architektur und zur Erf�llung der mit ihrer Einf�hrung verbundenen Erwartungen, wie beispielsweise ein Mehr an unternehmerischer Agilit�t, ist SOA Governance eine wesentliche Voraussetzung. Dieser Workshop bietet Ihnen die M�glichkeit, gemeinsam mit Martin Kuppinger in einer kleinen Gruppe eine auf Best Practices basierende Strategie f�r den Einstieg in SOA Governance zu erarbeiten. Information

Webinar: Kuppinger Cole Trend Report IAM and GRC 2009-2019 02.10.2008 , 15:00 - 16:00

During this webinar, Martin Kuppinger will present the key results of the Kuppinger Cole Trend Report IAM and GRC 2009-2019. Information

Conference: Identity Management Praxisforum 28.01. - 29.01.2008 , Frankfurt/Main

In einer jungen Disziplin wie der des Identity Management ist es ganz besonders wichtig, sich regelm��ig �ber aktuelle Entwicklungen zu informieren und sich mit Projektverantwortlichen anderer Unternehmen auszutauschen. Deshalb veranstalten wir gemeinsam mit dem Management Forum Starnberg das Identity Management Praxisforum. Diese 2-t�gige, von Martin Kuppinger moderierte Veranstaltung kombiniert Informationen zu aktuellen Trends mit Best Practices und der unabh�nigen, neutralen Expertise von Kuppinger Cole. Information

Seminar: Compliance needs Enterprise Role Management (ERM) 22.11.2007 , 09:00 - 17:00 , M�nchen

Dieser Workshop setzt sich mit der Entwicklung eines unternehmensweiten Rollenmanagements und der Evaluierung von Rollenmanagement-Produkten auseinander. Lernen Sie, wie IT-Rollen mit Prozessverantwortlichkeiten abgestimmt werden und diskutieren Sie die M�glichkeiten und Herausforderungen der unterschiedlichen Ans�tze. Breiten Raum nimmt die Diskussion �ber Erfahrungen, Ergebnisse und ?Lessons Learned? aus Unternehmen ein, die unternehmensweite Rollendefinitionen bereits durchgef�hrt haben. Information

Seminar: Governance, Risk, Compliance (GRC) & Identity Management 14.11.2007 , 09:00 - 17:00 , M�nchen

Das unternehmensweite Risikomanagement, das nachhaltige Steuern des Unternehmens durch Kodizes und Richtlinien (?Governance?) und das systematische Streben nach dem Einhalten externer und interner Regelwerke (?Compliance?) ver�ndern grundlegend die Anforderungen der Unternehmensf�hrung an IT-Infrastruktur und Anwendungen. Welchen Hintergrund diese ver�nderten Anforderungen haben, wie sie sich auf die IT auswirken und welche zentrale Rolle das Identity Management dabei spielt, zeigt Ihnen dieses Seminar auf. Information

Webinar: Die richtige Single Sign-on Strategie f�r mehr Sicherheit und IT-Compliance 26.10.2007 , 11:00 - 12:00

Die Einf�hrung von Single Sign-On Systemen wird in zunehmendem Ma�e von Compliance-Anforderungen beeinflusst. Bringt ein SSO-System zus�tzliche Risiken oder l��t sich damit eine Compliance-Strategie sogar vereinfachen? In diesem Webinar lernen Sie die unterschiedlichen SSO-Ans�tze innerhalb des Unternehmens, �ber die Unternehmensgrenzen hinweg und im Web kennen und deren Einflu� auf Ihre Compliance-Strategie. Information

EIC 2010 Sessions

Converging User-centric & Enterprise-centric IDs - a Conversation with Kim Cameron 05.05.2010 11:30-12:30 Dave Kearns, Network World Kim Cameron, Microsoft

View details

Past Conference Sessions

Re-Assessing IAM-Strategy in Turbulant Times - Cost Optimisation Approaches for IAM Initiatives 06.05.2009 10:30-11:30 John Hermans, KPMG

View details

Maximizing the Value of Identity Management 06.05.2009 15:00-16:00 Kari-Pekka Lifl�nder, Nokia

Presentation first suggests as the basis for Identity management value model the usage of Identity transactions. Identity transactions is defined as sum of rights requests + sum of amounts of rights delivered. Additionally, each transaction is given a euro sum value which results into tangible value delivered by IDM. The presentation next discusses the relevant parts of the role based access management model implementation that bring most value as based on the IDM value model. Discussed elements are e.g. different kind of approval flows, inherited membership approvals, privileges inheritance, delegated management of privilege and role structures, traceability of current permissions/permissions under approval or delivery/historical permissions, inheritance of the membership constraints in the role hierarchy, possibility to reconcile memberships with the target systems in case manual provisioning is used. View details

Governance, Risk, Compliance (GRC) & Identity Management (Session I) 25.04.2008 09:00-10:30 Dr. Horst Walther, Kuppinger Cole

View details

Active Directory Disaster Recovery Workshop (Session I) 25.04.2008 09:00-10.30 Gil Kirkpatrick, NetPro

In this workshop, leading directory services and identity management expert, Gil Kirkpatrick, will educate the audience on how to manage entitlements using Microsoft’s Identity Lifecycle Manager (ILM) II. Kirkpatrick will highlight the new functionality in ILM II including user and resource modeling, workflow, and provisioning. Further, he will cover resource discovery and classification, provide guidance around how to define access policies, and discuss the importance of proactive infrastructure management to ensure the environment’s long-term stability and continuity. View details

How Basel II and Euro-SOX affect Enterprise IT � of Finance Instiutions and other Companies 25.04.2008 09:00-10:30 Martin Kuppinger, Kuppinger Cole

Basel II and Euro SOX (the 8. EU auditing guideline) are amongst the most relevant compliance guidelines in Europe. The open question for most companies is how these guidelines might affect their business – and their IT. The workshop will provide an overview of these regulations and their impact on IT, the need for IT-based risk management and specific IT and Identity risk management. This will be discussed for the IT of finance institutions as well as for all the other companies, because Euro-SOX is relevant to all and Basel II, even while being a banking standard, affects the risk evaluation of corporations. View details

Governance, Risk, Compliance (GRC) & Identity Management (Session II) 25.04.2008 11:00-12:30 Dr. Horst Walther, Kuppinger Cole

View details

Active Directory Disaster Recovery Workshop (Session II) 25.04.2008 11:00-12:30 Gil Kirkpatrick, NetPro

View details

Identity Risk Metrics 25.04.2008 14:00-15:30 Martin Kuppinger, Kuppinger Cole Michael Kranawetter, Microsoft

There is no limit to the complexity of Identity Risk Management. But how to achieve results in an easy way? How to work with simple tools, starting with Excel, to measure risks (and not only risks, but performance indicators of Identity Management)? And how to interpret an use these results? Michael Kranawetter and Martin Kuppinger will introduce the idea of Identity Risk Management and the “how to” of an easy approach to this new concept. They will show how easy many of the Metrics can be obtained and how they can be used for business value argumentations, business impact analysis, as key performance indicators and in other ways. View details

The Role of Roles in Compliance � A Practical Approach 25.04.2008 14:00-15:30 Dr. Horst Walther, Kuppinger Cole Dr. Ron Rymon, CA Inc. Dr. Martin Kuhlmann, Omada Kevin Cunningham, SailPoint Darran Rolls, Sailpoint Peter Weierich, Voelcker Informatik Melvis Hadzic, Oracle

Enterprise role management is quickly becoming a critical technology for enabling organizations to verify and enforce regulatory policies and to audit the effectiveness of internal controls over user access. But due to complexity and marketplace confusion, many companies struggle to find an approach that delivers practical and timely results. This workshop is designed to help technical leaders adopt a pragmatic strategy for managing roles as part of a successful governance, risk management, and compliance initiative. SailPoint’s Chief Technology Officer, Darran Rolls, will provide an in-depth look at role management concepts and technologies. And, he’ll offer recommendations that can help organizations achieve practical benefits with roles. Points of discussion include: Introduction: What is role management? Business drivers and use cases for role management Where do roles fit in the world of compliance? How do compliance roles relate to provisioning roles? How... View details

Identity Risk Metrics 25.04.2008 16:00-17:30 Martin Kuppinger, Kuppinger Cole Michael Kranawetter, Microsoft

There is no limit to the complexity of Identity Risk Management. But how to achieve results in an easy way? How to work with simple tools, starting with Excel, to measure risks (and not only risks, but performance indicators of Identity Management)? And how to interpret an use these results? Michael Kranawetter and Martin Kuppinger will introduce the idea of Identity Risk Management and the “how to” of an easy approach to this new concept. They will show how easy many of the Metrics can be obtained and how they can be used for business value argumentations, business impact analysis, as key performance indicators and in other ways. View details

Medium Sized Companies 24.04.2008 10:30-11:30 J�rg Mauz, Ansmann AG

While the first wave of Identity Management implementations has been taking place mostly in large enterprises and discussions on RoI potentials delivered by these projects seem to sometimes be pretty controversial, the number of medium sized companies investing in Identity Management is on a sharp rise now. Jörg Mauz, who is CIO at Ansmann AG, a company with 300 employees, will show in this presentation, how he managed to make a successful move into a lean and feasible Identity Management infrastructure. View details

An Interview with Edge Zarrella 24.04.2008 10:30-11:30 Martin Kuppinger, Kuppinger Cole Egidio (Edge) Zarrella, KPMG

View details

Executing Identity and Access Management in an International Bank- and Insurance Company 24.04.2008 11:30-12:30 Dionysius Antonius Kotteman, ING Group

The presentation will cover ING's major project to define and roll - out identity management. It will list some experiences, good and bad, inluding Role Based Access. Added are the latest developments in ING with regard to building a Security Operations Centre; an opportunity to make a step in reducing risks in access security. View details

Business Roles - Methods and Tools 24.04.2008 14:00-15:00 John Hermans, KPMG

View details

IdM, SOA & IT-Governance 24.04.2008 14:00-15:00 Martin Kuppinger, Kuppinger Cole

Over the last years, Compliance has often been cited as the most important driver for Identity Management. But, honestly, it is IT Governance as one of the most important parts of Corporate Governance. Within IT Governance (and within the identity and access management), the scope shouldn’t be limited to either Enterprise Systems and core business processes or to the Identity Management level. Companies need an consistent approach for IT Governance which focuses on risks as well as compliance and which integrates SOAs, IAM and BPM (and may be BSM) to really fulfill the requirements. Martin Kuppinger will provide his thoughts on this topic within this session. View details

The Multi Year Journey of Implementing IAM within Deutsche Bank 24.04.2008 15:00-16:00 Berthold Kerl, Deutsche Bank AG

Starting with the complexity of Deutsche Banks organisation the presentation will explain how Deutsche Bank meets its regulatory requirements and synchronises with its control and efficiency related targets in the Identity and Access Management field. Best practice examples of IAM solutions will be covered: Such as db Legi which is one of the largest role based access management systems in the financial services industry. Another example is the project Gatekeeper which accomplished the recertification of over 150.000 accounts in 300 SOx relevant applications in record time. Gatekeeper involved more than 10.000 people across Deutsche Bank. As the destination of the journey the blueprint of the future state IAM governance landscape of Deutsche Bank will be outlined. View details

Provisioning, Entitlements 24.04.2008 15:00-16:00 David Hannaford, E.ON UK

Identity management isn’t just about security and cost, it can also deliver real business benefits. This presentation is based on the case study of the implementation at E.ON UK and the linking of this system to a European Identity Management system in E.ON Germany. It illustrates the key concepts of the implementation, where the value has been derived, and lessons learned during the implementation and subsequent operation and enhancement of the system. View details

Managing GRC - Introduction 23.04.2008 10:30-11:30 J�rg Asma, KPMG

View details

Identity Risk Management 23.04.2008 11:30-12:30 Marko Vogel, KPMG

Most of the companies have already set up or even implemented projects concerning Identity Management. But how is the status of Identity Management if looked at from a holistic perspective? Many companies are concerned with the level they have reached, where they have improvement potentials and how they can and should progress. Marko Vogel explains how KPMG determines the stage of maturity of the organisation's Identity Management based on the KPMG reference model. The presentation clarifies that an organisation needs a lot more that a tool to receive a mature Identity Management. It is shown how different aspects are assessed, such as guidelines, governance, management review, processes and controls, and how they will be assigned to standardised maturity degrees according to their development. The presentation also explains what needs to be done to reach higher maturity degrees and illustrates this with practical examples. In addition, a Use Case demonstrates how the results... View details

Kuppinger Cole GRC Solutions Market Report 2008 23.04.2008 14:00-15:00 Martin Kuppinger, Kuppinger Cole

In the GRC Solutions Market Segment Report 2008, KCP provides the first time ever an structured view on the GRC market and the vendors within, clustering the different approaches to give a practical guideline for selecting solutions in this evolving, multi-facetted market. KCP will also predict future developments in this market. View details

SAP Authorization Provisioning at E.ON 23.04.2008 15:00-16:00 Sven Wahler, E.ON IS

Due to an increased complexity of regulatory requirements such as IDW, GoBS, HGB, SOX and ISO, monitoring of critical authorizations within SAP has to be automated. Sven Wahler will show in his best practices presentation, how E.ON went through the process of implementing such a GRC tool. View details

Compliance as a Risk 23.04.2008 16:30-17:30 Oliver Eckel, bwin

View details