• Governance, Compliance & Risk
• SOA
• Business Information Management
• User Centric Identity
• Identity Federation
• Cloud Computing
• Unified Communications
• Mobile Identity
• Internet Scale Identity
• Identity Driven Security
• Context Based Authentication
• eHealth
• eGovernment
• Automotive & Manufacturing
• Finance

Kuppinger Cole News

• Sun unveils OpenSSO Express and Federated Access Manager
• Unfulfilled Promises on GRC – nothing else
• Mini-review of Microsoft “Zermatt”
• Felix Gaehtgens: Microsoft releases new "Zermatt" Identity Developer Framework
• 11.12.2008: Outsourcing Strategies, SaaS & Cloud Computing

Articles

Mike Small´s Keynote at EIC 2008 21.05.2008 Joerg Resch

If you put together 40 years of experience in computer industry, an extra portion of extra-dry British humor and excellent thought leadership, you´ll get the right mix to really understand, wether Security, Privacy and Trust are a mission impossible. Thank you Mike Small (CA) for this great keynote. Read the article

Marne Gordan´s Keynote at EIC 2008 21.05.2008 Joerg Resch

Marne´s brilliant keynote on the 32 Billion $ (2008) GRC Market. Talking about some famous examples in finance and health industries, she reminds us, that it is all about human behavior, when it gets down to the question, why GRC is so important. Read the article

GRC and Role Management 19.04.2008 Martin Kuppinger

GRC (Governance, Risk Management, Compliance) is amongst the most important emerging market segments in IT. KCP expects that there will be tools which integrate analysis, attestation, authorization management, risk management, and role management functionalities to provide an overall GRC solution which can be applied to all applications and all Compliance regulations which are relevant to any organization. Read the article

Identity Theft ? state of affairs 28.09.2007 Martin Kuppinger

Identity Theft is anything but new, but still an exigent as well as unsolved problem. Only recently, Reto Hartinger, initiator of internet-briefing-ch, told me about a rather glaring case of Identity Theft, described and discussed in detail in his blog Read the article

Role management - where is it heading? 15.07.2007 Martin Kuppinger

I am working on a comprehensive report on standard tools for Role Management and their vendors. This has long been an item on my to-do list, but only now it has gained top priority. The reason is of course that Role Management was a cutting-edge issue on KPC`s European Identity Conference. Read the article

Trends in Provisioning 05.07.2007 Martin Kuppinger

What will be ?the next big thing? of Identity Management? I think there will be two development steps both deserving to be described like this. Read the article

Identity Management and Business 05.07.2007 Martin Kuppinger

I always appreciate feedback on my newsletter articles ? especially positive feedback, of course. Recently I was able to do so twice: The first positive feedback concerned my article about Roles Management in one of our latest newsletters, the second referred to the text on Data Quality some time before. In both cases, I would like to add some important thoughts to the discussion. Read the article

The future of role management 29.06.2007 Martin Kuppinger

In connection with Identity Federation, a discussion repeatedly circulating about Role Management is being renewed. A closer look at the discussion, however, reveals as a main focus the question how to best model roles ? suggesting that no big change is in sight! Read the article

Governance automation 29.06.2007 Martin Kuppinger

Recently, the term Compliance Automation has become quite common. But ? as often with new terms ? a consistent comprehension of its meaning is still missing. In the following I would like to try a definition and a contextual placement. Read the article

Reports

Market Report: GRC 2008 19.04.2008 Martin Kuppinger €165.00

GRC (Governance, Risk Management, Compliance) is amongst the most important emerging market segments in IT. KCP expects that there will be tools which integrate analysis, attestation, authorization management, risk management, and role management functionalities to provide an overall GRC solution which can be applied to all applications and all Compliance regulations which are relevant to any organization.

Order the report

Events

Webinar: Die richtige Single Sign-on Strategie für mehr Sicherheit und IT-Compliance 26.10.2007 , 11:00 - 12:00

Die Einführung von Single Sign-On Systemen wird in zunehmendem Maße von Compliance-Anforderungen beeinflusst. Bringt ein SSO-System zusätzliche Risiken oder läßt sich damit eine Compliance-Strategie sogar vereinfachen? In diesem Webinar lernen Sie die unterschiedlichen SSO-Ansätze innerhalb des Unternehmens, über die Unternehmensgrenzen hinweg und im Web kennen und deren Einfluß auf Ihre Compliance-Strategie. Information

Seminar: Governance, Risk, Compliance (GRC) & Identity Management 14.11.2007 , 09:00 - 17:00 , München

Das unternehmensweite Risikomanagement, das nachhaltige Steuern des Unternehmens durch Kodizes und Richtlinien (?Governance?) und das systematische Streben nach dem Einhalten externer und interner Regelwerke (?Compliance?) verändern grundlegend die Anforderungen der Unternehmensführung an IT-Infrastruktur und Anwendungen. Welchen Hintergrund diese veränderten Anforderungen haben, wie sie sich auf die IT auswirken und welche zentrale Rolle das Identity Management dabei spielt, zeigt Ihnen dieses Seminar auf. Information

Seminar: Compliance needs Enterprise Role Management (ERM) 22.11.2007 , 09:00 - 17:00 , München

Dieser Workshop setzt sich mit der Entwicklung eines unternehmensweiten Rollenmanagements und der Evaluierung von Rollenmanagement-Produkten auseinander. Lernen Sie, wie IT-Rollen mit Prozessverantwortlichkeiten abgestimmt werden und diskutieren Sie die Möglichkeiten und Herausforderungen der unterschiedlichen Ansätze. Breiten Raum nimmt die Diskussion über Erfahrungen, Ergebnisse und ?Lessons Learned? aus Unternehmen ein, die unternehmensweite Rollendefinitionen bereits durchgeführt haben. Information

Conference: Identity Management Praxisforum 28.01. - 29.01.2008 , Frankfurt/Main

In einer jungen Disziplin wie der des Identity Management ist es ganz besonders wichtig, sich regelmäßig über aktuelle Entwicklungen zu informieren und sich mit Projektverantwortlichen anderer Unternehmen auszutauschen. Deshalb veranstalten wir gemeinsam mit dem Management Forum Starnberg das Identity Management Praxisforum. Diese 2-tägige, von Martin Kuppinger moderierte Veranstaltung kombiniert Informationen zu aktuellen Trends mit Best Practices und der unabhänigen, neutralen Expertise von Kuppinger Cole. Information

Conference: Governance, Risk Management & Compliance (GRC) Forum 2008 18.11. - 19.11.2008 , Frankfurt am Main

Die Kuppinger Cole Governance, Risk Management & Compliance (GRC) Jahresveranstaltung 2008 fokussiert Strategien und Vorgehensweisen, Technologien und Werkzeuge zur Verbesserung Ihrer GRC Ansätze, wobei Integration und Automatisierung im SAP-Umfeld im Mittelpunkt stehen. Information

Congress: European Identity Conference 2009 05.05. - 08.05.2009 , Munich

With more than 450 attendees from 23 countries, EIC is a major platform in Europe to create, support and foster the dialog between GRC and identity management thought leaders and users, but as well between thought leaders themselves, between Europeans and Americans, vendors, vendor partners and users, between open source initiatives and the market. Information

EIC 08 Sessions

Governance, Risk, Compliance (GRC) & Identity Management (Session I) 25.04.2008 09:00-10:30 Dr. Horst Walther, Kuppinger Cole + Partner

View details

Active Directory Disaster Recovery Workshop (Session I) 25.04.2008 09:00-10.30 Gil Kirkpatrick, NetPro

In this workshop, leading directory services and identity management expert, Gil Kirkpatrick, will educate the audience on how to manage entitlements using Microsoft’s Identity Lifecycle Manager (ILM) II. Kirkpatrick will highlight the new functionality in ILM II including user and resource modeling, workflow, and provisioning. Further, he will cover resource discovery and classification, provide guidance around how to define access policies, and discuss the importance of proactive infrastructure management to ensure the environment’s long-term stability and continuity. View details

How Basel II and Euro-SOX affect Enterprise IT – of Finance Instiutions and other Companies 25.04.2008 09:00-10:30 Martin Kuppinger, Kuppinger Cole + Partner

Basel II and Euro SOX (the 8. EU auditing guideline) are amongst the most relevant compliance guidelines in Europe. The open question for most companies is how these guidelines might affect their business – and their IT. The workshop will provide an overview of these regulations and their impact on IT, the need for IT-based risk management and specific IT and Identity risk management. This will be discussed for the IT of finance institutions as well as for all the other companies, because Euro-SOX is relevant to all and Basel II, even while being a banking standard, affects the risk evaluation of corporations. View details

Governance, Risk, Compliance (GRC) & Identity Management (Session II) 25.04.2008 11:00-12:30 Dr. Horst Walther, Kuppinger Cole + Partner

View details

Active Directory Disaster Recovery Workshop (Session II) 25.04.2008 11:00-12:30 Gil Kirkpatrick, NetPro

View details

Identity Risk Metrics 25.04.2008 14:00-15:30 Martin Kuppinger, Kuppinger Cole + Partner Michael Kranawetter, Microsoft

There is no limit to the complexity of Identity Risk Management. But how to achieve results in an easy way? How to work with simple tools, starting with Excel, to measure risks (and not only risks, but performance indicators of Identity Management)? And how to interpret an use these results? Michael Kranawetter and Martin Kuppinger will introduce the idea of Identity Risk Management and the “how to” of an easy approach to this new concept. They will show how easy many of the Metrics can be obtained and how they can be used for business value argumentations, business impact analysis, as key performance indicators and in other ways. View details

The Role of Roles in Compliance – A Practical Approach 25.04.2008 14:00-15:30 Dr. Horst Walther, Kuppinger Cole + Partner Dr. Ron Rymon, Eurekify Dr. Martin Kuhlmann, Omada Kevin Cunningham, SailPoint Darren Rolls, Sailpoint Peter Weierich, Voelcker Informatik Melvis Hadzic, Oracle

Enterprise role management is quickly becoming a critical technology for enabling organizations to verify and enforce regulatory policies and to audit the effectiveness of internal controls over user access. But due to complexity and marketplace confusion, many companies struggle to find an approach that delivers practical and timely results. This workshop is designed to help technical leaders adopt a pragmatic strategy for managing roles as part of a successful governance, risk management, and compliance initiative. SailPoint’s Chief Technology Officer, Darran Rolls, will provide an in-depth look at role management concepts and technologies. And, he’ll offer recommendations that can help organizations achieve practical benefits with roles. Points of discussion include: Introduction: What is role management? Business drivers and use cases for role management Where do roles fit in the world of compliance? How do compliance roles relate to provisioning roles? How... View details

Identity Risk Metrics 25.04.2008 16:00-17:30 Martin Kuppinger, Kuppinger Cole + Partner Michael Kranawetter, Microsoft

There is no limit to the complexity of Identity Risk Management. But how to achieve results in an easy way? How to work with simple tools, starting with Excel, to measure risks (and not only risks, but performance indicators of Identity Management)? And how to interpret an use these results? Michael Kranawetter and Martin Kuppinger will introduce the idea of Identity Risk Management and the “how to” of an easy approach to this new concept. They will show how easy many of the Metrics can be obtained and how they can be used for business value argumentations, business impact analysis, as key performance indicators and in other ways. View details

An Interview with Edge Zarrella 24.04.2008 10:30-11:30 Martin Kuppinger, Kuppinger Cole + Partner Egidio (Edge) Zarrella, KPMG

View details

Medium Sized Companies 24.04.2008 10:30-11:30 Jörg Mauz, Ansmann AG

While the first wave of Identity Management implementations has been taking place mostly in large enterprises and discussions on RoI potentials delivered by these projects seem to sometimes be pretty controversial, the number of medium sized companies investing in Identity Management is on a sharp rise now. Jörg Mauz, who is CIO at Ansmann AG, a company with 300 employees, will show in this presentation, how he managed to make a successful move into a lean and feasible Identity Management infrastructure. View details

Executing Identity and Access Management in an International Bank- and Insurance Company 24.04.2008 11:30-12:30 Dionysius Antonius Kotteman, ING Group

The presentation will cover ING's major project to define and roll - out identity management. It will list some experiences, good and bad, inluding Role Based Access. Added are the latest developments in ING with regard to building a Security Operations Centre; an opportunity to make a step in reducing risks in access security. View details

Business Roles - Methods and Tools 24.04.2008 14:00-15:00 John Hermans, KPMG

View details

IdM, SOA & IT-Governance 24.04.2008 14:00-15:00 Martin Kuppinger, Kuppinger Cole + Partner

Over the last years, Compliance has often been cited as the most important driver for Identity Management. But, honestly, it is IT Governance as one of the most important parts of Corporate Governance. Within IT Governance (and within the identity and access management), the scope shouldn’t be limited to either Enterprise Systems and core business processes or to the Identity Management level. Companies need an consistent approach for IT Governance which focuses on risks as well as compliance and which integrates SOAs, IAM and BPM (and may be BSM) to really fulfill the requirements. Martin Kuppinger will provide his thoughts on this topic within this session. View details

The Multi Year Journey of Implementing IAM within Deutsche Bank 24.04.2008 15:00-16:00 Berthold Kerl, Deutsche Bank AG

Starting with the complexity of Deutsche Banks organisation the presentation will explain how Deutsche Bank meets its regulatory requirements and synchronises with its control and efficiency related targets in the Identity and Access Management field. Best practice examples of IAM solutions will be covered: Such as db Legi which is one of the largest role based access management systems in the financial services industry. Another example is the project Gatekeeper which accomplished the recertification of over 150.000 accounts in 300 SOx relevant applications in record time. Gatekeeper involved more than 10.000 people across Deutsche Bank. As the destination of the journey the blueprint of the future state IAM governance landscape of Deutsche Bank will be outlined. View details

Provisioning, Entitlements 24.04.2008 15:00-16:00 David Hannaford, E.ON UK

Identity management isn’t just about security and cost, it can also deliver real business benefits. This presentation is based on the case study of the implementation at E.ON UK and the linking of this system to a European Identity Management system in E.ON Germany. It illustrates the key concepts of the implementation, where the value has been derived, and lessons learned during the implementation and subsequent operation and enhancement of the system. View details

Managing GRC - Introduction 23.04.2008 10:30-11:30 Jörg Asma, KPMG

View details

Identity Risk Management 23.04.2008 11:30-12:30 Marko Vogel, KPMG

Most of the companies have already set up or even implemented projects concerning Identity Management. But how is the status of Identity Management if looked at from a holistic perspective? Many companies are concerned with the level they have reached, where they have improvement potentials and how they can and should progress. Marko Vogel explains how KPMG determines the stage of maturity of the organisation's Identity Management based on the KPMG reference model. The presentation clarifies that an organisation needs a lot more that a tool to receive a mature Identity Management. It is shown how different aspects are assessed, such as guidelines, governance, management review, processes and controls, and how they will be assigned to standardised maturity degrees according to their development. The presentation also explains what needs to be done to reach higher maturity degrees and illustrates this with practical examples. In addition, a Use Case demonstrates how the results... View details

Kuppinger Cole GRC Solutions Market Report 2008 23.04.2008 14:00-15:00 Martin Kuppinger, Kuppinger Cole + Partner

In the GRC Solutions Market Segment Report 2008, KCP provides the first time ever an structured view on the GRC market and the vendors within, clustering the different approaches to give a practical guideline for selecting solutions in this evolving, multi-facetted market. KCP will also predict future developments in this market. View details

SAP Authorization Provisioning at E.ON 23.04.2008 15:00-16:00 Sven Wahler, E.ON IS

Due to an increased complexity of regulatory requirements such as IDW, GoBS, HGB, SOX and ISO, monitoring of critical authorizations within SAP has to be automated. Sven Wahler will show in his best practices presentation, how E.ON went through the process of implementing such a GRC tool. View details

Compliance as a Risk 23.04.2008 16:30-17:30 Oliver Eckel, bwin

View details