• Governance, Compliance & Risk
• SOA
• Business Information Management
• User Centric Identity
• Unified Communications
• Cloud Computing
• Identity Federation
• Internet Scale Identity
• Mobile Identity
• Identity Driven Security
• Context Based Authentication
• eHealth
• eGovernment
• Automotive & Manufacturing
• Finance

Kuppinger Cole News

• Back to the ROOTs
• Product Research Note: Blackbird Management Suite - 70402
• LinkedIn ? the next bad guy
• Evil, or just different
• 13.03.2012: Access Risks - from SAP to the Outer Space: an Identity & Access Governance Journey

Articles

Martin Kuppinger: How can IT keep a grip on mobile devices? 08.07.2011 Martin Kuppinger

Bring Your Own Device (or “BYOD” for short) is another IT hype word making the rounds nowadays, but it isn’t really all that new. Many employees have been bringing their smartphones or iPads to work for quite some time now, with the company’s explicit or implicit consent – at least as long as access with such devices hasn’t be fully blocked. IT departments worry increasingly about how to control the proliferation of privately owned mobile devices, but they’re missing the real point. Read the article

Martin Kuppinger: Access Governance Sets the Stage for Information Security and Compliance 25.01.2011 Martin Kuppinger

Rights Management may not exactly be something new, but the rising demands from internal and external auditors are putting it back in center stage. Organizations are being forced to adopt systematic, open and replicable processes for creating, assigning, and monitoring rights within their systems, not only to ease the admins’ workloads, but also to achieve their compliance goals. Read the article

Martin Kuppinger: GRC and IT Security - where is the link? 18.02.2010 Martin Kuppinger

GRC became one of the really hot topics in business and IT, especially in larger organizations, over the course of the last few years. However, there is a lot of confusion about the terms associated with GRC. In many organizations, few people have a clear view of what GRC involves and requires, and few organizations have an organizational structure for GRC with clearly defined responsibilities. Of these organizations, many have limited their GRC initiatives either to some aspects like “business only”, “risk only” or “IT only”. Read the article

Martin Kuppinger: Why CIO should put GRC on the New Year’s resolution list 30.12.2009 Martin Kuppinger

GRC (Governance, Risk Management, Compliance) is one of the best-known and least understood buzzwords in IT today. As is too often the case, a variety of stakeholders have seized on the expression and defined it any way they choose. Nevertheless, GRC belongs right up there on your list of New Year’s resolutions because it is (or should be) an essential part of overall IT strategy. Read the article

Martin Kuppinger: How to fight „GRC Anarchy“ 19.10.2009 Martin Kuppinger

GRC (Governance, Risk Management, Compliance) has become a leading issue not only for IT professionals, but for senior management as well. However, it isn’t always clear who’s in charge. Responsibility for GRC is set to become a major issue in the coming months.. Read the article

Martin Kuppinger: GRC – a heavily segmented market 01.10.2009 Martin Kuppinger

GRC – Governance, Risk Management, Compliance. A typical buzzword, but well established right now. However, the problem of all emerging markets associated with a buzzword arises here as well: There are many different vendors with different types of offerings, all claiming to solve the GRC problem. But: The GRC problem has many facets and is (beyond “we have to manage risk, we have to be compliant”) largely undefined. We’ll publish a report these days on a GRC reference architecture followed by, probably in early November, a market segmentation report, placing vendors in one or more appropriate segments. Like every valid and successful emerging market, GRC will move from a large set of different solutions towards a market with some well defined segments of vendors. Read the article

Martin Kuppinger: Compliance as a risk? 02.04.2009 Martin Kuppinger

GRC (Governance, Risk Management, and Compliance) has become a core issue for any CIO over the course of the last few years. SOX brought popularity to IT compliance – and nowadays everyone seems to talk about GRC. But sometimes, the approaches chosen seem to increase risk instead of mitigating it. Read the article

Martin Kuppinger: The need for a holistic approach to IAM, GRC, DLP, PAM, and IRM 04.03.2009 Martin Kuppinger

IT is very well-known for first its ability to create three-letter acronyms and second the mix-up of different marketing terms, leading to overlapping and sometimes pretty unclear market segments. Besides, many vendors try to convince people that their (and only their) solution is sort of the holy grail for all problems. Read the article

Martin Kuppinger: Enterprise Role Management 16.12.2008 Martin Kuppinger

The Kuppinger Cole definition of generic GRC tools which support a consistent platform approach to GRC requirements, includes role management capabilities as one of the core functional areas. To efficiently implement GRC, organizations should consider an enterprise role management approach. Read the article

Felix Gaehtgens: ArisID is born – a next generation Identity Framework for Developers 15.12.2008 Felix Gaehtgens

The Liberty Alliance has announced the availability of ArisID and Project Aristotle. In a recent Webcast, Oracle’s Phil Hunt presented ArisID and demonstrated its usefulness to software developers. This innovation makes it easier to develop applications that are becoming increasingly less dependent on where identity information is stored, making applications easier to deploy in an identity management infrastructure. Read the article

Martin Kuppinger: The need for an integrated risk management 27.11.2008 Martin Kuppinger

During our GRC Forum 2008 which we’ve held in Frankfurt, one of the important discussions was around the way risk management should be implemented. There was broad agreement on the thesis that IT Risk Management and Enterprise Risk Management can’t be separated – at least not beyond the part which deals with strategic risks. Read the article

Martin Kuppinger: Governance, Risk Management, Compliance 20.10.2008 Martin Kuppinger

GRC (Governance, Risk Management, Compliance) is presently a core topic for every mid-sized and large organization. The number of regulations is growing. Auditors are focusing on Corporate Governance and IT Governance, are asking for risk managements and are looking on access controls and other specific IT aspects. Read the article

Martin Kuppinger: Trend Report IAM and GRC 2009-2019 29.09.2008 Martin Kuppinger

Investments in IAM and GRC have to solve current needs - but what about the future? With IAM and GRC building the cornerstones of a holistic security infrastructure, decisions within these areas are fundamentally influencing corporate IT and therefore should remain valid beyond a scope of some two or five years from now. For sure, things will change and technologies will evolve. But there are trends which can help in supporting decisions on IAM and GRC investments and reducing the risk of these decisions. Read the article

MARTIN KUPPINGER: GRC – one needs it 12.08.2008 Martin Kuppinger

It is presently discussed, especially in USA, whether GRC (Governance, Risk Management, Compliance) or to be exact, standardized solutions are more significant for GRC. It is interesting to note the blog-contributions from Archie Reed, HP on this. I also commented on the same in one of my current blog-contributions. Read the article

Mike Small´s Keynote at EIC 2008 21.05.2008 Joerg Resch

If you put together 40 years of experience in computer industry, an extra portion of extra-dry British humor and excellent thought leadership, you´ll get the right mix to really understand, wether Security, Privacy and Trust are a mission impossible. Thank you Mike Small (CA) for this great keynote. Read the article

Marne Gordan´s Keynote at EIC 2008 21.05.2008 Joerg Resch

Marne´s brilliant keynote on the 32 Billion $ (2008) GRC Market. Talking about some famous examples in finance and health industries, she reminds us, that it is all about human behavior, when it gets down to the question, why GRC is so important. Read the article

GRC and Role Management 19.04.2008 Martin Kuppinger

GRC (Governance, Risk Management, Compliance) is amongst the most important emerging market segments in IT. KCP expects that there will be tools which integrate analysis, attestation, authorization management, risk management, and role management functionalities to provide an overall GRC solution which can be applied to all applications and all Compliance regulations which are relevant to any organization. Read the article

Identity Theft ? state of affairs 28.09.2007 Martin Kuppinger

Identity Theft is anything but new, but still an exigent as well as unsolved problem. Only recently, Reto Hartinger, initiator of internet-briefing-ch, told me about a rather glaring case of Identity Theft, described and discussed in detail in his blog Read the article

Role management - where is it heading? 15.07.2007 Martin Kuppinger

I am working on a comprehensive report on standard tools for Role Management and their vendors. This has long been an item on my to-do list, but only now it has gained top priority. The reason is of course that Role Management was a cutting-edge issue on KPC`s European Identity Conference. Read the article

Trends in Provisioning 05.07.2007 Martin Kuppinger

What will be ?the next big thing? of Identity Management? I think there will be two development steps both deserving to be described like this. Read the article

Identity Management and Business 05.07.2007 Martin Kuppinger

I always appreciate feedback on my newsletter articles ? especially positive feedback, of course. Recently I was able to do so twice: The first positive feedback concerned my article about Roles Management in one of our latest newsletters, the second referred to the text on Data Quality some time before. In both cases, I would like to add some important thoughts to the discussion. Read the article

The future of role management 29.06.2007 Martin Kuppinger

In connection with Identity Federation, a discussion repeatedly circulating about Role Management is being renewed. A closer look at the discussion, however, reveals as a main focus the question how to best model roles ? suggesting that no big change is in sight! Read the article

Governance automation 29.06.2007 Martin Kuppinger

Recently, the term Compliance Automation has become quite common. But ? as often with new terms ? a consistent comprehension of its meaning is still missing. In the following I would like to try a definition and a contextual placement. Read the article

Reports

Advisory Note: Avoiding Lock-in and Availability Risks in the Cloud - 70171 06.10.2011 Mike Small €295.00

Cloud computing provides an opportunity for organizations to optimize the procurement of IT services from both internal and external suppliers. The Cloud is not a single model but covers a wide spectrum ranging from applications shared between multiple tenants to virtual servers used by a single customer. The risks associated with Cloud computing depend upon both the service model and the delivery model adopted. This document focuses on two specific risks – availability and lock-in. A major objective of IT services is that systems, applications and data are available to authorized users when and where they are needed. Benefits of the Cloud are that, because of its scale, it can potentially deliver services that are more resilient to failure, and more responsive to changing levels of demand. However adopting Cloud computing necessarily cedes some control of some of the IT infrastructure to the Cloud Service Provider (CSP). So how can an organization adopting the Cloud make...

Order the report

Advisory Note: From Identity and Access Solutions to Access Governance - 70318 22.09.2011 Mike Small €295.00

The need to identify users, control what they can access and audit their activities is fundamental to information security. Over the past decade there has been a tsunami of identity and access management technology designed to provide a solution to these needs. However many organizations have not realised the benefits expected from the application of this technology, because they have taken a technology led approach rather than one based on governance. In addition – the move to outsourcing and the Cloud means that technology and some processes are no longer under direct control. While management implements technology and executes processes, governance sets the policies, procedures, practices and organizational structures that ensure the execution of strategic goals. Identity and access governance sets the framework within which identity and access technology and processes are implemented. By shifting the focus to control rather than execution, governance is also the ideal...

Order the report

Product Research Note: CrossIdeas IDEAS - 70271 14.09.2011 Martin Kuppinger €195.00

CrossIdeas is a European vendor based in Italy specializing in Access Governance, Dynamic Authorization Management, and IAM. Formerly known as Engiweb Security, the company was renamed following a management buy-out and operates today as an independent software vendor in their core market segments. Like its predecessor, CrossIdeas is a one-product company, focusing entirely on their “IDEAS” platform which is built around role management, authorization management, and other core identity-related features. KuppingerCole feels that the product is well positioned as an accepted solution in the market for Access Governance platforms. It also provides support for   Dynamic Authorization Management (also sometime referred to as Entitlement Management), which we see as a strength and unique value proposition.

Order the report

Advisory Note: IAM and GRC Market Evolution 2011/2012 - 70180 09.06.2011 Martin Kuppinger €95.00

IAM and GRC are two of today’s most important IT market segments. Increasing regulatory pressures, as well as the ability to execute, drive the evolution of these market segments. KuppingerCole has recently scrutinized these segments, looking at the expected changes related to market growth, maturity, and cloud readiness. We expect to see significant changes within these market segments, with some of the newer technology sectors massively gaining momentum. In addition, this research note looks at the impact of investments in IAM, GRC, and some other key technology areas on the cost and the ability to execute of IT departments and organizations overall.

Order the report

Snapshot: alfabet planningIT IT Risk Management - 70380 24.05.2011

planningIT is a platform for Business IT Management developed and offered by the German software manufacturer alfabet. planningIT has a number of modules and capabilities, but in the context of this snapshot we will confine ourselves to examining the IT Risk Management module which allows customers to perform IT Risk Management in a business-driven manner.

Download

Advisory Note: IAM and GRC Market - the Evolution in 2011/2012 - 70180 10.05.2011 Martin Kuppinger €95.00

IAM and GRC are two of today's most important IT market segments. Increasing regulatory pressures, as well as the ability to execute, drive the evolution of these market segments. KuppingerCole has recently scrutinized these segments, looking at the expected changes related to market growth, maturity, and cloud readiness. We expect to see significant changes within these market segments, with some of the newer technology sectors massively gaining momentum. In addition, this research note looks at the impact of investments in IAM, GRC, and some other key technology areas on the cost and the ability to execute of IT departments and organizations overall.

Order the report

Advisory Note: Database Governance - 70102 15.03.2011 Martin Kuppinger €95.00

Database Governance is the set of policies, procedures, practices and organizational structures ensuring the execution of database related activities in an organization according to defined strategies and controls. Database Governance is required to enforce Information Security for structured data held in databases. Within Enterprise GRC, Database Governance is an element of IT GRC. Enterprise GRC starts with Corporate Governance, e.g. the general, enterprise-wide policies and the focus on strategic risks. Business GRC with its focus on operational risks is the second element (or layer). However, automated controls for many of the operational and even strategic risks require IT – that’s where Database Governance comes into play as one of the major elements of IT GRC. KuppingerCole strongly recommends defining a Database Governance approach in the context of enterprise-wide GRC initiatives, based on the same approaches as for policies, controls, processes, and...

Order the report

Business Report: GRC Market Structure 02.05.2010 Martin Kuppinger €165.00

GRC stands for Governance, Risk Management, Compliance. It is used to describe Information Tech-nology which supports these specific business requirements. This report provides a segmentation of the overall GRC market with its different elements, from the C-level dashboards down to technical elements which are required to provide information for automated controls and the automated re-mediation in case that defined thresholds of controls aren’t met. The core elements are Business GRC Operational GRC Generic IT GRC and CCM (Continuous Controls Monitoring) Specialized IT GRC tools Technical “support” tools We recommend drawing a big picture as target for an integrated GRC view, like the Enterprise GRC architecture shown in this report. This can act as the guideline for GRC initiatives across the entire organization – and it addresses some specific project risks, especially because it mandates interoperability between different elements within this...

Order the report

Product Report: SAP Business Objects GRC Access Control 15.04.2010 Sachar Paulus €95.00

The SAP BusinessObjects GRC Access Control (in short AC) solution is a powerful set of tools that help to automate risk analysis and mitigation for user and authorization management in SAP and non-SAP systems. It is a strong product for the SAP ABAP world, and is able to cover non-SAP systems using real-time adapters from Greenlight. It covers a substantial subset of the overall GRC requirements – it provides a leading-edge solution for SAP environments, which are at the centre of many IT environments and is able to perform as a realtime cross-platform solution. The core of the product suite - Risk Analysis and Remediation (RAR) - is the most valuable part and helps effectively to reduce risks in ABAP-based SAP systems - and correspondingly in the implemented business processes - mostly by the set of predefined risks delivered with the product. RAR also supports non-SAP systems in real time due to the risk definition at business process level and the mapping to...

Order the report

Technology Report: Access Governance Architectures 23.03.2010 Martin Kuppinger €165.00

Access Governance is about the governance and management of access controls in IT systems and thus about mitigating access-related risks. These risks include the theft of information, fraud through changing information, and the abuse of IT systems for example in banking for illegal actions, to name just a few. The large number of prominent incidents within the last few years proves the need to address these issues – in any industry. There is an increasing number of tools for Access Governance. However, the implementation has to be well-thought, given that there are many different architectural approaches for Access Governance. It is no surprise that the vendors of Access Governance tools tend to position their tools as the core element of at least the IT GRC infrastructure. From the KuppingerCole perspective, the role shouldn’t be overhyped. Access governance is important with respect to the high relevance of access risks. However, Access Governance might be...

Order the report

Overview Report: A GRC Reference Architecture 05.10.2009 Sachar Paulus €195.00

Governance, Risk & Compliance - these three terms, in short "GRC" are pretty widely used in these days. Unfortunately, there is great confusion in how this term is used. The reason for this confusion is with high probability the fact that it allows to sell pretty easily all kind of technology under the umbrella of "Risk" and "Compliance" solutions. But there are very precise areas that GRC should cover, and other that it shouldn't, for example "IT-GRC", the area of tools and methodologies to assure internal control within IT operations, should be part of it, but "Financial Risk" - a core activity of the financial department - shouldn't. This report aims to clarify the term GRC by defining a reference architecture, what exactly should be part of a GRC framework and how the different parts interact. It looks at GRC from a company-wide point of view, assembling all activities that have a certain internal control nature, yet...

Order the report

Market Report: GRC 2009 02.05.2009 Martin Kuppinger €165.00

GRC (Governance, Risk Management, Compliance) is amongst the most important emerging market segments in IT. Kuppinger Cole observes an trend towards tools which integrate analysis, attestation, authorization management, risk management, Segregation of Duties controls, and role management functionalities to provide an overall GRC solution with focus on access controls and authorization which can be applied to all applications and all compliance regulations which are relevant to any organization in a first step. Beyond that we expect to see more complete GRC solutions which cover other aspects as well like the management of security events and incidents or availability and business continuity, to fully support the requirements on IT Governance. Beyond that we as well expect advancements in the integration of enterprise-driven approaches, mainly for risk management (Enterprise Risk Management, ERM) and IT-driven approaches, e.g. IT Risk Management (IRM). Today there are partial...

Order the report

Vendor Report: IBM’s IAM and GRC offerings 27.03.2009 Martin Kuppinger €95.00

IBM is amongst the vendors which have entered the IAM market early. Right now, IBM can deliver in most areas of the IAM market, with only few missing elements in their overall portfolio. In the GRC market, the current focus of IBM is more towards SIEM-related GRC issues and log analysis, whilst IBM offers no specific platform for IAM-GRC. Anyhow, we expect IBM to be able to provide solutions through partnerships if required. Besides this, the approach chosen by IBM positions the company pretty well for the emerging trend towards GRC platforms which support any aspect of GRC require-ments and which aren’t limited to the IAM-related parts of GRC (e.g. access/authorization analysis and management). Given that IBM has entered the market early, IBM can provide a relatively mature software portfolio for IAM, with some recent additions like their Enterprise Single Sign-On solution and some new inte-grations for example between Enterprise Single Sign-On and the Tivoli Federated...

Order the report

Business Report: Key Risk/Performance Indicators IAM and GRC 09.02.2009 Martin Kuppinger €165.00

The concept of Key Performance Indicators is well established at the corporate level, using scorecards as a tool for a quick overview on the progress of organizations. Key Risk Indicators add risk metrics to that view, relating the progress of indicators to changes in risks. The report provides 25 selected Key Risk Indicators (KRI) for the area of IAM and GRC. These indicators are easy to measure and provide a quick overview of the risk status and its changes for organizations. The indicators can be combined in a risk scorecard which then can be continuously used in IT management and corporate management. Kuppinger Cole strongly recommends using KRI concepts as tool within IT and specifically IAM and GRC. Many KRIs are easy to use and provide quick results. Thus, risks can become a key control for IT, providing insight in risks and support decisions on IT investments.

Order the report

Trend Report: Enterprise Role Management 16.01.2009 Martin Kuppinger €125.00

Enterprise Role Management describes an enterprise-wide approach for defining role models and roles for every type of system which requires roles, going beyond IAM and GRC requirements. Within that concept, there are typically three levels of roles, which we define as Business Roles, IT-functional Roles, and System-level Roles. These concepts are accepted and implemented by an increasing number of organizations. The report provides, beyond some numbers on the role management market, guidelines for imple-menting Enterprise Role Management successfully. The information in this report is based on a survey Kuppinger Cole has run in November/December 2008 amongst role management responsible from organizations of any size and on the current, ongo-ing research of Kuppinger Cole.  

Order the report

KCP Webinar Identity Management und GRC - Trends 2009-2019 10.10.2008 Martin Kuppinger €1.00

This document is only available to our subscribed customers. If you have a subscription, please log in to download it.

Order the report

Trend Report IAM and GRC 2009-2019 24.09.2008 Martin Kuppinger €295.00

Order the report

Market Report: GRC 2008 19.04.2008 Martin Kuppinger €165.00

GRC (Governance, Risk Management, Compliance) is amongst the most important emerging market segments in IT. KCP expects that there will be tools which integrate analysis, attestation, authorization management, risk management, and role management functionalities to provide an overall GRC solution which can be applied to all applications and all Compliance regulations which are relevant to any organization.

Order the report

Events

Congress: European Identity & Cloud Conference 2012 17.04. - 20.04.2012 , Munich, Germany

With its world class list of speakers, a unique mix of best practices presentations, panel discussions, thought leadership statements and analyst views, EIC has become an absolute must-attend event for enterprise IT leaders from all over Europe. Information

Webinar: Access Governance richtig gemacht: Investitionsschutz und zielgerichtete Weiterentwicklung 28.02.2012 , 11:00 Uhr

Access Governance – dieser Begriff steht für Lösungen, mit denen sich Zugriffsrechte besser steuern und kontrollieren lassen. Die regelmäßige Re-Zertifizierung und damit Überprüfung von Zugriffsberechtigungen gehört ebenso dazu wie analytische Funktionen für den Status von Zugriffsberechtigungen und Rollenmanagement-Funktionen. Die Lösungen müssen aber auch das Management von Zugriffsberechtigungen mit einfachen Bestellfunktionen für Berechtigungen durch Endanwender und damit auch eine gute Integration mit bestehenden Provisioning-Systemen unterstützen. Nur mit einem vollständigen Kreislauf von der Anforderung bis zur Validierung von Berechtigungen kann eine kontinuierliche, vollständige Governance für Berechtigungen erreicht werden. Information

Webinar: Risk. The New Compliance 01.12.2011 , 16:00 CET / 7:00am PT / 10:00am ET / 3:00pm GMT

For many years complying with government standards and industry regulations has been seen as a check box in the lengthy list of IT security tasks. However, most recent changes in the ecosystem (e.g., increased cyber security threats) have led to a rethinking of this approach. More and more organizations realize that instead of looking at Governance, Risk, and Compliance from a centralized perspective, it is more efficient to let business operations drive these efforts as that's where the organization's risk knowledge resides. Join this webcast where we reveal how to tackle risk and its associated controls by business unit and how to automate your efforts. Information

Webinar: Access Governance: Identity Management aus dem Business für das Business 22.11.2011 , 16:00 Uhr

Verantwortung kann nicht delegiert werden. Es sind die Mitarbeiter der Fachabteilungen, die gegenüber Aufsichtsorganen, Prüfern und Justiz in der Verantwortung stehen und letztlich auch in die Haftung genommen werden. Alleine schon deshalb (aber natürlich auch, weil sie näher am Prozess sind und es deshalb besser können) muß ein modernes Identity Management fachabteilungstauglich sein. Identity & Access Governance. In diesem Webinar beschreibt zunächst Martin Kuppinger, worauf es ankommt, wenn man seine Identity Infrastruktur den Fachabteilungen als Service zur Verfügung stellt. Danach beschreiben Detlef Sturm von Beta Systems und Christian Himmer von Finanz Informatik Technologie Service gemeinsam ein erfolgreiches Projekt aus der Finanzbranche. Information

Webinar: Why Access Governance Moves the Risk and Reward Balance in your Favour 15.11.2011 , 12:00 CET / 11:00am GMT

In this webinar, KuppingerCole´s Principal Analyst Martin Kuppinger will describe, how to reduce business risks through transferring responsibility for defining, maintaining and auditing information security policies and access rules from IT to those business divisions which actually need these policies to do their job. Following to Martin´s presentation, Quest Software´s Phil Allen will show practical approaches and best practices implementing such an Access Governance program. Information

Webinar: The Clock is Ticking: Rethink PCI 2.0 Compliance 03.11.2011 , 8:00am PT / 11:00am ET / 3:00pm GMT / 16:00 CET

The time when you will ultimatively have to demonstrate PCI DSS 2.0 compliance is getting closer now. We therefore would like to invite you to join us in this webinar to have a look at how you can certify fast and at reasonable cost. Don´t miss this webinar and its great speaker lineup: KuppingerCole´s Senior Analyst Dave Kearns, Tom Arnold from Payment Software Company, who is one of the leading Qualified Security Assessors in the world, and Dr. Torsten George from Agiliance. Information

Webinar: IdM in der Praxis: Urlaubs- und Krankheitsvertretungen einfach und sicher verwalten 25.10.2011 , 15:00 Uhr

Sie sind hoffentlich gut erholt und wohl behalten zurück aus Ihrem Urlaub? Dann wünschen wir Ihnen, dass Ihre Vertretung gute Arbeit geleistet hat und Ihr Erholungseffekt nicht alsbald durch liegen gebliebene Arbeit aufgezehrt wird. Gute Arbeit kann eine Vertretung allerdings nur dann wirklich leisten, wenn sie dieselben Zugriffsrechte und Systemberechtigungen hat wie Sie. Wie man dies auf einfache und nachvollziehbare Art und Weise erreichen kann, ohne dass Sie Ihre Passworte weitergeben müssen, das erfahren Sie in diesem Webinar. Information

Workshop: Risiko- und Schutzbedarfsanalysen im Cloud Computing 12.10.2011 , 09:00 - 13:00 , Nürnberg

Wertvolles Expertenwissen zum Kernthema Cloud Security bietet Ihnen dieser halbtägige Intensiv-Workshop, den wir Ihnen während der IT-Security Messe it-sa 2011 (11.-13. Oktober 2011, Halle 12 auf dem Nürnberger Messegelände) bieten. Als Teilnehmer dieses Workshops erhalten Sie eine kostenfreie Eintrittskarte zur IT-Security Messe it-sa 2011. Information

Webinar: Integrating Access Governance and Entitlement Management 22.09.2011 , 16:00 CEST / 7:00am PT / 10:00am ET

Under the impact of the worldwide financial services crisis and the resulting recession in major Western markets have put pressure on governments to introduce new legislation to alleviate the danger of a reoccurrence. However, new oversight regulations always tend to add complexity. For example, the new US Dodd-Frank Act is 6 times the size of its predecessor, the 2002 Sarbanes Oxley Act. Responding to these new set of laws forces enterprises and organizations to improve the transparency and flexibility of their access governance procedures. In this webinar, we will explore the diverse drivers and new that are shaping the evolution of access governance strategies, as well as discussing how they can be implemented within a dynamic authorization management environment. Information

Webinar: Game On: Managing Multi-Regulatory Compliance 15.09.2011 , 16:00 CEST / 7:00am PT / 10:00am ET

In this webinar, KuppingerCole's co-founder and Principle Analyst Martin Kuppinger will give you an overview on how to stay compliant in a multi-regulatory environment. Followed by Martin, Cognosec CEO Oliver Eckel will reveal best practices of managing compliance in today's multi-regulatory world. Information

Congress: European Identity Conference 2011 10.05. - 13.05.2011 , Munich

With its world class list of speakers, a unique mix of best practices presentations, panel discussions, thought leadership statements and analyst views, EIC has become an absolute must-attend event for enterprise IT leaders from all over Europe. Information

Webinar: Identity Management, Access Governance und Datenschutz: Sind Sie auf der sicheren Seite? 24.03.2011 , 10:00 Uhr

Datenschutz - ein notwendiges Übel? In zahlreichen Unternehmen ist dieses Thema auch heute in der Tat noch eine Randerscheinung, obwohl mit der gesteigerten öffentlichen Wahrnehmung und damit einher gehenden Sensibilisierung jeder bekannt werdende Verstoß zu einer fundamentalen Schädigung der Substanz Ihres Unternehmens führen kann. Dieses Webinar hilft Ihnen dabei, den Datenschutz wirksam und effizient in Ihrem Unternehmen zu verankern. Information

Webinar: Database Governance – How to Put the Right Controls in Place to Protect your Data 15.03.2011 , 3pm CET, 10am EST

In this webinar, Martin Kuppinger will, for the first time ever, introduce the concept of Database Governance, the reasons why you should do that and the connection to Governance initiatives as well as Database Security technologies. He will as well talk about the areas where new conceptual and technical approaches will be required. Roxana Bradescu of Oracle then will talk about practical approaches to make Database Governance work today – to enhance your level of protection of the valuable information assets. Information

Webinar: Recent Trends and Best Practices in Internal Audit Management for Better Business Performance 10.03.2011 , 11:00am CET

Internal Audit (IA), traditionally a vehicle preserving assets and ensuring compliance, has been expanding it´s scope into a means for business process improvement and operational excellence, while at the same time it has to cope with an increasing number of high-impact risks. The challenge is, to shift course from IA´s asset preserving role to a new, value creation focused role. In this webinar, Martin Kuppinger will talk about this paradigm shift in IA, how it can be aligned more closely to your company´s strategies, and how an up-to-date Enterprise GRC strategy will help you to create value through IA. Followed by Martin, Dominic Pereira from MetricStream will present some recent Best Practices. Information

Webinar: Externalize Authorization - XACML and Beyond 03.03.2011 , 18:00 CET, 12:00 EST

Externalizing and centralizing authorization from applications has recently gained momentum, as related standards like XACML have matured and experiences shared by early adopters have been positive. Obviously, potential benefits from a standardized method for authorization are tremendous. KuppingerCole Research therefore has defined a clear focus in the area of centralized authorization, monitoring the market and analyzing best practices. In this webinar, Martin Kuppinger will give an update on his recent findings and he will discuss with Doron Grinstein, CEO at authorization and XACML pioneer Bitkoo, on how to best include centralized authorization into your existing infrastructure. Information

Webinar: Mehr Informationssicherheit durch effizientes Berechtigungsmanagement 18.02.2011 , 10:00 Uhr

Es gibt eine ganze Reihe von Gründen, warum das Thema Berechtigungsmanagement aktuell in der Unternehmenspraxis eine große Rolle spielt. Einerseits, weil es die Basis bildet für den Umgang mit Informationsrisiken (Stichwort Wikileaks), andererseits aber natürlich auch, weil es bei vielen Unternehmen Nachholbedarf gibt, um einen besseren Überblick über Berechtigungen zu bekommen und aus einem bisher eher mühseligen Geschäft mit Hilfe zeitgemäßer Werkzeuge Einsparpotenziale zu erschließen. Mit diesem Webinar bieten wir Ihnen die Möglichkeit, sich zu aktuellen Trends und Entwicklungen im Bereich Berechtigungsmanagement zu informieren. Information

Webinar: The Business Value of Log Management Best Practices 26.01.2011 , 3pm (CET), 2pm (UK)

Although log management recently has been gaining more attention as a key element of any information security strategy, many even large organizations have not yet developed and implemented log management best practices. In this webinar, Kuppinger Cole´s Pricipal Analyst Martin Kuppinger will discuss with you the business value of best practices for log management. Followed by Martin, Pascal Oetiker from Novell will describe his view on how to develop and implement log management best practices. Information

Webinar: Building Operational Governance for SharePoint 2010 09.12.2010 , 5:00pm CET, 11:00am EST

During this free webinar, Martin Kuppinger will give an overview on SharePoint Governance, followed by SharePoint expert Joel Oleson who will show you how to simplify SharePoint 2010 management with operations plans that include governance and change management policies as well as governance best practices. Information

Webinar: 5 Key Challenges for Cloud Computing Governance 02.12.2010 , 15:00 CET, 2pm UTC

Cloud Computing is adding a number of challenges to IT governance. In this opening session to the 2010 Kuppinger Cole Cloud Computing Virtual Conference, Martin Kuppinger will talk about the 5 key challenges to be aware of, if you want to extend your IT governance to cloud computing. Information

Webinar: Cloud Computing Risk Areas 02.12.2010 , 16:00 CET, 3pm UTC

Before jumping into the cloud, you should know about the risks, so that you can ask the right questions to your provider. In this webinar session, we will discuss the main risk areas of cloud computing, such as data location, transparency, privileged user access, Recovery and data segregation, and how to keep them under control. Information

Webinar: Privileged Cloud Identity Management 30.11.2010 , 11:00 Uhr

In diesem Webinar wird zunächst Martin Kuppinger von KuppingerCole eine grundlegende Einführung in das Management privilegierter Benutzer im Unternehmen, innerhalb von Outsourcing-Verhältnissen und in der Public Cloud geben. Der Schwerpunkt wird hier insbesondere auf der Frage liegen, welche Anforderungen an einen Public Cloud oder Outsourcing Dienstleister zu stellen sind, damit Ihr internes (PUM) durch die Hinzunahme von Cloud Services nicht kompromittiert wird. Jochen Koehler vom Privileged Identity Management Spezialisten Cyber-Ark wird daran anschliessend einen überaus interessanten Einblick in die Praxis geben und die Strategie seines Unternehmens zur Absicherung Ihrer Cloud-Strategie erläutern. Information

Webinar: Integrating Enterprise GRC and IT-GRC Programs on a Single Framework 19.11.2010 , 16:00 CET, 10am EST

This webinar will highlight how organizations can manage risk better across their IT and business processes, thus enabling them to determine potential impact considering both IT and business controls. Information

Webinar: Governance, Risk Management & Compliance in der Cloud 18.11.2010 , 11:00 - 11:45

Zwischenzeitlich haben sich sehr viele Unternehmen dafür entschieden, Dienste aus der Cloud zu nutzen. Teilweise auch schon seit Jahren, bevor der Begriff des Cloud Computing überhaupt entstanden war. Wenn es aber um die Verteilung unternehmenskritischer Informationen geht, dann ist die Zurückhaltung sehr viel größer und der Zielkonflikt zwischen einer "Hochverfügbarkeit" von Informationen und deren Sicherheit wird mit dem fortschreitenden Siegeszug des Cloud Computing immer stärker. Für interne Systeme ist ein funktionierender GRC-Ansatz die Regel. Wie aber sieht es in der Cloud aus? In diesem Webinar spricht Martin Kuppinger darüber, wie Sie Ihren GRC-Ansatz erfolgreich in die Cloud bringen. Information

Webinar: SharePoint Governance: Vom Site Chaos zur vertrauenswürdigen Plattform 12.11.2010 , 14:00 Uhr

SharePoint-Umgebungen tendieren dazu, sich den GRC-Anforderungen Ihres Unternehmens widersetzen zu wollen. In diesem Webinar beschreibt Martin Kuppinger einen holistischen Ansatz zur Einbung Ihrer SharePoint-Umgebung in ein unternehmensweites GRC und Identity Management. Dr. martin Kuhlmann von Omada wird daraufhin detailliert darstellen, wie sich dieser Ansatz effektiv umsetzen lässt. Information

Webinar: Zugriffe im Griff: Von der Übersicht zur Risikominimierung 28.10.2010 , 11:00

Martin Kuppinger von KuppingerCole geht in diesem Webinar auf die Trends im Bereich der Access Governance und die Rolle, die Access Governance in GRC-Strategien spielen kann und muss ein. Er definiert Anforderungen an Access Governance-Lösungen und liefert eine Checkliste für die Auswahl solcher Lösungen. Klaus Hild von Novell spricht anschließend über Best Practices für die schrittweise Entwicklung und Umsetzung von Access Governance-Lösungen. Information

Webinar: How to Deploy Identity Management When You're Not a Top Fortune 500 Company 25.10.2010 , 16:00 CEST, 2pm UTC

Medium-to-large enterprises face specific challenges in implementing identity management. Quite often, solutions are tailored for very large companies, making deployments an uneasy fit. In this Webinar, Martin Kuppinger will show how, by adding focused added value step-by-step, enterprises can accumulate quick wins and reach identity workflow and compliance safely. Followed by Martin, Stéphane Vinsot from Evidian will lead you through some Best Practices and will talk about Evidian´s experiences with identity management deployments in medium-to-large enterprises. Information

Webinar: Policy Based Access Control with XACML 3.0 22.10.2010 , 17:00 CET

Version 3 of the XACML standard could be a large stride forward towards a flexible and versatile access management. As opposed to traditional role-based access control systems, XACML is policy driven, not role driven. So, should we throw away now role-based access control? In this webinar, Kuppinger Cole´s Senior Analyst Felix Gaehtgens will talk about the improvements achieved with this new standard version and describe, how these improvements can influence current and future access control initiatives. Felix will be followed by former Burton Group Analyst and now Axiomatics Americas President Gerry Gebel, who will present together with his collegue David Brossard an impressive XACML 3.0 best practice with 200 Million users. Information

Seminar: Enterprise Cloud Security Summit 19.10.2010 , 09:45 - 16:00

Innerhalb weniger Jahre hat sich das Cloud Computing zu einem dominierenden Trend entwickelt, der sich zudem wie kaum ein Trend zuvor verändernd auf die IT-Infrastruktur auswirkt. Im Gegensatz zu typischen, Technologie-getriebenen Trends, geht die Nachfrage nach Cloud Computing Services von den Fachabteilungen aus, bisweilen unter Umgehung der "klassischen" internen IT-Infrastruktur. Für die IT-Abteilungen bedeutet dies, einer ganzen Reihe von neuen Sicherheitsrisiken begegnen zu müssen. Im KuppingerCole Enterprise Cloud Security Summit diskutieren erfahrene Analysten mit Ihnen darüber, wie das Cloud Computing den klassischen Security-Ansatz verändert, und wie ein Nebeneinander von internen und externen Services reibungslos funktionieren kann. Information

Webinar: Best Practices for Enterprise Log Management 30.09.2010 , 15:00 CEST, 1pm UTC, 9am EDT

Not only since cloud computing has become a hype, traditional perimeters have been more and more disappearing. Managing risks and securing compliance in such "cloudy" environments has become a critical priority. At the same time, an ever increasing number of different systems and devices create floods of IT events and monitoring those events and find out those in real time, which indicate a threat. Managing logs therefore has become a complex task. Join us in this webinar to discuss best practices for log management. Information

Webinar: Managing Identities in Hybrid Cloud Environments 17.09.2010 , 15:00 CEST, 1pm UTC, 2pm BST

It is easy to understand, why the cloud computing model appeals to senior executives, as it promises to enable enterprises to rapidly and cost efficiently adapt to changes in their business environment. Agility is key to success, but budgets are tight - that´s where cloud computing scenarios fit in perfectly. Adding cloud services to your existing enterprise IT - how does that fit with your identity management? This is the key question, when it comes to security in such hybrid environments. In this webinar, we will discuss with you about identity infused compliance in hybrid cloud/internal IT environments. Information

Webinar: Access Governance and Access Auditing at Triodos Bank 15.09.2010 , 16:00 CEST, 2pm UTC

Information

Congress: European Identity Conference 2010 04.05. - 07.05.2010 , Munich

With its world class list of speakers, a unique mix of best practices presentations, panel discussions, thought leadership statements and analyst views, EIC has become an absolute must-attend event for enterprise IT leaders from all over Europe. Information

Congress: CLOUD 2010 04.05. - 07.05.2010 , Munich

Kuppinger Cole are proud to announce the Cloud Computing Flagship Event for Europe: CLOUD 2010. Making Cloud Computing work for your enterprise, how to prepare for it and what the risks involved with a cloud strategy are - Join us in Munich for an exciting event beyond the hype. Information

Webinar: Information Security and Governance for Microsoft SharePoint Environments 26.04.2010 , 16:30-17:30 CEST, 10:30am Eastern

In this webinar, we will look at the SharePoint Security and the SharePoint Security Add-On market, with specific focus on what you need to fulfill the GRC requirements in SharePoint environments and how to do that integrated with other information systems. Information

Congress: GRC-Forum 2009 03.11. - 05.11.2009

Eine direkte Verknüpfung zentraler Geschäftsprozesse mit einem unternehmensweiten GRC-Management bringt klare wirtschaftliche Vorteile und reduziert die Risiken. Das GRC-Forum 2009 unterstützt Sie bei der Einführung und Verbesserung eines solchen GRC-Managements und einer darauf abgestimmten Strategie für Ihre Unternehmens-IT. Information

Webinar: The Role of Entitlement Management in Governance, Risk and Compliance Management 13.10.2009 , 16:00 CEST

Modern IT infrastructures empower their users and thereby introduce new risks. The effectiveness and efficiency of control frameworks and GRC programs are therefore becoming an increasingly important focus area for IT and business managers alike. Yet, GRC initiatives tend to be reactive, striving to optimize monitoring, surveillance and auditing capabilities and the GRC overhead keeps growing. Instead we need risk-intelligence built into our IT-infrastructures. This is what Entitlement Management helps achieve. Entitlement Management provides real-time enforcement of policy-based access controls based on policy modeling implementing regulatory compliance and risk mitigation plans. This enables a shift from reactive surveillance to proactive enforcement which reduces the GRC overhead and improves control efficiency. This webinar is supported by Axiomatics. Information

Seminar: Governance, Risk und Compliance – mehr als nur Regeln 22.09.2009 , 9:00 - 14:00

Zuverlässigkeit ist das wichtigste Merkmal einer guten Identitäts- und Sicherheitsmanagementlösung. Mit der schriftlichen Niederlegung der Management- und Sicherheitsverfahren allein ist es aber nicht getan – Sie müssen die Gewissheit haben, dass Sie mit der gewählten Lösung auch alle Richtlinien und Vorschriften erfüllen, umsetzen und kontrollieren können. Das Ziel heißt „Making IT Work As One!“ Information

Congress: Identity Management & GRC Conference Istanbul 24.06. - 26.06.2009 , Istanbul/Turkey

ID-Conf Istanbul is the place to meet with enterprise technologists, thought leaders and experts to learn about, discuss and shape the market in most significant IT-Security related topics such as Identity Management, Governance, Risk Management and Compliance (GRC) and Service Oriented Architecture (SOA). With it´s world class list of speakers, a unique mix of best practices presentations, panel discussions, thought leadership statements and analyst views, ID-Conf Istanbul is an absolute must-attend event for enterprise IT leaders from all over Europe. Information

Congress: European Identity Conference 2009 05.05. - 08.05.2009 , Munich

With its world class list of 130+ speakers, a unique mix of best practices presentations, panel discussions, thought leadership statements and analyst views, EIC has become an absolute must-attend event for enterprise IT leaders from all over Europe. Information

Webinar: Wer war Root? 19.03.2009 , 14:00 - 14:45

Der Umgang mit privilegierten Benutzerkonten, wie beispielsweise "ROOT", birgt hohe Risiken. In diesem Webinar führen wir Sie in die Grundlagen des Privileged Account Management (PAM) ein und geben Ihnen wertvolle Praxistipps, wie Sie Ihr Netzwerk wirksam gegen interne und externe Bedrohung schützen können. Information

Webinar: Fraud Prevention and Multi-factor Authentication 11.03.2009 , 17:00 - 17:45

In this webinar, Kuppinger Cole´s founder and principal analyst will give you an overview on the market for risk- and context-based, multi-factor authentication and authorization solutions for fraud detection, followed by Stefan Dodel, middleware solutions specialist at Oracle, who will talk about his experiences from numerous projects. Information

Webinar: Business Roles, Business Rules, Claims – What is it all about? (CANCELLED) 26.02.2009 , 17:00 CET, 4pm UTC

The webinar will discuss the questions and outline the future trends for business roles, business rules, and claims. Information

Webinar: Risk Management Trends 19.02.2009 , 17:00 CET, 4pm UTC

The webinar will discuss risk management trends as well as the evolution of the market for risk management tools. Information

Webinar: Reducing Compliance Costs through Risk-Based Segregation of Duties Management 12.02.2009 , 17:00 CET, 4pm UTC

In this Webinar, Kuppinger Cole´s Principal Analyst Martin Kuppinger will highlight the challenges of risk based segregation of duties management, and will discusses technology solutions for continuous monitoring that deliver affordable and effective compliance. Information

Seminar: Enterprise Identity Management Best Practices 26.11. - 27.11.2008 , München

In einer jungen Disziplin wie der des Identity Management ist es ganz besonders wichtig, sich regelmäßig über aktuelle Entwicklungen zu informieren und sich mit Projektverantwortlichen anderer Unternehmen auszutauschen. Diese 2-tägige, von Martin Kuppinger moderierte Veranstaltung kombiniert Informationen zu aktuellen Trends mit Best Practices und der unabhänigen, neutralen Expertise von Kuppinger Cole. Information

Conference: Governance, Risk Management & Compliance (GRC) Forum 2008 18.11. - 19.11.2008 , Frankfurt am Main

Je komplexer die IT-Infrastruktur, desto angreifbarer ist sie und desto höher die Aufwände (und Kosten) für Compliance. Für die erfolgreiche Einführung einer unternehmensweiten GRC-Plattform ist es deshalb von entscheidender Bedeutung, einerseits deren Fundament in Form einer zukunftsorientierten Identity Management Strategie darauf auszulegen, aussagekräftige Informationen zur Verfügung zu stellen, und andererseits durch einen Risk-orientierten Compliance-Ansatz die Kunst der Beschränkung auf das Wesentliche zu üben. Die Kuppinger Cole Governance, Risk Management & Compliance (GRC) Jahresveranstaltung 2008 fokussiert Strategien und Vorgehensweisen, Technologien und Werkzeuge, die Ihre Unternehmensführung in die Lage versetzen, wettbewerbs- und kostenrelevante Entscheidungen in Kenntnis aller wesentlichen Informationen und Risiken zu treffen - ohne dass Ihre Compliancekosten ausufern. Information

Webinar: Trendstudie Rollenmanagement 13.11.2008 , 13:30 - 14:30

Die Beweggründe für die Einführung eines unternehmensweiten Rollenmanagements sind sehr unterschiedlich. Während es bei vielen Unternehmen häufig zunächst um die Reduktion von Komplexität geht, stehen in anderen Unternehmen Compliance-Aspekte im Mittelpunkt. Entsprechend unterschiedlich ist die Herangehensweise an das Thema Rollen und häufig auch das Resultat. Kuppinger Cole führt deshalb derzeit eine Umfrage unter Anwenderunternehmen durch, deren Ergebnisse in diesem Webinar präsentiert werden. Information

Webinar: Integration - die Zukunft des Risikomanagements 06.11.2008 , 15:00 - 16:00

Unterschiedliche Rogue Trading Vorfälle und die Finanzmarktkrise haben es nochmals deutlich gezeigt: Das traditionelle Risikomanagement scheint nicht dazu geeignet zu sein, Unternehmen vor selbstvernichtendem Handeln zu bewahren. Einerseits war es im operativen Geschäft wohl häufig so, dass man glaubte, die Grundsätze eines internen Risikomanagements zu Gunsten externer Ratings über den Haufen werfen zu können. Andererseits fehlte (und fehlt) ein ganzheitlicher Ansatz, der die Risiken nicht nur der wertschöpfenden, sondern auch der nicht-wertschöpfenden Prozesse aufdeckt und für Entscheidungsprozesse zugänglich macht. Wie läßt sich ein unternehmensweit integriertes Risikomanagement umsetzen? Zu dieser Frage bieten wir Ihnen das folgende Webinar: Information

Webinar: Enterprise Role Management - die 5 wichtigsten Regeln 31.10.2008 , 14:00 - 15:00

Die Berechtigungsvergabe auf Basis von Business-Rollen ist ein wesentlicher Bestandteil des Identity Managements und wichtige Grundlage für eine GRC-Strategie. Ist das so? Geht es auch ohne? Fakt ist, dass sehr viele Projekte, bei denen das Rollenmanagement eine wichtige oder die Hauptrolle spielt, entweder aus Budget- und Zeitrahmen laufen, oder gar scheitern. In diesem Webinar sprechen wir über die 5 wichtigsten Regeln für ein erfolgreiches Enterprise Role Management. Information

Webinar: GRC Business Values 24.10.2008 , 13:00 - 14:00

Dieses Webinar führt Sie in das Konzept einer GRC-Plattform ein und gibt Ihnen einen Überblick über die wichtigsten Kriterien für die Einführung einer solchen Plattform. Information

Workshop: SOA Governance Best Practices 13.10.2008 , 09:00 - 17:00 , Stuttgart

Für die Nachhaltigkeit einer Investition in eine serviceorientierte Architektur und zur Erfüllung der mit ihrer Einführung verbundenen Erwartungen, wie beispielsweise ein Mehr an unternehmerischer Agilität, ist SOA Governance eine wesentliche Voraussetzung. Dieser Workshop bietet Ihnen die Möglichkeit, gemeinsam mit Martin Kuppinger in einer kleinen Gruppe eine auf Best Practices basierende Strategie für den Einstieg in SOA Governance zu erarbeiten. Information

Webinar: Kuppinger Cole Trend Report IAM and GRC 2009-2019 02.10.2008 , 15:00 - 16:00

During this webinar, Martin Kuppinger will present the key results of the Kuppinger Cole Trend Report IAM and GRC 2009-2019. Information

Conference: Identity Management Praxisforum 28.01. - 29.01.2008 , Frankfurt/Main

In einer jungen Disziplin wie der des Identity Management ist es ganz besonders wichtig, sich regelmäßig über aktuelle Entwicklungen zu informieren und sich mit Projektverantwortlichen anderer Unternehmen auszutauschen. Deshalb veranstalten wir gemeinsam mit dem Management Forum Starnberg das Identity Management Praxisforum. Diese 2-tägige, von Martin Kuppinger moderierte Veranstaltung kombiniert Informationen zu aktuellen Trends mit Best Practices und der unabhänigen, neutralen Expertise von Kuppinger Cole. Information

Seminar: Compliance needs Enterprise Role Management (ERM) 22.11.2007 , 09:00 - 17:00 , München

Dieser Workshop setzt sich mit der Entwicklung eines unternehmensweiten Rollenmanagements und der Evaluierung von Rollenmanagement-Produkten auseinander. Lernen Sie, wie IT-Rollen mit Prozessverantwortlichkeiten abgestimmt werden und diskutieren Sie die Möglichkeiten und Herausforderungen der unterschiedlichen Ansätze. Breiten Raum nimmt die Diskussion über Erfahrungen, Ergebnisse und ?Lessons Learned? aus Unternehmen ein, die unternehmensweite Rollendefinitionen bereits durchgeführt haben. Information

Seminar: Governance, Risk, Compliance (GRC) & Identity Management 14.11.2007 , 09:00 - 17:00 , München

Das unternehmensweite Risikomanagement, das nachhaltige Steuern des Unternehmens durch Kodizes und Richtlinien (?Governance?) und das systematische Streben nach dem Einhalten externer und interner Regelwerke (?Compliance?) verändern grundlegend die Anforderungen der Unternehmensführung an IT-Infrastruktur und Anwendungen. Welchen Hintergrund diese veränderten Anforderungen haben, wie sie sich auf die IT auswirken und welche zentrale Rolle das Identity Management dabei spielt, zeigt Ihnen dieses Seminar auf. Information

Webinar: Die richtige Single Sign-on Strategie für mehr Sicherheit und IT-Compliance 26.10.2007 , 11:00 - 12:00

Die Einführung von Single Sign-On Systemen wird in zunehmendem Maße von Compliance-Anforderungen beeinflusst. Bringt ein SSO-System zusätzliche Risiken oder läßt sich damit eine Compliance-Strategie sogar vereinfachen? In diesem Webinar lernen Sie die unterschiedlichen SSO-Ansätze innerhalb des Unternehmens, über die Unternehmensgrenzen hinweg und im Web kennen und deren Einfluß auf Ihre Compliance-Strategie. Information

Past Conference Sessions

Converging User-centric & Enterprise-centric IDs - a Conversation with Kim Cameron 05.05.2010 11:30-12:30 Dave Kearns, KuppingerCole Kim Cameron, Microsoft

View details

Re-Assessing IAM-Strategy in Turbulant Times - Cost Optimisation Approaches for IAM Initiatives 06.05.2009 10:30-11:30 John Hermans, KPMG

View details

Maximizing the Value of Identity Management 06.05.2009 15:00-16:00 Kari-Pekka Lifländer, Nokia

Presentation first suggests as the basis for Identity management value model the usage of Identity transactions. Identity transactions is defined as sum of rights requests + sum of amounts of rights delivered. Additionally, each transaction is given a euro sum value which results into tangible value delivered by IDM. The presentation next discusses the relevant parts of the role based access management model implementation that bring most value as based on the IDM value model. Discussed elements are e.g. different kind of approval flows, inherited membership approvals, privileges inheritance, delegated management of privilege and role structures, traceability of current permissions/permissions under approval or delivery/historical permissions, inheritance of the membership constraints in the role hierarchy, possibility to reconcile memberships with the target systems in case manual provisioning is used. View details

Governance, Risk, Compliance (GRC) & Identity Management (Session I) 25.04.2008 09:00-10:30 Dr. Horst Walther, Kuppinger Cole

View details

Active Directory Disaster Recovery Workshop (Session I) 25.04.2008 09:00-10.30 Gil Kirkpatrick, NetPro

In this workshop, leading directory services and identity management expert, Gil Kirkpatrick, will educate the audience on how to manage entitlements using Microsoft’s Identity Lifecycle Manager (ILM) II. Kirkpatrick will highlight the new functionality in ILM II including user and resource modeling, workflow, and provisioning. Further, he will cover resource discovery and classification, provide guidance around how to define access policies, and discuss the importance of proactive infrastructure management to ensure the environment’s long-term stability and continuity. View details

How Basel II and Euro-SOX affect Enterprise IT – of Finance Instiutions and other Companies 25.04.2008 09:00-10:30 Martin Kuppinger, KuppingerCole

Basel II and Euro SOX (the 8. EU auditing guideline) are amongst the most relevant compliance guidelines in Europe. The open question for most companies is how these guidelines might affect their business – and their IT. The workshop will provide an overview of these regulations and their impact on IT, the need for IT-based risk management and specific IT and Identity risk management. This will be discussed for the IT of finance institutions as well as for all the other companies, because Euro-SOX is relevant to all and Basel II, even while being a banking standard, affects the risk evaluation of corporations. View details

Governance, Risk, Compliance (GRC) & Identity Management (Session II) 25.04.2008 11:00-12:30 Dr. Horst Walther, Kuppinger Cole

View details

Active Directory Disaster Recovery Workshop (Session II) 25.04.2008 11:00-12:30 Gil Kirkpatrick, NetPro

View details

Identity Risk Metrics 25.04.2008 14:00-15:30 Martin Kuppinger, KuppingerCole Michael Kranawetter, Microsoft

There is no limit to the complexity of Identity Risk Management. But how to achieve results in an easy way? How to work with simple tools, starting with Excel, to measure risks (and not only risks, but performance indicators of Identity Management)? And how to interpret an use these results? Michael Kranawetter and Martin Kuppinger will introduce the idea of Identity Risk Management and the “how to” of an easy approach to this new concept. They will show how easy many of the Metrics can be obtained and how they can be used for business value argumentations, business impact analysis, as key performance indicators and in other ways. View details

The Role of Roles in Compliance – A Practical Approach 25.04.2008 14:00-15:30 Dr. Horst Walther, Kuppinger Cole Dr. Ron Rymon, CA Inc. Dr. Martin Kuhlmann, Omada Kevin Cunningham, SailPoint Darran Rolls, SailPoint Peter Weierich, Voelcker Informatik Melvis Hadzic, Oracle

Enterprise role management is quickly becoming a critical technology for enabling organizations to verify and enforce regulatory policies and to audit the effectiveness of internal controls over user access. But due to complexity and marketplace confusion, many companies struggle to find an approach that delivers practical and timely results. This workshop is designed to help technical leaders adopt a pragmatic strategy for managing roles as part of a successful governance, risk management, and compliance initiative. SailPoint’s Chief Technology Officer, Darran Rolls, will provide an in-depth look at role management concepts and technologies. And, he’ll offer recommendations that can help organizations achieve practical benefits with roles. Points of discussion include: Introduction: What is role management? Business drivers and use cases for role management Where do roles fit in the world of compliance? How do compliance roles relate to provisioning roles? How... View details

Identity Risk Metrics 25.04.2008 16:00-17:30 Martin Kuppinger, KuppingerCole Michael Kranawetter, Microsoft

There is no limit to the complexity of Identity Risk Management. But how to achieve results in an easy way? How to work with simple tools, starting with Excel, to measure risks (and not only risks, but performance indicators of Identity Management)? And how to interpret an use these results? Michael Kranawetter and Martin Kuppinger will introduce the idea of Identity Risk Management and the “how to” of an easy approach to this new concept. They will show how easy many of the Metrics can be obtained and how they can be used for business value argumentations, business impact analysis, as key performance indicators and in other ways. View details

Medium Sized Companies 24.04.2008 10:30-11:30 Jörg Mauz, Ansmann AG

While the first wave of Identity Management implementations has been taking place mostly in large enterprises and discussions on RoI potentials delivered by these projects seem to sometimes be pretty controversial, the number of medium sized companies investing in Identity Management is on a sharp rise now. Jörg Mauz, who is CIO at Ansmann AG, a company with 300 employees, will show in this presentation, how he managed to make a successful move into a lean and feasible Identity Management infrastructure. View details

An Interview with Edge Zarrella 24.04.2008 10:30-11:30 Martin Kuppinger, KuppingerCole Egidio (Edge) Zarrella, KPMG

View details

Executing Identity and Access Management in an International Bank- and Insurance Company 24.04.2008 11:30-12:30 Dionysius Antonius Kotteman, ING Group

The presentation will cover ING's major project to define and roll - out identity management. It will list some experiences, good and bad, inluding Role Based Access. Added are the latest developments in ING with regard to building a Security Operations Centre; an opportunity to make a step in reducing risks in access security. View details

Business Roles - Methods and Tools 24.04.2008 14:00-15:00 John Hermans, KPMG

View details

IdM, SOA & IT-Governance 24.04.2008 14:00-15:00 Martin Kuppinger, KuppingerCole

Over the last years, Compliance has often been cited as the most important driver for Identity Management. But, honestly, it is IT Governance as one of the most important parts of Corporate Governance. Within IT Governance (and within the identity and access management), the scope shouldn’t be limited to either Enterprise Systems and core business processes or to the Identity Management level. Companies need an consistent approach for IT Governance which focuses on risks as well as compliance and which integrates SOAs, IAM and BPM (and may be BSM) to really fulfill the requirements. Martin Kuppinger will provide his thoughts on this topic within this session. View details

The Multi Year Journey of Implementing IAM within Deutsche Bank 24.04.2008 15:00-16:00 Berthold Kerl, Deutsche Bank AG

Starting with the complexity of Deutsche Banks organisation the presentation will explain how Deutsche Bank meets its regulatory requirements and synchronises with its control and efficiency related targets in the Identity and Access Management field. Best practice examples of IAM solutions will be covered: Such as db Legi which is one of the largest role based access management systems in the financial services industry. Another example is the project Gatekeeper which accomplished the recertification of over 150.000 accounts in 300 SOx relevant applications in record time. Gatekeeper involved more than 10.000 people across Deutsche Bank. As the destination of the journey the blueprint of the future state IAM governance landscape of Deutsche Bank will be outlined. View details

Provisioning, Entitlements 24.04.2008 15:00-16:00 David Hannaford, E.ON UK

Identity management isn’t just about security and cost, it can also deliver real business benefits. This presentation is based on the case study of the implementation at E.ON UK and the linking of this system to a European Identity Management system in E.ON Germany. It illustrates the key concepts of the implementation, where the value has been derived, and lessons learned during the implementation and subsequent operation and enhancement of the system. View details

Managing GRC - Introduction 23.04.2008 10:30-11:30 Jörg Asma, KPMG

View details

Identity Risk Management 23.04.2008 11:30-12:30 Marko Vogel, KPMG

Most of the companies have already set up or even implemented projects concerning Identity Management. But how is the status of Identity Management if looked at from a holistic perspective? Many companies are concerned with the level they have reached, where they have improvement potentials and how they can and should progress. Marko Vogel explains how KPMG determines the stage of maturity of the organisation's Identity Management based on the KPMG reference model. The presentation clarifies that an organisation needs a lot more that a tool to receive a mature Identity Management. It is shown how different aspects are assessed, such as guidelines, governance, management review, processes and controls, and how they will be assigned to standardised maturity degrees according to their development. The presentation also explains what needs to be done to reach higher maturity degrees and illustrates this with practical examples. In addition, a Use Case demonstrates how the results... View details

Kuppinger Cole GRC Solutions Market Report 2008 23.04.2008 14:00-15:00 Martin Kuppinger, KuppingerCole

In the GRC Solutions Market Segment Report 2008, KCP provides the first time ever an structured view on the GRC market and the vendors within, clustering the different approaches to give a practical guideline for selecting solutions in this evolving, multi-facetted market. KCP will also predict future developments in this market. View details

SAP Authorization Provisioning at E.ON 23.04.2008 15:00-16:00 Sven Wahler, E.ON IS

Due to an increased complexity of regulatory requirements such as IDW, GoBS, HGB, SOX and ISO, monitoring of critical authorizations within SAP has to be automated. Sven Wahler will show in his best practices presentation, how E.ON went through the process of implementing such a GRC tool. View details

Compliance as a Risk 23.04.2008 16:30-17:30 Oliver Eckel, Cognosec

View details