This opinion piece was answered by Martin Kuppinger. Martin is the Founder and Principal Analyst at KuppingerCole.
1) What is the importance of identity access management?
Identity & Access Management (IAM) and its core disciplines such as “IGA (Identity Governance & Administration)” and “Access Management & Authorization” are essential to efficiently manage identities and access of employees, business partners, customers, and consumers; to fulfill regulatory compliance requirements such as SOX, HIPAA, GDPR, and many others; and to mitigate access-related security risks. While IGA focuses on managing users, their accounts, and their access entitlements, Access Management & Authorization focuses on authentication and authorization of users. Business must have a well-thought-out IAM in place – specifically large organizations and the ones in heavily regulated industries, but factually also all others.
Trends in Consumer Identity for 2019, KuppingerCole Lead Analyst & Managing Director of KuppingerCole, Inc. (US) John Tolbert
2) How has cloud computing changed the tech industry over time?
Cloud computing nowadays has become a reality for most businesses. While there are many facets of how cloud computing is done, from private to hybrid and public clouds, it is essential for the tech industry to serve the demand for delivery “as a service”, from the cloud. An obvious impact is that a majority of such services is delivered via few platforms of providers such as AWS (Amazon Web Services) or Microsoft (Azure). However, tech companies from everywhere can build on these platforms to provide their own services. Aside of the need to invent new services or re-invent and re-architect existing on premises software products, the shift to the cloud also fundamentally changes the business models, from a one-time-purchase (frequently with an annual service fee) to a pay-as-you-go approach where services are only paid for the concrete usage. This is a change to existing business models. However, many businesses (including Microsoft) already have proven that this can be even more successful than the traditional models.
Architecture Blueprint: Hybrid Cloud Security, KuppingerCole Senior Analyst Mike Small
3) How can enterprise leaders optimise their security tools?
The most important step is to understand which tools they really need and to build their portfolio. We strongly recommend a clear analysis of risks and, subsequently, an analysis of the existing tools landscape with rating them against their risk mitigation impact and other factors. The KuppingerCole Portfolio Compass is a defined and proven standard methodology for such portfolio analysis. Based on that, gaps can be closed and redundant or tools that don’t deliver a value can be retired. Such approach should become part of an overall security assessment and the definition (or review of an already existing) cybersecurity programme, to prioritize and streamline the implementation of adequate guidelines, organization, processes, and finally tools.
Video: Top 5 CISO Topics for 2019, Principal Analyst at KuppingerCole Martin Kuppinger
Like this article? Check out our recent interview with Jen Stirrup.