KuppingerCole Analysts

Shadow IT has evolved. Now it’s Shadow SaaS. Shadow AI. And it’s everywhere. In this week's episode of the KuppingerCole Analyst Chat, Matthias welcomes Matthew Gardiner for his first appearance to unpack one of the fastest-growing security domains: SaaS Security Posture Management (SSPM) and why that name may already be too narrow. Today’s organizations run on hundreds of SaaS applications. Many are sanctioned. Many aren’t. Some are connected via OAuth. Others are quietly leaking data through AI tools. And most security teams don’t have full visibility. In this conversation, we explore:✅ What SSPM actually means (and why the “PM” might be limiting)✅ How Shadow IT evolved into Shadow SaaS and Shadow AI✅ The intersection of identity and cybersecurity in SaaS environments✅ Misconfiguration risks, MFA bypass, OAuth sprawl & SaaS drift✅ Why continuous monitoring beats periodic audits✅ CASB vs SSPM vs CNAPP — where the lines blur✅ The growing governance challenge in AI-powered SaaS✅ Why SaaS security can’t be ignored anymore If your organization uses SaaS (spoiler: it does), this discussion is not optional.

Decentralized identity is moving from concept to reality, driven by the upcoming EU Digital Identity (EUDI) Wallet! But can digital identity truly become something we trust? Join us in this Road to EIC episode of the KuppingerCole Analyst Chat where Matthias speaks with Martin Kuppinger about what decentralized identity actually means, how EUDI Wallets work, and why their success depends on real business value. Tune in to learn how verifiable credentials, issuer-holder-verifier models, and privacy-preserving architectures could fundamentally reshape authentication, onboarding, and digital transactions across Europe. You’ll learn:✅ What decentralized identity and verifiable credentials actually are✅ How the EUDI Wallet changes control over personal data✅ Why trust depends on implementation, not just technology✅ The difference between mandatory use cases and real adoption✅ How businesses can reduce costs and streamline processes✅ Why success requires compelling everyday use scenarios✅ What organizations should do now to prepare Beyond government interactions, the real potential lies in transforming complex business processes, from onboarding and compliance to loans, contracts, and digital transactions using trusted, reusable identity data. The EUDI Wallet isn’t just a new login method, it’s foundational infrastructure for Europe’s digital economy. Watch now to understand what decentralized identity means for enterprises, citizens, and the future of trust online.

Authorization is changing, moving from static roles and provisioning to dynamic, real-time, policy-based decisions. But without standardization, modern authorization quickly becomes fragmented and unmanageable. In this episode of the Analyst Chat, Matthias Reinwarth is joined by David Brossard, contributor and co-chair of the OpenID AuthZEN Working Group, and Phillip Messerschmidt, Lead Advisor at KuppingerCole, to discuss how authorization is evolving — and why AuthZEN is a critical missing standard. You’ll learn:✅ Why RBAC is still relevant, but no longer sufficient on its own✅ How ABAC and PBAC address scalability, context, and dynamic access✅ Why role explosion and authorization silos limit visibility and governance✅ How runtime, continuous authorization supports Zero Trust architectures✅ What AuthZEN standardizes — and what it deliberately does not✅ How externalized authorization improves auditability and compliance✅ Why CISOs and architects should start asking vendors for AuthZEN support✅ How AuthZEN fits into the Identity Fabric and Road to EIC vision Authentication has been standardized for years — authorization is finally catching up. Watch now to understand how AuthZEN enables scalable, future-proof authorization for modern applications, APIs, and identity fabrics.

Quantum computing isn’t just a future threat to encryption, it’s a direct risk to identity and authentication. In this week's episode, Matthias is joined by Jonathan Care to explore why identity is the quantum bullseye and what organizations must do now to prepare for a post-quantum world. You’ll learn: ✅ Why authentication protocols depend entirely on cryptography✅ How “harvest now, decrypt later” (HNDL) already puts identity data at risk✅ Why identity, not data encryption, is the weakest point in a quantum future✅ What post-quantum cryptography standards (FIPS 203, 204, 205) change — and what they don’t✅ How Passkeys and FIDO2 are quietly becoming post-quantum ready✅ Why PKI, certificates, federation, and non-human identities face massive scale challenges✅ What crypto agility really means for IAM and Zero Trust✅ A practical 4-phase roadmap for CISOs to start preparing today The biggest risk isn’t a future quantum computer — it’s the long-lived certificates and identity data issued today.

Zero Trust isn’t dead, it’s evolving. In this week's episode, Matthias Reinwarth joins Alexei Balaganski to explore why Zero Trust Network Access (ZTNA) is no longer enough and how Zero Trust Platforms are emerging as the next evolution of modern security architecture. In this episode, we explore: ✅ Why Zero Trust is a strategy, not a product✅ The limitations of ZTNA in modern hybrid and cloud environments✅ What defines a Zero Trust Platform✅ Universal access enforcement across human and non-human identities✅ Continuous trust evaluation and intelligent segmentation✅ Unified visibility, analytics, and policy enforcement✅ How vendors and organizations should think about Zero Trust moving forward

AM and cybersecurity programs are under increasing pressure — not just from new threats, but from operational complexity, regulation, and organizational reality. This episode of the KuppingerCole Analyst Chat shifts the focus from analyst predictions to the perspective of end-user organizations and their real-world challenges in IAM and cybersecurity. Matthias Reinwarth speaks with Reiner Mertens and Charlene Spasic, KC Advisors with a focus on identity strategy, governance, and enterprise programs, specializing in IAM transformation and advisory practice. The discussion goes beyond technology to cover organizational aspects such as governance, compliance, processes, and policies, as well as the implications of modern Target Operating Models. You’ll learn:✅ Why operability is the biggest IAM challenge for many organizations✅ How unclear ownership and overlapping responsibilities undermine IAM success✅ Why IGA modernization is rarely a one-off project — but a long-term program✅ How Privileged Access Management (PAM) is evolving beyond password vaulting✅ The growing importance of non-human identities (NHIs) and automation✅ How regulation (NIS2, DORA) increases urgency — but doesn’t replace good architecture✅ Why data quality, governance, and business alignment are foundational to IAM Rather than making abstract predictions, this episode focuses on real patterns, structural issues, and practical improvements advisors see across industries. Watch now to understand how IAM, PAM, governance, and identity architecture must evolve in 2026 and beyond.

Cybersecurity and AI are evolving faster than ever, and 2026 is already proving that traditional predictions may no longer be enough. In this year's first episode of the Analyst Chat, Matthias Reinwarth is joined by Jonathan Care and Alexei Balaganski to attempt looking into some predictions for the coming year. Join to find out what organizations should realistically prepare for in cybersecurity and AI in 2026! You’ll learn:✅ Why traditional cybersecurity predictions are becoming less reliable✅ How geopolitical, economic, and societal shifts are shaping cyber risk✅ Whether cybersecurity can exist without AI — and where AI actually fits✅ Why governance, accountability, and responsibility matter more than tools✅ What’s flying under the radar in AI and cybersecurity today✅ The risks of AI hype, long-lived permissions, and autonomous agents✅ Why agility and resilience should be your cybersecurity mantra for 2026

Every so often, the digital world gets a reminder that “The Cloud” is not a magical, omnipresent entity but just another complex socio-technical system operated by humans. Electricity usually comes from the socket, networks usually work, and cloud services are marketed as being always on… Until they are not. Recent outages expose inherent vulnerabilities, threatening global digital infrastructure. Learn why resilience and diversification are critical. Read the original blog post here: https://www.kuppingercole.com/blog/balaganski/platform-dependence-growing-fragility

Web scraping has entered a new era and AI is changing everything. In this videocast, Osman Celik speaks with Dmitriy Loshakov from QRator Labs to explore how automated data collection has evolved from simple crawling into highly adaptive, human-like scraping attacks that operate invisibly. You’ll learn: ✅ What web scraping actually is (and why not all scraping is malicious)✅ How AI-powered scrapers mimic real user behavior with mouse movements, delays & clicks✅ Why classic defenses like CAPTCHAs and JS challenges no longer stop modern bots✅ The industries hit hardest — from e-commerce and travel to betting, finance, and media✅ How organizations can defend themselves using behavioral analysis & intent detection✅ Why the future of cybersecurity is officially AI vs. AI

What happens when a single platform outage impacts half the internet? This week, Matthias Reinwarth is joined by Martin Kuppinger and Alexei Balaganski to analyze the recent Cloudflare disruption and what it means for modern digital infrastructure.

What will Identity and Access Management (IAM) look like in 2026? In this episode of the KuppingerCole Analyst Chat, Matthias Reinwarth, Jonathan Care, and Martin Kuppinger discuss the key trends, challenges, and innovations shaping the future of IAM. Key Topics Covered: ✅ Emerging IAM threats: AI agents with broad system access✅ Managing the IAM tool zoo and avoiding integration chaos✅ Identity Fabric: building a flexible, future-proof IAM architecture✅ Continuous and passwordless authentication: improving security and user experience✅ Automation and orchestration: reducing human intervention in IAM processes✅ Shared signals, data-driven decisions, and overcoming alert fatigue✅ Preparing for non-human and agentic AI identities

Web application threats are evolving — and modern WAAP solutions must do far more than traditional WAFs ever could. In this video, Osman Celik speaks again with Andrey Leskin from QRator Labs to explore the capabilities organizations need to protect their web applications, APIs, and users from today’s most advanced threats. You’ll learn: ✅ The three core threat vectors: DDoS attacks, web application attacks, and malicious bots✅ Why traditional WAFs are no longer enough to protect modern applications✅ How WAAP solutions combine WAF, bot mitigation, API protection, and DDoS defense✅ How attackers use low-and-slow techniques, scraping, and AI-driven bots to mimic real users✅ Why half of all internet traffic is bots — and how to distinguish good bots from malicious ones✅ How QRator Labs unifies Anti-DDoS, WAF, and Anti-Bot into a single platform and single point of truth

Is Apple's Digital ID Wallet truly a game changer, or are we missing the bigger picture? In this episode of the KuppingerCole Analyst Chat, Matthias Reinwarth and Martin Kuppinger talk about Apple's announcement of digital IDs in Apple Wallet and what it means for the future of digital identity.

In this week's episode, Matthias Reinwarth and Alexei Balaganski discuss the growing importance of AI Data Provenance. The conversation explores why provenance is distinct from traditional logging, the operational gaps between ML engineering practices and regulatory expectations, and the regulatory context driving these requirements. They get into the risks of attempting to retrofit governance after AI systems are already deployed and explain why provenance must be built directly into data and model workflows. Key Topics Covered:✅ AI data provenance is a new and urgent issue.✅ Low-quality data leads to poor AI outcomes.✅ Auditing and compliance are essential for AI systems.✅ Organizations must establish governance for AI data.✅ Data catalogs and traceability are foundational.✅ Prepare for AI regulations like GDPR.✅ Start small and apply a risk-based approach.✅ Never trust, always verify your data sources.

IT governance isn’t just paperwork anymore, it’s becoming a critical foundation for how modern organizations operate, stay secure, and stay compliant. This week, Matthias Reinwarth is joined by advisors Kai Boschert and Patrick Teichmann to break down what effective IT governance actually looks like in 2025. Together, they unpack: ✅ What IT governance really is — and how it bridges strategy and operations✅ The differences (and overlaps) between strategy, governance, and compliance✅ Why the “1.5 line of defense” model helps close crucial gaps✅ The role of target operating models in making governance work at scale✅ How to bring stakeholders, processes, and tools together effectively✅ Practical steps to start improving governance today — without boiling the ocean Whether you’re shaping governance for a large enterprise or just beginning to formalize your processes, this conversation delivers real-world insights from active advisory work with end-user organizations.

The holiday season might be the most wonderful time of the year—but it’s also prime time for cybercriminals. In this Videocast episode, Warwick Ashford talks with Danny Jenkins, CEO and co-founder of ThreatLocker, about why attacks spike between November and December and what companies can do to stay protected. They unpack: ✅ Why cyberattacks surge during holidays✅ How to close your organization’s biggest security gaps✅ The importance of automated responses and real-time monitoring✅ Why good backups (and tested restores!) still matter✅ How a “cyber health check” can save your business from disaster

The fragmentation of enterprise identity systems is creating real security risks but IPSIE is here to simplify and standardize. In this episode, Matthias Reinwarth and Warwick Ashford explore IPSIE (Interoperability Profiling for Secure Identity in the Enterprise), how it improves interoperability, enforces secure defaults, and provides measurable maturity levels for enterprise identity management.

The future of Identity and Access Management (IAM) is already being built — but are we preparing for 2040? In this episode, Matthias Reinwarth and Martin Kuppinger explore how organizations can design future-ready identity fabrics, avoid tool sprawl, and build the platformized IAM architectures needed to thrive in a fast-changing digital landscape. Key Topics Covered: ✅ What the “Identity Fabric 2040” means for IAM strategies

In this special Halloween edition of the KuppingerCole Analyst Chat, Matthias Reinwarth is joined by Jonathan Care, Lead Analyst at KuppingerCole Analysts, to explore one of the most talked-about cybersecurity stories of the year — the F5 supply chain incident. The discussion highlights how even well-established organizations can become targets of sophisticated, long-term attacks — and what this means for the future of software supply chain security. Together, Matthias and Jonathan examine how incidents like this can happen, what lessons can be learned across the industry, and how companies can strengthen resilience, transparency, and response capabilities in their own environments. Key topics covered: ✅ Understanding the dynamics of modern supply chain attacks ⚠️✅ Why detection and dwell time remain a major industry challenge✅ The growing importance of vendor risk and software transparency✅ Lessons learned for CISOs and IT leaders✅ Practical measures to improve visibility and response✅ Why collaboration and information sharing are key to resilience

Unlock invaluable insights into cyber resilience by exploring real-world examples of organizations rebounding from cyber incidents. Gain strategies to safeguard operations, enhance data resilience, and leverage clean rooms and cloud solutions for recovery. Learn how to transform cyber threats into opportunities for improvement and fortify your organization's digital landscape with adaptive resilience strategies. Read the original blog post here: https://www.kuppingercole.com/blog/small/cyber-resilience

Is your IAM strategy focused too much on tools? In this episode of the KuppingerCole Analyst Chat, Matthias Reinwarth and Patrick Teichmann, Lead Advisor at KuppingerCole, dive into one of the most common pitfalls organizations face: starting IAM projects with the wrong priorities. They explore how a Target Operating Model (TOM) helps define why and how your IAM should work before deciding on technology. Patrick shares insights from real projects, explaining how to align business goals, processes, and governance to achieve long-term success. Key Topics Covered: ✅ Why IAM projects often fail due to tool-first thinking✅ How a Target Operating Model sets the foundation for IAM success✅ The role of governance, people, and processes in effective IAM✅ Real-world examples of aligning strategy and technology✅ How to evaluate tools after defining your IAM capabilities

Are AI agents the future of cybersecurity or a threat to human expertise? In this episode of the KuppingerCole Analyst Chat, Matthias Reinwarth talks with Alexei Balaganski, Lead Analyst and CTO at KuppingerCole, about the rise of AI agents and their potential to reshape the cybersecurity landscape. They explore how autonomous AI systems could fill the cyber skills gap, automate incident response, and even act as digital coworkers in SOC environments. But how far can we trust them—and will humans still have a place in the loop? Key topics covered: ✅ What AI agents really are—and how they differ from traditional automation✅ The role of AI in SOCs, incident response, and threat detection✅ Can AI agents help close the cybersecurity skills gap?✅ Risks of rogue or “hallucinating” AI systems✅ Why access governance and identity management are critical for AI agents✅ The future of cybersecurity jobs in the age of automation

Are we already living in a post-data privacy world? Breaches are everywhere, data is constantly being leaked, and GDPR fines haven’t stopped surveillance capitalism or shady data brokers. In this episode of the Analyst Chat, Matthias Reinwarth is joined by Mike Small and Jonathan Care to explore whether privacy still has meaning — or if resilience and risk management are the only ways forward. They debate: ✅ Is privacy truly dead, or just evolving?✅Why regulations like GDPR often miss the mark ⚖️✅How cyber resilience is becoming more critical than “traditional” privacy✅The personal, societal, and legal dimensions of privacy✅What organizations (and individuals) can still do to protect data

Ghost tapping is shaking up the payment security landscape, turning stolen card data into quick profit through NFC relay fraud. This emerging threat exploits digital vulnerabilities, making unauthorized taps at retail points seamless and undetected. Businesses and regulators must urgently rethink their defenses against this global attack vector that crosses digital and physical boundaries. Read the original blog post here: https://www.kuppingercole.com/blog/ashford/ghost-tapping-a-new-front-in-identity-security-risk

Are KPIs and KRIs just compliance checkboxes, or can they truly prove the value of Identity and Access Management (IAM)? In this episode, Matthias Reinwarth and senior advisor Shikha Porwal explore how Key Performance Indicators (KPIs) and Key Risk Indicators (KRIs) can transform IAM from a technical function into a business enabler. They unpack the differences, the overlap, and how to make metrics relevant to both security and strategy. Expect real-world examples—from onboarding to MFA adoption—that show how measurement drives maturity and risk reduction. Key Topics Covered: ✅ KPIs vs KRIs in IAM: what they are and how they differ✅ Aligning IAM metrics with business goals and governance✅ Onboarding & offboarding metrics for efficiency and risk reduction✅ MFA adoption and help desk tickets as signals of IAM maturity✅ Developer enablement and API adoption as success factors✅ Mapping IAM indicators to risk frameworks and security posture✅ Adapting KPIs/KRIs for non-human identities (NHI)

Are IVIPs truly a new platform that organizations must adopt, or are they just old capabilities rebranded with fresh marketing spin? Today, Matthias Reinwarth and Martin Kuppinger dig into the latest acronym shaking up the IAM world: IVIP (Identity Visibility & Intelligence Platforms). We unpack the promises, the risks, and what IVIP really means for the Identity Fabric concept. Expect a critical take on buzzwords, vendor strategies, and what enterprises actually need to strengthen IAM maturity. Key Topics Covered: ✅ What IVIP actually is and how it fits into IAM✅ The connection between IVIP and the Identity Fabric approach✅ Risks of marketing buzzwords in identity management✅ When a new platform really brings value—and when it doesn’t✅ What organizations should focus on instead of chasing hype

Identity and Access Management (IAM) is no longer a one-off project—it’s an ongoing journey. In this episode of the KuppingerCole Analyst Chat, Matthias Reinwarth is joined by Christopher (CISO & Lead Advisor) and Deniz Algin (Advisor) to explore how organizations can successfully apply the Identity Fabric concept. How to evolve from legacy systems to a future-proof IAM strategy without breaking existing operations? Why interoperability matters? What are the most common pitfalls organizations face when trying to modernize IAM? Find the answer to these questions and more in this episode! Key Topics Covered: Identity Fabric explained through a powerful “airport” analogy ✈️ How to design IAM programs in brownfield environments (no rip & replace) Capability-driven approach vs. tool-driven decisions Risk-based prioritization: quick wins, big wins & roadmaps Common pitfalls to avoid when modernizing IAM

DDoS attacks are evolving and becoming more dangerous than ever. In this video, Osman Celik speaks with Andrey Leskin from QRator Labs about the current DDoS attack landscape and how organizations can defend themselves. You’ll learn: What DDoS attacks are and how they work across layers 3, 4, and 7 Why Layer 7 (application-layer) attacks are the fastest-growing and hardest to detect How attackers are building massive botnets (millions of compromised devices) Real-world DDoS incidents hitting FinTech, e-commerce, and media sectors The differences between scrubbing capacity and PoP proximity in mitigation How QRator Labs approaches DDoS protection with scrubbing, anti-bot, and WAF solutions With Layer 7 attacks rising by 74% year-over-year and record-breaking volumetric attacks now lasting weeks, no industry can afford to ignore this threat. Watch now to understand how to protect your business from DDoS, botnets, and evolving cyber threats.

In this episode of the KuppingerCole Analyst Chat, Matthias Reinwarth is joined by Martin Kuppinger and special guest Felix Gaehtgens to explore two of the hottest (and most debated) topics in identity today: Identity Threat Detection & Response (ITDR) and Non-Human / Machine Identities (NHI). Together, they gothrough the buzzwords to reveal what’s real, what’s hype, and how organizations should approach these fast-evolving areas of IAM. From visibility vs. observability, to governance challenges and the future of machine identity management, this episode delivers sharp insights and practical recommendations from three IAM veterans. So tell us — are ITDR and NHI just marketing buzzwords, or essential must-haves for modern identity security? Key topics covered: ITDR explained: buzzword or meaningful evolution in IAM? Why visibility and observability are not the same The missing “R” in detection & response IAM vs. SOC responsibilities for ITDR Machine identities: terminology, challenges, and governance Ephemeral vs. static machine identities How IAM teams can prepare for the future of identity security

In this episode of the KuppingerCole Analyst Chat, Matthias is joined by Charlene Spasic and Kai Boschert to break down what real IAM maturity means. They explain why structured frameworks like the KuppingerCole Identity Fabric and Reference Architecture are critical, and how organizations can move beyond tools to focus on capabilities, governance, and business alignment. So tell us, is your IAM program truly mature—or just a checklist of tools? Key Topics Covered: Why IAM maturity starts with capabilities, not tools How to assess your current IAM status quo The role of identity lifecycle management & governance Common IAM challenges and gaps organizations face Why step-by-step progress beats “big bang” projects

The fraud landscape has been rocked by a seismic shift—obsolete security systems no longer stand a chance. Enter FRIPs, the revolutionary platforms transforming identity verification and transaction security. As fraudsters evolve, only enterprises leveraging these advanced defenses will thrive. Can your business afford to lag behind in this high-stakes IT arms race? Read the original blog post here: https://www.kuppingercole.com/events/ifid2025/blog/how-frip-weaponizes-identity-fabrics-the-security-revolution-hiding-in-plain-sight

In this practical episode of the KuppingerCole Analyst Chat, Patrick Teichmann joins Matthias Reinwarth to address a surprisingly common organizational issue: IAM teams being tasked with solving everything. From HR data gaps to legacy tool cleanup and cross-department handovers — IAM teams often inherit work that isn’t truly their responsibility. This episode is a call to realign IAM strategy with clear ownership, realistic boundaries, and strong service delivery. In this conversation: Why not everything is an IAM problem Common traps: onboarding issues, ownership gaps, tool clutter How to set boundaries without damaging collaboration Using operating models and RACI matrices to define IAM’s real scope Why focusing your IAM team improves service quality and security How to justify saying “no” — with strategy to back it up Preparing for IAM scalability, sustainability, and new regulations Key takeaway: Sharpening your focus as an IAM team isn't about doing less — it’s about doing what matters most, better.

In this episode of the KuppingerCole Analyst Chat, Martin Kuppinger joins Matthias Reinwarth to dive deep into one of the most overlooked but critical areas in identity and security: non-human identities (NHI) and workload secrets. As cloud-native development and AI-driven workloads grow, so does the complexity of managing machine identities. With AWS now supporting long-lived API keys for generative AI, this episode explores why that's a risky move — and what a modern, secure, and developer-friendly alternative looks like. In this episode, you'll learn: Why workload identities must be treated as privileged How long-lived secrets expand your attack surface Why “balancing convenience vs. security” is a false choice How to apply ephemeral secrets and ITDR signals The role of SPIFFE/SPIRE, policy-as-code (OPA), and automation Why developers shouldn’t own security — and what IAM must do instead How attackers use AI to hunt your leaked secrets What organizations must do to secure NHI at scale Key takeaway: Security must be built around short-lived secrets, automation, and clear separation between identity, secrets, and entitlements — especially for workloads and AI agents.

In this episode of the KuppingerCole Analyst Chat, Warwick Ashford joins Matthias Reinwarth to explore a hidden but growing risk: third-party access to your systems. Third-party contractors, suppliers, and partners often have access to internal systems — but lack the same governance, oversight, and security controls as employees. This episode explores why Third-Party Access Governance (TPAG) is now a strategic security priority, not just a technical integration. What we cover:✅Why third-party identities now outnumber employees in many orgs✅The governance gap: no HR triggers, lifecycle oversight, or certifications✅How traditional IAM systems fail to manage external access✅The role of the Identity & Security Fabric in enabling TPAG✅Regulatory drivers (DORA, NIS2, CMMC) making this a board-level issue✅Core capabilities of modern TPAG solutions✅Practical first steps for building a third-party access governance strategy

Explore how the Oracle Database@AWS collaboration eliminates multi-cloud compromises, integrating Oracle's capabilities within AWS to enhance security, performance, and compliance. Learn how this partnership enables businesses to lift and shift existing workloads easily, leverage AI automation, and achieve rapid data integration, all while maintaining enterprise-grade security and scalability. Read the original blog post here: https://www.kuppingercole.com/blog/balaganski/oracle-databaseaws-combining-the-best-of-both-clouds

In a groundbreaking move, Palo Alto targets a $25 billion acquisition of CyberArk, poised to reshape identity security landscapes. As two cybersecurity giants converge, explore this narrative of strategic synergy versus the challenge of seamless integration. With potential market upheaval at stake, the acquisition promises to redefine the rules of identity security. Read the original blog post here: https://www.kuppingercole.com/blog/leal/palo-alto-cyberark-a-strategic-expansion-into-identity-security-but-with-questions

In this episode of the KuppingerCole Analyst Chat, host Matthias Reinwarth welcomes Martin Kuppinger, Founder and Principal Analyst at KuppingerCole, to discuss the evolution of the Identity Fabric. Originally introduced as a visual tool in 2017–2018, the Identity Fabric has matured into a foundational framework for modern identity and access management. The conversation covers the motivations behind its creation, its flexibility in addressing various identity types, and its role in simplifying complex IAM architectures. Martin also explains the rationale for a leaner version of the model, aimed at executive stakeholders, and offers a glimpse into the forward-looking Identity Fabric for the 2040s. In this episode, you’ll learn:✅Where the Identity Fabric concept began✅Why a leaner version is needed — and who it’s for✅How to pitch Identity Fabric to C-level decision makers✅What the 2040s might look like for IAM✅How organizations and vendors alike are using this model today Whether you're deep in IAM or just starting to align your strategy, this episode breaks down how to communicate complex identity concepts more clearly.

In this episode, Matthias Reinwarth is joined by Alejandro Leal, Senior Analyst at KuppingerCole Analysts, to discuss the strategic shift toward Identity Fabrics in modern IAM. Alejandro outlines the challenges posed by fragmented IAM architectures and the growing diversity of digital identities. The conversation explores how the Identity Fabric model enables organizations to build cohesive, adaptive identity infrastructures that integrate existing tools while providing observability and actionable insights. They also examine the importance of integration, modularity, and policy enforcement across identity silos. The episode concludes with practical steps for building a future-proof IAM strategy. We dive into: Why traditional IAM is failing What Identity Fabric really means (and what it’s not) How it supports every identity type — human or machine The critical role of observability & actionable insights How to balance legacy tools with agile innovation Where to start your implementation — without a big bang Identity is now a strategic business function — and Identity Fabric is how to operationalize it.

In this must-listen episode of the KuppingerCole Analyst Chat, Matthias Reinwarth is joined by Jonathan Care to explore a groundbreaking shift in cybersecurity leadership. Discover how CISOs are transforming from traditional gatekeepers, the infamous "Dr. No", into strategic business enablers through the principles of Servant Leadership. We dive deep into: Why the CISO role is evolving beyond technology and policy The pitfalls of autocratic security leadership and rising burnout How empowering teams builds trust, reduces shadow IT, and accelerates projects Real-world examples from global organizations proving this approach works Practical first steps for CISOs to start leading through influence, not fear Key Takeaway: Security isn’t just about tech, it’s about people and culture. Servant leadership helps build stronger security and stronger businesses.

As non-human identities outpace their human counterparts, the need for effective Non-Human Identity (NHI) management is more crucial than ever. Discover why current systems may leave your organization exposed and how a unified governance approach can safeguard against the risks posed by cloud-native development and Agentic AI. Read original blog post here: https://www.kuppingercole.com/events/ifid2025/blog/non-human-identity-management-mature-or-just-getting-started

In this episode of the KuppingerCole Analyst Chat, Matthias Reinwarth sits down with cybersecurity CTO & analyst Alexei Balaganski to explore the dramatic evolution of API management and security. They unpack: Why APIs are now the backbone of AI agents and how MCP (Model Context Protocol) is driving a new decentralized ecosystem. The explosion of shadow APIs & hidden interfaces from your printer to your coffee machine and why they pose serious risks. How edge computing & WebAssembly are decentralizing everything, making old API gateway models obsolete. The critical need for API posture management, identity & access controls for non-human identities, and full lifecycle security even before you write a line of code. Learn why API security isn’t just a tech problem, it’s the next big business risk, how the market is consolidating, and what’s coming in the new Leadership Compass on API Management & Security.

In this episode of the KuppingerCole Analyst Chat, Matthias Reinwarth is joined by Martin Kuppinger to untangle one of the most complex—and increasingly urgent—topics in digital identity: non-human identities (NHIs). With AI agents, workloads, service accounts, and API keys exploding in number, it’s no longer enough to rely on traditional IAM structures. But what is an NHI, exactly? And how can organizations secure them without collapsing under the weight of siloed systems and unmanaged identities? Martin and Matthias explore: The blurry boundaries between identities, accounts, secrets, and credentials Why "non-human" is a problematic but useful term Agentic AI vs. API keys: where identity management really changes Practical starting points for managing NHIs in real-world environments

In this essential episode of the KuppingerCole Analyst Chat, host Matthias Reinwarth welcomes cybersecurity strategist Jonathan Care to explore one of the most pressing challenges CISOs face in 2025: detecting deception in an age of AI-powered attacks. From deepfakes and behavioral manipulation to vendor impersonation and adversarial AI, attackers are no longer relying on simple phishing emails. They're launching highly personalized, deeply technical, and psychologically crafted deceptions. Jonathan presents a structured four-part taxonomy of deception and offers actionable insights for CISOs—from implementing callback verification protocols to deploying behavioral analytics and deception detection technologies. Topics Covered: AI-powered social engineering Digital identity deception & deepfakes Vendor/supply chain impersonation Technical deception & adversarial machine learning Practical steps CISOs can take this week

Discover how Europe plans to reduce its dependency on imported digital technologies through the EuroStack initiative. Learn about strategic proposals for building a resilient, sovereign digital Europe, and uncover the vital roles collaboration and innovation play in achieving long-term economic, social, and environmental resilience in the digital landscape. Read the original blog post here: https://www.kuppingercole.com/blog/leal/notes-from-cybersec-2025-the-eurostack-vision

Organizational identity is no longer optional In this episode of the KuppingerCole Analyst Chat, host Matthias Reinwarth is joined by cybersecurity research director John Tolbert to talk about the rising threats of organizational fraud, rogue merchants, and the growing need for robust identity verification at the business level. Topics covered: What are rogue merchants, and how do they operate? The staggering fraud numbers behind the Paycheck Protection Program (PPP) The importance of Know Your Business (KYB) vs. Know Your Customer (KYC) Why legacy business verification methods are no longer enough How APIs, LEIs, and verifiable digital identities can help The role of CIEM and B2B CIAM in detecting and preventing organizational fraud Whether you're in cybersecurity, compliance, finance, or e-commerce, this episode unpacks how fraud at the organizational level is growing—and what tools and frameworks can stop it.

Unlock vital strategies on how to defend your organization from costly supply chain attacks by ensuring airtight third-party access management, understanding the latest regulatory demands, and implementing cutting-edge IAM solutions that go beyond perimeter defenses. Read the original blog post here: https://www.kuppingercole.com/blog/ashford/third-party-risk-is-the-new-front-door

In this episode, Matthias Reinwarth welcomes KuppingerCole Membership Product Owner Christie Pugh to share her unique perspective on the European Identity and Cloud Conference (EIC) 2025.

Beware the digital impostors! Deepfakes aren't just sci-fi anymore; they're here, and they're a threat to your bank account, your vote, and your trust. Peek behind the curtain of this digital deceit, where emerging technologies fight to expose forgeries and keep our truth intact. Discover the urgent strategies needed to outpace this digital battleground. Read the original blog post here: https://www.kuppingercole.com/blog/celik/what-to-expect-from-deepfake-threats-and-how-likely-are-we-to-develop-effective-detection-tools

Unveiling its European Digital Commitments, Microsoft moves to empower Europe's digital sovereignty! But is it enough to break free from US influence? Explore the balance between innovative data strategies, European partnerships, and the struggle against extraterritorial laws that challenge cloud independence. A riveting journey into the future of cloud sovereignty awaits. Read the original blog post here: https://www.kuppingercole.com/blog/small/microsofts-cloud-sovereignty-promises-progress-or-patchwork

In this episode, Matthias Reinwarth welcomes KuppingerCole Lead Advisor Patrick Teichmann to share his highlights from attending the European Identity and Cloud Conference (EIC) for the first time.