Every so often, the digital world gets a reminder that “The Cloud” is not a magical, omnipresent entity but just another complex socio-technical system operated by humans. Electricity usually comes from the socket, networks usually work, and cloud services are marketed as being always on… Until they are not. Recent outages expose inherent vulnerabilities, threatening global digital infrastructure. Learn why resilience and diversification are critical.
Read the original blog post here: https://www.kuppingercole.com/blog/balaganski/platform-dependence-growing-fragility
Web scraping has entered a new era and AI is changing everything.
In this videocast, Osman Celik speaks with Dmitriy Loshakov from QRator Labs to explore how automated data collection has evolved from simple crawling into highly adaptive, human-like scraping attacks that operate invisibly.
You’ll learn:
✅ What web scraping actually is (and why not all scraping is malicious)
✅ How AI-powered scrapers mimic real user behavior with mouse movements, delays & clicks
✅ Why classic defenses like CAPTCHAs and JS challenges no longer stop modern bots
✅ The industries hit hardest — from e-commerce and travel to betting, finance, and media
✅ How organizations can defend themselves using behavioral analysis & intent detection
✅ Why the future of cybersecurity is officially AI vs. AI
📉 With intelligent scrapers bypassing most legacy defenses and blending in with real users, organizations must rethink how they detect and mitigate automated threats.
🔒 Watch now to understand how to protect your data, your users, and your business from today’s invisible AI-driven bots.
What happens when a single platform outage impacts half the internet? This week, Matthias Reinwarth is joined by Martin Kuppinger and Alexei Balaganski to analyze the recent Cloudflare disruption and what it means for modern digital infrastructure.
🔑 Key Topics Covered:
✅ What happened during the Cloudflare outage and why it was so disruptive
✅ How platformization and consolidation increased systemic risk
✅ The shift from decentralized internet ideals to dependency on global platforms
✅ Lock-in challenges: hyperscalers, CDNs, and cloud services
✅ Understanding the hidden risks of convenience and integration
✅ Why organizations neglect risk management and how to correct it
✅ Business impact analysis: mapping critical services and dependencies
✅ How to architect for resilience, failover, and exit strategies
💡 Your Next Step: Evaluate your digital supply chain, map your dependencies, and identify where platform concentration creates unacceptable business risk. Small architectural decisions today can dramatically reduce the impact of tomorrow’s outages.
What will Identity and Access Management (IAM) look like in 2026? In this episode of the KuppingerCole Analyst Chat, Matthias Reinwarth, Jonathan Care, and Martin Kuppinger discuss the key trends, challenges, and innovations shaping the future of IAM.
Key Topics Covered:
✅ Emerging IAM threats: AI agents with broad system access
✅ Managing the IAM tool zoo and avoiding integration chaos
✅ Identity Fabric: building a flexible, future-proof IAM architecture
✅ Continuous and passwordless authentication: improving security and user experience
✅ Automation and orchestration: reducing human intervention in IAM processes
✅ Shared signals, data-driven decisions, and overcoming alert fatigue
✅ Preparing for non-human and agentic AI identities
💡 Stay ahead in IAM by evaluating your organization’s readiness for AI-driven identities, passwordless authentication, and automated governance. Use these insights to plan your 2026 IAM strategy and ensure your tools, processes, and policies are prepared for the next wave of innovation.
Web application threats are evolving — and modern WAAP solutions must do far more than traditional WAFs ever could.
In this video, Osman Celik speaks again with Andrey Leskin from QRator Labs to explore the capabilities organizations need to protect their web applications, APIs, and users from today’s most advanced threats.
You’ll learn:
✅ The three core threat vectors: DDoS attacks, web application attacks, and malicious bots
✅ Why traditional WAFs are no longer enough to protect modern applications
✅ How WAAP solutions combine WAF, bot mitigation, API protection, and DDoS defense
✅ How attackers use low-and-slow techniques, scraping, and AI-driven bots to mimic real users
✅ Why half of all internet traffic is bots — and how to distinguish good bots from malicious ones
✅ How QRator Labs unifies Anti-DDoS, WAF, and Anti-Bot into a single platform and single point of truth
📈 With automated attacks, scraping, and bot-driven abuse increasing across every industry, organizations need a holistic approach to defending their web applications.
🔒 Watch now to learn how WAAP, WAF, Anti-Bot, and DDoS mitigation come together in one platform to protect your business.
Is Apple's Digital ID Wallet truly a game changer, or are we missing the bigger picture? In this episode of the KuppingerCole Analyst Chat, Matthias Reinwarth and Martin Kuppinger talk about Apple's announcement of digital IDs in Apple Wallet and what it means for the future of digital identity.
🔑 Key Topics Covered:
💡 Expert Insights: Martin Kuppinger explains why the real value of digital identity wallets lies far beyond simple ID verification, exploring complex scenarios involving hundreds or thousands of verifiable credentials for business process automation.
In this week's episode, Matthias Reinwarth and Alexei Balaganski discuss the growing importance of AI Data Provenance. The conversation explores why provenance is distinct from traditional logging, the operational gaps between ML engineering practices and regulatory expectations, and the regulatory context driving these requirements.
They get into the risks of attempting to retrofit governance after AI systems are already deployed and explain why provenance must be built directly into data and model workflows.
Key Topics Covered:
✅ AI data provenance is a new and urgent issue.
✅ Low-quality data leads to poor AI outcomes.
✅ Auditing and compliance are essential for AI systems.
✅ Organizations must establish governance for AI data.
✅ Data catalogs and traceability are foundational.
✅ Prepare for AI regulations like GDPR.
✅ Start small and apply a risk-based approach.
✅ Never trust, always verify your data sources.
IT governance isn’t just paperwork anymore, it’s becoming a critical foundation for how modern organizations operate, stay secure, and stay compliant. This week, Matthias Reinwarth is joined by advisors Kai Boschert and Patrick Teichmann to break down what effective IT governance actually looks like in 2025.
Together, they unpack:
✅ What IT governance really is — and how it bridges strategy and operations
✅ The differences (and overlaps) between strategy, governance, and compliance
✅ Why the “1.5 line of defense” model helps close crucial gaps
✅ The role of target operating models in making governance work at scale
✅ How to bring stakeholders, processes, and tools together effectively
✅ Practical steps to start improving governance today — without boiling the ocean
Whether you’re shaping governance for a large enterprise or just beginning to formalize your processes, this conversation delivers real-world insights from active advisory work with end-user organizations.
The holiday season might be the most wonderful time of the year—but it’s also prime time for cybercriminals. In this Videocast episode, Warwick Ashford talks with Danny Jenkins, CEO and co-founder of ThreatLocker, about why attacks spike between November and December and what companies can do to stay protected.
They unpack:
✅ Why cyberattacks surge during holidays
✅ How to close your organization’s biggest security gaps
✅ The importance of automated responses and real-time monitoring
✅ Why good backups (and tested restores!) still matter
✅ How a “cyber health check” can save your business from disaster
📈 Whether you’re a security professional or a business leader, these insights will help you strengthen your defenses during the holidays and beyond.
The fragmentation of enterprise identity systems is creating real security risks but IPSIE is here to simplify and standardize.
In this episode, Matthias Reinwarth and Warwick Ashford explore IPSIE (Interoperability Profiling for Secure Identity in the Enterprise), how it improves interoperability, enforces secure defaults, and provides measurable maturity levels for enterprise identity management.
🔹 Key Topics Covered:
✅ What IPSIE is and why it matters for enterprise identity 🧠
✅ How fragmentation of SaaS and cloud identity systems increases risk
✅ Opinionated profiles and secure, consistent standard implementation
✅ Maturity levels for session lifecycle, account lifecycle, and entitlements
✅ How IPSIE fits into the broader Identity Fabric strategy
✅ Current limitations: focus on human identities and next steps for non-human accounts
💡 IPSIE doesn’t reinvent identity standards, it helps organizations implement what they already have consistently and securely, creating a foundation for stronger enterprise security.
The future of Identity and Access Management (IAM) is already being built — but are we preparing for 2040?
In this episode, Matthias Reinwarth and Martin Kuppinger explore how organizations can design future-ready identity fabrics, avoid tool sprawl, and build the platformized IAM architectures needed to thrive in a fast-changing digital landscape.
Key Topics Covered:
✅ What the “Identity Fabric 2040” means for IAM strategies 🧠
✅ The rise of orchestration, signals & API-first design
✅ Avoiding IAM tool sprawl and capability duplication
✅ Platformization vs. best-of-breed: what really works?
✅ Why outcome-driven IAM is the only sustainable approach
✅ How signals redefine authentication, authorization & user experience
💡 Your IAM decisions today shape the next 15 years. Are you building for 2040—or already falling behind?
In this special Halloween edition of the KuppingerCole Analyst Chat, Matthias Reinwarth is joined by Jonathan Care, Lead Analyst at KuppingerCole Analysts, to explore one of the most talked-about cybersecurity stories of the year — the F5 supply chain incident.
The discussion highlights how even well-established organizations can become targets of sophisticated, long-term attacks — and what this means for the future of software supply chain security.
Together, Matthias and Jonathan examine how incidents like this can happen, what lessons can be learned across the industry, and how companies can strengthen resilience, transparency, and response capabilities in their own environments.
Key topics covered:
✅ Understanding the dynamics of modern supply chain attacks ⚠️
✅ Why detection and dwell time remain a major industry challenge
✅ The growing importance of vendor risk and software transparency
✅ Lessons learned for CISOs and IT leaders
✅ Practical measures to improve visibility and response
✅ Why collaboration and information sharing are key to resilience
🕸️ Even trusted systems can hide a few ghosts — are you ready to uncover yours?
Unlock invaluable insights into cyber resilience by exploring real-world examples of organizations rebounding from cyber incidents. Gain strategies to safeguard operations, enhance data resilience, and leverage clean rooms and cloud solutions for recovery. Learn how to transform cyber threats into opportunities for improvement and fortify your organization's digital landscape with adaptive resilience strategies.
Read the original blog post here: https://www.kuppingercole.com/blog/small/cyber-resilience
Is your IAM strategy focused too much on tools? In this episode of the KuppingerCole Analyst Chat, Matthias Reinwarth and Patrick Teichmann, Lead Advisor at KuppingerCole, dive into one of the most common pitfalls organizations face: starting IAM projects with the wrong priorities.
They explore how a Target Operating Model (TOM) helps define why and how your IAM should work before deciding on technology. Patrick shares insights from real projects, explaining how to align business goals, processes, and governance to achieve long-term success.
Key Topics Covered:
✅ Why IAM projects often fail due to tool-first thinking
✅ How a Target Operating Model sets the foundation for IAM success
✅ The role of governance, people, and processes in effective IAM
✅ Real-world examples of aligning strategy and technology
✅ How to evaluate tools after defining your IAM capabilities
Are AI agents the future of cybersecurity or a threat to human expertise? In this episode of the KuppingerCole Analyst Chat, Matthias Reinwarth talks with Alexei Balaganski, Lead Analyst and CTO at KuppingerCole, about the rise of AI agents and their potential to reshape the cybersecurity landscape.
They explore how autonomous AI systems could fill the cyber skills gap, automate incident response, and even act as digital coworkers in SOC environments. But how far can we trust them—and will humans still have a place in the loop?
Key topics covered:
✅ What AI agents really are—and how they differ from traditional automation
✅ The role of AI in SOCs, incident response, and threat detection
✅ Can AI agents help close the cybersecurity skills gap?
✅ Risks of rogue or “hallucinating” AI systems
✅ Why access governance and identity management are critical for AI agents
✅ The future of cybersecurity jobs in the age of automation
Are we already living in a post-data privacy world?
Breaches are everywhere, data is constantly being leaked, and GDPR fines haven’t stopped surveillance capitalism or shady data brokers. In this episode of the Analyst Chat, Matthias Reinwarth is joined by Mike Small and Jonathan Care to explore whether privacy still has meaning — or if resilience and risk management are the only ways forward.
They debate:
✅ Is privacy truly dead, or just evolving?
✅Why regulations like GDPR often miss the mark ⚖️
✅How cyber resilience is becoming more critical than “traditional” privacy
✅The personal, societal, and legal dimensions of privacy
✅What organizations (and individuals) can still do to protect data
Ghost tapping is shaking up the payment security landscape, turning stolen card data into quick profit through NFC relay fraud. This emerging threat exploits digital vulnerabilities, making unauthorized taps at retail points seamless and undetected. Businesses and regulators must urgently rethink their defenses against this global attack vector that crosses digital and physical boundaries.
Read the original blog post here: https://www.kuppingercole.com/blog/ashford/ghost-tapping-a-new-front-in-identity-security-risk
Are KPIs and KRIs just compliance checkboxes, or can they truly prove the value of Identity and Access Management (IAM)? In this episode, Matthias Reinwarth and senior advisor Shikha Porwal explore how Key Performance Indicators (KPIs) and Key Risk Indicators (KRIs) can transform IAM from a technical function into a business enabler. They unpack the differences, the overlap, and how to make metrics relevant to both security and strategy. Expect real-world examples—from onboarding to MFA adoption—that show how measurement drives maturity and risk reduction.
Key Topics Covered:
✅ KPIs vs KRIs in IAM: what they are and how they differ
✅ Aligning IAM metrics with business goals and governance
✅ Onboarding & offboarding metrics for efficiency and risk reduction
✅ MFA adoption and help desk tickets as signals of IAM maturity
✅ Developer enablement and API adoption as success factors
✅ Mapping IAM indicators to risk frameworks and security posture
✅ Adapting KPIs/KRIs for non-human identities (NHI)
💡 If you’re working in IAM, identity governance, MFA strategy, or security architecture, this discussion will help you build meaningful metrics that prove value and strengthen your identity program.
Are IVIPs truly a new platform that organizations must adopt, or are they just old capabilities rebranded with fresh marketing spin? Today, Matthias Reinwarth and Martin Kuppinger dig into the latest acronym shaking up the IAM world: IVIP (Identity Visibility & Intelligence Platforms). We unpack the promises, the risks, and what IVIP really means for the Identity Fabric concept. Expect a critical take on buzzwords, vendor strategies, and what enterprises actually need to strengthen IAM maturity.
Key Topics Covered:
✅ What IVIP actually is and how it fits into IAM
✅ The connection between IVIP and the Identity Fabric approach
✅ Risks of marketing buzzwords in identity management
✅ When a new platform really brings value—and when it doesn’t
✅ What organizations should focus on instead of chasing hype
💡 If you’re working in identity, access governance, ITDR, IGA, or security architecture, this conversation will help you decide whether IVIP deserves a place in your roadmap—or if it’s just hype.
Identity and Access Management (IAM) is no longer a one-off project—it’s an ongoing journey. In this episode of the KuppingerCole Analyst Chat, Matthias Reinwarth is joined by Christopher (CISO & Lead Advisor) and Deniz Algin (Advisor) to explore how organizations can successfully apply the Identity Fabric concept.
How to evolve from legacy systems to a future-proof IAM strategy without breaking existing operations? Why interoperability matters? What are the most common pitfalls organizations face when trying to modernize IAM? Find the answer to these questions and more in this episode!
Key Topics Covered:
💡 Whether you’re just starting your IAM journey or looking to operationalize interoperability at scale, this episode is packed with practical strategies and lessons learned.