KuppingerCole - Experts & Thought Leaders

Thales, the pioneering global technology and security provider, announced Passwordless 360°, a new concept for passwordless authentication that offers Thales customers the broadest coverage of passwordless functions across multiple types of users and assurance levels. Passwordless 360° has the flexibility to let companies use the latest technologies like FIDO passkeys, while also making the most of previous investments they might have made in passwordless technologies. End users are increasingly frustrated with the number of passwords they’re asked to use, as well as the rules in place around their complexity. With the average person having as many as 100 to manage, users seek workarounds to get by – choosing passwords that are easier to remember or reusing the same password across multiple services. Individual risk management requirements Passwordless 360° equips a full set of tools that let organisations use passwordless authentication Passwordless 360° provides a complete set of tools that let organisations use passwordless authentication across a wide range of applications-from secure access to personal and work devices, to legacy and modern web resources. This helps keep the costs of making the move to passwordless down by being able to use one system – as well as increasing the likelihood that employees, customers and suppliers will use it. By removing the need to use traditional passwords it also eliminates the associated security risks through theft and phishing. Passwordless 360° can also meet the individual risk management requirements an organisation might have, adhering to NIST requirements no matter where the passkeys are stored. Passwordless 360° concept Sitting alongside the existing Thales OneWelcome Identity Platform that serves as the foundation for passwordless policies, the Passwordless 360° concept includes: Support for passkeys in the OneWelcome Identity Platform Passwordless Windows Logon, a true passwordless user experience that replaces passwords with ways for users to identify themselves, offering convenience and security benefits. SafeNet FIDO Key Manager, a way of helping users manage the several FIDO keys they might be using themselves, reducing administration costs for organisations. FIDO Authenticator Lifecycle Management, developed in partnership with identity management software company Versasec. This tool lets organisations manage FIDO tokens and lets larger enterprises make the move to the modern FIDO standard at the scale needed. Range of authentication methods The announcement comes as Thales has been named an Overall, Product, Innovation and Market Pioneer in KuppingerCole’s latest Leadership Compass on Passwordless Authentication for Consumers, with the platform praised for offering a versatile set of identity applications encompassing a wide range of authentication methods to meet organisations’ needs. Alejandro Leal, Research Analyst at KuppingerCole commented: “Overall, Thales offers a comprehensive solution that enables organisations to improve their identity management practices, adapt to evolving technologies, and effectively secure their systems and data. Organisations in highly regulated industries and security-conscious organisations in both the public and private sectors that require strong authentication options should consider the OneWelcome Identity Platform.”

One Identity, a pioneer in unified identity security, announced the general availability of One Identity Cloud PAM Essentials. This innovative SaaS-based solution will simplify privileged access management (PAM) across the enterprise, with a specific focus on cloud applications and infrastructure. The surge in cloud migration, coupled with the expansion of the attack surface and the growing sophistication and frequency of cyberattacks, underscores the critical need for effective PAM solutions. By tightly controlling and auditing access to privileged accounts, PAM plays a pivotal role in bolstering an organisation’s security posture and mitigating identity-based attacks. Comprehensive PAM solutions 78% of them view comprehensive PAM solutions as integral to their cybersecurity strategy Mark Logan, CEO of One Identity, emphasised the distinct advantage of PAM Essentials: “Unlike existing solutions in the market that often entail long and costly deployments, PAM Essentials can be up and running in minutes, without the need of additional infrastructure investments. This solution can save customers thousands of dollars on implementations, making sophisticated PAM security attainable for even the smallest of organisations.” Small and mid-sized businesses, which often grapple with limited IT resources, stand to benefit significantly from this solution. According to KuppingerCole, 78% of them view comprehensive PAM solutions as integral to their cybersecurity strategy. Cyber insurance requirements “The market has been in dire need of a cloud-based solution for Privileged Access Management that is easy to deploy and suitable for small and mid-sized businesses,” said Paul Cameron, Chief Revenue Officer at Intragen. “Many companies are struggling with audit failures and the inability to obtain cyber insurance due to insufficient control over administrator access users. PAM Essentials goes beyond a traditional on-premises solution; it aids in compliance and industry-specific standards, a crucial step in meeting cyber insurance requirements.” New disclosure requirements PAM Essentials empowers security teams with robust controls, ensuring only authorised individuals With its exceptional time-to-value and streamlined management interface, PAM Essentials empowers security teams with robust controls, ensuring only authorised individuals can gain access to sensitive systems and data. The solution provides full visibility into user activities, facilitating proactive risk management through an intuitive user interface. Brian Chappell, head of product at One Identity, highlighted the solution’s alignment with evolving compliance standards and cyber insurance requirements, stating: “In light of the SEC’s new disclosure requirements and increasingly stringent cyber insurance requirements, PAM Essentials equips businesses to adapt seamlessly. Our goal with PAM Essentials is to provide a scalable, user-friendly solution that instils confidence and peace of mind amidst the dynamic cybersecurity landscape.” Key features of PAM Essentials Key features of PAM Essentials include:  Cloud-native PAM functionality: Remote and hybrid security teams can access cloud applications and resources with ease. Sessions-based privileged access: User sessions are monitored, controlled and recorded with remote access via SSH and RDP. Privileged session recording: Structured audit logs, protocol proxy session recordings and isolation of user sessions create a strong forensic trail tracking potential threats. Secured credentials management: Central orchestration of auto-login, timely rotation of passwords and vaulting of local server accounts passwords reduce the risk of unauthorised access. Secure tunnel technology: Eliminates the complexities of traditional network access solutions - with no VPN needed - by being built on zero-trust architecture. Native integration with OneLogin: Extended unified access management via centrally managed PAM Essentials is enabled for OneLogin customers. Flexible: Users can quickly and effectively integrate existing directories and authentication controls.

Delinea, a pioneering provider of solutions that seamlessly extend Privileged Access Management (PAM), announced a definitive agreement to acquire Fastpath, a pioneer in Identity Governance and Administration (IGA) and identity access rights. This strategic move follows Delinea's recent acquisition of Authomize and marks a significant expansion in Delinea's capabilities to enhance privileged access, controls, and governance, reducing organisational cybersecurity risk and ensuring compliance. User access and privileges By incorporating Fastpath’s expertise, Delinea is poised to offer a robust, AI-driven authorisation security platform making Delinea the definitive source for managing authorisation across infrastructure, applications, and data, providing unmatched insights and control over user access and privileges. Delinea is poised to offer a robust, AI-driven authorisation security platform making “This strategic acquisition by Delinea heralds a new era in identity security, establishing pioneering standards for Privileged Access Management in an increasingly digital and interconnected world, where cybersecurity challenges are constantly evolving,” said Art Gilliland, CEO of Delinea. “The addition of Fastpath will empower the Delinea Platform to dynamically control authorizations by assessing user risk. This advanced approach is crucial for securing modern, distributed environments across infrastructure, applications, and data." Authorisation and policy models  In a landscape, dominated by Infrastructure-as-a-Service and SaaS applications, organisations face a growing attack surface and challenges in managing data and identity sprawl. The combination of Fastpath with Delinea is timely, addressing these challenges head-on. It equips Chief Information Security Officers (CISOs) and their teams with advanced tools for managing the complex interactions between privileged users and corporate data.  "The challenge that CISOs are struggling with is that identities are increasingly decentralised, but that leaves a lot of open gaps for authorisation," said Martin Kuppinger, founder and Principal Analyst at KuppingerCole. "Authorisation and policy models need to be managed and more centralised, especially as privileged users are not limited to traditional admins but expand to line of business users. Solving the challenge of centralising, orchestrating, and automating authorisation is critical to effectively reduce risk and mitigate threats in decentralised environments spanning all identities." Fastpath's IGA capabilities Delinea is uniquely placed to offer profound insights and control mechanisms over user access Combining Fastpath's IGA capabilities with Authomize's Identity Threat Detection and Response (ITDR) technology, Delinea is uniquely positioned to offer profound insights and control mechanisms over user access.  This integration not only identifies overprivileged access and potential threats but also facilitates automated remediation through intelligent access controls, significantly enhancing data security and compliance. “There is a powerful synergy between Fastpath and Delinea,” commented Charles Snellgrove, CEO of Fastpath. Set of security challenges Snellgrove added: "In today's landscape, business pioneers face a complex set of security challenges. By bolstering capabilities to enhance privileged access, controls, and governance, organisations can effectively mitigate cybersecurity risks. The collaboration between Fastpath and Delinea marks a transformative milestone in identity security, offering unparalleled insights and control over user access and privileges." The acquisition is subject to customary closing conditions including regulatory review. Fastpath, a Pamlico Capital portfolio company since 2020, was represented by Raymond James.

These days, business is more collaborative, adaptable and connected than ever before. In addition to offering new identities and access privileges, new applications and data also increase the attack surface available to cyber criminals, hacktivists, state actors and disgruntled insiders. These new identities need to be handled carefully. CISOs must develop an identity management strategy that is consistent across on-premises, hybrid and cloud systems. Good security is built on solid identity governance and administration (IGA) principles. From ransomware to supply chain intrusions, high-profile cybersecurity events frequently take advantage of weak identity and access management procedures. The Identity Defined Security Alliance found that 84% of organisations experienced an identity-related breach during its one-year study period. Robust IGA system Consequently, organisations need to find best-of-breed solutions for each section of the fabric Some of the most well-known cyber-attacks have not been made possible by a nation-state exploiting a remote zero-day vulnerability; rather, they have been made possible by something as basic as a hacked orphaned account. This resulted in lateral movement from an insecure platform to a high-value system, illegitimate privilege escalation or unsanctioned access to a computer system. To safeguard against such attacks, organisations must be aware of who has access to their systems and apps, and guarantee that access is revoked when it is no longer required. Here, a robust IGA system is helpful. It is not the whole picture, though; IGA is part of a larger identity fabric. A report by KuppingerCole noted that “Identity Fabrics are not necessarily based on a technology, tool or cloud service, but a paradigm for architecting IAM within enterprises.” The report pointed out that the paradigm is created using several tools and services. That’s because, contrary to marketing claims, no one vendor has a platform that provides all the needed elements. Consequently, organisations need to find best-of-breed solutions for each section of the fabric. Threats to the new corporate landscape Due to their exclusion from the corporate firewall and the security culture that comes with working on-site, remote employees and third parties are desirable targets for hackers. The transition to online office suites is another vulnerability that hackers are taking advantage of–for instance, through bogus authentication login dialogues. Additionally, hackers are using technologies like machine learning and artificial intelligence to circumvent current security tactics. A cyberattack powered by AI will imitate human behaviour and develop over time. Even publicly available information might be used by this "weaponised AI" to learn how to get past a target’s defences. CISO and the business users Attackers will finally find an entryway, but firms can protect the new perimeter–their identities It's no longer possible to secure the traditional perimeter. Attackers will eventually find an entryway, but businesses can protect the new perimeter–their identities. To defeat these threats, organisations must look again at identity and access management tools and how they are weighed against the impact on the organisation. Should you mandate multi-factor authentication (MFA) more often and earlier? Should only company-owned devices have access to networks, or should access be restricted to specific business hours or regions? Should access to sensitive information and critical systems be given just temporarily or should it be offered on a task-by-task basis? Both the CISO and the business users they assist should be asking these questions. Staying ahead of threats with identity Access control limits decrease dangers but can come with a cost. If you give your users too much access, your organisation becomes susceptible; if you give them too little, productivity suffers. But there are ways to strike a balance with security, compliance and productivity. More CISOs are turning to Zero Trust–which is based on the principle of maintaining strict access controls and not trusting anyone by default–to protect their systems from new attack types. However, Zero Trust is reliant upon having a thorough and baked-in strategy that underpins it.  Other actions that companies can take include implementing automation for identity management, such as automating workflows for approval. This would significantly lessen the administrative burden and friction that security solutions like multifactor authentication (MFA) or time-restricted access to critical systems have on business users. This might include restricting access to particular devices, capping access hours during the day or enforcing MFA based on user behaviour. Identity fabric: Putting it all together Make sure your identity architecture is scalable, secure, and provides a seamless user experience These are just two elements of the identity fabric approach. Most organisations today have implemented pieces of an identity fabric, which is basically an organisation’s identity and access management (IAM) infrastructure and typically includes a mix of modular IAM solutions for multi-cloud and/or hybrid environments. Now, organisations need to define, enhance and develop this infrastructure. They must also institute guiding principles for how it should operate, meet current and future business requirements as well as identity-related cybersecurity challenges. In doing so, businesses can move past identity platforms and adopt an identity fabric perspective. The key is to make identity governance the starting point of your identity fabric strategy, ensuring seamless interoperability within your identity ecosystem. Make sure your identity architecture is scalable, secure, and provides a seamless user experience. Aligning security with business Due to the increase in knowledge workers using the cloud and working remotely, attackers are focusing on this group. These employees are easier to compromise, give access to valuable data and offer more attack targets. Knowledge workers also lack an administrator’s level of security expertise. Therefore, as part of their security fabric strategy, enterprises require a scalable IGA system. It is easier to comply with security and access regulations and takes less time for IT teams to do normal administrative activities when they invest in IGA, a crucial tenet of identity security. CISOs and boards, though, are currently looking at more than identity management. IGA is at the centre of the debate about security and governance. Taking an identity fabric-based approach, with a foundation built on modern, cloud-based IGA, will safeguard identities, increase productivity, and make staff adherence to organisational procedures easier.