KEY AREAS FROM ANALYSIS TO COMPLETION KuppingerCole Analysts‘ Advisory Services comprise four well-integrated focus areas, which together provide a comprehensive range of services desig-ned to assistyou in meeting your requirements and achieving your goals.

� BENCHMARK & OPTIMIZATION

� STRATEGY SUPPORT

� ARCHITECTURE & TECHNOLOGY SUPPORT

� PROJECT GUIDANCE

KUPPINGERCOLE ANALYSTS ADVISORY SERVICES COMPREHENSIVE KNOWLEDGE THROUGH CUR-RENT RESEARCH, A GLOBAL VIEW THROUGH INTERNATIONAL POSITIONING, INTENSE BUT NEUTRAL COMMUNICATION WITH ALL MARKET PARTICIPANTS AND STANDARDIZED WORKING PRACTICES IN LINE WITH EXTENSIVE EXPERIENCE: THIS DEFINES KUPPINGERCOLE ANALYSTS‘ ADVISORY SERVICES.

KuppingerCole is an independent analyst company that provides advisory services with a focused strategy. Our core competence are lean, efficient advisory projects with a well-proven approach.

Our advisory clients benefit from the expertise of an experienced and demonstrably successful ana-lyst company. On this foundation, we support you in identifying and defining strategic solutions for your challenges, which include:

� Improve market position

� Increase security levels and minimize business risks

� Establish new business models

� Increase efficiency and reduce infrastructure costs

� Establish a safe and compliant cloud strategy

� Achieve a sustainable and compliant approach to regulatory requirements

KuppingerCole Analysts are your trusted advisors to ensure your competitiveness and increase your potential.

6© 2019 KUPPINGERCOLE ANALYSTS AG5 © 2019 KUPPINGERCOLE ANALYSTS AG

KUPPINGERCOLE ANALYSTS ENDUSER ADVISORY-PRODUCTS

REGULATORY COMPLIANCE

ARCHITECTURE DESIGN & REVIEW

BUSINESS REQUIREMENTS

& VALUE

VAIT CIAMTECHNO-

LOGY ROADMAP

BAIT CYBER SECURITY

IT GOVERNANCE

ROADMAP

PSD2 IAM STRATEGIC DEVELOPEMENT

GDPR PROCESS MATURITY

BENCH- MARKING

BEST PRACTICES IAM PROCESSES

STRATEGY REVIEW

MATURING & OPTIMIZATION

VENDOR SELECTION &

CHOICE OF TOOLS

SPOTCHECKS

OPERATIONAL EFFICIENCY

CLOUD RISK &

CONTROLS MATRIX

ARCHITECTURE BLUEPRINT

MONITORING

PROCESS FRAMEWORKS

INVESTMENT ROADMAP

A clear understanding of the scope and maturity of the defined processes, of the implemented systems and the IAM organization

A well thought-out strategy provides conclusive answers to future chal-lenges and thus helps to significantly shorten decision-making processes

A clear and consistent vision guiding in the development of IT archi-tectures and the selection of technologies, suppliers and products

Support in implementation projects by neutral assessment of the status or by project management on behalf of the client

8© 2019 KUPPINGERCOLE ANALYSTS AG7 © 2019 KUPPINGERCOLE ANALYSTS AG

step one

step two

step three

step four

step five

EVALUATION AND FURTHER DEVELOPMENT

Analysis of the status quo

Identification of potential for improvement and

strategic advancement

Future-proof

ASSISTANCE IN DEFINING

LONG-TERM BUSINESS BENEFIT

Business Value on qualitative level

Quantitative evaluation

SUPPORT IN ARCHITECTURAL

DESIGN

Capabilities

Building blocks

Technological Roadmap

SUPPORT WITH THE SELECTION OF

SUPPLIERS AND TOOLS

Standardized approach, from requirements’

definition to Rfl and PoC

COACHING IN SUBSEQUENT DEPLOYMENT

PHASES

Ensuring and maintaining a successful

implementation, both now

and in the future

advisory phases

10© 2019 KUPPINGERCOLE ANALYSTS AG

A CLEAR UNDERSTANDING OF THE SCOPE AND ADE-QUACY OF THE DEFINED PROCESSES, IMPLEMEN-TED SYSTEMS AND THE ORGANIZATION IN WHICH THEY ARE EMBEDDED IS AN INDISPENSABLE BASIS IN MANY ADVISORY SITUATIONS.

This also enables a comparison with peer organizati-ons and a position determination with regard to cor-porate goals, compliance requirements and the de-gree of efficiency and cost-effectiveness achieved.

Forward-looking teams and organizations apply benchmarking for various criteria of their business processes. To achieve this, a neutral and indepen-dent rating of the level of maturity and adequacy of established processes and implemented technolo-gies is essential.

On the basis of such benchmarking, gaps can be de-tected, recommended or required operational mea-sures can be identified. Subsequently, long-term strategies can be defined and form the basis to initi-ate overarching strategic programs.

KuppingerCole Analysts provides benchmarking and optimization services in a wide range of areas (infrastructure, applications, organization or ope-rations), including Identity and Access Management (IAM), Consumer Identity and Access Management (CIAM), an organizations’ overall readiness for regulatory requirements like GDPR or PSD2, or an organization‘s entire Cybersecurity approach.

KuppingerCole Analysts‘ Reviews & Benchmarking and Readiness Assessments are proven, standard-ized methodologies which allow organizations to understand their status quo in a defined area and/or what they are required to do before entering a new field or technology as well as how to meet regulatory requirements.

12© 2019 KUPPINGERCOLE ANALYSTS AG11 © 2019 KUPPINGERCOLE ANALYSTS AG

READINESS ASSESSMENT PROGRAM – GDPR (EU GENERAL DATA PROTECTION REGULATION)

In 2018, the EU GDPR came into force. From this date forward, the requirements for managing per-sonal data have changed substantially, introducing extended data subject rights and new and modified obligations for organizations. Our GDPR Readiness Assessment offers a standardized, comparable and lean approach to rate the readiness of your organi-zation for the EU GDPR from an organizational, tech-nical and legal perspective.

CLOUD RISK ASSESSMENT

Understanding the risk exposure of cloud services and achieving transparency to these risks towards the organization, the data and service owners is the key challenge for many organizations.

The KuppingerCole Analysts Cloud Risks and Controls Matrix (CRCM) is both a toolkit and a compendium for assisting cloud customers in assessing the overall security risk resulting from the deployment of services in the cloud. This includes moving exis-ting services into cloud infrastructure and creating new cloud-based or hybrid services for the digital era. The CRCM provides a standardized and repea-table methodology for the assessment of cloud ser-vices and their risks.

The KuppingerCole Analysts CRCM supports the understanding of the risk posture of organizations and their cloud solutions in identifying and imple-menting adequate measures to mitigate these risks while supporting organizations in taking the next steps to meet regulatory and legal requirements.

REVIEW AND BENCHMARKING PROGRAM – CYBERSECURITY

Cybersecurity requires a holistic approach across the organization, the network and third-party networks to contain and mitigate cybersecurity threats.

The assessment shows you whether your program is adequate to defend your company against attacks and to meet future requirements. Review & Bench-marking Program builds upon and extends the well-known NIST-areas, making it the premium toolset for fast and reliable assessments.

READINESS ASSESSMENT PROGRAM – PSD2 (EU PAYMENT SERVICES DIRECTIVE)

The finance industry is facing profound change with the introduction of PSD2, that came into force in 2018. The European Commission’s revision of the Payment Services Directive comes with a significant set of new requirements for financial institutions, both with and without banking license. Our PSD2 Readiness Assessment helps you to understand whether your organization is well-prepared for the PSD2 and identifies necessary actions.

The organizations’ maturity/readiness is rated from a business, IT and, if applicable, a legal perspective. The neutral and independent overall maturity/rea-diness level is determined across a comprehensive catalogue of about twelve organizational and techni-cal core areas of interest and compared with similar organizations.

REVIEW AND BENCHMARKING PROGRAM – IDENTITY AND ACCESS MANAGEMENT

The IAM The IAM Review & Benchmarking Assess-ment evaluates the current status of an organiza-tions’ Identity & Access Management and shows whether your existing structures will meet future requirements. The program determines the overall maturity level across a comprehensive catalogue of organizational and technical core areas of interest, compared with similar organizations and includes an action plan as well as recommendations for the IAM target architecture.

ANALYSIS ANALYSIS

AS IS

CONTRACTUAL NEGOTIATION

INTERNAL INVESTMENT

TERMINATION

RISK ACCEPTANCE

RECOM- MENDED

CONTROLS

ADDITONIAL FEATURES

INTERNAL CONTROLS

REVIEW INHERENT

RISK

IMPACT: HIGH

PROBA- BILITY: HIGH

ASSURED RISK

IMPACT: HIGH

PROB- ABILITY: MEDIUM

CERTIFI- CATIONS

ADDITIONAL CONTROLS

PROCESSES

VENDOR INFORMA-

TION

THE CRCM ASSESSEMENT PROCESS

ADDITIONAL ASSURANCES

INFRA- STRUCTURE

14© 2019 KUPPINGERCOLE ANALYSTS AG

Strategy Support

A WELL THOUGHT-OUT STRATEGY PROVIDES CLEAR ANSWERS TO FUTURE QUESTIONS AND THUS HELPS TO SIGNIFICANTLY SHORTEN DECISION- MAKING PROCESSES.

A central area of KuppingerCole Analysts Advisory Services is support in defining corporate strategies. Strategies include the anticipation of future decisions, because a clear and well-thought-out strategy pro-vides answers to future questions and thus helps to significantly shorten decision-making processes. This is particularly evident in the development of strategies that define business processes and their representation in systems and architectures.

Strategies define the use of resources, i.e. to achieve the best result with limited resources with a view to defined goals and recognized constraints.

Depending on requirements, scope and focus, the form and extent of the results to be achieved by KuppingerCole Analysts „Strategy Support“ Advisory Services can vary. Typical results are a (partial) IT strategy, including the draft definition of an imple-mentation program and model projects. In other cases, such results represent the decision temp-late or the management level communication for a company‘s personnel, budget and investment plan-ning.

KuppingerCole Analysts has successfully supported many companies (including several DAX 50 com-panies) in the development of strategies and their program implementation.

BUSINESS REQUIREMENTS AND BUSINESS VALUE

Achieving the enterprise objectives relies on a thorough understanding of the business requi-rements. Delivering business value requires the definition of products and services hand-tailored to the market needs and the individual strengths and opportunities of an organization.

KuppingerCole Analysts assists in defining scope and requirements, understanding an organization’s challenges, its assets and its unique market position.

INVESTMENT ROADMAPS

Based on sector-specific know-how, well-defined requirements specifications and value propositions together with deep insights into adequate enterprise IT strategies, KuppingerCole Analysts assist in iden-tifying individual strategies for building up proces-ses, systems and infrastructures. By combining the aspects of risk-awareness, cost-effectiveness and business efficiency, organizations are supported in defining investment roadmaps.

16© 2019 KUPPINGERCOLE ANALYSTS AG

A CONCISE AND CONSISTENT VISION IN THE DEVELOPMENT OF IT ARCHITECTURES AND THE SELECTION OF TECHNOLOGIES, VENDORS AND PRODUCTS.

This area of KuppingerCole Analysts Advisory Services falls into two separate, but closely related parts: Architecture Design and Vendor Selection & Choice of Tools.

KuppingerCole pursues a clear and stringent vision for the development of IT architectures and techno-logy selection: the actual product decisions are at the end of a clearly defined process. The starting points are the documentation and recording of the requirements and framework conditions that are relevant for the provision of the services achieved. On this basis, exemplary usage scenarios are defi-ned that describe the system to be implemented as comprehensively as possible. In accordance with es-tablished modelling methods, capabilities & building blocks are derived, which are subsequently used in the actual composition of the architecture blueprint.

At that point, capabilities and architectural blocks are mapped to potential IT systems. Thus, a clear di-viding line between architecture design and system selection can be drawn.

18© 2019 KUPPINGERCOLE ANALYSTS AG17 © 2019 KUPPINGERCOLE ANALYSTS AG

Reviews can be executed as one-off exercises at cru-cial project milestones or for an existing, productive platform. They can be continuously applied to ongo-ing projects for achieving current improvements in efficiency and solution maturity. Executing reviews as part of know-how transfer processes to CIOs or other senior management staff leads to immediate and actionable results while empowering the C-level.

VENDOR SELECTION & CHOICE OF TOOLS

KuppingerCole „Vendor Selection & Choice of Tools” Advisory Services represent a clearly defined scope of services for a standardized and quality-assured selection of manufacturers, software and implemen-tation partners. Based on existing requirements, limitations and the architectural concept, potential providers and their product offerings are mapped to identified building blocks. This includes the definition of long list and short list providers, the provision and adaptation of RfI/RfP questionnaires and ana-lysis tools as well as optional support in evaluating the implementation of proof of concept (POC) imple-mentations as a basis for a product decision.

Clients benefit substantially from KuppingerCole’s strong research background with in-depth coverage of a wide range of market segments while maintai-ning vendor neutrality. For several years, our Lea-dership Compass documents have been recognized as prestigious tools that provide an overview of a specific IT market segment, a market survey and de-termine leadership in that segment. It is the Leader-ship Compass that assists decision makers in iden-tifying appropriate vendors and products for their projects. All knowledge gained through our exten-sive research contributes to the success of our pro-jects and guarantees a lean and efficient approach.

ARCHITECTURE DESIGN & REVIEW

KuppingerCole Analysts support state-of-the-art, individualized architecture design. Well defined IT architectures are the foundationl to an adequate implementation of business processes. To achieve this, organizations need to transform requirements definitions and use case scenarios into an appropria-te definition of capabilities, interfaces, services and finally into a well-thought-out, resilient and sustai-nable concept of architectural building blocks. Kup-pingerCole supports all steps to develop deliverab-les like long-term roadmaps, technical architectures and high-level architecture blueprints.

A risk-based approach is embedded into the entire architecture design, so that criteria such as busi-ness, security, regulatory or privacy risks but also sustainability, cost effectiveness or efficient and consistent migration strategies are reflected in fu-ture-proof architecture designs. This includes stra-tegic definitions and a risk-based assessment for architecture deployment models between cloud ser-vices, on-premises deployments and hybrid approa-ches.

An important part of KuppingerCole advisory work is the review and assessment of existing concepts, systems and architectures. By providing an indepen-dent and objective second opinion, KuppingerCole Analysts assist by verifying correctness and com-pleteness of targeted or already implemented solu-tions, or by identifying gaps and challenges, be they functional, technological or from a requirements point of view. To get from the analysis to actionable results, findings are reviewed and then leveraged as the basis for prioritized recommendations to sup-port in the definition of immediate action plans and long-term strategies and programs.

choice of tools 1. requirements

Analysis

2. long list short list definition

3. rfi / rfp support

5. vendor selection support

7. poc: execution assessement

6. poc: usecase defintion

4. vendor presentation preparation & execution support

20© 2019 KUPPINGERCOLE ANALYSTS AG

SUPPORT IN THE EVALUATION AND MANAGEMENT OF IMPLEMENTATION PROJECTS OVER TIME (ONE-TIME OR SCHEDULED).

The actual execution of projects, especially IT projects can vary substantially in quality and time-liness. KuppingerCole Analysts “Project Guidance” Advisory Services provide support in assessing and managing implementation projects over time.

Project guidance can take the form of a one-off spot check of a running project (either planned or due to obvious performance issues), to identify and trace gaps, scheduling problems, quality shortcomings, communication issues or other obstacles. Such a spot check typically leads to a gap analysis, recom-mendations for next steps and, if necessary, sugge-stions for more substantial measures.

Long term projects or programs typically require continuous, regular and sustainable project guidan-ce, which comes at defined project steps or on de-mand/scheduled.

22© 2019 KUPPINGERCOLE ANALYSTS AG21 © 2019 KUPPINGERCOLE ANALYSTS AG

www.kuppingercole.com

REACH OUT TO KUPPINGERCOLE

ANALYST´S ACCOUNT MANAGEMENT

TO EXPLORE DIFFERENT OPTIONS

CONTACT YOUR ACCOUNT MANAGER OR

SALES@KUPPINGERCOLE.COM

ACCOUNT MANAGER Katharina Gebru P: +49 | 0211 - 23 70 77 - 17 E: kg@kuppingercole.com

ACCOUNT MANAGER Wendy Wissink P: +49 | 0211 - 23 70 77 - 18 E: ww@kuppingercole.com

ACCOUNT MANAGER Thomas Steinmayer P: +49 | 0211 - 23 70 77 - 28 E: ts@kuppingercole.com

ACCOUNT MANAGER Michael Buerger P: +49 | 0211 - 23 70 77 - 32 E: mb@kuppingercole.com

ACCOUNT MANAGER Sven Harth P: +49 | 0211 - 23 70 77 - 49 E: sh@kuppingercole.com

ACCOUNT MANAGER Linda Dietsche P: +49 | 0211 - 23 70 77 - 20 E: ld@kuppingercole.com

ACCOUNT MANAGER Kerstin Bienhaus P: +49 | 0211 - 23 70 77 - 36 E: kb@kuppingercole.com

FOUNDER / PRINCIPAL ANALYST Martin Kuppinger P: +49 | 0211 - 23 70 77 - 55 E: mk@kuppingercole.com

LEAD ADVISOR / SENIOR ANALYST Matthias Reinwarth P: +49 | 631 - 35 79 00 43 E: mr@kuppingercole.com

LEAD ANALYST Alexei Balaganski P: +49 | 0211 - 23 70 77 - 24 E: ab@kuppingercole.com

ADVISOR Richard Hill P: +49 | 211 - 23 70 77 - 0 E: rh@kuppingercole.com

LEAD ANALYST Anmol Singh P: +49 | 6502 - 92 45 E: as@kuppingercole.com

LEAD ANALYST John Tolbert P: +49 | 211 - 23 70 77 - 0 E: jt@kuppingercole.com

ABOUT KUPPINGERCOLE ANALYSTS

EUROPE’S LEADING ANALYSTS ON THE TOPICS OF INFORMATION SECURITY IN THE ERA OF DIGITAL TRANSFORMATION

KuppingerCole Analysts, founded in 2004, is an international and independent Analyst organization

headquartered in Europe. The company specializes in offering neutral advice, expertise, thought

leadership and practical relevance in Information Security, Identity & Access Management (IAM),

Governance (IAG), Risk Management & Compliance (GRC) as well as all areas concerning the

Digital Transformation. KuppingerCole Analysts supports companies, corporate users, integrators

and software manufacturers in meeting both tactical and strategic challenges. Maintaining a balance

between immediate implementation and long-term viability is at the heart of KuppingerCole Analyst’s

philosophy.

KUPPINGERCOLE ANALYSTS AG

sales@kuppingercole.com www.kuppingercole.com

P: +49 | 211 - 23 70 77 - 0 F: +49 | 211 - 23 70 77 - 11

Wilhelmstraße 20 – 22 65185 Wiesbaden | GERMANY