Identity + Security = Deciphered.

The Cyber Hut is a leading boutique industry research, analysis and advisory firm focused on
identity, access and cyber security technology.

Book 60 Min Analyst Inquiry

About Us

Welcome to The Cyber Hut – a boutique industry analyst and advisory firm, exclusively focused on the global identity and access management market.

Our mission is to help decipher the complex world of identity and access management technology and standards, by providing expert and impartial advice and research.

We work with a range of global clients, from vendors and industry practitioners through to venture capitalist investors and systems integrators, to help with their knowledge, understanding and due diligence on a range of subjects related to identity.

Why don’t you join us?

vendor intelligence

Analysis on solutions and products

training & enablement

Online and live training

ciso briefings

Architecture and design for industry leaders

opinion

Expert opinion on contemporary events

Introducing the FOSA Strategy –
Free Open Source Analysis

The Cyber Hut are industry specialists when it comes to identity and access management. We have contributed to industry standards. Worked for the largest vendors. Designed some of the world’s biggest identity platforms.  

We also want to break down the traditional model for understanding the market and technology for identity and access management.  Why don’t you join us?

Free Open Source Analysis

We provide the vast majority of our analysis and insights free as open source articles as well as our Signals Project – providing a view into a range of OSINT data points to help with vendor understanding.

The Week in Identity Podcast

The Cyber Hut runs a weekly podcast – aptly named “The Week in Identity” – where we take an industry analyst view of the latest identity and access management events, funding and conference news. 

CISO Briefings

We run regular CISO briefing webinars – where we take an impartial industry view of emerging technology trends or market sectors, distil them into bite-sized chunks to enable security and information leaders to make more informed technology decisions.

Trusted by Global Vendors, Integrators and Industry

The Cyber Hut has supported a range of vendor, buy side, integrator and investment clients to enhance their content, understanding and insight on the emerging identity and access management markets – through training, advisory, content and inquiry.

“The Cyber Hut is a partner in helping us build our strategy. They provide us with unique insights and custom services that help HYPR continue to lead the passwordless MFA market.”

Michael Rothschild

VP Product Marketing, HYPR

“Working with Simon and team on the consumer authentication webinar was great – they provided great inputs based on deep industry knowledge and and domain expertise.”

Gal Steinberg

VP Products, Sift / Keyless

“Simon at TCH is our go to point of contact for understanding the technical and business nuances of the emerging patterns in identity. Always clear, smart and insightful, but most importantly, trusted.”

Emily B.

Investment Analyst

“No faster way of getting into Consumer IAM, than by learning from the master himself. Great overview and best practices from Simon at The Cyber Hut. Recommended”

André Koot

Founder & Principal Consultant, SonicBee

“The Cyber Hut provides insightful guidance on identity security best practices that’s backed by industry experience and in-depth research. TCH has helped us better communicate to a more relevant audience consisting of both business and security-oriented professionals.”

Lani Leuthvilay

Senior Director, Product Marketing, PlainID

Latest Open Source Analysis, Events & Opinion

Opinion

Poll Result: What is Your Favourite Biometric Authentication Option?

by Simon M
on Jan 27
As part of The Cyber Hut's anecdotal community polls, we asked as an end user, what is your favourite biometric authentication option? The rise of device specific biometry to unlock our Android and iPhone based devices has increased in the last 3 years and many smart phone users will chose this over a basic PIN (albeit PIN is likely still needed after a hard reset).
Read more
News & Press Releases

Course Launch: Authentication Design & Management

by Simon M
on Jan 26
I'm proud to announce today, the latest addition to The Cyber Hut online and in-person identity and access management training courses: Authentication Design & Management.
Read more
Opinion

Poll Result: Which Identity Component Will Die in 2023?

by Simon M
on Jan 17
Each year a particular standard, component, model or approach within the identity and access management will be declared "dead" by expert commentators, startup vendors or just the bloke in the pub. As part of The Cyber Hut's Tuesday polls, I decided to test the water on this highly emotive topic before the Christmas holidays for our last poll of 2022.
Read more
News & Press ReleasesVendor

Introducing the IAM Radar: Curated Headlines and Comment on the Global IAM Industry

by Simon M
on Jan 10
Today I'm proud to announce the launch of The Cyber Hut's IAM Radar: a subscription based curated vendor intelligence report. Released monthly, the report tracks the top 6 vendors in the global identity and access management space, providing insight, impartial comment and analysis to empower those within industry, consultancy, vendor and investment communities.
Read more
Events

The Cyber Insurance Landscape & the Role of Passwordless MFA

by Editor
on Jan 9
Our first webinar of 2023, will take a look at the role of cyber insurance for the modern enterprise - the current growth in cyber insurance demand, how it can help protect an organisation and how it can be optimised - via reduced premiums and improved payouts.
Read more
Opinion

2022: A Year in Review

by Simon M
on Dec 19
I wanted to wrap up 2022, with an anecdotal look at some of the key facts and figures that made up the bulk of The Cyber Hut's interactions, research and community engagement over the past year. It has been a great year professionally and personally, yet parts of the world are still being ravaged by the pandemic, conflict, economic turmoil and the cost of living crisis. Hopefully 2023 can start to stabilise some of those broader problems we will undoubtedly all feel in the coming months. I want to take a retrospective look back at 2022 in numbers, adding in a few stories and comments as I go. I hope you enjoy it and thank you to all of the global identity and access management community who have engaged with The Cyber Hut over the past 12 months.
Read more
Opinion

The Network and Information Systems Regulations – The What and The Why

by Editor
on Dec 15
The next NIS-D directive is live in a second iteration and regulators of Critical National Infrastructure (CNI) across Europe are working to evaluate and adapt the directive to country specific regulations. Thus, the UK (through the Department of Culture Media & Sport) have issued their consultation outcome for regulation of managed service providers and updates to the NIS regulation.
Read more
Opinion

Poll Result: Would You Pay for Privacy?

by Simon M
on Dec 9
Two weeks ago we ran another of our LinkedIn polls, querying the cyber, identity and access management community around a perennial question the industry has yet to consistently provide an answer for - in both user behaviour and technical solutions - "would you pay for privacy?".
Read more
Opinion

Comment: US Department of Defense Zero Trust Reference Architecture 2.0

by Simon M
on Nov 25
Zero Trust has been with us for the best part of a decade - since the likes of the Jericho Forum, Google's Beyond Corp and ex-Forrester analyst John Kindervag have all promoted a view of moving the concept of "trust" from a location to a concept based on the identity, device and associated context. Version 2.0 of the US Department of Defence Zero Trust Reference Architecture has been cleared for public release and is a good, detailed read regarding an actual migration and implementation model. The document is available here.
Read more
OpinionVendor

Vendor Introduction: sgnl.ai

by Simon M
on Nov 16
An introduction to just in time, next generation authorization vendor sgnl.ai
Read more
Events

CISO Briefing: Next Generation Authorization

by Simon M
on Nov 11
Homegrown access control is limiting business agility - the ability to share data with those who need it, engage in joint ventures and B2B partnerships, protect PII and open up APIs to employees and customers alike. As such the market for authorization has increased substantially in the last 36 months. Funding rounds for the likes of Styra, PlainID and SGNL to name but a few indicate increased venture expectation that access control has a long tale of growth.
Read more
Opinion

Research Poll Results: Are All Identity Services Cloud Delivered?

by Simon M
on Nov 9
Over a 4 week period I asked the preferred deployment model option for four key identity and access management services: consumer identity, workforce access management, identity governance and administration and privileged access management. The results where subtle and nuanced.
Read more
Events

Future Identity: Panel on Mobile Authentication

by Editor
on Nov 3

Our founder Simon Moffatt will be moderating a panel at the Future Identity Festival in London taking place on November 14-15th.

Authentication is the pinch point for all B2E and B2C application, service and website interactions - allowing organisations to deliver secure experiences. However it has its challenges - requiring broad use coverage and inclusivity, privacy by design, adaptive threat protection and future proofing.

Read more
EventsOpinion

Authenticate 2022: A Review

by Simon M
on Oct 21
This week saw the FIDO Authenticate conference take place in Seatle. I attended via the virtual remote route, going through the vast majority of the sessions from the comfort of the office. A few items that stood out for me.
Read more
OpinionVendor

5 Questions to Ask Your Passwordless Authentication Vendor

by Simon M
on Oct 17

Passwordless authentication is often described as improving both the usability and security aspects of both the employee and customer identity journeys. Many approaches to passwordless have emerged over the last 5 years - including hardware, software, biometric and standards based initiatives.

In November 2021, The Cyber Hut released a 61 page buyer guide for passwordless authentication, describing the vendor capabilities, requirements, integration options, B2E and B2C use cases and planning recommendations for migration.

A brief snapshot of questions to consider, when engaging software based solution providers in this space is described here.

Read more
OpinionVendor

An Introduction to IDQL: A Language for Identity Orchestration

by Simon M
on Oct 14
Let us start with the basics. IDQL stands for Identity Query Language. The description given to it from the Hexa website (I'll come back to Hexa in a minute) is "Identity Query Language (IDQL) is a declarative access policy and set of APIs that enables the mapping of a centrally managed policy into the native format of multiple clouds and application platforms". The main initiator of the IDQL project is Strata who issued a press release back in May 2022 outlining the concept and idea. Strata is the "identity orchestration" company, that looks to solve the growing problem where identity and permissions data is being spread across a multi-cloud landscape - but somehow needs to be managed centrally in order to improve visibility and security.
Read more
Opinion

IAM Deployment Model Definitions

by Simon M
on Oct 7

Even as many organisations are moving to a "cloud first" strategy for the consumption of new applications and services, the cloud line is blurred. Not all services can be consumed in a pure cloud setting, and not all "clouds" are the same.

Any analysis in the popularity, options or strategy with respect to IAM deployment should be firmly based against a set of basic definitions.

Read more
Opinion

Poll: Where Will AI/ML Have The Biggest Benefit in IAM?

by Simon M
on Oct 5
Our latest LinkedIn poll on September 27th was focused on understanding the role and impact of artificial intelligence and machine learning (AI/ML) technology on the general identity and access management industry.
Read more
Events

IdentIT CIAM Track Day: Future Trends

by Simon M
on Oct 3
Last week I had the privilege of attending a consumer identity and access management day hosted by specialist CIAM consultancy IdentIT to deliver a key note presentation on the future trends of consumer IAM. Identity specialists, security leaders and enterprise architects gathered at the Circuit Zolder in Belgium for an afternoon of identity discussions, case studies and more importantly track racing on a former F1 circuit!
Read more
OpinionVendor

What is Styra Run?

by Simon M
on Sep 29
Styra, the team behind "Cloud Native Authorization" recently announced a few feature called "Styra Run". Their launch blog back in July described Run as being "a new holistic approach" to authorization. But that is trying to solve? Styra are behind the popular Open Policy Agent - a policy driven decision engine for authorization in cloud native environments. Whilst likely OPA is focused on the protection of infrastructure (think containerized ecosytems) it is also used for protecting APIs and custom applications. The developer-first angle sees a dedicated rule language and the storage of policy data in files. The OPA project on github has over 7000 stars.
Read more
Opinion

Poll: Why Are We Not Using Passwordless?

by Simon M
on Sep 27
In the last 3 years or so, we have seen huge interest in the need to improve authentication techniques, that deliver a passwordless MFA experience. What is stopping adoption?
Read more
Opinion

Authorization: Why Now & What Next

by Simon M
on Sep 2
Security starts when authentication ends. It's a line I have used a few times over the years as it is one I actually quite believe in. In an era where firewalls are derided as being pretty toothless in the fight against omnipresent complex cyber attacks - and the concept of trusted networks quite rightly become obsolete in the world of "zero trust" - it always seemed odd to me, to put such a large emphasis on stringent authentication services. Clearly authentication is hugely important don't misunderstand, but my point really was that authentication (even with a strong MFA component) becomes less relevant if a) it is not continuous and b) not part of a more holistic approach focused on the access control of services, data and APIs.
Read more
Events

Externalization of Authorization Policy: Build -v- Buy

by Editor
on Sep 1

Join our founder Simon Moffatt on September 15th where he will join PlainID on a discussion around external authorization platforms.

The modern digital native enterprise is facing a number of emerging and incumbent challenges - from increased competition and demand for a more agile service deployment model through to needing the ability to share more data to more people, all under a competing climate of increased security threats coupled with a lower risk appetite.

Read more
Opinion

Identity Trust: The Seen and Known Matrix

by Simon M
on Aug 25
Trust within the identity world is a huge priority. Trust regarding the on-boarding and registration of external users via proofing (think assurance levels using identity validation and verification techniques) right through to creating trust labels for employees in order to monitor for malicious activity - that is either driven by external threat actors, insider threat or just unintentional bad user behaviour.
Read more
Events

Authentication Within FSI: Now and Next

by Editor
on Aug 1

Join our founder Simon Moffatt along with Michael Rothschild VP of Product Marketing at HYPR on August 22nd, where they'll be taking a look at authentication within the global financial services industry.

In this industry fireside chat webinar, Simon and Michael will take a look a the current challenges and opportunities that exist within the financial services industry as it pertains to authentication.

Read more

Signup For New Content Releases

Registered in England & Wales as TCH Research Ltd 13188456.

Registered Office: 7 Christie Way, Christie Fields, Manchester, M21 7QY, UK

Email: info@thecyberhut.com

© 2021 - 2023 The Cyber Hut.