KuppingerCole - Experts & Thought Leaders

Regula, a global developer of identity verification (IDV) solutions and forensic devices, has been recognised in the 2025 Gartner® Magic Quadrant™ for Identity Verification research. For the company, this recognition marks the outstanding capabilities of Regula’s IDV software and its ability to meet the current market needs. Gartner recognised Regula as a Niche Player.  Data security requirements It's a complete IDV solution, based on Regula Document Reader SDK and Regula Face SDK Regula excels with its ultimate data control capabilities. Its complete IDV solution, based on Regula Document Reader SDK and Regula Face SDK, is deployed entirely in the customer’s infrastructure.  This enables businesses to maintain full control over ID and biometric data residency and processing, which is critical for organisations operating in regions or industries with stringent data security requirements. IDV software solution   Also, thanks to the scientific and forensics-focused approach, Regula provides industry-pioneering verification of document security features.  With its recent update, Regula Document Reader SDK has become the first IDV software solution capable of verifying document liveness checks of all dynamic security features in IDs, including holograms, optically variable inks (OVI), multiple laser images (MLI), Dynaprint, etc. Demanding IDV requirements This liveness-centric approach helps prevent presentation attacks, such as screen replays, injections This liveness-centric approach helps prevent presentation attacks, such as screen replays, injections, and printed forgeries, which can bypass security measures during remote onboarding. This ensures that any attempt to manipulate an ID can be detected before it causes harm.  "In our opinion, being recognised as a Niche Player in the Gartner Magic Quadrant for Identity Verification reflects exactly what we stand for: a highly focused, customer-driven approach. We’ve built our solutions to meet the most demanding IDV requirements, based on direct feedback from the organisations that rely on us. Our niche is where security, precision, and customer needs intersect. And that’s where we excel," says Ihar Kliashchou, Chief Technology Officer at Regula. Industry acknowledgments of Regula This recognition follows other industry acknowledgments of Regula. Most recently, G2 named Regula an Identity Verification Leader based on verified customer reviews, and KuppingerCole analysts recognised Regula as one of the Innovation Leaders in their Leadership Compass: Identity Verification. In 2025, Regula was also named a Representative Vendor in the 2024 Gartner Market Guide for KYC Platforms for Banking.

Regula, a developer of forensic devices and identity verification (IDV) solutions, has made its inaugural appearance in the KuppingerCole Leadership Compass for Identity Verification 2025. Mentioned in the Innovation Leaders category, the company is recognised for its 100% in-house R&D, forensic-grade technology, global document coverage, and advanced liveness detection capabilities. Cybersecurity industry analysis Specialising in IDV and cybersecurity industry analysis, KuppingerCole forecasts that the global IDV market will grow from $18.4 billion in 2025 to $50.07 billion by 2030, driven by increasing identity fraud, compliance requirements, user expectations, and technological advancements. As identity verification rapidly shifts toward fully remote and automated environments, innovation has become a key differentiator. Customer-oriented upgrade approach Innovation pioneers in IDV are defined by taking a customer-oriented upgrade approach According to KuppingerCole, innovation pioneers in IDV are defined by taking a customer-oriented upgrade approach, delivering customer-requested and forward-thinking features, while ensuring seamless compatibility with existing systems. Positioning Regula in the Innovation Leaders category, KuppingerCole analysts highlight: “Regula’s products are mature and often used to supplement other identity verification vendors’ offerings. While not as feature-complete as other offerings, Regula is a best-of-breed document and biometric verification solution with strong global coverage. With expertise across diverse industries and a global reach, Regula is positioned as a verification provider with in-house expertise for adaptable and scalable solutions.” KuppingerCole analysts In their Leadership Compass, KuppingerCole analysts pay special attention to the fact that IDV vendors have in-house technology development, strong data privacy policies, wide geographical coverage for their ID databases, and automation and machine learning (ML) to facilitate processes and user experience. On these fronts, Regula stands out by: Best-of-breed on-premises document and biometric verification solution. Comprehensive ID template database made of 15,000+ templates from 251 countries and territories. In-house R&D capabilities with significant domain-specific expertise. Advanced liveness detection technology supporting enhanced security. A mature organisation with products often used to supplement other IDV vendor offerings. Regula’s recognition Regula Document Reader SDK provides automated reading and comprehensive verification of all types At the heart of Regula’s recognition are its flagship software products, which serve clients in finance, government, healthcare, education, aviation, and more. Regula Document Reader SDK provides automated reading and comprehensive verification of all types of identity documents. It reads data in all document zones, verifies security features—including dynamic ones such as holograms—and cross-checks all the data to spot forgery.  Advanced spoof detection For biometric checks, Regula Face SDK enables real-time face matching, image quality assessment, and both passive and active liveness detection—the latter tested and certified under iBeta’s Presentation Attack Detection (PAD) Level 1 and 2. The solution supports 1:1 face matching and 1:n face identification with advanced spoof detection via texture and movement analysis, using both 2D and 3D methods. Regula’s solutions All biometric templates are driven locally by the client, with no data processed or stored by Regula Importantly, Regula’s solutions are designed for privacy-first deployments. All biometric templates are managed locally by the customer, with no data processed or stored by Regula.  The face-matching algorithms undergo continuous testing and are benchmarked through programs like the NIST Face Recognition Vendor Test (FRVT). Document verification to biometrics “Being named an Innovation Leader by KuppingerCole is a significant milestone for us. It highlights our decades-long commitment to building all our solutions in-house, from document verification to biometrics, and doing so with the precision and trustworthiness that customers demand." "As identity verification principles and standards rapidly evolve, our focus remains the same: delivering technology that’s not only robust but also deeply practical, scalable, and privacy-conscious,” says Ihar Kliashchou, Chief Technology Officer at Regula.

Thales, the pioneering global technology and security provider, announced Passwordless 360°, a new concept for passwordless authentication that offers Thales customers the broadest coverage of passwordless functions across multiple types of users and assurance levels. Passwordless 360° has the flexibility to let companies use the latest technologies like FIDO passkeys, while also making the most of previous investments they might have made in passwordless technologies. End users are increasingly frustrated with the number of passwords they’re asked to use, as well as the rules in place around their complexity. With the average person having as many as 100 to manage, users seek workarounds to get by – choosing passwords that are easier to remember or reusing the same password across multiple services. Individual risk management requirements Passwordless 360° equips a full set of tools that let organisations use passwordless authentication Passwordless 360° provides a complete set of tools that let organisations use passwordless authentication across a wide range of applications-from secure access to personal and work devices, to legacy and modern web resources. This helps keep the costs of making the move to passwordless down by being able to use one system – as well as increasing the likelihood that employees, customers and suppliers will use it. By removing the need to use traditional passwords it also eliminates the associated security risks through theft and phishing. Passwordless 360° can also meet the individual risk management requirements an organisation might have, adhering to NIST requirements no matter where the passkeys are stored. Passwordless 360° concept Sitting alongside the existing Thales OneWelcome Identity Platform that serves as the foundation for passwordless policies, the Passwordless 360° concept includes: Support for passkeys in the OneWelcome Identity Platform Passwordless Windows Logon, a true passwordless user experience that replaces passwords with ways for users to identify themselves, offering convenience and security benefits. SafeNet FIDO Key Manager, a way of helping users manage the several FIDO keys they might be using themselves, reducing administration costs for organisations. FIDO Authenticator Lifecycle Management, developed in partnership with identity management software company Versasec. This tool lets organisations manage FIDO tokens and lets larger enterprises make the move to the modern FIDO standard at the scale needed. Range of authentication methods The announcement comes as Thales has been named an Overall, Product, Innovation and Market Pioneer in KuppingerCole’s latest Leadership Compass on Passwordless Authentication for Consumers, with the platform praised for offering a versatile set of identity applications encompassing a wide range of authentication methods to meet organisations’ needs. Alejandro Leal, Research Analyst at KuppingerCole commented: “Overall, Thales offers a comprehensive solution that enables organisations to improve their identity management practices, adapt to evolving technologies, and effectively secure their systems and data. Organisations in highly regulated industries and security-conscious organisations in both the public and private sectors that require strong authentication options should consider the OneWelcome Identity Platform.”

These days, business is more collaborative, adaptable and connected than ever before. In addition to offering new identities and access privileges, new applications and data also increase the attack surface available to cyber criminals, hacktivists, state actors and disgruntled insiders. These new identities need to be handled carefully. CISOs must develop an identity management strategy that is consistent across on-premises, hybrid and cloud systems. Good security is built on solid identity governance and administration (IGA) principles. From ransomware to supply chain intrusions, high-profile cybersecurity events frequently take advantage of weak identity and access management procedures. The Identity Defined Security Alliance found that 84% of organisations experienced an identity-related breach during its one-year study period. Robust IGA system Consequently, organisations need to find best-of-breed solutions for each section of the fabric Some of the most well-known cyber-attacks have not been made possible by a nation-state exploiting a remote zero-day vulnerability; rather, they have been made possible by something as basic as a hacked orphaned account. This resulted in lateral movement from an insecure platform to a high-value system, illegitimate privilege escalation or unsanctioned access to a computer system. To safeguard against such attacks, organisations must be aware of who has access to their systems and apps, and guarantee that access is revoked when it is no longer required. Here, a robust IGA system is helpful. It is not the whole picture, though; IGA is part of a larger identity fabric. A report by KuppingerCole noted that “Identity Fabrics are not necessarily based on a technology, tool or cloud service, but a paradigm for architecting IAM within enterprises.” The report pointed out that the paradigm is created using several tools and services. That’s because, contrary to marketing claims, no one vendor has a platform that provides all the needed elements. Consequently, organisations need to find best-of-breed solutions for each section of the fabric. Threats to the new corporate landscape Due to their exclusion from the corporate firewall and the security culture that comes with working on-site, remote employees and third parties are desirable targets for hackers. The transition to online office suites is another vulnerability that hackers are taking advantage of–for instance, through bogus authentication login dialogues. Additionally, hackers are using technologies like machine learning and artificial intelligence to circumvent current security tactics. A cyberattack powered by AI will imitate human behaviour and develop over time. Even publicly available information might be used by this "weaponised AI" to learn how to get past a target’s defences. CISO and the business users Attackers will finally find an entryway, but firms can protect the new perimeter–their identities It's no longer possible to secure the traditional perimeter. Attackers will eventually find an entryway, but businesses can protect the new perimeter–their identities. To defeat these threats, organisations must look again at identity and access management tools and how they are weighed against the impact on the organisation. Should you mandate multi-factor authentication (MFA) more often and earlier? Should only company-owned devices have access to networks, or should access be restricted to specific business hours or regions? Should access to sensitive information and critical systems be given just temporarily or should it be offered on a task-by-task basis? Both the CISO and the business users they assist should be asking these questions. Staying ahead of threats with identity Access control limits decrease dangers but can come with a cost. If you give your users too much access, your organisation becomes susceptible; if you give them too little, productivity suffers. But there are ways to strike a balance with security, compliance and productivity. More CISOs are turning to Zero Trust–which is based on the principle of maintaining strict access controls and not trusting anyone by default–to protect their systems from new attack types. However, Zero Trust is reliant upon having a thorough and baked-in strategy that underpins it.  Other actions that companies can take include implementing automation for identity management, such as automating workflows for approval. This would significantly lessen the administrative burden and friction that security solutions like multifactor authentication (MFA) or time-restricted access to critical systems have on business users. This might include restricting access to particular devices, capping access hours during the day or enforcing MFA based on user behaviour. Identity fabric: Putting it all together Make sure your identity architecture is scalable, secure, and provides a seamless user experience These are just two elements of the identity fabric approach. Most organisations today have implemented pieces of an identity fabric, which is basically an organisation’s identity and access management (IAM) infrastructure and typically includes a mix of modular IAM solutions for multi-cloud and/or hybrid environments. Now, organisations need to define, enhance and develop this infrastructure. They must also institute guiding principles for how it should operate, meet current and future business requirements as well as identity-related cybersecurity challenges. In doing so, businesses can move past identity platforms and adopt an identity fabric perspective. The key is to make identity governance the starting point of your identity fabric strategy, ensuring seamless interoperability within your identity ecosystem. Make sure your identity architecture is scalable, secure, and provides a seamless user experience. Aligning security with business Due to the increase in knowledge workers using the cloud and working remotely, attackers are focusing on this group. These employees are easier to compromise, give access to valuable data and offer more attack targets. Knowledge workers also lack an administrator’s level of security expertise. Therefore, as part of their security fabric strategy, enterprises require a scalable IGA system. It is easier to comply with security and access regulations and takes less time for IT teams to do normal administrative activities when they invest in IGA, a crucial tenet of identity security. CISOs and boards, though, are currently looking at more than identity management. IGA is at the centre of the debate about security and governance. Taking an identity fabric-based approach, with a foundation built on modern, cloud-based IGA, will safeguard identities, increase productivity, and make staff adherence to organisational procedures easier.