Security & Risk

Planning for failure - Strategies to protect yourself in 2012

Thu, 26 Jan 2012 11:08:41 GMT

Last week I did a webcast, Planning for Failure, which makes the assumption that if you haven't been breached, it is inevitable, and you must be able to quickly detect and respond to incidents. An effective response can be the...

Virtualisation security - Better late than never

Wed, 25 Jan 2012 16:15:41 GMT

I am excited to announce my latest research, The CISO's Guide To Virtualization Security. This is the first report in a new series focusing on securing virtual environments. The reduced costs and flexibility of virtualisation have led to widespread adoption...

Develop effective security metrics

Wed, 25 Jan 2012 13:16:33 GMT

This month I published a new report on information security metrics, best practices as well as a maturity model to measure your maturity in the reporting process.This report outlines the future look of Forrester's solution for security and risk (S&R)...

Symantec scoops up LiveOffice

Tue, 17 Jan 2012 15:47:08 GMT

Symantec today announced that it has purchased LiveOffice, a privately-held cloud-based archiving vendor, for approximately $115 million. With nearly 20,000 customers, LiveOffice has historically marketed to small and mid-sized financial services firms. Over the past couple of years, however, the...

SCIM cloud provisioning standard reaches a major milestone

Wed, 04 Jan 2012 06:55:56 GMT

I've blogged and published research before about the emerging Simple Cloud Identity Management (SCIM) standard. The SCIM group has just approved Version 1.0. No, it's not your imagination: important standards around loosely coupled identity management really are being developed, tested,...

A European perspective on the USA PATRIOT Act

Thu, 15 Dec 2011 14:47:29 GMT

The USA PATRIOT Act (more commonly known as “the Patriot Act”) was signed into law by George W Bush on October 26, 2001 as a response to the September 11 attacks. The title of the act (USA PATRIOT) is actually...

InfoSec: Enterprise architecture building codes

Mon, 12 Dec 2011 11:01:52 GMT

There are many types of criminals. These include thrill-seeking hackers, politically motivated hackers, organised criminals after financial gain, and state-sponsored groups after financial gain and intellectual property or both. Any of these have the potential to break these capabilities through...

Forrester Waves on enterprise GRC and IT GRC

Wed, 07 Dec 2011 16:37:23 GMT

After months of diligent product and vendor evaluations, we have published The Forrester Wave: Enterprise GRC Platforms, Q4 2011. Also available is The Forrester Wave: IT GRC Platforms, Q4 2011. These two reports feature a total of 20 vendors, all...

Back to basics with passwords

Mon, 24 Oct 2011 15:45:08 GMT

After a bit of xml display snafu, my report "Breaking Down Entropy And Passwords" is finally live on the Forrester website.This report was inspired by a number of customer inquiries that I had recently on mobile password policies. It struck...

What's holding CISOs back?

Mon, 03 Oct 2011 13:46:57 GMT

According to our survey data dating back to 2008, despite year after year of high profile security breaches from Heartland Payment Systems to Wikileaks to Sony, security budgets have only increased by single digits. This is hardly enough to keep...

Your common questions on EU privacy regulations answered

Mon, 26 Sep 2011 12:44:53 GMT

The security group at Forrester has been handling a steady stream of client inquiries regarding EU data privacy laws, from both EU and North America clients. While there are many good legal sources out there, we thought it'd be a...

IBM to acquire Algorithmics

Mon, 05 Sep 2011 12:07:58 GMT

IBM announced plans to acquire the Fitch Group’s Algorithmics, a heavy-hitter in financial risk management software and services market, for $387 million. Here are my initial thoughts about today’s announcement: IBM is making a (relatively safe) bet that operational and...

InfoSec in the supply chain

Forrester Analysts — Fri, 15 Jul 2011 09:37:38 GMT

The importance of data security throughout the supply chain is something we have all considered, but Greg Schaffer, acting deputy undersecretary of the (US) Homeland Security Department of the National Protection and Programs directorate at the Department of Homeland...

Does the mobile internet mean the death of user privacy?

Forrester Analysts — Tue, 12 Jul 2011 10:14:38 GMT

Innovations in mobile technologies are making the mobile Internet increasingly ubiquitous and powerful. Consumers are drawn to the mobile Internet because it can be highly contextual and leverages information such as geo-location, presence, and user-specific information to deliver a rich...

Symantec to acquire Clearwell Systems to bolster ediscovery

Forrester Analysts — Tue, 24 May 2011 12:48:41 GMT

Symantec has announced today that it plans to acquire privately-held Clearwell Systems. The $390 million deal significantly strengthens Symantec’s eDiscovery portfolio. With annual sales of $56 million and more than 400 enterprise and law firm customers, Clearwell has traditionally focused...

Protecting internal APIs; is OAuth ready for its closeup?

Forrester Analysts — Fri, 13 May 2011 13:12:36 GMT

Two years ago, the OAuth API protection mechanism was a fairly well kept secret. It actually won an award at the 2009 European Identity Conference for "best new/improved standard," but most people didn't seem to have figured out what it...

Your vertical Is . . .

Forrester Analysts — Tue, 10 May 2011 11:26:27 GMT

Companies often demand to know what their peers in a particular vertical market are doing within the realm of information security before making new decisions. “We’re in retail” or “healthcare” or “financial services” they will say, “and we want to...

Information Security Metrics

Forrester Analysts — Thu, 21 Apr 2011 14:50:00 GMT

Forrester receives a significant number of inquiries from clients requesting Forrester guidance on Information Security Metrics. Chief Information Security Officers (CISOs) need new types of metrics to address economic, legal, regulatory, human resource, communication as well as traditional IT information...

RSA acquires NetWitness

Forrester Analysts — Tue, 05 Apr 2011 10:51:45 GMT

EMC’s security division RSA has announced the acquisition of NAV (Network Analysis and Visibility) vendor NetWitness. Some pundits have suggested that this is a direct result of the recent breach of RSA, but Forrester has been aware that this...

The plethora of BC standards

Forrester Analysts — Mon, 04 Apr 2011 09:49:49 GMT

Following my last post, there’s another area that’s worth noting in the resurgence of interest in BC preparedness, and that’s standards. For a long time, we’ve had a multitude of both industry and government standards on BCM management including...

Business continuity is back on the agenda

Forrester Analysts — Fri, 01 Apr 2011 09:29:03 GMT

During the last 12 to 18 months, there have been a number of notable natural catastrophes and weather related events. Devastating earthquakes hit Haiti, Chile, China, New Zealand, and Japan. Monsoon floods killed thousands in Pakistan, and a series of...

Identity assurance means 'never having to say who are you, again?'

Forrester Analysts — Thu, 31 Mar 2011 10:38:52 GMT

A decade after launching the SAML standard and seeing its, shall we say, stately pace of adoption, it’s wild to see real single sign-on and federated attribute sharing starting to take off for social networking, retail sites, online gaming, and...

HBGary, Anonymous, WikiLeaks and the concept of openness

Forrester Analysts — Mon, 28 Feb 2011 14:43:30 GMT

Recently I’ve been reading the excellent work by Jamais Cascio ;and thinking about the concept of "openness." Much of Jamais’ work is focused on geoengineering, but the concept of openness has profound implications on many fields, including computer security.For...

CardSpace is dead. Long live back-channel access

Forrester Analysts — Mon, 28 Feb 2011 11:42:33 GMT

Microsoft announced during last week's RSA conference that it would not be shipping Windows CardSpace 2.0. A lot of design imperatives weighed on that one deliverable: security, privacy, usability, bridging the enterprise and consumer identity worlds - and being...

Tackling data leak prevention at Forrester's Security Forum EMEA 2011

Forrester Analysts — Fri, 18 Feb 2011 10:35:46 GMT

For the second year in a row, I have the honor of hosting our Security Forum EMEA in London, March 17th - 18th. This is Forrester's 5th annual Security Forum in Europe, and each year brings a larger, more influential...