Alla Valente
Analyst
Author Insights
Blog
Third-Party Risk Management: You Can’t Outsource Your Way Out Of Accountability
Firms have been outsourcing systems, business processes, and data processing activities to third-party service providers (TSPs) for years, but they are only one category of relationships that introduce risk into the enterprise. Now, firms are more dependent than ever on the vast network of third-party relationships, from vendors and suppliers to digital marketing agencies and […]
Read More
Blog
Compliance Is Your Floor, Not Your Ceiling: GRC Platforms Move To Value Creation
While firms spend millions of dollars conducting and auditing compliance-driven activities, several of the steepest losses in valuation and market share were precipitated by strategic decisions which all but ignored the risks to the customer experience and the financial implications of a tarnished corporate brand. In the age of the customer, unless a technology continues […]
Read More
Blog
Why Whistleblowers Are Uber Important To Your Business
Just over two weeks ago, Susan Fowler’s book, Whistleblower: My Journey to Silicon Valley and Fight for Justice at Uber, published. She tells a story of a broken corporate culture where she experienced and witnessed sexism, harassment, and abuse during her time working for Uber. She confronted her HR department, where she was met with […]
Read More
Blog
RSA Conference Cancellations: Coronavirus Fears Or Supply Chain Uncertainty?
As 40,000 attendees descend on San Francisco for the annual security pilgrimage that is the RSA Conference, more sponsors pull out of the event citing safety concerns over the Coronavirus (Covid-19) Pandemic.
Read More
Blog
RSA Conference 2020: What’s On My Risk Management Wish List
Waiting for the RSA Conference is a bit like counting down the days until Christmas. And RSA with a full conference pass is the security and risk version of the Toys”R”Us “Big Toy Book” but better — my only limits are good time management, a realistic assessment of logistics, and a pair of comfortable shoes. […]
Read More
Blog
Navigate Through GRC Purchasing Decisions With These Three Considerations
The market for governance, risk, and compliance (GRC) technologies is competitive, diverse, and supports a broad range of capabilities. Having many options to choose from is a good thing; having too many options without a clear sense of what you need, what you can afford, or what resources are available to utilize the technology you’ve […]
Read More
Blog
Cannabis Dispensaries: Security And Risk Considerations For Continued Growth
In the US, cannabis is fully legal (medical and recreational) in 11 states and Washington, DC. For medical use, it is legal in 33 states. This is a flourishing industry, with one study conservatively estimating it will reach $30 billion by 2025. As dispensaries set up shop, they face many of the same risks as […]
Read More
Blog
Extending Cybersecurity Awareness Of The Third-Party Ecosystem
This year’s NCSAM theme of “Own IT. Secure IT. Protect IT.” is a powerful call to action for ownership and accountability. However, many heeding this call won’t think about how it also extends to the vast and growing network of third-party relationships. Why? For most organizations, third parties complicate cybersecurity risk management.
Read More
Blog
Transformation, Third Parties, And Threats Shape The Landscape Of GRC Technology
The Forrester Tech Tide™: Governance, Risk, And Compliance Management, Q4 2019 report segments critical governance, risk, and compliance (GRC) technologies to aid risk and compliance pros as they seek to prioritize immediate needs and future investment in GRC management technology.
Read More
Blog
Laud Your Whistleblowers Or Pay The Price
It's time to reconsider the whistleblower. It's in companies' best interests to know about and fix ethical missteps before they turn into full-blown scandals.
Read More
Blog
Can RegTech Get Us From Compliance To Competitive Advantage?
Buzzwords are the bane of my existence! As a former SaaS tech marketer, I’ve used my fair share. Since joining Forrester a month ago as an analyst on the security and risk team, one of the buzzwords I’m hearing most is “RegTech.” RegTech isn’t just hype. Forrester defines RegTech as the technology-enabled transformation of the […]
Read More