Andras Cser

VP, Principal Analyst

Forrester Bio

Author Insights

Blog

Breaking Down The US Executive Order To Protect Americans’ Sensitive Personal Data

Stephanie Liu February 29, 2024
Learn the key takeaways and market impacts from the Biden administration’s executive order to protect Americans’ sensitive personal data.
Blog

Zero Trust For Cloud Workloads? It’s Possible!

Andras Cser September 12, 2023
Curious about Zero Trust in the cloud? Learn more about it in this preview of our upcoming Security & Risk Forum.
Blog

The Web Needs A Way Of Proving That You’re A Real Person — Worldcoin Is Not The Solution

Martha Bennett July 26, 2023
New crypto-focused financial network Worldcoin promises to provide a “new identity and financial network owned by everyone.” But it raises more issues than it solves. Find out why.
Blog

Introducing Detection Surface, The Cybersecurity Defense That Parallels Attack Surface

Allie Mellen June 26, 2023
On traditional infrastructure (laptops, servers, workstations, on-premises network infrastructure), the attack surface was the closest match to true perimeter-based defense we could get. The network infrastructure gave access to the systems within (crunchy outside; gooey, cubicle, khakis, and blue button-downs inside). As such, detection of attacker activity was relegated to network-based activity, endpoint-based activity, and […]
Blog

The CNAPP Product Category is Getting Crowded With Capabilities

Andras Cser May 30, 2023
Learn four key reasons why the packaging of cloud-native application protection platforms into a bundle is unnecessary and possibly even misleading.
Blog

Insights From The 2023 RSA Conference: Generative AI, Quantum, And Innovation Sandbox

Allie Mellen May 2, 2023
There's growing hype around generative AI in the security world, some of it warranted, some of it not so much. Learn more by reading the Forrester security and risk team’s key perspectives from RSAC 2023.
Blog

Get A Head Start On The National Cybersecurity Strategy

Jeff Pollard March 2, 2023
This blog outlines Forrester’s existing Security & Risk research to help organizations navigate, manage, and prepare their organizations for the implications of the National Cybersecurity Strategy.
Blog

Deciphering Apple’s Recently Announced Data Protection Features

Geoff Cairns December 21, 2022
Earlier this month, Apple announced several important new data protection features for general availability in 2023 that have numerous implications for security teams in all industries and geographies. Here is the Forrester security and risk team’s collective analysis of these new features. Quick Summary The announcement is not particularly noteworthy in terms of the newly […]
Blog

Uneven Innovation At AWS re:Invent 2022

Lee Sustar December 8, 2022
Some 14 Forrester analysts attended this year’s AWS re:Invent in Las Vegas. The conference was a mix of innovation in some areas — particularly compute and networking, along with a co-engineering approach to industry cloud — but plateaus in others, such as hybrid and edge. Efficiency and consolidation were underlying themes, from amping up AI/ML […]
Blog

The State Of Decentralized Digital Identities

Andras Cser August 19, 2022
Learn the value of decentralized digital identities in this preview of Forrester’s Security & Risk event, November 8–9.
Blog

NIST PQ: “Lattice” Pick A Winner

Sandy Carielli July 7, 2022
Last week, we wondered if early reports indicating that NIST would announce the winners of its post-quantum cryptography competition would come to fruition anytime soon. Happily, they have. After an evaluation process that began with a call for nominations in 2016 and culled dozens of potential post-quantum (PQ) cryptographic algorithms down to seven finalists and […]
Blog

The Interminable Wait: The NIST Post-Quantum Competition

Sandy Carielli June 29, 2022
While we wait to learn the winners, here's a bit of history.
Blog

The CISA Promotes Cloud Visibility And Security With Its SCuBA TRA

Andras Cser April 22, 2022
Get ready for the semi-nationalization of public cloud security in the US. The Secure Cloud Business Applications Technical Reference Architecture (SCuBA TRA) from the Cybersecurity and Infrastructure Security Agency (CISA) provides a wide-ranging set of cloud security requirements for civilian agencies that have thus far been outside the boundaries of the FedRAMP program. The proposed […]
Blog

SailPoint To Be Acquired By Private Equity Firm Thoma Bravo For $6.9 Billion

Andras Cser April 13, 2022
On Monday, April 11, 2022, identity management and governance (IMG) vendor SailPoint announced that it was being bought by private equity (PE) firm Thoma Bravo for $6.9 billion. This is not the first rodeo for Thoma Bravo with SailPoint; in 2014, the PE firm bought out SailPoint’s original venture capital investors and remained an owner […]
Blog

Okta Lapsus$ Compromise: How To Make Sure You’re Protected

Merritt Maxim March 24, 2022
On Tuesday, March 22, 2022, identity-as-a-service (IDaaS) provider Okta announced that it had detected an attempt to compromise the account of a partner in January 2022. The announcement came after the hacking group Lapsus$ posted screenshots of a computer used by one of Okta’s third-party customer support engineers. As one of the largest IDaaS providers with […]
Blog

Don’t Hit The Curb — Instead, Curb The Risk Of Emerging Technologies In 2022!

Andras Cser February 4, 2022
Find out why these five technology categories are causing security decision-makers the most concern.
Blog

OMB’s Zero Trust Strategy: Government Gets Good

David Holmes February 1, 2022
What a time to be alive! Hot on the heels of Forrester’s release of our definition of modern Zero Trust (ZT), the US Office of Management and Budget (OMB) released a memo entitled Moving the US Government Toward Zero Trust Cybersecurity Principles. Coincidence? Yes. A big deal? Also, yes. If executed as mandated, not only […]
Blog

Facebook Shuts Down Face Recognition System On Its Platform

Merritt Maxim November 4, 2021
Facebook's recently announced its decision to no longer use facial recognition in its platform. What does that mean for the long-term?
Blog

Forcepoint Acquires Bitglass

Andras Cser October 22, 2021
In its quest to add to its Zero Trust edge (ZTE), also known as secure access service edge (SASE), portfolio, Forcepoint acquired cloud security gateway (CSG), also known as cloud access security broker (CASB), provider Bitglass for a Forrester-estimated $200-300 million last week. Beyond the usual criteria (ability to retain marketing and development talent of Bitglass), […]
Blog

Perspectives On One Identity’s Acquisition Of OneLogin

Merritt Maxim October 8, 2021
On October 4, 2021, identity and access management (IAM) vendor One Identity announced plans to acquire identity-as-a-service (IDaaS) vendor OneLogin for an undisclosed amount. Founded in 2009, OneLogin is an established pure-play IDaaS vendor that primarily serves midmarket enterprises, with a unified platform for employees, partners, and customers, and has raised over $170 million in […]
More posts