Andras Cser
VP, Principal Analyst

Author Insights
Blog
Zero Trust For Cloud Workloads? It’s Possible!
Curious about Zero Trust in the cloud? Learn more about it in this preview of our upcoming Security & Risk Forum.
Blog
The Web Needs A Way Of Proving That You’re A Real Person — Worldcoin Is Not The Solution
New crypto-focused financial network Worldcoin promises to provide a “new identity and financial network owned by everyone.” But it raises more issues than it solves. Find out why.
Blog
Introducing Detection Surface, The Cybersecurity Defense That Parallels Attack Surface
On traditional infrastructure (laptops, servers, workstations, on-premises network infrastructure), the attack surface was the closest match to true perimeter-based defense we could get. The network infrastructure gave access to the systems within (crunchy outside; gooey, cubicle, khakis, and blue button-downs inside). As such, detection of attacker activity was relegated to network-based activity, endpoint-based activity, and […]
Blog
The CNAPP Product Category is Getting Crowded With Capabilities
Learn four key reasons why the packaging of cloud-native application protection platforms into a bundle is unnecessary and possibly even misleading.
Blog
Insights From The 2023 RSA Conference: Generative AI, Quantum, And Innovation Sandbox
There's growing hype around generative AI in the security world, some of it warranted, some of it not so much. Learn more by reading the Forrester security and risk team’s key perspectives from RSAC 2023.
Blog
Get A Head Start On The National Cybersecurity Strategy
This blog outlines Forrester’s existing Security & Risk research to help organizations navigate, manage, and prepare their organizations for the implications of the National Cybersecurity Strategy.
Blog
Deciphering Apple’s Recently Announced Data Protection Features
Earlier this month, Apple announced several important new data protection features for general availability in 2023 that have numerous implications for security teams in all industries and geographies. Here is the Forrester security and risk team’s collective analysis of these new features. Quick Summary The announcement is not particularly noteworthy in terms of the newly […]
Blog
Uneven Innovation At AWS re:Invent 2022
Some 14 Forrester analysts attended this year’s AWS re:Invent in Las Vegas. The conference was a mix of innovation in some areas — particularly compute and networking, along with a co-engineering approach to industry cloud — but plateaus in others, such as hybrid and edge. Efficiency and consolidation were underlying themes, from amping up AI/ML […]
Blog
The State Of Decentralized Digital Identities
Learn the value of decentralized digital identities in this preview of Forrester’s Security & Risk event, November 8–9.
Blog
NIST PQ: “Lattice” Pick A Winner
Last week, we wondered if early reports indicating that NIST would announce the winners of its post-quantum cryptography competition would come to fruition anytime soon. Happily, they have. After an evaluation process that began with a call for nominations in 2016 and culled dozens of potential post-quantum (PQ) cryptographic algorithms down to seven finalists and […]
Blog
The Interminable Wait: The NIST Post-Quantum Competition
While we wait to learn the winners, here's a bit of history.
Blog
The CISA Promotes Cloud Visibility And Security With Its SCuBA TRA
Get ready for the semi-nationalization of public cloud security in the US. The Secure Cloud Business Applications Technical Reference Architecture (SCuBA TRA) from the Cybersecurity and Infrastructure Security Agency (CISA) provides a wide-ranging set of cloud security requirements for civilian agencies that have thus far been outside the boundaries of the FedRAMP program. The proposed […]
Blog
SailPoint To Be Acquired By Private Equity Firm Thoma Bravo For $6.9 Billion
On Monday, April 11, 2022, identity management and governance (IMG) vendor SailPoint announced that it was being bought by private equity (PE) firm Thoma Bravo for $6.9 billion. This is not the first rodeo for Thoma Bravo with SailPoint; in 2014, the PE firm bought out SailPoint’s original venture capital investors and remained an owner […]
Blog
Okta Lapsus$ Compromise: How To Make Sure You’re Protected
On Tuesday, March 22, 2022, identity-as-a-service (IDaaS) provider Okta announced that it had detected an attempt to compromise the account of a partner in January 2022. The announcement came after the hacking group Lapsus$ posted screenshots of a computer used by one of Okta’s third-party customer support engineers. As one of the largest IDaaS providers with […]
Blog
Don’t Hit The Curb — Instead, Curb The Risk Of Emerging Technologies In 2022!
Find out why these five technology categories are causing security decision-makers the most concern.
Blog
OMB’s Zero Trust Strategy: Government Gets Good
What a time to be alive! Hot on the heels of Forrester’s release of our definition of modern Zero Trust (ZT), the US Office of Management and Budget (OMB) released a memo entitled Moving the US Government Toward Zero Trust Cybersecurity Principles. Coincidence? Yes. A big deal? Also, yes. If executed as mandated, not only […]
Blog
Facebook Shuts Down Face Recognition System On Its Platform
Facebook's recently announced its decision to no longer use facial recognition in its platform. What does that mean for the long-term?
Blog
Forcepoint Acquires Bitglass
In its quest to add to its Zero Trust edge (ZTE), also known as secure access service edge (SASE), portfolio, Forcepoint acquired cloud security gateway (CSG), also known as cloud access security broker (CASB), provider Bitglass for a Forrester-estimated $200-300 million last week. Beyond the usual criteria (ability to retain marketing and development talent of Bitglass), […]
Blog
Perspectives On One Identity’s Acquisition Of OneLogin
On October 4, 2021, identity and access management (IAM) vendor One Identity announced plans to acquire identity-as-a-service (IDaaS) vendor OneLogin for an undisclosed amount. Founded in 2009, OneLogin is an established pure-play IDaaS vendor that primarily serves midmarket enterprises, with a unified platform for employees, partners, and customers, and has raised over $170 million in […]
Blog
KubeCon And The (Partial) Emergence Of Enterprise Kubernetes
KubeCon events can be hard to assess. Whether live or virtual, they’ve become a sprawling mix of old-school tech trade show, open source project maintainer meetup, and independent user group. KubeCon + CloudNativeCon Europe 2021 was no different. My colleague Brent Ellis led Forrester’s initial appraisal of the online event, noting greater maturity in Kubernetes […]
More posts