Heidi Shey

Principal Analyst

Forrester Bio

Heidi Shey

Author Insights

BLOG

Uber's Uber Breach: A Stunning Failure In Corporate Governance And Culture

Heidi Shey November 29, 2017

When a breach is announced most security & risk pros are not too surprised. Yet Uber found a way to make the industry raise our collective eyebrows when it was discovered that Uber not only suffered a breach in late 2016 and failed to notify affected parties, but leadership appeared to take things a step further by engaging in a conspiracy to conceal the event by paying hush money to the hackers/extortionists and hiding it from the General Counsel […]

Read More
BLOG

2016 Privacy Lessons Learned And Looking Ahead To 2017

Heidi Shey January 26, 2017

Each year at the end of summer, several members of Forrester’s Security & Risk research team look back at publicly reported breach events and data privacy violations of the previous 12 months to spot trends and identify cases to feature where we feel there are lessons learned for S&R pros. In 2016, this was a […]

Read More
BLOG

Is Breach Notification A Part Of Your Incident Response Plan?

Heidi Shey March 7, 2016

Is customer-facing breach notification and response a part of your incident response plan? If should be! This is the part where you notify people that their information has been compromised, communicate to employees and the public about what happened and set the tone for recovery. It's more art than science, with different factors that influence […]

Read More
BLOG

How Do You Set Your Company Up For Success With Data Classification?

Heidi Shey January 11, 2016

Defining your data via data discovery and classification is the foundation for data security strategy. The idea that you must understand what data you have, where it is, and if it is sensitive data or not is one that makes sense at a conceptual level. The challenge, as usual, is with execution. Too often, data […]

Read More
BLOG

Forrester Predictions: What’s In Store For Privacy In 2016?

Heidi Shey November 9, 2015

When evaluating the top 10 critical success factors that will determine who wins and loses in the Age of the Customer in 2016, it comes as no surprise that privacy is one of them. In fact, privacy considerations and strategy augments all of the 10 critical factors to drive business success in the next 12 […]

Read More
BLOG

What Does It Mean To Have Privacy As A Competitive Differentiator?

Heidi Shey October 5, 2015

In 2015, 26% of global security decision makers consider privacy as a competitive differentiator for their organization.* But what does that even mean? And how would an organization achieve this? Last week I was out in Las Vegas for Privacy. Security. Risk. and moderated a panel on this topic. Panelists included Michael McCullough (CPO, VP, […]

Read More
BLOG

Do You Have An Effective Privacy Organization?

Heidi Shey May 1, 2015

A guest post from researcher Enza Iannopollo. Upcoming changes to privacy regulation in the EU as well as rising business awareness that effective data privacy means competitive differentiation in the market makes privacy a business priority today. And this is not only relevant for tech giants: protecting both customer and employee privacy is a business […]

Read More
BLOG

Myth Or Reality: The Chief Data Officer

Heidi Shey March 30, 2015

S&R pros, is there a Chief Data Officer (CDO) in your organization? Do you work with them? Previously, John and I wrote about the CDO role and how we believe that CDOs will help to drive security policy in the future because they can 1) directly tie business value to data assets, 2) have a […]

Read More
BLOG

Infosec On The Go: What Do Your Road Warriors Know About Cybersecurity?

Heidi Shey March 4, 2015

Did I pack socks? Check. Toothbrush? Check. Business cards, phone charger, passport? Check, check, and check. Do I know what I need to do and what not to do to protect myself, my devices and the company’s data while I’m on the road and traveling for work? [awkward silence, crickets chirping] S&R pros, how would […]

Read More
BLOG

Privacy Becomes A Competitive Differentiator In 2015

Heidi Shey November 12, 2014

We are in a golden age of data breaches – just this week, the United States Post Office was the latest casualty – and consumer attitudes about data security and privacy are evolving accordingly. If your data security and privacy programs exist just to ensure you meet compliance, you’re going to be in trouble. Data […]

Read More
BLOG

S&R Pros: Use The Mobile Mind Shift And Consumer Tools To Drive The Privacy Discussion

Heidi Shey September 9, 2014

The mobile mind shift: what is it? Forrester defines the mobile mind shift as the expectation that any desired information or service is available, on any appropriate device, in context, at a person's moment of need. It’s the reality that your customers (and employees!) live in today, where mobility isn’t just about devices or apps […]

Read More
BLOG

CISOs, CMOs: What's It Like Working With The Privacy Pro In Your Organization?

Heidi Shey June 10, 2014

Business needs and requirements demand expertise and coordination for privacy programs and practices. As a result, chief privacy officers, data protection officers, and other designated privacy professionals like privacy analysts are a fast growing presence within the enterprise today. The International Association of Privacy Professionals (IAPP) is 16,000 members strong today (compared to 7,500 back […]

Read More
BLOG

Pet The Unicorns And Think Of Protecting Customer Data As A Corporate Social Responsibility

Heidi Shey April 23, 2014

In a research world where we collect data on security technology (and services!) adoption, security spending, workforce attitudes about security, and more, there’s one type of data that I get asked about from Forrester clients in inquiry that makes me pause: breach cost data. I pause not because we don’t have it, but because it’s […]

Read More
BLOG

Startups That Were At BlackHat 2013

Heidi Shey August 12, 2013

What happens in Vegas shouldn’t stay in Vegas. I was out at BlackHat with other members of the Forrester team over a week ago (seems like yesterday!). It was two jam packed days of popping into briefings, guzzling copious amounts of green tea, and meeting new people and learning new things. In general, I like […]

Read More
BLOG

Collaborate With Your Non-Security Peers To See How Objectives Intersect (Hint: Mobile Context For Mobile Authentication)

Heidi Shey April 23, 2013

“Enterprise rights management? What does that even mean?! You’re using security speak!” exclaimed my colleague TJ Keitt. TJ sits on a research team serving CIOs, and covers collaboration software. We were having a discussion around collaboration software and data security considerations for collaboration. “Security speak” got in the way. It wasn’t the first time, and […]

Read More
BLOG

2013 Survey Development Starts Now -- What Data Would You Like For Us To Collect?

Heidi Shey February 21, 2013

I’m very excited to kick off survey development for upcoming Forrester Forrsights surveys that will feature security content. Continuing on from previous years will be the Forrsights Security Survey. This is an annual survey of IT security decision-makers from North American and European SMBs and enterprises. New for 2013 is a Workforce Survey that will provide […]

Read More
BLOG

Do You Think Of Consumers When It Comes To Data Security Policies And Controls?

Heidi Shey February 13, 2013

Your customers are consumers too. They don’t turn into business bots when they set foot in the enterprise. Whether your organization sells a product or a service to enterprises or consumers, you’re interfacing with consumers who have opinions about security and privacy. S&R pros, you already know that you have to be on top of […]

Read More
BLOG

A 2012 Security Incident Recap By The Numbers

Heidi Shey January 7, 2013

Before we get too far along into 2013, I’d like to take a moment to reflect back on the events of 2012. Thanks to our friends at CyberFactors*, this is what we saw: Overall 1,468 (publicly reported) incidents. This includes everything from stolen laptops to external hacks to third party partners mishandling data to employees […]

Read More
BLOG

Security Vendors You Should Know

Heidi Shey December 28, 2012

One of the really cool things about this analyst gig is that we get to field client inquiry calls – 30 minutes where we hop onto the phone to speak with our clients and answer their questions about the topics that we cover. As of the week before Christmas, analysts on the security and risk […]

Read More
BLOG

How Do You Maintain Your Security Edge?

Heidi Shey December 7, 2012
Read More