security & risk

I have done a few exercises on implementing Zero Trust and Zero Trust eXtended (ZTX) in enterprises. The impetus behind these exercises from a strategy standpoint is that the participating organizations have leaders that are Forrester clients and had read, or at least breezed through, the research that has been published on the topic of […]

I have done a few exercises on implementing Zero Trust and Zero Trust eXtended (ZTX) in enterprises. The impetus behind these exercises from a strategy standpoint is that the participating organizations have leaders that are Forrester clients and had read, or at least breezed through, the research that has been published on the topic of […]

Who knew that failed data governance would be the thing to turn the privacy world on its ear? When the Facebook/Cambridge Analytica scandal broke . . . and then got worse, consumers and politicians alike finally seemed to understand that the data economy had gotten away from us all. As a result, 2018 has forever […]

Well, it’s happening! My first Forrester report was published this week. (Forrester clients can access here.) The topic? Cybersecurity transformation, of course! It’s what I have lived and breathed for the last 3.5 years. I have also engaged peer CISOs doing terrific work transforming their firms’ security function and capabilities — I’ve always had a passion […]

Today, Cisco announced that it has acquired Ann Arbor, Michigan/California-based Duo Security for $2.35 billion in cash. Founded in 2010, Duo Security has been growing rapidly over the last few years with its multifactor authentication (MFA) offering and has raised over $120 million in venture financing to date. Based on Forrester’s estimates of Duo Security’s […]

Over the past few years, companies in all markets have embraced digital transformation, whether it is financial services finding new mechanisms to engage with customers or manufacturers adding sensors and other data collection components into their operational processes. These digital transformation efforts are about leveraging digital insights to drive better outcomes. Digital transformation has value in the […]

Digital Risk Protection In 2018: New Vendors, New Leaders, New Wave Our “The Forrester New Wave™: Digital Risk Protection, Q3 2018” report is out! Take a look at how 14 DRP vendors stack up in this emerging market. You will find detailed vendor profiles and analysis evaluating how well they monitor and mitigate organizations’ external, […]

Estimates of the cost of fraud vary widely, but almost everyone agrees that the cost is huge and appears to be increasing. Looking just at eCommerce, Forrester predicts that US and Western European eCommerce fraud will reach $18.6 billion in 2018. And in its 2017 True Cost of Fraud report, LexisNexis Risk Solutions estimates that fraud […]

Rain Capital is shaking up the investment side of cybersecurity. Apart from only 11% of cybersecurity professionals being women, venture capital (VC) firms also suffer from a gender disparity with limited diversity. According to TechCrunch, only 8% of partners from the top 100 venture firms were women in 2017, and eight of these top 100 […]

Forrester’s 2018 Guide To Cyberinsurance Today, no one is 100% secure — believing otherwise is hubris of Icarian proportions. This reality is a core reason why more organizations are turning to cyberinsurance. Because without it in some form (whether it’s a purchased policy or their own allocated cash reserves), they have no safety net to stymie […]

In the halcyon days of my sysadmin youth, my team was asked to perform entitlement reviews on sensitive systems. When we were asked to determine who should have access to what, my director responded in a way I would never forget: “That’s not my job.” It sounds snarky, but he was correct. It wasn’t our […]

In the halcyon days of my sysadmin youth, my team was asked to perform entitlement reviews on sensitive systems. When we were asked to determine who should have access to what, my director responded in a way I would never forget: “That’s not my job.” It sounds snarky, but he was correct. It wasn’t our […]

Last week, I attended Infosecurity Europe 2018, the largest event of its kind in Europe. The event is a carnival of the cybersecurity industry, with promotion of every information security product imaginable. There are also more conference training tracks than your average railway. The show gives a good indication of the key issues that are […]

If you had half an hour with a board member and you wanted to get coaching from them about how to communicate with them about security, what would you ask them? In a few weeks’ time, I will have just that opportunity when I facilitate a panel with some prominent board directors. Getting inside the […]

I recently saw another posting/photo from a friend in the industry that showed what amounts to “booth babes” at yet another conference; this time it wasn’t in Vegas, it was in Europe. This issue is one of importance in an industry rife with failure on lots of levels, a lack of available talent, and that […]

The Forrester Tech Tide™: Risk And Compliance Management, Q2 2018 We recently published our Tech Tide™ report outlining 14 key risk and compliance technologies to track in 2018. One of the challenging parts of this research is setting the right scope. We found risk and compliance technology everywhere, covering every industry, region, and niche use case. […]

During my presentation at RSA Conference 2018 this year, I discussed what I refer to as the “Heisenberg Uncertainty Principle of Asset Management,” which states that it’s impossible to maintain an asset inventory list in a constantly evolving environment. Think of it this way: Your IT infrastructure is probably a lot like a giant jelly […]

When salacious tales of Cambridge Analytica’s activities emerged in 2018, we thought the company was finished. The many on-air discussions of illegal activities, law enforcement warrants, legal action threats from partners, and questionable ethics appeared to doom it. We then saw multiple suspensions and resignations, and on May 2, Cambridge Analytica announced it would file […]

This weekend, The New York Times released a story detailing a sexist, toxic culture that’s been tormenting Nike employees for years. The story shares instances of sexist comments, work trips to strip clubs, sexually graphic conversations, and unwanted advances that’ve forced many women to quit over the years. But did they go to HR? Yes. […]