security risk management

Learn how the pandemic's increased uncertainty and volatility has produced some attractive M&A opportunities in DevOps and IT Management.

Bad puns in the title of this blog post aside (queue the rolling of the eyes, sigh, and slight smirk), we are pleased to announce that “The Forrester Wave™: Privileged Identity Management (PIM), Q4 2020” is now live. While PIM vendors have been adding new capabilities and improved user experience over the past two years, […]

It’s not that I’m not a gamer. I enjoy board games and card games: Trivial Pursuit, Settlers of Catan, SET, Hive. I’m up to level 3056 in Two Dots. As a kid, I played Super Mario Land on my brother’s Game Boy and Sonic the Hedgehog on the family Sega Genesis. But I’ve never been […]

Today Paul Miller, Tracy Woo, and I released our report that examines the market impact of the GAIA-X project. France and Germany announced an initiative in 2019, which was formalized as the GAIA-X Foundation in early October 2020. For our report, we spoke with several of the GAIA-X founders and studied its potential impact for […]

Anyone who has seen the show Hoarders knows how people who fill their houses with unneeded stuff can literally bury themselves in junk. Security and risk (S&R) pros who manage employee access to apps, databases, and systems should notice the Hoarders parallel when it comes to IT access: Many employees unknowingly acquire access over time, […]

I was scouring some of the Black Friday ads this week, and the trend seems to be less “Black Friday” than “Black November and probably most of December, too.” Best Buy is touting, “Black Friday all season long.” Target offers weekly “Black Friday Now” deals. Walmart? “Black Friday Deals for Days!” None of this is […]

My wife has the good fortune of living with a security and risk pro who also happens to be a US Army intelligence officer, so she’s been previously scolded about lax security practices. I also point out how “hacking” scenes on TV and in movies are comical and inaccurate. Note: Said wife was not consulted […]

Air Gaps Aren’t Effective; Scratch Them From Your List . . . The number of companies falling victim to ransomware attacks continues to grow each day. Ransomware inflicts extreme pain, leading to business closure or significant business disruptions. Vendors are developing technology architectures and approaches to solve for these challenges. Each technology and approach has […]

Every time we come up with new ways to build and deploy applications, we also come up with new ways to break them. Did SQL make it easier to access and manipulate large amounts of structured data? You bet, and it also led to SQL injection. Ready to join the cloud? Hope you didn’t put […]

When I was working at @stake in the early 2000s, most of my client engagements were in application security. I did a number of code reviews that involved people handing me stacks of paper to go through. “Grep” was an important security tool. When I was involved in application penetration tests, we used a combination […]

The National Counterintelligence and Security Center (NCSC) and the National Insider Threat Task force (NITTF) partnered with US government agencies to kick off the second National Insider Threat Awareness Month this September. National Insider Threat Awareness Month was started in September 2019 with the goal to educate federal and industry employees about the risks posed […]

Amazon Launches Halo, Its First Wearable Health Device For The Average (Budget-Conscious) Consumer This week, Amazon launched Halo, a screenless wearable device that can monitor activity, sleep, temperature, BMI, and emotion. At $99.99 (plus a small monthly service fee for advanced features), the Halo Band sits closer to Fitbit’s fitness trackers (ranging from $99.95–$169.95) than the Apple Watch ($400-plus). It focuses on what consumers want most: tracking fitness-related activity, […]

The COVID-19 global pandemic was top of mind for security leaders (and everyone else) during the second quarter of 2020. Forrester’s security and risk (S&R) team focused on pandemic recovery and looked at myriad ways to renew your security program and give it new life — from the development of talent and the future of […]

What exactly is Zero Trust? For those of you who’ve been hiding away in a cave for the past decade, Zero Trust (ZT) is a concept founded by Forrester alum John Kindervag in 2009 that centers on the belief that trust is a vulnerability, and security must be designed with the strategy, “Never trust, always […]

What CISOs can learn from the case against Uber's former chief security officer.

The CISO is no longer a terminal role. VP and Principal Analyst Jeff Pollard describes the abundance of options available for today’s CISO.

This week’s edition of our FORRward series covers the latest tech news on Gong, revenue intelligence, People.ai, Chorus.ai, brand, zero-party data, future of work and movie making.

Mobile Advertising Comes Under Scrutiny Most data deprecation discussions center on cookies and web browsers. But two recent moves broaden the aperture to include mobile environments, too. First, Apple announced iOS 14, which will prompt users on whether they want to let an app track them or “ask app not to track.” If a user picks the latter, the app can’t […]

Businesses may not be able to dictate what devices employees keep on their home networks, there are still many options available to IT departments to protect company assets.