security risk management
With the proliferation of data and the ubiquity of connected devices, organizations can move with unmatched efficiency, but simultaneously incur increased risks. Read our insights on how security & risk professionals can succeed in this environment.
Insights
Blog
Recent Dragos Funding Round Demonstrates Growing Demand For OT Security Solutions
Operational technology (OT) and industrial control system (ICS) security are vitally important for the safety of the people who work in critical infrastructure and manufacturing. OT security is also necessary for the consumers of the energy, drinking water, and products made in our industrial facilities. OT security is a unique security domain of growing importance, and yesterday’s announcement of Dragos’ Series C funding round of $110 million is another validation of […]
Read More
Blog
COVID Drives M&A Activity In DevOps And IT Management
Learn how the pandemic's increased uncertainty and volatility has produced some attractive M&A opportunities in DevOps and IT Management.
Read More
Predictions 2021 Hub
Explore our blog posts, videos, guides, and other resources to understand the dynamics that will shape 2021.
Blog
It Is A Privilege To Announce The Forrester Wave™: Privileged Identity Management (PIM), Q4 2020
Bad puns in the title of this blog post aside (queue the rolling of the eyes, sigh, and slight smirk), we are pleased to announce that “The Forrester Wave™: Privileged Identity Management (PIM), Q4 2020” is now live. While PIM vendors have been adding new capabilities and improved user experience over the past two years, […]
Read More
Blog
Bots Kept Jeff From Buying A PS5, And Sandy Had To Hear About It
It’s not that I’m not a gamer. I enjoy board games and card games: Trivial Pursuit, Settlers of Catan, SET, Hive. I’m up to level 3056 in Two Dots. As a kid, I played Super Mario Land on my brother’s Game Boy and Sonic the Hedgehog on the family Sega Genesis. But I’ve never been […]
Read More
Blog
GAIA-X Must Be More Than Just Another European Infrastructure Provider, Or It Will Deliver No Value
Today Paul Miller, Tracy Woo, and I released our report that examines the market impact of the GAIA-X project. France and Germany announced an initiative in 2019, which was formalized as the GAIA-X Foundation in early October 2020. For our report, we spoke with several of the GAIA-X founders and studied its potential impact for […]
Read More
Blog
Dealing With The Access Hoarders In Your Organization
Anyone who has seen the show Hoarders knows how people who fill their houses with unneeded stuff can literally bury themselves in junk. Security and risk (S&R) pros who manage employee access to apps, databases, and systems should notice the Hoarders parallel when it comes to IT access: Many employees unknowingly acquire access over time, […]
Read More
Blog
Black Friday “All Season Long”? Expect The Bots To Follow Suit
I was scouring some of the Black Friday ads this week, and the trend seems to be less “Black Friday” than “Black November and probably most of December, too.” Best Buy is touting, “Black Friday all season long.” Target offers weekly “Black Friday Now” deals. Walmart? “Black Friday Deals for Days!” None of this is […]
Read More
Blog
How A Password Manager Could Save Your Marriage
My wife has the good fortune of living with a security and risk pro who also happens to be a US Army intelligence officer, so she’s been previously scolded about lax security practices. I also point out how “hacking” scenes on TV and in movies are comical and inaccurate. Note: Said wife was not consulted […]
Read More
Blog
Thinking Ransomware Defense: Air Gaps?
Air Gaps Aren’t Effective; Scratch Them From Your List . . . The number of companies falling victim to ransomware attacks continues to grow each day. Ransomware inflicts extreme pain, leading to business closure or significant business disruptions. Vendors are developing technology architectures and approaches to solve for these challenges. Each technology and approach has […]
Read More
Blog
The Power And The Peril Of APIs
Every time we come up with new ways to build and deploy applications, we also come up with new ways to break them. Did SQL make it easier to access and manipulate large amounts of structured data? You bet, and it also led to SQL injection. Ready to join the cloud? Hope you didn’t put […]
Read More
Blog
Twenty Technologies Underpin Application Security
When I was working at @stake in the early 2000s, most of my client engagements were in application security. I did a number of code reviews that involved people handing me stacks of paper to go through. “Grep” was an important security tool. When I was involved in application penetration tests, we used a combination […]
Read More
Blog
National Insider Threat Awareness Month: Stop Insiders With Zero Trust
The National Counterintelligence and Security Center (NCSC) and the National Insider Threat Task force (NITTF) partnered with US government agencies to kick off the second National Insider Threat Awareness Month this September. National Insider Threat Awareness Month was started in September 2019 with the goal to educate federal and industry employees about the risks posed […]
Read More
COVID-19: Responding, Managing, And Leading During A Pandemic
The latest insights and guidance for leaders to address the growing business and employee experience implications of COVID-19.
Blog
FORRward: A Weekly Read For Tech And Marketing Execs
Amazon Launches Halo, Its First Wearable Health Device For The Average (Budget-Conscious) Consumer This week, Amazon launched Halo, a screenless wearable device that can monitor activity, sleep, temperature, BMI, and emotion. At $99.99 (plus a small monthly service fee for advanced features), the Halo Band sits closer to Fitbit’s fitness trackers (ranging from $99.95–$169.95) than the Apple Watch ($400-plus). It focuses on what consumers want most: tracking fitness-related activity, […]
Read More
Blog
The Security Snapshot: Improving Your Security Posture During A Global Crisis
The COVID-19 global pandemic was top of mind for security leaders (and everyone else) during the second quarter of 2020. Forrester’s security and risk (S&R) team focused on pandemic recovery and looked at myriad ways to renew your security program and give it new life — from the development of talent and the future of […]
Read More
Blog
A Look Back At Zero Trust: Never Trust, Always Verify
What exactly is Zero Trust? For those of you who’ve been hiding away in a cave for the past decade, Zero Trust (ZT) is a concept founded by Forrester alum John Kindervag in 2009 that centers on the belief that trust is a vulnerability, and security must be designed with the strategy, “Never trust, always […]
Read More
Blog
It’s Never The Data Breach — It’s Always The Cover-Up
What CISOs can learn from the case against Uber's former chief security officer.
Read More
Podcast
The Surprisingly Bright Future For CISOs
The CISO is no longer a terminal role. VP and Principal Analyst Jeff Pollard describes the abundance of options available for today’s CISO.
Listen Now
Webinar: Coronavirus Disruption in Europe
Gain actionable insights to guide European leaders during this challenging time. We'll cover the impact of COVID-19 on employee experience, lessons learned from APAC’s response so far, and how to build a comprehensive pandemic plan.
Blog
FORRward: A Weekly Read For Tech And Marketing Execs
This week’s edition of our FORRward series covers the latest tech news on Gong, revenue intelligence, People.ai, Chorus.ai, brand, zero-party data, future of work and movie making.
Read More
Blog
FORRward: A Weekly Read For Tech And Marketing Execs
Mobile Advertising Comes Under Scrutiny Most data deprecation discussions center on cookies and web browsers. But two recent moves broaden the aperture to include mobile environments, too. First, Apple announced iOS 14, which will prompt users on whether they want to let an app track them or “ask app not to track.” If a user picks the latter, the app can’t […]
Read More
Blog
There’s A Growing Blind Spot For Your Security Team During The Pandemic — IoT Devices
Businesses may not be able to dictate what devices employees keep on their home networks, there are still many options available to IT departments to protect company assets.
Read More
More posts