Zero Trust Model

We occasionally get asked this question: “Would Zero Trust have prevented [insert high-profile breach]?” The breach in question could be Equifax, SolarWinds, or the United States Office of Personnel Management. We haven’t been asked (yet) about the announcement from Microsoft this month, where they acknowledged that they were a target of, and indeed had an […]

With ransomware continuing as a high-impact problem (with seemingly no end in sight), we’ve put together some useful ransomware resources for security practitioners. Security and risk (S&R) pros can use these resources to help prevent, protect, detect, and respond to ransomware outbreaks. The links below are a mixture of Forrester’s own research and third-party links. […]

Forrester's security team sifts through the details of the new executive order on cybersecurity and looks forward at its long-term impact.

There are two people in a wood, and they run into a bear. The first person gets down on his knees to pray; the second person starts lacing up his boots. The first person asks the second person, “My dear friend, what are you doing? You can’t outrun a bear.” To which the second person […]

One of the top challenges and misunderstandings that I continue to see here at Forrester is about what the definition of Zero Trust actually is. Zero Trust is not one product or platform; it’s a security framework built around the concept of “never trust, always verify” and “assuming breach.” Attempting to buy Zero Trust as […]

Senior Analyst David Holmes introduces Forrester’s new model for security and networking services.

Bad puns in the title of this blog post aside (queue the rolling of the eyes, sigh, and slight smirk), we are pleased to announce that “The Forrester Wave™: Privileged Identity Management (PIM), Q4 2020” is now live. While PIM vendors have been adding new capabilities and improved user experience over the past two years, […]

Anyone who has seen the show Hoarders knows how people who fill their houses with unneeded stuff can literally bury themselves in junk. Security and risk (S&R) pros who manage employee access to apps, databases, and systems should notice the Hoarders parallel when it comes to IT access: Many employees unknowingly acquire access over time, […]

The COVID-19 pandemic unequivocally changed how employers think the workforce could and should look like. As firms have been growing more acclimated to the “new normal,” insider threats, breaches, and employee unrest are on the rise. You need to know which security vendors fit your needs and which strategies to take. As we head into month […]

My wife has the good fortune of living with a security and risk pro who also happens to be a US Army intelligence officer, so she’s been previously scolded about lax security practices. I also point out how “hacking” scenes on TV and in movies are comical and inaccurate. Note: Said wife was not consulted […]

While Zero Trust (ZT) security is mainstream in the US and Europe, it has only just begun gaining momentum in Asia Pacific (APAC). Why now? The global pandemic has accelerated cloud migration and remote work at the same time that firms are grappling with rapidly changing regulations and mounting consumer pressure for improved data privacy. […]

It has never been more important for organizations to anticipate change, strengthen resilience, and become truly customer obsessed. Heading into 2021, technology — both new and existing — will help firms achieve these aims and emerge from the crisis on sound footing.

Forrester analysts from across the Asia Pacific region provide insights on what to expect in the year 2021.

Today, we published our newest round of evaluations for the Zero Trust eXtended (ZTX) ecosystem, “The Forrester Wave™: Zero Trust eXtended Ecosystem Platform Providers, Q3 2020.” When we embarked on this journey, Research Associate Alexis Bouffard and I started with roughly 130 potential vendors. We narrowed that down to 38 vendors for the “Now Tech: […]

The National Counterintelligence and Security Center (NCSC) and the National Insider Threat Task force (NITTF) partnered with US government agencies to kick off the second National Insider Threat Awareness Month this September. National Insider Threat Awareness Month was started in September 2019 with the goal to educate federal and industry employees about the risks posed […]

What exactly is Zero Trust? For those of you who’ve been hiding away in a cave for the past decade, Zero Trust (ZT) is a concept founded by Forrester alum John Kindervag in 2009 that centers on the belief that trust is a vulnerability, and security must be designed with the strategy, “Never trust, always […]

Technically, the male praying mantis mates for life. If you know anything about the mating habits of the female sex of that particular insect, you now also understand the limitations of the word “technically.” Similarly, technically, TLS 1.3 and DNS-over-HTTPS (DoH) are improvements upon previous technologies that are supposed to improve security. But in reality, […]