If you’ve been reading my blog, you’ll notice that “shift” is a common theme here at with the Security & Risk team. We believe 2010 represents a shift in how CISOs will support their businesses. Today I wanted to write about how we drew some of these conclusions. This last summer, Forrester conducted a series of in-depth interviews of the various roles we serve. For me, that entailed 30 interviews with various security and risk executives. The goal was to better understand information security and risk priorities and how we can better meet those needs. I must say, it was unlike any research project I’ve undertaken at Forrester. Sure, we asked the normal questions like “What is your role and responsibilities?” and “What are your top priorities?” But I also had the chance to ask very atypical questions like “Who do you turn to for trusted advice?” and “What sources of information do you find most valuable.?”
As a result, we’ll be changing our research heading into 2010. We learned that:
On Friday we wrapped up a very successful Security Forum. I’m very pleased at how well the theme — navigating the new security & risk reality — resonated with the two hundred security execs that joined us in lovely San Diego.
For those who attended, let me send out a big THANK YOU. I know it’s a lot to take two days out of your schedule and, as always, we appreciate your attendance. And remember, you can head to the link above to get all of the presentations.
But now we must return to work and start implementing all of the insight we discussed. To help, I thought I’d take an opportunity to summarize this year’s top three takeaways, in no particular order.
Takeaway 1: Giant squids are the stuff of horror movies, and stand-up comedy. For those of you following along, you’ll know I struggled with whether I should incorporate the recent squid invasion of San Diego in my opening remarks. I did — and it went over well. I shall live to host another event.
Ok, so maybe I didn’t nuke it, but I wiped it clean. It’s all part of an experiment. I’m one of a lucky few (20 to be precise) that are piloting iPhones here at Forrester. So far, it’s been great, although there are the usual bumps and stumbles you might imagine with any new technology. For example, has anyone else out there come across the mysterious disappearing calendar item? Every once in a while I come across something that’s on my desktop Outlook client, but not on my iPhone. I’ve done some pretty exhaustive scenario testing and I think I’ve isolated what triggers it, but of course there’s no discussion of it anywhere in the Googlesphere. Very strange, but I digress. As much as I’d like to talk about my iPhone experience, I’m actually more interested in any consumer mobile device in the enterprise.
(Psst. Apple, if you’re listening I can be contacted on this blog, on Twitter, or via email. I may not be one of our device analysts, but my analyst credentials would be revoked if I didn’t at least have an opinion.)
Ok, so why am I interested in mobile devices? Because in the last few weeks we’ve been swamped with clients’ requests to help craft their security policy for this technology populistphenomenon. Not only has iPhone proven to have enterprise staying power, but the promise of Palm Pre and Windows Mobile 6.5 has many an executive dreaming of replacing their old scroll-wheel driven BlackBerry with a slick touch interface.