It’s The Database, Stupid

Bill Nagel

Yesterday’s announcement that the Clear service could soon be baaaaack, along with a spate of recent client questions on electronic credentials and biometrics, have triggered this post.

My colleague Andrew Jaquith’s analysis of the myriad problems with the way that Verified Identity Pass and the TSA handled the Clear shutdown in June (including the potential for customers’ PII to be sold off) was spot on.

Read more

CISO Support Shift In 2010

If you’ve been reading my blog, you’ll notice that “shift” is a common theme here at with the Security & Risk team. We believe 2010 represents a shift in how CISOs will support their businesses. Today I wanted to write about how we drew some of these conclusions. This last summer, Forrester conducted a series of in-depth interviews of the various roles we serve. For me, that entailed 30 interviews with various security and risk executives. The goal was to better understand information security and risk priorities and how we can better meet those needs. I must say, it was unlike any research project I’ve undertaken at Forrester. Sure, we asked the normal questions like “What is your role and responsibilities?” and “What are your top priorities?” But I also had the chance to ask very atypical questions like “Who do you turn to for trusted advice?” and “What sources of information do you find most valuable.?”

As a result, we’ll be changing our research heading into 2010. We learned that:


Read more

How Should Auditors Deal With Such Oddities?

Chris McClean

Two weeks ago, I commented on the changing role of the risk management professional, and thought it would be worthwhile to spend a few moments discussing the auditor as well. In a contest of which job is likely to see more change in the next two years, I would expect a photo finish.

Read more

EMC To Acquire Kazeon

Brian-Hill by Brian W. Hill

This week, EMC announced that it plans to acquire privately-held eDiscovery vendor Kazeon Systems, Inc. The deal, expected to close in Q3 2009, grew from an existing EMC-Kazeon partnership and will enable EMC to provide a range of natively developed applications to support eDiscovery needs.

As enterprises work to cut eDiscovery costs, the broader market for mitigating legal risk is expanding at a rapid clip. The market, however, remains highly fragmented, with a mix of big players and a multitude of smaller providers. Over the past couple of years, the market has been going through some growing pains and continues to consolidate. In exchanges with a large number of enterprises, buyers report frustrations in integrating applications that support disparate steps of the eDiscovery process – many are also increasingly questioning the long term viability of some of the smaller providers. As larger vendors look to round out and rationalize their portfolios, this consolidation trend holds promise in potentially easing enterprise eDiscovery integration headaches.

So will this deal prove to be positive for EMC customers seeking to mitigate legal risk and drive down eDiscovery costs? My immediate reaction is that the acquisition will be good for both EMC and its customers in the long term. Here’s why:

Read more

The Trials And Tribulations Of Public Sector CISOs

Khalid Kark

Just the other day, I was speaking with a state CISO about the security challenges she's facing in today's environment. In many regards, she echoed what I've heard from other CISOs in the private sector -- the business (Govenor) is expecting us to do more with less, Web 2.0 bring along a whole new challenge in terms of security, etc. At the same time, she reminded me just how different things are for the public sector by articulating the extra challenges she has on top of all the usual ones:

Read more