It's that time of year when we begin planning our spring Forums. Our Security & Risk Forum EMEA will take place in London, March 17th and 18th. Planning and content creation for that Forum is already well underway and we're looking forward to another great event. But I also wanted to highlight our spring IT Forum. Mark your calendars for May 25-27 in Las Vegas and June 8-10 in Barcelona. Not only is there a dedicated track for Security and Risk professionals at IT Forum but there is an opportunity for Security & Risk pros to learn about broad IT challenges and trends. I believe this is critical because in order for security organizations to become much more proactive and less reactive, they have to understand what's happening across IT and not just narrowly within security. We need to be ready for the next major business or IT shift before it happens.
As technology becomes more accessible through mediums beyond IT's control, you have but one choice: Get proactive by empowering employees, or swim against the current. Successful BT leaders will react not by blocking access but by lending their expertise to increase the chances of technology success and empowering the users to solve customer and business problems. This year's IT Forum will provide a blueprint for reaping the benefits of your empowered organization — complete with case studies, methodologies, and step-by-step advice tailored to each IT role.
As I have pointed out previously in these pages, this year, the number of post-PC devices such as tablets, eReaders, and Internet-capable mobile phones, will eclipse PC devices, such as desktops, laptops, and netbooks. I heard a story earlier this week about a CEO who went to a board meeting and felt a little cranky because he was the only person at the meeting who didn’t have an iPad.
The invasion of non-traditional computing devices into the business sphere is a big deal for Security and Risk professionals. It changes the perception of what computing is, and creates what my colleague Jeff Hammond calls “the mess of many.” And when it comes to security, the changes are even more profound. Not only are these devices smaller and more personal, but they are more likely to be lost or stolen. And as your favorite security vendors have been pointing out, they just might be riskier too.
At Forrester we have a slightly different take than the security vendors. Post-PC devices aren’t like general-purpose PCs. They don’t run general-purpose operating systems, and they have distinct security characteristics that make them more risky in some ways, but less risky in other ways.
In a rather unsurprising move, Oracle acquired its longtime OEM partner of eSSO solutions, Passlogix. The sale has closed after a relatively long courtship – the eSSO market has been consolidating for a long time: Novell’s OEM agreement with ActivIdentity, IBM’s acquisition of Encentuate all signal IAM stack consolidation. Beyond the obvious — 1) eSSO integration with Oracle Access Manager and Oracle Adaptive Access Manager to integrate with web single sign on, 2) a multitude of second factor and adaptive authentication mechanisms using v-GO User Access Manager, and 3) using v-GO SSO’s screenscraping technology to create Oracle Identity Manager connectors to arcane, no-CLI systems — large tasks remain for Oracle: a) providing access management for mobile devices and b) getting to be a credible player in Privileged User Management (where Passlogix’s v-GO Shared Accounts Manager is a second-tier player).
Here at Forrester, we like to eat our own dog food. Hot on the heels of the book launch of Empowered, Forrester has launched an online community for security and risk professionals. The community is a place for security and risk professionals to exchange ideas, opinions, and real-world solutions with each other. Forrester analysts will also be part of the community, helping facilitate the discussions and sharing their views.
The community is open to all security and risk professionals, whether you’re a Forrester client or not. Do you want to know if your peers plan to support new consumer mobile devices in the workplace? Do you want to know how your peers are promoting cyber awareness? You can post these and other questions, thoughts, and ideas to the community.
I’m excited to announce the launch of this community. At our recent Security Forum in Boston, the topic of better information sharing and collaboration — among security and risk professionals and between the public and private sector — came up on numerous occasions. In this new era of advanced threats from well-organized and well-funded crime and state sponsored agents, together with the rapid pace of innovation from mobile to social to cloud, I believe the active exchange of best practices and solutions is a critical need for the security community.
Here’s what else you’ll find in the community:
A simple platform on which you can pose your questions and get advice from peers
Insight from our analysts, who weigh in frequently on the issues.
Fresh perspective from peers, who share their success stories and best practices.
Content on the latest technologies and trends — from Forrester and other thought leaders.