What’s Holding CISOs Back?

According to our survey data dating back to 2008, despite year after year of high profile security breaches from Heartland Payment Systems to Wikileaks to Sony, security budgets have only increased by single digits. This is hardly enough to keep up with the increasing sophistication of attacks, the avalanche of breach notification laws and the changing business and IT environment.

The changing business and IT environment is perhaps the greatest concern. With a massive explosion of mobile devices and other endpoint form factors and an ever expanding ecosystem of customers, partners, clouds, service providers and supply chains, you increasingly have less and less direct control over your data, your applications and end-user identities. We refer to this expanding ecosystem as the “extended enterprise.” An extended enterprise is one for which, a business function is rarely, if ever, a self-contained workflow within the infrastructure boundaries of the company. We believe that the extended enterprise is such a major shift for CISOs and security professionals that we dedicated our upcoming Security Forum to it as well as a significant stream of research.

Read more

It's Official: HP's CEO Fired, Meg Whitman To Step In

Well, it is official folks. CNN reports that Leo Apotheker is fired and replaced by Meg Whitman. The never ending saga of the HP CEO revolving door. 

My post this morning ...

Today the rumor mill is churning with chatters that the current CEO Leo Apotheker will resign after the bell. The new person tipped to step in is the former eBay CEO, tech heavyweight Meg Whitman.  

HP desperately needs an inspiring leader; Meg may just be the person to fill that role. In recent years, HP has been taking on confusing identities - is HP a consumer hardware company, or is HP a IT services company like IBM, or is HP an enterprise software company? HP cannot be all things to all people, it must decide which course of action to take to boost their shareholder value and prevent their 30,000 employees from defecting to Google, Facebook, and the tech newcomers. HP was once that tech newcomer that everyone aspired to work for. Is Meg the person to bring back the old glory? What do you think? 

Stay tuned for more updates!

Your Common Questions On EU Privacy Regulations Answered

The security group at Forrester has been handling a steady stream of client inquiries regarding EU data privacy laws, from both EU and North America clients. While there are many good legal sources out there, we thought it'd be a good idea to compile a list of common Q&A questions about EU privacy laws into a report, to serve as a definitive information source for Forrester clients.

The report, titled: “Q&A: EU Privacy Regulations,” is now live on Forrester's website. It is not our intention, by writing this report, to give legal advice. Rather, we envisioned this report to be a repository of the most important information regarding EU privacy laws, updated every 18 months or so. The report has a wealth of information, including links to actual information sources – be that EU's data protection directive web site or interesting studies/analysis done by external parties. For example, one noteworthy study on US Safe Harbor  is by Chris Connelly from Galexia consulting. He looked at 2,170 US companies that claimed to be Safe Harbor compliant. Out of these, 940 do not provide information on how to enforce individuals' rights; 388 were not even registered with the US Department of Commerce.

The report also contained information on Model Clauses and Binding Corporate Rules, for which we are beginning to see increased interest. We also discussed new and pending privacy laws in the report, including the EU “cookies” directive and EU's view on geo-location privacy.

Read more

IBM To Acquire Algorithmics... GRC And Financial Risk Management Get A Little Closer

Today IBM announced plans to acquire the Fitch Group’s Algorithmics, a heavy-hitter in financial risk management software and services market, for $387 million.

 Here are my initial thoughts about today’s announcement:

  • IBM is making a (relatively safe) bet that operational and financial risk functions will continue to comes together. Regulatory pressures from Basel III, Dodd-Frank, and Solvency II, as well as the competitive realities of the global market, are pushing for banks and insurance companies to have more comprehensive oversight of exposure across all domains of risk. In fact, analytics should be a top priority of any compliance program. It will be some time before IBM (or any other vendor) can deliver a single platform to manage operational, credit, market, liquidity, etc. in one place; however, the addition of Algo’s subject matter expertise and even basic integration of data for a single source of reporting offers customers attractive benefits.
  • IBM still faces heavy competition in financial services for both operational risk with its OpenPages product and financial risk with its new Algo offerings... however. there are very few significant competitors that have strength in both. IBM’s announcement today was a strong move against these other few, most notably Oracle and SAS.
Read more