Announcing Two New Forrester Waves: Enterprise GRC And IT GRC

After months of diligent product and vendor evaluations, today we published The Forrester Wave: Enterprise GRC Platforms, Q4 2011. In the next few days, we will also publish The Forrester Wave: IT GRC Platforms, Q4 2011. These two reports feature a total of 20 vendors, all with proven capabilities to help customers tackle their continuously mounting regulatory challenges and manage their complicated risk profiles.

Why two Forrester Waves?

Governance, risk, and compliance functions within large and medium enterprises demonstrate tighter collaboration all the time... audit is working more closely with risk, and compliance programs are consolidating under more centralized control. However, Forrester still sees a gap between the requirements of those responsible for IT risk and compliance and the requirements of those managing risk and compliance outside of IT. No doubt, there is often substantial overlap between these groups, and many of the vendors evaluated have customers using their products to supports both IT and enterprise GRC functions. You’ll notice that of the roughly 60 evaluation criteria for each Wave, there are only 3-4 that differ between them. For now though, they remain basically two distinct markets.

So, what did we learn from the countless hours of briefings, demos, customer surveys, and other research we did for this Wave?

Read more

Dusting Off Our Content Security Crystal Ball

Winter is coming; the year is quickly drawing to a close, and its time to a look back and see how accurate our content security crystal ball was for 2011.  Last year we predicted three trends; two were accurate and one was partially correct. Let's take a closer look.

1)  Content security spending will slow down - We were right. According to our latest survey data, the content security budget represented 6% of the total IT security budget; this is a 1% decrease from 2010. Content security remains one of the lowest budgeted technology areas in IT.

2)  Consolidation will continue to drive suite offerings - We were partially correct. In 2011, we didn't see any significant M&A activity in the content security space.  While we were wrong on the vendor consolidation prediction, we were correct on the prediction that market leaders would increase their data loss prevention and mobile capabilities to further solidify their market positions.

3)  Mobile filtering will enter mainstream IT - We were correct. Laptop filtering is mainstream, and mobile device filtering is gaining momentum and getting significant attention. Content security vendors are currently testing content filtering on mobile phones and tablets.

What about 2012?  To see what five trends we predict will impact your strategy next year, check out the full document: "Content Security: 2012 Budget And Planning Guide."  Here's a teaser, is your content security strategy ready for the extended enterprise?

Planning For Failure

We are excited to announce "Planning For Failure," the first collaborative report in a series of new research taking a closer look at incident management and response. 

  • A look back at the year's headlines isn't encouraging. Many companies have experienced security breaches, and their bottom lines and brand reputation have suffered. You might not have considered it, but your organization is a likely target. In fact, your intellectual property could be exfiltrating your network even as you read this blog; you must be prepared. Once the airplane is going down, it is too late to pack the parachute.
  • Preventive security controls will fail, and you should operate under the assumption that if you are not already breached, you will be. An ounce of preparation is worth a pound of remediation, and the sooner you can detect and respond to a security breach, the more likely you will be able to minimize the impact and scope of the incident. The proper execution of a well-thought-out strategy can reduce your remediation costs and protect your brand reputation.
  • "Planning For Failure" takes a look at why an incident management strategy is critical to the success of your business and provides recommendations on how to implement or improve your plans. 

If you have questions or comments, please let us know. We would love to hear your feedback.

Message Archiving Software-As-A-Service Adoption Continues To Accelerate

Cloud-based alternatives to message archiving are an increasingly attractive option for enterprise buyers. Budgetary constraints, coupled with increasing compliance regulations and eDiscovery needs, are compelling companies to search for message archiving solutions that offer a broad set of functionality at an attractive price. With today’s extended enterprise, the software-as-a-service (SaaS) model is top of mind as companies look to garner the cost-saving benefits and deployment advantages that this model can deliver. Strong adoption is well on its way. Among organizations rolling out message archiving in 2011, over one-fifth plan to implement a cloud-based solution, and I expect this number will only grow in 2012. For an evaluation of key vendors and key market shifts, Forrester clients can access the market overview on SaaS-based message archiving that we published last month.

A cloud-based solution is a viable solution for many, but message archiving professionals shouldn’t see these offerings as a panacea. Before embarking on taking message archiving to the cloud, make sure you’ve done your homework on vendor and contractual issues and continue to address the strategy, policy, and process challenges as you would with other in-house alternatives. Whether you’re rolling out your first message archiving solution or are planning to carry over your legacy application, make sure you're taking the necessary precautions to make sure that your implementation is a success.

Read more