NIST Is Jealous That PCI (Still) Matters More Than It Does

Jeff Pollard

The summary of the new Executive Order is a bit of a letdown:

Government agencies must complete a risk management report within 90 days. The risk report should align with NIST.

Outside of those with a risk fetish, this new EO probably isn’t that exciting from the perspective of any near-term cybersecurity transformation. That said, there are some aspects worth mentioning:

  • Cybersecurity is now a multi-agency public policy issue driven by the Executive Branch. The Department of Homeland Security, Office of Management and Budget, Department of Commerce, Department of Education, Department of Labor, and Office Personnel Management are all mentioned in the order.
  • The government wants to go shared services – including email, cloud, and cybersecurity services. The President requires a specific report on the costs related to modernizing government IT and cybersecurity by utilizing shared services.
  • Cybersecurity, services, and innovation are tied together with the order placing the Director of the American Technology Council as one primary stakeholder for the report modernizing IT and cybersecurity.
  • The order emphasizes workforce development as a key component of the United States cybersecurity advantage. Within 120 days the order requires the President receive a report on how to support the growth and sustainment of cybersecurity education.

Does the order change much? Not really.

Is it worth getting excited over? Absolutely, for those that felt the government had too few reports and committees.

For security practitioners? Probably not, but we are a cynical bunch by trade. It isn't transformative, but it does show incremental improvement by existing.

Then again, cybersecurity requirements for accepting credit cards are still tougher (and more enforceable) than ones for providing electricity....

Energy Is Embracing Zero Trust, All Industries Should Too

Stephanie Balaouras

I recently heard a segment on WBUR (a public radio station in Boston) on the emergence of microgrids and I was amazed at how much the concept of microgrids closely aligned with the concept of microperimeters within our Zero Trust model of information security. Zero Trust is a conceptual and architectural model for how security teams should redesign networks into secure microperimeters, increase data security through obfuscation techniques, limit the risks associated with excessive user privileges, and dramatically improve security detection and response through analytics and automation. Zero Trust demands that security professionals move away from legacy, perimeter-centric models of information security - which are useless for today's digital businesses no longer bounded by the four walls of their corporation - to a model that is both data and identity centric and extends security across the entire business ecosystem.

Read more

Why You Are Getting Disrupted

Brian  Hopkins

The overriding theme of every disruption story I’ve ever heard is that firms thought they had more time than they did. So, I’ve been pondering the why. We can see disruption happening all around us, but why is it so difficult to get out in front of it?

Then I slogged my way through Ray Kurzweil’s Law Of Accelerating Returns and it hit me. Digital disruption is about the clash between exponential change and our brain’s wanting things to be linear. Here is what I mean:

  • The law of accelerating returns says that evolutionary systems, like information technology, produce exponential changes. This happens because one generation of technology builds on and accelerates the returns of past generations. Think of how the Internet led to cloud, accelerating mobile apps, which build on broadband wireless, etc.
  • Accelerating returns produce exponential curves in a system’s fundamental measures. This is what Ray proved mathematically in his law. In information technology that means the measures of power and speed tend to double at consistent intervals, while costs are cut in half. Think Moore’s law.
  • The law of accelerating returns implies that Moore’s law is not the exception, it's the rule. So, we should expect many Moore’s laws, and if fact, that is what we have seen — look up Gilder’s Law, Metcalf’s Law, Kryder’s Law, etc.
Read more

Forrester Projects US Tech Market Will Grow By Around 5% In 2017 And 2018

Andrew Bartels

Forrester has just published our updated forecast for the US tech market for 2017-2018 (see “US Tech Market Outlook For 2017 And 2018: Mostly Sunny, With Clouds And Chance Of Rain”). We are forecasting growth of 4.8% in 2017 and 5.2% in 2018 for US business and government spending on tech goods, services, and staff. This forecast assumes moderate US economic growth (2% to 2.5% real GDP growth, 4% to 4.5% nominal GDP growth). Considering  this economic outlook, our updated 2017 forecast is slightly less positive than our December forecast (4.8% vs. 5.1%) for US budget growth in 2017, with our new 2018 forecast pointing to a modest improvement next year.

Three main themes define our updated forecast:

1.    Steady US real economic growth will support moderate growth for US business and government spending. Despite the weak 0.7% real GDP growth in the first quarter of 2017, economic forecasts have slightly improved since our post-election update, bolstered by renewed US business confidence. US consumer spending remains strong, as a result of reduced energy costs and low unemployment. We now think it unlikely that the Trump Administration's tax and spending policies in practice will lead to higher growth rates, nor that its actual trade policies will lead to lower growth. However, clouds in the economic outlook could emerge as the effects of rising interest rates, US housing vulnerability, weak US exports from the strong dollar, and anticipated cutting of US government spending take place.

Read more

Cloudera IPO Highlights The Big Data And Hadoop Opportunity

Jennifer Adams

Last week, Cloudera successfully completed an IPO, raising $259 million of equity capital, including the over-allotment option. Shares were priced at $15 per share and traded up to over $18 per share on the first day of trading, giving investors a 20%+ return.

Cloudera describes itself as a company that “empowers organizations to become data‑driven enterprises in the newly hyperconnected world.” Cloudera, founded in 2008, was the first commercial Hadoop player and is a Leader in Mike Gualtieri and Noel Yuhanna’s The Forrester Wave™: Big Data Hadoop Distributions, Q1 2016.

Last August, Forrester published its first Big Data Management Solutions Forecast, 2016 To 2021 (Global). In our forecast, we highlighted Hadoop as the fastest-growing sector, at a 32.9% CAGR over the 2016 to 2021 period. We estimate that firms will spend nearly $800 million on Hadoop and Hadoop-related services in 2017 and that this will grow to $2.3 billion by 2021.

In its S-1 filing, Cloudera reported revenues of $109 million, $166 million, and $261 million in the years ending January 31, 2015, 2016, and 2017, respectively. This represents 52% year-over-year growth in 2016, accelerating to 57% year-over-year growth in 2017. Cloudera’s customer base is primarily Global 8000 companies, accounting for 73% of revenues.

Read more

In the war for talent, traditional enterprises must pick fights they can win

Paul Miller

19th century chemical plant in Scotland

(St. Rollox Chemical Works in Scotland by D.O. Hill, 1831. Image source: Wikipedia)

The world of work is changing, with my colleague JP Gownder among those doing a great job tracking the shift.

Despite — or perhaps because of — digitisation, robots, globalisation (and its opposite), and a less loyal workforce, competition for digital talent is high. The darlings of Silicon Valley slug it out, paying ever-higher salaries and offering ever-more excessive perks, in desperate bids to grab talent from one competitor. And then they engage in an even more desperate bid to dissuade them from jumping ship when the next offer comes in.

Spare a thought, then, for the poor traditional enterprise. It needs pretty much the same digital talent. But it can rarely afford the same rapidly inflating salaries. It is unlikely to have as cool a brand. A cubicle and a dress code is — unfairly — assumed to be more likely than an in-house chef or stock options.

And yet, in some recent research I did, these staid, lumbering, stuffy giants of yesteryear are putting up a great fight… and often winning.

There’s plenty they — and you — can do. There’s plenty they are doing. And a lot of it comes down to challenging the assumption that every great digitally savvy employee wants to live their life at a Valley startup. That’s simply not true.

Read more

Zero Trust for MeatWare: It Applies to Us Humans Too

Chase Cunningham

Zero Trust principles have, thus far, been mainly aimed at the network and the technology that makes our interconnected systems “live.” That’s how the concept was originally meant to be applied, but the reality of the threat vectors and need for better security capabilities means that Zero Trust has to adapt just like everything else does. The concept for Zero Trust is super, and it's being adopted at quite a few major organizations, but there's still a problem:

 

Read more

Accelerate Your Digital Momentum At Forrester’s Digital Transformation Mumbai 2017

Ashutosh Sharma

Forrester’s annual flagship India event Digital Transformation Mumbai 2017 is almost here. This exclusive event has grown over the years to become one of the most anticipated events for India’s senior business leaders.

At last year’s event, we presented the right operating model for organizations to support their digital transformations: the customer-obsessed operating model. Our audience let us know the model resonated because it is easy to understand and business leaders could relate it to their day-to-day activities. More importantly, it challenged their thinking about what digital transformation in the age of the customer should be: It’s not about reducing costs or improving operational efficiency, but about driving customer obsession.

In 2017, we plan to take that thinking further. We will talk about the role of digital operational excellence (DOX) in delivering great customer experiences (CX). We have researched quite a few companies that are hiring senior leaders to head their digital projects or CX initiatives who grasp the value of great CX in winning, serving, and retaining customers. However, our research shows that the activities that go on below the line of visibility are not well understood in terms of their importance to delivering great CX. This area is where DOX lives.

This event will present Forrester’s thought leadership on how enterprises need to focus on both digital CX and DOX as they embark upon their digital transformations. In addition, we will highlight the most common blind spots firms encounter and outline the “how-to” of digital transformation with great industry examples.

Read more

Netflix Hack: Key Lessons In The Economics Of Ransomware And Managing Third-Party Risk

Renee Murphy

Netflix recently experienced a third-party breach. The data lost is Season 5 of Orange is the New Black, which is original Netflix content. Many are calling it the largest entertainment industry hack since Sony. I guess that is right, but how bad is it really?

First, here is what happened. Netflix transferred season five to their post-production third party in Los Angeles, Larson Studios, for sound mixing and editing. Larson does the post work for at least 25 episodics that run on Fox, ABC, IFC and Netflix. It was Larson Studios that was hacked and, according to thedarkoverlord (TDO), they made off with not just Netflix content but network content as well, putting at risk the release of Documentary Now, Portlandia, Fargo and many others.  TDO contacted Netflix and asked for a bitcoin ransom or it would dump their content for download. Netflix refused to be extorted and TDO made good on its threat.

That got me thinking…was Netflix right to not pay the ransom? What was the real impact of that decision? Can networks and studios do the same thing? Are they inoculated from third party damage because of their industry or their product? Let’s find out.

1.     Was Netflix right to not pay the ransom? Yes. If I have learned anything from the state department it’s that we don't negotiate with terrorists. For Netflix, there is no reason to overreact or go to great lengths to explain the impacts. If you do an impact analysis, you see that it has a medium reputational risk, a low financial risk and no regulatory risk. With that kind of risk analysis, you don’t pay a ransom.

Read more

Are You On An Agile+DevOps Journey? Don’t Miss Out On Continuous Testing Services!

Diego Lo Giudice

It happens often in conversations with clients that I realize they have disjointed initiatives going on to support their digital transformation. The most dangerous parallel initiatives are those where, on one side, they are changing their development teams to become more Agile, but a separate initiative in the same enterprise exists where their Operations folks are running a development and operations (DevOps) transformation. The first thing I recommend to those clients is to unify or tightly connect those programs with an underlining common lean strategy. But I don’t want to dig in here about Agile+DevOps and how overused and abused the term “DevOps” is. I will just recommend to you some reports we’ve published explaining how “Agile” and “DevOps” are two sides of the same coin (see, for example, “Faster Software Delivery Will Accelerate Digital Transformation”).  The Modern Application Delivery playbook I’ve co-authored for years is all about what it means to adopt Agile+DevOps. Check that out too.

Read more