Announcing The Social Risk & Compliance (SRC) Solutions Wave

Nick Hayes

Today we published a new Forrester Wave: Social Risk & Compliance (SRC) Solutions, Q2 2014. This report evaluates 10 vendors emerging to help organizations enable companywide use of social media while providing the necessary controls and oversight to mitigate associated risks and enforce compliance.

 

Why now

Use of social media today is rampant.

It’s no longer just your marketing team that uses social media for business purposes. Employees across the entire organization use social media for personal and professional reasons, leveraging social to drive real business for your company. The opportunities to enhance your brand, deepen customer relationships, and glean new customer insights are all too valuable to ignore -- but the risks are real too.

Moreover, the legal and regulatory landscape is evolving rapidly, complicating the ways in which you can manage social media and the myriad reputational, security, and privacy risks (among others) that expose your organization. To take advantage of these opportunities and still protect your company, you need new tools and technology to do this effectively.

 

What they do

Read more

Computers, Privacy & Data Protection Conference 2014: Embracing User Privacy As A Competitive Advantage

Dan Bieler

By Enza Iannopollo and Dan Bieler

The recent Computers, Privacy & Data Protection Conference (CPDP) showcased a series of innovative projects that are based on big data. Big data is one of the four imperatives that shape the age of the customer — one of Forrester’s main focus areas — and the changing regulatory framework of data protection in Europe has big implications for big data initiatives.

Central to data protection is the existing EU Data Protection Directive, which legislators have been trying to update for years to reflect the changing online realities. The proposed Data Protection Regulation focuses on a redefinition of the concept of “consent.” User consent now has to be freely given, specific, informed, and explicit.

This new definition forces businesses to be more transparent about how they gather, use, disclose, and manage customer data in the form of the principles of privacy notice and purpose limitation. Complying with these new privacy principles is a challenge in the age of the customer, as privacy regulation affects:

Read more

Announcing The Forrester Wave: Governance, Risk, And Compliance Platforms, Q1 2014

Chris McClean

It’s once again time to tear open the GRC platform market and uncover all its amazing technical innovations, vendor successes, and impact on customer organizations. This afternoon, we published our latest iteration of the Forrester Wave: Governance, Risk, And Compliance Platforms.

My esteemed colleagues Renee Murphy and Nick Hayes joined me in a fully collaborative, marathon evaluation of 19 of the most relevant GRC platform vendors; we diligently pored through vendor briefings, online demos, customer reference surveys and interviews, access to our own demo environment of each vendor’s product, and as per Forrester policy, multiple rounds of fact checking and review. The sheer amount of data we collected is incredible.

No Longer Two Separate Waves

Many of you may remember that we published two Forrester Waves last time around: one for Enterprise GRC platforms and one for IT GRC platforms. As discussed in previous research, the lines between these distinct submarkets have been eroding for some time, and now it’s no longer worth separating the two.

Read more

Navigating the Legal and Audit Implications of BYOD Initiatives

David Johnson

While the consumerization of IT marches on, in its footsteps lurks the specter of unknown risk. We live in a world of zero-sum games of litigation where suffocating regulations are the norm, and failure to comply can draw millions in fines and lawsuits. Technology diversity multiplies the challenge of maintaining compliance — it’s no wonder so many IT shops take a one-size-fits-all approach to workforce computing and forbid bring-your-own-device (BYOD). But it doesn't have to be this way. It’s possible to craft an approach that brilliantly achieves the conflicting goals of embracing BYOD and consumerization while slashing the risks and costs at the same time. Our recent research on the topic comes from working with lawyers and auditors who specialize in technology law and compliance reveals that it can indeed be done.

You Still Have to Act But the Cure is Often Worse Than the Disease
The technology attorneys we interviewed for this research agree — once you learn that BYOD is happening in your organization, you have a legal obligation to do something about it, whether you have established industry guidance to draw on or not. The answer is seemingly simple: Take action to stamp out the risk. However, the answer isn't that straightforward because: 

  • The more restrictions you put in place, the more incentive people will have to work around them and the more sophisticated and clandestine their efforts will be.
  • There is no data leak prevention tool for the human brain, so arguably the most valuable and sensitive information walks around on two legs and leaves the building every night. Accepting this is important for keeping a healthy perspective about information risk on employee-owned devices.
Read more

Five Common Legal & Regulatory Challenges With Social Media

Nick Hayes

It should come as no surprise that regulators and organizations alike struggle to set and enforce guidelines for social media activity. It’s not just that the rise of social media is rapidly transforming the way we interact with people, customers, and brands; but also how many ways this transformation is happening.

The core issue is that social media alters the way we as individuals share who we are, merging our roles as people, professionals, and consumers.  As we share more of ourselves on a growing number of social networks, questions quickly surface:

  • How frequently and on what social networks should we post?
  • When should we present ourselves in our professional role versus sharing our personal opinions?
  • Is it okay to be social media friends with co-workers, clients, or your boss?

These are complicated matters for individuals, and absolute conundrums for organizations concerned with how employees behave and interact with others in, and outside of, the workplace. Their questions are even more complicated:

  • Can organizations dictate how their employees use social media?
  • Can they monitor social media conversations or use it to learn more about prospective job applicants?
  • When does the personal connection allowed by social media tools cross the line from business to personal?
Read more

Looking Through The Cloud

Holger Kisker

SaaS vendors must collect customer insights for innovation and compliance.

As of the end of last year, about 30% of companies from our Forrsights Software Survey, Q4 2011, were using some software-as-a-service (SaaS) solution; that number will grow to 45% by the end of 2012 and 60% by the end of 2013. The public cloud market for SaaS is the biggest and fastest-growing of all of the cloud markets ($33 billion in 2012, growing to $78 billion by the end of 2015).

However, most of this growth is based on the cannibalization of the on-premises software market; software companies need to build their cloud strategy or risk getting stuck in the much slower-growing traditional application market and falling behind the competition. This is no easy task, however. Implementing a cloud strategy involves a lot of changes for a software company in terms of products, processes, and people.

A successful SaaS strategy requires an open architecture (note: multitenancy is not a prerequisite for a SaaS solution from a definition point of view but is highly recommended for vendors for better scale) and a flexible business model that includes the appropriate sales incentive structure that will bring the momentum to the street. For the purposes of this post, I’d like to highlight the challenge that software vendors need to solve for sustainable growth in the SaaS market: maintaining and increasing customer insights.

Read more

Will IT Vendors Start Selling Cars?

Tim Sheedy

The rise and rise of cloud has been dominating the headlines for the past few years, and for CIOs, it has become a more serious priority only recently. People like cloud computing. Well - at least they like the concept of cloud computing. It is fast to implement, affordable, and scales to business requirements easily. On closer inspection, cloud poses many challenges for organizations. For CIOs there are the considerable challenges around how you restructure your IT department and IT services to cope with the new demands that cloud computing will place on your business - and often these demands come from the business, as they start to get the idea that they can get so many more business cases over the line for new capabilities, products and/or services, as they realize that cloud computing lowers the costs and hastens the time to value.

Read more