Forrester Blogs » Category: current affairs

Current Events And Market Insights: Knowing Doesn't Equal Understanding

Posted by Reineke Reitsma on the Market Insights Professionals Blog on March 25, 2011

Blog post info and actions

  • 3 Recommendations

Blog post body

Reineke Reitsma

At the end of January, I spoke at the Esomar Shopper Insights Conference and part of my speech was about how technology makes the market insights professional role more challenging in some ways. For example, technology has made the world flat: The Internet makes it possible for information to travel fast, and it feels like we know everything about anything (or at least we could).* But my point was that knowing doesn’t equal understanding.

And in the past weeks, with the world on fire, this thought has been nibbling at the back of my mind. It was there when I watched television and followed the latest developments in Egypt or Morocco. When I read the news or watched the videos and pictures from the earthquake in Japan, or more recently when Britain, France and the US decided to intervene in Libya. I can follow the news minute by minute via Facebook or Twitter (and I do), but I feel I lack the context and local background to really understand what’s going on — like most of us. How will the intervention in Libya change the relationships in that part of the world? How will the earthquake and the issues with the Fukushima Daiichi nuclear power plant affect the Japanese economy? The world is flat, but we are still limited by our own horizons.

Read more

Categories:

CeBit 2010 Enterprise Trends

Posted by Stefan Ried on the Vendor Strategy Professionals Blog on March 8, 2010

Blog post info and actions

  • 5 Recommendations

Blog post body

Stefan Ried

I had the chance to visit the CeBit last Friday and like to share some personal impressions around the show and my conversations with execs indicating some enterprise IT trends:

Read more

Categories:

Online Shopping Sites May Be Sharing Your Credit Card Data

Posted by John Kindervag on the Security & Risk Professionals Blog on February 5, 2010

Blog post info and actions

Blog post body

John Kindervag

The Attorney General of New York is investigating a large group of online retailers to see if they have been sharing your credit card data with third parties without your knowledge or permission. In a press release, the AG's Office details the scheme, including the fact that you may unknowingly be giving someone other than the retailer you are shopping with your credit card number:

"Information about joining the membership program and its ramifications, including the fact that the consumer is agreeing to transfer his or her credit or debit card account information, is buried in fine print and cluttered text."

My gut tells me that this violates the spirit, if not the letter, of the PCI Data Security Standard.  According to the PCI DSS:

"Additionally, merchants and service providers must manage and monitor the PCI DSS compliance of all associated third parties with access to cardholder data."

It is probably safe to assume that the business agreement around the data sharing identified by the New York AG's office did not include language surrounding PCI compliance.
An MSNBC story on the investigation puts it this way:

Read more

Categories:

Q4 2009 IT Market Data As We Expected Shows End of Tech Downturn

Posted by Andrew Bartels on the Vendor Strategy Professionals Blog on February 1, 2010

Blog post info and actions

  • 4 Recommendations

Blog post body

Andrew Bartels

The first reports on the IT market in Q4 2009 are now in, and they are in line with our prediction that the tech market recession ended in that quarter (see US And Global IT Market Outlook: Q4 2009).

Read more

Categories:

Virtual Network Segmentation for PCI?

Posted by John Kindervag on the Security & Risk Professionals Blog on January 29, 2010

Blog post info and actions

  • 2 Recommendations

Blog post body

John Kindervag

Several clients have recently been asking about "Virtual Network Segmentation" products that claim to segment networks to reduce PCI compliance. They may use ARP or VLANs to control access to various network segments.  These type of controls work at Layer 2 and the hacker community is well versed at using tools such as Ettercap or Cain & Abel to bypass those controls.  We've recently written about Network Segmentation for PCI as part of the PCI X-Ray series.
While rereading the PCI Wireless Guidance document, I came across this nugget that puts a nail in the coffin of using VLANs as a security control:"Relying on Virtual LAN (VLAN) based segmentation alone is not sufficient. For example, having the CDE on one VLAN and the WLAN on a separate VLAN does not adequately segment the WLAN and take it out of PCI DSS scope. VLANs were designed for managing large LANs efficiently. As such, a hacker can hop across VLANs using several known techniques if adequate access controls between VLANs are not in place. As a general rule, any protocol and traffic that is not necessary in the CDE, i.e., not used or needed for credit card transactions, should be blocked. This will result in reduced risk of attack and will create a CDE that has less traffic and is thus easier to monitor."

Read more

Categories:

Global Tech Recovery Will Drive US IT Market Growth Of 6.6% And 8.2% Globally (In Dollars) In 2010

Posted by Andrew Bartels on the Vendor Strategy Professionals Blog on January 12, 2010

Blog post info and actions

Blog post body

Andrew Bartels

2009 was a miserable year for tech vendors, especially for sellers of capital equipment like PCs, servers, routers, and licensed software, and for systems integrators who helped implement that software.   2010 will be a much better year, especially for these very same vendors.   We’re not talking boom yet, so we are not predicting double-digit growth rates across the tech market (though some categories will see those kinds of growth).  But, as our latest tech market report shows (Read more

Categories: