My esteemed colleagues Renee Murphy and Nick Hayes joined me in a fully collaborative, marathon evaluation of 19 of the most relevant GRC platform vendors; we diligently pored through vendor briefings, online demos, customer reference surveys and interviews, access to our own demo environment of each vendor’s product, and as per Forrester policy, multiple rounds of fact checking and review. The sheer amount of data we collected is incredible.
Come again? You mean to tell me that Eve Maler, one of Forrester's experts on emerging identity and security solutions, has never changed her Amazon password? Yep. She aptly points out that "Amazon has no password rules." While passwords aren't dead, she says, firms that rely only on passwords for identity management are vulnerable to serious breaches. Most firms have "terrible hygiene" when it comes to identity management.
In this episode of TechnoPolitics, Eve Maler discuss how firms like Amazon and Paypal use a "constellation" of risk-based authentication techniques and technologies to protect customers' identity. The courage to make tough calls — that's Eve.
Podcast Listening Options — The Future Of Identity Management
There is growing evidence of a harmonic convergence of Infrastructure and Operations (I&O) with Security and it is hardly an accident. We often view them as separate worlds, but it’s obvious that they have more in common than they have differences. I live in the I&O team here at Forrester, but I get pulled into many discussions that would be classified as “security” topics. Examples include compliance analysis of configuration data and process discipline to prevent mistakes. Similarly, our Security analysts get pulled into process discussions and other topics that encroach into Operations territory. This is as it should be.
Some examples of where common DNA between I&O and Security can benefit you and your organization are:
Gain economic benefit by cross-pollinating skills, tools, and organizational entities
Improve service quality AND security with the same actions and strategies
Learn where the two SHOULD remain separate
Combine operational NOC and security SOC monitoring into a unified command center
Develop a plan and the economic and political justifications for intelligent combinations