To help security pros plan their next decade of investments in data security, last year myself, John Kindervag, and Heidi Shey, researched and assessed 20 of the key technologies in this market using Forrester's TechRadar methodology. The resulting report, TechRadar™: Data Security, Q2 2014, became one of the team’s most read research for the year. However, it’s been a year since we finalized and published our research and it’s time for a fresh look.
One can argue that the entirety of the information security market - its solutions, services, and the profession itself - focuses on the security of data. While this is true, there are solutions that focus on securing the data itself or securing access to the data itself - regardless of where data is stored or transmitted or the user population that wants to use it. As S&R pros continue to pursue a shift from a perimeter and device-specific security approach to a more data- and identity-centric security approach, it’s worthwhile to hyper focus on the technology solutions that allow you to do just that....
Last year, we included the following 20 technologies in our research:
"My master made me this collar. He is a good and smart master and he made me this collar so that I may speak. Squirrel!"
In the Pixar film Up, squirrels frequently distract Dug the talking dog. In our space, we are frequently distracted by technology. "I am a good and smart security professional; I must protect my enterprise so that we are secure. APT defense in a box!"
The expo floors at industry events such as the RSA Conference and Blackhat contribute to this. Signage touts the next great piece of technology that will solve all of our security problems. We allow Big Data, security analytics, threat intelligence, and APT defense in a box to distract us. It is easy to do; there is no shortage of challenges for today’s security and risk professional. The threat landscape is overwhelming. We have problems recruiting and retaining the right staff. Day-to-day operational duties take up too much time. Our environments are complex, and we struggle to get the appropriate budget.
These “security technology du jour” solutions are very appetizing. They compel us much like IDS, IPS, and SIM did in the past. We want and need the “easy” button. Sadly, there is no “easy” button and we must understand that threat protection doesn't equal a product or service; there is no single solution. Technology alone isn't the answer we are looking for.