Since I first became the research director of the Security & Risk team more than five years ago, security leaders have lamented the difficulty of aligning with the business and demonstrating real business value. Over the years, we’ve written an enormous amount of research about formal processes for aligning with business goals, provided key metrics to present to the board, and developed sophisticated models for estimating security ROI. Yet for many, demonstrating real business value continues to be a significant challenge. If it wasn’t for the 24 hour news cycle and a parade of high profile security breaches, chances are good, that security budgets would have been stagnant the last few years.
To help security pros plan their next decade of investments in data security, last year myself, John Kindervag, and Heidi Shey, researched and assessed 20 of the key technologies in this market using Forrester's TechRadar methodology. The resulting report, TechRadar™: Data Security, Q2 2014, became one of the team’s most read research for the year. However, it’s been a year since we finalized and published our research and it’s time for a fresh look.
One can argue that the entirety of the information security market - its solutions, services, and the profession itself - focuses on the security of data. While this is true, there are solutions that focus on securing the data itself or securing access to the data itself - regardless of where data is stored or transmitted or the user population that wants to use it. As S&R pros continue to pursue a shift from a perimeter and device-specific security approach to a more data- and identity-centric security approach, it’s worthwhile to hyper focus on the technology solutions that allow you to do just that....
Last year, we included the following 20 technologies in our research:
The CES Tech West Expo has a number of specific areas of coverage including fitness and health, wearables, connected home, family safety, and some young innovative companies located in the startup area of the section. I spent a few hours interviewing and discussing the Internet of Things (IoT) with as many vendors as I could find. I had many good laughs and shed a few tears during the process. To describe the process, the general communication would go something like this:
Me: "Can you point me at the most technical person you have at your booth? I'd like to talk about how you secure your devices and the sensitive / personal data that it accesses and collects."
Smartest tech person at the booth: "Oh! We are secure; we [insert security-specific line here]."
Me: "Never mind . . ." (dejected look on my face).
As an analyst on Forrester's Customer Insight's team, I spend a lot of time counseling clients on best-practice customer data usage strategies. And if there's one thing I've learned, it's that there is no such thing as a 360-degree view of the customer.
Here's the cold, hard truth: you can't possibly expect to know your customer, no matter how much data you have, if all of that data 1) is about her transactions with YOU and you 2) is hoarded away from your partners. And this isn't just about customer data either -- it's about product data, operational data, and even cultural-environmental data. As our customers become more sophisticated and collaborative with each other ("perpetually connected"), so organizations must do the same. That means sharing data, creating collaborative insight, and becoming willing participants in open data marketplaces.
Now, why should you care? Isn't it kind of risky to share your hard-won data? And isn't the data you have enough to delight your customers today? Sure, it might be. But I'd put money on the fact that it won't be for long, because digital disruptors are out there shaking up the foundations of insight and analytics, customer experience, and process improvement in big ways. Let me give you a couple of examples: